Anysource Infra
What is Anysource Infra
Anysource-infra is a Terraform infrastructure configuration designed for deploying Anysource MCP Gateway on AWS. It offers a production-ready setup with customizable options tailored for enterprise needs.
Use cases
Use cases for anysource-infra include deploying web applications, managing backend services, and setting up data storage solutions that require high availability and performance.
How to use
To use anysource-infra, first ensure you have AWS CLI and Terraform installed. For minimal deployment, copy the minimal configuration file, edit the required values, and run the Terraform commands to initialize, plan, and apply the configuration.
Key features
Key features of anysource-infra include a multi-AZ VPC, Aurora PostgreSQL database with automated backups, Redis ElastiCache, Application Load Balancer with SSL/TLS termination, ECS Fargate services with auto-scaling, and robust security configurations.
Where to use
Anysource-infra is suitable for cloud-based applications that require scalable and reliable infrastructure, particularly in enterprise environments leveraging AWS services.
Overview
What is Anysource Infra
Anysource-infra is a Terraform infrastructure configuration designed for deploying Anysource MCP Gateway on AWS. It offers a production-ready setup with customizable options tailored for enterprise needs.
Use cases
Use cases for anysource-infra include deploying web applications, managing backend services, and setting up data storage solutions that require high availability and performance.
How to use
To use anysource-infra, first ensure you have AWS CLI and Terraform installed. For minimal deployment, copy the minimal configuration file, edit the required values, and run the Terraform commands to initialize, plan, and apply the configuration.
Key features
Key features of anysource-infra include a multi-AZ VPC, Aurora PostgreSQL database with automated backups, Redis ElastiCache, Application Load Balancer with SSL/TLS termination, ECS Fargate services with auto-scaling, and robust security configurations.
Where to use
Anysource-infra is suitable for cloud-based applications that require scalable and reliable infrastructure, particularly in enterprise environments leveraging AWS services.
Content
Anysource Enterprise Infrastructure
This directory contains Terraform configurations for deploying Anysource on AWS infrastructure. It provides production-ready infrastructure with smart defaults that can be customized for enterprise needs.
Overview
The Terraform configuration creates:
- VPC: Multi-AZ network with public/private subnets
- Database: Aurora PostgreSQL with automated backups
- Cache: Redis ElastiCache cluster
- Load Balancer: Application Load Balancer with SSL/TLS termination
- Compute: ECS Fargate services with auto-scaling
- Security: Security groups, IAM roles, and secrets management
- DNS: Optional Route53 integration or bring-your-own certificate
Quick Start
1. Prerequisites
- AWS CLI configured with appropriate permissions
- Terraform >= 1.0 installed
- Domain name you control (for SSL certificate)
2. Minimal Deployment (Recommended)
For the fastest deployment with production-ready defaults:
# Copy minimal configuration
cp minimal.tfvars.example production.tfvars
# Edit only these required values:
nano production.tfvars
Required Configuration (only 5 values):
environment = "production" region = "us-east-1" domain_name = "ai.yourcompany.com" # Your domain account = 123456789012 # Your AWS account ID suffix_secret_hash = "PROD2024" # Unique identifier
Deploy:
terraform init terraform plan terraform apply
3. Enterprise Deployment (Full Control)
For extensive customization options:
# Copy enterprise configuration
cp enterprise.tfvars.example production.tfvars
# Customize all settings as needed
nano production.tfvars
Configuration Options
Smart Defaults (Minimal Configuration)
When using minimal configuration, you get these production-ready defaults:
| Component | Default Configuration |
|---|---|
| Database | Aurora PostgreSQL 16.6, 2-16 ACUs, private subnets, 7-day backups |
| Security | Public ALB, private database/cache, internet access allowed |
| SSL | Automatic ACM certificate creation and validation |
| Scaling | 2 backend + 2 frontend containers, auto-scale to 10 max |
| Resources | Backend: 512 CPU/1024 MB, Frontend: 512 CPU/1024 MB |
| Network | 3-AZ VPC, /16 CIDR, public/private subnets |
Enterprise Customization Options
| Category | Customizable Options |
|---|---|
| Database | Engine version, capacity, backup retention, subnet placement |
