Forem: Rajaram Yadav

Deploy React (Vite) to AWS the Right Way — S3 + CloudFront + CodePipeline

Rajaram Yadav — Sun, 03 May 2026 13:54:54 +0000

Stop paying for nginx containers to serve static files. Here's the complete S3 + CloudFront setup with automated CI/CD — costs under $2/month.

Your React app is a collection of static files after npm run build. HTML. JavaScript. CSS. Images.
Serving static files from a Docker container on ECS is paying a chef to microwave leftovers. S3 + CloudFront costs less than a coffee per month, serves files from 400+ global edge locations, and scales to millions of requests automatically.
Here's the complete setup — S3 bucket, CloudFront distribution, CodePipeline CI/CD — so every push to main automatically builds and deploys your Vite app in under 3 minutes.

Why Not a Container?
ECS + nginx container:
EC2 instance : ~$15/month
ALB (for HTTPS) : ~$16/month
Total : ~$31/month
Regions served : 1

S3 + CloudFront:
S3 storage : ~$0.12/month
CloudFront : ~$0.88/month
Total : ~$1/month
Regions served : 400+ edge locations worldwide
The only case for containerising React: you're using Next.js with server-side rendering. Vite + React? Static files. S3 + CloudFront.

The Complete Pipeline
Push to main
↓
CodeStar webhook → CodePipeline
↓
Stage 1: SOURCE
Pulls repo → zips → S3 artifact bucket
↓
Stage 2: BUILD (CodeBuild)
npm ci
npm run build → /dist
aws s3 sync dist/ → frontend S3 bucket
CloudFront cache invalidation
↓
Users hit CloudFront URL
Served from nearest of 400+ edge locations
Under 3 minutes from push to live

Step 1 — S3 Bucket
bashaws s3 mb s3://your-app-frontend-ACCOUNTID --region us-east-1
Settings:

Block all public access: ON — CloudFront accesses via OAC, not public URL
Static website hosting: OFF — OAC is more secure, doesn't need this
Versioning: OFF — not needed for static hosting

Step 2 — CloudFront Distribution
Go to CloudFront → Create distribution.
Origin domain : your-app-frontend-ACCOUNTID.s3.us-east-1.amazonaws.com
← select from dropdown, don't type manually

Origin access : Origin Access Control (OAC)
→ Create new OAC
→ Signing behavior: Sign requests

Viewer protocol : Redirect HTTP to HTTPS
Cache policy : CachingOptimized
Default root object : index.html ← critical
After creating: CloudFront shows a banner with a bucket policy to copy. Copy it — you need it next.
Your CloudFront domain: d1abc2def3.cloudfront.net — this is your app's URL.

Step 3 — S3 Bucket Policy
Paste the policy CloudFront generated into your S3 bucket:
S3 → your bucket → Permissions → Bucket policy → Edit
json{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "AllowCloudFrontServicePrincipal",
"Effect": "Allow",
"Principal": {
"Service": "cloudfront.amazonaws.com"
},
"Action": "s3:GetObject",
"Resource": "arn:aws:s3:::your-app-frontend-ACCOUNTID/*",
"Condition": {
"StringEquals": {
"AWS:SourceArn": "arn:aws:cloudfront::ACCOUNTID:distribution/YOURDISTID"
}
}
}
]
}
This is Origin Access Control — only YOUR CloudFront distribution can read your files. Nothing else.

Step 4 — The Fix Everyone Forgets
React Router handles client-side routing. /dashboard, /settings, /users/123 are all fake URLs — React intercepts them and renders the right component.
When someone refreshes on /dashboard, the browser asks CloudFront for a file named dashboard. It doesn't exist in S3. CloudFront returns 403 or 404. Your app is broken.
Fix: add custom error responses to CloudFront.
CloudFront → your distribution → Error pages → Create custom error response

Error code : 403
Response page path: /index.html
HTTP response code: 200

Error code : 404
Response page path: /index.html
HTTP response code: 200
Why return 200 instead of 404? Because React Router is about to render the correct page. Returning 404 breaks analytics, SEO, and browser history.
Do this now. You will forget it exists and spend an hour debugging later.

