Install

One click deployment

Overview

This guide helps you deploy DIGIT CCRS (Centralized Citizen Request System) on AWS using GitHub Actions with a simplified process. It focuses solely on CCRS-specific services and configurations, enabling faster setup and targeted deployment.

Pre-Requisites

  • AWS Account (with admin access)

  • GitHub Organisation Account

  • IAM User with Access Key and Secret Key

  • Terraform uses ap-south-1 (for now, hardcoded)

  • SOPS for encrypting secrets

  • Use a private GitHub repo to secure sensitive data

Steps

1

Create AWS Access Credentials

If not already done:

  • Go to AWS Console → IAM → Users → Add user

  • Assign Admin access

  • Generate:

    • AWS_ACCESS_KEY_ID

    • AWS_SECRET_ACCESS_KEY

Example:

AWS_ACCESS_KEY_ID=A************FQ
AWS_SECRET_ACCESS_KEY=tqM************************+lfTt
AWS_REGION=ap-south-1
2

Setup GitHub Repository

  1. Fork the repository to your GitHub Org

    • Uncheck “Copy the master branch only”

  2. Enable GitHub Actions workflows for the repo

  3. Go to:

    • SettingsSecrets and VariablesActionsNew Repository Secret

    • Add the below secrets: (refer to the table below)

Name
Value

AWS_ACCESS_KEY_ID

<GENERATED_ACCESS_KEY>

AWS_SECRET_ACCESS_KEY

<GENERATED_SECRET_KEY>

AWS_REGION

<AWS_REGION>

AWS_DEFAULT_REGION

<AWS_REGION>

3

Clone & Checkout Code

git clone https://github.com/egovernments/Citizen-Complaint-Resolution-System.git
cd Citizen-Complaint-Resolution-System
git checkout master

  • Open the repo in the code editor, or optionally use the GitHub web editor by replicating github.com with github.dev.

4

Generate SSH Key Pair

Use either of the two methods (for demo use only):

Sample Public Key:

ssh-rsa AAAAB3NzaC1yc2EAAAADAQA*************************************HBFUNjyMLpFltqwbsA*************************************MaMhX7Ou3*************************************PWHKx*************************************oVTBWxloXFQy/XFU*************************************W/QVdgs5xp+P5hhZgm9WpdN3Cz*************************************clYmUHoPCPwKIqElX2DZzYGJc*************************************y4gR

Sample Private Key:

-----BEGIN RSA PRIVATE KEY-----
MIIEpAIBAAKCAQEAue4+1*********************K7mGXRIv6enEP4lN/y9i287wsNBpg+IDGjIV************************************************************************************
+zrt79wBgG5vlGMoT1hysRDpxNNlDdimE6G8OHaCj6e5cwhXrMt1swKFUwVsZaFx
UMv1xVFU/OsrJ8v8***************************************************************** **********************Sd74a4d2h28pIEHNbrlvAVn7Zt9IDC
kgske+VBY+X0D2en1l8bt3Vdnn5xgcDQsPmp6GdoRfE2luJ6lAe+mdkCgYEA0wUj
tUHRH9sI3X86wZVREt*************************************************************** **********************************poTy6hNQr9IT2TsBckuN/qqockBR/j+iRap7lec3tJM
vdmMVP0Ed7GjBiSBVeHeHVg+Dt6+AqayWqU0hPkCgYB6o+bof7XnnsmBjvLVFO15
LlDiIZQFBtr7CriRDD2Nx************************************************************* ************************************TCaHk8CGmA+TXSKM9q7cTtMb6ythUQhZrpq 0EEY5TgQKBgQ*************************************************************8/PD+mT 5jFvon5Q==
-----END RSA PRIVATE KEY-----
5

Configure Infrastructure Inputs

Go to: Citizen-Complaint-Resolution-System/devops/infra-as-code/terraform/sample-aws/input.yaml

Fill values for:

Parameter
Description

cluster_name

Lowercase alphanumeric & hyphens only

public_ssh_key

Paste public key here

db_name

Alphanumeric

db_username

Alphanumeric

domain_name

Your domain (e.g. demo.digit.org)

terraform_state_bucket_name

Unique S3 bucket name

6

Configure Application Secrets

Go to: Devops/deploy-as-code/charts/environments/env-secrets.yaml

Update:

  • db_passwordKeep the password and the Flyway password the same.

