AWS
Deploy M3 Forge on AWS using EKS for Kubernetes, RDS for PostgreSQL, S3 for object storage, and your preferred ingress and secret-management stack.
Recommended AWS mapping
| M3 Forge dependency | AWS service |
|---|---|
| Kubernetes | Amazon EKS |
| PostgreSQL | Amazon RDS for PostgreSQL |
| Object storage | Amazon S3 |
| Secrets | AWS Secrets Manager or External Secrets Operator |
| Analytics | ClickHouse Cloud on AWS or self-managed ClickHouse |
| Ingress | AWS Load Balancer Controller, NGINX Ingress, or Gateway API implementation |
Prerequisites
- an EKS cluster
- an RDS PostgreSQL instance
- an S3 bucket and IAM credentials or an IAM-based secret-delivery pattern
- ingress or Gateway API installed in the cluster
- published API and frontend images for M3 Forge
Recommended values strategy
Use the external example as the base:
cp deploy/helm/charts/m3forge/examples/self_hosted_external.yaml aws-m3forge-values.yamlSet at minimum:
images.api.repositoryimages.frontend.repositoryconfig.public.frontendUrlconfig.public.apiUrlconfig.storage.s3EndpointUrlsecrets.existingSecret
Installation
Create AWS infrastructure
Provision:
- RDS PostgreSQL
- S3 bucket
- ClickHouse service
- DNS and ingress endpoint
Create the Kubernetes secret or secret reference
Store:
DATABASE_URLJWT_ACCESS_SECRETJWT_REFRESH_SECRETS3_ACCESS_KEY_IDS3_SECRET_ACCESS_KEY
Install the chart
helm install m3forge ./deploy/helm/charts/m3forge \
-f aws-m3forge-values.yamlVerify health
Check:
- the migration Job succeeds
- frontend and API pods are ready
- the frontend Service or Ingress is reachable
Example values shape
images:
api:
repository: ghcr.io/marieai/m3-forge-api
tag: latest
frontend:
repository: ghcr.io/marieai/m3-forge-frontend
tag: latest
config:
public:
frontendUrl: https://forge.example.com
apiUrl: https://forge.example.com
appUrl: https://forge.example.com
storage:
s3EndpointUrl: https://s3.us-east-1.amazonaws.com
s3BucketName: m3forge-prod
s3Region: us-east-1
clickhouse:
url: https://clickhouse.example.com:8443
secrets:
existingSecret: m3forge-secrets
create: false
ingress:
enabled: true
className: alb
host: forge.example.comAWS-specific notes
Networking
Prefer a real ingress or Gateway implementation over hand-managed NodePorts. For multi-service or future Hybrid setups, Gateway API is the cleaner long-term contract.
Next steps
Last updated on