Complete .NET 10 backend system for RAG (Retrieval-Augmented Generation) deployed on AWS serverless architecture.
- AWS Lambda: .NET 10 serverless API hosting
- RDS PostgreSQL: Managed database service
- API Gateway: REST API endpoint management
- AWS Cognito: User authentication and authorization
- CloudWatch: Logging and monitoring
# Deploy everything with default settings (FIRST TIME DEPLOYMENT)
./scripts/deploy-full-stack.shThis deploys the complete stack in the correct order:
- RDS PostgreSQL database
- Lambda .NET 10 function
- Database migrations (from Lambda to DB)
- Database seeding via DbInitializer (Roles β Users β Analytics Types)
- API Gateway with Swagger documentation
- Tests and validation
# Update Lambda code only (SUBSEQUENT DEPLOYMENTS)
./scripts/deploy-update-only.shThis updates only the Lambda function code without:
- β Creating new infrastructure
- β Running database migrations
- β Seeding database data
# Production deployment (first time)
./scripts/deploy-full-stack.sh --environment production --project-name myrag
# Development without tests
./scripts/deploy-full-stack.sh --skip-tests
# Code update for production
./scripts/deploy-update-only.sh --environment production --project-name myrag- AWS CLI v2.0+ with flexible credential configuration (environment variables, profiles, IAM roles, or
aws configure) - .NET SDK 8.0+ (for building .NET 10 applications)
- PostgreSQL Client (psql) for database operations
- Bash Shell (Git Bash on Windows)
AWS Credentials: The scripts automatically detect credentials from multiple sources - no need to run aws configure if you already have credentials via environment variables, profiles, or IAM roles.
RAG-System-Backend/
βββ π RAG.APIs/ # Main API project (.NET 10)
βββ π RAG.Application/ # Application layer
βββ π RAG.Domain/ # Domain entities and DTOs
βββ π RAG.Infrastructure/ # Data access and external services
βββ π scripts/ # π Deployment and management scripts
β βββ deploy-full-stack.sh # βββ Master deployment script
β βββ cleanup-deployment.sh # βββ Cleanup and resource management
β βββ database/ # βββ Database seeding scripts
β βββ deployment/ # βββ Application deployment
β βββ infrastructure/ # βββ AWS infrastructure provisioning
β βββ migration/ # βββ Database migrations
β βββ setup/ # βββ Setup and configuration scripts
β βββ testing/ # βββ Testing and validation scripts
β βββ temp/ # βββ Temporary files (JSON, build artifacts)
β βββ utilities/ # βββ Shared utilities
βββ π deployment_checkpoints/ # Deployment state tracking
βββ π logs/ # Deployment and error logs
βββ π DEPLOYMENT_GUIDE.md # π Complete deployment guide
βββ π README.md # This file
All deployment parameters are managed through the deployment-config.env file. This provides centralized configuration management and makes it easy to maintain different settings for different environments.
The configuration file includes:
# Basic deployment settings
ENVIRONMENT=dev
PROJECT_NAME=myapp
AWS_DEFAULT_REGION=ap-southeast-1
# Lambda configuration
LAMBDA_RUNTIME=dotnet10
LAMBDA_MEMORY_SIZE=512
LAMBDA_TIMEOUT=30
# RDS configuration
RDS_INSTANCE_CLASS=db.t3.micro
RDS_ALLOCATED_STORAGE=20
RDS_MULTI_AZ=false
# Deployment options
SKIP_TESTS=false
SKIP_SEEDING=falseUse the configuration management script:
# Show current configuration
./scripts/manage-config.sh show
# Create environment-specific configurations
./scripts/manage-config.sh create --template production --output ./production-config.env
# Validate configuration
./scripts/manage-config.sh validate
# Edit configuration
./scripts/manage-config.sh editConfigure your database settings in RAG.APIs/appsettings.json:
{
"ConnectionStrings": {
"DefaultConnection": "Host=localhost;Port=5432;Database=RAGSystem;Username=postgres;Password=*****"
},
"AWS": {
"Region": "ap-southeast-1",
"UserPoolId": "your-user-pool-id",
"ClientId": "your-client-id"
}
}Note: The deployment scripts automatically read database configuration from appsettings.json and replace localhost with the actual RDS endpoint.
