Platform infrastructure
| Category | What’s created |
|---|---|
| Networking | Private subnets, NAT gateway, security groups |
| Compute | Container cluster, container registry, load balancer |
| Deployment pipeline | Deploy and teardown orchestration, build environments, deployment functions |
| CDN | CloudFront distribution, edge routing functions, subdomain routing table |
| Storage | Deployment artifact bucket |
| IAM | Cross-account deploy role, OIDC provider, scoped roles for each pipeline step |
| Monitoring | Private metrics API |
| Certificates | Two wildcard ACM certificates (if not provided) |
Per-app resources
| What’s created | Purpose |
|---|---|
| Database | Dedicated Postgres database per app |
| Container task definition and service | Runs the app and worker processes |
| Load balancer target group and routing rule | Routes traffic to the app by subdomain |
| IAM roles (build, package, migrate) | Scoped per app for untrusted pipeline steps |
| Data bucket | App-specific file storage |
| Log group | App container logs |
| Auto-scaling policies | CPU and request-based scaling |