Zero-dependency AWS infrastructure as TypeScript. Deploy production-ready cloud infrastructure without AWS SDK or CLI.

@stacksjs/ts-cloud is a modern infrastructure-as-code framework that lets you define AWS infrastructure using TypeScript configuration files. Unlike AWS CDK or Terraform, @stacksjs/ts-cloud:

• Zero AWS Dependencies - No AWS SDK, no AWS CLI. Direct AWS API calls only.
• Type-Safe Configuration - Full TypeScript types for all AWS resources
• Production-Ready Presets - 13 battle-tested infrastructure templates
• Bun-Powered - Lightning-fast builds and deployments
• CloudFormation Native - Generate clean, reviewable CloudFormation templates

Skip the boilerplate with production-ready presets for common architectures:

• Static Sites - S3 + CloudFront for SPAs and static websites
• Node.js Servers - EC2 + ALB + RDS + Redis for traditional apps
• Serverless Apps - ECS Fargate + ALB + DynamoDB for scalable services
• Full-Stack Apps - Complete frontend + backend + database stack
• API Backends - API Gateway + Lambda + DynamoDB for serverless APIs
• WordPress - Optimized WordPress hosting with RDS + EFS + CloudFront
• JAMstack - Modern static sites with Lambda@Edge for SSR
• Microservices - Multi-service architecture with service discovery
• Real-time Apps - WebSocket API + Lambda + DynamoDB Streams
• Data Pipelines - Kinesis + Lambda + S3 + Athena + Glue for ETL
• ML APIs - SageMaker + API Gateway for ML inference
• Traditional Web Apps - Session-based apps with EFS + Redis + ALB

Complete CloudFormation template builders for:

• Network - VPC, subnets, NAT gateways, routing, security groups
• Storage - S3 buckets with versioning, encryption, lifecycle rules, EFS
• Compute - EC2 Auto Scaling, ECS Fargate, Lambda functions
• Database - RDS (PostgreSQL/MySQL), DynamoDB with streams and GSIs
• Cache - ElastiCache Redis/Memcached with replication
• CDN - CloudFront distributions with custom domains and Lambda@Edge
• API Gateway - HTTP, REST, and WebSocket APIs
• Queue - SQS queues with dead letter queues
• Messaging - SNS topics and subscriptions
• Monitoring - CloudWatch dashboards, alarms, and log groups
• Security - ACM certificates, WAF rules, security groups

Built-in secret detection to prevent accidental credential exposure:

• 35+ Secret Patterns - AWS keys, API tokens, private keys, database credentials
• Automatic Scanning - Runs before every deployment
• Configurable Severity - Block on critical, high, medium, or low findings
• CI/CD Ready - Integrate security checks into your pipeline

# Scan for secrets before deploying
cloud deploy:security-scan --source ./dist

# Deploy with automatic security scanning
cloud deploy  # Scans automatically before deployment

No SDK, no CLI - pure AWS Signature V4 API calls:

• CloudFormation - CreateStack, UpdateStack, DeleteStack, DescribeStacks
• S3 - PutObject, multipart upload, sync directory
• CloudFront - Cache invalidations with wait support
• Credentials - Resolve from env vars, ~/.aws/credentials, or IAM roles

bun add @stacksjs/ts-cloud

Create a cloud.config.ts:

import { createStaticSitePreset } from '@stacksjs/ts-cloud/presets'

export default createStaticSitePreset({
  name: 'My Website',
  slug: 'my-website',
  domain: 'example.com',
})

Deploy:

bun run cloud deploy

That's it! You now have:

• ✅ S3 bucket with static website hosting
• ✅ CloudFront CDN with HTTPS
• ✅ Route53 DNS configuration
• ✅ ACM SSL certificate

import { createFullStackAppPreset } from '@stacksjs/ts-cloud/presets'

export default createFullStackAppPreset({
  name: 'My App',
  slug: 'my-app',
  domain: 'app.example.com',
  apiSubdomain: 'api.example.com',
})

Includes:

• Frontend: S3 + CloudFront
• Backend: ECS Fargate with auto-scaling
• Database: PostgreSQL RDS with Multi-AZ
• Cache: Redis ElastiCache
• Queue: SQS for background jobs

import { createApiBackendPreset } from '@stacksjs/ts-cloud/presets'

export default createApiBackendPreset({
  name: 'My API',
  slug: 'my-api',
  domain: 'api.example.com',
})

Includes:

• API Gateway HTTP API
• Lambda functions with auto-scaling
• DynamoDB tables with on-demand billing
• CloudWatch monitoring and alarms

You can extend any preset with custom configuration:

import { createNodeJsServerPreset, extendPreset } from '@stacksjs/ts-cloud/presets'

export default extendPreset(
  createNodeJsServerPreset({
    name: 'My App',
    slug: 'my-app',
  }),
  {
    infrastructure: {
      compute: {
        server: {
          instanceType: 't3.large', // Upgrade instance type
          autoScaling: {
            max: 20, // Increase max instances
          },
        },
      },
    },
  }
)

