{"id":29996725,"url":"https://github.com/fleetbase/cloudformation-template-docs","last_synced_at":"2025-10-15T12:38:55.707Z","repository":{"id":307290763,"uuid":"1026064161","full_name":"fleetbase/cloudformation-template-docs","owner":"fleetbase","description":"Fleetbase AWS CloudFormation Template Documentation","archived":false,"fork":false,"pushed_at":"2025-07-25T08:51:17.000Z","size":37,"stargazers_count":0,"open_issues_count":0,"forks_count":0,"subscribers_count":0,"default_branch":"main","last_synced_at":"2025-10-04T05:56:01.420Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":"Shell","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"agpl-3.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/fleetbase.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE.md","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":"SECURITY.md","support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null}},"created_at":"2025-07-25T08:49:22.000Z","updated_at":"2025-07-25T08:51:21.000Z","dependencies_parsed_at":"2025-07-30T14:32:05.840Z","dependency_job_id":"afe7d16a-a9bb-4a03-ac1f-c121d8b914da","html_url":"https://github.com/fleetbase/cloudformation-template-docs","commit_stats":null,"previous_names":["fleetbase/cloudformation-template-docs"],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/fleetbase/cloudformation-template-docs","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/fleetbase%2Fcloudformation-template-docs","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/fleetbase%2Fcloudformation-template-docs/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/fleetbase%2Fcloudformation-template-docs/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/fleetbase%2Fcloudformation-template-docs/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/fleetbase","download_url":"https://codeload.github.com/fleetbase/cloudformation-template-docs/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/fleetbase%2Fcloudformation-template-docs/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":279078731,"owners_count":26098583,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","status":"online","status_checked_at":"2025-10-15T02:00:07.814Z","response_time":56,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2025-08-05T02:54:21.816Z","updated_at":"2025-10-15T12:38:55.666Z","avatar_url":"https://github.com/fleetbase.png","language":"Shell","funding_links":[],"categories":[],"sub_categories":[],"readme":"# Fleetbase AWS CloudFormation Template\n\n[![License: AGPL v3](https://img.shields.io/badge/License-AGPL%20v3-blue.svg)](https://www.gnu.org/licenses/agpl-3.0)\n[![CloudFormation](https://img.shields.io/badge/AWS-CloudFormation-orange.svg)](https://aws.amazon.com/cloudformation/)\n[![Version](https://img.shields.io/badge/Version-1.0.0-blue.svg)](https://github.com/your-org/fleetbase-cloudformation)\n\nA comprehensive, production-ready AWS CloudFormation template for deploying [Fleetbase](https://fleetbase.io), the open-source logistics and fleet management platform. This template provides a complete infrastructure setup with enterprise-grade features including auto-scaling, high availability, SSL/TLS encryption, CDN distribution, and comprehensive monitoring.\n\n## 🚀 Quick Start\n\nDeploy Fleetbase to AWS in minutes with a single CloudFormation stack:\n\n```bash\naws cloudformation create-stack \\\n  --stack-name fleetbase-production \\\n  --template-body file://template.yaml \\\n  --parameters ParameterKey=Project,ParameterValue=myfleet \\\n               ParameterKey=EnvironmentType,ParameterValue=production \\\n  --capabilities CAPABILITY_NAMED_IAM\n```\n\n## 📋 Table of Contents\n\n- [Architecture Overview](#architecture-overview)\n- [Features](#features)\n- [Prerequisites](#prerequisites)\n- [Deployment Options](#deployment-options)\n- [Parameters](#parameters)\n- [Outputs](#outputs)\n- [Post-Deployment Configuration](#post-deployment-configuration)\n- [Monitoring and Logging](#monitoring-and-logging)\n- [Security Considerations](#security-considerations)\n- [Troubleshooting](#troubleshooting)\n- [Contributing](#contributing)\n- [License](#license)\n\n\n\n\n## 🏗️ Architecture Overview\n\nThis CloudFormation template deploys a highly available, scalable Fleetbase infrastructure on AWS using modern cloud-native services. The architecture follows AWS Well-Architected Framework principles and implements industry best practices for security, reliability, and performance.\n\n### Core Components\n\nThe deployment creates a complete microservices architecture with the following key components:\n\n**Frontend Layer:**\n- **Amazon CloudFront**: Global content delivery network (CDN) that serves the Fleetbase console application with low latency worldwide\n- **Amazon S3**: Static website hosting for the compiled Ember.js frontend console application\n- **SSL/TLS Certificates**: Automated SSL certificate provisioning and management via AWS Certificate Manager\n\n**Application Layer:**\n- **Amazon ECS Fargate**: Serverless container orchestration running multiple Fleetbase services:\n  - API/Backend service (fleetbase/fleetbase-api:latest)\n  - Event processing service for background jobs\n  - Scheduled task service for cron jobs\n  - SocketCluster service for real-time WebSocket communications\n- **Application Load Balancer (ALB)**: Layer 7 load balancing with health checks and SSL termination\n- **Auto Scaling**: Automatic horizontal scaling based on CPU and memory utilization\n\n**Data Layer:**\n- **Amazon RDS MySQL**: Managed relational database with automated backups, encryption at rest, and multi-AZ deployment options\n- **Amazon ElastiCache Redis**: In-memory caching and session storage for improved performance\n- **Amazon S3**: Object storage for file uploads, documents, and static assets\n\n**Integration Layer:**\n- **Amazon SQS**: Message queuing service for reliable asynchronous job processing\n- **AWS Systems Manager (SSM)**: Secure parameter storage and configuration management\n- **AWS Secrets Manager**: Encrypted storage for sensitive credentials and API keys\n\n**Networking:**\n- **Amazon VPC**: Isolated virtual private cloud with public and private subnets across multiple Availability Zones\n- **NAT Gateways**: Secure outbound internet access for private subnet resources\n- **Security Groups**: Fine-grained network access control with least-privilege principles\n- **Route53**: DNS management and domain routing (when custom domains are configured)\n\n### High Availability Design\n\nThe template implements several high availability patterns:\n\n- **Multi-AZ Deployment**: Resources are distributed across multiple Availability Zones to ensure resilience against zone-level failures\n- **Auto Scaling Groups**: ECS services automatically scale based on demand and replace unhealthy instances\n- **Database Redundancy**: RDS supports automated backups and can be configured for Multi-AZ deployment\n- **Load Balancer Health Checks**: Continuous monitoring of application health with automatic traffic routing away from unhealthy instances\n- **CloudFront Edge Locations**: Global distribution ensures frontend availability even during regional outages\n\n### Security Architecture\n\nSecurity is implemented at multiple layers:\n\n- **Network Security**: Private subnets isolate backend services from direct internet access\n- **Encryption**: Data encryption at rest (RDS, S3) and in transit (SSL/TLS everywhere)\n- **IAM Roles**: Least-privilege access controls with service-specific IAM roles\n- **Secrets Management**: Sensitive data stored in AWS Secrets Manager with