Deploying AlertD to AWS

This guide walks you through deploying AlertD to your AWS account using CloudFormation. The deployment creates a fully managed, containerized application running on ECS Fargate with all supporting infrastructure.

Step 0: Subscribe to AlertD on AWS Marketplace

AlertD is available on the AWS Marketplace and is free of charge during the design partner phase.

Prerequisites for Subscription

Design partners must first share their AWS account ID with the AlertD team so we can whitelist it. Once whitelisted, you can proceed with the subscription.

Subscribe to AlertD

1. Visit the AWS Marketplace listing: AWS Marketplace - AlertD 
2. Click Continue to Subscribe
3. Accept the terms and complete the subscription process
4. This subscription ensures smooth integration with your AWS environment and enables support during the design phase

Once subscribed, proceed with the CloudFormation deployment below.

Step 1: Open CloudFormation Console

1. Sign in to your AWS Management Console
2. Navigate to CloudFormation → Stacks
3. Ensure you’re in the correct AWS region where you want to deploy AlertD
4. Verify the Stacks view is displayed

Step 2: Create a New Stack

1. Click Create stack
2. In the dropdown, select With new resources (standard)
3. This will initiate a new CloudFormation stack deployment

Step 3: Specify the AlertD Template

1. Under Prerequisite – Prepare template, select Choose an existing template
2. Under Specify template, select Amazon S3 URL
3. Paste the following AlertD CloudFormation template URL:

https://alertd-publicassets.s3.us-west-1.amazonaws.com/cloudformation/AlertD_RDS.yaml

4. Click Next to proceed to stack configuration

Step 4: Configure Stack Name and Certificate

Stack Name

Enter a descriptive stack name:

alertd

Certificate Configuration (Required)

Certificate ARN: Paste the ARN of your validated SSL certificate from AWS Certificate Manager (ACM).

• The certificate must be in the same region where you’re deploying AlertD
• Format: arn:aws:acm:us-west-1:123456789012:certificate/...
• If you don’t have a certificate yet, see the prerequisites guide

Step 5: Configure LLM Model Provider

Default Model Profile (Required)

Choose your preferred AI model provider:

• claude – Uses Anthropic Claude via Amazon Bedrock

  • Fully managed through AWS
  • No external API calls
  • Recommended if your organization already uses Bedrock

• openai – Connects to OpenAI’s API (e.g., GPT models)

  • Requires entering your OpenAI API key below

• anthropic – Uses Anthropic Claude directly through Anthropic’s public API

  • Not via Bedrock
  • Requires your Anthropic API key below

API Keys (If Applicable)

• OpenAI API Key: Enter your key if you selected openai profile
• Anthropic API Key: Enter your key if you selected anthropic profile

Step 6: Configure Monitoring Role

Create Monitoring Role

This parameter controls whether CloudFormation automatically creates the IAM role that AlertD uses to monitor your AWS infrastructure.

• true (default) — Automatically creates an IAM role with ReadOnlyAccess and the correct trust policy. Use this if AlertD will monitor the same AWS account it is deployed in. No manual IAM configuration is needed — proceed to Simple Setup after deployment.

• false — Does not create a monitoring role. Use this if AlertD will monitor a different AWS account. You will need to manually create the IAM role in the target account during Advanced Setup.

Step 7: Configure Networking

AlertD can deploy in a new VPC or use your existing network infrastructure.

Option A: New VPC (Default)

Leave all fields blank, and CloudFormation will automatically create:

• New VPC with public and private subnets across 2 availability zones
• NAT Gateway for private subnet internet access
• Security groups and routing tables

Option B: Existing VPC

If deploying into an existing VPC, provide:

1. VPC ID: Your existing VPC identifier (e.g., vpc-0123456789abcdef0)
2. Private Subnet IDs: Comma-separated list of private subnet IDs for ECS tasks
   • Example: subnet-abc123,subnet-def456
   • Must have outbound internet access via NAT Gateway
3. Public Subnet IDs: Comma-separated list of public subnet IDs for the load balancer
   • Example: subnet-ghi789,subnet-jkl012

Click Next to continue.

Step 8: Configure Stack Options

On the Configure stack options page:

1. (Optional) Add tags to help identify your resources
   • Example: Environment: Production, Team: DevOps
2. (Optional) Assign an IAM Role for CloudFormation
   • Leave blank to use your current credentials
3. Keep rollback, notification, and timeout settings as default

Scroll down to the capabilities section.

