The Cloud Posse Jumpstart Accelerator is ideal for Startups or SMBs looking to quickly get up and running on Amazon following all the latest AWS “Best Practices” from the AWS Well-Architected framework and practices we've learned operating in the trenches. It's continuously updated by Cloud Posse and based entirely on our Open Source materials available today.

Fast and cost-effective, saving us engineering time and resources.

We used CloudPosse's Jumpstart Accelerator for our new company's initial Infrastructure as Code (IaC) and AWS architecture setup. The service was fast and cost-effective, saving us engineering time and resources that would otherwise have been spent on building and maturing our infrastructure. CloudPosse allowed us to start with a mature setup while adding our company-specific needs. I highly recommend CloudPosse's Jumpstart Contract for teams planning to use AWS and who have at least one Terraform expert.

Steven Miller

Founding Engineer - CoreDB

Who is it for?

Companies that have straightforward architectural requirements that do not require a lot of customizations. Alternatively, companies comfortable with AWS and Terraform can perform the customizations themselves. We also provide separate Professional Services to help with any customizations or workload migrations you need that may fall outside of what Jumpstart includes.

Jumpstart is ideal for companies:

  • Companies that are deploying dozens or more services and backing services.
  • Companies who want to leverage more of what AWS offers with managed services like ECS, EKS (Kubernetes, RDS, MSK, Airflow, etc.
  • Companies who want someone to help them provision everything quickly so they take care of the rest.
Get Price

What it's Not

It's not ideal for companies with simple technology stacks (e.g., 1-2 services) and no plans to change them. The solution may be overwhelming as it focuses on solving a different problem. Teams lacking AWS and Terraform experience may struggle with the terraform code and conventions.

Suppose you need a custom delivery of our reference architecture to meet requirements or want to understand every decision needed to build their architecture. In that case, our Enterprise Accelerator is designed specifically for that purpose. Companies that need to invest more of their limited capital in developing a product or MVP should consider our Bootcamp Accelerator; spending your money in the right places at the right time is crucial. We don't want you to over-invest in infrastructure at this stage if it doesn't help you reach the next stage of growth (we'll be there for you when you do!)

Get Price

Batteries Included

Everything we offer is à la carte. You can choose precisely what you need from our entire library Infrastructure as Code. It's delivered to you preconfigured as part of our Reference Architecture and deployed by Cloud Posse. Pay only for what you need, nothing more. Receive everything for one fixed price with no overages and no strings attached. You'll get a guaranteed delivery window fully implemented by Cloud Posse.


Throughout the project, we handle all the Technical Project Management. You're invited to our Jira project and can follow along. To successfully execute a project, a project manager must be knowledgeable about the underlying technology and risks. That's why our project managers understand the DevOps methodologies we espouse, terminology, and common pitfalls. As a customer, this means you always understand how things are going and where the project stands. You get regular updates and concise communication.

There are no long-term commitments.

We provision everything for you in your accounts. Your team can follow along and repeat the process. If they get stuck, they can just hop on Slack or Zoom and get their needed help.

We eliminate the guesswork of building and owning your AWS cloud infrastructure. Our proven process and pre-existing materials ensure a consistent outcome every time.

Working with us ensures a predictable outcome that is delivered on time and within budget.

By and large, most engineering projects without pre-existing processes and materials fail to be delivered on time. Their scope is grossly underestimated which results in missed deadlines and exploded budgets.

Working with Cloud Posse ensures you avoid the most common pitfalls and achieve the intended outcomes without blowing your budget.

You can hire 2-3 experienced DevOps engineers to build your platform, which may work, but offers zero guarantees other than it will cost 2-3x the cost of hiring Cloud Posse. Plus, when you work with us, we'll rapidly level up your team's skillset set, increasing their value to your company.

What many companies fail to realize is you don't need just “a DevOps Engineer”. You need a combination of various skill sets, many of which companies lack or do not budget for.

