Deployment

AWS

Two deployment paths for AWS: EC2 (one-command Docker Compose, simplest) and ECS Fargate + RDS (production-grade Terraform, ~$92/mo).

EC2 (Docker Compose)

Lowest-friction option. Spins up a t3.small EC2 instance (~$15/mo), installs Docker, and runs Postgres + Typesense + the gateway in Docker Compose.

Prerequisites

  • AWS CLI installed and configured (aws configure)
  • An EC2 key pair in us-east-1
  • Ports 22, 80, and 8080 accessible from your IP

Deploy

bash
bash deploy/aws/ec2/deploy.sh

The script will prompt for:

  • JWT_SECRET
  • TYPESENSE_API_KEY
  • INTERNAL_API_KEY
  • PG_PASSWORD
  • LLM_API_KEY

Then it creates a security group (astra-sg), launches a t3.small in us-east-1, SSHes in, writes a .env file, and starts Docker Compose with three services: postgres (pgvector:pg17), typesense (27.1), and gateway (ghcr.io/your-org/astra:latest).

Default config

SettingValue
Regionus-east-1
Instance typet3.small (2 vCPU, 2 GB RAM)
Cost~$15/mo
Gateway port8080
Security groupastra-sg

ECS Fargate + RDS (Terraform)

Production-grade deployment. ECS Fargate runs the gateway and Typesense; RDS PostgreSQL 17 with pgvector runs in a private subnet behind an Application Load Balancer.

Architecture

  • ECS Fargate — gateway + Typesense services
  • RDS PostgreSQL 17 — private subnet, encrypted at rest
  • Application Load Balancer — HTTP/HTTPS termination
  • Secrets Manager — all credentials injected at runtime
  • VPC with public/private subnets and NAT Gateway

Prerequisites

  • Terraform 1.5+
  • AWS CLI configured with sufficient IAM permissions
  • Docker image pushed to ECR (your-account.dkr.ecr.us-east-1.amazonaws.com/astra:latest)

Deploy

bash
cd deploy/aws/terraform
cp terraform.tfvars.example terraform.tfvars
# edit terraform.tfvars
terraform init
terraform apply

terraform.tfvars

hcl
gateway_image     = "your-account.dkr.ecr.us-east-1.amazonaws.com/astra:latest"
db_password       = "your-secure-password"
jwt_secret        = "your-jwt-secret"
typesense_api_key = "your-typesense-key"
internal_api_key  = "your-internal-key"
llm_api_key       = "your-llm-key"

Enable pgvector

Run after the first deploy:

bash
RDS=$(terraform output -raw rds_endpoint)
psql -h $RDS -U postgres -d astra \
  -c "CREATE EXTENSION IF NOT EXISTS vector;"

Redeploy gateway

bash
aws ecs update-service \
  --cluster astra-cluster \
  --service astra-gateway \
  --force-new-deployment \
  --region us-east-1

Cost estimate

Resource~Cost/mo
ECS Fargate (gateway)$15
ECS Fargate (Typesense)$8
RDS PostgreSQL 17$15
Application Load Balancer$18
NAT Gateway$35
EFS$1
Total~$92
NAT Gateway (~$35/mo) is the largest cost driver. For non-production workloads, consider using the EC2 path instead.

Terraform file reference

FilePurpose
main.tfProvider config and backend
vpc.tfVPC, subnets, NAT Gateway
security_groups.tfALB, ECS, and RDS security groups
ecs.tfTask definitions and services
rds.tfPostgreSQL 17 RDS instance
alb.tfApplication Load Balancer
iam.tfIAM roles and task execution policies
secrets.tfSecrets Manager resources
variables.tfAll input variables
outputs.tfExported values (endpoints, ARNs)