explaingit

emanthen/stacklift

Analysis updated 2026-05-18

6HCLAudience · ops devopsComplexity · 4/5LicenseSetup · hard

TLDR

Eight composable Terraform modules that provision a production AWS stack (VPC, RDS, ECS Fargate, ALB, Secrets Manager, GitHub Actions OIDC) for Django or FastAPI in under an hour with no stored AWS credentials.

Mindmap

mindmap
  root((Stacklift))
    Eight Modules
      VPC and subnets
      RDS PostgreSQL
      ECS Fargate service
      ALB and HTTPS
      Secrets Manager
      GitHub Actions OIDC
    Security Design
      No stored AWS keys
      No env files
      RDS deletion protection
    Examples
      Django Celery Postgres
      FastAPI Postgres
    Cost
      About 70 USD per month
      Single NAT default
Click or tap to explore — scroll the page freely

Code map

Detail Auto

An interactive map of this repo's files and how they connect — its source is parsed live in your browser. Click Visualize to build it.

filefunction / class

What do people build with it?

USE CASE 1

Run terraform apply to provision a full Django production stack on AWS (VPC, RDS, ECS Fargate, ALB, HTTPS) in about 10 minutes.

USE CASE 2

Set up a keyless GitHub Actions deployment pipeline that uses OIDC for temporary AWS credentials instead of storing long-lived keys in GitHub Secrets.

USE CASE 3

Deploy a FastAPI API to ECS Fargate with a PostgreSQL database and an HTTPS load balancer using the minimal example configuration.

USE CASE 4

Use the secrets module to store DATABASE_URL and app secrets in Secrets Manager so they are injected at container startup with no .env files.

What is it built with?

HCLTerraformAWS ECS FargateRDS PostgreSQLGitHub ActionsSecrets Manager

How does it compare?

emanthen/stackliftcoder/enterprise-terraformiamsavi0r/atlas
Stars644
LanguageHCLHCLHCL
Last pushed2022-08-17
MaintenanceDormant
Setup difficultyhardmoderatemoderate
Complexity4/53/53/5
Audienceops devopsops devopsresearcher

Figures from each repo's GitHub metadata at analysis time.

How do you get it running?

Difficulty · hard Time to first run · 1h+

Requires an AWS account, Terraform 1.5+, a Route53-managed domain, ACM certificate, and an S3 bucket plus DynamoDB table for Terraform remote state.

Free to use for any purpose, including commercial projects, as long as you keep the copyright notice.

In plain English

Stacklift is a set of Terraform modules that sets up a production-grade AWS infrastructure for Django or FastAPI projects. Running terraform apply creates the full stack in about 10 minutes: a VPC with public and private subnets, a managed PostgreSQL database on RDS, container hosting on ECS Fargate, a load balancer with HTTPS termination, secrets stored in AWS Secrets Manager, and a GitHub Actions workflow that deploys your app on every push to main. The project is organized as 8 composable modules (VPC, RDS, ECR, ECS cluster, ECS service, ALB, Secrets, and CI/CD), each self-contained with its own Terraform files and documentation. You wire them together in about 150 lines of configuration. The modules are also published to the Terraform Registry so you can reference them without cloning the repo. Two security decisions distinguish it from typical tutorial configurations. First, GitHub Actions authenticates to AWS using OIDC (short-lived tokens) rather than storing long-lived AWS access keys in GitHub Secrets. Second, application secrets like database credentials are stored in Secrets Manager and injected into the container at startup, so there are no .env files in production and no secrets checked into version control. The RDS instance also has deletion protection enabled at two levels to prevent accidental data loss. The estimated cost for a minimal setup (one web task, one small database, one load balancer) is around $70 per month on AWS in us-east-1. A single NAT Gateway is the default to keep costs down, with an option for one NAT per availability zone for higher reliability. Two examples ship with the repo: a full Django project with a Celery task worker, and a minimal FastAPI service. This is for solo developers and small teams who want to deploy a Python web app to AWS correctly without assembling the Terraform configuration from scratch.

Copy-paste prompts

Prompt 1
Walk me through deploying a Django project to AWS using Stacklift: from cloning the repo and filling in terraform.tfvars to running terraform apply and getting a working HTTPS URL.
Prompt 2
I want to use the Stacklift cicd module to set up GitHub Actions OIDC authentication to AWS without storing any long-lived credentials. Walk me through the module and the deploy.yml workflow.
Prompt 3
Explain the Stacklift security model: how do secrets get into the container, why is there no .env file in production, and what protects RDS from accidental deletion?
Prompt 4
I want to use individual Stacklift modules from the Terraform Registry without cloning the repo. Show me an example referencing the ecs-service and vpc modules with version pinning.
Prompt 5
Walk me through the estimated monthly AWS cost for a minimal Stacklift setup (1 web task, 1 RDS t3.micro, single NAT, us-east-1) and what each component contributes.

Frequently asked questions

What is stacklift?

Eight composable Terraform modules that provision a production AWS stack (VPC, RDS, ECS Fargate, ALB, Secrets Manager, GitHub Actions OIDC) for Django or FastAPI in under an hour with no stored AWS credentials.

What language is stacklift written in?

Mainly HCL. The stack also includes HCL, Terraform, AWS ECS Fargate.

What license does stacklift use?

Free to use for any purpose, including commercial projects, as long as you keep the copyright notice.

How hard is stacklift to set up?

Setup difficulty is rated hard, with roughly 1h+ to a first successful run.

Who is stacklift for?

Mainly ops devops.

Open on GitHub → Explain another repo

This repo across BitVibe Labs

Scan in gitsafehub Deploy in gitdeployhub emanthen on gitmyhub

Verify against the repo before relying on details.