A platform-agnostic cloud infrastructure components library for modern applications. Built with TypeScript and Pulumi, Infra Foundry provides reusable, composable infrastructure components that work across AWS, Cloudflare, and Vercel.
- 🔧 Reusable Components - Pre-built factories for common cloud services
- 🌍 Platform Agnostic - Works with AWS, Cloudflare, and Vercel
- 📦 TypeScript First - Full type safety and IntelliSense support
- ⚡ Pulumi Powered - Leverages Pulumi's infrastructure as code capabilities
- 🎯 Production Ready - Battle-tested components used in production environments
-
Create a new Pulumi project
mkdir my-infrastructure && cd my-infrastructure pulumi new typescript
-
Install the package
yarn add infra-foundry # or npm install infra-foundry -
Create a Pulumi Organisation via the Pulumi console
-
Create and select a stack in your organization
# stack-name refers to the environment to be deployed ex. `prod`, `dev` pulumi stack init <your-org>/<stack-name>
-
Preview and deploy your infrastructure
pulumi preview --stack <your-org>/<stack-name> pulumi up --stack <your-org>/<stack-name>
Each component is exported under its own namespace, so you import only what you need:
import { s3, vpc, rds } from 'infra-foundry'| Component | Provider | What it does |
|---|---|---|
| Amplify | AWS | Static site hosting and CI/CD from a Git repo |
| App Runner | AWS | Fully managed container service with autoscaling |
| ECR | AWS | Container registry with image lifecycle management |
| ECS | AWS | Fargate cluster and service orchestration |
| Docker Image | Docker | Build and push images to a registry |
| Identity Center | AWS | SSO admin, permission sets, and team membership |
| Organizations | AWS | Organizational units under the org root |
| RDS | AWS | Managed relational database instances |
| Route 53 | AWS | Hosted zones and DNS records |
| S3 | AWS | Object storage fronted by a CloudFront CDN |
| Secrets Manager | AWS | Versioned secret storage |
| SES | AWS | Email sending with DKIM and Route 53 wiring |
| SQS | AWS | Standard and FIFO queues with optional DLQ |
| VPC | AWS | Virtual private cloud networking |
| Cloudflare | Cloudflare | Nameserver delegation and DNS records |
| Vercel | Vercel | Project provisioning with env vars and domains |
Provision an AWS Amplify app wired to a Git repository, with a managed branch and optional custom domain.
import { amplify } from 'infra-foundry'
const site = new amplify.AmplifyApp({
name: 'marketing-site',
repository: 'https://github.com/acme/marketing-site',
branchName: 'main',
githubAccessToken: process.env.GITHUB_TOKEN!,
domainName: 'acme.com', // optional
})Run a container image on AWS App Runner with health checks, autoscaling, and an optional custom domain.
import { appRunner } from 'infra-foundry'
const api = new appRunner.AppRunnerService({
name: 'api',
image: '123456789012.dkr.ecr.us-east-1.amazonaws.com/api:latest',
port: '8080',
healthCheckPath: '/health',
})
export const url = api.serviceUrlCreate an Elastic Container Registry repository with automatic image lifecycle pruning, plus helpers to resolve image URIs.
import { ecr } from 'infra-foundry'
const repo = new ecr.EcrRepository({ name: 'api', maxImages: 5 })
export const imageUri = repo.getLatestImageUri()Stand up a Fargate cluster and a load-balanced service. The service is created against a cluster and VPC.
import { ecs, vpc } from 'infra-foundry'
const network = new vpc.Vpc('prod')
const cluster = new ecs.EcsCluster('prod')
const service = new ecs.EcsService(
'api',
cluster,
{
name: 'api',
image: 'nginx:latest',
port: 80,
dnsConfig: {
/* domain + hosted zone config */
},
healthCheckConfig: {
/* path, interval, thresholds */
},
},
{
/* VPC config: subnets, security groups */
},
)Build a Docker image from a local context and push it to a registry (for example, the ECR repository above).
