This guide covers the full deployment path for the repository cloned as
aws-docs-rag.
- AWS account with Bedrock model access
- Pinecone account and API key
- AWS CLI v2
- Python 3.11+
- A frontend origin URL that will be allowed by CORS
git clone https://github.com/micronwave/aws-docs-rag.git
cd aws-docs-ragSet the project variables before running the deploy scripts. ALLOWED_ORIGIN
must match the CloudFront URL that serves the frontend.
ORIGIN_VERIFY_SECRET is optional. If you do not set it, the deploy helpers
generate a strong secret and store it in origin_verify_secret.txt so Lambda
and CloudFront share the same value without exposing it to the browser.
Example:
export ALLOWED_ORIGIN=https://your-cloudfront-domain.example.com
source set_env.shWindows users can set the same value in set_env.template.ps1 or their local
copy of that file before running the deployment scripts.
Run these scripts in order:
python scripts/01_ingest_docs.pypython scripts/02_chunk_docs.pypython scripts/03_generate_embeddings.pypython scripts/04_upload_to_pinecone.pypython scripts/05_test_rag_local.pypython scripts/06_deploy_lambda.pypython scripts/07_deploy_api_gateway.pypython scripts/08_deploy_frontend.py
scripts/06_deploy_lambda.py injects ALLOWED_ORIGIN into the Lambda
environment, and scripts/07_deploy_api_gateway.py uses the same value for
OPTIONS and gateway error responses. scripts/08_deploy_frontend.py publishes
the frontend with a same-origin /query endpoint and configures CloudFront to
forward that path to API Gateway with a private verification header. If the
frontend URL changes, update the environment variable and rerun the Lambda and
API Gateway scripts.