Skip to content

AWS Scripts

AWS scripts wrap deployment operations and use scripts/aws/lib.sh for shared behavior (region defaults, Terraform output reading, tool availability checks). All scripts take an environment name (dev or prod) as their first argument.

For the full deployment sequences and context on when to use each script, see Operations Runbooks.

bootstrap-terraform-state.sh

ENV=dev AWS_REGION=us-west-1 scripts/aws/bootstrap-terraform-state.sh

Creates the S3 state bucket and DynamoDB lock table for Terraform. Run this once per environment before the first terraform plan. It's safe to run again if the resources already exist.

terraform-plan.sh

scripts/aws/terraform-plan.sh dev

Runs terraform init, terraform fmt -check, terraform validate, and terraform plan -out tfplan-dev. The saved plan file is used by terraform-apply.sh.

Always run this before applying. Read the full output before proceeding.

terraform-apply.sh

scripts/aws/terraform-apply.sh dev

# Production requires explicit confirmation:
scripts/aws/terraform-apply.sh prod --confirm-prod

Applies the saved plan from terraform-plan.sh. The --confirm-prod flag prevents accidental production changes.

build-images.sh

scripts/aws/build-images.sh dev

Builds all service Docker images locally. Each image gets two tags: - <git-sha> — for traceability (know exactly what code is running) - dev-current — the "current" tag referenced by ECS task definitions

Images built: - vega-api - vega-worker - vega-maintenance - vega-llm-proxy - vega-v16-runner

push-images.sh

scripts/aws/push-images.sh dev

Authenticates with ECR, tags all local images with the full ECR registry URL, and pushes both the SHA and dev-current tags. ECS will use the dev-current tag when the next deployment starts.

deploy-services.sh

scripts/aws/deploy-services.sh dev

Forces a new ECS deployment for vega-api, vega-worker, and vega-llm-proxy. ECS stops old tasks and starts new ones using the current task definition. The script waits for all services to report stable before exiting.

run-migrations.sh

scripts/aws/run-migrations.sh dev
scripts/aws/run-migrations.sh prod

Launches the vega-maintenance ECS task with the migration command (python scripts/run-db-migrations.py), waits for the task to stop, and exits with a non-zero code if the container failed.

Run this before deploy-services.sh when deploying new schema changes.

smoke-test.sh

scripts/aws/smoke-test.sh dev

# Override the API URL:
API_BASE_URL=https://api.dev.vega.example.com scripts/aws/smoke-test.sh dev

Checks that the deployed API health endpoint (/v1/healthz) returns 200. Reads api_base_url from Terraform outputs if available.

A passing smoke test confirms the API container is running and responding. It does not verify that scans can complete end-to-end.