This message was deleted.

I'm in a bit of a similar position, where I'm trying to venture across the line of provisioning and maintaining infrastructure, to the configuration of that infrastructure. The solution I ended up using was finding 1st-class resources in my cloud provider that are designed for this purpose. In my case, on Azure, that was setting up a VM Scale Set, then using an App Gallery application and App Gallery Versions to define my program and how it should be installed and configured. Then I just associated the App Gallery application with my Scale Set, and trusted Azure to handle the deploying and updating. It's been a good while since I've worked with AWS, but I suspect AWS AppConfig might offer this for you. Just think of it as a way to configure VMs, not necessarily that you must provide binaries for it to run and all that. Good luck! https://docs.aws.amazon.com/appconfig/latest/userguide/what-is-appconfig.html https://www.pulumi.com/registry/packages/aws/api-docs/appconfig/

Typically, I would use Postgres in RDS connected via an EC2 by role for better security.

That's also a valid solution, but it's hard for me to blame anyone trying to save money by avoiding fully-managed services like RDS

Typically startup companies go from EC2 to ECS to Kubernetes and squire technical debt along the way. There are a log security issues that come up along the way and the final goal dictates the technical approach. You can build an app in ECS with a SideCar database. EC2 has a much higher cost.

Those are all true, and indeed, using RDS would be best practice if you're in a business and seeking to build a production service. @thankful-activity-51613 should take heed of your advice if that's their goal. If this is for personal/small-scale/testing purposes, though, then their current path should do just fine

If it's exploration; I'd use a free tier EC2 with a CIS hardening (Ubuntu) and Harden the database. Using ECS is harder for new people because you just can't login and fix something.