Add code owners and pull request template

.github/CODEOWNERS

@@ -0,0 +1,13 @@
+# This is a CODEOWNERS file.
+# Each line is a file pattern followed by one or more owners.
+# These owners will be requested for review when someone opens a pull request that modifies code they own.
+
+# Assign the entire repository to the devops user
+*       @devops-itsware
+
+# Assign specific directories to the devops user
+/docs/  @devops-itsware
+/src/   @devops-itsware
+
+# Assign specific files to the devops user
+README.md   @devops-itsware

README.md

@@ -1,66 +1,24 @@
-# Supabase on AWS - CloudFormation/CDK Template
-
-_Launch in minutes. Scale to millions._
-
-This repo includes a template of starting Supabase stack on AWS via CloudFormation/CDK. This template use managed services such as Amazon ECS and Amazon Aurora etc...
+# Itsware Hosted Supabase on AWS - CloudFormation/CDK Template
+
+This repo includes a modified template of a starting Supabase stack on AWS via CloudFormation/CDK. This template uses the following managed services:
+- Route53 
+- AWS ECS
+- AWS Aurora
+- AWS ECR
+- AWS ALB
+- AWS Amplify
+- Cloudfront
+- AWS Certificate Manager
+- AWS WAF and Shield
+- AWS Backup
+- AWS Lambda
+- AWS S3
 