automatic rotation capabilities\n- **Security Groups**: Network-level firewalls controlling traffic between services\n- **VPC Flow Logs**: Network traffic monitoring and analysis capabilities\n\n### Scalability Features\n\nThe architecture supports both vertical and horizontal scaling:\n\n- **Container Scaling**: ECS services can scale from 1 to 100+ instances based on demand\n- **Database Scaling**: RDS supports read replicas and can be upgraded to larger instance types\n- **Cache Scaling**: ElastiCache clusters can be scaled horizontally with additional nodes\n- **CDN Scaling**: CloudFront automatically handles traffic spikes with its global edge network\n- **Storage Scaling**: S3 provides virtually unlimited storage capacity with automatic scaling\n\n\n## ✨ Features\n\n### 🔧 Infrastructure Features\n\n**Complete AWS Integration:**\n- Fully managed AWS services with no server maintenance required\n- Automatic scaling and high availability across multiple Availability Zones\n- Enterprise-grade security with encryption at rest and in transit\n- Comprehensive monitoring and logging with CloudWatch integration\n- Cost-optimized resource allocation with Fargate serverless containers\n\n**Domain and SSL Management:**\n- Automatic SSL certificate provisioning and renewal via AWS Certificate Manager\n- Custom domain support with Route53 DNS management\n- Flexible subdomain configuration (api.yourdomain.com, console.yourdomain.com)\n- CloudFront CDN with global edge locations for optimal performance\n- Automatic HTTP to HTTPS redirection for security compliance\n\n**Database and Caching:**\n- Managed MySQL database with automated backups and point-in-time recovery\n- Redis caching layer for improved application performance\n- Database connection pooling and optimization\n- Automatic minor version updates and security patches\n- Configurable database instance types from micro to large scale\n\n### 🚀 Application Features\n\n**Microservices Architecture:**\n- Containerized services with independent scaling capabilities\n- API backend service handling REST endpoints and business logic\n- Real-time WebSocket communication via SocketCluster\n- Background job processing with SQS message queuing\n- Scheduled task execution for maintenance and reporting\n\n**Frontend Console:**\n- Modern Ember.js single-page application\n- Responsive design optimized for desktop and mobile devices\n- Real-time updates via WebSocket connections\n- Comprehensive fleet management interface\n- Route optimization and mapping capabilities\n\n**File Storage and Processing:**\n- S3 integration for document and image storage\n- Automatic file compression and optimization\n- Secure file upload and download capabilities\n- Image resizing and thumbnail generation\n- Document management with version control\n\n### 🛡️ Security Features\n\n**Authentication and Authorization:**\n- JWT-based authentication with secure token management\n- Role-based access control (RBAC) for different user types\n- API key management for third-party integrations\n- Session management with Redis-backed storage\n- Password encryption using industry-standard algorithms\n\n**Network Security:**\n- Private subnet isolation for backend services\n- Security groups with least-privilege access rules\n- VPC endpoints for secure AWS service communication\n- Network ACLs for additional layer of protection\n- DDoS protection via CloudFront and AWS Shield\n\n**Data Protection:**\n- Encryption at rest for all data storage services\n- SSL/TLS encryption for all data in transit\n- Secrets management via AWS Secrets Manager\n- Automated secret rotation capabilities\n- Audit logging for compliance requirements\n\n### 📊 Monitoring and Operations\n\n**Comprehensive Logging:**\n- Centralized logging via Amazon CloudWatch\n- Application logs from all microservices\n- Database query logging and performance metrics\n- Load balancer access logs and error tracking\n- Custom metrics and alerting capabilities\n\n**Performance Monitoring:**\n- Real-time performance dashboards\n- Application performance monitoring (APM)\n- Database performance insights\n- Cache hit ratio monitoring\n- CDN performance analytics\n\n**Operational Excellence:**\n- Automated deployment and rollback capabilities\n- Health checks and automatic recovery\n- Resource utilization monitoring\n- Cost optimization recommendations\n- Backup and disaster recovery procedures\n\n### 🔄 Integration Capabilities\n\n**API Ecosystem:**\n- RESTful API with comprehensive documentation\n- WebSocket API for real-time communications\n- Webhook support for third-party integrations\n- Rate limiting and throttling protection\n- API versioning and backward compatibility\n\n**Third-Party Integrations:**\n- Google Maps integration for routing and geocoding\n- SMS and email notification services\n- Payment gateway integration support\n- Fleet tracking device compatibility\n- ERP and CRM system integration capabilities\n\n**Data Export and Analytics:**\n- CSV and Excel export functionality\n- Real-time analytics and reporting\n- Custom dashboard creation\n- Data visualization tools\n- Business intelligence integration support\n\n\n## 📋 Prerequisites\n\nBefore deploying this CloudFormation template, ensure you have the following prerequisites in place:\n\n### AWS Account Requirements\n\n**Account Setup:**\n- Active AWS account with administrative privileges or appropriate IAM permissions\n- AWS CLI installed and configured with valid credentials\n- Sufficient service limits for the resources being created (ECS tasks, RDS instances, etc.)\n- Understanding of AWS billing and cost management practices\n\n**Required IAM Permissions:**\nThe deploying user or role must have permissions for the following AWS services:\n- Amazon ECS (Elastic Container Service)\n- Amazon RDS (Relational Database Service)\n- Amazon ElastiCache\n- Amazon S3\n- Amazon CloudFront\n- AWS Certificate Manager\n- Amazon Route53 (if using custom domains)\n- AWS Systems Manager\n- AWS Secrets Manager\n- Amazon SQS\n- AWS Lambda\n- Amazon VPC and associated networking services\n- AWS IAM (for creating service roles)\n- Amazon CloudWatch\n\n### Technical Prerequisites\n\n**Domain Configuration (Optional but Recommended):**\nIf you plan to use custom domains, you must have:\n- A registered domain name that you control\n- Access to modify DNS settings at your domain registrar\n- Understanding of DNS propagation and SSL certificate validation processes\n\n**Network Planning:**\n- Familiarity with VPC networking concepts\n- Understanding of subnet CIDR blocks and IP address planning\n- Knowledge of security group configuration and network access control\n\n**Operational Knowledge:**\n- Basic understanding of containerized applications and Docker\n- Familiarity with AWS CloudFormation template structure and parameters\n- Experience with monitoring and troubleshooting AWS services\n- Understanding of backup and disaster recovery procedures\n\n### Cost Considerations\n\n**Estimated Monthly Costs:**\nThe following provides rough cost estimates for different deployment scenarios (prices may vary by region):\n\n**Development Environment:**\n- ECS Fargate tasks (minimal): $30-50/month\n- RDS db.t3.micro: $15-25/month\n- ElastiCache t3.micro: $15-20/month\n- CloudFront and S3: $5-10/month\n- **Total: $65-105/month**\n\n**Production Environment:**\n- ECS Fargate tasks (scaled): $100-300/month\n- RDS db.t3.small or larger: $50-200/month\n- ElastiCache t3.small: $30-50/month\n- CloudFront, S3, and data transfer: $20-100/month\n- **Total: $200-650/month**\n\nAdditional costs may apply for:\n- Data transfer charges\n- CloudWatch logs retention\n- Route53 hosted zones ($0.50/month per zone)\n- SSL certificates (free with ACM)\n- SQS message processing\n\n## 🚀 Deployment Options\n\nThis template supports multiple deployment scenarios to accommodate different use cases and environments.