Tour de France MCP

Architecture

How the MCP server and this documentation site are deployed on AWS.

Both the MCP server and this documentation site are provisioned with Terraform in the alex-salisol AWS account, under the andru.codes Route 53 hosted zone.

The MCP server

The server is a small Node process fronted by Caddy for automatic HTTPS.

LayerDetail
ComputeSingle t3.micro EC2 instance (Amazon Linux 2023) with an Elastic IP
TLS / proxyCaddy reverse proxy, Let's Encrypt certificate, :443 → 127.0.0.1:8080
Processsystemd unit running node dist/index.js
DNStour-de-france.andru.codes A record → Elastic IP
CI/CDPush to main → GitHub OIDC → scoped AWS role → SSM Run Command redeploy

No long-lived AWS credentials are stored anywhere: GitHub Actions exchanges its short-lived OIDC token for a role restricted to the repo's main branch, then uses SSM to run the redeploy script on the box. No inbound port is opened for deploys.

This documentation site

The docs are a Fumadocs (Next.js) app exported to static HTML and served from S3 behind CloudFront.

LayerDetail
Buildnext build with output: 'export' → static out/ directory
StoragePrivate S3 bucket, reachable only through CloudFront (Origin Access Control)
CDN / TLSCloudFront distribution with an ACM certificate (us-east-1)
RoutingA CloudFront viewer-request function rewrites clean URLs to /index.html
DNStdf-docs.andru.codes alias record → CloudFront distribution
CI/CDPush to main → GitHub OIDC → aws s3 sync + CloudFront invalidation

The docs infrastructure lives in infra-docs/ and is kept in separate Terraform state from the MCP server (infra/), so deploying one never risks the other.

On this page