Minimal Configuration

Configurations for LISA are split into 2 configuration files, base and custom. The base configuration contains the recommended properties that can be overridden with the custom properties file. The custom configuration should contain the minimal properties required to deploy LISA, and any optional properties or overrides. This file should be created at the root of your project (./config-custom.yaml) and needs to contain the following properties:

yaml

accountNumber:
region:
s3BucketModels:
authConfig:
  authority:
  clientId:
  adminGroup:
  jwtGroupsProperty:

LISA Configuration Schema

Config

Raw application configuration schema.

Object containing the following properties:

Property	Description	Type	Default
`appName`	Name of the application.	`string`	`'lisa'`
`profile`	AWS CLI profile for deployment.	`string` (nullable)
`deploymentName`	Name of the deployment.	`string`	`'prod'`
`accountNumber` (*)	AWS account number for deployment. Must be 12 digits.	`number \| string`
`region` (*)	AWS region for deployment.	`string`
`partition`	AWS partition for deployment.	`string`	`'aws'`
`domain`	AWS domain for deployment	`string`	`'amazonaws.com'`
`restApiConfig` (*)	Configuration schema for REST API.	Object with properties: `internetFacing`: `boolean` - Whether the REST API ALB will be configured as internet facing. `domainName`: `string` (nullable) `sslCertIamArn`: `string` (nullable) - ARN of the self-signed cert to be used throughout the system `rdsConfig`: Object with properties: `username`: `string` - The username used for database connection. `passwordSecretId`: `string` - The SecretsManager Secret ID that stores the existing database password. `dbHost`: `string` - The database hostname for the existing database instance. `dbName`: `string` - The name of the database for the database instance. `dbPort`: `number` - The port of the existing database instance or the port to be opened on the database instance.
`vpcId`	VPC ID for the application. (e.g. vpc-0123456789abcdef)	`string`
`subnets`	Array of subnet objects for the application. These contain a subnetId(e.g. [subnet-fedcba9876543210] and ipv4CidrBlock	Array of objects: `subnetId`: `string` (startsWith: subnet-) `ipv4CidrBlock`: `string`
`securityGroupConfig`	Security Group Overrides used across stacks.	Object with properties: `modelSecurityGroupId`: `string` (startsWith: sg-) `restAlbSecurityGroupId`: `string` (startsWith: sg-) `lambdaSecurityGroupId`: `string` (startsWith: sg-) `liteLlmDbSecurityGroupId`: `string` (startsWith: sg-) `openSearchSecurityGroupId`: `string` (startsWith: sg-) `pgVectorSecurityGroupId`: `string` (startsWith: sg-)
`deploymentStage`	Deployment stage for the application.	`string`	`'prod'`
`removalPolicy`	Removal policy for resources (destroy or retain).	`'destroy' \| 'retain'`	`'destroy'`
`runCdkNag`	Whether to run CDK Nag checks.	`boolean`	`false`
`privateEndpoints`	Whether to use privateEndpoints for REST API.	`boolean`	`false`
`s3BucketModels` (*)	S3 bucket for models.	`string`
`mountS3DebUrl` (*)	URL for S3-mounted Debian package.	`string`
`accountNumbersEcr`	List of AWS account numbers for ECR repositories.	`Array<number \| string>`
`deployRag`	Whether to deploy RAG stacks.	`boolean`	`true`
`deployChat`	Whether to deploy chat stacks.	`boolean`	`true`
`deployDocs`	Whether to deploy docs stacks.	`boolean`	`true`
`deployUi`	Whether to deploy UI stacks.	`boolean`	`true`
`logLevel`	Log level for application.	`'DEBUG' \| 'INFO' \| 'WARNING' \| 'ERROR'`	`'DEBUG'`
`authConfig`	Authorization configuration.	Object with properties: `authority`: `string` - URL of OIDC authority. `clientId`: `string` - Client ID for OIDC IDP . `adminGroup`: `string` - Name of the admin group. `jwtGroupsProperty`: `string` - Name of the JWT groups property. `additionalScopes`: `Array<string>` - Additional JWT scopes to request.
