Canadian Data Residency on a $35/mo Budget

When building MealPal, I had a non-negotiable requirement: all user data stays in Canada. Here’s how I achieved full Canadian data residency on AWS for about $35/month.

The Constraint

Canadian health data has strict residency requirements. Even for a personal project, I wanted to build the habit of treating data sovereignty seriously — it’s a differentiator for Canadian startups.

The Architecture

Everything runs in ca-central-1 (Montreal):

EC2 t4g.micro ($6.57/mo) — ARM-based compute running Docker Compose
RDS db.t4g.micro ($13.39/mo) — PostgreSQL with pgvector for RAG embeddings
S3 (~$0.50/mo) — meal image storage
Amplify (~$0/mo) — React frontend hosting (free tier)
Data transfer (~$2-5/mo) — varies with usage

Total: ~$35-38/month

Key Decisions

Why Not Serverless?

Lambda + API Gateway would cost more at our usage patterns, and we needed:

WebSocket-like SSE streaming for chat
Persistent pgvector connections
Docker Compose for local dev parity

Why t4g.micro?

ARM (Graviton2) instances are ~20% cheaper than x86 equivalents. The t4g.micro gives us 2 vCPUs and 1GB RAM with burstable performance — plenty for a small-scale app.

Why Self-Hosted Auth?

Clerk, Auth0, and other auth providers often process data in the US. Better-Auth runs in our own Docker container, storing auth data in our Canadian RDS instance.

The Trade-offs

No CDN — Amplify serves the frontend, but API calls go direct to EC2. Fine for Canadian users, slower for international.
Single AZ — for cost, we run in one availability zone. Acceptable for a pre-launch product.
Manual scaling — no auto-scaling group. If we need to scale, we upgrade the instance.

What I Learned

Data residency is a feature, not a constraint — Canadian companies increasingly require it
ARM instances are underrated — cheaper and plenty fast for web workloads
Self-hosted auth is worth it — full control, no vendor lock-in, and data stays where you want it