Step 5 — IAM Role for CodeBuild
Role name : CodeBuildServiceRole-your-app-frontend
Trust : codebuild.amazonaws.com
Inline policy:
json{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "Logs",
"Effect": "Allow",
"Action": ["logs:CreateLogGroup", "logs:CreateLogStream", "logs:PutLogEvents"],
"Resource": ""
},
{
"Sid": "S3Artifacts",
"Effect": "Allow",
"Action": ["s3:GetObject", "s3:GetObjectVersion", "s3:PutObject", "s3:GetBucketVersioning"],
"Resource": [
"arn:aws:s3:::your-artifacts-bucket",
"arn:aws:s3:::your-artifacts-bucket/"
]
},
{
"Sid": "S3Frontend",
"Effect": "Allow",
"Action": ["s3:PutObject", "s3:GetObject", "s3:DeleteObject", "s3:ListBucket"],
"Resource": [
"arn:aws:s3:::your-app-frontend-ACCOUNTID",
"arn:aws:s3:::your-app-frontend-ACCOUNTID/"
]
},
{
"Sid": "CloudFront",
"Effect": "Allow",
"Action": ["cloudfront:CreateInvalidation"],
"Resource": ""
}
]
}

Step 6 — buildspec.yml
Add to repo root:
yamlversion: 0.2

env:
variables:
S3_BUCKET: "your-app-frontend-ACCOUNTID"
CLOUDFRONT_DISTRIBUTION_ID: "YOURDISTID"

phases:
install:
runtime-versions:
nodejs: 22
commands:
- echo "Node $(node --version)"

pre_build:
commands:
# npm ci = exact versions from package-lock.json
# Always use this in CI. npm install can silently update deps.
- npm ci

build:
commands:
- npm run build
- ls -la dist/

post_build:
commands:
# --delete removes old files: stale JS chunks, renamed assets, deleted pages
- aws s3 sync dist/ s3://$S3_BUCKET --delete

  # Cache invalidation — without this, users get old files for up to 24hrs
  # Note: single line. No backslash continuation.
  - aws cloudfront create-invalidation --distribution-id $CLOUDFRONT_DISTRIBUTION_ID --paths "/*"

  - echo "Deployed $(date)"

artifacts:
files:
- "*/"
base-directory: dist
The YAML Rule That Costs You Hours
Every - under commands: is a separate shell command. Backslash continuation creates a multi-line string — CodeBuild rejects it:
yaml# ❌ YAML_FILE_ERROR: Expected Commands[N] to be of string type

aws cloudfront create-invalidation \ --distribution-id $CLOUDFRONT_DISTRIBUTION_ID \ --paths "/*"

✅ One line — works every time

aws cloudfront create-invalidation --distribution-id $CLOUDFRONT_DISTRIBUTION_ID --paths "/*" Why npm ci Not npm install npm install can silently update package-lock.json. In CI, you want reproducible builds — the same packages every time. npm ci fails if package-lock.json is out of sync with package.json, making the inconsistency visible instead of hiding it. Why --delete on S3 Sync Vite uses content hashing: main.abc1234.js. Every build produces new filenames. Without --delete, old files pile up in S3 — old chunks from previous builds that no one will ever request. More importantly, if a file gets renamed or deleted from your project, the old version stays in S3 and can serve stale content if cache expires.

Step 7 — GitHub Actions (PR Checks)
CodePipeline only fires on merge to main. For PR feedback:
yaml# .github/workflows/ci.yml
name: Frontend CI

on:
pull_request:
branches: [ main ]
push:
branches: [ main ]

jobs:
build:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4

  - uses: actions/setup-node@v4
    with:
      node-version: '22'
      cache: 'npm'

  - name: Install
    run: npm ci

  - name: Lint
    run: npm run lint

  - name: Build
    run: npm run build
    # TypeScript errors, missing imports, bad JSX — all caught here
    # PR is blocked if this fails

  - name: Upload dist
    if: success()
    uses: actions/upload-artifact@v4
    with:
      name: dist
      path: dist/
      retention-days: 1

Every PR gets:

Lint check
Full production build

Broken TypeScript, bad imports, missing dependencies — caught before merge. main always has a working build.

