gitmyhub

Stacklift

HCL ★ 6 updated 18d ago

Production AWS for Django & FastAPI — ECS Fargate, RDS Postgres, ALB, Secrets Manager, GitHub Actions OIDC. 8 composable Terraform modules. No stored AWS keys. No .env files. Works in under an hour.

Eight composable Terraform modules that provision a production AWS stack (VPC, RDS, ECS Fargate, ALB, Secrets Manager, GitHub Actions OIDC) for Django or FastAPI in under an hour with no stored AWS credentials.

HCLTerraformAWS ECS FargateRDS PostgreSQLGitHub ActionsSecrets Managersetup: hardcomplexity 4/5

Stacklift is a set of Terraform modules that sets up a production-grade AWS infrastructure for Django or FastAPI projects. Running terraform apply creates the full stack in about 10 minutes: a VPC with public and private subnets, a managed PostgreSQL database on RDS, container hosting on ECS Fargate, a load balancer with HTTPS termination, secrets stored in AWS Secrets Manager, and a GitHub Actions workflow that deploys your app on every push to main.

The project is organized as 8 composable modules (VPC, RDS, ECR, ECS cluster, ECS service, ALB, Secrets, and CI/CD), each self-contained with its own Terraform files and documentation. You wire them together in about 150 lines of configuration. The modules are also published to the Terraform Registry so you can reference them without cloning the repo.

Two security decisions distinguish it from typical tutorial configurations. First, GitHub Actions authenticates to AWS using OIDC (short-lived tokens) rather than storing long-lived AWS access keys in GitHub Secrets. Second, application secrets like database credentials are stored in Secrets Manager and injected into the container at startup, so there are no .env files in production and no secrets checked into version control. The RDS instance also has deletion protection enabled at two levels to prevent accidental data loss.

The estimated cost for a minimal setup (one web task, one small database, one load balancer) is around $70 per month on AWS in us-east-1. A single NAT Gateway is the default to keep costs down, with an option for one NAT per availability zone for higher reliability.

Two examples ship with the repo: a full Django project with a Celery task worker, and a minimal FastAPI service. This is for solo developers and small teams who want to deploy a Python web app to AWS correctly without assembling the Terraform configuration from scratch.

Where it fits