Skip to content
Uniflow

AWS Setup

IAM requirements

Section titled “IAM requirements”

Uniflow uses AWS CDK to deploy ~15 AWS services. The deploying user/role needs permissions to create and manage these resources.

Option A: Admin access (quickest)

Section titled “Option A: Admin access (quickest)”

For initial setup, attach the AdministratorAccess managed policy. This is the fastest way to get started.

Section titled “Option B: Least-privilege (recommended for production)”

Create a custom IAM policy with permissions for:

  • cloudformation:* — Stack management
  • lambda:* — Function management
  • apigateway:* — API Gateway
  • dynamodb:* — Table management
  • kinesis:* — Stream management
  • firehose:* — Delivery stream
  • s3:* — Bucket management
  • sqs:* — Queue management
  • glue:* — Glue PySpark jobs
  • events:* — EventBridge rules
  • cognito-idp:* — User pool
  • cloudfront:* — Distribution
  • athena:* — Query management
  • glue:* — Catalog
  • kms:* — Encryption keys
  • iam:* — Role/policy creation
  • logs:* — CloudWatch logs

CDK bootstrap

Section titled “CDK bootstrap”

CDK requires a one-time bootstrap per account/region:

Terminal window
npx cdk bootstrap aws://123456789012/us-east-1

This creates an S3 bucket and IAM roles that CDK uses to deploy assets.

Deployment

Section titled “Deployment”
Terminal window
# Generate config
uniflow init


# Deploy all resources
uniflow deploy

The first deployment takes 5-10 minutes. Subsequent updates are faster.

Stack outputs

Section titled “Stack outputs”

After deployment, uniflow status shows:

OutputDescription
IngestEndpointAPI Gateway URL for sending events
ManagementApiEndpointURL for the management API
AdminUIUrlCloudFront URL for the admin dashboard
TableNameDynamoDB table name
EventsBucketS3 bucket for raw events

Multi-region

Section titled “Multi-region”

Deploy to multiple regions by running uniflow init with different regions and stack names:

Terminal window
# US East
uniflow init  # region: us-east-1, stackName: UnifowStack-USE1
uniflow deploy


# EU West
uniflow init  # region: eu-west-1, stackName: UnifowStack-EUW1
uniflow deploy

Each deployment is fully independent.

Teardown

Section titled “Teardown”
Terminal window
uniflow destroy

This removes all CloudFormation-managed resources. S3 buckets with data are preserved by default (RETAIN policy). Delete them manually if needed:

Terminal window
aws s3 rb s3://uniflow-events-123456789012 --force

Cost optimization

Section titled “Cost optimization”
  • Development: Use uniflow dev with LocalStack for free local testing
  • Staging: Deploy with minimal Kinesis shard count
  • Production: All services use on-demand/pay-per-request billing, so costs scale with usage

See AWS Services for detailed cost estimates.