Rockport
Self-hosted LLM proxy for AWS Bedrock
Rockport is a self-hosted LiteLLM proxy running on a single EC2 instance behind a Cloudflare Tunnel. It gives me a single endpoint for text, image, and video generation through AWS Bedrock, with per-key budgets so I can hand out API keys without worrying about the bill. The whole thing is Terraform-managed and costs next to nothing when idle. The blog post covers the architecture, security model, and what came out of a Claude Code security review.
# What it provides
Text generation with nine chat models: Claude Opus, Sonnet 4.6, and Haiku 4.5, DeepSeek V3.2, Qwen3-Coder-480B, Kimi K2.5, and three Amazon Nova models (Pro, Lite, Micro). Aliases keep older Claude Code configs working when Anthropic releases new model versions.
Image generation with five models: Amazon Nova Canvas, Titan Image Generator V2, Stable Diffusion 3.5 Large, Stable Image Ultra, and Stable Image Core.
Image editing with thirteen Stability AI operations through LiteLLM: structure control, sketch-to-image, style transfer, background removal, inpainting, erasure, search-and-replace, search-and-recolor, style guide, outpainting, and three levels of upscaling (conservative, creative, fast). A FastAPI sidecar adds three more Nova Canvas operations: image variations, background removal, and outpainting.
Video generation with two models through the sidecar: Nova Reel (1280x720, 6 to 120 seconds, multi-shot sequences up to 20 shots, $0.08/sec) and Luma Ray2 (540p or 720p, 5 or 9 seconds, flexible aspect ratios, $0.75-1.50/sec). Both support image-to-video.
# Infrastructure
- Per-key daily budgets with RPM/TPM rate limiting and optional model restrictions
- Cloudflare Tunnel with zero-ingress security group
- Cloudflare Access + WAF path allowlisting at the edge
- Auto-stop after 30 minutes idle, one command to restart
- Admin CLI for key management, spend monitoring, and instance lifecycle
- Daily EBS snapshots with password recovery from SSM
- CloudTrail audit logging with 90-day retention
- CI with Gitleaks, ShellCheck, Trivy, Checkov, and 35 smoke tests on every deploy
# Tech Stack
# Security model
No inbound network access. The security group has zero ingress rules. All traffic comes through Cloudflare's edge, which requires a valid service token (Cloudflare Access) and only allows specific API paths through (WAF). All three services bind to localhost. Every service runs under systemd with hardening directives: read-only filesystem, no capabilities, memory caps, restricted syscalls. IMDSv2 is enforced with a hop limit of 1. Secrets live in SSM Parameter Store.
# Development approach
I used SpecKit to plan the architecture, data flow, security posture, and feature set before writing any code. Claude Code with Anton Babenko's terraform-skill handled the implementation.