`roles`	Role overrides used across stacks.	Object with properties: `DockerImageBuilderDeploymentRole`: `string` (max length: 64) `DockerImageBuilderEC2Role`: `string` (max length: 64) `DockerImageBuilderRole`: `string` (max length: 64) `DocsRole`: `string` (max length: 64) `DocsDeployerRole`: `string` (max length: 64) `ECSModelDeployerRole`: `string` (max length: 64) `ECSModelTaskRole`: `string` (max length: 64) `ECSRestApiRole`: `string` (max length: 64) `ECSRestApiExRole`: `string` (max length: 64) `LambdaExecutionRole`: `string` (max length: 64) `LambdaConfigurationApiExecutionRole`: `string` (max length: 64) `ModelApiRole`: `string` (max length: 64) `ModelsSfnLambdaRole`: `string` (max length: 64) `ModelSfnRole`: `string` (max length: 64) `RagLambdaExecutionRole`: `string` (max length: 64) `RestApiAuthorizerRole`: `string` (max length: 64) `S3ReaderRole`: `string` (max length: 64) `UIDeploymentRole`: `string` (max length: 64) `VectorStoreCreatorRole`: `string` (max length: 64)
`pypiConfig`	Pypi configuration.	Object with properties: `indexUrl`: `string` - URL for the pypi index. `trustedHost`: `string` - Trusted host for pypi.	`{"indexUrl":"","trustedHost":""}`
`condaUrl`	Conda URL configuration	`string`	`''`
`certificateAuthorityBundle`	Certificate Authority Bundle file	`string`	`''`
`ragRepositories`	Rag Repository configuration.	Array of objects: `repositoryId`: `string` (min length: 1, regex: `/^[a-z0-9-]{1,63}/`, regex: `/^(?!-).(?<!-)$/`) - A unique identifier for the repository, used in API calls and the UI. It must be distinct across all repositories. `repositoryName`: `string` - The user-friendly name displayed in the UI. `type`: Native enum:* `OPENSEARCH = 'opensearch'` `PGVECTOR = 'pgvector'` - The vector store designated for this repository. `opensearchConfig`: Object with properties: `endpoint`: `string` (min length: 1) - Existing OpenSearch Cluster endpoint or Object with properties: `dataNodes`: `number` (≥1) - The number of data nodes (instances) to use in the Amazon OpenSearch Service domain. `dataNodeInstanceType`: `string` - The instance type for your data nodes `masterNodes`: `number` (≥0) - The number of instances to use for the master node `masterNodeInstanceType`: `string` - The hardware configuration of the computer that hosts the dedicated master node `volumeSize`: `number` (≥20) - The size (in GiB) of the EBS volume for each data node. The minimum and maximum size of an EBS volume depends on the EBS volume type and the instance type to which it is attached. `volumeType`: Native enum: `STANDARD = 'standard'` `IO1 = 'io1'` `IO2 = 'io2'` `GP2 = 'gp2'` `GP3 = 'gp3'` `ST1 = 'st1'` `SC1 = 'sc1'` `GENERAL_PURPOSE_SSD = 'gp2'` `GENERAL_PURPOSE_SSD_GP3 = 'gp3'` `PROVISIONED_IOPS_SSD = 'io1'` `PROVISIONED_IOPS_SSD_IO2 = 'io2'` `THROUGHPUT_OPTIMIZED_HDD = 'st1'` `COLD_HDD = 'sc1'` `MAGNETIC = 'standard'` - The EBS volume type to use with the Amazon OpenSearch Service domain `multiAzWithStandby`: `boolean` - Indicates whether Multi-AZ with Standby deployment option is enabled. `rdsConfig`: Object with properties: `username`: `string` - The username used for database connection. `passwordSecretId`: `string` - The SecretsManager Secret ID that stores the existing database password. `dbHost`: `string` - The database hostname for the existing database instance. `dbName`: `string` - The name of the database for the database instance. `dbPort`: `number` - The port of the existing database instance or the port to be opened on the database instance. - Configuration schema