This document provides a comprehensive list of all AWS resources created by this solution.
- ECS Fargate Cluster
- Task Definition
- Fargate Service
- Container running Streamlit application
- CloudWatch Log Group for container logs
-
VPC Resources
- VPC with 2 Availability Zones
- Public Subnets
- Private Subnets
- NAT Gateway
- Internet Gateway
- Route Tables
- Network ACLs
-
Load Balancer
- Application Load Balancer
- ALB Target Group
- ALB Listener (Port 80)
-
Security Groups
- ALB Security Group
- ECS Fargate Service Security Group
- Amazon Cognito
- User Pool
- User Pool Client
- User Pool Domain
- AWS AppSync
- GraphQL API
- API Schema
- API Resolvers
- WebSocket API Endpoint
- AWS Secrets Manager
- AppSync Endpoint Secret
- Cognito App Client Secret
- Cognito Domain Prefix Secret
- Region Secret
- Redirect URI Secret
- Logout URI Secret
- Amazon Bedrock
- Bedrock Agent
- Agent Actions
- Agent Schema
-
IAM Roles
- ECS Task Role
- ECS Task Execution Role
- AppSync Service Role
- Bedrock Agent Role
-
IAM Policies
- Task Role Policies
- Task Execution Role Policies
- AppSync Service Role Policies
- Bedrock Agent Role Policies
- CloudWatch
- Container Log Groups
- ALB Access Logs
- VPC Flow Logs
- Metric Alarms (if configured)
All resources are prefixed with the stack name and construct ID for easy identification:
- Stack Name:
{stack-name} - Construct ID:
{construct-id}
- VPC is required for ECS Fargate and ALB deployment
- Cognito User Pool is required for authentication
- AppSync API depends on Cognito for authorization
- Secrets Manager secrets are used by the ECS tasks
- Bedrock Agent depends on the AppSync API for integration
When destroying this solution through CDK, all resources will be removed except:
- CloudWatch Log Groups
- Any manually created resources not part of the CDK stack
- Some resources may incur costs even when not actively used
- NAT Gateway is deployed in a single AZ to minimize costs
- ALB is internet-facing and restricted to CloudFront IPs