 ## Architecture
 
-![architecture-diagram](docs/images/architecture-diagram.png)
-
-![smart-cdn-caching](docs/images/smart-cdn-caching.png)
-
-## Deploy via CloudFormation template
-
-| Region | View | Stable | Latest |
-|:--|:--|:--|:--|
-| US East (N. Virginia) | [View][us-east-1] | [![launch][launch]][stable-us-east-1] | [![launch][launch]][latest-us-east-1] |
-| US West (Oregon) | [View][us-west-2] | [![launch][launch]][stable-us-west-2] | [![launch][launch]][latest-us-west-2] |
-| Europe (Ireland) | [View][eu-west-1] | [![launch][launch]][stable-eu-west-1] | [![launch][launch]][latest-eu-west-1] |
-| Asia Pacific (Tokyo) | [View][ap-northeast-1] | [![launch][launch]][stable-ap-northeast-1] | [![launch][launch]][latest-ap-northeast-1] |
-| Asia Pacific (Osaka) | [View][ap-northeast-3] | [![launch][launch]][stable-ap-northeast-3] | [![launch][launch]][latest-ap-northeast-3] |
-| Asia Pacific (Singapore) | [View][ap-southeast-1] | [![launch][launch]][stable-ap-southeast-1] | [![launch][launch]][latest-ap-southeast-1] |
-| Asia Pacific (Sydney) | [View][ap-southeast-2] | [![launch][launch]][stable-ap-southeast-2] | [![launch][launch]][latest-ap-southeast-2] |
-| Asia Pacific (Mumbai) | [View][ap-south-1] | [![launch][launch]][stable-ap-south-1] | [![launch][launch]][latest-ap-south-1] |
-
-[launch]: https://s3.amazonaws.com/cloudformation-examples/cloudformation-launch-stack.png
-
-[us-east-1]: https://supabase-on-aws-us-east-1.s3.amazonaws.com/stable/Supabase.template.json
-[us-west-2]: https://supabase-on-aws-us-west-2.s3.amazonaws.com/stable/Supabase.template.json
-[eu-west-1]: https://supabase-on-aws-eu-west-1.s3.amazonaws.com/stable/Supabase.template.json
-[ap-northeast-1]: https://supabase-on-aws-ap-northeast-1.s3.amazonaws.com/stable/Supabase.template.json
-[ap-northeast-3]: https://supabase-on-aws-ap-northeast-3.s3.amazonaws.com/stable/Supabase.template.json
-[ap-southeast-1]: https://supabase-on-aws-ap-southeast-1.s3.amazonaws.com/stable/Supabase.template.json
-[ap-southeast-2]: https://supabase-on-aws-ap-southeast-2.s3.amazonaws.com/stable/Supabase.template.json
-[ap-south-1]: https://supabase-on-aws-ap-south-1.s3.amazonaws.com/stable/Supabase.template.json
-
-[stable-us-east-1]: https://us-east-1.console.aws.amazon.com/cloudformation/home#/stacks/create/review?stackName=Supabase&templateURL=https://supabase-on-aws-us-east-1.s3.amazonaws.com/stable/Supabase.template.json&param_SesRegion=us-east-1
-[stable-us-west-2]: https://us-west-2.console.aws.amazon.com/cloudformation/home#/stacks/create/review?stackName=Supabase&templateURL=https://supabase-on-aws-us-west-2.s3.amazonaws.com/stable/Supabase.template.json&param_SesRegion=us-west-2
-[stable-eu-west-1]: https://eu-west-1.console.aws.amazon.com/cloudformation/home#/stacks/create/review?stackName=Supabase&templateURL=https://supabase-on-aws-eu-west-1.s3.amazonaws.com/stable/Supabase.template.json&param_SesRegion=eu-west-1
-[stable-ap-northeast-1]: https://ap-northeast-1.console.aws.amazon.com/cloudformation/home#/stacks/create/review?stackName=Supabase&templateURL=https://supabase-on-aws-ap-northeast-1.s3.amazonaws.com/stable/Supabase.template.json&param_SesRegion=ap-northeast-1
-[stable-ap-northeast-3]: https://ap-northeast-3.console.aws.amazon.com/cloudformation/home#/stacks/create/review?stackName=Supabase&templateURL=https://supabase-on-aws-ap-northeast-3.s3.amazonaws.com/stable/Supabase.template.json&param_SesRegion=ap-northeast-3
-[stable-ap-southeast-1]: https://ap-southeast-1.console.aws.amazon.com/cloudformation/home#/stacks/create/review?stackName=Supabase&templateURL=https://supabase-on-aws-ap-southeast-1.s3.amazonaws.com/stable/Supabase.template.json&param_SesRegion=ap-southeast-1
-[stable-ap-southeast-2]: https://ap-southeast-2.console.aws.amazon.com/cloudformation/home#/stacks/create/review?stackName=Supabase&templateURL=https://supabase-on-aws-ap-southeast-2.s3.amazonaws.com/stable/Supabase.template.json&param_SesRegion=ap-southeast-2
-[stable-ap-south-1]: https://ap-south-1.console.aws.amazon.com/cloudformation/home#/stacks/create/review?stackName=Supabase&templateURL=https://supabase-on-aws-ap-south-1.s3.amazonaws.com/stable/Supabase.template.json&param_SesRegion=ap-south-1
-
-[latest-us-east-1]: https://us-east-1.console.aws.amazon.com/cloudformation/home#/stacks/create/review?stackName=Supabase&templateURL=https://supabase-on-aws-us-east-1.s3.amazonaws.com/latest/Supabase.template.json&param_SesRegion=us-east-1
-[latest-us-west-2]: https://us-west-2.console.aws.amazon.com/cloudformation/home#/stacks/create/review?stackName=Supabase&templateURL=https://supabase-on-aws-us-west-2.s3.amazonaws.com/latest/Supabase.template.json&param_SesRegion=us-west-2
-[latest-eu-west-1]: https://eu-west-1.console.aws.amazon.com/cloudformation/home#/stacks/create/review?stackName=Supabase&templateURL=https://supabase-on-aws-eu-west-1.s3.amazonaws.com/latest/Supabase.template.json&param_SesRegion=eu-west-1
-[latest-ap-northeast-1]: https://ap-northeast-1.console.aws.amazon.com/cloudformation/home#/stacks/create/review?stackName=Supabase&templateURL=https://supabase-on-aws-ap-northeast-1.s3.amazonaws.com/latest/Supabase.template.json&param_SesRegion=ap-northeast-1
-[latest-ap-northeast-3]: https://ap-northeast-3.console.aws.amazon.com/cloudformation/home#/stacks/create/review?stackName=Supabase&templateURL=https://supabase-on-aws-ap-northeast-3.s3.amazonaws.com/latest/Supabase.template.json&param_SesRegion=ap-northeast-3
-[latest-ap-southeast-1]: https://ap-southeast-1.console.aws.amazon.com/cloudformation/home#/stacks/create/review?stackName=Supabase&templateURL=https://supabase-on-aws-ap-southeast-1.s3.amazonaws.com/latest/Supabase.template.json&param_SesRegion=ap-southeast-1
-[latest-ap-southeast-2]: https://ap-southeast-2.console.aws.amazon.com/cloudformation/home#/stacks/create/review?stackName=Supabase&templateURL=https://supabase-on-aws-ap-southeast-2.s3.amazonaws.com/latest/Supabase.template.json&param_SesRegion=ap-southeast-2
-[latest-ap-south-1]: https://ap-south-1.console.aws.amazon.com/cloudformation/home#/stacks/create/review?stackName=Supabase&templateURL=https://supabase-on-aws-ap-south-1.s3.amazonaws.com/latest/Supabase.template.json&param_SesRegion=ap-south-1
-
-### Optional templates
-
-| Template | Link |
-|:--|:--|
-| AWS WAF (Web ACL) | [![launch][launch]][waf-latest] |
-
-[waf-latest]: https://us-east-1.console.aws.amazon.com/cloudformation/home#/stacks/create/review?stackName=SupabaseWaf&templateURL=https://supabase-on-aws-us-east-1.s3.amazonaws.com/latest/SupabaseWaf.template.json
-
-### Specification and Limitation
+![architecture-diagram](./docs/images/itsware-architecture-diagram.png)
+
+### Specifications and Limitations (taken from original [README](./README_Community_Supabase.md)
 
