Minimal Configuration

Configurations for LISA are split into 2 configuration files, base and custom. The base configuration contains the recommended properties that can be overridden with the custom properties file. The custom configuration should contain the minimal properties required to deploy LISA, and any optional properties or overrides. This file should be created at the root of your project (./config-custom.yaml) and needs to contain the following properties:

yaml

accountNumber:
region:
s3BucketModels:
authConfig:
  authority:
  clientId:
  adminGroup:
  jwtGroupsProperty:

LISA Configuration Schema

Config

Raw application configuration schema.

Object containing the following properties:

Property	Description	Type	Default
`appName`	Name of the application.	`string`	`'lisa'`
`profile`	AWS CLI profile for deployment.	`string` (nullable)
`deploymentName`	Name of the deployment.	`string`	`'prod'`
`accountNumber` (*)	AWS account number for deployment. Must be 12 digits.	`number \| string`
`region` (*)	AWS region for deployment.	`string`
`restApiConfig` (*)	Configuration schema for REST API.	Object with properties: `internetFacing`: `boolean` - Whether the REST API ALB will be configured as internet facing. `domainName`: `string` (nullable) `sslCertIamArn`: `string` (nullable) - ARN of the self-signed cert to be used throughout the system `rdsConfig`: Object with properties: `username`: `string` - Database username. `passwordSecretId`: `string` - SecretsManager Secret ID that stores an existing database password. `dbHost`: `string` - Database hostname for existing database instance. `dbName`: `string` - Database name for existing database instance. `dbPort`: `number` - Port to open on the database instance.
`vpcId`	VPC ID for the application. (e.g. vpc-0123456789abcdef)	`string`
`subnets`	Array of subnet objects for the application. These contain a subnetId(e.g. [subnet-fedcba9876543210] and ipv4CidrBlock	Array of objects: `subnetId`: `string` (startsWith: subnet-) `ipv4CidrBlock`: `string`
`securityGroupConfig`	Security Group Overrides used across stacks.	SecurityGroupConfig
`deploymentStage`	Deployment stage for the application.	`string`	`'prod'`
`removalPolicy`	Removal policy for resources (destroy or retain).	`'destroy' \| 'retain'`	`'destroy'`
`runCdkNag`	Whether to run CDK Nag checks.	`boolean`	`false`
`privateEndpoints`	Whether to use privateEndpoints for REST API.	`boolean`	`false`
`s3BucketModels` (*)	S3 bucket for models.	`string`
`mountS3DebUrl` (*)	URL for S3-mounted Debian package.	`string`
`accountNumbersEcr`	List of AWS account numbers for ECR repositories.	`Array<number \| string>`
`deployRag`	Whether to deploy RAG stacks.	`boolean`	`true`
`deployChat`	Whether to deploy chat stacks.	`boolean`	`true`
`deployDocs`	Whether to deploy docs stacks.	`boolean`	`true`
`deployUi`	Whether to deploy UI stacks.	`boolean`	`true`
`logLevel`	Log level for application.	`'DEBUG' \| 'INFO' \| 'WARNING' \| 'ERROR'`	`'DEBUG'`
`authConfig`	Authorization configuration.	Object with properties: `authority`: `string` - URL of OIDC authority. `clientId`: `string` - Client ID for OIDC IDP . `adminGroup`: `string` - Name of the admin group. `jwtGroupsProperty`: `string` - Name of the JWT groups property. `additionalScopes`: `Array<string>` - Additional JWT scopes to request.
`pypiConfig`	Pypi configuration.	Object with properties: `indexUrl`: `string` - URL for the pypi index. `trustedHost`: `string` - Trusted host for pypi.	`{"indexUrl":"","trustedHost":""}`
`condaUrl`	Conda URL configuration	`string`	`''`
`certificateAuthorityBundle`	Certificate Authority Bundle file	`string`	`''`
