Elixium Logo
elixium.aiHuman + AI Agile

Deploy on AWS

Run Elixium on your own AWS infrastructure. Start with a single EC2 instance via Terraform in minutes, then scale to managed services as your team grows.

Prerequisites

  • AWS account with an EC2 key pair
  • Terraform 1.5+ installed (brew install terraform or download)
  • Elixium enterprise license key (from your Command Center → Deployment tab)

Getting Started with Terraform

The fastest path to a running Elixium instance. Download a pre-configured Terraform bundle from your Command Center — no AWS CLI required.

# 1. Download your deployment bundle from the Command Center

Go to Command Center → Deployment → Docker Compose → Download Bundle

# 2. Extract and navigate to the AWS Terraform directory

$ unzip elixium-docker-compose-bundle-*.zip

$ cd terraform/deployments/aws/docker-compose

# 3. Add your EC2 key pair and GHCR credentials to terraform.tfvars

$ nano terraform.tfvars

key_pair_name = "your-ec2-key"

ghcr_user = "your-github-user"

ghcr_token = "your-ghcr-pat"

# 4. Deploy

$ terraform init

$ terraform plan

$ terraform apply

# 5. Validate (~5 minutes after apply)

$ ./scripts/validate-deployment.sh $(terraform output -raw public_ip) your-key.pem

What Terraform Creates

ResourceDetails
VPC + SubnetsIsolated network with public subnet
Security GroupSSH + HTTPS only (configurable deployer CIDR)
EC2 Instancet3.xlarge (4 vCPU, 16GB) with Docker Compose via cloud-init
Elastic IPStatic public IP
TLSAuto-generated via nginx on port 443

Supports FIPS 140-2 for GovCloud and FedRAMP environments. Passwords are auto-generated if not provided. Air-gapped mode disables egress.

Estimated Monthly Cost

ServiceConfigurationEst. Cost
EC2 Instancet3.xlarge (4 vCPU, 16GB RAM)~$120
EBS Storage100GB gp3~$8
Elastic IPStatic public IP~$4
Total~$132/mo

Production Architecture: Managed Services

For larger teams or high-availability requirements, deploy Elixium using managed AWS services. This architecture uses ECS Fargate, RDS, and S3 — replacing the single-instance Docker Compose setup with auto-scaling, managed backups, and multi-AZ resilience.

Requires AWS CLI

The managed services setup below uses aws CLI commands. Install it with brew install awscli or from the AWS CLI docs. If you're just getting started, use the Terraform approach above instead.

Architecture Overview

ComponentAWS ServiceNotes
Frontend + APIECS FargateServerless containers, no EC2 management
DatabaseRDS PostgreSQL 16Managed backups, Multi-AZ optional
File StorageS3S3-compatible — replaces MinIO
AuthenticationECS Fargate (Keycloak)Backed by RDS
AI InferenceGemini (default), OpenAI, Azure OpenAI, or OllamaCloud AI or self-hosted Ollama (external GPU)
Load BalancerApplication Load BalancerTLS termination, path-based routing
Container RegistryECR (private)Mirror images from GHCR

Step 1: Mirror Container Images to ECR

# Authenticate to GHCR (credentials from Command Center → Deployment tab)
docker login ghcr.io

# Create ECR repositories
aws ecr create-repository --repository-name elixium-app
aws ecr create-repository --repository-name elixium-api

# Pull, tag, and push
docker pull ghcr.io/indirecttek/elixium-app:latest
docker pull ghcr.io/indirecttek/elixium-api:latest

aws ecr get-login-password | docker login --username AWS --password-stdin <account-id>.dkr.ecr.<region>.amazonaws.com

docker tag ghcr.io/indirecttek/elixium-app:latest <account-id>.dkr.ecr.<region>.amazonaws.com/elixium-app:latest
docker tag ghcr.io/indirecttek/elixium-api:latest <account-id>.dkr.ecr.<region>.amazonaws.com/elixium-api:latest

docker push <account-id>.dkr.ecr.<region>.amazonaws.com/elixium-app:latest
docker push <account-id>.dkr.ecr.<region>.amazonaws.com/elixium-api:latest

Step 2: Provision Infrastructure

# VPC with public + private subnets (2 AZs minimum)
aws ec2 create-vpc --cidr-block 10.0.0.0/16

# RDS PostgreSQL
aws rds create-db-instance \
  --db-instance-identifier elixium-db \
  --db-instance-class db.t3.medium \
  --engine postgres --engine-version 16 \
  --master-username elixium \
  --master-user-password <your-secure-password> \
  --allocated-storage 20 --db-name elixium

# S3 bucket
aws s3 mb s3://elixium-uploads-<your-org>

Step 3: Configure Environment

# Core configuration (store in Secrets Manager or SSM Parameter Store)
ELIXIUM_MODE=local
ELIXIUM_LICENSE_KEY=<your-license-key>
DATABASE_URL=postgresql://elixium:<password>@elixium-db.<id>.<region>.rds.amazonaws.com:5432/elixium
KEYCLOAK_URL=http://keycloak.elixium.local:8080
KEYCLOAK_REALM=elixium
KEYCLOAK_CLIENT_SECRET=<your-client-secret>
MINIO_ENDPOINT=s3.amazonaws.com
MINIO_PORT=443
MINIO_ACCESS_KEY=<iam-access-key>
MINIO_SECRET_KEY=<iam-secret-key>
AI_PROVIDER=gemini
GOOGLE_AI_API_KEY=<your-api-key>

Step 4: Deploy ECS Services

ServiceCPU / MemoryPortHealth Check
elixium-app512 / 1024 MB3000GET /
elixium-api1024 / 2048 MB3001GET /health
keycloak1024 / 2048 MB8080GET /health/ready

Step 5: ALB & DNS

# ALB routing rules:
# elixium.yourcompany.com     → elixium-app:3000
# elixium.yourcompany.com/api → elixium-api:3001
# sso.yourcompany.com         → keycloak:8080

# Add ACM certificate for TLS
aws acm request-certificate --domain-name elixium.yourcompany.com

# Create Route 53 record pointing to ALB
aws route53 change-resource-record-sets ...

Estimated Monthly Cost (Managed)

ServiceConfigurationEst. Cost
ECS Fargate (3 services)App + API + Keycloak~$90
RDS PostgreSQLdb.t3.medium, 20GB~$35
S3 + ALBStandard storage + load balancer~$21
AI Provider (optional GPU)Gemini API or Ollama on g4dn.xlarge$0–$380
Total (without GPU)~$175/mo

Need help with your AWS deployment? Contact [email protected] or back to self-hosted docs.