 - APIs
   - All containers run on ECS Fargate (Graviton2).
@@ -76,100 +34,53 @@ This repo includes a template of starting Supabase stack on AWS via CloudFormati
   - Todo: Add option to deploy the studio in different regions.
   - ⚠️ Warning: Supabase Studio is **open to web** and can be accessed by malicious actors. We **strongly** suggest you active ['Access control'](https://docs.aws.amazon.com/amplify/latest/userguide/access-control.html) globaly and setup a strong password and username.
 
-#### Fargate Task Size
-
-| Size | vCPU | Memory |
-|:--|:--|:--|
-| micro | 256 | 512 |
-| small | 512 | 1024 |
-| medium | 1024 | 2048 |
-| large | 2048 | 4096 |
-| xlarge | 4096 | 8192 |
-| 2xlarge | 8192 | 16384 |
-| 4xlarge | 16384 | 32768 |
-
-#### IAM Policy to create CloudFormation Stack
-
-```json
-{
-    "Version": "2012-10-17",
-    "Statement": [
-        {
-            "Sid": "CloudFormation",
-            "Effect": "Allow",
-            "Action": "cloudformation:*",
-            "Resource": "*"
-        },
-        {
-            "Sid": "supabase",
-            "Effect": "Allow",
-            "Action": [
-                "application-autoscaling:*",
-                "ec2:*",
-                "ecs:*",
-                "elasticloadbalancing:*",
-                "events:*",
-                "iam:*",
-                "lambda:*",
-                "logs:*",
-                "s3:*",
-                "secretsmanager:*",
-                "servicediscovery:*",
-                "ses:*",
-                "ssm:*",
-                "states:*",
-                "rds:*",
-                "route53:*"
-            ],
-            "Resource": "*"
-        },
-        {
-            "Sid": "supabaseCDN",
-            "Effect": "Allow",
-            "Action": [
-                "cloudfront:*",
-                "wafv2:Get*",
-                "wafv2:List*"
-            ],
-            "Resource": "*"
-        },
-        {
-            "Sid": "cacheManager",
-            "Effect": "Allow",
-            "Action": [
-                "apigateway:*",
-                "lambda:*",
-                "logs:*",
-                "sqs:*"
-            ],
-            "Resource": "*"
-        },
-        {
-            "Sid": "supabaseStudio",
-            "Effect": "Allow",
-            "Action": [
-                "amplify:*",
-                "codecommit:*",
-                "lambda:*",
-                "logs:*",
-                "sns:*"
-            ],
-            "Resource": "*"
-        }
-    ]
-}
-```
+
+### Itsware Specific Modifications to Base Supabase CDK deploy
+
+- Route53
+  - Alias added for studio.itsware.com (Supabase Studio Dashboard) [Manually done through the dashboard].
+  - Alias added for supabase.itsware.com (Supabase Backend Services) [Manually done through the dashboard].
+  - Healthchecks added for both endpoints. **NOTE** Due to auth protection being in place for each endpoint, the health checks use an inverted check , so that a 401 from each is proof of liveness [Manually done through the dashboard].
+- Cloudfront
+  - Alternate domain of supabase.itsware.com added to allow for Kong reverse proxy to accept requests from clients that use this endpoint when making Supabase REST calls [Manually done through the dashboard].
+- AWS Amplify
+  - HTTPS domain of studio.itsware.com added to allow developers to access the Supabase dashboard using a vanity domain instead of the autogenerated one [Manually done through the dashboard].
+- AWS Aurora
+  - Created a new VPC and subnet group for us-west for the replicas to be created
+  - Aurora Postgres does not support cross-region read replicas.
+  - Regional Cluster [Deployed via CDK] was converted into a Global Cluster [Manually done through the dashboard]
+  - The read replica setup requires the replica to be instanced in more than one region , so that is why there are 2 instances in us-west instead of 1
+- AWS Backup
+  - This was turned on and configured for all Supabase resources [Manually done through the dashboard]
+- Supabase Studio
+  - A modification was made in the build process for Studio that forces the version of npm that is laid down in the environment to match the required version.
 
