diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml
index 6d885cdc..7e7a3023 100644
--- a/.pre-commit-config.yaml
+++ b/.pre-commit-config.yaml
@@ -42,7 +42,7 @@ repos:
         # and which break the standard YAML check.  The alternative would be to
         # skip any unsafe errors (and thus break YAML compatibility) or use
         # some other checker that may not work in general.
-        exclude: "^copilot/web/addons/.*$"
+        exclude: "^copilot/.*/addons/.*$"
       - id: check-json
       - id: check-case-conflict
       - id: detect-private-key
diff --git a/copilot/api/manifest.yml b/copilot/api/manifest.yml
new file mode 100644
index 00000000..b9262b51
--- /dev/null
+++ b/copilot/api/manifest.yml
@@ -0,0 +1,38 @@
+# The manifest for the "api" service.
+# Read the full specification for the "Load Balanced Web Service" type at:
+#  https://aws.github.io/copilot-cli/docs/manifest/lb-web-service/
+
+name: api
+type: Load Balanced Web Service
+
+http:
+  path: "/"
+  healthcheck:
+    path: "/docs"
+
+image:
+  build:
+    dockerfile: docker/Dockerfile.backend
+    context: ./
+  port: 8080
+
+cpu: 256
+memory: 512
+platform: linux/x86_64
+count: 1
+exec: true
+network:
+  connect: true
+
+environments:
+  staging:
+    variables:
+      # Note: this has to be a valid JSON list for Pydantic to parse it.
+      BACKEND_CORS_ORIGINS: '["https://web.staging.open-assistant.surfacedata.org"]'
+      DEBUG_ALLOW_ANY_API_KEY: True
+      DEBUG_SKIP_API_KEY_CHECK: True
+      MAX_WORKERS: 1
+
+secrets:
+  # Note: URI, not URL.
+  DATABASE_URI: /copilot/${COPILOT_APPLICATION_NAME}/${COPILOT_ENVIRONMENT_NAME}/secrets/API_DATABASE_URL
diff --git a/copilot/web/addons/web-cluster.yml b/copilot/web/addons/web-cluster.yml
deleted file mode 100644
index c7a337bf..00000000
--- a/copilot/web/addons/web-cluster.yml
+++ /dev/null
@@ -1,161 +0,0 @@
-Parameters:
-  App:
-    Type: String
-    Description: Your application's name.
-  Env:
-    Type: String
-    Description:
-      The environment name your service, job, or workflow is being deployed to.
-  Name:
-    Type: String
-    Description: The name of the service, job, or workflow being deployed.
-  # Customize your Aurora Serverless cluster by setting the default value of the following parameters.
-  webclusterDBName:
-    Type: String
-    Description:
-      The name of the initial database to be created in the Aurora Serverless v2
-      cluster.
-    Default: oassist_web
-    # Cannot have special characters
-    # Naming constraints: https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/CHAP_Limits.html#RDS_Limits.Constraints
-Mappings:
-  webclusterEnvScalingConfigurationMap:
-    staging:
-      "DBMinCapacity": 0.5 # AllowedValues: from 0.5 through 128
-      "DBMaxCapacity": 8 # AllowedValues: from 0.5 through 128
-
-    All:
-      "DBMinCapacity": 0.5 # AllowedValues: from 0.5 through 128
-      "DBMaxCapacity": 8 # AllowedValues: from 0.5 through 128
-
-Resources:
-  webclusterDBSubnetGroup:
-    Type: "AWS::RDS::DBSubnetGroup"
-    Properties:
-      DBSubnetGroupDescription:
-        Group of Copilot private subnets for Aurora Serverless v2 cluster.
-      SubnetIds:
-        !Split [",", { "Fn::ImportValue": !Sub "${App}-${Env}-PrivateSubnets" }]
-  webclusterSecurityGroup:
-    Metadata:
-      "aws:copilot:description":
-        "A security group for your workload to access the Aurora Serverless v2
-        cluster webcluster"
-    Type: "AWS::EC2::SecurityGroup"
-    Properties:
-      GroupDescription:
-        !Sub "The Security Group for ${Name} to access Aurora Serverless v2
-        cluster webcluster."
-      VpcId:
-        Fn::ImportValue: !Sub "${App}-${Env}-VpcId"
-      Tags:
-        - Key: Name
-          Value: !Sub "copilot-${App}-${Env}-${Name}-Aurora"
-  webclusterDBClusterSecurityGroup:
-    Metadata:
-      "aws:copilot:description":
-        "A security group for your Aurora Serverless v2 cluster webcluster"
-    Type: AWS::EC2::SecurityGroup
-    Properties:
-      GroupDescription: The Security Group for the Aurora Serverless v2 cluster.
-      SecurityGroupIngress:
-        - ToPort: 5432
-          FromPort: 5432
-          IpProtocol: tcp
-          Description:
-            !Sub "From the Aurora Security Group of the workload ${Name}."
-          SourceSecurityGroupId: !Ref webclusterSecurityGroup
-      VpcId:
-        Fn::ImportValue: !Sub "${App}-${Env}-VpcId"
-  webclusterAuroraSecret:
-    Metadata:
-      "aws:copilot:description":
-        "A Secrets Manager secret to store your DB credentials"
-    Type: AWS::SecretsManager::Secret
-    Properties:
-      Description: !Sub Aurora main user secret for ${AWS::StackName}
-      GenerateSecretString:
-        SecretStringTemplate: '{"username": "postgres"}'
-        GenerateStringKey: "password"
-        ExcludePunctuation: true
-        IncludeSpace: false
-        PasswordLength: 16
-  webclusterDBClusterParameterGroup:
-    Metadata:
-      "aws:copilot:description":
-        "A DB parameter group for engine configuration values"
-    Type: "AWS::RDS::DBClusterParameterGroup"
-    Properties:
-      Description: !Ref "AWS::StackName"
-      Family: "aurora-postgresql14"
-      Parameters:
-        client_encoding: "UTF8"
-  webclusterDBCluster:
-    Metadata:
-      "aws:copilot:description":
-        "The webcluster Aurora Serverless v2 database cluster"
-    Type: "AWS::RDS::DBCluster"
-    Properties:
-      MasterUsername:
-        !Join [
-          "",
-          [
-            "{{resolve:secretsmanager:",
-            !Ref webclusterAuroraSecret,
-            ":SecretString:username}}",
-          ],
-        ]
-      MasterUserPassword:
-        !Join [
-          "",
-          [
-            "{{resolve:secretsmanager:",
-            !Ref webclusterAuroraSecret,
-            ":SecretString:password}}",
-          ],
-        ]
-      DatabaseName: !Ref webclusterDBName
-      Engine: "aurora-postgresql"
-      EngineVersion: "14.4"
-      DBClusterParameterGroupName: !Ref webclusterDBClusterParameterGroup
-      DBSubnetGroupName: !Ref webclusterDBSubnetGroup
-      Port: 5432
-      VpcSecurityGroupIds:
-        - !Ref webclusterDBClusterSecurityGroup
-      ServerlessV2ScalingConfiguration:
-        # Replace "All" below with "!Ref Env" to set different autoscaling limits per environment.
-        MinCapacity:
-          !FindInMap [webclusterEnvScalingConfigurationMap, All, DBMinCapacity]
-        MaxCapacity:
-          !FindInMap [webclusterEnvScalingConfigurationMap, All, DBMaxCapacity]
-  webclusterDBWriterInstance:
-    Metadata:
-      "aws:copilot:description":
-        "The webcluster Aurora Serverless v2 writer instance"
-    Type: "AWS::RDS::DBInstance"
-    Properties:
-      DBClusterIdentifier: !Ref webclusterDBCluster
-      DBInstanceClass: db.serverless
-      Engine: "aurora-postgresql"
-      PromotionTier: 1
-      AvailabilityZone: !Select
-        - 0
-        - !GetAZs
-          Ref: AWS::Region
-
-  webclusterSecretAuroraClusterAttachment:
-    Type: AWS::SecretsManager::SecretTargetAttachment
-    Properties:
-      SecretId: !Ref webclusterAuroraSecret
-      TargetId: !Ref webclusterDBCluster
-      TargetType: AWS::RDS::DBCluster
-Outputs:
-  webclusterSecret: # injected as WEBCLUSTER_SECRET environment variable by Copilot.
-    Description:
-      "The JSON secret that holds the database username and password. Fields are
-      'host', 'port', 'dbname', 'username', 'password', 'dbClusterIdentifier'
-      and 'engine'"
-    Value: !Ref webclusterAuroraSecret
-  webclusterSecurityGroup:
-    Description: "The security group to attach to the workload."
-    Value: !Ref webclusterSecurityGroup
diff --git a/copilot/web/manifest.yml b/copilot/web/manifest.yml
index 18df80c1..aadc3297 100644
--- a/copilot/web/manifest.yml
+++ b/copilot/web/manifest.yml
@@ -26,6 +26,7 @@ environments:
   staging:
     variables:
       NEXTAUTH_URL: https://web.staging.open-assistant.surfacedata.org
+      FASTAPI_URL: https://api.staging.open-assistant.surfacedata.org
 
