☁️AWS

This guide helps you deploy FormSG to production using standard AWS services with minimal customisation. For teams wanting to get FormSG running quickly in an AWS environment.

Quick Start Prerequisites

Before deploying FormSG to AWS:

AWS Account with administrative access
Domain name you control (e.g., forms.yourorg.gov)
Basic AWS knowledge (familiarity with AWS Console)

📋 Production Planning Checklist

Additional Planning for Production Deployments:

SSL certificate strategy (CDK can create automatically or use existing)
Estimated user load (concurrent users, forms per day)
Email provider setup (AWS SES domain verification)
Database strategy (MongoDB Atlas vs self-hosted)
Security and compliance requirements documented
Budget approved for ongoing AWS infrastructure costs

💰 Budget Planning:

Government teams typically need cost estimates for approval:

Compute costs: Vary by region and usage (ECS Fargate pricing)
Database costs: MongoDB Atlas M10+ or self-hosted infrastructure
Storage & networking: S3, data transfer, and load balancer costs

For planning purposes: Small government deployments (few hundred daily users) typically cost $100-400/month depending on region and configuration.

Use the AWS Pricing Calculator with your specific requirements for accurate estimates.

FormSG Production Architecture

This guide deploys the complete FormSG architecture to AWS:

AWS Infrastructure Implementation

The FormSG components map to AWS services as follows:

Frontend & API: ECS containers behind Application Load Balancer
Database: MongoDB Atlas or self-hosted MongoDB on EC2
Object Storage: S3 buckets with encryption
Email Service: AWS SES with SMTP
Identity Provider: AWS Cognito or external SAML/OIDC
Monitoring: CloudWatch + optional Datadog
Container Platform: ECS

🌟 Quick Deployment with CDK Template

Recommended Approach: Use the official FormSG CDK template for faster path to deployment.

Why Use the Template?

The FormSG team provides an AWS-ready CDK template that includes:

Infrastructure - VPC, ECS, S3, ALB, CloudWatch, and monitoring
Security configurations - Network isolation, encryption, and access controls
Automated SSL - Certificate management and renewal
Cost optimized - Right-sized resources for typical government workloads

Getting Started

Repository: opengovsg/formsg-on-cdk

# 1. Clone the official template
git clone https://github.com/opengovsg/formsg-on-cdk.git
cd formsg-on-cdk

# 2. Install dependencies
npm install

# 3. Deploy to AWS
npx cdk bootstrap  # First time only
npx cdk deploy

Deployment time: 15-30 minutes for complete infrastructure setup.

CDK Template Documentation

For detailed configuration options, troubleshooting, and advanced features:

Project Wiki: CDK Template Documentation
Issues & Support: GitHub Issues

Fastest Path: The CDK template provides the quickest way to get FormSG running on AWS with tested configurations.

Can't Use the CDK Template?

The CDK template above is the publicly available approach for AWS deployment. However, if you have specific constraints:

Alternative Approaches

If your organization requires different Infrastructure as Code:

Terraform/Pulumi/CloudFormation (2-4 weeks additional effort):

Start with cdk synth to see the generated CloudFormation resources
Adapt the resource definitions to your preferred tool
See Infrastructure Guidance for architectural patterns

These approaches require significant additional work and technical expertise.

Understanding What Gets Created

The CDK template automatically sets up a complete FormSG infrastructure including:

Networking: VPC with public/private subnets, load balancer, security groups
Compute: ECS cluster with auto-scaling containers
Storage: S3 buckets for files, Parameter Store for configuration
Database: Connection to your MongoDB (Atlas or self-hosted)
Email: Integration with AWS SES for notifications
Monitoring: CloudWatch logs, metrics, and basic alarms
Security: SSL certificates, encryption, network isolation

Architecture Details

VPC with public and private subnets
Application Load Balancer in public subnets (internet-facing)
ECS containers in private subnets (internal only)
Security groups with least-privilege access (ALB → ECS → Database)

This architecture provides high availability, security, and scalability suitable for government production workloads.

Validation Checklist

Check CDK outputs for your application URL
Visit your FormSG domain and proceed with functional testing:

Login with email OTP
Create and publish a test form
Submit form as citizen user

Issues? Check CloudWatch logs for your ECS service. Common problems: MongoDB connection, SES verification, DNS configuration.

Next Steps

🎉 Success! Your FormSG production deployment is now running on AWS.

Recommended next steps:

Set up automated backups for your database
Review security settings and compliance requirements

PreviousVirtual Machine (Docker)NextFly.io

Last updated 1 month ago

Was this helpful?