This deployment provides Open WebUI powered by stdapi.ai, with chat, multimodal generation, speech, web search, scraping, and RAG capabilities enabled out of the box.
See full documentation: Open WebUI Use Case Guide
This sample keeps most Open WebUI settings at their defaults, and explicitly configures the following:
- Model provider: stdapi.ai exposed as an OpenAI-compatible API backend
- Default models: Amazon Bedrock models for chat and tasks (Claude, Mistral, Qwen, etc.)
- Image features: image generation and editing via Bedrock (using Stability AI models)
- Speech: STT (AWS Transcribe) and TTS (AWS Polly)
- Web search & scraping: SearXNG and Playwright
- RAG storage: Aurora PostgreSQL with pgvector and Cohere embedding models
- Cache & files: ElastiCache Valkey and S3
- Security: KMS encryption for storage and databases
- Offline mode: Open WebUI is configured to only use stdapi.ai, Bedrock, and AWS services
- AWS Marketplace Subscription: Subscribe to stdapi.ai - 14-day free trial
- Terraform or OpenTofu: Install Terraform or OpenTofu >= 1.5
- Docker or Podman: Install Docker Desktop or Docker Engine. On Fedora, Podman is supported via the Docker provider socket. Required to build & copy container images to ECR
- AWS CLI: Install AWS CLI v2 - Required for PostgreSQL database initialization via RDS Data API
- AWS Credentials: Configure your credentials
aws sso login --profile your-profile
⚠️ Requires AWS administrator permissions. This stack provisions IAM roles and policies, KMS keys, ECS/Fargate, ALB, Aurora PostgreSQL, ElastiCache Valkey, ECR, S3, and networking. A restricted developer profile will fail duringterraform apply.Strongly recommended: deploy into a sandbox / non-production AWS account first to evaluate the stack, then replicate into your target account with scoped-down principals once you've validated it.
Before running terraform apply, confirm your active AWS identity and region
(the AWS provider reads them from your environment, not from a Terraform variable):
aws sts get-caller-identity
aws configure get regionIf you use Podman (common on Fedora), set the Docker provider socket in your terraform.tfvars:
docker_host = "unix:///var/run/user/1000/podman/podman.sock"git clone https://github.com/stdapi-ai/samples.git
cd samples/getting_started_openwebuiNo git? Download the ZIP instead
curl -L https://github.com/stdapi-ai/samples/archive/refs/heads/main.zip -o samples.zip
unzip samples.zip
cd samples-main/getting_started_openwebuicd terraform
terraform init
terraform applyAfter deployment (wait 15-30 minutes for services to be ready):
# Get the Open WebUI URL
terraform output openwebui_urlOpen the URL in your browser and create your first admin account.
flowchart LR
Browser["🌐 Browser"] --> ALB["⚖️ ALB"] --> Open_WebUI["💬 Open WebUI<br/>(ECS Fargate)"]
Open_WebUI --> Stdapi["🤖 stdapi.ai<br/>(ECS Fargate)"]
Open_WebUI --> Playwright["🎭 Playwright Browser<br/>(ECS Fargate)"]
Open_WebUI --> Aurora["🗄️ Aurora PostgreSQL + pgvector"]
Open_WebUI --> SearXNG["🔍 SearXNG Web Search<br/>(ECS Fargate)"]
Open_WebUI --> Valkey["⚡ Valkey<br/>(AWS ElastiCache)"]
Open_WebUI --> S3["🪣 S3 Bucket"]
SearXNG --> Valkey
Stdapi --> Bedrock["🤖 Amazon Bedrock"]
Stdapi --> S3
Stdapi --> AIServices["🎙️ AWS AI Services<br/>(Polly, Transcribe, ...)"]
Access is restricted to your current IP address:
- Your public IP is automatically detected during deployment
- If your IP changes, run
terraform applyto update access
To configure your AWS regions and compliance/sovereignty, edit terraform/main.tf and
adjust it to your EU or US configuration.
