Rockport
Self-hosted LLM proxy for AWS Bedrock
Rockport is a self-hosted LiteLLM proxy running on a single EC2 instance behind a Cloudflare Tunnel. It gives me a single endpoint for text, image, and video generation through AWS Bedrock, with per-key budgets so I can hand out API keys without worrying about the bill. The whole thing is Terraform-managed and costs next to nothing when idle. The blog post covers the architecture, security model, and what came out of a Claude Code security review.
What it provides
Text generation with nine chat models: Claude Opus, Sonnet 4.6, and Haiku 4.5, DeepSeek V3.2, Qwen3-Coder-480B, Kimi K2.5, and three Amazon Nova models (Pro, Lite, Micro). Aliases keep older Claude Code configs working when Anthropic releases new model versions.
Image generation with five models: Amazon Nova Canvas, Titan Image Generator V2, Stable Diffusion 3.5 Large, Stable Image Ultra, and Stable Image Core.
Image editing with thirteen Stability AI operations through LiteLLM: structure control, sketch-to-image, style transfer, background removal, inpainting, erasure, search-and-replace, search-and-recolor, style guide, outpainting, and three levels of upscaling (conservative, creative, fast). A FastAPI sidecar adds three more Nova Canvas operations: image variations, background removal, and outpainting.
Video generation with two models through the sidecar: Nova Reel (1280x720, 6 to 120 seconds, multi-shot sequences up to 20 shots, $0.08/sec) and Luma Ray2 (540p or 720p, 5 or 9 seconds, flexible aspect ratios, $0.75-1.50/sec). Both support image-to-video.
Infrastructure
- Per-key daily budgets with RPM/TPM rate limiting and optional model restrictions
- Cloudflare Tunnel with zero-ingress security group
- Cloudflare Access + WAF path allowlisting at the edge
- Auto-stop after 30 minutes idle, one command to restart
- Admin CLI for key management, spend monitoring, and instance lifecycle
- Daily EBS snapshots with password recovery from SSM
- CloudTrail audit logging with 90-day retention
- CI with Gitleaks, ShellCheck, Trivy, Checkov, and 35 smoke tests on every deploy
Tech Stack
Security model
No inbound network access. The security group has zero ingress rules. All traffic comes through Cloudflare's edge, which requires a valid service token (Cloudflare Access) and only allows specific API paths through (WAF). All three services bind to localhost. Every service runs under systemd with hardening directives: read-only filesystem, no capabilities, memory caps, restricted syscalls. IMDSv2 is enforced with a hop limit of 1. Secrets live in SSM Parameter Store.
Development approach
I used SpecKit to plan the architecture, data flow, security posture, and feature set before writing any code. Claude Code with Anton Babenko's terraform-skill handled the implementation.