OpenWebUI + LiteLLM on AWS (llmao-aws)
A production-ready, single-EC2 architecture that deploys OpenWebUI and LiteLLM behind Caddy (automatic HTTPS), fully provisioned by Terraform with Route 53 DNS, IAM, and S3 backup lifecycle. Includes SSM Documents for remote management (no SSH), ARM64-optimized images, and scripts for updates, redeploys, volume backup/restore, and observability.
Technologies Used
Terraform
AWS EC2 (t4g.medium)
AWS SSM
AWS S3
AWS Route 53
Docker Compose
Caddy
OpenWebUI
LiteLLM
Ubuntu 24.04 (arm64)
Challenges
- Automate end-to-end provisioning with safe defaults and no SSH exposure
- Provide operational controls (restart, update, logs) without instance login
- Implement secure backup/restore for Docker volumes with minimal disk usage
- Keep costs reasonable and footprint simple while staying production-focused
Solutions
- Terraform for EC2, IAM, EIP, Route 53, S3 backups, and SSM Documents
- Session Manager (SSM) based management; custom SSM Document llm-app-management
- Streaming tar to S3 for backups (no local temp files); lifecycle rules (IA/Glacier/expiration)
- Caddy for TLS/HTTPS; ARM64 images for EC2 Graviton (t4g.medium) cost/perf
Outcomes
- Fully reproducible infra and zero-SSH operational flows
- Simple one-node deployment with strong isolation and least-privilege IAM
- Fast redeploy/update scripts with minimal downtime
- Clear monitoring hooks and health checks via Docker
Technical Highlights
- Terraform S3 backend with DynamoDB lock; parameterized repo (public/private)
- SSM Document calling scripts for status/update/restart/redeploy/logs
- EIP + A record in Route 53; Caddy handles ACME/Let’s Encrypt
- Docker Compose services: openwebui, litellm, caddy; ARM64 images
- S3 lifecycle: versioning, transitions (STANDARD_IA → GLACIER), 1-year retention