con un clic
deploy
How to manage deployments of the FreshBooks MCP Server to AWS EC2
Instalar con Codex o Claude Copia este prompt, pégalo en Codex, Claude u otro asistente, y deja que revise la página de la skill y la instale por ti.
Menú
How to manage deployments of the FreshBooks MCP Server to AWS EC2
Instalar con Codex o Claude Copia este prompt, pégalo en Codex, Claude u otro asistente, y deja que revise la página de la skill y la instale por ti.
Basado en la clasificación ocupacional SOC
| name | deploy |
| description | How to manage deployments of the FreshBooks MCP Server to AWS EC2 |
Client → Route53 (freshbooks-mcp.bitovi-ai.com)
→ ALB (HTTPS:443, ACM cert, 3600s idle timeout)
→ EC2:3000 (Node.js + PM2, Amazon Linux 2023)
HTTPS=false in app config)~/.freshbooks-mcp/sessions.jsonfreshbooks-mcp-server-env) at deploy timePush to the deploy branch:
git checkout deploy
git merge main # or make changes directly
git push origin deploy
The GitHub Actions workflow will:
# Tail live logs
aws logs tail /freshbooks-mcp-server/app --follow --region us-east-1 \
--profile 767397775295_AdministratorAccess
# Search for errors
aws logs filter-log-events \
--log-group-name /freshbooks-mcp-server/app \
--filter-pattern "ERROR" \
--region us-east-1 \
--profile 767397775295_AdministratorAccess
curl https://freshbooks-mcp.bitovi-ai.com/health
# Expected: {"status":"ok","server":"freshbooks-mcp-server"}
# Connect to the instance
INSTANCE_ID=$(cd infra && terraform output -raw instance_id)
aws ssm start-session --target $INSTANCE_ID --region us-east-1
# On the instance:
pm2 status
pm2 logs freshbooks-mcp
No SSH keys needed. Requires the AWS CLI and the Session Manager plugin.
# Install the Session Manager plugin (macOS)
brew install --cask session-manager-plugin
# Connect
INSTANCE_ID=$(cd infra && terraform output -raw instance_id)
aws ssm start-session --target $INSTANCE_ID --region us-east-1 \
--profile 767397775295_AdministratorAccess
Secrets are stored in AWS Secrets Manager as JSON:
# View current secrets
aws secretsmanager get-secret-value \
--secret-id freshbooks-mcp-server-env \
--region us-east-1 \
--profile 767397775295_AdministratorAccess \
--query SecretString --output text | jq .
# Update a secret value
aws secretsmanager put-secret-value \
--secret-id freshbooks-mcp-server-env \
--region us-east-1 \
--profile 767397775295_AdministratorAccess \
--secret-string '{"FRESHBOOKS_CLIENT_ID":"...","FRESHBOOKS_CLIENT_SECRET":"...","MODE":"http","HTTPS":"false","SERVER_URL":"https://freshbooks-mcp.bitovi-ai.com"}'
After updating secrets, trigger a redeploy to pull the new values:
git commit --allow-empty -m "redeploy: refresh secrets"
git push origin deploy
cd infra
# Using local AWS profile
export AWS_PROFILE=767397775295_AdministratorAccess
export AWS_DEFAULT_REGION=us-east-1
terraform init
terraform plan
terraform apply
# Deploy app code via SSM
INSTANCE_ID=$(terraform output -raw instance_id)
aws ssm send-command \
--instance-ids "$INSTANCE_ID" \
--document-name "AWS-RunShellScript" \
--parameters 'commands=["cd /srv/freshbooks-mcp && git pull && npm ci && npm run build && pm2 reload ecosystem.config.cjs"]'
cd infra
export AWS_PROFILE=767397775295_AdministratorAccess
export AWS_DEFAULT_REGION=us-east-1
terraform destroy
This removes: EC2 instance, ALB, ACM certificate, Route53 record, security groups, IAM role, and CloudWatch log group.
The S3 state bucket (freshbooks-mcp-server-terraform-state) and Secrets Manager secret are NOT destroyed — they're managed outside Terraform.
pm2 status / pm2 logs.env exists: cat /srv/freshbooks-mcp/.envss -tlnp | grep 3000pm2 logs for startup errorsThe ALB idle timeout is set to 3600s (1 hour). If SSE connections drop sooner, check:
The ACM certificate is DNS-validated via Route53. If validation fails:
terraform apply again — it will wait for validation