Deployment Options for SAAS App

Hello.

If you want a configuration that fully uses AWS managed services, I think you can use the following configuration.
Also, with managed services, there are various restrictions, so you need to verify and judge whether it matches the application you want to host.
The configuration below may be difficult for people who are not familiar with AWS operation and maintenance to use, so in that case, it is better to host the application using an AWS service that is similar to a general server such as EC2 and RDS.

1. Front-end React app

The front end can be hosted on CloudFront and S3.
https://docs.aws.amazon.com/prescriptive-guidance/latest/patterns/deploy-a-react-based-single-page-application-to-amazon-s3-and-cloudfront.html

I think it is also possible to use AWS Amplify.
https://aws.amazon.com/getting-started/hands-on/build-react-app-amplify-graphql/module-one/?nc1=h_ls

2. Back-end graphql server (the front-end queries this server and my server updates my postgres database) - graphql only exposes a single endpoint

I think it is possible for the backend graphql to use AppSync.
https://aws.amazon.com/jp/blogs/architecture/what-to-consider-when-modernizing-apis-with-graphql-on-aws/

3. A stripe webhook server (that listens for stripe events and then updates my postgres database accordingly) - it must expose a single endpoint that Stripe can access

We use EventBridge and Lambda to handle stripe webhooks.
Since EventBridge and Stripe can be linked, I think it is probably possible to use it.
If it is difficult to use this feature, I think you can use API Gateway and Lambda.
https://aws.amazon.com/about-aws/whats-new/2022/08/amazon-eventbridge-supports-receiving-events-github-stripe-twilio-using-webhooks/?nc1=h_ls

4. A RESTFUL tracking server (that just listens for REST API calls and updates my postgres database) - exposes multiple endpoints

I think API Gateway and Lambda can be used for Rest API.
https://docs.aws.amazon.com/apigateway/latest/developerguide/how-to-create-api.html

Requirement 2: deploy my postgres database I also have a Postgres database that I need my servers to be able to interact with, which also needs to run a daily stored procedure (that changes my database) and monthly script (that calls stripe APIs and changes my database).

I think it is best to use RDS Aurora PostgreSQL for the Postgres database.
Also, by using something called Aurora Serverless, you can use the function to operate the database from an API called DataAPI.
https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/data-api.html

I think scripts that run daily or monthly can be realized by combining the EventBridge scheduler and Lambda.
However, Lambda times out after 15 minutes, so if the processing takes more than 15 minutes, you will need to use a method such as AWS Batch.
https://docs.aws.amazon.com/batch/latest/userguide/what-is-batch.html

Requirement 3: my app must access sensitive information I also have a process.env file that I need to store somewhere safe and have my app be able to access the sensitive information.

I think it's a good idea to save the contents of the process.env file in AWS Secrets Manager.
This service is suitable for storing sensitive information such as authentication information.
I think it is possible to create an API Gateway and Lambda for accessing confidential information, retrieve the contents of process.env from Secrets Manager, and access the confidential information.
https://docs.aws.amazon.com/secretsmanager/latest/userguide/intro.html

To deploy any SaaS apps I recommend you https://kamal-deploy.org/.

This is a tool that is very simple to you use, it helps to automate the containerzation of your app and deploy it on any VPS (it could be an EC2 instance or any other kind of instance).

I know this is not the AWS way, answer 1 from my colleague Riku is very good, but just wanted to add and alternative.