Analysis updated 2026-05-18
Run terraform apply to provision a full Django production stack on AWS (VPC, RDS, ECS Fargate, ALB, HTTPS) in about 10 minutes.
Set up a keyless GitHub Actions deployment pipeline that uses OIDC for temporary AWS credentials instead of storing long-lived keys in GitHub Secrets.
Deploy a FastAPI API to ECS Fargate with a PostgreSQL database and an HTTPS load balancer using the minimal example configuration.
Use the secrets module to store DATABASE_URL and app secrets in Secrets Manager so they are injected at container startup with no .env files.
| emanthen/stacklift | coder/enterprise-terraform | iamsavi0r/atlas | |
|---|---|---|---|
| Stars | 6 | 4 | 4 |
| Language | HCL | HCL | HCL |
| Last pushed | — | 2022-08-17 | — |
| Maintenance | — | Dormant | — |
| Setup difficulty | hard | moderate | moderate |
| Complexity | 4/5 | 3/5 | 3/5 |
| Audience | ops devops | ops devops | researcher |
Figures from each repo's GitHub metadata at analysis time.
Requires an AWS account, Terraform 1.5+, a Route53-managed domain, ACM certificate, and an S3 bucket plus DynamoDB table for Terraform remote state.
Stacklift is a set of Terraform modules that sets up a production-grade AWS infrastructure for Django or FastAPI projects. Running terraform apply creates the full stack in about 10 minutes: a VPC with public and private subnets, a managed PostgreSQL database on RDS, container hosting on ECS Fargate, a load balancer with HTTPS termination, secrets stored in AWS Secrets Manager, and a GitHub Actions workflow that deploys your app on every push to main. The project is organized as 8 composable modules (VPC, RDS, ECR, ECS cluster, ECS service, ALB, Secrets, and CI/CD), each self-contained with its own Terraform files and documentation. You wire them together in about 150 lines of configuration. The modules are also published to the Terraform Registry so you can reference them without cloning the repo. Two security decisions distinguish it from typical tutorial configurations. First, GitHub Actions authenticates to AWS using OIDC (short-lived tokens) rather than storing long-lived AWS access keys in GitHub Secrets. Second, application secrets like database credentials are stored in Secrets Manager and injected into the container at startup, so there are no .env files in production and no secrets checked into version control. The RDS instance also has deletion protection enabled at two levels to prevent accidental data loss. The estimated cost for a minimal setup (one web task, one small database, one load balancer) is around $70 per month on AWS in us-east-1. A single NAT Gateway is the default to keep costs down, with an option for one NAT per availability zone for higher reliability. Two examples ship with the repo: a full Django project with a Celery task worker, and a minimal FastAPI service. This is for solo developers and small teams who want to deploy a Python web app to AWS correctly without assembling the Terraform configuration from scratch.
Eight composable Terraform modules that provision a production AWS stack (VPC, RDS, ECS Fargate, ALB, Secrets Manager, GitHub Actions OIDC) for Django or FastAPI in under an hour with no stored AWS credentials.
Mainly HCL. The stack also includes HCL, Terraform, AWS ECS Fargate.
Free to use for any purpose, including commercial projects, as long as you keep the copyright notice.
Setup difficulty is rated hard, with roughly 1h+ to a first successful run.
Mainly ops devops.
This repo across BitVibe Labs
Verify against the repo before relying on details.