ASTROSCALE / INTEGRATION GUIDES

Build once.
Deploy deliberately.

Everything required to turn a Docker-ready repository into an AWS application, whether you bring your own account or use Astroscale managed infrastructure.

01 / BYO AWS

Keep your account

Run the onboarding stack, authorize a regional GitHub connection, and let AWS bill you directly. This is free in private beta.

Connect AWS →
02 / MANAGED AWS

Skip account setup

Add a payment method through Stripe-hosted Checkout. Astroscale then exposes its managed deployment account to your organization.

Set up billing →
03 / AGENT ACCESS

Operate by intent

Connect Codex or Claude to the authenticated MCP endpoint so an agent can read the deployment contract and manage apps.

Connect an agent →

01 / YOUR AWS ACCOUNT

Connect AWS safely.

Astroscale never asks for an access key. It assumes one purpose-built role with an external ID and can touch only resources it creates and tags.

  1. 01
    Choose the deployment Region

    Use one of the supported Regions: us-east-1, us-east-2, or us-west-2. Your GitHub CodeConnection and every app in this account must use the same Region.

  2. 02
    Create and activate a GitHub CodeConnection

    In the AWS console, open Developer Tools → Settings → Connections, choose Create connection, select GitHub, then complete Connect to GitHub. Do not continue until status says Available. Public repositories still need an available connection because CodeBuild uses it for source access.

  3. 03
    Generate the onboarding stack

    In Astroscale, open AWS accounts, paste the connection ARN, and copy the generated CloudFormation template and parameters. Create the stack in the same AWS account.

  4. 04
    Wait for CREATE_COMPLETE

    Copy the stack's DeployerRoleArn output into Astroscale. The control plane verifies the role and locks the account to the connection Region before accepting deployments.

Common blocker

A connection in Pending or Unavailable cannot build source. Return to AWS Connections, complete the GitHub authorization, and confirm it reads Available.

02 / YOUR REPOSITORY

Meet the deployment contract.

Astroscale builds the repository root as a Linux/amd64 Docker image, stores it in ECR, and runs it behind a managed Caddy TLS proxy.

Required

A root-level Dockerfile. The repository root is the Docker build context.

Listen

Bind the application to 0.0.0.0:PORT, then set the matching container port in the app wizard.

Health

Return a 2xx response from /. Astroscale waits for DNS and HTTPS before declaring the deployment healthy.

Runtime

The container runs as UID 65534 on a read-only filesystem without Linux capabilities. Do not require root or runtime writes.

Networking

Do not publish a host port. TLS terminates at Caddy, which reaches your container over its internal Docker network.

The first healthy bootstrap automatically deploys the configured branch once. Later pushes can deploy through the GitHub webhook, console, or MCP.

03 / MANAGED AWS

Use Astroscale's AWS account.

This path is optional. BYO AWS remains available without billing setup.

  1. 01
    Open Billing as an organization admin

    Select Add payment method. Stripe-hosted Checkout collects payment data; Astroscale never receives card details.

  2. 02
    Wait for confirmation

    After Stripe verifies the setup, the managed account appears in the application wizard.

  3. 03
    Review invoices

    Managed-account invoices are issued monthly on the fifth and are available in Billing. Stripe Tax calculates applicable tax.

Payment policy

A failed payment blocks new managed deployments, starts, and restarts. Running managed apps stop after a seven-day grace period. Apps in your own AWS account are unaffected.

04 / MCP

Give your agent the contract.

The public MCP endpoint is authenticated with your Astroscale user identity, not a long-lived AWS credential.

$ codex mcp add astroscale --url https://mcp.astroscale.dev/mcp
$ codex mcp login astroscale

Agents can inspect the required deployment contract before building, then create apps, deploy branches, read logs, inspect costs, and operate lifecycle controls through the same authorization model as the console.

Read the full MCP guide ↗

NEED ACCESS?

Private beta is intentionally small.

Request access from the Astroscale home page. Existing users can open Mission Control directly.

Request beta access →Open console ↗