\n\n### Option 1: Quick Deployment (No Custom Domain)\n\nPerfect for development, testing, or proof-of-concept deployments:\n\n```bash\naws cloudformation create-stack \\\n  --stack-name fleetbase-dev \\\n  --template-body file://template.yaml \\\n  --parameters ParameterKey=Project,ParameterValue=fleetdev \\\n               ParameterKey=EnvironmentType,ParameterValue=development \\\n  --capabilities CAPABILITY_NAMED_IAM \\\n  --region us-east-1\n```\n\nThis deployment will:\n- Use AWS-generated domain names (CloudFront and ALB DNS names)\n- Create a basic development environment with minimal resources\n- Provide immediate access via generated URLs\n- Use default security settings appropriate for development\n\n### Option 2: Production Deployment with Custom Domain\n\nRecommended for production environments with professional domain setup:\n\n```bash\naws cloudformation create-stack \\\n  --stack-name fleetbase-production \\\n  --template-body file://template.yaml \\\n  --parameters ParameterKey=Project,ParameterValue=mycompany \\\n               ParameterKey=EnvironmentType,ParameterValue=production \\\n               ParameterKey=RootDomainName,ParameterValue=mycompany.com \\\n               ParameterKey=ApiSubdomain,ParameterValue=api \\\n               ParameterKey=ConsoleSubdomain,ParameterValue=app \\\n               ParameterKey=SocketSubdomain,ParameterValue=socket \\\n               ParameterKey=DatabaseInstanceType,ParameterValue=db.t3.small \\\n  --capabilities CAPABILITY_NAMED_IAM \\\n  --region us-east-1\n```\n\nThis deployment will:\n- Create SSL certificates for your custom domains\n- Set up Route53 DNS records automatically\n- Configure production-grade database and cache instances\n- Enable comprehensive monitoring and logging\n- Implement security best practices\n\n### Option 3: Existing Hosted Zone Deployment\n\nFor organizations with existing Route53 hosted zones:\n\n```bash\naws cloudformation create-stack \\\n  --stack-name fleetbase-enterprise \\\n  --template-body file://template.yaml \\\n  --parameters ParameterKey=Project,ParameterValue=enterprise \\\n               ParameterKey=EnvironmentType,ParameterValue=production \\\n               ParameterKey=RootDomainName,ParameterValue=enterprise.com \\\n               ParameterKey=HostedZoneId,ParameterValue=Z1D633PJN98FT9 \\\n               ParameterKey=DatabaseInstanceType,ParameterValue=db.t3.medium \\\n               ParameterKey=CacheInstanceType,ParameterValue=cache.t3.small \\\n  --capabilities CAPABILITY_NAMED_IAM \\\n  --region us-east-1\n```\n\n### Option 4: Multi-Environment Deployment\n\nDeploy multiple environments (dev, staging, production) with environment-specific configurations:\n\n```bash\n# Development Environment\naws cloudformation create-stack \\\n  --stack-name fleetbase-dev \\\n  --template-body file://template.yaml \\\n  --parameters ParameterKey=Project,ParameterValue=myfleet \\\n               ParameterKey=EnvironmentType,ParameterValue=development \\\n               ParameterKey=DatabaseInstanceType,ParameterValue=db.t3.micro \\\n  --capabilities CAPABILITY_NAMED_IAM\n\n# Staging Environment\naws cloudformation create-stack \\\n  --stack-name fleetbase-staging \\\n  --template-body file://template.yaml \\\n  --parameters ParameterKey=Project,ParameterValue=myfleet \\\n               ParameterKey=EnvironmentType,ParameterValue=staging \\\n               ParameterKey=RootDomainName,ParameterValue=mycompany.com \\\n               ParameterKey=ApiSubdomain,ParameterValue=staging-api \\\n               ParameterKey=ConsoleSubdomain,ParameterValue=staging-app \\\n  --capabilities CAPABILITY_NAMED_IAM\n\n# Production Environment\naws cloudformation create-stack \\\n  --stack-name fleetbase-production \\\n  --template-body file://template.yaml \\\n  --parameters ParameterKey=Project,ParameterValue=myfleet \\\n               ParameterKey=EnvironmentType,ParameterValue=production \\\n               ParameterKey=RootDomainName,ParameterValue=mycompany.com \\\n               ParameterKey=DatabaseInstanceType,ParameterValue=db.t3.large \\\n  --capabilities CAPABILITY_NAMED_IAM\n```\n\n### Deployment Validation\n\nAfter deployment, validate your stack using these commands:\n\n```bash\n# Check stack status\naws cloudformation describe-stacks --stack-name fleetbase-production\n\n# Verify resources are healthy\naws ecs describe-services --cluster fleetbase-production-cluster\naws rds describe-db-instances --db-instance-identifier fleetbase-production-database\n\n# Test application endpoints\ncurl -I https://api.mycompany.com/health\ncurl -I https://app.mycompany.com\n```\n\n\n## ⚙️ Parameters\n\nThe CloudFormation template accepts the following parameters to customize your Fleetbase deployment:\n\n### Core Configuration Parameters\n\n| Parameter | Type | Default | Description | Required |\n|-----------|------|---------|-------------|----------|\n| `Project` | String | `fleetbase` | Project name used as prefix for all resources. Must be 3-14 alphanumeric characters. | Yes |\n| `EnvironmentType` | String | `production` | Environment type. Allowed values: `development`, `staging`, `qa`, `production` | Yes |\n\n**Project Parameter Details:**\nThe Project parameter serves as the primary identifier for your deployment and is used to name all AWS resources. It must follow these constraints:\n- Only alphanumeric characters (a-z, A-Z, 0-9)\n- Minimum 3 characters, maximum 14 characters\n- No special characters, spaces, or hyphens\n- Will be used in resource names like `{Project}-{EnvironmentType}-api`\n\n**Environment Type Impact:**\nThe EnvironmentType parameter affects resource sizing and configuration:\n- `development`: Minimal resources, single AZ deployment, smaller instance types\n- `staging`/`qa`: Medium resources, multi-AZ deployment, moderate instance types\n- `production`: Full resources, multi-AZ deployment, production-grade instance types\n\n### Domain and DNS Parameters\n\n| Parameter | Type | Default | Description | Required |\n|-----------|------|---------|-------------|----------|\n| `RootDomainName` | String | `\"\"` | Root domain name (e.g., example.com). Leave empty to use ALB DNS names. | No |\n| `HostedZoneId` | String | `\"\"` | Existing Route53 Hosted Zone ID. Leave empty to create a new one. | No |\n| `ApiSubdomain` | String | `api` | Subdomain for API endpoints | No |\n| `ConsoleSubdomain` | String | `console` | Subdomain for frontend console | No |\n| `SocketSubdomain` | String | `socket` | Subdomain for WebSocket connections | No |\n\n**Domain Configuration Examples:**\n\n*Without Custom Domain:*\n- API: `https://fleetbase-production-alb-123456789.us-east-1.elb.amazonaws.com`\n- Console: `https://d1234567890123.cloudfront.net`\n- Socket: `wss://fleetbase-production-alb-123456789.us-east-1.elb.amazonaws.com:8000`\n\n*With Custom Domain (mycompany.com):*\n- API: `https://api.mycompany.com`\n- Console: `https://console.mycompany.com`\n- Socket: `wss://socket.mycompany.com`\n\n*With Custom Subdomains:*\n```yaml\nRootDomainName: mycompany.com\nApiSubdomain: fleet-api\nConsoleSubdomain: fleet-app\nSocketSubdomain: fleet-socket\n```\nResults in:\n- API: `https://fleet-api.mycompany.com`\n- Console: `https://fleet-app.mycompany.com`\n- Socket: `wss://fleet-socket.mycompany.com`\n\n### Database