AWS Deployment

The AWS adapter provisions everything your site needs in your own AWS account — one command, everything tagged and ready.

npx @sirsluginston/aws-adapter init

You'll be asked for your AWS region, tenant ID, domain, and which add-ons you want. Every resource is tagged CreatedBy: SirSluginstonCLI so you can see it all in AWS Resource Groups.

Resource	Purpose
DynamoDB tables	<CompanyName>-Config (pages + config) and <CompanyName>-UserData
Cognito User Pool	Authentication. Your admin email is added to the admins group.
S3 static bucket	Static Next.js output, ads.txt, robots.txt
S3 deploy bucket	Lambda zip upload staging
Lambda SSR	Next.js server-side rendering via function URL
CloudFront (static)	CDN for static assets via Origin Access Control
CloudFront (SSR)	Unified CDN — static → S3, dynamic → Lambda
ACM certificate	Wildcard HTTPS cert (us-east-1, required for CloudFront)
Route53 hosted zone	DNS management — A record to CloudFront written automatically

All resources are tagged CreatedBy: SirSluginstonCLI. Find them in AWS under Resource Groups & Tag Editor.

During init, the CLI asks about each add-on as a yes/no business question:

Ocean — "Do you receive data from external sources that needs to be cleaned and served to visitors?"
→ Provisions S3 data lake, Athena, Lambda ingestion pipeline, and optionally Aurora Serverless v2 (+Search).

Intellect — "Do you want AI on your site — a live chatbox assistant or background content processing?"
→ Provisions EC2 with Ollama. Live = always-on instance. Batch = Spot instance, on demand.

Commerce — "Are you selling something?"
→ Provisions a Products table. Configure your payment processor in your environment.

Each add-on contributes to your solvency cap calculation.

After provisioning, the CLI shows your initial solvency cap estimate:

Provisioned Stack — Estimated Monthly Cost
  Core  (Lambda SSR + CloudFront + S3 + DynamoDB + Cognito + Guard)  ~$15/mo
  Stack total: ~$15/mo

Solvency Cap: 15,000 adviews / month

Once live, an hourly Guard Lambda in your account queries AWS Cost Explorer (filtered to CreatedBy: SirSluginstonCLI) and updates your cap with your actual spend. The AWS Cost Analytics section in your admin panel shows the real per-service breakdown. The cap adjusts automatically in both directions as your actual costs change.

Below the cap, your publisher ID runs. Above it, SirSluginston Co's publisher ID runs until the monthly reset. How the ad model works →

The adapter provisions a Route53 hosted zone for your domain and an ACM wildcard certificate (*.yourdomain.com) in us-east-1 — required for CloudFront.

If your domain is already on Route53, the DNS A record pointing to your CloudFront distribution is written automatically (email-safe — existing MX records are never touched). If your domain is at an external registrar, the CLI prints the Route53 nameservers you need to update to.

SSL validates automatically once DNS resolves. No manual cert steps required.

In production, the Beacon runs in full enforcement mode:

• Pings api.sirsluginston.com/beacon on every page navigation
• Returns a signed HMAC token that unlocks your AdSlots to your publisher ID
• On first admin login, triggers the SLIME acceptance modal — accept the license before accessing the admin panel

SLIME acceptance records: { domain, adminEmail, slimeVersion, acceptedAt } — stored in the Beacon database. No IP address stored.

The Beacon is non-removable by design. Removing it triggers an escalating response (silent → admin banner → admin panel saves locked → public notice). Restoring it reverses all effects immediately.

Compliance & Troubleshooting →