CloudFormation Deployment
This page focuses on the CloudFormation side of the enterprise AWS deployment. It is the right companion to AWS Marketplace Deployment when your team wants a more infrastructure-oriented view of what the stack is doing and what needs to be checked after launch.
Current Deployment Shape
The CloudFormation template behind the Marketplace deployment provisions an ECS Fargate-based AxonFlow stack with:
- Agent service
- Orchestrator service
- optional customer portal and portal UI
- RDS PostgreSQL
- ALB and security groups
- optional monitoring components such as Prometheus and Grafana
This is an In-VPC deployment model. Your networking and service-to-service rules matter just as much as the application configuration.
Network Planning
At minimum, plan for:
2public subnets for ALB-related traffic2private subnets for application and database resources- security-group rules that allow Agent to Orchestrator communication
- database connectivity from the application services
The Marketplace deployment assets explicitly include rules for:
- Agent to Orchestrator traffic
- Prometheus scraping of private metrics surfaces
- ALB to application services
That makes subnet and security-group correctness one of the biggest success factors during deployment.
Parameters Worth Reviewing Carefully
The exact template parameters can evolve, but platform teams should always review these classes of input carefully:
- VPC and subnet selection
- database sizing and credentials
- desired counts for Agent and Orchestrator services
- certificate and HTTPS configuration
- deployment toggles for portal and monitoring components
- enterprise license input
Avoid treating the template as one-click infrastructure where defaults are always correct. For enterprise environments, those defaults are just a starting point.
Key Stack Parameters
| Parameter | Options | Default |
|---|---|---|
| DeploymentMode | saas, in-vpc-enterprise, in-vpc-healthcare, in-vpc-banking | saas |
| PricingTier | PRO, ENT, PLUS | PRO |
| DBInstanceClass | db.t3.medium, db.t3.large, db.r5.large, db.r5.xlarge | db.t3.medium |
| MultiAZDatabase | true, false | false (production: true) |
| EnabledLLMProviders | Comma-separated: openai, anthropic, bedrock, etc. | (none) |
| DeployPrometheus | true, false | true |
| DeployGrafana | true, false | true |
| LoadBalancerScheme | internal, internet-facing | internal |
Set provider secrets in AWS Secrets Manager before stack creation. The template expects secret ARNs as parameters.
The template also accepts long-form tier names (Professional, Enterprise, EnterprisePlus); this table uses the short aliases.
Outputs to Capture
After stack creation, capture the outputs that matter operationally:
AgentEndpointCustomerPortalEndpointwhen present- service names for Agent, Orchestrator, and portal components
Those outputs drive the next part of the rollout:
- health checks
- customer portal onboarding
- deployment troubleshooting
- post-deployment hardening
Verification Commands
Stack outputs
aws cloudformation describe-stacks \
--stack-name axonflow-production \
--region YOUR_AWS_REGION \
--query "Stacks[0].Outputs" \
--output table
ECS services
aws ecs describe-services \
--cluster axonflow-production-cluster \
--services axonflow-agent-service axonflow-orchestrator-service \
--region YOUR_AWS_REGION
Agent health
curl -sf "${AGENT_ENDPOINT}/health"
What a Healthy Initial Deployment Looks Like
- CloudFormation finishes without rollback
- ECS service counts converge on desired counts
- the Agent health endpoint responds
- the portal is reachable if enabled
- the license is valid
- internal service communication works without security-group surprises
If any of those fail, stop and fix the infrastructure layer before you start configuring providers, connectors, or policies.
Recommended Handoff to Day-Two Operations
Once the CloudFormation deployment is stable, the next work should move into:
- portal login and admin validation
- connector and provider configuration
- monitoring and dashboard verification
- secret rotation and post-deployment hardening
That is why the CloudFormation guide should be short and operationally sharp. It is the infrastructure handoff point, not the entire enterprise deployment story.