Configuration Parameters\n\n| Parameter | Type | Default | Description | Required |\n|-----------|------|---------|-------------|----------|\n| `DatabaseInstanceType` | String | `db.t3.micro` | RDS instance type for the MySQL database | No |\n| `DatabaseAllocatedStorage` | Number | `20` | Initial database storage in GB (20-65536) | No |\n| `DatabaseMaxAllocatedStorage` | Number | `100` | Maximum database storage for auto-scaling in GB | No |\n| `DatabaseBackupRetentionPeriod` | Number | `7` | Number of days to retain automated backups (0-35) | No |\n| `DatabaseMultiAZ` | String | `false` | Enable Multi-AZ deployment for high availability | No |\n\n**Database Instance Type Recommendations:**\n\n| Environment | Instance Type | vCPUs | Memory | Network Performance | Monthly Cost* |\n|-------------|---------------|-------|--------|-------------------|---------------|\n| Development | `db.t3.micro` | 2 | 1 GB | Low to Moderate | ~$15 |\n| Staging | `db.t3.small` | 2 | 2 GB | Low to Moderate | ~$30 |\n| Production (Small) | `db.t3.medium` | 2 | 4 GB | Low to Moderate | ~$60 |\n| Production (Medium) | `db.t3.large` | 2 | 8 GB | Moderate | ~$120 |\n| Production (Large) | `db.t3.xlarge` | 4 | 16 GB | Moderate | ~$240 |\n\n*Approximate costs in US East (N. Virginia) region\n\n**Storage Configuration:**\n- `DatabaseAllocatedStorage`: Initial storage allocation (minimum 20 GB for MySQL)\n- `DatabaseMaxAllocatedStorage`: Maximum storage for auto-scaling (prevents runaway storage costs)\n- Auto-scaling triggers when free storage falls below 10% or 10 GB (whichever is smaller)\n\n### Cache Configuration Parameters\n\n| Parameter | Type | Default | Description | Required |\n|-----------|------|---------|-------------|----------|\n| `CacheInstanceType` | String | `cache.t3.micro` | ElastiCache Redis instance type | No |\n| `CacheNumNodes` | Number | `1` | Number of cache nodes (1-20) | No |\n\n**Cache Instance Type Recommendations:**\n\n| Environment | Instance Type | vCPUs | Memory | Network Performance | Monthly Cost* |\n|-------------|---------------|-------|--------|-------------------|---------------|\n| Development | `cache.t3.micro` | 2 | 0.5 GB | Low to Moderate | ~$15 |\n| Staging | `cache.t3.small` | 2 | 1.37 GB | Low to Moderate | ~$35 |\n| Production | `cache.t3.medium` | 2 | 3.22 GB | Low to Moderate | ~$70 |\n| High Traffic | `cache.m6g.large` | 2 | 6.38 GB | Up to 10 Gbps | ~$140 |\n\n### Container Configuration Parameters\n\n| Parameter | Type | Default | Description | Required |\n|-----------|------|---------|-------------|----------|\n| `ApiDesiredCount` | Number | `2` | Desired number of API container instances | No |\n| `ApiMaxCapacity` | Number | `10` | Maximum number of API containers for auto-scaling | No |\n| `EventsDesiredCount` | Number | `1` | Desired number of event processing containers | No |\n| `SchedulerDesiredCount` | Number | `1` | Desired number of scheduler containers | No |\n| `SocketDesiredCount` | Number | `1` | Desired number of WebSocket containers | No |\n\n**Container Scaling Recommendations:**\n\n| Environment | API Desired | API Max | Events | Scheduler | Socket |\n|-------------|-------------|---------|--------|-----------|--------|\n| Development | 1 | 2 | 1 | 1 | 1 |\n| Staging | 2 | 5 | 1 | 1 | 1 |\n| Production | 3 | 10 | 2 | 1 | 2 |\n| High Traffic | 5 | 20 | 3 | 1 | 3 |\n\n### Advanced Configuration Parameters\n\n| Parameter | Type | Default | Description | Required |\n|-----------|------|---------|-------------|----------|\n| `EnableDetailedMonitoring` | String | `true` | Enable detailed CloudWatch monitoring | No |\n| `LogRetentionDays` | Number | `30` | CloudWatch log retention period in days | No |\n| `EnableVPCFlowLogs` | String | `false` | Enable VPC Flow Logs for network monitoring | No |\n| `BackupRetentionPeriod` | Number | `7` | Database backup retention period in days | No |\n\n**Monitoring and Logging Options:**\n- `EnableDetailedMonitoring`: Provides 1-minute metrics instead of 5-minute metrics\n- `LogRetentionDays`: Balances observability with storage costs (1, 3, 5, 7, 14, 30, 60, 90, 120, 150, 180, 365, 400, 545, 731, 1827, 3653 days)\n- `EnableVPCFlowLogs`: Useful for security analysis and network troubleshooting (additional costs apply)\n\n### Parameter Validation\n\nThe template includes built-in validation for all parameters:\n\n- **String Length Validation**: Project name length, domain name format\n- **Numeric Range Validation**: Storage sizes, retention periods, instance counts\n- **Allowed Values**: Environment types, instance types, boolean flags\n- **Pattern Matching**: Domain names, subdomain formats\n- **Dependency Validation**: Related parameters are validated together\n\n**Example Parameter File:**\n```json\n[\n  {\n    \"ParameterKey\": \"Project\",\n    \"ParameterValue\": \"myfleet\"\n  },\n  {\n    \"ParameterKey\": \"EnvironmentType\",\n    \"ParameterValue\": \"production\"\n  },\n  {\n    \"ParameterKey\": \"RootDomainName\",\n    \"ParameterValue\": \"mycompany.com\"\n  },\n  {\n    \"ParameterKey\": \"DatabaseInstanceType\",\n    \"ParameterValue\": \"db.t3.small\"\n  },\n  {\n    \"ParameterKey\": \"ApiDesiredCount\",\n    \"ParameterValue\": \"3\"\n  }\n]\n```\n\nUse with: `aws cloudformation create-stack --parameters file://parameters.json`\n\n\n## 📤 Outputs\n\nAfter successful deployment, the CloudFormation stack provides the following outputs that contain important information for accessing and managing your Fleetbase deployment:\n\n### Application Access URLs\n\n| Output Name | Description | Example Value |\n|-------------|-------------|---------------|\n| `ConsoleURL` | Frontend console application URL | `https://console.mycompany.com` or `https://d1234567890123.cloudfront.net` |\n| `ApiURL` | Backend API base URL | `https://api.mycompany.com` or `https://fleetbase-prod-alb-123.us-east-1.elb.amazonaws.com` |\n| `SocketURL` | WebSocket connection URL | `wss://socket.mycompany.com` or `wss://fleetbase-prod-alb-123.us-east-1.elb.amazonaws.com:8000` |\n\n### Infrastructure Resource Identifiers\n\n| Output Name | Description | Usage |\n|-------------|-------------|--------|\n| `VPCId` | Virtual Private Cloud identifier | Network configuration, security group references |\n| `DatabaseEndpoint` | RDS MySQL database endpoint | Application configuration, backup scripts |\n| `CacheEndpoint` | ElastiCache Redis endpoint | Application configuration, monitoring |\n| `LoadBalancerDNS` | Application Load Balancer DNS name | Direct API access, health checks |\n| `CloudFrontDistributionId` | CloudFront distribution identifier | Cache invalidation, monitoring |\n| `S3BucketName` | Storage bucket name | File upload configuration, backup scripts |\n\n### Security and Access Information\n\n| Output Name | Description | Usage |\n|-------------|-------------|--------|\n| `ECSClusterName` | ECS cluster name | Container management, scaling operations |\n| `DatabaseSecretArn` | Database credentials secret ARN | Secure credential access |\n| `AppKeySecretArn` | Laravel application key secret ARN | Application security configuration |\n\n### Monitoring and Operations\n\n| Output Name | Description | Usage |\n|-------------|-------------|--------|\n| `LogGroupNames` | CloudWatch log group names | Log analysis, troubleshooting |\n| `SQSQueueURL` | Message queue URL | Job processing monitoring |\n\n**Accessing Outputs:**\n\n```bash\n# Get all stack outputs\naws cloudformation describe-stacks \\\n  --stack-name fleetbase-production \\\n  --query 'Stacks[0].Outputs'\n\n# Get specific output value\naws cloudformation describe-stacks \\\n  --stack-name fleetbase-production \\\n  --query 'Stacks[0].Outputs[?OutputKey==`ConsoleURL`].OutputValue' \\\n  --output text\n```\n\n## 🔧 Post-Deployment Configuration\n\nAfter the CloudFormation stack completes successfully, several post-deployment steps are required to fully configure your Fleetbase installation.