Medusa on AWS — Production Setup Guide

Introduction

This guide provisions a production-grade setup for Medusa on AWS. It uses our community Terraform module, available here:

https://registry.terraform.io/modules/u11d-com/medusajs/aws/latest

It includes Postgres (RDS), Redis (ElastiCache), object storage (S3), compute (ECS/Fargate or EC2), networking (VPC, ALB), HTTPS, and basic observability — all defined using our Terraform module.

If you need a fully detailed, step-by-step guide including account creation, monitoring, frontend deployment, CI/CD, IAM setup, and best practices, you can find it here:

https://u11d.com/ebooks/deploying-medusa-on-aws

Who It’s For

• Dev / Tech Leads
• DevOps Engineers
• CTOs evaluating infrastructure costs

Time Required

Approximately 20–30 minutes to create all resources (depending on region and quotas).

Prerequisites

Required Setup

Before you begin, make sure you have the following:

• An AWS account with permissions for VPC, RDS, ElastiCache, ECS/EC2, S3, and ACM
• Installed Terraform (>= 1.9), AWS CLI (configured), and Git
• (Optional) A domain name for HTTPS on the ALB
• Your Medusa build available as a container image (ECR or public registry)

What the Module Creates

Networking

• VPC (public/private subnets)
• Security groups
• Application Load Balancer

Databases

• Amazon RDS (Postgres)
• Amazon ElastiCache (Redis)

Compute

• ECS (Fargate) or EC2
• Container definitions
• Task roles and permissions

Storage & Security

• S3 for media assets
• Secrets and environment management for default Medusa variables

High-Level Steps

1. Clone the Template

Clone the template and fill out terraform.tfvars (region, names, domain, instance sizes).

git clone https://github.com/u11d-com/terraform-aws-medusajs.git
cd terraform-aws-medusajs/examples/minimal

2. Configure the App Image

Specify the app image (ECR URL or public tag) for Medusa.

# main.tf
medusa_image = "123456789.dkr.ecr.us-east-1.amazonaws.com/medusa:latest"
# or use a public image
medusa_image = "ghcr.io/u11d-com/medusa-backend:latest"

3. Apply Terraform

Initialize and apply your Terraform configuration. Review the plan before confirming.

terraform init
terraform plan
terraform apply

Resource creation typically takes 10–15 minutes.

4. Verify Deployment

Confirm that ECS/EC2 tasks are running and that ALB health checks are passing.

• Check ECS task status in the AWS Console
• Verify ALB target group health
• Test Medusa API endpoints

5. Production Checklist

• Enable automated RDS backups
• Configure a backup retention period
• Set up CloudWatch alarms
• Review RDS and Redis instance sizes
• Plan a secret rotation schedule
• Enable ACM certificates and TLS for your backend

Costs (Approximate)

* Costs are based on the default values from the Terraform module. They can be reduced by choosing smaller instance sizes, lower storage classes, or adjusting scaling settings depending on traffic.

Best Practices

Database Backups

• Enable automated RDS backups (set window and retention).
• Schedule backups during off-peak hours.
• Retain backups for at least 7 days.

Monitoring

• Configure CloudWatch alarms for CPU/RAM, ALB 5xx errors, and RDS/Redis metrics.
• Set up SNS notifications for critical alerts.

Security

• Rotate secrets regularly, or enable automatic rotation.
• Use AWS Secrets Manager for sensitive credentials.
• Ensure all network traffic is encrypted (TLS/HTTPS).

Upgrades

• Use immutable image tags.
• Test new versions in staging before deploying.
• Avoid using the latest tag in production.

What’s Next

CI/CD

• Build and push images to ECR using GitHub Actions or GitLab CI.
• Run terraform apply from your CI pipeline.
• Automate deployments on every merge to main.

Autoscaling

• Use ECS target tracking or EC2 Auto Scaling Groups.
• Scale RDS/Redis up or down based on CPU and connection metrics.

Logs

• Ship container logs to CloudWatch, ELK, or Loki.
• Set log retention policies.
• Create log-based metrics and alerts.