  • ssh_private_key under git-sync (maintain indentation)

Also, add the public key to your GitHub account (for code syncing). Refer to the steps below to add the public key to your GitHub account.

  1. Go to your profile icon in the top-right corner and click on settings. Refer screenshot below:

  2. Click on SSH and GPG keys, and click on the green button New SSH key. Refer screenshot below:

  3. Add the public key in the key section. You can add the title name as my-public-key or something similar.

7

Trigger Deployment

Push your changes to the master branch.

Then:

  • Go to GitHub → Actions tab

  • Click on DIGIT Install workflow

  • Click on the Run Workflow button

  • Select the master branch

  • Click on the Run Workflow button (in green)

  • Open the Actions tab in your GitHub account to view the workflow. You should see that the workflow has started and the pipelines have been completed successfully.

A GitHub Actions workflow is triggered after committing the inputs. This shows that your setup is correctly configured and your application is ready for deployment. Watch the workflow output for any errors or success messages to confirm everything is functioning as expected.

8

Setup Kubeconfig

Install AWS CLI (If not already installed) Open the terminal. Run the following command, which you have installed on the AWS CLI, and use the provided credentials. (Provide the credentials and leave the region and output format blank).

curl "https://awscli.amazonaws.com/awscli-exe-linux-x86_64.zip" -o "awscliv2.zip"

unzip awscliv2.zip

sudo ./aws/install

Verify installation: aws --version

Note: Ensure the profile name provided in the commands below matches the AWS profile used in the Terraform scripts.

Ensure AWS CLI is configured:

aws configure --profile digit-quickstart-poc
AWS Access Key ID []:<Your access key>
AWS Secret Access Key []:<Your secret key>
Default region name []: ap-south-1
// Setting profile
export AWS_PROFILE=digit-quickstart-poc

The above will create the following file on your machine under the user's home directory. /path/to/user/home/.aws/credentials

Additionally, ensure your AWS CLI is correctly configured by referring to the official AWS documentation on Configuring the AWS CLI - AWS Command Line Interface. Confirm your AWS credentials are correctly set by executing:

If not, create the profile using:

aws configure --profile <profile_name>

Run the below command to export AWS Credentials

export AWS_PROFILE=<profile_name>

Proceed only after verifying the correct configuration of your credentials. For any uncertainties on how to set up the credentials, consult the AWS documentation for detailed instructions. To check if credentials are properly set, run the command:

aws configure list --profile <profile_name>

Get the Kubernetes configuration and verify that you can connect to the cluster by running the command below.

aws eks --region ap-south-1 update-kubeconfig --name <cluster_name>
kubectl config use-context <cluster_name>
kubectl get nodes
kubectl get pods -A
9

Domain Setup

To get the domain:

kubectl get svc ingress-nginx-controller -n backbone -o jsonpath='{.status.loadBalancer.ingress[0].hostname}'

Example output:

ae210873da6f.ap-south-1.elb.amazonaws.com

➡️ Add this as a CNAME record in your domain provider settings.

10

Log in to DIGIT

https://<your-domain>/digit-ui/employee

Log in using the username/password from env-secrets.yaml.

Clean Up (Uninstall DIGIT)

To destroy the infrastructure:

  1. Go to GitHub → Actions → DIGIT-Install workflow

  2. Click Run workflow

  3. In the input box, type: destroy

  4. Monitor the job status

✅ This will remove all DIGIT infrastructure via Terraform.

💡 Note: If using a different branch (e.g. digit-install), ensure it’s mentioned in the workflow YAML under branches: the section.

Summary

Step
What to Do

IAM Setup

Create IAM user with keys

GitHub Secrets

Add 4 AWS-related secrets

Key Generation

Create SSH key pair

Infra Inputs

Fill input.yaml with your values

App Secrets

Add db_password and SSH key

Deployment

Push changes → GitHub workflow

KubeConfig

Setup CLI and connect to cluster

Domain Mapping

Add CNAME to DNS

Cleanup

Use destroy in GitHub workflow

PreviousSetupNextGet Started

Last updated

Was this helpful?