\n\n### Initial Application Setup\n\n**1. Access the Console Application:**\nNavigate to the Console URL provided in the stack outputs. On first access, you'll be prompted to complete the initial setup wizard.\n\n**2. Create Administrator Account:**\nThe setup wizard will guide you through creating the first administrator account:\n- Choose a strong password following security best practices\n- Provide a valid email address for system notifications\n- Configure basic organization information\n\n**3. Configure Application Settings:**\nAccess the admin panel to configure essential settings:\n- Organization name and branding\n- Default time zone and locale settings\n- Email notification preferences\n- API rate limiting and security policies\n\n### Domain and SSL Configuration\n\n**For Custom Domain Deployments:**\n\n**1. DNS Propagation Verification:**\n```bash\n# Verify DNS records are properly configured\nnslookup api.yourdomain.com\nnslookup console.yourdomain.com\nnslookup socket.yourdomain.com\n\n# Check SSL certificate status\naws acm list-certificates --region us-east-1\n```\n\n**2. SSL Certificate Validation:**\n- AWS Certificate Manager automatically validates domain ownership\n- Validation typically completes within 5-10 minutes\n- Check the ACM console for validation status\n- Ensure DNS records are properly configured if validation fails\n\n**3. CloudFront Distribution Update:**\nAfter SSL certificates are validated, CloudFront distributions are automatically updated. Monitor the distribution status:\n```bash\naws cloudfront get-distribution --id YOUR_DISTRIBUTION_ID\n```\n\n### Database Initialization\n\n**1. Database Migration Status:**\nThe deployment automatically runs database migrations, but you can verify completion:\n```bash\n# Access the API container to check migration status\naws ecs execute-command \\\n  --cluster fleetbase-production-cluster \\\n  --task TASK_ARN \\\n  --container api \\\n  --interactive \\\n  --command \"php artisan migrate:status\"\n```\n\n**2. Seed Data (Optional):**\nIf you need to populate initial data:\n```bash\n# Run database seeders\naws ecs execute-command \\\n  --cluster fleetbase-production-cluster \\\n  --task TASK_ARN \\\n  --container api \\\n  --interactive \\\n  --command \"php artisan db:seed\"\n```\n\n### File Storage Configuration\n\n**1. S3 Bucket Permissions:**\nVerify that the application can access the S3 storage bucket:\n```bash\n# Test file upload functionality through the console\n# Or use the API to test file operations\ncurl -X POST https://api.yourdomain.com/v1/files \\\n  -H \"Authorization: Bearer YOUR_TOKEN\" \\\n  -F \"file=@test.jpg\"\n```\n\n**2. CDN Configuration:**\nFile uploads are automatically configured to use S3 with CloudFront for optimal delivery performance.\n\n### Queue and Background Job Configuration\n\n**1. SQS Queue Status:**\nVerify that the message queue is properly configured:\n```bash\n# Check queue status\naws sqs get-queue-attributes \\\n  --queue-url YOUR_QUEUE_URL \\\n  --attribute-names All\n```\n\n**2. Background Job Processing:**\nThe events service automatically processes background jobs. Monitor job processing:\n```bash\n# View events service logs\naws logs tail /aws/ecs/fleetbase-production-events --follow\n```\n\n### Monitoring and Alerting Setup\n\n**1. CloudWatch Dashboard Creation:**\nCreate custom dashboards for monitoring key metrics:\n- API response times and error rates\n- Database connection and query performance\n- Cache hit ratios and memory usage\n- Container CPU and memory utilization\n\n**2. Alert Configuration:**\nSet up CloudWatch alarms for critical metrics:\n```bash\n# Example: High API error rate alarm\naws cloudwatch put-metric-alarm \\\n  --alarm-name \"Fleetbase-High-Error-Rate\" \\\n  --alarm-description \"Alert when API error rate exceeds 5%\" \\\n  --metric-name \"HTTPCode_Target_5XX_Count\" \\\n  --namespace \"AWS/ApplicationELB\" \\\n  --statistic \"Sum\" \\\n  --period 300 \\\n  --threshold 10 \\\n  --comparison-operator \"GreaterThanThreshold\"\n```\n\n### Security Hardening\n\n**1. Review Security Groups:**\nAudit the automatically created security groups to ensure they meet your organization's security requirements:\n```bash\n# List security groups created by the stack\naws ec2 describe-security-groups \\\n  --filters \"Name=group-name,Values=fleetbase-production-*\"\n```\n\n**2. Enable Additional Logging:**\nConsider enabling additional AWS services for enhanced security monitoring:\n- AWS CloudTrail for API call logging\n- AWS Config for configuration compliance\n- AWS GuardDuty for threat detection\n\n**3. Backup Verification:**\nVerify that automated backups are functioning correctly:\n```bash\n# Check RDS automated backups\naws rds describe-db-snapshots \\\n  --db-instance-identifier fleetbase-production-database \\\n  --snapshot-type automated\n```\n\n### Performance Optimization\n\n**1. Auto Scaling Configuration:**\nMonitor initial traffic patterns and adjust auto-scaling parameters if needed:\n```bash\n# Update ECS service desired count if needed\naws ecs update-service \\\n  --cluster fleetbase-production-cluster \\\n  --service fleetbase-production-api \\\n  --desired-count 3\n```\n\n**2. Database Performance Tuning:**\nMonitor database performance and consider enabling Performance Insights for detailed analysis:\n```bash\n# Enable Performance Insights\naws rds modify-db-instance \\\n  --db-instance-identifier fleetbase-production-database \\\n  --enable-performance-insights\n```\n\n### Integration Configuration\n\n**1. Third-Party Service Integration:**\nConfigure integrations with external services through the admin panel:\n- Google Maps API for routing and geocoding\n- SMS providers for notifications\n- Email service configuration (SES is pre-configured)\n- Payment gateway setup if required\n\n**2. API Key Management:**\nGenerate and configure API keys for third-party integrations:\n- Create API keys for mobile applications\n- Configure webhook endpoints for external systems\n- Set up rate limiting policies for different API consumers\n\n### Backup and Disaster Recovery\n\n**1. Backup Strategy Implementation:**\n- RDS automated backups are enabled by default\n- Consider implementing cross-region backup replication for critical deployments\n- Document recovery procedures and test them regularly\n\n**2. Disaster Recovery Planning:**\n- Create runbooks for common failure scenarios\n- Test failover procedures in a staging environment\n- Document contact information and escalation procedures\n\n\n## 📊 Monitoring and Logging\n\nThis CloudFormation template includes comprehensive monitoring and logging capabilities to ensure optimal performance and quick issue resolution.