Step 8 — CodePipeline
Create pipeline → "Build custom pipeline" (not Starter Template):
Pipeline settings:
Name : your-app-frontend-pipeline
Type : V2
Execution mode : SUPERSEDED
Service role : your CodePipeline service role
Artifact store : Custom → your artifacts S3 bucket

Source stage:
Provider : GitHub (via GitHub App)
Connection : your-github-connection
Repository : your-org/your-repo
Branch : main
Output : SourceArtifact

Build stage:
Provider : AWS CodeBuild
Input : SourceArtifact
Project : your-app-frontend-build
Output : BuildArtifact

Deploy stage:
Provider : Amazon S3
Input : BuildArtifact
Bucket : your-app-frontend-ACCOUNTID
Extract file : ✅ YES ← without this, the zip stays zipped in S3
The S3 Permission Error You Will Hit
If you reuse a CodePipeline service role from another pipeline, it won't have access to the frontend S3 bucket:
not authorized to perform: s3:PutObject on resource:
arn:aws:s3:::your-app-frontend-ACCOUNTID/...
Fix — add the frontend bucket to the role's S3 policy:
json"Resource": [
"arn:aws:s3:::your-artifacts-bucket",
"arn:aws:s3:::your-artifacts-bucket/",
"arn:aws:s3:::your-app-frontend-ACCOUNTID",
"arn:aws:s3:::your-app-frontend-ACCOUNTID/"
]

Connecting to Your Backend API

.env.production

VITE_API_BASE_URL=https://api.yourdomain.com
javascriptconst api = axios.create({
baseURL: import.meta.env.VITE_API_BASE_URL,
});
Set VITE_API_BASE_URL as an environment variable in your CodeBuild project — injected at build time by Vite. Never hardcode API URLs.

Cost Reference
ItemCostS3 (5GB stored)$0.12/monthCloudFront (1M requests)$0.01/monthCloudFront (10GB transfer)$0.85/monthCodePipeline$1.00/monthCodeBuild (10 builds × 2min)$0.10/monthTotal~$2.08/month
vs ECS + nginx + ALB: ~$50/month minimum.

Error Reference
ErrorCauseFixApp breaks on page refreshSPA routing fix missingAdd 403/404 → /index.html in CloudFront error pagess3:PutObject deniedFrontend bucket not in CodePipeline role S3 policyAdd both bucket ARNs to resource listYAML_FILE_ERROR: Expected Commands[N] to be string typeBackslash continuation in buildspec.ymlOne command per lineOld files served after deployNo CloudFront cache invalidationAdd create-invalidation --paths "/*" to post_buildBuild uses different deps than localnpm install used instead of npm ciAlways npm ci in CI

What's Next
Custom domain: ACM certificate + Route 53 → app.yourdomain.com → your CloudFront distribution. HTTPS is automatic.
Multi-environment:
merge to main → deploy STAGING → manual approval → deploy PRODUCTION
Two separate S3 + CloudFront pairs. Same CodePipeline, two deploy stages.
Cache headers: fine-grained control — index.html never cached, hashed JS/CSS cached for a year.

This is the frontend half of a full-stack AWS deployment. The backend — Spring Boot on ECS with CodePipeline — is the companion article.
Drop a ❤️ if this helped. Questions in the comments.

Deploying Spring Boot to AWS ECS with CI/CD — The Complete No-BS Guide published: true

Rajaram Yadav — Sun, 03 May 2026 13:50:55 +0000

Every IAM error, every Docker rate limit, every Testcontainers gotcha documented. The guide I wish existed when I started.
Most AWS deployment guides show you the happy path. This one shows you the whole road — including the potholes.
This is the complete walkthrough for deploying a Spring Boot app to AWS ECS with a real CI/CD pipeline. GitHub Actions for testing. CodePipeline + CodeBuild for deployment. Every IAM permission. Every command. Every error documented.
What You're Building
GitHub PR → GitHub Actions → tests pass → PR shows ✅

