name	aws-deployment
description	Deploys AWS infrastructure with research-first approach. Uses AWS MCP tools for documentation, regional availability, and resource management. ALWAYS searches AWS documentation before writing code, explains services and abbreviations, considers alternatives, maintains organized aws/ folder, and CRITICALLY offers to destroy resources after testing. Use PROACTIVELY for any AWS deployment, Terraform, ECS, Fargate, Lambda, S3, RDS, or cloud infrastructure tasks. MUST BE USED for prototype/learning projects to avoid unexpected costs. (project)
allowed-tools	Bash, Read, Write, Edit, Grep, Glob, AskUserQuestion, WebFetch, mcp__aws-knowledge-mcp__aws___search_documentation, mcp__aws-knowledge-mcp__aws___read_documentation, mcp__aws-knowledge-mcp__aws___recommend, mcp__aws-knowledge-mcp__aws___get_regional_availability, mcp__aws-knowledge-mcp__aws___list_regions, mcp__aws-api-mcp__suggest_aws_commands, mcp__aws-api-mcp__call_aws, mcp__aws-ccapi-mcp__check_environment_variables, mcp__aws-ccapi-mcp__get_aws_session_info, mcp__aws-ccapi-mcp__get_resource_schema_information, mcp__aws-ccapi-mcp__list_resources, mcp__aws-ccapi-mcp__get_resource, mcp__aws-ccapi-mcp__generate_infrastructure_code, mcp__aws-ccapi-mcp__explain, mcp__aws-ccapi-mcp__run_checkov, mcp__aws-ccapi-mcp__create_resource, mcp__aws-ccapi-mcp__update_resource, mcp__aws-ccapi-mcp__delete_resource, mcp__aws-ccapi-mcp__get_aws_account_info

AWS Deployment Skill

Deploy and destroy pharma-test-gen ECS/Fargate infrastructure.

Configuration

Key	Value
Project	`pharma-test-gen`
Region	`eu-west-2`
Account	`275333454012`
ECR	`275333454012.dkr.ecr.eu-west-2.amazonaws.com`

Deploy Workflow

Full commands: reference/quick-commands.md

1. ECR Login

aws ecr get-login-password --region eu-west-2 | docker login --username AWS --password-stdin 275333454012.dkr.ecr.eu-west-2.amazonaws.com

2. Build & Push Images

# API
docker buildx build --platform linux/amd64 -f Dockerfile.api.pip -t 275333454012.dkr.ecr.eu-west-2.amazonaws.com/pharma-test-gen-api:staging-latest --push .

# Worker
docker buildx build --platform linux/amd64 -f Dockerfile.worker.pip -t 275333454012.dkr.ecr.eu-west-2.amazonaws.com/pharma-test-gen-worker:staging-latest --push .

# Frontend (needs CLERK key)
docker buildx build --platform linux/amd64 -f Dockerfile.frontend --build-arg NEXT_PUBLIC_CLERK_PUBLISHABLE_KEY=pk_test_xxx -t 275333454012.dkr.ecr.eu-west-2.amazonaws.com/pharma-test-gen-frontend:staging-latest --push .

3. Terraform Deploy

cd aws/terraform && terraform apply -var-file=environments/staging.tfvars -auto-approve

4. Upload ChromaDB (if missing)

tar -czvf /tmp/chroma_db.tar.gz -C main chroma_db
aws s3 cp /tmp/chroma_db.tar.gz s3://pharma-test-gen-vectors-staging/chroma_db.tar.gz --region eu-west-2

5. Force Service Redeployment

aws ecs update-service --cluster pharma-test-gen-cluster --service pharma-test-gen-api --force-new-deployment --region eu-west-2
aws ecs update-service --cluster pharma-test-gen-cluster --service pharma-test-gen-worker --force-new-deployment --desired-count 1 --region eu-west-2
aws ecs update-service --cluster pharma-test-gen-cluster --service pharma-test-gen-frontend --force-new-deployment --region eu-west-2

6. Verify Services

aws ecs describe-services --cluster pharma-test-gen-cluster --services pharma-test-gen-api pharma-test-gen-worker pharma-test-gen-frontend --region eu-west-2 --query 'services[].{name:serviceName,desired:desiredCount,running:runningCount}' --output table

Destroy Workflow

Quick Destroy

python aws/scripts/destroy.py --yes --skip-ecr

Manual (if script fails)

cd aws/terraform && terraform destroy -var-file=environments/staging.tfvars -auto-approve

Stop AWS Config (saves ~$3-5/month)

aws configservice stop-configuration-recorder --configuration-recorder-name pharma --region eu-west-2

Troubleshooting

Full guide: reference/troubleshooting.md

Symptom	Cause	Fix
Worker S3 403 Forbidden	ChromaDB tarball deleted	Re-upload: `aws s3 cp chroma_db.tar.gz s3://pharma-test-gen-vectors-staging/`
Worker desiredCount=0	Scaled down during destroy	Scale up: `aws ecs update-service --desired-count 1`
`uv: command not found` in WSL	uv not in Ubuntu	Use `python3` directly
Terraform state locked	Previous run crashed	`terraform force-unlock <LOCK_ID>`
ECR login failed	Token expired	Re-run ECR login command
Docker buildx not found	buildx not installed	`docker buildx create --use`

Health Checks

Service	Endpoint
Production (Route 53)	`https://csvgeneration.com/`
API Health	`https://csvgeneration.com/health`
Frontend	`https://csvgeneration.com/generate`

Get ALB DNS (internal)

aws elbv2 describe-load-balancers --names pharma-test-gen-api-alb pharma-test-gen-frontend-alb --region eu-west-2 --query 'LoadBalancers[].{name:LoadBalancerName,dns:DNSName}' --output table

CloudWatch Logs

Service	Log Group
API	`/ecs/pharma-test-gen/api`
Worker	`/ecs/pharma-test-gen/worker`
Frontend	`/ecs/pharma-test-gen/frontend`

View Recent Logs

aws logs filter-log-events --log-group-name /ecs/pharma-test-gen/worker --start-time $(date -d '5 minutes ago' +%s000) --region eu-west-2 --query 'events[-10:].message' --output text

WSL Wrapper (Windows)

All commands need WSL wrapper on Windows:

wsl -d Ubuntu -e bash -c "cd /mnt/c/Users/.../thesis_project && <command>"

Critical Scripts

Script	Purpose
`aws/scripts/deploy.py`	Full deployment orchestrator
`aws/scripts/destroy.py`	Clean teardown with S3 emptying
`aws/scripts/1_upload_chroma_to_s3.py`	ChromaDB S3 upload (requires boto3)

Cost Reminder

Estimated costs while running:

Per HOUR: ~$0.75
Per DAY: ~$18
Per MONTH: ~$540

ALWAYS offer to destroy after testing to avoid unexpected charges.

aws-deployment

Install Skill

SKILL.md