 ## Deploy via CDK
 
-This cdk project has many resources for CloudFormation. **It is highly recomended to remove these resources for CloudFormation to use it as CDK**.
+- Prerequisites
+  - Install and configure [CDK](https://docs.aws.amazon.com/cdk/v2/guide/getting_started.html)
+  - Configure [AWS SSO tokens](https://docs.aws.amazon.com/cli/latest/userguide/sso-configure-profile-token.html)
 
 ```bash
-git clone https://github.com/mats16/supabase-on-aws.git
+git clone https://github.com/itsware-inc/supabase-on-aws.git
 
 cd supabase-on-aws
 
 yarn install
 
 cdk deploy Supabase
 ```
+
+## Upgrades via CDK
+
+The upgrade/downgrade process should consist of the execution of a CDK deploy line in the CLI that has the following format
+
+```bash
+cdk deploy Supabase --profile AdministratorAccess-500251631311 --parameters Supabase:AuthImageUri='public.ecr.aws/supabase/gotrue:v2.152.1' Supabase:RestImageUri='public.ecr.aws/supabase/postgrest:v12.1' Supabase:RealtimeImageUri='public.ecr.aws/supabase/realtime:v2.29.5' Supabase:StorageImageUri='public.ecr.aws/supabase/storage-api:v1.3.1' Supabase:public.ecr.aws/supabase/imgproxy:ImgproxyImageUri='public.ecr.aws/supabase/imgproxy:v1.2.0' Supabase:PostgresMetaImageUri='public.ecr.aws/supabase/postgres-meta:v0.81.1'
+```
+
+Through different variations of the call above, I was unable to provide parameter overrides from the CLI without directly modifying the version strings in the following block of URI definitions that can be found here in the [supabase repo](https://github.com/itsware-inc/supabase-on-aws/blob/b62a6bffc53e12be05f3be7d1d3b396a3679c6ca/src/supabase-stack.ts#L97)
+
+This upgrade methodology is brittle and , with proper modularization and a bit more research in terms of how the parameter override process works for deploying newer/older versions of the backend services for Supabase via CDK, it would be viable to simply provide the desired version of each ECR image from the Supbaase [ECR registry](https://gallery.ecr.aws/supabase)
+
+One last note about the upgrade/downgrade process - Using CloudFormation via CDK is a bit risky , since the version drift (aka diff feature) for CDK is not robust enough for targeted deploys of parts of the architecture for Supabase. This could probably be solved with more modularization of the CDK stack for Supabase. Terraform would be a great alternative that allows for more flexibility in terms of upgrade/downgrade sequences and partial deploys of newer images for pieces of the deployed architecture.

