Deploy on AWS in 30 minutes

Production-ready deployment in your AWS account using CloudFormation. Includes VPC, EC2, RDS Postgres, and S3.

Estimated time: ~30 minutes. You’ll need permissions to create VPC, EC2, RDS, and S3 resources.

  1. Prerequisites
    • AWS account with permissions for VPC, EC2, RDS, S3, and Load Balancer.
    • Domain or subdomain for HTTPS (Route 53 or external DNS).
  2. Launch the template

    Open AWS CloudFormation and launch our template:

    Launch on AWS (request access if needed)

  3. Parameters
    • Instance type: t3.medium (minimum for pilot workloads).
    • Database: Amazon RDS for PostgreSQL (db.t3.medium).
    • Storage: S3 bucket for logs and artifacts.
  4. Post-deploy
    • Update DNS to point to the load balancer (ALB/NLB).
    • Set admin password and enable SSO (OIDC/SAML).
    • Configure backup and retention policies.
  5. Redis cache (ElastiCache)
    • Create an ElastiCache for Redis cluster (engine 7.x). Start small (cache.t3.small) for pilots.
    • Allow inbound from the app subnets/security group. Record the primary endpoint.
    • Configure your services with REDIS_URL=redis://HOST:6379.
  6. Messaging (NATS)

    NATS is not a managed AWS service. For pilots, you can run a single-node NATS on EC2. For production, deploy a cluster on EKS. See the Kubernetes Quickstart for a Helm-based setup with JetStream.

    • Enable JetStream for durable streams and consumers.
    • Secure with authentication and restrict security groups to internal subnets.
  7. AI models (GPU)
    • Launch a GPU instance for AI models (e.g., g5.xlarge; ≥24GB VRAM recommended).
    • Install NVIDIA drivers and Docker runtime, then run the models container. Keep access internal.
    • Alternatively, use EKS with a GPU node group and the NVIDIA device plugin.
  8. TLS, observability, and backups
    • TLS: Terminate HTTPS at ALB using an ACM certificate; redirect HTTP→HTTPS.
    • Observability: Ship app logs to CloudWatch Logs; set metrics/alarms for CPU, memory, errors, queue depth.
    • Backups: Enable RDS automated backups and PITR; configure S3 lifecycle for logs/artifacts.
  9. Security & access
    • Single sign-on: Configure OIDC/SAML in the admin settings.
    • Secrets: Store credentials in AWS Secrets Manager or SSM Parameter Store; load via environment/EC2 role.
    • IAM: Use least-privilege roles for instances/workloads.
  10. Cleanup

    Delete the CloudFormation stack and any out-of-band resources (ElastiCache, GPU EC2, ACM certs, Route 53 records) to avoid charges.

Book a Demo