The default models used in this deployment are pre-configured in terraform/openwebui.tf. When selecting models for your deployment, consider:
- Your needs: Choose models based on your primary use case (chat, coding, embeddings, image generation, etc.)
- Regional availability: Not all models are available in all AWS regions. Check AWS Bedrock Models for your region
- Cost: Model pricing varies significantly; evaluate your workload and select the most cost-effective option
To customize models, edit terraform/openwebui.tf and update the corresponding environment variables:
TASK_MODEL_EXTERNAL— chat and task completion (default:amazon.nova-micro-v1:0)RAG_EMBEDDING_MODEL— text embeddings for RAG (default:cohere.embed-v4:0)IMAGE_GENERATION_MODEL&IMAGE_EDIT_MODEL— image generation and editing (default:stability.stable-image-core-v1:1)AUDIO_STT_MODEL— speech-to-text (default:amazon.transcribe)AUDIO_TTS_MODEL— text-to-speech (default:amazon.polly-neural)
Note: Amazon Nova Canvas has been deprecated. Use stability.stable-image-core-v1:1 for image generation and editing instead.
For more details, see the Open WebUI documentation.
To enable optional features beyond model configuration, edit terraform/openwebui.tf and adjust the corresponding
variables based on the Open WebUI documentation.
This sample uses the default load balancer endpoint with HTTP. To enable HTTPS on
a custom domain, set alb_domain_name and alb_route53_zone_name.
Recommended: create a terraform.tfvars file (auto-loaded) to manage these values, for example:
alb_domain_name = "chat.example.com"
alb_route53_zone_name = "example.com"Open WebUI supports SSO and advanced authentication methods. This can be configured with AWS Cognito or other identity providers.
This sample uses the minimum Aurora and ElastiCache instance sizes for cost. For production, increase the instance class and add readers or Multi-AZ configuration to enable high availability.
This sample uses ECS with service discovery to enable communication between microservices. "Service discovery" uses DNS and round-robin to distribute requests between microservices. This approach is cost-effective and simple. Using ECS Service Connect or an Application Load Balancer instead can provide better performance and fault tolerance.
To delete all resources and stop incurring charges:
cd terraform
terraform destroyNote: This will permanently delete all resources including S3 buckets, databases, and data.
- Terraform/OpenTofu >= 1.5
- stdapi.ai Terraform module ~> 1.0
- AWS Provider >= 5.0
- Open WebUI Use Case Guide - Complete documentation
- Open WebUI Documentation
- stdapi.ai Configuration Guide
- Terraform Module Documentation
- AWS Bedrock Models
If you encounter errors, try re-running terraform apply.
The ElastiCache Valkey cache may fail on creation. This issue occurs if there is no available capacity in the availability zone:
╷
│ Error: waiting for ElastiCache Replication Group (arn:aws:elasticache:region:account-id:replicationgroup:stdapiai-valkey) create: unexpected state 'create-failed', wanted target 'available'
│
│ with aws_elasticache_replication_group.valkey,
│ on valkey.tf line 19, in resource "aws_elasticache_replication_group" "valkey":
│ 19: resource "aws_elasticache_replication_group" "valkey" {
│
╵The solution is to remove the failed Valkey cache from the ElastiCache console and re-run terraform apply to retry.
When deleting the cache, disable backups, then wait until the full deletion is complete before running terraform apply.
If the issue persists, you can try changing the node_type in valkey.tf (for example, from "cache.t4g.micro" to "cache.t3.micro") before retrying.
terraform applyfails with AccessDenied — your AWS profile lacks administrator permissions. See Prerequisites above.- Docker/Podman build or push errors — verify the Docker provider socket (
docker_hostinterraform.tfvars) and thataws ecr get-login-passwordworks with your profile. - Open WebUI loads but model list is empty — the stdapi.ai service behind it may still be starting; wait 2–3 minutes and refresh.
503 Service Unavailable— ECS tasks are still starting; health checks take a few minutes.
Full troubleshooting guide: https://stdapi.ai/operations_troubleshooting/