Summary

Add an AWS CDK (TypeScript) deployment option for the MCP Gateway Registry alongside the existing Terraform deployment, so AWS-native customers can integrate the Registry into their existing CDK projects, pipelines, and shared constructs without leaving their IaC ecosystem.

Motivation

Many AWS-shop teams standardize on CDK for their internal platform, application stacks, and shared library of L3 constructs. Today, deploying the MCP Gateway Registry on AWS requires Terraform, which adds an out-of-band IaC tool, a separate state backend, and a parallel review/CI pipeline. A native CDK option lets these teams:

• Compose the Registry into existing CDK apps (single cdk deploy)
• Reuse their internal CDK constructs for tagging, naming, IAM, and cross-account wiring
• Keep one deployment toolchain, one pipeline, and one review surface

Compute platform

ECS Fargate, mirroring the existing Terraform deployment. No EKS / Kubernetes dependency.

Scope

• CDK app under infra/ with one stack per concern (Network, Data, Auth, Service, Ops, CDN, Build) and reusable L3 constructs
• Parity with the Terraform deployment for VPC layout, ECS services, EFS, secrets, IAM, observability, secret rotation, CloudFront, and WAF
• DocumentDB as the storage backend (no scopes.yml dependency; scopes are seeded into DocumentDB)
• deploy.sh lifecycle script and post-deploy.sh automation for Keycloak realm/client setup
• Documentation: architecture overview, deployment guide, troubleshooting

Out of scope

• Replacing the Terraform deployment (both will be supported)
• EKS / Kubernetes deployments (the Helm chart already covers Kubernetes)

Acceptance criteria

• cdk synth produces valid CloudFormation for all stacks
• cdk deploy --all provisions a working Registry against a fresh AWS account
• cdk destroy --all cleanly tears everything down
• Parameter parity is maintained with Docker Compose, Helm, and Terraform (tracked via docs/unified-parameter-reference.md)