Prerequisites¶
Before deploying the New Hires Reporting System, ensure you have the following requirements met.
System Requirements¶
Required Software¶
- Docker: Version 20.10 or later
- Docker Compose: Version 2.0 or later
- AWS CLI: Recommended for ECR authentication (optional but helpful)
System Resources¶
- RAM: Minimum 4 GB (8 GB recommended for production)
- Disk Space: 20 GB minimum
- CPU: 2+ cores recommended
AWS Account and Credentials¶
AWS Bedrock Access (Required for AI Features)¶
The AI-powered correction features require AWS Bedrock with Claude Sonnet 4.5 or Llama 4 Scout models.
Setting Up AWS Bedrock
- AWS Account: Active AWS account with billing enabled
- Bedrock Access: Enable AWS Bedrock in us-east-1 region
- Model Access: Request access to Claude Sonnet 4.5 and/or Llama 4 Scout models
- IAM Credentials: Create IAM user with
bedrock:InvokeModelpermission
Detailed Instructions: See AWS Bedrock Setup Guide
Cost Estimate: - Claude Sonnet 4.5: ~$0.045 per correction job - Llama 4 Scout: ~$0.015 per correction job (budget option)
Supported Models:
| Model | Provider | Speed | Accuracy | Cost | Recommended For |
|---|---|---|---|---|---|
| Claude Sonnet 4.5 | Anthropic | Fast | Excellent | Medium | Production (best accuracy) |
| Llama 4 Scout | Meta | Very Fast | Good | Low | Budget deployments |
Required IAM Policy¶
Your AWS IAM user/role needs this policy attached:
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "BedrockModelInvocation",
"Effect": "Allow",
"Action": [
"bedrock:InvokeModel"
],
"Resource": [
"arn:aws:bedrock:us-east-1::foundation-model/us.anthropic.claude-sonnet-4-5-20250929-v1:0",
"arn:aws:bedrock:us-east-1::foundation-model/us.meta.llama4-scout-17b-instruct-v1:0"
]
}
]
}
Docker Image Access¶
AWS ECR Authentication (Required)¶
The application images are hosted in AWS Elastic Container Registry (ECR).
ECR Access
You'll need to authenticate Docker to pull images from ECR:
aws ecr get-login-password --region us-east-1 | \
docker login --username AWS --password-stdin \
878796852397.dkr.ecr.us-east-1.amazonaws.com
Note: ECR credentials expire after 12 hours. You'll need to re-authenticate periodically.
Network Requirements¶
Outbound Connections¶
The system requires outbound internet access to:
| Service | URL | Port | Purpose |
|---|---|---|---|
| AWS Bedrock API | bedrock-runtime.us-east-1.amazonaws.com |
443 | AI model invocation |
| AWS ECR | *.dkr.ecr.us-east-1.amazonaws.com |
443 | Docker image pull |
Ports¶
The following ports will be used locally:
| Service | Port | Description |
|---|---|---|
| Backend API | 8000 | FastAPI REST API |
| Frontend | 8080 | React + Nginx web interface |
| Database | 5432 | PostgreSQL (internal only) |
Port Conflicts
If ports 8000 or 8080 are already in use, you can change them in docker-compose.prod.yml or use a reverse proxy.
Production Requirements¶
For production deployments, additional considerations:
Optional: Reverse Proxy¶
Recommended for production HTTPS and domain name support:
- Nginx (recommended)
- Caddy (easiest SSL setup)
- Traefik (Docker-native)
- Apache (if already in use)
See Reverse Proxy Setup for configuration.
Optional: SSL Certificate¶
For HTTPS support:
- Let's Encrypt (free, recommended)
- Commercial SSL certificate
- Self-signed certificate (testing only)
See SSL Certificates for setup.
Recommended: Database Backups¶
- Plan for regular PostgreSQL backups
- Consider automated backup scripts (cron jobs)
- Test restore procedures
See Docker Compose Guide for backup commands.
Verification Checklist¶
Before proceeding, verify:
- [ ] Docker installed: Run
docker --version(20.10+) - [ ] Docker Compose installed: Run
docker-compose --version(2.0+) - [ ] AWS account: Active account with Bedrock access
- [ ] Model access: Claude Sonnet 4.5 enabled in us-east-1
- [ ] IAM credentials: Access key and secret key with Bedrock permissions
- [ ] ECR access: Can authenticate to Docker registry
- [ ] Ports available: 8000 and 8080 not in use
- [ ] Outbound internet: Can reach AWS services
Quick Verification Commands¶
# Check Docker
docker --version
docker-compose --version
# Check AWS CLI (if installed)
aws --version
aws sts get-caller-identity # Verify AWS credentials
# Check ports are available
netstat -an | grep -E '8000|8080' # Should return nothing
# Test AWS Bedrock access
aws bedrock list-foundation-models --region us-east-1 --query 'modelSummaries[?contains(modelId, `claude`)].modelId'
Estimated Setup Time¶
- AWS Bedrock Setup: 15-30 minutes (first time)
- Docker Installation: 10-15 minutes (if needed)
- Application Deployment: 10-15 minutes
Total: 30-60 minutes for first-time setup
Next Steps¶
Once all prerequisites are met:
- AWS Bedrock Setup - Configure AWS and get credentials
- Quick Start Guide - Deploy the system
- Environment Variables - Configure your environment
Troubleshooting Prerequisites¶
"Cannot authenticate to ECR"¶
Solution: Ensure AWS credentials are configured:
"Bedrock access denied"¶
Solution:
1. Check model access is enabled in AWS Bedrock console
2. Verify IAM policy includes bedrock:InvokeModel permission
3. Confirm correct AWS region (us-east-1)
"Ports already in use"¶
Solution:
# Find what's using the ports
sudo lsof -i :8000
sudo lsof -i :8080
# Stop the conflicting service or choose different ports in docker-compose.prod.yml
Need Help?¶
- AWS Bedrock Issues: See AWS Bedrock Setup
- Docker Issues: See Docker Problems
- General Issues: See Common Issues