 secrets:
   DATABASE_URL: /copilot/${COPILOT_APPLICATION_NAME}/${COPILOT_ENVIRONMENT_NAME}/secrets/DATABASE_URL
@@ -37,5 +38,4 @@ secrets:
   EMAIL_SERVER_USER: /copilot/${COPILOT_APPLICATION_NAME}/${COPILOT_ENVIRONMENT_NAME}/secrets/EMAIL_SERVER_USER
   EMAIL_FROM: /copilot/${COPILOT_APPLICATION_NAME}/${COPILOT_ENVIRONMENT_NAME}/secrets/EMAIL_FROM
   FASTAPI_KEY: /copilot/${COPILOT_APPLICATION_NAME}/${COPILOT_ENVIRONMENT_NAME}/secrets/FASTAPI_KEY
-  FASTAPI_URL: /copilot/${COPILOT_APPLICATION_NAME}/${COPILOT_ENVIRONMENT_NAME}/secrets/FASTAPI_URL
   NEXTAUTH_SECRET: /copilot/${COPILOT_APPLICATION_NAME}/${COPILOT_ENVIRONMENT_NAME}/secrets/NEXTAUTH_SECRET
diff --git a/docker/Dockerfile.backend b/docker/Dockerfile.backend
index d9458ae0..1f3bdfcd 100644
--- a/docker/Dockerfile.backend
+++ b/docker/Dockerfile.backend
@@ -5,6 +5,7 @@ COPY ./backend/requirements.txt /app/requirements.txt
 RUN pip install --no-cache-dir --upgrade -r /app/requirements.txt
 
 ENV PORT 8080
+EXPOSE 8080
 
 COPY ./oasst-shared /oasst-shared
 RUN pip install -e /oasst-shared