Deep DivesInfrastructure

Deployment

Deployment guide for the RawStack Infrastructure component.

First deployment

  1. Ensure the AWS CLI is configured and you have sufficient IAM permissions
  2. Bootstrap CDK in your account/region (one time only): 
    cdk bootstrap aws://<ACCOUNT_ID>/<REGION>
  3. Push Docker images to ECR before deploying (the Core and Web stacks reference image tags): 
    ./scripts/push-api-to-ecr.sh
./scripts/push-web-to-ecr.sh
./scripts/deploy-notification.sh   # if applicable
  4. Build the Admin SPA: 
    cd apps/admin && npm run build
  5. Deploy all stacks: 
    cd infrastructure/aws
npm run cdk deploy --all

The first deploy takes 15–20 minutes as RDS and ElastiCache provision.

Subsequent deployments

For application code changes, push a new Docker image and the EventBridge Lambda trigger will automatically initiate an ECS rolling deployment — no CDK deploy needed.

For infrastructure changes, run:

npm run cdk diff    # Review changes
npm run cdk deploy --all

Destroying stacks

npm run cdk destroy --all

If ENABLE_DELETION_PROTECTION=true is set, RDS will reject deletion. Set it to false first, redeploy, then destroy.

Auto-scaling

The Core Stack configures ECS auto-scaling for the API:

  • Minimum tasks: 1 (configurable via CORE_DESIRED_TASK_COUNT)
  • Maximum tasks: 10
  • Scale out: CPU > 70% or Memory > 80%
  • Scale in: CPU < 30%

Adjust thresholds in lib/core-stack.ts to match your workload.

Secrets

The CDK stack stores the RDS password in AWS Secrets Manager and injects it into the ECS task as an environment variable. The JWT secret and other API config are passed via environment variables defined in infrastructure/aws/.env — never commit this file with real secrets.

Testing

Testing guide for the RawStack Infrastructure component.

Introduction

An overview of the RawStack Notification component.

On this page

First deploymentSubsequent deploymentsDestroying stacksAuto-scalingSecrets