  • Technical Project Managers with an understanding of managing DevOps teams. DevOps Engineers are frequently excellent at solving problems but need help (moreover, appreciate the help) managing their priorities and someone to run interference if they are heads down fighting fires.
  • QA/Release Engineers with a solid grasp of the CI/CD platform and the organization's needs. They should possess knowledge of test automation and their role in delivering a stable software delivery process.
  • DevOps/Platform Engineers who understand the tooling and possess a holistic understanding of the entire process, soup to nuts. They need to understand the relationship between their job and the needs of the business and developers.
  • Site Reliability Engineers that work with the business to establish SLIs/SLOs and build in the systems to ensure objectives are met.

When you work with Cloud Posse, you get all of that coupled with our proven process and reusable materials, which ensure your success.

Developers are a business' most expensive investment. Empowering developers to work autonomously with self-service infrastructure will pay dividends in productivity and maximize your ROI.

Get Price

Foundational Infrastructure

Cloud Posse will deliver a standardized, preconfigured implementation of its Open Source Infrastructure As Code Reference Architecture with Terraform. It includes an efficient GitOps workflow leveraging Spacelift or Atlantis and the ability to deploy across multiple stages, including Development, Staging, and Production. A solid AWS foundation is required to maintain a better security and compliance posture from the ground up. A disaster recovery strategy baked in by leveraging a combination of Infrastructure as Code (Terraform), VCS, and multi-zone deployments.

What's Included

Provision GitHub monorepo for foundational infrastructure
  • Configure Dockerfile to drive all infrastructure tooling
  • Setup up repository scaffolding, including directory structure and configuration layouts
  • Enable GitHub branch protections
  • Provision example CODEOWNERS to restrict approvals to specific teams
  • Use Cloud Automation Shell (geodesic) as the base image for the toolchain
Provision New AWS Organization with Terraform
  • Provision net-new top-level root account for the organization
  • Provision Organizational Units (OUs)
    • core: for core governance accounts
    • plat: for platform accounts (e.g., dev, staging, prod)
  • Provision example Service Control Policies (SCP)
  • Provision Terraform State Backend architecture, using a combination of S3 buckets with mandatory encrypted objects, DynamoDB tables for state locking
Provision AWS Multi-Account Architecture with Terraform
  • Raise all necessary account limits via AWS Support
  • Implement a multi-region capable operating model using multi-region naming conventions
  • Provision Member accounts. Additional accounts may be added easily later.
    • root
    • core
      • identity
      • audit
      • security
      • network
      • dns
      • auto
      • artifacts
    • plat
      • prod
      • staging
      • dev
      • sandbox
  • Provision centralized Cloudtrail bucket in the audit account with mandatory encryption, private ACLs, and lifecycle rules to reduce ongoing costs
  • Provision Organizational Cloudtrail Audit Logs to log to the centralized S3 bucket in audit account
  • Provision account settings, including account aliases, account password policies and account S3 bucket policies
  • Provision account budgets (optional)
  • Provision centralized ECR registry to host docker images (e.g., for infrastructure and applications)
  • Provision a combination of ASM+SSM for platform infrastructure secrets (KMS encryption)
Provision IAM & SSO Architecture with Terraform
  • Provision identity account IAM with SAML integration SSO provider (e.g., Okta, GSuite)
  • Provision AWS SSO in the root account
  • Provision baseline cross-account IAM Roles and Responsibilities.
Provision Network Architecture with Terraform
  • Provision a predefined Subnet Allocation Scheme capable of supporting all the different types of workloads across accounts with non-overlapping CIDR ranges
  • Deprovision default unmanaged VPCs in every account
  • Provision new VPCs in each account, in each operating region
  • Provision public subnets across multiple availability zones within each region to support public load balancers
  • Provision private subnets across multiple availability zones for each workload (e.g. applications, databases) as necessary
  • Provision Network ACLS
  • Provision Route Tables to enable routing across subnets
  • Provision AWS Transit Gateway in the network account to enable transit between the automation account and all other accounts on private subnets
  • Provision service discovery architecture using hierarchical hostnames with Route53
  • Provision customer-facing branded domains (e.g. for marketing and SEO)
  • Provision Internet Gateways for ingress and egress with private subnets
  • Provision high-availability NAT gateways with Elastic IPs for egress traffic from VPCs
Get Price

Foundational Platform

The platform will be able to run elastic, autoscaling containerized workloads. There will exist strict account, IAM, and network account boundaries.