| Security | Private ALB, IP restrictions, certificate management |
| Scaling | Instance counts, CPU/memory, auto-scaling thresholds |
| Network | Custom CIDR, availability zones, subnet configurations |
| Services | Additional S3 buckets, Lambda functions, monitoring |
Architecture
Internet Gateway │ ┌───▼───┐ │ ALB │ (Public subnets) └───┬───┘ │ ┌──────▼──────┐ │ ECS Fargate │ (Private subnets) │ Backend/Frontend │ └─────┬───┬───┘ │ │ ┌───▼┐ ┌▼────┐ │RDS │ │Redis│ (Private subnets) └────┘ └─────┘
Environment Variables and Secrets
The infrastructure automatically creates AWS Secrets Manager entries for:
- Database credentials (auto-generated)
- Application secrets (you provide)
- API keys and JWT secrets
Required Secrets (configure in AWS Secrets Manager after deployment):
SECRET_KEY: Application secret keyFIRST_SUPERUSER: Initial admin emailFIRST_SUPERUSER_PASSWORD: Initial admin password
Deployment Process
1. Plan and Review
terraform plan -var-file="production.tfvars"
2. Deploy Infrastructure
terraform apply -var-file="production.tfvars"
3. Configure Secrets
# Update secrets in AWS Console or CLI
aws secretsmanager update-secret \
--secret-id "anysource-production-app-secrets-${suffix_secret_hash}" \
--secret-string '{"SECRET_KEY":"your-secret-key","FIRST_SUPERUSER":"[email protected]"}'
4. Verify Deployment
# Check ALB endpoint
terraform output alb_dns_name
# Check application health
curl https://your-domain.com/api/v1/utils/health-check/
Common Configurations
Private Network (Enterprise Security)
alb_access_type = "private" alb_allowed_cidrs = ["10.0.0.0/8", "172.16.0.0/12"] # Corporate networks database_config = { publicly_accessible = false subnet_type = "private" }
High Availability Production
database_config = { min_capacity = 8 max_capacity = 64 backup_retention = 30 } services_configurations = { "backend" = { desired_count = 4 max_capacity = 20 cpu = 2048 memory = 4096 } }
Using Existing SSL Certificate
ssl_certificate_arn = "arn:aws:acm:us-east-1:123456789012:certificate/..." create_route53_records = false # Manage DNS externally
Outputs
After deployment, Terraform provides these outputs:
| Output | Description |
|---|---|
alb_dns_name |
Load balancer DNS name |
backend_ecr_url |
Backend Docker image URL |
frontend_ecr_url |
Frontend Docker image URL |
database_endpoint |
RDS endpoint (internal) |
redis_endpoint |
ElastiCache endpoint (internal) |
Maintenance
Updating Application Images
# Images are pulled automatically from public ECR
# Force ECS service update to pull latest:
aws ecs update-service --cluster anysource-production --service backend --force-new-deployment
aws ecs update-service --cluster anysource-production --service frontend --force-new-deployment
Scaling Resources
# Update production.tfvars with new capacity
# Apply changes:
terraform plan -var-file="production.tfvars"
terraform apply -var-file="production.tfvars"
Backup and Recovery
- Database backups are automated (configurable retention)
- Point-in-time recovery available for Aurora
- Infrastructure state is stored in Terraform state
Troubleshooting
Common Issues
1. Certificate Validation Fails
- Ensure domain DNS is properly configured
- Check if domain is publicly resolvable
- Verify ACM certificate status in AWS Console
2. ECS Tasks Not Starting
- Check ECS service events in AWS Console
- Verify secrets are properly configured
- Check CloudWatch logs for container errors
3. Database Connection Issues
- Verify security group rules
- Check if database is in correct subnets
- Ensure secrets contain valid database credentials
Getting Help
- Check CloudWatch logs:
/aws/ecs/anysource-production - Review ECS service events in AWS Console
- Validate Terraform configuration:
terraform validate - Check AWS resource status in AWS Console
Cost Optimization
Development/Staging
database_config = { min_capacity = 0.5 # Minimum for Aurora Serverless max_capacity = 2 } services_configurations = { "backend" = { desired_count = 1 } "frontend" = { desired_count = 1 } }
Production
- Use Aurora Reserved Instances for cost savings
- Enable detailed monitoring for optimization insights
- Set up billing alerts for cost control
Security Best Practices
- Use private subnets for database and cache
- Restrict ALB access to corporate IP ranges when possible
- Enable CloudTrail for audit logging
- Use least-privilege IAM roles and policies
- Regularly rotate secrets in AWS Secrets Manager
- Enable GuardDuty for threat detection
- Use WAF for additional web application protection
License
This infrastructure configuration is provided for enterprise customers under the Anysource Enterprise License Agreement.