MMA Almanac AWS
The full AWS infrastructure-as-code for the MMA Almanac platform: VPC, ECS Fargate services, ALB, EventBridge ML workflows, Lambda triggers, and more.
About this project
What it is
A modular Terraform configuration that provisions the entire MMA Almanac platform on AWS. It creates a VPC with public/private subnets, an Application Load Balancer routing public traffic to the Next.js UI on ECS Fargate, and a set of private ECS Fargate services: the Next.js app, the Python prediction API, PostgreSQL, and the scraper service. Credentials live in Secrets Manager. ML workflows — scheduled model retraining and hyperparameter tuning — are triggered by EventBridge rules calling Lambda functions that start ECS tasks. CloudWatch handles logging and alarms. GitHub Actions OIDC authentication is provisioned as a standalone module so CI/CD pipelines can push images to ECR and update task definitions without long-lived AWS credentials.
Engineering highlights
- VPC with public/private subnet layout — ALB in public subnets, all application containers in private subnets
- ECS Fargate services for Next.js UI, prediction API, PostgreSQL, and scraper — all defined as Terraform task-definition templates
- EventBridge-scheduled ML workflows: cron-triggered retrain and tune tasks invoke Lambda → ECS
- GitHub Actions OIDC module for keyless CI/CD authentication — no long-lived IAM access keys
- Secrets Manager for all credentials; ECR for container image storage
- CloudWatch log groups and alarms wired to all services
- VPC endpoints to reduce NAT Gateway costs for ECR, Secrets Manager, and CloudWatch traffic
Stack
Part of the MMA Almanac system
This repo is one service in the four-part MMA Almanac platform. The system diagram below shows how the scrapers, ML engine, web UI, and AWS infrastructure fit together.