GitHub push to main → CodePipeline
→ CodeBuild (test + build JAR + build Docker image + push to ECR)
→ ECS rolling deploy (zero downtime)
→ SNS email notification
Stack:

Spring Boot 4.0.5 / Java 21 / Maven
MySQL 8 on Amazon RDS
Docker → Amazon ECR
Amazon ECS
GitHub Actions + AWS CodePipeline + CodeBuild

Step 1 — RDS MySQL
Create a db.t3.micro instance (free tier eligible):
Engine : MySQL 8.0
Template : Free tier
Public access : Yes (dev only — lock this down in production)
Port : 3306
Security group: allow 3306 from your local IP and your ECS security group.
properties# application.properties
spring.datasource.url=jdbc:mysql://:3306/yourdb
spring.datasource.driver-class-name=com.mysql.cj.jdbc.Driver
spring.flyway.enabled=true
spring.flyway.locations=classpath:db/migration
spring.jpa.hibernate.ddl-auto=none
Use Flyway for migrations. ddl-auto=none means Hibernate never touches your schema — Flyway owns it. This prevents accidental data loss.

Step 2 — Docker Setup
ECR Public for Base Images (Critical)
If you use Docker Hub images in CodeBuild, you will hit this:
429 Too Many Requests
toomanyrequests: You have reached your unauthenticated pull rate limit
Docker Hub allows 100 anonymous pulls per 6 hours per IP. AWS CodeBuild shares IPs. Your builds randomly fail. The fix is ECR Public — AWS's mirror of Docker Hub official images with no rate limits inside AWS.
dockerfile# ❌ Breaks randomly in CodeBuild
FROM maven:3.9-eclipse-temurin-21 AS builder
FROM eclipse-temurin:21-jdk-alpine

✅ No rate limits inside AWS

FROM public.ecr.aws/docker/library/maven:3.9-eclipse-temurin-21 AS builder

WORKDIR /app
COPY pom.xml .
RUN mvn dependency:go-offline -q

COPY src ./src
RUN mvn package -DskipTests -q

FROM public.ecr.aws/docker/library/eclipse-temurin:21-jdk-alpine

WORKDIR /app
COPY --from=builder /app/target/*.jar app.jar

EXPOSE 8080
ENTRYPOINT ["java", "-jar", "app.jar"]

COPY --from=builder must match the AS builder name exactly. Using --from=build when the stage is named builder gives a cryptic error: "failed to resolve source metadata for docker.io/library/build:latest"

Create ECR Repository
bashaws ecr create-repository \
--repository-name your-app-backend \
--image-scanning-configuration scanOnPush=true \
--region us-east-1

Step 3 — Testing with Testcontainers
Your app needs real MySQL. H2 won't work with MySQL-specific Flyway migrations. Testcontainers starts a real MySQL Docker container during test execution.
pom.xml — Spring Boot 4.x Gotcha
These artifact IDs don't exist in Spring Boot 4.x:
xml
spring-boot-starter-webmvc-test
spring-boot-starter-data-jpa-test
Correct dependencies:
xml

org.springframework.boot
spring-boot-starter-test
test

org.springframework.security
spring-security-test
test

org.springframework.boot
spring-boot-testcontainers
test

org.testcontainers
junit-jupiter
test

org.testcontainers
mysql
test

application-test.properties
properties# jdbc:tc: = Testcontainers intercepts this and starts a Docker MySQL container
spring.datasource.url=jdbc:tc:mysql:8.0:///yourapp_test
spring.datasource.driver-class-name=org.testcontainers.jdbc.ContainerDatabaseDriver
spring.jpa.hibernate.ddl-auto=none

Flyway runs real migrations in test context

spring.flyway.enabled=true

spring.mail.host=localhost
spring.mail.port=3025
app.jwt.secret=test-secret-key-for-ci-only
logging.level.root=WARN
Unit Test (Pure Mockito — ~200ms, no Spring)
java@ExtendWith(MockitoExtension.class)
class EmployeeServiceTest {