README_Community_Supabase.md

@@ -0,0 +1,175 @@
+# Supabase on AWS - CloudFormation/CDK Template
+
+_Launch in minutes. Scale to millions._
+
+This repo includes a template of starting Supabase stack on AWS via CloudFormation/CDK. This template use managed services such as Amazon ECS and Amazon Aurora etc...
+
+## Architecture
+
+![architecture-diagram](docs/images/architecture-diagram.png)
+
+![smart-cdn-caching](docs/images/smart-cdn-caching.png)
+
+## Deploy via CloudFormation template
+
+| Region | View | Stable | Latest |
+|:--|:--|:--|:--|
+| US East (N. Virginia) | [View][us-east-1] | [![launch][launch]][stable-us-east-1] | [![launch][launch]][latest-us-east-1] |
+| US West (Oregon) | [View][us-west-2] | [![launch][launch]][stable-us-west-2] | [![launch][launch]][latest-us-west-2] |
+| Europe (Ireland) | [View][eu-west-1] | [![launch][launch]][stable-eu-west-1] | [![launch][launch]][latest-eu-west-1] |
+| Asia Pacific (Tokyo) | [View][ap-northeast-1] | [![launch][launch]][stable-ap-northeast-1] | [![launch][launch]][latest-ap-northeast-1] |
+| Asia Pacific (Osaka) | [View][ap-northeast-3] | [![launch][launch]][stable-ap-northeast-3] | [![launch][launch]][latest-ap-northeast-3] |
+| Asia Pacific (Singapore) | [View][ap-southeast-1] | [![launch][launch]][stable-ap-southeast-1] | [![launch][launch]][latest-ap-southeast-1] |
+| Asia Pacific (Sydney) | [View][ap-southeast-2] | [![launch][launch]][stable-ap-southeast-2] | [![launch][launch]][latest-ap-southeast-2] |
+| Asia Pacific (Mumbai) | [View][ap-south-1] | [![launch][launch]][stable-ap-south-1] | [![launch][launch]][latest-ap-south-1] |
+
+[launch]: https://s3.amazonaws.com/cloudformation-examples/cloudformation-launch-stack.png
+
+[us-east-1]: https://supabase-on-aws-us-east-1.s3.amazonaws.com/stable/Supabase.template.json
+[us-west-2]: https://supabase-on-aws-us-west-2.s3.amazonaws.com/stable/Supabase.template.json
+[eu-west-1]: https://supabase-on-aws-eu-west-1.s3.amazonaws.com/stable/Supabase.template.json
+[ap-northeast-1]: https://supabase-on-aws-ap-northeast-1.s3.amazonaws.com/stable/Supabase.template.json
+[ap-northeast-3]: https://supabase-on-aws-ap-northeast-3.s3.amazonaws.com/stable/Supabase.template.json
+[ap-southeast-1]: https://supabase-on-aws-ap-southeast-1.s3.amazonaws.com/stable/Supabase.template.json
+[ap-southeast-2]: https://supabase-on-aws-ap-southeast-2.s3.amazonaws.com/stable/Supabase.template.json
+[ap-south-1]: https://supabase-on-aws-ap-south-1.s3.amazonaws.com/stable/Supabase.template.json
+
+[stable-us-east-1]: https://us-east-1.console.aws.amazon.com/cloudformation/home#/stacks/create/review?stackName=Supabase&templateURL=https://supabase-on-aws-us-east-1.s3.amazonaws.com/stable/Supabase.template.json&param_SesRegion=us-east-1
+[stable-us-west-2]: https://us-west-2.console.aws.amazon.com/cloudformation/home#/stacks/create/review?stackName=Supabase&templateURL=https://supabase-on-aws-us-west-2.s3.amazonaws.com/stable/Supabase.template.json&param_SesRegion=us-west-2
+[stable-eu-west-1]: https://eu-west-1.console.aws.amazon.com/cloudformation/home#/stacks/create/review?stackName=Supabase&templateURL=https://supabase-on-aws-eu-west-1.s3.amazonaws.com/stable/Supabase.template.json&param_SesRegion=eu-west-1
+[stable-ap-northeast-1]: https://ap-northeast-1.console.aws.amazon.com/cloudformation/home#/stacks/create/review?stackName=Supabase&templateURL=https://supabase-on-aws-ap-northeast-1.s3.amazonaws.com/stable/Supabase.template.json&param_SesRegion=ap-northeast-1