`ragRepositories`	Rag Repository configuration.	Array of objects: `repositoryId`: `string` `type`: Native enum: `OPENSEARCH = 'opensearch'` `PGVECTOR = 'pgvector'` `opensearchConfig`: Object with properties: `endpoint`: `string` or Object with properties: `dataNodes`: `number` (≥1) `dataNodeInstanceType`: `string` `masterNodes`: `number` (≥0) `masterNodeInstanceType`: `string` `volumeSize`: `number` (≥10) `multiAzWithStandby`: `boolean` `rdsConfig`: Object with properties: `username`: `string` - Database username. `passwordSecretId`: `string` - SecretsManager Secret ID that stores an existing database password. `dbHost`: `string` - Database hostname for existing database instance. `dbName`: `string` - Database name for existing database instance. `dbPort`: `number` - Port to open on the database instance. - Configuration schema for RDS Instances needed for LiteLLM scaling or PGVector RAG operations. The optional fields can be omitted to create a new database instance, otherwise fill in all fields to use an existing database instance. `pipelines`: Array of objects: `chunkOverlap`: `number` `chunkSize`: `number` `embeddingModel`: `string` `s3Bucket`: `string` `s3Prefix`: `string` `trigger`: `'daily' \| 'event'` `collectionName`: `string` - Rag ingestion pipeline for automated inclusion into a vector store from S3	`[]`
`ragFileProcessingConfig`	Rag file processing configuration.	Object with properties: `chunkSize`: `number` (≥100, ≤10000) `chunkOverlap`: `number` (≥0)
`ecsModels`	Array of ECS model configurations.	Array of objects: `modelName`: `string` - Name of the model. `baseImage`: `string` - Base image for the container. `inferenceContainer`: `'tgi' \| 'tei' \| 'instructor' \| 'vllm'` - Prebuilt inference container for serving model.
`apiGatewayConfig`	Configuration schema for API Gateway Endpoint	Object with properties: `domainName`: `string` (nullable) - Custom domain name for API Gateway Endpoint
`nvmeHostMountPath`	Host path for NVMe drives.	`string`	`'/nvme'`
`nvmeContainerMountPath`	Container path for NVMe drives.	`string`	`'/nvme'`
`tags`	Array of key-value pairs for tagging.	Array of objects: `Key`: `string` `Value`: `string`
`deploymentPrefix`	Prefix for deployment resources.	`string`
`webAppAssetsPath`	Optional path to precompiled webapp assets. If not specified the web application will be built at deploy time.	`string`
`lambdaLayerAssets`	Configuration for local Lambda layer code	Object with properties: `authorizerLayerPath`: `string` - Lambda Authorizer code path `commonLayerPath`: `string` - Lambda common layer code path `fastapiLayerPath`: `string` - Lambda API code path `ragLayerPath`: `string` - Lambda RAG layer code path `sdkLayerPath`: `string` - Lambda SDK layer code path
`permissionsBoundaryAspect`	Aspect CDK injector for permissions. Ref: https://docs.aws.amazon.com/cdk/api/v2/docs/aws-cdk-lib.aws_iam.PermissionsBoundary.html	Object with properties: `permissionsBoundaryPolicyName`: `string` `rolePrefix`: `string` (max length: 20) `policyPrefix`: `string` (max length: 20) `instanceProfilePrefix`: `string`
`stackSynthesizer`	Set the stack synthesize type. Ref: https://docs.aws.amazon.com/cdk/api/v2/docs/aws-cdk-lib.StackSynthesizer.html	Native enum: `CliCredentialsStackSynthesizer = 'CliCredentialsStackSynthesizer'` `DefaultStackSynthesizer = 'DefaultStackSynthesizer'` `LegacyStackSynthesizer = 'LegacyStackSynthesizer'`
`litellmConfig` (*)	Core LiteLLM configuration - see https://litellm.vercel.app/docs/proxy/configs#all-settings for more details about each field.	Object with properties: `db_key`: `string` `general_settings`: `any` (nullable) `litellm_settings`: `any` (nullable) `router_settings`: `any` (nullable) `environment_variables`: `any` (nullable)
`convertInlinePoliciesToManaged`	Convert inline policies to managed policies	`boolean`	`false`

(*) Required.

SecurityGroupConfig

Security Group Overrides used across stacks.

Object containing the following properties:

Property	Type
`modelSecurityGroupId` (*)	`string` (startsWith: sg-)
`restAlbSecurityGroupId` (*)	`string` (startsWith: sg-)
`lambdaSecurityGroupId` (*)	`string` (startsWith: sg-)
`liteLlmDbSecurityGroupId` (*)	`string` (startsWith: sg-)
`openSearchSecurityGroupId`	`string` (startsWith: sg-)
`pgVectorSecurityGroupId`	`string` (startsWith: sg-)

(*) Required.

Minimal Configuration ​

LISA Configuration Schema ​

Config ​

SecurityGroupConfig ​

Minimal Configuration

LISA Configuration Schema

Config

SecurityGroupConfig