\n\n### CloudWatch Integration\n\n**Automatic Metrics Collection:**\nThe deployment automatically configures CloudWatch metrics for all services:\n\n- **ECS Metrics**: CPU utilization, memory usage, task count, service health\n- **RDS Metrics**: Database connections, CPU utilization, read/write IOPS, query performance\n- **ElastiCache Metrics**: Cache hit ratio, memory usage, connection count, evictions\n- **Application Load Balancer Metrics**: Request count, response times, error rates, target health\n- **CloudFront Metrics**: Cache hit ratio, origin latency, error rates, data transfer\n\n**Custom Application Metrics:**\nThe Fleetbase application sends custom metrics to CloudWatch:\n- API endpoint response times and error rates\n- Background job processing times and failure rates\n- User authentication success/failure rates\n- File upload/download metrics\n- WebSocket connection counts and message rates\n\n### Log Aggregation\n\n**Centralized Logging:**\nAll application logs are automatically sent to CloudWatch Logs with organized log groups:\n\n```\n/aws/ecs/fleetbase-{environment}-api          # API service logs\n/aws/ecs/fleetbase-{environment}-events       # Background job logs\n/aws/ecs/fleetbase-{environment}-scheduler    # Scheduled task logs\n/aws/ecs/fleetbase-{environment}-socket       # WebSocket service logs\n/aws/lambda/fleetbase-{environment}-console   # Console deployment logs\n```\n\n**Log Analysis:**\nUse CloudWatch Insights for advanced log analysis:\n\n```sql\n-- Find API errors in the last hour\nfields @timestamp, @message\n| filter @message like /ERROR/\n| sort @timestamp desc\n| limit 100\n\n-- Monitor slow database queries\nfields @timestamp, @message\n| filter @message like /slow query/\n| stats count() by bin(5m)\n\n-- Track user authentication attempts\nfields @timestamp, @message\n| filter @message like /authentication/\n| stats count() by result\n```\n\n### Performance Monitoring\n\n**Application Performance Monitoring (APM):**\nThe template includes built-in performance monitoring capabilities:\n\n- **Response Time Tracking**: Monitor API endpoint response times with percentile analysis\n- **Database Query Performance**: Track slow queries and connection pool usage\n- **Cache Performance**: Monitor Redis hit ratios and memory utilization\n- **Background Job Performance**: Track job processing times and failure rates\n\n**Real-time Dashboards:**\nCreate CloudWatch dashboards for real-time monitoring:\n\n```bash\n# Create a comprehensive monitoring dashboard\naws cloudwatch put-dashboard \\\n  --dashboard-name \"Fleetbase-Production-Overview\" \\\n  --dashboard-body file://dashboard-config.json\n```\n\n### Alerting and Notifications\n\n**Automated Alerting:**\nThe template includes pre-configured CloudWatch alarms for critical metrics:\n\n- **High Error Rate**: Alert when API error rate exceeds 5% over 5 minutes\n- **Database Connection Issues**: Alert when database connections exceed 80% of maximum\n- **High CPU Usage**: Alert when ECS task CPU usage exceeds 80% for 10 minutes\n- **Memory Usage**: Alert when container memory usage exceeds 85%\n- **Cache Performance**: Alert when Redis hit ratio drops below 90%\n\n**Custom Alert Configuration:**\n```bash\n# Example: Create custom alert for high response times\naws cloudwatch put-metric-alarm \\\n  --alarm-name \"Fleetbase-High-Response-Time\" \\\n  --alarm-description \"Alert when API response time exceeds 2 seconds\" \\\n  --metric-name \"TargetResponseTime\" \\\n  --namespace \"AWS/ApplicationELB\" \\\n  --statistic \"Average\" \\\n  --period 300 \\\n  --threshold 2.0 \\\n  --comparison-operator \"GreaterThanThreshold\" \\\n  --evaluation-periods 2 \\\n  --alarm-actions \"arn:aws:sns:us-east-1:123456789012:fleetbase-alerts\"\n```\n\n## 🛡️ Security Considerations\n\nThis template implements multiple layers of security following AWS Well-Architected Framework security principles.\n\n### Network Security\n\n**VPC Isolation:**\n- Private subnets for all backend services with no direct internet access\n- Public subnets only for load balancers and NAT gateways\n- Network ACLs providing subnet-level traffic filtering\n- VPC Flow Logs for network traffic analysis and security monitoring\n\n**Security Groups:**\nThe template creates least-privilege security groups:\n\n```yaml\n# API Security Group - Only allows traffic from ALB\nApiSecurityGroup:\n  - Port 8000: From ALB security group only\n  - Port 443: Outbound HTTPS for external API calls\n  - Port 3306: To database security group only\n  - Port 6379: To cache security group only\n\n# Database Security Group - Only allows traffic from application\nDatabaseSecurityGroup:\n  - Port 3306: From API, Events, and Scheduler security groups only\n  - No outbound rules (managed service)\n\n# Cache Security Group - Only allows traffic from application\nCacheSecurityGroup:\n  - Port 6379: From API, Events, and Scheduler security groups only\n  - No outbound rules (managed service)\n```\n\n### Data Encryption\n\n**Encryption at Rest:**\n- **RDS MySQL**: Encrypted using AWS managed KMS keys\n- **ElastiCache Redis**: Encrypted using AWS managed KMS keys\n- **S3 Storage**: Server-side encryption with S3 managed keys (SSE-S3)\n- **EBS Volumes**: Encrypted for ECS Fargate tasks\n- **CloudWatch Logs**: Encrypted using CloudWatch Logs service encryption\n\n**Encryption in Transit:**\n- **HTTPS Everywhere**: All web traffic encrypted with TLS 1.2+\n- **Database Connections**: SSL/TLS encryption for all database connections\n- **Cache Connections**: TLS encryption for Redis connections\n- **Internal Service Communication**: Encrypted communication between services\n\n### Identity and Access Management\n\n**Service Roles:**\nThe template creates specific IAM roles with minimal required permissions:\n\n```yaml\n# ECS Task Role - Only permissions needed for application functionality\nECSTaskRole:\n  Policies:\n    - S3 access to storage bucket only\n    - SQS access to application queues only\n    - Secrets Manager access to application secrets only\n    - CloudWatch Logs write access only\n\n# ECS Execution Role - Only permissions needed for container management\nECSExecutionRole:\n  Policies:\n    - ECR image pull permissions\n    - CloudWatch Logs creation\n    - Secrets Manager read access for container environment variables\n```\n\n**Secrets Management:**\n- **Database Credentials**: Stored in AWS Secrets Manager with automatic rotation\n- **Application Keys**: Laravel APP_KEY stored in Secrets Manager\n- **API Keys**: Third-party API keys stored in Secrets Manager\n- **No Hardcoded Secrets**: All sensitive data retrieved at runtime\n\n### Application Security\n\n**Authentication and Authorization:**\n- **JWT Token Authentication**: Secure token-based authentication with configurable expiration\n- **Role-Based Access Control (RBAC)**: Granular permissions based on user roles\n- **API Rate Limiting**: Configurable rate limits to prevent abuse\n- **CORS Configuration**: Properly configured cross-origin resource sharing\n\n**Input Validation and Sanitization:**\n- **SQL Injection Prevention**: Parameterized queries and ORM usage\n- **XSS Protection**: Input sanitization and output encoding\n- **CSRF Protection**: Cross-site request forgery tokens\n- **File Upload Security**: File type validation and virus scanning\n\n### Compliance and Auditing\n\n**Audit Logging:**\n- **CloudTrail Integration**: All AWS API calls logged and monitored\n- **Application Audit Logs**: User actions and system changes logged\n- **Database Audit Logs**: Database access and query logging\n- **Access Logs**: Load balancer and CloudFront access logs\n\n**Compliance Features:**\n- **Data Retention Policies**: Configurable log retention periods\n- **Backup Encryption**: All backups encrypted at rest\n- **Access Controls**: Principle of least privilege implemented throughout\n- **Security Monitoring**: Automated security event detection and alerting\n\n## 🔧 Troubleshooting\n\nCommon issues and their solutions for Fleetbase CloudFormation deployments.