+[stable-ap-northeast-3]: https://ap-northeast-3.console.aws.amazon.com/cloudformation/home#/stacks/create/review?stackName=Supabase&templateURL=https://supabase-on-aws-ap-northeast-3.s3.amazonaws.com/stable/Supabase.template.json&param_SesRegion=ap-northeast-3
+[stable-ap-southeast-1]: https://ap-southeast-1.console.aws.amazon.com/cloudformation/home#/stacks/create/review?stackName=Supabase&templateURL=https://supabase-on-aws-ap-southeast-1.s3.amazonaws.com/stable/Supabase.template.json&param_SesRegion=ap-southeast-1
+[stable-ap-southeast-2]: https://ap-southeast-2.console.aws.amazon.com/cloudformation/home#/stacks/create/review?stackName=Supabase&templateURL=https://supabase-on-aws-ap-southeast-2.s3.amazonaws.com/stable/Supabase.template.json&param_SesRegion=ap-southeast-2
+[stable-ap-south-1]: https://ap-south-1.console.aws.amazon.com/cloudformation/home#/stacks/create/review?stackName=Supabase&templateURL=https://supabase-on-aws-ap-south-1.s3.amazonaws.com/stable/Supabase.template.json&param_SesRegion=ap-south-1
+
+[latest-us-east-1]: https://us-east-1.console.aws.amazon.com/cloudformation/home#/stacks/create/review?stackName=Supabase&templateURL=https://supabase-on-aws-us-east-1.s3.amazonaws.com/latest/Supabase.template.json&param_SesRegion=us-east-1
+[latest-us-west-2]: https://us-west-2.console.aws.amazon.com/cloudformation/home#/stacks/create/review?stackName=Supabase&templateURL=https://supabase-on-aws-us-west-2.s3.amazonaws.com/latest/Supabase.template.json&param_SesRegion=us-west-2
+[latest-eu-west-1]: https://eu-west-1.console.aws.amazon.com/cloudformation/home#/stacks/create/review?stackName=Supabase&templateURL=https://supabase-on-aws-eu-west-1.s3.amazonaws.com/latest/Supabase.template.json&param_SesRegion=eu-west-1
+[latest-ap-northeast-1]: https://ap-northeast-1.console.aws.amazon.com/cloudformation/home#/stacks/create/review?stackName=Supabase&templateURL=https://supabase-on-aws-ap-northeast-1.s3.amazonaws.com/latest/Supabase.template.json&param_SesRegion=ap-northeast-1
+[latest-ap-northeast-3]: https://ap-northeast-3.console.aws.amazon.com/cloudformation/home#/stacks/create/review?stackName=Supabase&templateURL=https://supabase-on-aws-ap-northeast-3.s3.amazonaws.com/latest/Supabase.template.json&param_SesRegion=ap-northeast-3
+[latest-ap-southeast-1]: https://ap-southeast-1.console.aws.amazon.com/cloudformation/home#/stacks/create/review?stackName=Supabase&templateURL=https://supabase-on-aws-ap-southeast-1.s3.amazonaws.com/latest/Supabase.template.json&param_SesRegion=ap-southeast-1
+[latest-ap-southeast-2]: https://ap-southeast-2.console.aws.amazon.com/cloudformation/home#/stacks/create/review?stackName=Supabase&templateURL=https://supabase-on-aws-ap-southeast-2.s3.amazonaws.com/latest/Supabase.template.json&param_SesRegion=ap-southeast-2
+[latest-ap-south-1]: https://ap-south-1.console.aws.amazon.com/cloudformation/home#/stacks/create/review?stackName=Supabase&templateURL=https://supabase-on-aws-ap-south-1.s3.amazonaws.com/latest/Supabase.template.json&param_SesRegion=ap-south-1
+
+### Optional templates
+
+| Template | Link |
+|:--|:--|
+| AWS WAF (Web ACL) | [![launch][launch]][waf-latest] |
+
+[waf-latest]: https://us-east-1.console.aws.amazon.com/cloudformation/home#/stacks/create/review?stackName=SupabaseWaf&templateURL=https://supabase-on-aws-us-east-1.s3.amazonaws.com/latest/SupabaseWaf.template.json
+
+### Specification and Limitation
+
+- APIs
+  - All containers run on ECS Fargate (Graviton2).
+  - All components are configured with AutoScaling.
+  - GraphQL is not supported, because [pg_graphql](https://github.com/supabase/pg_graphql) is not supported with Amazon RDS/Aurora.
+- Service Discovery
+  - Each component is discovered as `***.supabase.internal`.