What's Included

Provision Spacelift GitOps Platform with Terraform
  • Provision Spacelift Cloud to manage Continuous Delivery of Infrastructure with approval gates (GitOps) and drift detection with automatic remediation. 
  • Provision Self-hosted Spacelift runners in an autoscale group
  • Import all stacks to Spacelift.
  • Remediate all failures
Provision ECS Fargate Cluster with Terraform
  • Provision ECS Fargate Cluster resource
  • Provision ACM certificates for TLS
  • Provision public ALBs with ACM for external traffic
  • Provision public ALBs with ACM for internal traffic
  • Provision fine-grained IAM roles for service accounts
  • Provision Cloudwatch Log Group
  • Provision Security Groups
  • Provision example ECS task using Google echo-server
Provision ECS EC2 Classic Cluster with Terraform
  • Provision ECS Cluster resource
  • Provision ECS EC2 Autoscale Group with On-demand Instances
  • Provision ACM certificates for TLS
  • Provision public ALBs with ACM for external traffic
  • Provision public ALBs with ACM for internal traffic
  • Provision fine-grained IAM roles for service accounts
  • Provision Cloudwatch Log Group
  • Provision Security Groups
  • Provision example ECS task using Google echo-server
Provision Lambda Functions with Terraform
  • Provision example Lambda function with Terraform
  • Provision example of IAM roles needed by Lambda function
Provision DynamoDB Global Tables with Terraform
  • Provision global tables with replicas in primary and secondary region
Provision Cloudflare CDN with Terraform
  • Provision Cloudflare CDN component to accelerate origin content
Provision RDS Aurora clusters (Postgres) with Terraform
  • Enable encryption at rest
  • Enable backups
  • Provision example schema
  • Provision example Postgres users, roles, databases with terraform
Provision GitHub Actions Self-hosted Runners with Terraform
  • Provision github-actions ASG in automation account
  • Provision requisite IAM role services accounts needed by runners
  • Provision example IAM roles for GitHub Action jobs with OIDC trust relationship so jobs can securely interact with AWS without using any hardcoded AWS credentials.
Get Price

Foundational Release Engineering

A solid release engineering process based on GitHub Actions will tie everything together. Ensuring a high-quality DX is of utmost importance so that Developers can achieve “self-serve” without needing to become GitHub Actions experts while maintaining a security system with few pieces being exposed to the public internet. Developers will be able to test every Pull Request (PR) with ephemeral environments and continuously deploy to Development environments on every commit to main the branch. An elegant release engineering process enables automatic deployments to stage and rollouts to production will require some method of approval, depending on the capabilities of the Client’s GitHub subscription.

What's Included

Feature Branch Workflow with GitHub Actions

The Feature branch workflow is triggered on changes in a pull request that target the main branch. It will perform CI (build and test) and CD (deploy into Preview and/or QA environments) jobs.

  • Build docker images and push to ECR
    (e.g. for Elixr and NodeJS applications)
  • Implement a Docker-compose-based integration testing
  • Deploy/Destroy ephemeral Preview environments (aka Review Apps)
Main Branch Workflow with GitHub Actions

The Main branch workflow triggered on commit into the main (default) branch

  • Integrate the latest changes 
  • Create/update the next draft release. 
  • Perform CI (build and test) 
  • Perform CD to Dev
Release Workflow with GitHub Actions

The Release workflow is triggered when a new GitHub Release is published.

