Infrastructure as Code — App Stack for Java

Kuassi Mensah
5 min readJul 12, 2023
Photo by: Matthew Henry.

What are the pain points in deploying Java Apps? Infrastructure as Code (IaC) allows automating most tasks involved with provisioning Cloud infrastructure resources thereby eliminating those pains.
This post identifies the main steps in deploying your Java app and then introduces the App Stack for Java, a stack in the Oracle Cloud
Infrastructure marketplace for automating these steps.

Pain Points for Deploying Java Apps

Here are the common pains for deploying your Java applications over a Cloud infrastructure.

  1. Configuring the virtual network (VCN, subnets, security lists, route tables, gateways).
  2. Provisioning of the deployment platform.
  3. Provisioning a new database or reusing an existing one.
  4. Configuring the JDBC data source.
  5. Configuring the load balancer.
  6. Configuring DNS.
  7. Generating the build and deployment of CI/CD pipelines.
  8. Activating the monitoring service.

An IaC solution could take care of all these steps; all you’ll have to do is fill up some parameters then click a button and, after a few minutes, your application is up and listening for requests.

Introducing the App Stack for Java

The App Stack for Java is a Terraform-based IaC product (or “solution”) that provisions serverless resources in the Oracle Cloud Infrastructure and deploys your Java App.
Note: this is not a managed Cloud service.

Target Apps & Use Cases

  • Web applications (server-side HTML applications, aka servlets or Java Server Pages).
  • Back-end servers (REST APIs).
  • Standalone Java app that embeds a runtime (Netty for example).
  • Servlet or JSP packaged as a Web Application Archive (WAR) that the stack deploys on Tomcat.
  • Spring or SpringBoot application (with or without Hibernate) that configures Tomcat as a dependency.
  • Generic use case: container image that includes a web app (doesn’t have to be Java).

The Key Features

  • Simple to configure and launch.
  • Provisions the serverless Cloud resources required/configured by the Java App.
  • Mirror the Application source code from GitHub to OCI DevOps.
  • High Availability with a minimum of two container instances.

How Does the App Stack for Java Work?

For deploying your Java app with the App Stack for Java, you need to

  1. Fulfill the OCI prerequisites.
  2. Fill out the parameters; this is the only hard part.
  3. Apply the stack -> one-click deployment.

That’s it, the Application is ready to handle requests!
A complete step-by-step tutorial and videos are furnished hereafter.

Under the Covers

The App Stack performs the following actions

  • Create a new repository “xxxx_config”.
  • Leverage OCI services such as VCN, Object stores.
  • Download the database wallet ( the zip file includes Tnsnames.ora, cwallet.sso, and If the database wallet is rotated this zip file needs to be updated.
  • Generate the Dockerfile for building the container image.
  • Generate the spec for the build pipeline.
  • Generate the self-signed keystore for the internal HTTPS connection between the load balancer and the container instances.
  • Pull orapki.jar for use by the build pipeline to add the DB password to cwallet.sso.
  • Generate a container image of the user’s application, including an HTTP/HTTPS server and pre-configured ADB access.
  • Add the generated image to the Container Registry.
  • Deploy the application in Container Instances.
  • Provisions the Autonomous Database.
  • Generates the dependencies to pull JDBC, UCP, R2DBC, and so on from Maven Central.
  • Provisions Application Performance Monitoring and connect your app.
  • And much more …

These actions constitute pain relief and the main purpose of the App Stack.

Prerequisites and Cloud Resources

What are the prerequisites and Cloud resources used for deploying your Java App?


This step is required whether you are using the App Stack for Java or not.

  1. Select an application in your GitHub repo and create a personal token if you don’t already have one.
  2. Create an OCI compartment
  3. Create an OCI Vault in that compartment then add an encryption key
  4. Add the GitHub token as a secret
  5. Create a dynamic group and related policies
  6. For CI/CD managing, create an empty project (with its topic) in OCI DevOps and enable logging
  7. Allow OCI DevOps to connect to your GitHub repo by creating a connection
  8. Mirror your GitHub project in OCI DevOps.

The Cloud Resources Used by Your Java App

Based on the configuration of the Stack, Cloud resources are provisioned when you execute it. Most of these are free, even always free!

Free-Tier and Always-Free Resources

The Oracle Cloud Free Tier service allows you to build, test, and deploy your applications on Oracle Cloud for free. Upon signing up, the service comes with a $300 credit with 30 days expiration; following the expiration or the exhaustion of the credit, most of the provisioned services remain available as Always Free. You may add additional credit for services that do not fall under Always-Free.

Container Instances

OCI Container Instances are serverless compute resources (Open Container Initiative-compliant), optimized for containerized workloads that do not require a container orchestration platform such as Kubernetes.
You only pay for the CPU and memory resources allocated to your container instance at the same price as the regular Compute Instances for the chosen shape.

Resources Map and List

Here is the map and the list of OCI resources provisioned for your Java app by the App Stack.

  • Container Instances for building and running the app. Not an Always-Free resource.
  • DevOps project (optional): used for the build pipeline and CI/CD of the Java app; an OCI DevOps project is a mirror of your GitHub project. This service isn’t required if the application is already packaged as a container image.
  • Database: an existing Autonomous Database — Shared Infrastructure (ADB-S) can be used with the stack. The stack may create a new one if specified during the Stack configuration. This is an Always-Free
  • Vault (optional): necessary to avoid the limit on the number of tokens the current user has; we do not recommend using the current user, however, the Vault isn’t required if the application is provided as a container image.
  • A load balancer; part of Always-Free.
  • DNS (optional): A DNS zone for creating the application URL (for example If not provided during the stack configuration, the application will be available through the load balancer’s public IP (Always-Free). You can then configure your third-party DNS provider to point to this IP address.
  • HTTPS certificate (optional): if no certificate is provided, HTTP will be used against the IP address. This resource is part of Always-Free
  • Security policies
  • Monitoring service (Application Performance Monitor); part of Always-Free.

With an average burn rate of $3 and the initial $300 Free-Tier credit, you have sufficient free and cheap resources (i.e., when Free-Tier ends) to build, test and deploy your Java apps with the App Stack.

Get Started — Tutorial & Videos

Before using the App Stack for your own apps, we urge you to go through this complete step-by-step tutorial for deploying a SpringBoot app deployed on OCI using the App Stack for Java.

Here is the playlist of the walk-through videos including

More videos related to apps packaged as Java artifacts (WAR, JAR) and Containerized images will be released soon.

Get Help

  • Submit a GitHub issue
  • Email appstack_ww at

Follow @kmensah and #AppStack for notifications, questions, and discussions.



Kuassi Mensah

Director of Product Management for Java access to Oracle DB: Microservices, Serverless Functions, Reactive, Hadoop, Spark, Java EE, JVM-based languages.