ADR-003-a — Backend Production Stack
ADR-003-a — Backend Production Stack
Sección titulada «ADR-003-a — Backend Production Stack»Accepted
Context
Sección titulada «Context»The backend is deployed as a Docker container on AWS App Runner. The image is the same as in development; the difference is the environment variables and DJANGO_SETTINGS_MODULE.
Decision
Sección titulada «Decision»Infrastructure stack. The backend runs on AWS App Runner (compute) backed by RDS PostgreSQL 16 (same version as dev). Auth is SimpleJWT in development and AWS Cognito in staging and production (see [[adr-008-authentication|ADR-008]]). Static files are served by WhiteNoise on App Runner; media is stored on S3. Secrets are managed via AWS Secrets Manager — never in plaintext environment variables. The production settings module is config.settings.production, which inherits from base.py.
| Component | Decision |
|---|---|
| Compute | AWS App Runner — Docker image from ECR |
| Database | AWS RDS PostgreSQL 16 — same version as dev |
| Auth | SimpleJWT (dev) / AWS Cognito (staging + prod) — see [[adr-008-authentication |
| Static files | WhiteNoise serves static on App Runner; S3 for media |
| Secrets | AWS Secrets Manager — never in plaintext environment variables |
| Settings module | config.settings.production — inherits from base.py |
Constraints the MVP must already respect:
DEBUG=Falseinproduction.py.ALLOWED_HOSTSrestricted to the App Runner domain.- Migrations run as part of the entrypoint before starting uvicorn.
- Multi-stage image, non-root
appuser, no dev dependencies.
Consequences
Sección titulada «Consequences»- There is no Nginx server in front — App Runner handles TLS and load balancing.
- WhiteNoise is sufficient for Django admin static files; frontend assets are served by Amplify ([[adr-003-b-frontend-prod-stack|ADR-003-b]]).