@Mock private EmployeeRepository employeeRepository;
@Mock private RoleRepository roleRepository;
@Mock private PasswordEncoder passwordEncoder;
@Mock private IdGeneratorService idGeneratorService;
@Mock private MailService mailService;

@InjectMocks
private EmployeeServiceImpl employeeService;

@Test
@DisplayName("register() → throws when email already exists")
void register_duplicateEmail_throwsException() {
    given(employeeRepository.existsByEmail("john@example.com")).willReturn(true);

    assertThatThrownBy(() -> employeeService.register(buildRequest()))
        .isInstanceOf(DuplicateResourceException.class);

    verify(employeeRepository, never()).save(any());
    verify(mailService, never()).sendRegistrationEmail(any(), any(), any(), any());
}

}
Controller Slice Test
java@WebMvcTest(EmployeeController.class)
@import(TestSecurityConfig.class) // disables JWT filter
class EmployeeControllerTest {

@Autowired MockMvc mockMvc;
@Autowired ObjectMapper objectMapper;
@MockitoBean EmployeeService employeeService; // @MockitoBean in Spring Boot 4, not @MockBean

@Test
void register_validRequest_returns201() throws Exception {
    given(employeeService.register(any())).willReturn(mockResponse());

    mockMvc.perform(post("/api/employees/register")
            .contentType(MediaType.APPLICATION_JSON)
            .content(objectMapper.writeValueAsString(validRequest())))
        .andExpect(status().isCreated())
        .andExpect(jsonPath("$.data.generatedId").value("EMP-001"));
}

}

Step 4 — GitHub Actions
yaml# .github/workflows/ci.yml
name: Backend CI

on:
pull_request:
branches: [ main ]
push:
branches: [ main ]

jobs:
test:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4

  - uses: actions/setup-java@v4
    with:
      java-version: '21'
      distribution: 'temurin'
      cache: maven

  - name: Run tests
    run: mvn test -Dspring.profiles.active=test --no-transfer-progress

  - name: Upload test report
    if: always()
    uses: actions/upload-artifact@v4
    with:
      name: test-report
      path: target/surefire-reports/

Docker is pre-installed on ubuntu-latest. Testcontainers works out of the box.

Step 5 — CodePipeline + CodeBuild
IAM Roles — Get These Right First
CodePipeline role — the most important permission is iam:PassRole:
json{
"Statement": [
{
"Sid": "PassRoleToECS",
"Effect": "Allow",
"Action": "iam:PassRole",
"Resource": [
"arn:aws:iam::ACCOUNT:role/ecsTaskExecutionRole",
"arn:aws:iam::ACCOUNT:role/YOUR_ACTUAL_TASK_ROLE"
]
}
]
}
Find your exact role ARNs first:
bashaws ecs describe-task-definition \
--task-definition your-task-definition \
--query 'taskDefinition.{exec:executionRoleArn,task:taskRoleArn}'
Both ARNs must be in the PassRole resource list. The role you assume in ECS is often NOT named ecsTaskExecutionRole — it has a generated name. Check before writing the policy.
CodeBuild role — needs ECR Public auth (for rate-limit-free base image pulls):
json{
"Sid": "ECRPublicAuth",
"Effect": "Allow",
"Action": [
"ecr-public:GetAuthorizationToken",
"sts:GetServiceBearerToken"
],
"Resource": "*"
}
buildspec.yml
yamlversion: 0.2

env:
variables:
AWS_REGION: "us-east-1"
ECR_REPOSITORY_URI: "123456789012.dkr.ecr.us-east-1.amazonaws.com/your-app"
ECS_CLUSTER: "your-cluster"
ECS_SERVICE: "your-service"
CONTAINER_NAME: "backend"

phases:
install:
runtime-versions:
java: corretto21

pre_build:
commands:
- aws ecr get-login-password --region $AWS_REGION | docker login --username AWS --password-stdin $ECR_REPOSITORY_URI
- aws ecr-public get-login-password --region us-east-1 | docker login --username AWS --password-stdin public.ecr.aws
- IMAGE_TAG="${CODEBUILD_RESOLVED_SOURCE_VERSION:0:7}"
- mvn test -Dspring.profiles.active=test --no-transfer-progress

