This message was deleted.

Your message was too long, here's your message at the allowed limit: Hi What do you think of this Prefect server self-hosted deployment on EC2? Would it be sufficient and optimized to run on a t3 medium with best practices? user_data sh tftpl ```#!/bin/bash set -euxo pipefail # Variables from templatefile SSM_PREFIX= ${ssm_prefix} APP_DOMAIN= ${app_domain} PROJECT= ${project} ENVIRONMENT= ${env} AWS_REGION= ${region} VPC_CIDR= ${vpc_cidr} TAILSCALE_HOSTNAME= ${tailscale_hostname} ADVERTISE_ROUTES= ${advertise_routes} # Install dependencies yum install -y docker jq awscli amazon-ssm-agent systemctl enable docker amazon-ssm-agent systemctl start docker amazon-ssm-agent # Install Docker Compose mkdir -p /usr/local/lib/docker/cli-plugins curl -L <https //github com/docker/compose/releases/download/v2 29 2/docker-compose-linux-x86_64> -o /usr/local/lib/docker/cli-plugins/docker-compose chmod +x /usr/local/lib/docker/cli-plugins/docker-compose # Setup directories mkdir -p /data/postgres /opt/prefect /var/lib/tailscale chown -R ec2-user ec2-user /opt/prefect # Mount Postgres volume if ! blkid /dev/xvdb >/dev/null 2>&1; then mkfs -t xfs /dev/xvdb fi if ! grep -q /dev/xvdb /etc/fstab; then echo /dev/xvdb /data/postgres xfs defaults nofail 0 2 >> /etc/fstab fi mount -a chown -R 999 999 /data/postgres # Fetch or generate secrets from SSM cd /opt/prefect rm -f env # Database password DB_PASSWORD=$(aws ssm get-parameter --with-decryption --name $SSM_PREFIX/DB_PASSWORD --query Parameter Value --output text 2>/dev/null || echo ) if [ -z $DB_PASSWORD ]; then DB_PASSWORD=$(openssl rand -base64 32) aws ssm put-parameter --name $SSM_PREFIX/DB_PASSWORD --value $DB_PASSWORD --type SecureString --overwrite --region $AWS_REGION fi # Prefect API key PREFECT_API_KEY=$(aws ssm get-parameter --with-decryption --name $SSM_PREFIX/PREFECT_API_KEY --query Parameter Value --output text 2>/dev/null || echo ) if [ -z $PREFECT_API_KEY ]; then PREFECT_API_KEY=$(openssl rand -hex 32) aws ssm put-parameter --name $SSM_PREFIX/PREFECT_API_KEY --value $PREFECT_API_KEY --type SecureString --overwrite --region $AWS_REGION fi # Tailscale auth key (fetch from SSM or use Terraform variable) TAILSCALE_AUTH_KEY=$(aws ssm get-parameter --with-decryption --name $SSM_PREFIX/TAILSCALE_AUTH_KEY --query Parameter Value --output text 2>/dev/null || echo ${tailscale_auth_key} ) if [ -z $TAILSCALE_AUTH_KEY ]; then echo WARNING No Tailscale auth key found Tailscale container will fail to authenticate echo Create a reusable auth key at <https //login tailscale com/admin/settings/keys> echo Then store it in SSM aws ssm put-parameter --name '$SSM_PREFIX/TAILSCALE_AUTH_KEY' --value 'tskey-auth- ' --type SecureString fi # Create docker-compose yml cat > docker-compose yml << 'COMPOSE_EOF' services postgres image postgres 15 container_name prefect-postgres environment POSTGRES_USER prefect POSTGRES_PASSWORD $${DB_PASSWORD} POSTGRES_DB prefect volumes - /data/postgres /var/lib/postgresql/data healthcheck test [ CMD-SHELL pg_isready -U prefect ] interval 5s timeout 5s retries 5 restart always networks - prefect redis image redis 7-alpine container_name prefect-redis healthcheck test [ CMD-SHELL redis-cli ping ] interval 5s timeout 5s retries 5 restart always networks - prefect prefect-server image prefecthq/prefect 3-latest container_name prefect-server depends_on postgres condition service_healthy redis condition service_healthy environment # Database PREFECT_API_DATABASE_CONNECTION_URL <postgresql+asyncpg //prefect> $${DB_PASSWORD}@postgres 5432/prefect # Server config PREFECT_SERVER_API_HOST 0 0 0 0 PREFECT_SERVER_API_PORT 4200 # Redis messaging PREFECT_MESSAGING_BROKER prefect_redis messaging PREFECT_MESSAGING_CACHE prefect_redis messaging PREFECT_REDIS_MESSAGING_HOST redis PREFECT_REDIS_MESSAGING_PORT 6379 PREFECT_REDIS_MESSAGING_DB 0 # UI config - point to ALB for external access PREFECT_UI_API_URL https //$${APP_DOMAIN}/api # Security PREFECT_SERVER_A