deployment

Architecture

This package deploys a PostgreSQL RDS instance for the RCM MCP server. The MCP server runs locally on your machine and connects to this remote database.

What Gets Deployed

Resource	Description	Cost Estimate
VPC	Public subnets in 2 AZs	Free
RDS PostgreSQL	t4g.micro, 20GB storage	~$15/month
Secrets Manager	Database credentials at `/rcm/db-credentials`	~$0.40/month

Total: ~$15-16/month

Prerequisites

AWS CLI configured with appropriate credentials
Node.js 20+
AWS CDK CLI (npm install -g aws-cdk)

Deploying

# Build the package
yarn workspace @rcm/infrastructure build

# Preview changes
yarn workspace @rcm/infrastructure diff

# Deploy to AWS
yarn workspace @rcm/infrastructure deploy

Post-Deployment Setup

After deployment, all connection details are stored in Secrets Manager at /rcm/db-credentials.

1. Get Database Credentials

# Get all connection details
aws secretsmanager get-secret-value \
  --secret-id /rcm/db-credentials \
  --query SecretString \
  --output text | jq .

Output:

{
  "host": "rcmstack-xxx.region.rds.amazonaws.com",
  "port": 5432,
  "dbname": "rcmdb",
  "username": "rcm_admin",
  "password": "<generated-password>",
  "connection_string": "postgresql://rcm_admin:<password>@<host>:5432/rcmdb"
}

2. Set DATABASE_URL

# Get the connection string directly
export DATABASE_URL=$(aws secretsmanager get-secret-value \
  --secret-id /rcm/db-credentials \
  --query SecretString \
  --output text | jq -r .connection_string)

echo $DATABASE_URL

Or add to packages/mcp-server/.env:

# Generate the .env file
echo "DATABASE_URL=$(aws secretsmanager get-secret-value \
  --secret-id /rcm/db-credentials \
  --query SecretString \
  --output text | jq -r .connection_string)" > packages/mcp-server/.env

3. Run Migrations

# Set DATABASE_URL for migrations
export DATABASE_URL=$(aws secretsmanager get-secret-value \
  --secret-id /rcm/db-credentials \
  --query SecretString \
  --output text | jq -r .connection_string)

# Run migrations
yarn workspace @rcm/migrations migrate:up

# Seed the database
yarn workspace @rcm/migrations seed

4. Start the MCP Server

yarn workspace @rcm/mcp-server start
# Output: RCM MCP Server v2.0 running on stdio (PostgreSQL connected)

Tearing Down

To destroy all resources:

yarn workspace @rcm/infrastructure cdk destroy

Security Notes

This is a demo configuration with the database publicly accessible. For production:

Use private subnets with VPN or bastion host access
Restrict security group to specific IP ranges
Enable deletionProtection: true
Use larger instance types (t4g.small or larger)
Enable Multi-AZ for high availability
Consider Aurora PostgreSQL for better scaling

Troubleshooting

Can't connect to database

Check security group allows your IP:
```
curl ifconfig.me
```
Test connection:
```
psql $DATABASE_URL -c "SELECT 1"
```

CDK deployment fails

Ensure you have AWS credentials configured:
```
aws sts get-caller-identity
```

Bootstrap CDK (first time only):

cdk bootstrap aws://<ACCOUNT_ID>/<REGION>

Secret not found

If the secret doesn't exist after deployment, check the CloudFormation events:

aws cloudformation describe-stack-events \
  --stack-name RcmStack \
  --query 'StackEvents[?ResourceStatus==`CREATE_FAILED`]'

Full Documentation

For additional details, see the Infrastructure README on GitHub.

Next Steps

Run Migrations - Set up database schema
MCP Server - Connect to production database

Architecture​

What Gets Deployed​

Prerequisites​

Deploying​

Post-Deployment Setup​

1. Get Database Credentials​

2. Set DATABASE_URL​

3. Run Migrations​

4. Start the MCP Server​

Tearing Down​

Security Notes​

Troubleshooting​

Can't connect to database​

CDK deployment fails​

Secret not found​

Full Documentation​

Next Steps​