Combine multiple presets:

import { composePresets, createStaticSitePreset, createApiBackendPreset } from '@stacksjs/ts-cloud/presets'

export default composePresets(
  createStaticSitePreset({ name: 'Frontend', slug: 'frontend', domain: 'example.com' }),
  createApiBackendPreset({ name: 'Backend', slug: 'backend' }),
  {
    // Custom overrides
    infrastructure: {
      monitoring: {
        alarms: [{ metric: 'Errors', threshold: 10 }],
      },
    },
  }
)

Generate templates programmatically:

import { CloudFormationBuilder } from '@stacksjs/ts-cloud/cloudformation'

const builder = new CloudFormationBuilder(config)
const template = builder.build()

console.log(JSON.stringify(template, null, 2))

Use the AWS clients directly:

import { CloudFormationClient, S3Client, CloudFrontClient } from '@stacksjs/ts-cloud/aws'

// CloudFormation
const cfn = new CloudFormationClient('us-east-1')
await cfn.createStack({
  stackName: 'my-stack',
  templateBody: JSON.stringify(template),
})

// S3
const s3 = new S3Client('us-east-1')
await s3.putObject({
  bucket: 'my-bucket',
  key: 'file.txt',
  body: 'Hello World',
})

// CloudFront
const cloudfront = new CloudFrontClient()
await cloudfront.createInvalidation({
  distributionId: 'E1234567890',
  paths: ['/*'],
})

@stacksjs/ts-cloud supports multiple DNS providers for domain management and SSL certificate validation:

1. Log in to your Cloudflare Dashboard
2. Go to My Profile → API Tokens (or visit https://dash.cloudflare.com/profile/api-tokens)
3. Click Create Token
4. Use the Edit zone DNS template, or create a custom token with:
   • Permissions: Zone → DNS → Edit
   • Zone Resources: Include → All zones (or specific zones)
5. Copy the generated token

export CLOUDFLARE_API_TOKEN="your-api-token-here"

1. Log in to your Porkbun Dashboard
2. Enable API access for your domain(s)
3. Generate an API key pair

export PORKBUN_API_KEY="your-api-key"
export PORKBUN_SECRET_KEY="your-secret-key"

1. Log in to GoDaddy Developer Portal
2. Create a new API key
3. Note both the key and secret

export GODADDY_API_KEY="your-api-key"
export GODADDY_API_SECRET="your-api-secret"
export GODADDY_ENVIRONMENT="production"  # or "ote" for testing

Uses AWS credentials from environment or ~/.aws/credentials:

export AWS_ACCESS_KEY_ID="your-access-key"
export AWS_SECRET_ACCESS_KEY="your-secret-key"
export AWS_REGION="us-east-1"
export AWS_HOSTED_ZONE_ID="Z1234567890"  # Optional

# List domains
cloud domain:list --provider cloudflare

# List DNS records
cloud dns:records example.com --provider cloudflare

# Add a DNS record
cloud dns:add example.com A 192.168.1.1 --name api --provider cloudflare

# Generate SSL certificate with DNS validation
cloud domain:ssl example.com --provider cloudflare

# Install dependencies
bun install

# Run tests
bun test

# Build
bun run build

# Type check
bun run typecheck

1. Configuration - Define infrastructure in TypeScript
2. CloudFormation Generation - Convert config to CloudFormation templates
3. AWS API Calls - Direct HTTPS calls to AWS CloudFormation API
4. Deployment - Create/update stacks with change sets
5. Monitoring - Track deployment progress with real-time events

@stacksjs/ts-cloud uses zero external dependencies for AWS operations:

• AWS Signature V4 - Manual request signing for authentication
• Direct HTTPS - Native fetch() for API calls
• Credentials - Parse ~/.aws/credentials without SDK
• CloudFormation - XML/JSON parsing for responses

This means:

• ⚡ Faster startup and execution
• 📦 Smaller bundle size
• 🔒 Better security (no supply chain attacks)
• 🎯 Full control over AWS interactions

Please see CONTRIBUTING for details.

For help, discussion about best practices, or any other conversation that would benefit from being searchable:

Discussions on GitHub

For casual chit-chat with others using this package:

Join the Stacks Discord Server

"Software that is free, but hopes for a postcard." We love receiving postcards from around the world showing where Stacks is being used! We showcase them on our website too.

Our address: Stacks.js, 12665 Village Ln #2306, Playa Vista, CA 90094, United States 🌎

We would like to extend our thanks to the following sponsors for funding Stacks development. If you are interested in becoming a sponsor, please reach out to us.

• JetBrains
• The Solana Foundation

The MIT License (MIT). Please see LICENSE for more information.

Made with 💙