for RDS Instances needed for LiteLLM scaling or PGVector RAG operations. The optional fields can be omitted to create a new database instance, otherwise fill in all fields to use an existing database instance. `pipelines`: Array of objects: `chunkSize`: `number` - The size of the chunks used for document segmentation. `chunkOverlap`: `number` - The size of the overlap between chunks. `embeddingModel`: `string` - The embedding model used for document ingestion in this pipeline. `s3Bucket`: `string` - The S3 bucket monitored by this pipeline for document processing. `s3Prefix`: `string` - The prefix within the S3 bucket monitored for document processing. `trigger`: `'daily' \| 'event'` - The event type that triggers document ingestion. `autoRemove`: `boolean` - Enable removal of document from vector store when deleted from S3. This will also remove the file from S3 if file is deleted from vector store through API/UI. - Rag ingestion pipeline for automated inclusion into a vector store from S3 `allowedGroups`: `Array<string (_min length: 1_)>` - The groups provided by the Identity Provider that have access to this repository. If no groups are specified, access is granted to everyone.	`[]`
`ragFileProcessingConfig`	Rag file processing configuration.	Object with properties: `chunkSize`: `number` (≥100, ≤10000) `chunkOverlap`: `number` (≥0)
`ecsModels`	Array of ECS model configurations.	Array of objects: `modelName`: `string` - Name of the model. `baseImage`: `string` - Base image for the container. `inferenceContainer`: `'tgi' \| 'tei' \| 'instructor' \| 'vllm'` - Prebuilt inference container for serving model.
`apiGatewayConfig`	Configuration schema for API Gateway Endpoint	Object with properties: `domainName`: `string` (nullable) - Custom domain name for API Gateway Endpoint
`nvmeHostMountPath`	Host path for NVMe drives.	`string`	`'/nvme'`
`nvmeContainerMountPath`	Container path for NVMe drives.	`string`	`'/nvme'`
`tags`	Array of key-value pairs for tagging.	Array of objects: `Key`: `string` `Value`: `string`
`deploymentPrefix`	Prefix for deployment resources.	`string`
`webAppAssetsPath`	Optional path to precompiled webapp assets. If not specified the web application will be built at deploy time.	`string`
`lambdaLayerAssets`	Configuration for local Lambda layer code	Object with properties: `authorizerLayerPath`: `string` - Lambda Authorizer code path `commonLayerPath`: `string` - Lambda common layer code path `fastapiLayerPath`: `string` - Lambda API code path `ragLayerPath`: `string` - Lambda RAG layer code path `sdkLayerPath`: `string` - Lambda SDK layer code path
`permissionsBoundaryAspect`	Aspect CDK injector for permissions. Ref: https://docs.aws.amazon.com/cdk/api/v2/docs/aws-cdk-lib.aws_iam.PermissionsBoundary.html	Object with properties: `permissionsBoundaryPolicyName`: `string` `rolePrefix`: `string` (max length: 20) `policyPrefix`: `string` (max length: 20) `instanceProfilePrefix`: `string`
`stackSynthesizer`	Set the stack synthesize type. Ref: https://docs.aws.amazon.com/cdk/api/v2/docs/aws-cdk-lib.StackSynthesizer.html	Native enum: `CliCredentialsStackSynthesizer = 'CliCredentialsStackSynthesizer'` `DefaultStackSynthesizer = 'DefaultStackSynthesizer'` `LegacyStackSynthesizer = 'LegacyStackSynthesizer'`
`litellmConfig` (*)	Core LiteLLM configuration - see https://litellm.vercel.app/docs/proxy/configs#all-settings for more details about each field.	Object with properties: `db_key`: `string` `general_settings`: `any` (nullable) `litellm_settings`: `any` (nullable) `router_settings`: `any` (nullable) `environment_variables`: `any` (nullable)
`convertInlinePoliciesToManaged`	Convert inline policies to managed policies	`boolean`	`false`

