Built a cloud-native logistics platform on Google Cloud Platform with automated CI/CD, infrastructure-as-code using Terraform, and rolling updates. Implemented serverless event-driven alerts via Cloud Functions, Pub/Sub, and the Mailgun API.

This project was developed as part of CSYE 6225: Network Structures and Cloud Computing at Northeastern University

• Developed a cloud-native RESTful API using Node.js and Sequelize ORM with endpoints including /healthz and /v1/user for health checks, user creation, updates, verification, and retrieval.
• Secured authenticated endpoints using basic authentication with password hashing and salt generation via BCrypt.
• Wrote integration tests validated in CI pipelines using GitHub Actions.

• Provisioned VPCs, subnets, routing tables, and firewall rules using Terraform as the foundation for all infrastructure.
• Launched a private Cloud SQL (PostgreSQL) instance with custom configuration.
• Established VPC peering between the application VPC and the Cloud SQL service producer's VPC via Private Services Access, ensuring all database traffic stays on private IPs.
• Created the database, database user, and a random password using Terraform and passed them as instance metadata. A startup script curls this metadata to generate a .env file for seamless application connectivity.

• Built custom Compute Engine images using HashiCorp Packer based on CentOS Stream 8.
• Uploaded the application using Packer's file provisioner, set up a local nologin user with a primary group, and ensured the user's shell was set to nologin.
• Created and configured a systemd service file so the application starts automatically when the instance launches.
• Image builds are triggered automatically on the GitHub runner when a pull request is merged.

• Installed and configured the Google Cloud Ops Agent on VMs to collect structured application logs.
• Application logging implemented using the Winston library for consistent, queryable log output.

• The RESTful API acts as a publisher, sending messages to a Pub/Sub topic whenever a new user is created.
• A Cloud Function subscribes to the topic and sends a verification email to the user via the Mailgun API.
• All authenticated endpoints remain inaccessible until the user verifies their email.

• Built a compute instance template from the custom Packer image.
• Configured a managed instance group that autoscales based on CPU utilization.
• Set up health checks to monitor the instance group every 10 seconds.
• Deployed an external HTTPS application load balancer to distribute traffic across VMs.
• Reserved a static external IP pointing to the load balancer and provisioned a Google-managed SSL certificate.

• Created customer-managed encryption keys (CMEK) in a key ring to encrypt Virtual Machines, Cloud SQL instances, and Cloud Storage Buckets.
• Configured a 30-day key rotation period for all encryption keys.
• CMEK ensures full control over the lifecycle and access of encryption keys across all GCP services.

• On every merged pull request, GitHub Actions triggers a Packer build to create a new custom image.
• A new instance template is created from the fresh image using gcloud CLI on the GitHub runner.
• Instances in the managed instance group are gradually recreated using the new template — achieving zero-downtime rolling updates on every production merge.

# Install dependencies
npm install
 
# Start the development server
npm run dev
 
# Start the production server
npm start
 
# Run integration tests
npm test

# Initialize working directory
terraform init
 
# Format configuration files
terraform fmt
 
# Validate configuration
terraform validate
 
# Preview changes
terraform plan
 
# Apply infrastructure
terraform apply
 
# Destroy infrastructure
terraform destroy

Create a terraform.tfvars file with all required variables (see variables.tf).

cd packer
 
# Install required plugins
packer init build.pkr.hcl
 
# Format HCL files
packer fmt .
 
# Validate template
packer validate .
 
# Build the custom image
packer build -var-file=values.pkrvars.hcl build.pkr.hcl

Create a values.pkrvars.hcl file with your GCP credentials path.