# Deployment Options

EntryTarget runs on AWS infrastructure — Fargate for compute and RDS PostgreSQL for storage. You choose between managed or manual deployment.

## Option 1: Managed Deploy

The vendor provisions and manages everything. Ideal if you want to get started quickly with minimal AWS knowledge.

### How It Works

1. Provide an AWS access key in the Console
2. The vendor deploys a CloudFormation stack in your AWS account:
   * **VPC** with proper networking and subnets
   * **Fargate Service** with the container image
   * **RDS PostgreSQL** (master instance)
   * **RDS Read Replica** (recommended)
   * **Security Groups** with appropriate access rules
3. Your ledger instance is ready to use

### What You Provide

* AWS access key with permissions to create CloudFormation stacks, Fargate services, and RDS instances
* Your preferred AWS region
* Your chosen [Performance Tier](/docs/performance/tiers.md)

### What the Vendor Manages

* Infrastructure provisioning
* Container image updates
* Schema deployment

### What You Manage

* API credentials (generation and registration)
* Monitoring (Prometheus/Grafana setup)
* Application integration

## Option 2: Manual Deploy

You deploy and manage your own infrastructure. Ideal if you have specific AWS requirements or existing infrastructure.

### Steps

#### 1. Download Container Image

Download the container image and your license file from the Console.

#### 2. Set Up RDS

* Create an RDS PostgreSQL instance (master)
* Optionally create a read replica (recommended)
* Apply the database schema:

```bash
psql ledger < schema.sql
```

#### 3. Set Up Fargate

* Create a Fargate task definition with the container image
* Configure all [environment variables](/docs/operations/environment-variables.md)
* Set up the Fargate service

#### 4. Configure Security Groups

| Rule                         | Purpose                     |
| ---------------------------- | --------------------------- |
| Fargate → RDS Master:5432    | Write operations            |
| Fargate → RDS Replica:5432   | Read operations             |
| Your services → Fargate:8080 | API access                  |
| Prometheus → Fargate:8080    | Metrics scraping (optional) |

#### 5. Configure TLS

Set `LEDGER_DB_TLS=true` — the RDS CA certificate is included in the Amazon Linux system trust store.

#### 6. Register Credentials

Generate credentials in the Console and register them:

```bash
curl -X POST http://<host>:8080/credentials \
  -H "Content-Type: application/json" \
  -d '{"api_key": "ak_...", "api_secret": "sk_..."}'
```

#### 7. Set Up Observability (Optional)

Deploy Prometheus and Grafana to monitor your instance. See [Observability](/docs/operations/observability.md).

## Platform Requirements

| Requirement    | Details                                   |
| -------------- | ----------------------------------------- |
| **Compute**    | AWS Fargate only                          |
| **Database**   | RDS PostgreSQL                            |
| **Region**     | Any AWS region with Fargate + RDS support |
| **Networking** | VPC with private subnets for RDS          |

{% hint style="warning" %}
The license file is bound to your specific AWS Account ID. The binary validates this at startup against the Fargate runtime environment. It cannot be run on a different AWS account, on EC2, or on non-AWS infrastructure.
{% endhint %}

## Comparison

| Aspect                 | Managed Deploy    | Manual Deploy      |
| ---------------------- | ----------------- | ------------------ |
| Setup time             | Minutes           | Hours              |
| AWS expertise needed   | Minimal           | Moderate           |
| Infrastructure control | Vendor-managed    | Full control       |
| Custom VPC             | Vendor-defined    | Your design        |
| Custom security rules  | Standard template | Fully customizable |
| Schema updates         | Vendor-applied    | You apply          |


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://entrytarget.gitbook.io/docs/console/deployment-options.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.