Hot Fix Branch Workflow with GitHub Actions

The Hot Fix Branch workflow is triggered on changes in a pull request that target any release/{version} branch.

  • Perform CI (build and test) 
  • Perform CD (deploy into Hotfix environment) jobs that trigger Spacelift deployments of ECS tasks
Hot Fix Release Workflow with GitHub Actions

The Hot Fix Release workflow is triggered on commit into the release/{version} branch to integrate new hotfix changes.

  • Perform CI (build and test) 
  • Perform CD (deploy into the Production environment with approval gates) jobs
  • Create a new release with incremented patch version
  • Reintegrate the changes into the main branch, by programmatically creating a new PR that targets main branch to integrate the hotfix with the latest code.
Get Price

Foundational Security & Compliance

Security-conscious conscious businesses seeking benchmark compliance (e.g. SOC2 Type II, HIPAA, PCI/DSS, HITRUST, et al) will need to architect their infrastructure to meet these standards from the ground up. Our strategy is to deploy AWS SecurityHub and enable the AWS Conformance Packs containing the security controls to meet the operational best practices of a given compliance framework. A conformance pack is a collection of AWS Config rules and remediation actions that can be easily deployed across an AWS organization. With AWS Config we can evaluate whether your AWS resources comply with standard best practices of a given technical benchmark. Cloud Posse has all the Terraform modules to accelerate this implementation.

What's Included

Provision AWS Config with Conformance Packs with Terraform

Provision AWS Config with operational best practices tied to HIPAA Security Conformance Rules, and AWS CIS Foundations Benchmarks to monitor compliance against rules that continuously monitor and detect non-conformance.

For a complete list of all supported Conformance Packs, see the AWS GitHub repository [5] Our terraform module supports loading all required conformance packs.

Provision AWS SecurityHub with Terraform

Provision AWS Security Hub dashboard to identify gaps for improvement

Provision AWS Audit Manager with Terraform
  • Provision AWS Audit Manager for automated evidence collection from SecurityHub  (not fully supported by terraform)

Provision AWS Security Hub dashboard to identify gaps for improvement

Provision AWS GuardDuty with Terraform

Provision AWS GuardDuty for advanced threat intelligence in near real-time.

Get Price

Foundational Site Reliability Engineering

Cloud Posse will lay the foundation for monitoring the platform and incident response architecture. This will ensure employees know about issues before our customers do. Datadog-managed dashboards will make it easier to see the system's overall health. Turnkey monitors will be deployed to alert when thresholds are violated.

What's Included

Provision Datadog with Terraform
  • Provision Datadog AWS Integrations
  • Provision Datadog Agent Sidecars (for ECS tasks)
  • Provision Datadog Agent DaemonSets (for EKS)
  • Provision Datadog Private Locations for synthetic monitoring
  • Provision Datadog Log Collector
Provision Datadog Monitors with Terraform
Provision OpsGenie Incident Management Architecture with Terraform
Get Price


Everything we deliver is fully customizable by you. Or, if you would like some help, with we can do it as part of our Professional Services. This way you can control the costs and decide on what you want to take in-house versus hiring Cloud Posse to perform on your behalf.

Examples of Common Customizations
  • Reusing any existing AWS accounts: Adopt AWS accounts from other organizations in order to manage them with Terraform.
  • Migration of workloads: Migrate databases and applications to Kubernetes or ECS (E.g. from Heroku or on-prem).
  • Custom Monitors & Dashboards: Implement custom Datadog monitors and alerts and implement custom Datadog dashboards.
  • New CI/CD Workflow Patterns: Extend CI/CD workflows for platforms like Lambda, S3, Cloudflare Workers, or build and deploy artifacts of for Lambda functions.
  • Develop New Terraform Modules or Components: We'll build anything you need (it's why we have 200+ terraform modules!)
  • Modernize Legacy Terraform Projects: We'll update your terraform projects to the latest best practices and import them into the Atmos framework.