Step 9: Acknowledge IAM Resource Creation

CloudFormation needs permission to create IAM roles and resources for AlertD.

1. Locate the Capabilities section at the bottom of the page
2. Check the box that states:

☑ I acknowledge that AWS CloudFormation might create IAM resources with custom names.

3. This acknowledgment is required because AlertD creates:
   • ECS task execution roles
   • Service-linked roles for ECS and ELB
   • CloudWatch logging roles

Click Next to proceed to the review page.

Step 10: Review and Submit

The Review and create page displays a summary of all your configuration:

Review These Critical Settings:

• Template URL: Verify it points to the AlertD CloudFormation template
• Stack Name: Confirm stack name is correct
• Certificate ARN: Double-check your ACM certificate ARN
• Model Configuration: Verify your chosen LLM provider and API key (if applicable)
• Networking Configuration: Confirm VPC and subnet settings

Submit the Stack

1. Carefully review all parameters
2. If everything looks correct, click Submit at the bottom of the page
3. CloudFormation will begin creating your AlertD infrastructure

Step 11: Monitor Stack Creation

After submission, CloudFormation begins provisioning resources:

1. The stack status will show CREATE_IN_PROGRESS
2. You can monitor progress in the Events tab
3. CloudFormation creates resources in this order:
   • VPC, subnets, and networking components (if new VPC)
   • Security groups
   • ECS cluster
   • PostgreSQL and Pulsar task definitions
   • Application task definition
   • Load balancer and target groups
   • ECS services

Expected duration: 10-15 minutes

Step 12: Verify Stack Completion

When deployment finishes:

1. The stack status updates to CREATE_COMPLETE (green checkmark)
2. Click the Outputs tab
3. Record the following important values:

Critical Outputs

AlertDApplicationURL

• The public URL for accessing your AlertD web application
• Format: https://AlertD-S-Alb-xxxx.us-west-1.elb.amazonaws.com
• You’ll use this URL to access AlertD and complete setup

VpcEndpointServiceName

• Used for creating PrivateLink connections (if required for private deployments)
• Format: com.amazonaws.vpce.us-west-1.vpce-svc-xxxx
• Share this with AlertD support if needed for design partner access

Step 13: Configure DNS (Recommended)

For production use, you should map your custom domain to the AlertD load balancer.

Create a DNS Record

In your DNS provider (e.g., Route53, Cloudflare), create a CNAME record:

Type: CNAME
Name: alertd.example.com
Value: <AlertDApplicationURL from CloudFormation Outputs>

Example:

alertd.example.com → AlertD-S-Alb-abc123.us-west-1.elb.amazonaws.com

Verify SSL Certificate

• Ensure your ACM certificate covers the custom domain you’re using
• The certificate should be validated before DNS propagation completes
• DNS changes typically propagate within 5-60 minutes

✅ Deployment Complete!

Your AlertD infrastructure is now running in your AWS environment. The application consists of:

• ECS Fargate Cluster running AlertD app, PostgreSQL, and Pulsar services
• Application Load Balancer routing HTTPS traffic to the application
• Private Service Discovery for internal service communication
• CloudWatch Logs capturing application logs
• Secrets Manager storing database credentials securely

Resources Created

The CloudFormation stack created approximately 30-40 resources including:

• VPC with public/private subnets (if new VPC option selected)
• NAT Gateway and Internet Gateway
• Security groups for each service
• ECS task definitions and services
• Application Load Balancer with listeners and target groups
• CloudWatch log groups
• Service discovery namespace

Next Steps

Now that AlertD is deployed, you need to complete the initial setup. Choose the path that matches your deployment:

• Same-account monitoring (CreateMonitoringRole = true, the default): The IAM role was created automatically. Proceed to the simple setup to authenticate and start using AlertD.

  Continue to Simple Setup →

• Cross-account monitoring (CreateMonitoringRole = false): You need to manually create an IAM role in the target account. Proceed to the advanced setup.

  Continue to Advanced Setup →

Troubleshooting

Stack Creation Failed

If your stack fails to create:

1. Check the Events tab for error messages
2. Common issues:
   • Invalid certificate ARN or certificate in wrong region
   • Insufficient IAM permissions for the deploying user
   • VPC subnet configuration errors (if using existing VPC)
   • API key issues (if using OpenAI or Anthropic)

Rollback Occurred

If CloudFormation rolled back:

1. Review the failure reason in the Events tab
2. Delete the failed stack
3. Fix the issue (certificate, permissions, etc.)
4. Restart deployment from Step 1