(*) Required.

PartialConfig

Object containing the following properties:

Property	Description	Type	Default
`appName`	Name of the application.	`string`	`'lisa'`
`profile`	AWS CLI profile for deployment.	`string` (nullable)
`deploymentName`	Name of the deployment.	`string`	`'prod'`
`accountNumber`	AWS account number for deployment. Must be 12 digits.	`number \| string`
`region`	AWS region for deployment.	`string`
`partition`	AWS partition for deployment.	`string`	`'aws'`
`domain`	AWS domain for deployment	`string`	`'amazonaws.com'`
`restApiConfig`	Configuration schema for REST API.	Object with properties: `internetFacing`: `boolean` - Whether the REST API ALB will be configured as internet facing. `domainName`: `string` (nullable) `sslCertIamArn`: `string` (nullable) - ARN of the self-signed cert to be used throughout the system `rdsConfig`: Object with properties: `username`: `string` - The username used for database connection. `passwordSecretId`: `string` - The SecretsManager Secret ID that stores the existing database password. `dbHost`: `string` - The database hostname for the existing database instance. `dbName`: `string` - The name of the database for the database instance. `dbPort`: `number` - The port of the existing database instance or the port to be opened on the database instance.
`vpcId`	VPC ID for the application. (e.g. vpc-0123456789abcdef)	`string`
`subnets`	Array of subnet objects for the application. These contain a subnetId(e.g. [subnet-fedcba9876543210] and ipv4CidrBlock	Array of objects: `subnetId`: `string` (startsWith: subnet-) `ipv4CidrBlock`: `string`
`securityGroupConfig`	Security Group Overrides used across stacks.	Object with properties: `modelSecurityGroupId`: `string` (startsWith: sg-) `restAlbSecurityGroupId`: `string` (startsWith: sg-) `lambdaSecurityGroupId`: `string` (startsWith: sg-) `liteLlmDbSecurityGroupId`: `string` (startsWith: sg-) `openSearchSecurityGroupId`: `string` (startsWith: sg-) `pgVectorSecurityGroupId`: `string` (startsWith: sg-)
`deploymentStage`	Deployment stage for the application.	`string`	`'prod'`
`removalPolicy`	Removal policy for resources (destroy or retain).	`'destroy' \| 'retain'`	`'destroy'`
`runCdkNag`	Whether to run CDK Nag checks.	`boolean`	`false`
`privateEndpoints`	Whether to use privateEndpoints for REST API.	`boolean`	`false`
`s3BucketModels`	S3 bucket for models.	`string`
`mountS3DebUrl`	URL for S3-mounted Debian package.	`string`
`accountNumbersEcr`	List of AWS account numbers for ECR repositories.	`Array<number \| string>`
`deployRag`	Whether to deploy RAG stacks.	`boolean`	`true`
`deployChat`	Whether to deploy chat stacks.	`boolean`	`true`
`deployDocs`	Whether to deploy docs stacks.	`boolean`	`true`
`deployUi`	Whether to deploy UI stacks.	`boolean`	`true`
`logLevel`	Log level for application.	`'DEBUG' \| 'INFO' \| 'WARNING' \| 'ERROR'`	`'DEBUG'`
`authConfig`	Authorization configuration.	Object with properties: `authority`: `string` - URL of OIDC authority. `clientId`: `string` - Client ID for OIDC IDP . `adminGroup`: `string` - Name of the admin group. `jwtGroupsProperty`: `string` - Name of the JWT groups property. `additionalScopes`: `Array<string>` - Additional JWT scopes to request.