import { image, ecr } from 'infra-foundry'
const repo = new ecr.EcrRepository({ name: 'api' })
const img = new image.DockerImage({
name: 'api',
imageName: repo.repository.repositoryUrl,
buildContext: './app',
registry: {
/* { server, username, password } — e.g. from ECR auth */
},
})Manage AWS IAM Identity Center (SSO): bootstrap an admin user, define permission sets, and assign team members to accounts.
import { identityCenter } from 'infra-foundry'
const admin = new identityCenter.IdentityCenterAdmin('admin', {
adminUsername: 'jane',
adminGivenName: 'Jane',
adminFamilyName: 'Doe',
adminEmail: 'jane@acme.com',
awsRegion: 'us-east-1',
})Create organizational units under the AWS Organizations root.
import { organizations } from 'infra-foundry'
const ous = new organizations.OrganizationalUnits('root', {
ouNames: ['Workloads', 'Sandbox'],
})Provision a managed relational database instance with sensible storage defaults.
import { rds } from 'infra-foundry'
const db = new rds.RdsInstance({
name: 'app',
engine: 'postgres',
engineVersion: '16.3',
dbName: 'app',
username: 'app',
password: dbPassword, // pulumi.Output<string> or string
})Create (or find) a Route 53 hosted zone and manage records for it.
import { route53 } from 'infra-foundry'
const zone = new route53.HostedZone('acme', { name: 'acme.com' })Create an S3 bucket fronted by a CloudFront distribution for serving static assets.
import { s3 } from 'infra-foundry'
const assets = new s3.S3Bucket({ name: 'acme-assets' })
export const cdnDomain = assets.assetsCdn.domainNameStore a versioned secret with one or more key/value pairs in AWS Secrets Manager.
import { secret } from 'infra-foundry'
const creds = new secret.Secret({
name: 'app/db',
values: {
username: 'app',
password: dbPassword,
},
})Set up an SES domain identity with DKIM. Use SesWithRoute53 to also create the verification and DKIM records in a hosted zone automatically.
import { ses } from 'infra-foundry'
const email = new ses.Ses('acme', {
name: 'acme',
domainName: 'acme.com',
enableDkim: true,
})Create a standard or FIFO queue, optionally with a dead-letter queue and KMS encryption.
import { sqs } from 'infra-foundry'
const queue = new sqs.SqsQueue({
name: 'jobs',
type: 'fifo',
})
export const queueUrl = queue.urlProvision a VPC with networking primitives ready for ECS and other workloads.
import { vpc } from 'infra-foundry'
const network = new vpc.Vpc('prod')Delegate a domain to Cloudflare nameservers and manage its DNS records.
import { cloudflare } from 'infra-foundry'
const ns = new cloudflare.CloudflareNameserver('acme', {
domain: 'acme.com',
nameServers: zone.nameServers,
})Provision a Vercel project with a framework preset, Git repository, and environment variables.
import { vercel } from 'infra-foundry'
const app = new vercel.VercelProject('web', {
name: 'web',
framework: 'nextjs',
gitRepo: 'acme/web',
})src/
├── amplify/ # AWS Amplify components
├── app-runner/ # AWS App Runner components
├── cloudflare/ # Cloudflare components
├── ecr/ # AWS ECR components
├── ecs/ # AWS ECS Fargate components
├── identity-center/ # AWS IAM Identity Center (SSO) components
├── image/ # Docker image components
├── organizations/ # AWS Organizations components
├── rds/ # AWS RDS components
├── route53/ # AWS Route 53 components
├── s3/ # AWS S3 components
├── secret/ # AWS Secrets Manager components
├── ses/ # AWS SES components
├── sqs/ # AWS SQS components
├── vercel/ # Vercel components
├── vpc/ # AWS VPC components
└── utils/ # Shared utilities
We welcome contributions! Please see our Contributing Guidelines for details.
This project is licensed under the MIT License - see the LICENSE file for details.
Built with ❤️ by Hamza Hassan