\n\n### Deployment Issues\n\n**Stack Creation Failures:**\n\n*Issue: \"CREATE_FAILED - The specified hosted zone does not exist\"*\n```bash\n# Solution: Verify hosted zone ID or remove the parameter to create a new one\naws route53 list-hosted-zones --query 'HostedZones[?Name==`yourdomain.com.`]'\n```\n\n*Issue: \"CREATE_FAILED - Certificate validation timeout\"*\n```bash\n# Solution: Check DNS records for certificate validation\naws acm describe-certificate --certificate-arn YOUR_CERT_ARN\n# Ensure DNS validation records are properly configured\n```\n\n*Issue: \"CREATE_FAILED - Insufficient capacity in availability zone\"*\n```bash\n# Solution: Try different instance types or regions\naws ec2 describe-availability-zones --region us-east-1\n# Consider using different instance types or regions with more capacity\n```\n\n### Application Issues\n\n**Database Connection Problems:**\n\n*Issue: \"SQLSTATE[HY000] [1045] Access denied for user\"*\n```bash\n# Check database credentials in Secrets Manager\naws secretsmanager get-secret-value --secret-id fleetbase-production-db-password\n\n# Verify security group allows database access\naws ec2 describe-security-groups --group-ids sg-xxxxxxxxx\n```\n\n*Issue: \"Database connection timeout\"*\n```bash\n# Check database status\naws rds describe-db-instances --db-instance-identifier fleetbase-production-database\n\n# Verify network connectivity\naws ecs execute-command \\\n  --cluster fleetbase-production-cluster \\\n  --task TASK_ARN \\\n  --container api \\\n  --interactive \\\n  --command \"telnet database-endpoint 3306\"\n```\n\n**Container Health Issues:**\n\n*Issue: \"Service tasks keep stopping and restarting\"*\n```bash\n# Check container logs for errors\naws logs tail /aws/ecs/fleetbase-production-api --follow\n\n# Check ECS service events\naws ecs describe-services \\\n  --cluster fleetbase-production-cluster \\\n  --services fleetbase-production-api\n```\n\n*Issue: \"Load balancer health checks failing\"*\n```bash\n# Test health check endpoint directly\ncurl -I http://alb-dns-name/health\n\n# Check target group health\naws elbv2 describe-target-health \\\n  --target-group-arn TARGET_GROUP_ARN\n```\n\n### Performance Issues\n\n**High Response Times:**\n\n*Issue: \"API responses are slow\"*\n```bash\n# Check database performance\naws rds describe-db-instances \\\n  --db-instance-identifier fleetbase-production-database \\\n  --query 'DBInstances[0].PerformanceInsightsEnabled'\n\n# Monitor cache hit ratio\naws cloudwatch get-metric-statistics \\\n  --namespace AWS/ElastiCache \\\n  --metric-name CacheHitRate \\\n  --dimensions Name=CacheClusterId,Value=fleetbase-production-cache \\\n  --start-time 2023-01-01T00:00:00Z \\\n  --end-time 2023-01-01T23:59:59Z \\\n  --period 3600 \\\n  --statistics Average\n```\n\n*Issue: \"High memory usage in containers\"*\n```bash\n# Check container resource utilization\naws ecs describe-services \\\n  --cluster fleetbase-production-cluster \\\n  --services fleetbase-production-api\n\n# Scale up container resources if needed\naws ecs update-service \\\n  --cluster fleetbase-production-cluster \\\n  --service fleetbase-production-api \\\n  --desired-count 4\n```\n\n### SSL and Domain Issues\n\n**SSL Certificate Problems:**\n\n*Issue: \"SSL certificate not trusted\"*\n```bash\n# Verify certificate status\naws acm list-certificates --region us-east-1\naws acm describe-certificate --certificate-arn YOUR_CERT_ARN\n\n# Check DNS validation records\ndig _acme-challenge.yourdomain.com TXT\n```\n\n*Issue: \"Domain not resolving correctly\"*\n```bash\n# Check DNS propagation\nnslookup api.yourdomain.com\ndig api.yourdomain.com A\n\n# Verify Route53 records\naws route53 list-resource-record-sets --hosted-zone-id YOUR_ZONE_ID\n```\n\n### Monitoring and Debugging\n\n**Log Analysis:**\n\n```bash\n# Search for specific errors in logs\naws logs filter-log-events \\\n  --log-group-name /aws/ecs/fleetbase-production-api \\\n  --filter-pattern \"ERROR\" \\\n  --start-time 1609459200000\n\n# Monitor real-time logs\naws logs tail /aws/ecs/fleetbase-production-api --follow\n```\n\n**Performance Debugging:**\n\n```bash\n# Check ECS service metrics\naws cloudwatch get-metric-statistics \\\n  --namespace AWS/ECS \\\n  --metric-name CPUUtilization \\\n  --dimensions Name=ServiceName,Value=fleetbase-production-api \\\n  --start-time 2023-01-01T00:00:00Z \\\n  --end-time 2023-01-01T23:59:59Z \\\n  --period 300 \\\n  --statistics Average,Maximum\n```\n\n**Emergency Procedures:**\n\n*Issue: \"Complete service outage\"*\n```bash\n# Check overall stack status\naws cloudformation describe-stacks --stack-name fleetbase-production\n\n# Verify all services are running\naws ecs list-services --cluster fleetbase-production-cluster\naws rds describe-db-instances --db-instance-identifier fleetbase-production-database\n\n# Scale services if needed\naws ecs update-service \\\n  --cluster fleetbase-production-cluster \\\n  --service fleetbase-production-api \\\n  --desired-count 5\n```\n\n### Getting Help\n\n**Support Resources:**\n- Check the [Fleetbase Documentation](https://docs.fleetbase.io) for application-specific issues\n- Review AWS service documentation for infrastructure problems\n- Use AWS Support for critical production issues\n- Community forums and GitHub issues for general questions\n\n**Diagnostic Information to Collect:**\nWhen seeking help, gather the following information:\n- CloudFormation stack events and error messages\n- ECS service events and task definitions\n- Application logs from CloudWatch\n- Database and cache performance metrics\n- Network configuration and security group settings\n\n\n## 🤝 Contributing\n\nWe welcome contributions to improve this CloudFormation template and make Fleetbase deployments even more robust and user-friendly.\n\n### How to Contribute\n\n**1. Fork the Repository**\n```bash\ngit clone https://github.com/your-org/fleetbase-cloudformation.git\ncd fleetbase-cloudformation\n```\n\n**2. Create a Feature Branch**\n```bash\ngit checkout -b feature/your-feature-name\n```\n\n**3. Make Your Changes**\n- Follow CloudFormation best practices and AWS Well-Architected principles\n- Test your changes thoroughly in multiple environments\n- Update documentation to reflect any changes\n- Add or update parameter descriptions and validation\n\n**4. Test Your Changes**\n```bash\n# Validate CloudFormation template syntax\naws cloudformation validate-template --template-body file://template.yaml\n\n# Test deployment in development environment\naws cloudformation create-stack \\\n  --stack-name fleetbase-test \\\n  --template-body file://template.yaml \\\n  --parameters ParameterKey=Project,ParameterValue=test \\\n               ParameterKey=EnvironmentType,ParameterValue=development \\\n  --capabilities CAPABILITY_NAMED_IAM\n```\n\n**5. Submit a Pull Request**\n- Provide a clear description of your changes\n- Include test results and validation screenshots\n- Reference any related issues or feature requests\n- Ensure all existing functionality remains intact\n\n### Contribution Guidelines\n\n**Code Standards:**\n- Follow consistent YAML formatting and indentation\n- Use descriptive resource names and comments\n- Include parameter validation and constraints\n- Maintain backward compatibility when possible\n- Document all new parameters and outputs\n\n**Testing Requirements:**\n- Test template deployment in at least two AWS regions\n- Verify both custom domain and non-domain configurations\n- Test with different parameter combinations\n- Validate all outputs and resource dependencies\n- Ensure clean stack deletion without orphaned resources\n\n**Documentation Standards:**\n- Update