Cloud Database Deployment
Run Cascadia with a managed cloud database (AWS RDS, Google Cloud SQL, Azure Database).
Architecture
┌─────────────────────────────────────┐
│ Application Server(s) │
│ │
│ ┌───────────────────────────────┐ │
│ │ Cascadia App │ │
│ │ (Core + Vault + Jobs) │ │
│ └───────────────┬───────────────┘ │
└──────────────────┼──────────────────┘
│ TLS
│
┌──────────────────▼──────────────────┐
│ Cloud Provider │
│ │
│ ┌───────────────────────────────┐ │
│ │ Managed PostgreSQL │ │
│ │ │ │
│ │ - AWS RDS │ │
│ │ - Google Cloud SQL │ │
│ │ - Azure Database │ │
│ │ │ │
│ │ Features: │ │
│ │ - Automated backups │ │
│ │ - Multi-AZ failover │ │
│ │ - Point-in-time recovery │ │
│ │ - Automatic updates │ │
│ └───────────────────────────────┘ │
└─────────────────────────────────────┘
When to Use
- Production environments
- Compliance requirements for managed backups
- Need for automated failover
- Prefer managed database operations
- Budget available for managed services
Cloud Provider Setup
AWS RDS
-
Create RDS Instance
Engine: PostgreSQL 18+
Instance: db.t3.medium (adjust for workload)
Storage: 100GB gp3
Multi-AZ: Yes (production) -
Security Group
- Allow inbound 5432 from application servers only
-
Connection String
DATABASE_URL=postgresql://cascadia:PASSWORD@mydb.abc123.us-east-1.rds.amazonaws.com:5432/cascadia?sslmode=require
Google Cloud SQL
-
Create Instance
Engine: PostgreSQL 18
Machine: db-custom-4-16384 (4 vCPU, 16GB)
Storage: 100GB SSD
High Availability: Regional -
Authorized Networks
- Add application server IPs or use Cloud SQL Proxy
-
Connection String (via proxy)
DATABASE_URL=postgresql://cascadia:PASSWORD@127.0.0.1:5432/cascadiaOr with Unix socket:
DATABASE_URL=postgresql://cascadia:PASSWORD@/cascadia?host=/cloudsql/project:region:instance
Azure Database for PostgreSQL
-
Create Server
Tier: General Purpose
vCores: 4
Storage: 100GB
High Availability: Zone Redundant -
Firewall Rules
- Add application server IPs
-
Connection String
DATABASE_URL=postgresql://cascadia@server:PASSWORD@server.postgres.database.azure.com:5432/cascadia?sslmode=requireNote: Azure uses
username@serverformat.
Deployment
Step 1: Create Cloud Database
Follow your cloud provider's instructions above.
Step 2: Create Database Schema
# From your local machine with DATABASE_URL set
cd CascadiaApp
npx drizzle-kit push
Step 3: Deploy Application
# On application server
cd deployments/cloud-database
cp .env.example .env
# Edit .env with your cloud DATABASE_URL
docker-compose up -d
Cost Optimization
AWS RDS
- Use Reserved Instances for predictable workloads
- Consider Aurora Serverless for variable workloads
- Use read replicas for read-heavy applications
Google Cloud SQL
- Use committed use discounts
- Consider Cloud SQL Insights for query optimization
- Scale down during off-hours (if applicable)
Azure
- Use Reserved Capacity
- Consider Hyperscale for very large databases
- Use Flexible Server for dev/test (cost-effective)
Security Best Practices
-
Never expose database publicly
- Use VPC peering or private endpoints
-
Use SSL/TLS
- Always include
sslmode=requirein connection string
- Always include
-
Rotate credentials regularly
- Use AWS Secrets Manager, GCP Secret Manager, or Azure Key Vault
-
Enable audit logging
- Track database access for compliance
-
Encrypt at rest
- Enabled by default on all major providers
Backup and Recovery
AWS RDS
# Automated backups: Configure retention period (1-35 days)
# Point-in-time recovery: Within backup retention window
# Manual snapshots: Keep before major changes
Google Cloud SQL
# Automated backups: Daily, 7-day retention default
# Point-in-time recovery: Up to 7 days
# On-demand backups: Before migrations
Azure Database
# Automated backups: 7-35 days retention
# Geo-redundant backups: For disaster recovery
# Long-term retention: Up to 10 years
Next Steps
- Kubernetes - Container orchestration
- Configuration Reference - All environment variables