بنقرة واحدة
deploy
How to manage deployments of the FreshBooks MCP Server to AWS EC2
التثبيت باستخدام Codex أو Claude انسخ هذا Prompt والصقه في Codex أو Claude أو مساعد آخر ليراجع صفحة Skill ويثبّتها لك.
القائمة
How to manage deployments of the FreshBooks MCP Server to AWS EC2
التثبيت باستخدام Codex أو Claude انسخ هذا Prompt والصقه في Codex أو Claude أو مساعد آخر ليراجع صفحة Skill ويثبّتها لك.
استنادا إلى تصنيف SOC المهني
| name | deploy |
| description | How to manage deployments of the FreshBooks MCP Server to AWS EC2 |
Client → Route53 (freshbooks-mcp.bitovi-ai.com)
→ ALB (HTTPS:443, ACM cert, 3600s idle timeout)
→ EC2:3000 (Node.js + PM2, Amazon Linux 2023)
HTTPS=false in app config)~/.freshbooks-mcp/sessions.jsonfreshbooks-mcp-server-env) at deploy timePush to the deploy branch:
git checkout deploy
git merge main # or make changes directly
git push origin deploy
The GitHub Actions workflow will:
# Tail live logs
aws logs tail /freshbooks-mcp-server/app --follow --region us-east-1 \
--profile 767397775295_AdministratorAccess
# Search for errors
aws logs filter-log-events \
--log-group-name /freshbooks-mcp-server/app \
--filter-pattern "ERROR" \
--region us-east-1 \
--profile 767397775295_AdministratorAccess
curl https://freshbooks-mcp.bitovi-ai.com/health
# Expected: {"status":"ok","server":"freshbooks-mcp-server"}
# Connect to the instance
INSTANCE_ID=$(cd infra && terraform output -raw instance_id)
aws ssm start-session --target $INSTANCE_ID --region us-east-1
# On the instance:
pm2 status
pm2 logs freshbooks-mcp
No SSH keys needed. Requires the AWS CLI and the Session Manager plugin.
# Install the Session Manager plugin (macOS)
brew install --cask session-manager-plugin
# Connect
INSTANCE_ID=$(cd infra && terraform output -raw instance_id)
aws ssm start-session --target $INSTANCE_ID --region us-east-1 \
--profile 767397775295_AdministratorAccess
Secrets are stored in AWS Secrets Manager as JSON:
# View current secrets
aws secretsmanager get-secret-value \
--secret-id freshbooks-mcp-server-env \
--region us-east-1 \
--profile 767397775295_AdministratorAccess \
--query SecretString --output text | jq .
# Update a secret value
aws secretsmanager put-secret-value \
--secret-id freshbooks-mcp-server-env \
--region us-east-1 \
--profile 767397775295_AdministratorAccess \
--secret-string '{"FRESHBOOKS_CLIENT_ID":"...","FRESHBOOKS_CLIENT_SECRET":"...","MODE":"http","HTTPS":"false","SERVER_URL":"https://freshbooks-mcp.bitovi-ai.com"}'
After updating secrets, trigger a redeploy to pull the new values:
git commit --allow-empty -m "redeploy: refresh secrets"
git push origin deploy
cd infra
# Using local AWS profile
export AWS_PROFILE=767397775295_AdministratorAccess
export AWS_DEFAULT_REGION=us-east-1
terraform init
terraform plan
terraform apply
# Deploy app code via SSM
INSTANCE_ID=$(terraform output -raw instance_id)
aws ssm send-command \
--instance-ids "$INSTANCE_ID" \
--document-name "AWS-RunShellScript" \
--parameters 'commands=["cd /srv/freshbooks-mcp && git pull && npm ci && npm run build && pm2 reload ecosystem.config.cjs"]'
cd infra
export AWS_PROFILE=767397775295_AdministratorAccess
export AWS_DEFAULT_REGION=us-east-1
terraform destroy
This removes: EC2 instance, ALB, ACM certificate, Route53 record, security groups, IAM role, and CloudWatch log group.
The S3 state bucket (freshbooks-mcp-server-terraform-state) and Secrets Manager secret are NOT destroyed — they're managed outside Terraform.
pm2 status / pm2 logs.env exists: cat /srv/freshbooks-mcp/.envss -tlnp | grep 3000pm2 logs for startup errorsThe ALB idle timeout is set to 3600s (1 hour). If SSE connections drop sooner, check:
The ACM certificate is DNS-validated via Route53. If validation fails:
terraform apply again — it will wait for validation