+- Database (PostgreSQL)
+  - [Amazon Aurora Serverless v2](https://aws.amazon.com/rds/aurora/serverless/) is used.
+  - Todo: Add automatically password rotation.
+- Supabase Studio
+  - It is deployed on [Amplify Hosting](https://aws.amazon.com/amplify/hosting/).
+  - Todo: Add option to deploy the studio in different regions.
+  - ⚠️ Warning: Supabase Studio is **open to web** and can be accessed by malicious actors. We **strongly** suggest you active ['Access control'](https://docs.aws.amazon.com/amplify/latest/userguide/access-control.html) globaly and setup a strong password and username.
+
+#### Fargate Task Size
+
+| Size | vCPU | Memory |
+|:--|:--|:--|
+| micro | 256 | 512 |
+| small | 512 | 1024 |
+| medium | 1024 | 2048 |
+| large | 2048 | 4096 |
+| xlarge | 4096 | 8192 |
+| 2xlarge | 8192 | 16384 |
+| 4xlarge | 16384 | 32768 |
+
+#### IAM Policy to create CloudFormation Stack
+
+```json
+{
+    "Version": "2012-10-17",
+    "Statement": [
+        {
+            "Sid": "CloudFormation",
+            "Effect": "Allow",
+            "Action": "cloudformation:*",
+            "Resource": "*"
+        },
+        {
+            "Sid": "supabase",
+            "Effect": "Allow",
+            "Action": [
+                "application-autoscaling:*",
+                "ec2:*",
+                "ecs:*",
+                "elasticloadbalancing:*",
+                "events:*",
+                "iam:*",
+                "lambda:*",
+                "logs:*",
+                "s3:*",
+                "secretsmanager:*",
+                "servicediscovery:*",
+                "ses:*",
+                "ssm:*",
+                "states:*",
+                "rds:*",
+                "route53:*"
+            ],
+            "Resource": "*"
+        },
+        {
+            "Sid": "supabaseCDN",
+            "Effect": "Allow",
+            "Action": [
+                "cloudfront:*",
+                "wafv2:Get*",
+                "wafv2:List*"
+            ],
+            "Resource": "*"
+        },
+        {
+            "Sid": "cacheManager",
+            "Effect": "Allow",
+            "Action": [
+                "apigateway:*",
+                "lambda:*",
+                "logs:*",
+                "sqs:*"
+            ],
+            "Resource": "*"
+        },
+        {
+            "Sid": "supabaseStudio",
+            "Effect": "Allow",
+            "Action": [
+                "amplify:*",
+                "codecommit:*",
+                "lambda:*",
+                "logs:*",
+                "sns:*"
+            ],
+            "Resource": "*"
+        }
+    ]
+}
+```
+
+## Deploy via CDK
+
+This cdk project has many resources for CloudFormation. **It is highly recomended to remove these resources for CloudFormation to use it as CDK**.
+
+```bash
+git clone https://github.com/mats16/supabase-on-aws.git
+
+cd supabase-on-aws
+
+yarn install
+
+cdk deploy Supabase
+```

src/supabase-studio/index.ts

@@ -74,6 +74,7 @@ export class SupabaseStudio extends Construct {
                 'env | grep -e SUPABASE_ >> .env.production',
                 'env | grep -e NEXT_PUBLIC_ >> .env.production',
                 'cd ../',
+                'npm install -g npm@9.9.3',
                 'npx turbo@1.10.3 prune --scope=studio',
                 'npm clean-install',
               ],
@@ -208,7 +209,7 @@ export class Repository extends codecommit.Repository {
         },
       }),
       handler: 'index.handler',
-      memorySize: 4096,
+      memorySize: 2048,
       ephemeralStorageSize: cdk.Size.gibibytes(3),
       timeout: cdk.Duration.minutes(15),
       environment: {