Container listens on a port (e.g. 8080) so it deploys cleanly on AWS
AWS runtime & data
ECS Fargate Service (desiredCount=1)
Always-on process fits the “background loop starts on boot, resumes after crash” requirement
Keeping 1 task avoids multi-writer determinism issues; we can add a leader-election story later if needed
Aurora Serverless v2 (Postgres)
Lowest-ops managed Postgres on AWS
Better long-term fit than SQLite for 40M–100M draw aggregates
Fast private access (Stage 1)
Public ALB in front of the ECS service, locked down to your static IP (security group / inbound CIDR allowlist)
Fastest way to test from your laptop immediately
No VPN, no Cognito, no API Gateway required at the start
Production scaling path (Stage 2+)
Move MCP behind an internal ALB (VPC-only)
Add a separate public backend/BFF that authenticates users + rate limits, and calls MCP privately inside the VPC
Add WAF/CloudFront/etc. only when needed
Local dev workflow (matches prod)
Docker Compose: local Postgres + MCP server container
Explicit TEST_MODE that limits draw counts and uses isolated data (per spec)
What I need from you before we implement infra
Your static IP in CIDR form (e.g. 203.0.113.10/32) for the ALB allowlist
Target AWS region (e.g. us-west-2) and whether we’re deploying into a fresh account/VPC or an existing one
If you confirm those, next I’ll propose the minimal CDK stack layout (VPC, Aurora, ECS, ALB, secrets, logs) and then we can proceed to implementation when you say so.