AWS Deployment

All AWS resources are managed via a single CloudFormation stack defined in infra/cloudformation.yaml, deployed with infra/deploy-aws.sh.

Architecture

Testers --> Wake-Up URL (API Gateway + Lambda)
                | (starts EC2 if stopped, redirects)
            Bastion EC2 (Elastic IP, t3.small)
                | Streamlit on :8501
                | Tailscale
            Jumper (52.40.248.112)
                | SSH tunnel
            StarRocks (internal :9030)

CloudFormation Stack

The stack creates these resources:

Resource	Type	Purpose
`BastionSG`	Security Group	Allows SSH (22) and Streamlit (8501) from allowed CIDR
`BastionInstance`	EC2 Instance	Runs the Docker container
Elastic IP	EIP	Stable public IP across stop/start
Lambda	Function	Wakes the instance on HTTP request
API Gateway	REST API	Public wake-up URL
CloudWatch Alarm	Metric Alarm	Auto-stops instance after idle period

Stack Parameters

Parameter	Default	Description
`KeyPairName`	(required)	EC2 key pair for SSH access
`TailscaleAuthKey`	(empty)	Tailscale auth key for VPN mesh
`JumperTailscaleIP`	(empty)	Tailscale IP of the jumper host
`AnthropicApiKey`	(empty)	Claude API key (optional, demo works without)
`StarRocksUser`	`kk`	Database user
`StarRocksPassword`	(empty)	Database password
`InstanceType`	`t3.small`	EC2 size (t3.micro/small/medium)
`IdleMinutesBeforeStop`	`30`	Minutes of low CPU before auto-stop (10-120)
`AllowedCIDR`	`0.0.0.0/0`	IP range for Streamlit/SSH access

Deploying

cd byocusage
./infra/deploy-aws.sh

The script prompts for required parameters and outputs three URLs:

Wake-Up URL -- Bookmark this. Starts the instance and redirects to the app.
App URL -- Direct Streamlit URL (http://<elastic-ip>:8501), only works when running.
SSH Command -- For debugging.

Lambda Wake-Up Function

The Lambda function behind API Gateway:

Checks EC2 instance state
Calls start_instances if stopped
Returns an HTML page that auto-refreshes and redirects to the Streamlit URL

CloudWatch Auto-Stop

A CloudWatch alarm monitors average CPU utilization. When CPU stays below 5% for the configured idle period (default 30 min), it triggers an EC2 stop action.

Operations

# Manual stop/start
aws ec2 stop-instances --instance-ids i-xxx --region us-west-2
aws ec2 start-instances --instance-ids i-xxx --region us-west-2

# Check logs on bastion
ssh -i <key>.pem ec2-user@<elastic-ip>
journalctl -u byoc-agent -f    # app logs
journalctl -u sr-tunnel -f     # tunnel logs
cat /var/log/user-data.log      # bootstrap log
tailscale status                # VPN status

# Update the app manually
ssh -i <key>.pem ec2-user@<elastic-ip>
cd /opt/app && git pull && sudo systemctl restart byoc-agent

# Tear down everything
./infra/deploy-aws.sh --teardown

Architecture​

CloudFormation Stack​

Stack Parameters​

Deploying​

Lambda Wake-Up Function​

CloudWatch Auto-Stop​

Operations​