docs: add comprehensive AWS ECS self-hosting guide

[devin-ai-integration]

Context

This PR adds a new comprehensive self-hosting guide for deploying Infisical on AWS using ECS Fargate, RDS PostgreSQL, ElastiCache Redis, and Application Load Balancer. This addresses the missing AWS deployment documentation that was identified as a gap in the self-hosting guides.

The guide includes all the sections requested:

• System requirements
• Step-by-step deployment with verification commands after each major step
• IAM policy JSON examples (not just descriptions)
• SMTP/email configuration with AWS SES
• Custom domain setup with Route 53 and ACM
• Container debugging instructions (ECS Exec)
• Database migration handling
• VPC endpoint setup for air-gapped environments
• Backup strategy and upgrade instructions
• Infrastructure as Code templates (Terraform and CloudFormation)
• Comprehensive troubleshooting section (7 common issues)

The health check endpoint has been verified as /api/status (not /api/health as mentioned in the original PR #5106).

Updates since last revision

• Removed cost considerations section per user request
• Fixed whitespace/indentation in docs.json (only the new aws-native entry is added now)
• Added note advising users to scope down KMS permissions to specific key ARNs for production
• Added note about additional ALB security options (CloudFront, WAF, IP allowlists)
• Removed broken Terraform module link (infisical-terraform-aws repo doesn't exist) and clarified the example is a starting point

Steps to verify the change

1. Preview the documentation in Mintlify to verify formatting renders correctly
2. Spot-check AWS CLI commands for syntax correctness
3. Review IAM policy examples for security best practices

Human review checklist

• Verify IAM policies follow least-privilege principles (note: examples use wildcards with guidance to scope down for production)
• Confirm CloudFormation/Terraform examples are useful (note: they are simplified/partial starting points)
• Check that security group configurations are secure
• Confirm health check endpoint /api/status is correct for Infisical

Type

• Fix
• Feature
• Improvement
• Breaking
• Docs
• Chore

Checklist

• Title follows the conventional commit format: type(scope): short description (scope is optional, e.g., fix: prevent crash on sync or fix(api): handle null response).
• Tested locally
• Updated docs (if needed)
• Read the contributing guide

---

Link to Devin run: https://app.devin.ai/sessions/de8b36ae4d4c4287ace71741aef029fe
Requested by: ashwin@infisical.com

[devin-ai-integration]

🤖 Devin AI Engineer

I'll be helping with this pull request! Here's what you should know:

✅ I will automatically:

• Address comments on this PR. Add '(aside)' to your comment to have me ignore it.
• Look at CI failures and help fix them

Note: I can only respond to comments from users who have write access to this repository.

⚙️ Control Options:

• Disable automatic comment and CI monitoring

[maidul98]

✅ Snyk checks have passed. No issues have been found so far.

Status	Scanner	Critical	High	Medium	Low	Total (0)
✅	Open Source Security	0	0	0	0	0 issues

💻 Catch issues earlier using the plugins for VS Code, JetBrains IDEs, Visual Studio, and Eclipse.

[greptile-apps]

Greptile Overview

Greptile Summary

This PR adds a comprehensive AWS ECS self-hosting guide that fills a gap in the documentation. The guide covers deploying Infisical on AWS using ECS Fargate, RDS PostgreSQL, ElastiCache Redis, and ALB.

Key additions:

• Step-by-step deployment instructions with verification commands
• Complete IAM policy examples for task execution and task roles
• Security configurations (security groups, encryption, VPC setup)
• SMTP/email setup with AWS SES
• Custom domain configuration with Route 53 and ACM
• Container debugging with ECS Exec
• Database migration handling
• VPC endpoints for air-gapped environments
• Backup strategies and upgrade procedures
• Infrastructure as Code templates (Terraform and CloudFormation)
• Comprehensive troubleshooting section covering 7 common scenarios

Previous review feedback addressed:

• KMS permissions now include a Note advising to scope down to specific key ARNs for production
• ALB security includes a Note about additional security options (CloudFront, WAF, IP allowlists)
• Broken Terraform module link removed with clarification that examples are starting points
• Whitespace issues in docs.json have been fixed

The documentation follows best practices and provides clear guidance for production deployments. Health check endpoint /api/status has been verified in the codebase.

Confidence Score: 4/5

• This documentation PR is safe to merge with minimal risk
• Score reflects comprehensive documentation that addresses previous feedback and provides production-ready guidance. Minor deduction for complexity and breadth of AWS commands that should be spot-checked by someone familiar with the AWS services involved
• No files require special attention - previous review concerns have been addressed

Important Files Changed

Filename	Overview
docs/docs.json	Added aws-native entry to deployment options navigation menu
docs/self-hosting/deployment-options/aws-native.mdx	New comprehensive AWS ECS self-hosting guide with step-by-step instructions, IAM policies, IaC templates, and troubleshooting. Previous security concerns addressed.

[greptile-apps]

_{2 files reviewed, 5 comments}

_{Edit Code Review Agent Settings | Greptile}

[ashwin-infisical]

@greptileai Can you re-review this PR with all of your comments addressed?