build:
commands:
- mvn package -DskipTests --no-transfer-progress
- docker build -t $ECR_REPOSITORY_URI:$IMAGE_TAG .
- docker tag $ECR_REPOSITORY_URI:$IMAGE_TAG $ECR_REPOSITORY_URI:latest

post_build:
commands:
- docker push $ECR_REPOSITORY_URI:$IMAGE_TAG
- docker push $ECR_REPOSITORY_URI:latest
- FULL_IMAGE="$ECR_REPOSITORY_URI:$IMAGE_TAG"
- echo -n "[{\"name\":\"$CONTAINER_NAME\",\"imageUri\":\"$FULL_IMAGE\"}]" > imagedefinitions.json
- python3 -c "import json; json.load(open('imagedefinitions.json')); print('JSON valid')"
- cat imagedefinitions.json

artifacts:
files:
- imagedefinitions.json
discard-paths: yes
Two YAML Gotchas That Cost Hours
Gotcha 1 — No backslash continuation:
yaml# ❌ CodeBuild YAML parser rejects this — "Expected Commands[N] to be string type"

aws cloudfront create-invalidation \ --distribution-id $ID \ --paths "/*"

✅ One line

aws cloudfront create-invalidation --distribution-id $ID --paths "/*" Gotcha 2 — imagedefinitions.json spaces: yaml# ❌ printf with continuation injects spaces → "The image URI contains invalid characters"
printf '[{"name":"%s","imageUri":"%s"}]' \ $CONTAINER_NAME \ $ECR_REPOSITORY_URI:$IMAGE_TAG \ > imagedefinitions.json

✅ echo -n single line — no spaces, no newline

FULL_IMAGE="$ECR_REPOSITORY_URI:$IMAGE_TAG"
echo -n "[{\"name\":\"$CONTAINER_NAME\",\"imageUri\":\"$FULL_IMAGE\"}]" > imagedefinitions.json CodeBuild Project — Privileged Mode Without this, Testcontainers fails with Could not find a valid Docker environment: CodeBuild → project → Edit → Environment → ✅ Privileged mode: ON CodeStar Connection — Read This Carefully After creating the connection and doing OAuth, you must ALSO install the GitHub App: github.com/apps/aws-connector-for-github/installations/new → Select your account/org → Grant access to your repositories → Install Without installation, every run fails: [GitHub] No Branch [main] found for FullRepositoryName [user/repo] The branch exists. The connection shows "Available". The installation step is just missing.

Common Error Reference
ErrorRoot causeFix429 Too Many Requests from Docker HubAnonymous pull rate limitUse public.ecr.aws/docker/library/ base imagesiam:PassRole deniedMissing role ARN in PassRole resourceRun describe-task-definition to find exact ARNsExpected Commands[N] to be string typeBackslash continuation in YAMLOne command per lineimage URI contains invalid charactersSpaces in imagedefinitions.jsonUse echo -n on single lineNo Branch [main] foundGitHub App not installed (only authorized)Install at github.com/apps/aws-connector-for-githubCould not find valid Docker environmentPrivileged mode off in CodeBuildEnable Privileged mode in project settingsSwagger 403 after deploy/v3/api-docs/** not in security whitelistAdd to PUBLIC_ENDPOINTS alongside /api-docs/**

The Swagger 403 Nobody Warns You About
After deployment, Swagger UI loads but shows "Failed to load remote configuration."
You have /api-docs/** in your security whitelist. That should be enough. It's not.
SpringDoc internally calls /v3/api-docs/swagger-config on every Swagger UI load — regardless of your custom springdoc.api-docs.path. It's hardcoded in the library.
javapublic static final String[] PUBLIC_ENDPOINTS = {
"/swagger-ui/",
"/swagger-ui.html",
"/api-docs/",
"/v3/api-docs/**", // ← add this
"/actuator/health",
"/error"
};

That's the complete backend setup. For the frontend companion — React/Vite deployed to S3 + CloudFront with the same CodePipeline approach — check my profile.

Drop a ❤️ if this saved you time. Questions? Drop them in the comments.