`roles`	Role overrides used across stacks.	Object with properties: `DockerImageBuilderDeploymentRole`: `string` (max length: 64) `DockerImageBuilderEC2Role`: `string` (max length: 64) `DockerImageBuilderRole`: `string` (max length: 64) `DocsRole`: `string` (max length: 64) `DocsDeployerRole`: `string` (max length: 64) `ECSModelDeployerRole`: `string` (max length: 64) `ECSModelTaskRole`: `string` (max length: 64) `ECSRestApiRole`: `string` (max length: 64) `ECSRestApiExRole`: `string` (max length: 64) `LambdaExecutionRole`: `string` (max length: 64) `LambdaConfigurationApiExecutionRole`: `string` (max length: 64) `ModelApiRole`: `string` (max length: 64) `ModelsSfnLambdaRole`: `string` (max length: 64) `ModelSfnRole`: `string` (max length: 64) `RagLambdaExecutionRole`: `string` (max length: 64) `RestApiAuthorizerRole`: `string` (max length: 64) `S3ReaderRole`: `string` (max length: 64) `UIDeploymentRole`: `string` (max length: 64) `VectorStoreCreatorRole`: `string` (max length: 64)
`pypiConfig`	Pypi configuration.	Object with properties: `indexUrl`: `string` - URL for the pypi index. `trustedHost`: `string` - Trusted host for pypi.	`{"indexUrl":"","trustedHost":""}`
`condaUrl`	Conda URL configuration	`string`	`''`
`certificateAuthorityBundle`	Certificate Authority Bundle file	`string`	`''`
`ragRepositories`	Rag Repository configuration.	Array of objects: `repositoryId`: `string` (min length: 1, regex: `/^[a-z0-9-]{1,63}/`, regex: `/^(?!-).(?<!-)$/`) - A unique identifier for the repository, used in API calls and the UI. It must be distinct across all repositories. `repositoryName`: `string` - The user-friendly name displayed in the UI. `type`: Native enum:* `OPENSEARCH = 'opensearch'` `PGVECTOR = 'pgvector'` - The vector store designated for this repository. `opensearchConfig`: Object with properties: `endpoint`: `string` (min length: 1) - Existing OpenSearch Cluster endpoint or Object with properties: `dataNodes`: `number` (≥1) - The number of data nodes (instances) to use in the Amazon OpenSearch Service domain. `dataNodeInstanceType`: `string` - The instance type for your data nodes `masterNodes`: `number` (≥0) - The number of instances to use for the master node `masterNodeInstanceType`: `string` - The hardware configuration of the computer that hosts the dedicated master node `volumeSize`: `number` (≥20) - The size (in GiB) of the EBS volume for each data node. The minimum and maximum size of an EBS volume depends on the EBS volume type and the instance type to which it is attached. `volumeType`: Native enum: `STANDARD = 'standard'` `IO1 = 'io1'` `IO2 = 'io2'` `GP2 = 'gp2'` `GP3 = 'gp3'` `ST1 = 'st1'` `SC1 = 'sc1'` `GENERAL_PURPOSE_SSD = 'gp2'` `GENERAL_PURPOSE_SSD_GP3 = 'gp3'` `PROVISIONED_IOPS_SSD = 'io1'` `PROVISIONED_IOPS_SSD_IO2 = 'io2'` `THROUGHPUT_OPTIMIZED_HDD = 'st1'` `COLD_HDD = 'sc1'` `MAGNETIC = 'standard'` - The EBS volume type to use with the Amazon OpenSearch Service domain `multiAzWithStandby`: `boolean` - Indicates whether Multi-AZ with Standby deployment option is enabled. `rdsConfig`: Object with properties: `username`: `string` - The username used for database connection. `passwordSecretId`: `string` - The SecretsManager Secret ID that stores the existing database password. `dbHost`: `string` - The database hostname for the existing database instance. `dbName`: `string` - The name of the database for the database instance. `dbPort`: `number` - The port of the existing database instance or the port to be opened on the database instance. - Configuration schema for RDS Instances needed for LiteLLM scaling or PGVector RAG operations. The optional fields can be omitted to create a new database instance, otherwise fill in all fields to use an existing database instance. `pipelines`: Array of objects: `chunkSize`: `number` - The size of the chunks used for document segmentation. `chunkOverlap`: `number` - The size of the overlap between chunks. `embeddingModel`: `string` - The embedding model used for document ingestion in this pipeline. `s3Bucket`: `string` - The S3 bucket monitored by this pipeline for document processing. `s3Prefix`: `string` - The prefix within the S3 bucket monitored for document processing. `trigger`: `'daily' \| 'event'` - The event type that triggers document ingestion. `autoRemove`: `boolean` - Enable removal of document from vector store when deleted from S3. This will also remove the file from S3 if file is deleted from vector store through API/UI. - Rag ingestion pipeline for automated inclusion into a vector store from S3 `allowedGroups`: `Array<string (_min length: 1_)>` - The groups provided by the Identity Provider that have access to this repository. If no groups are specified, access is granted to everyone.	`[]`
`ragFileProcessingConfig`	Rag file processing configuration.	Object with properties: `chunkSize`: `number` (≥100, ≤10000) `chunkOverlap`: `number` (≥0)
`ecsModels`	Array of ECS model configurations.	Array of objects: `modelName`: `string` - Name of the model. `baseImage`: `string` - Base image for the container. `inferenceContainer`: `'tgi' \| 'tei' \| 'instructor' \| 'vllm'` - Prebuilt inference container for serving model.
`apiGatewayConfig`	Configuration schema for API Gateway Endpoint	Object with properties: `domainName`: `string` (nullable) - Custom domain name for API Gateway Endpoint
`nvmeHostMountPath`	Host path for NVMe drives.	`string`	`'/nvme'`
`nvmeContainerMountPath`	Container path for NVMe drives.	`string`	`'/nvme'`
`tags`	Array of key-value pairs for tagging.	Array of objects: `Key`: `string` `Value`: `string`
`deploymentPrefix`	Prefix for deployment resources.	`string`
`webAppAssetsPath`	Optional path to precompiled webapp assets. If not specified the web application will be built at deploy time.	`string`
`lambdaLayerAssets`	Configuration for local Lambda layer code	Object with properties: `authorizerLayerPath`: `string` - Lambda Authorizer code path `commonLayerPath`: `string` - Lambda common layer code path `fastapiLayerPath`: `string` - Lambda API code path `ragLayerPath`: `string` - Lambda RAG layer code path `sdkLayerPath`: `string` - Lambda SDK layer code path
`permissionsBoundaryAspect`	Aspect CDK injector for permissions. Ref: https://docs.aws.amazon.com/cdk/api/v2/docs/aws-cdk-lib.aws_iam.PermissionsBoundary.html	Object with properties: `permissionsBoundaryPolicyName`: `string` `rolePrefix`: `string` (max length: 20) `policyPrefix`: `string` (max length: 20) `instanceProfilePrefix`: `string`
`stackSynthesizer`	Set the stack synthesize type. Ref: https://docs.aws.amazon.com/cdk/api/v2/docs/aws-cdk-lib.StackSynthesizer.html	Native enum: `CliCredentialsStackSynthesizer = 'CliCredentialsStackSynthesizer'` `DefaultStackSynthesizer = 'DefaultStackSynthesizer'` `LegacyStackSynthesizer = 'LegacyStackSynthesizer'`
`litellmConfig`	Core LiteLLM configuration - see https://litellm.vercel.app/docs/proxy/configs#all-settings for more details about each field.	Object with properties: `db_key`: `string` `general_settings`: `any` (nullable) `litellm_settings`: `any` (nullable) `router_settings`: `any` (nullable) `environment_variables`: `any` (nullable)
`convertInlinePoliciesToManaged`	Convert inline policies to managed policies	`boolean`	`false`

All properties are optional.

Minimal Configuration ​

LISA Configuration Schema ​

Config ​

PartialConfig ​

Minimal Configuration

LISA Configuration Schema

Config

PartialConfig