Key environment variables for deployment:
ENVIRONMENT=dev # dev, staging, production
PROJECT_NAME=myapp # Your project identifier
SKIP_TESTS=false # Skip tests during deployment
SKIP_SEEDING=false # Skip database seedingAfter deployment, these accounts are automatically created:
| Password | Role | Access Level | |
|---|---|---|---|
admin@rag.com |
`` | Admin | Full system access |
analyst@rag.com |
`` | Analyst | Limited access |
The deployed system provides:
- Swagger Documentation:
{API_URL}/swagger - Authentication:
{API_URL}/api/auth/login - User Management:
{API_URL}/api/admin/users(Admin only) - Analytics:
{API_URL}/api/analytics/* - Chat:
{API_URL}/api/chat/* - Companies:
{API_URL}/api/companies/*
# Test API endpoints
./scripts/tests/test-api.sh
# Test user authentication and roles
./scripts/tests/test-user-roles.sh
# Test Lambda-RDS connectivity
./scripts/tests/test-lambda-db-connection.sh
# Test AWS credential detection
./scripts/tests/test-credential-detection.sh# Login with admin account
curl -X POST "{API_URL}/api/auth/login" \
-H "Content-Type: application/json" \
-d '{"email":"admin@rag.com","password":""}'
# Access admin endpoint with token
curl -H "Authorization: Bearer {ACCESS_TOKEN}" \
"{API_URL}/api/admin/users"# List recent logs
ls -la logs/
# Follow deployment logs
tail -f logs/deployment_*.log
# View Lambda logs (requires AWS CLI)
aws logs tail /aws/lambda/myapp-dev-api --follow# Check RDS status
aws rds describe-db-instances --db-instance-identifier myapp-dev-db
# Check Lambda function
aws lambda get-function --function-name myapp-dev-api
# Check API Gateway
aws apigateway get-rest-apis# Clean temporary files only
./scripts/cleanup-deployment.sh
# Clean everything except AWS resources
./scripts/cleanup-deployment.sh --all./scripts/cleanup-deployment.sh --destroy-aws --environment dev# Run locally with development settings
cd RAG.APIs
dotnet run --environment Development# Add new migration
dotnet ef migrations add MigrationName -p RAG.Infrastructure -s RAG.APIs
# Update database
dotnet ef database update -p RAG.Infrastructure -s RAG.APIs# Build for Lambda deployment
cd RAG.APIs
dotnet publish -c Release -r linux-x64 --self-contained false- Complete Deployment Guide - Detailed deployment instructions
- Scripts Documentation - All deployment scripts explained
- API Documentation - API endpoints and usage
- AWS Secrets Manager: Store sensitive configuration
- VPC: Deploy Lambda in private VPC for enhanced security
- SSL/TLS: Use custom domain with SSL certificate
- IAM: Follow principle of least privilege
- Monitoring: Set up CloudWatch alarms
- User registers/logs in via AWS Cognito
- Cognito returns JWT tokens
- API validates JWT tokens for protected endpoints
- Role-based access control enforces permissions
./scripts/deploy-full-stack.sh --environment dev- Uses development configuration
- Includes test data seeding
- Enables detailed logging
./scripts/deploy-full-stack.sh --environment production --project-name myrag- Uses production configuration
- Optimized for performance
- Enhanced security settings
- User Authentication: AWS Cognito integration
- Role-Based Access: Admin and Analyst roles
- Database Management: Entity Framework with PostgreSQL
- API Documentation: Swagger/OpenAPI integration
- Logging: Structured logging with CloudWatch
- Error Handling: Comprehensive error handling and validation
- Testing: Automated testing suite
- Monitoring: Health checks and metrics
The deployment scripts are designed to integrate with CI/CD pipelines:
# Example GitHub Actions workflow
- name: Deploy to AWS
run: |
./scripts/deploy-full-stack.sh \
--environment ${{ github.ref_name }} \
--project-name myrag \
--skip-tests- Check deployment logs:
logs/deployment_*.log - Verify AWS resources: Use AWS Console
- Test connectivity: Run test scripts
- Check Lambda logs: CloudWatch logs
- Permission Denied: Ensure AWS CLI has proper permissions
- Database Connection: Verify RDS security groups
- Lambda Timeout: Check function timeout settings
- API Gateway: Verify Lambda integration
After successful deployment:
- Configure Frontend: Update frontend to use API Gateway URL
- Set up Monitoring: Configure CloudWatch alarms
- Implement CI/CD: Automate deployments
- Security Hardening: Review and enhance security settings
- Performance Optimization: Monitor and optimize performance
Version: 2.0
Last Updated: March 2026
Architecture: AWS Serverless (.NET 10 + Lambda + RDS + API Gateway)
Deployment: Fully Automated