README.md for any new features or parameters\n- Include examples and use cases for new functionality\n- Update troubleshooting section for known issues\n- Maintain accurate parameter tables and descriptions\n\n### Types of Contributions Welcomed\n\n**Infrastructure Improvements:**\n- Enhanced security configurations\n- Performance optimizations\n- Cost optimization features\n- Additional AWS service integrations\n- Multi-region deployment support\n\n**Operational Enhancements:**\n- Improved monitoring and alerting\n- Better backup and disaster recovery\n- Enhanced logging and debugging capabilities\n- Automated testing and validation scripts\n- CI/CD pipeline improvements\n\n**Documentation Improvements:**\n- Clearer deployment instructions\n- Additional troubleshooting scenarios\n- Best practices and recommendations\n- Architecture diagrams and visualizations\n- Video tutorials and walkthroughs\n\n### Development Environment Setup\n\n**Prerequisites:**\n- AWS CLI configured with appropriate permissions\n- Access to an AWS account for testing\n- Basic understanding of CloudFormation and AWS services\n- Familiarity with Fleetbase application architecture\n\n**Local Development:**\n```bash\n# Install CloudFormation linting tools\npip install cfn-lint\n\n# Validate template locally\ncfn-lint template.yaml\n\n# Use AWS CloudFormation Designer for visual editing\n# https://console.aws.amazon.com/cloudformation/designer\n```\n\n**Testing Environment:**\n- Use separate AWS accounts or regions for testing\n- Implement proper resource tagging for cost tracking\n- Clean up test resources promptly to avoid unnecessary charges\n- Document test procedures and results\n\n### Reporting Issues\n\n**Bug Reports:**\nWhen reporting bugs, please include:\n- CloudFormation template version\n- AWS region and account details (anonymized)\n- Complete error messages and stack events\n- Parameter values used (excluding sensitive data)\n- Steps to reproduce the issue\n- Expected vs. actual behavior\n\n**Feature Requests:**\nWhen requesting features, please include:\n- Clear description of the desired functionality\n- Use case and business justification\n- Proposed implementation approach\n- Compatibility considerations\n- Documentation requirements\n\n**Security Issues:**\nFor security-related issues:\n- Do not create public GitHub issues\n- Email security concerns to security@fleetbase.io\n- Include detailed information about the vulnerability\n- Allow reasonable time for response and remediation\n\n### Community Guidelines\n\n**Code of Conduct:**\n- Be respectful and inclusive in all interactions\n- Focus on constructive feedback and solutions\n- Help newcomers and answer questions patiently\n- Acknowledge contributions and give credit appropriately\n\n**Communication Channels:**\n- GitHub Issues for bug reports and feature requests\n- GitHub Discussions for general questions and ideas\n- Pull Request comments for code review discussions\n- Email for security issues and private concerns\n\n## 📄 License\n\nThis project is licensed under the AGPL v3 License - see the [LICENSE](LICENSE.md) file for details.\n\n### Third-Party Licenses\n\nThis CloudFormation template deploys and configures various AWS services and third-party software components. Please review the licenses for these components:\n\n**AWS Services:**\n- All AWS services are subject to the [AWS Customer Agreement](https://aws.amazon.com/agreement/)\n- AWS service pricing applies according to current AWS pricing models\n- Data processing and storage subject to AWS data processing terms\n\n**Fleetbase Application:**\n- Fleetbase is licensed under the [AGPL-3.0 License](https://github.com/fleetbase/fleetbase/blob/main/LICENSE.md)\n- Commercial licensing available from Fleetbase Inc.\n- See [Fleetbase Licensing](https://fleetbase.io/licensing) for details\n\n**Container Images:**\n- `fleetbase/fleetbase-api:latest` - Subject to Fleetbase licensing terms\n- `socketcluster/socketcluster:latest` - MIT License\n- Base container images subject to their respective licenses\n\n### Usage Rights and Restrictions\n\n**Permitted Uses:**\n- Deploy and operate Fleetbase in production environments\n- Modify the CloudFormation template for your specific needs\n- Distribute modified versions under the same MIT license\n- Use for commercial purposes without additional licensing fees\n- Create derivative works and improvements\n\n**Attribution Requirements:**\n- Maintain copyright notices in distributed copies\n- Include the MIT license text in substantial portions\n- Credit original authors when redistributing\n- Link back to the original repository when appropriate\n\n**Disclaimer:**\nThis CloudFormation template is provided \"as is\" without warranty of any kind. Users are responsible for:\n- AWS service costs incurred during deployment and operation\n- Compliance with applicable laws and regulations\n- Security configuration and maintenance\n- Data backup and disaster recovery\n- Performance optimization and scaling\n\n### Support and Warranty\n\n**Community Support:**\n- Community-driven support through GitHub Issues\n- Documentation and troubleshooting guides provided\n- Best-effort assistance from contributors and maintainers\n- No guaranteed response times or service level agreements\n\n**Commercial Support:**\n- Professional support available through Fleetbase Inc.\n- Consulting services for custom deployments and integrations\n- Training and implementation assistance\n- Enterprise support contracts with guaranteed SLAs\n\n**No Warranty:**\nThe authors and contributors provide no warranty regarding:\n- Fitness for any particular purpose\n- Merchantability or quality\n- Non-infringement of third-party rights\n- Continuous availability or performance\n- Data integrity or security\n\nUsers deploy and operate this template at their own risk and responsibility.\n\n---\n\n## 🙏 Acknowledgments\n\nThis CloudFormation template was developed with contributions from the Fleetbase community and AWS experts. Special thanks to:\n\n- **Fleetbase Team** - For creating the open-source logistics platform\n- **AWS Community** - For CloudFormation best practices and patterns\n- **Contributors** - For testing, feedback, and improvements\n- **Early Adopters** - For real-world validation and use cases\n\n### Built With\n\n- [AWS CloudFormation](https://aws.amazon.com/cloudformation/) - Infrastructure as Code\n- [Amazon ECS](https://aws.amazon.com/ecs/) - Container Orchestration\n- [Amazon RDS](https://aws.amazon.com/rds/) - Managed Database Service\n- [Amazon CloudFront](https://aws.amazon.com/cloudfront/) - Content Delivery Network\n- [Fleetbase](https://fleetbase.io) - Open Source Logistics Platform\n\n### References and Documentation\n\n- [AWS Well-Architected Framework](https://aws.amazon.com/architecture/well-architected/)\n- [CloudFormation Best Practices](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/best-practices.html)\n- [ECS Best Practices](https://docs.aws.amazon.com/AmazonECS/latest/bestpracticesguide/)\n- [Fleetbase Documentation](https://docs.fleetbase.io)\n\n---\n\n**Ready to deploy Fleetbase on AWS?** Start with our [Quick Start](#-quick-start) guide or explore the [deployment options](#-deployment-options) to find the best approach for your use case.\n\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Ffleetbase%2Fcloudformation-template-docs","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Ffleetbase%2Fcloudformation-template-docs","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Ffleetbase%2Fcloudformation-template-docs/lists"}