Skip to content

Commit 9babf85

Browse files
scottschreckengaustclaude
scottschreckengaust
and
claude
committed
docs: add least-privilege deployment roles and deployment guide
Add DEPLOYMENT_ROLES.md with least-privilege IAM policy for the CloudFormation execution role (IaCRole-ABCA), derived from analysis of all CDK constructs and handler code in the current single-stack architecture. Includes optional ECS statements when Fargate is enabled. Add DEPLOYMENT_GUIDE.md covering compute backend choices (AgentCore vs opt-in ECS Fargate via ComputeStrategy), scale-to-zero analysis, and complete AWS services inventory. Update COST_MODEL.md with scale-to-zero characteristics section, corrected baseline to ~$85-95/month, and updated references. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
1 parent c6f3b0f commit 9babf85

3 files changed

Lines changed: 718 additions & 5 deletions

File tree

docs/design/COST_MODEL.md

Lines changed: 10 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -16,7 +16,11 @@ These costs are incurred regardless of task volume:
1616
| DynamoDB (on-demand, idle) | ~$0/month | Pay-per-request; no cost when idle. |
1717
| CloudWatch Logs retention | ~$1–5/month | Depends on log volume. 90-day retention. |
1818
| API Gateway (idle) | ~$0/month | Pay-per-request. |
19-
| **Total baseline** | **~$85–90/month** | |
19+
| **Total baseline** | **~$85–95/month** | |
20+
21+
### Scale-to-zero characteristics
22+
23+
Most platform components are fully serverless and incur zero cost when idle: DynamoDB (PAY_PER_REQUEST), Lambda, API Gateway, ECS Fargate (cluster is free, when enabled), AgentCore Runtime (per-session), Bedrock (per-token), and Cognito (free tier). The always-on cost floor (~$85–95/month) is dominated by VPC networking infrastructure (NAT Gateway + 7 interface endpoints) which is required for private subnet connectivity to AWS services and GitHub. See the [Deployment guide](../guides/DEPLOYMENT_GUIDE.md) for the full scale-to-zero breakdown.
2024

2125
## Per-task variable costs
2226

@@ -85,7 +89,8 @@ For multi-user deployments, cost should be attributable to individual users and
8589

8690
## Reference
8791

88-
- [COMPUTE.md - Network architecture](./COMPUTE.md) - VPC infrastructure cost breakdown.
89-
- [ORCHESTRATOR.md](./ORCHESTRATOR.md) - Polling cost analysis.
90-
- [COMPUTE.md](./COMPUTE.md) - Compute option billing models.
91-
- [OBSERVABILITY.md](./OBSERVABILITY.md) - Cost-related metrics (`agent.cost_usd`, token usage).
92+
- [Deployment guide](../guides/DEPLOYMENT_GUIDE.md) -- Deployment choices, scale-to-zero analysis, AWS services inventory.
93+
- [DEPLOYMENT_ROLES.md](./DEPLOYMENT_ROLES.md) -- Least-privilege IAM policies for deployment.
94+
- [COMPUTE.md](./COMPUTE.md) -- VPC infrastructure cost breakdown, compute option billing models.
95+
- [ORCHESTRATOR.md](./ORCHESTRATOR.md) -- Polling cost analysis.
96+
- [OBSERVABILITY.md](./OBSERVABILITY.md) -- Cost-related metrics (`agent.cost_usd`, token usage).

0 commit comments

Comments
 (0)