Deploy NEXTDEVKIT to AWS using Serverless Stack (SST) with Infrastructure as Code

Deploy your NEXTDEVKIT application to AWS using Serverless Stack (SST) for enterprise-grade infrastructure with full control and scalability.

🌟 Why Choose AWS SST?

AWS SST is ideal for enterprise applications requiring:

🏗️ Infrastructure as Code: Version-controlled, reproducible deployments
🎭 Multi-Environment: Isolated staging and production environments
🔧 Full AWS Integration: Access to all AWS services and unlimited scalability
🛡️ Type Safety: TypeScript infrastructure reduces configuration errors
💰 Cost Optimization: Pay only for what you use with serverless pricing
🔐 Enterprise Security: AWS security best practices and compliance ready

📋 Prerequisites

Before deploying, ensure you have:

AWS Account: Sign up here with administrative access
AWS CLI: Install and configure
Node.js 20+: Download here
Environment Variables: Environment variables ready (see Environment Guide)

🚀 Deployment Steps

Step 1: Configure Environment Variables

Please refer to the Environment Guide for the detailed environment variables.

Copy .env.example to .env.production and update the environment variables.

Step 2: Configure AWS Credentials

Set up your AWS credentials:

# Configure AWS CLI
aws configure

# AWS Access Key ID: your-access-key-id
# AWS Secret Access Key: your-secret-access-key
# Default region name: us-east-1
# Default output format: json

Or edit the ~/.aws/credentials file:

[default]
aws_access_key_id = your-access-key-id
aws_secret_access_key = your-secret-access-key

Please confirm the AWS credentials IAM permissions correct. You can refer to the SST AWS IAM Credentials to check the IAM permissions.

Step 3: Initialize SST Project

Update your sst.config.ts file in the project root:

export default $config({
	app(input) {
		return {
			name: "nextdevkit-aws-template",
			removal: input?.stage === "production" ? "retain" : "remove",
			protect: ["production"].includes(input?.stage),
			home: "aws",
			providers: {
				cloudflare: "6.3.1",
				aws: { version: "6.83.0", region: "us-east-1" },
			},
		};
	},
  async run() {
		const vpc = new sst.aws.Vpc("YourVpcName", {
			/// ...
		});
		const database = new sst.aws.Postgres("YourDatabaseName", {
			/// ...
		});
		const bucket = new sst.aws.Bucket(
			"YourBucketName",
			{
				/// ...
			}
		);
		const migrator = new sst.aws.Function("YourMigratorName", {
			handler: "src/database/migrator.handler",
			link: [database],
			vpc,
			/// ...
		});
		if (!$dev) {
			new aws.lambda.Invocation("DatabaseMigratorInvocation", {
				input: Date.now().toString(),
				functionName: migrator.name,
			});
		}
		new sst.aws.Nextjs("YourNextjsSiteName", {
			link: [database, bucket],
			vpc,
			domain: {
				name: "your-domain.com",
				dns: sst.cloudflare.dns({
					proxy: true,
				}),
			},
			environment: {
				NEXT_PUBLIC_AVATARS_BUCKET_NAME: bucket.name,
			},
		});
		new sst.x.DevCommand("DrizzleStudio", {
			link: [database],
			dev: {
				command: "npx drizzle-kit studio",
			},
		});
	},
});

If you change the database name, you need to update the drizzle.config.ts file and the src/database/client file Resource name.

If you don't want to use the cloudflare dns, you can remove the domain.dns property. You can refer to the SST AWS DNS to learn more about the dns.

Step 4: Configure Database

If using AWS RDS as your database, you can refer to the Database Guide to learn more about the database setup.

Update the sst.config.ts file to include RDS configuration.

# Set database password as secret
npx sst secret set NextDevKitDBPassword your-secure-password

If you want to change the secret name, you need to update the sst.config.ts file in the database property.

Update your sst.config.ts to include RDS configuration:

// Add to your sst.config.ts
const database = new sst.aws.Postgres("NextDevKitDB", {
  instance: "t4g.micro",
  storage: "20 GB",
  version: "16.4",
  vpc,
  proxy: true,
  // set your secret name here
  password: new sst.Secret("NextDevKitDBPassword").value,
});

Step 5: Set Production Secrets

If you want to configure production secrets using SST, you can set the secrets in the sst.config.ts file.

# Set production environment variables
npx sst secret set BETTER_AUTH_SECRET your-32-character-secret-key
npx sst secret set RESEND_API_KEY re_your_resend_api_key
npx sst secret set STRIPE_SECRET_KEY sk_live_your_stripe_secret_key
npx sst secret set GITHUB_CLIENT_SECRET your-github-client-secret
npx sst secret set GOOGLE_CLIENT_SECRET your-google-client-secret

new sst.aws.Nextjs("NextDevKitWeb", {
  link: [database, bucket],
  vpc,
  domain: {
    name: "aws.nextdevkit.com",
    dns: sst.cloudflare.dns({
      proxy: true,
    }),
  },
  environment: {
    NEXT_PUBLIC_AVATARS_BUCKET_NAME: bucket.name,
    // set your secret environment variables here
    BETTER_AUTH_SECRET: $dev ? process.env.BETTER_AUTH_SECRET : new sst.Secret("BETTER_AUTH_SECRET").value,
    RESEND_API_KEY: $dev ? process.env.RESEND_API_KEY : new sst.Secret("RESEND_API_KEY").value,
    STRIPE_SECRET_KEY: $dev ? process.env.STRIPE_SECRET_KEY : new sst.Secret("STRIPE_SECRET_KEY").value,
    GITHUB_CLIENT_SECRET: $dev ? process.env.GITHUB_CLIENT_SECRET : new sst.Secret("GITHUB_CLIENT_SECRET").value,
    GOOGLE_CLIENT_SECRET: $dev ? process.env.GOOGLE_CLIENT_SECRET : new sst.Secret("GOOGLE_CLIENT_SECRET").value,
  },
});

Step 6: Deploy to AWS

# Deploy to development
npx sst dev

# Deploy to production
npx sst deploy --stage production

Step 7: Database Migration

Run database migrations after deployment:

# Generate migration files
pnpm run db:generate

Migrations are automatically applied during deployment

if (!$dev) {
  new aws.lambda.Invocation("DatabaseMigratorInvocation", {
    input: Date.now().toString(),
    functionName: migrator.name,
  });
}

The SST configuration automatically handles database migrations using a Lambda function during deployment.

Step 8: Change to ECS to deploy

To deploy our Next.js app in a container, we’ll use AWS Fargate with Amazon ECS. Replace the run function in your sst.config.ts.

async run() {
  const vpc = new sst.aws.Vpc("MyVpc");
  const cluster = new sst.aws.Cluster("MyCluster", { vpc });

  new sst.aws.Service("MyService", {
    cluster,
    loadBalancer: {
      ports: [{ listen: "80/http", forward: "3000/http" }],
    },
    dev: {
      command: "npm run dev",
    },
  });
}

More information about the ECS deployment, you can refer to the SST AWS ECS to learn more about the ECS deployment.

🎉 Next Steps

Now that your NEXTDEVKIT is deployed on AWS, you can:

🔧 Configure Monitoring: Set up CloudWatch alarms and dashboards
🔐 Security Review: Audit IAM permissions and security groups
📊 Performance: Monitor Lambda metrics and optimize
💰 Cost Management: Set up billing alerts and cost tracking
🚀 Scale: Add more regions and optimize for growth

Additional Resources

SST Documentation

Your NEXTDEVKIT application is now running on enterprise-grade AWS infrastructure! 🌟🚀

AWS SST

On this page