I Built an AI Resume Optimizer While Job Hunting — Here’s What Actually Worked

Rajaram Yadav — Wed, 29 Apr 2026 20:18:49 +0000

Try it: https://shortlisted-one.vercel.app/
I got tired of rewriting my resume for every job application.

Different companies, different keywords, slightly different expectations—and somehow your resume needs to match all of them.

So I built Shortlisted: a tool that takes your resume + a job description and rewrites it into a tailored version.

What I didn’t expect?
I’d spend more time debugging async pipelines than building the AI itself.

*🚀 What the product does
*
The flow is simple:

Upload your resume (PDF/DOCX)
Paste a job description (or URL)
Get a tailored resume ready to export

Under the hood, it:

Parses your resume
Extracts and analyzes the job description
Matches and rewrites content
Exports a polished PDF/DOCX

*🧠 Tech Stack (kept simple)
*

Frontend: Next.js (App Router), TypeScript, Tailwind
Backend: FastAPI + PostgreSQL
Async processing: Redis + Celery
Auth & billing: Clerk + Stripe (test mode)
Analytics: PostHog

*⚙️ Architecture (high-level)
*Client → API → Queue → Worker → Storage ↑ ↓ └──── Status API ←──────┘

Upload route → handles resume ingestion + parsing
Job route → processes the job description
Optimize route → kicks off async pipeline
Worker → runs rewrite, match, export stages
Status endpoint → returns granular progress for UI polling **🔥 What was harder than expected **1. Async pipelines are easy to start, hard to trust

Celery works great… until it doesn’t.

I ran into:

Jobs getting stuck in “pending”
Duplicate executions on retries
Partial failures mid-pipeline

Fixes involved:

Adding explicit job state tracking in the DB
Making tasks idempotent
Breaking the pipeline into smaller, traceable steps

Lesson: “it works locally” means nothing for async systems

*2. Resume parsing is messier than you think
*
Resumes are wildly inconsistent:

Different formats (PDF vs DOCX)
Layout-heavy designs
Broken text extraction

I tried:

Regex → fast but brittle
LLM parsing → flexible but expensive
Hybrid → best balance
Final approach:
Structured extraction where possible
LLM fallback for messy sections
*3. UX for async systems is underrated
*
Users don’t care that you’re using Redis or Celery.

They care that:

It doesn’t feel stuck
They know what’s happening
Progress feels real

So I added:

Step-level progress updates (not just “loading…”)
Backend-driven status tracking
Polling with meaningful states (not fake progress bars) *4. LLM reliability is a system design problem * It’s not just “call OpenAI and done”.

Real issues:

API failures
Rate limits
Cost control
Output inconsistency

What helped:

Provider fallback logic
Key validation before execution
Structured prompts + validation
📈 What I’d improve next
**Product-side
**
Template system for multiple resume styles
Section-level editing (human-in-the-loop)
Better analytics: upload → export conversion
*Engineering-side
*
Stronger retry + idempotency guarantees
Job deduplication (same resume + JD = no re-run)
Smarter caching for repeated job descriptions
Cost tracking per pipeline run
*💡 What I learned
*
Async systems are where most real complexity lives
LLMs are the easy part—reliability is the hard part
Good UX matters more than clever backend design
“AI product” really means “distributed systems + AI”
*🤔 Open questions
*
If you’re building something similar:
How are you handling async job reliability?
Are you using Celery, or something like Temporal?
How do you manage LLM fallbacks and cost control?

Would love to compare approaches.

If you’ve built anything in this space, drop a link—I’m curious how others are solving this.

Learning Javascript

Rajaram Yadav — Wed, 30 Sep 2020 18:20:44 +0000

Hello fellas,
Hope you are doing great.

The thing is I have recently started learnig front-end from very basic. And I learnt HTML/CSS and built some basic project pages using them. You can check in my profile.

Now I started learning ##Javascript.
I watched basic tutorial on youtube of basic output perform conditional and logical operation.

Now what step should I take??
Suggestions and comments.

Thanks.
Let's grow together.
DEVSOR happy coding.

Model of official webpage

Rajaram Yadav — Wed, 30 Sep 2020 18:10:45 +0000

Hello guys,
I had not been recently active due to my mid-sem exam.

But interests come back and knock you again right.
So I am here with new webpage model to enhance and boost my HTML and css knowledge.

Link to my project is this

All the suggestions and comments are highly appreciated.
Let's grow together.
Code DEVSOR

Thanks

Beginner Webpage form

Rajaram Yadav — Thu, 03 Sep 2020 15:37:33 +0000

Hello guys,
Today I created a responsive from as a project of HTML/CSS.

I am learning htmls/css as I have other works to di I can't give much time there.
But Learning is a continous process.
We need to learn things side by side.

Link

You can see my project here.

Hope You guys like it.

And it would be great help if you comment or suggest anything.
Thanks.

Created Webpage Model

Rajaram Yadav — Tue, 01 Sep 2020 17:24:48 +0000

Today as a project, I just completed my webpage model using HTML and CSS.
It was a good journey learning HTML and CSS.
I learnt things from basics and with increasing practise and projects I believe that I would be able to go further and improve it through time.

Indeed it was good and after completion when I saw my page I felt happy .

Take little time to view it.
Here is link for that.
https://jsfiddle.net/gcux9s5d/
All the improvements and suggestions are highly recommended.
Thanks.

Learning data structure and Algorithm

Rajaram Yadav — Sun, 30 Aug 2020 14:37:04 +0000

I am in second semester and I have got this subject in my semester. I am struggling with Data and structure, can't understand concepts,programs. In dilemma of which path to choose to excel in this as we all know how important this subject is for CSE guy.

Starting journey on CSS

Rajaram Yadav — Sun, 30 Aug 2020 10:55:24 +0000

Hello guys,

So you can build skeleton of page using html.But you need extra to decorate it.
It's like extra items of dinner that makes dinner tastier.

Yup guys, I am talking about CSS

CSS makes your website decorative as it comes with many decorating features.
I has just started my journey on 28/08/2020 on this.
Yes, I don't want my site look just skeleton I want to dress it make it colorful and attractive that's what CSS do.

Basically you can use CSS in 3 ways.
*Inline,*Outline(Internal) and *Creating seperate documents(i.e External).
So many developers choose seperate file for CSS as they don't want to mix things and increase readability of program.

Thanks

Learning html

Rajaram Yadav — Sun, 30 Aug 2020 10:48:19 +0000

I started my HTML journey on 23/08/2020 and i completed my basic tutorials basic programs on 27/08/2020.
I felt html as such an easy platform you can learn it in few hours.
Basically you need is:
<!DOCTYPE HTML> to specify it as document.
then there are two types of syntax
1) Comes with opening and closing both like
-specifying html

-specify head section
-to link another page or site
- bold
-ittalic
-paragraph

-heading or bigger size

-specify table
- division or a section

-unordered list

-ordered list

-list element

and other many more i have only mentioned basics.
2) comes singly
-meta tag with charset

-breaking line

-horizontal ruler

We can insert inages with img tag and many more are there if you want to learn can easily learn from W3schools and freecodecamp.
For further query Can contact me.
Thanks

Starting new journey on dev web

Rajaram Yadav — Sun, 30 Aug 2020 10:35:34 +0000

Hello everyone out there,
Today I am going to write about my plan for now.
I recently took a new domain for my interest.
I want to learn front-end developer.
So , I started from basic. I started to learn it from 23/08/2020.
In these days i learnt HTML5 and can build basic framework of webpages for now.

I started my journey chasing my interest.
Are there anyone out there having same interest and in basic level now can join my journey.

And yaa I am learning through Youtube tutorials mostly, W3schools and freecodecamp.
Thanks for now

Python

Rajaram Yadav — Sat, 22 Aug 2020 18:03:26 +0000

So if any of you want to get into programming. Then it's not that hard.

Basic thing you need is:

Knowledge of English
Good at logical thinking
And Basic math stuffs

You can search
online,
watch tutorials on youtube
Learn through basics by printing hello world. And then you will get into other deep technical things.