Cloud Posse publishes our entire library of infrastructure as code for free. We provide solutions and services to help companies implement it the SweetOpstm way. This is what customers get when they buy our reference architecture.
Our reference architecture for AWS consists of a few parts:
Terraform components are our opinionated terraform “root modules” that leverage our library's terraform modules to implement the most common patterns and architectures that customers request.
Documentation & Homework is how your team will be able to take ownership. All customers in one of our DevOps Accelerator tracks receive direct access to our continuously updated documentation. We also offer regular workshops for our Customers. Companies investing in our Enterprise DevOps Accelerator track will be assigned homework that we coach you through pairing sessions to implement.
The best part about getting on to the Cloud Posse Reference Architecture is that you're getting on rails and buying into an ecosystem of Infrastructure as Code. That means that even once our engagement is finished, you'll have access to our latest components (because they're open source), and they'll plug right into everything we've built with you.
We started Cloud Posse in 2015 after seeing a tremendous opportunity for companies to collaborate on infrastructure across corporate boundaries. This gamble paid off. Today we see a massive appetite for open-source terraform modules, and thousands of companies are using our terraform modules daily. It's also proof that infrastructure can be built in a reusable manner using the reference architecture pattern.
While all companies are unique, their infrastructure doesn't need to be. Well-built infrastructure consists of reusable building blocks that implement all the standard components like servers, clusters, load balancers, etc. Rather than build everything from scratch “the hard way”, there's an easier way. Using our “reference architecture” and its service catalog of all the essential pieces of infrastructure (E.g. accounts, vpcs, clusters, databases, etc), everything a business needs can be composed together as an architecture using “Stack” configurations. Best of all, it's all native terraform.
All the components you need are distributed for FREE under the permissive APACHE2 open source software license. This library is the same software that we use in paid our engagements. All software is hosted on our GitHub organization. The difference is how we do it. Anyone can walk into a hardware store and pick up the tools and materials. Few can build a house they would like to live in, let alone a skyscraper. That's why when you work with us, we follow a proven process that produces consistent results on time and within budget. That's why for our paid engagements, the most valuable part of our reference architecture is our project plan coupled with the exclusive documentation we've developed over 7 years—that is continuously refined and revised as we grow.
As a “DevOps Accelerator”, we have a very prescriptive approach to implementing architectures on AWS.
A typical architecture consists of 4 layers, that combined establish your foundation, built from the bottom up to support your specific business requirements. It's like buying and tailoring a suit based on your specific requirements. Each pillar implements a foundation for your team to build on top of. There will likely be some “last mile” customizations needed to suit your use cases; we'll do our best to accommodate them and work with you until those needs are met.
Here are our five pillars of well-built infrastructure. The AWS Well-Architected frameworkhttps://aws.amazon.com/architecture/well-architected/ inspires them, but unlike the Framework, we provide the services to implement them with terraform.
Your foundational infrastructure consists of everything related to your AWS organization such as organizational units and Cloud Trails, IAM architecture, DNS architecture, and all the way up to the VPC and the associated VPC architecture. Everything is built with multi-region and multi-tenancy in mind since many of our customers serve enterprise businesses with complex regulatory requirements that require account-level isolation.
Your foundational platform is how you consistently deliver your applications. We support two popular options, including Kubernetes using EKS and ECS. As part of this pillar, we deploy all the backing services required by the platform. For Kubernetes, these are services like the
external-dns and more. For ECS, we'll typically provision public and private ECS clusters along with a public and private ALB and API Gateway.
Release Engineering is how teams build and release their software. It's arguably the most crucial part of the entire process because it's how the business can deliver software faster and more reliably to its customers. We can deliver multiple CI and CD patterns with a solid foundation and platform. Leveraging GitHub Actions we develop patterns for application archetypes (e.g. Dockerized Microservices, Single Page Applications, Application Libraries, Executables, etc). Then help roll those out by leveraging tools like
cookiecutter to make it very easy to onboard new applications.
The foundation of Site Reliability Engineering (SRE) is implementing an architecture that supports observability, alerting, and incident management. As part of this process, we implement a comprehensive incident management architecture leveraging Datadog and OpsGenie, managed entirely with Terraform.
Our approach to security and compliance at a high level is very simple. We provision all the AWS security-oriented products that enable continuous checks for compliance such as SecurityHub, GuardDuty, Inspector, and Macie. Then deploy the guardrails to ensure you're services are running securely. We work with your team to remediate all the issues raised and satisfy the auditors by deploying Audit Manager for evidence collection.
Professional Services & Ongoing Support
Once your company has graduated from our “DevOps Accelerator” tracks, we aim to see you succeed. We recognize that not all teams will learn at the same speed or have the time to commit to owning their day-to-day operations the minute we finish.
That's why we offer ongoing support for as long as you need our help.
Frequently Asked Questions
We charge a fraction of what it costs to do it in-house and deliver it in half the time or faster. Check out our calculator just to see how much it can cost to build your own cloud infrastructure. Make sure you review some of the risks of doing it yourself.
We practice “agile” development. We charge a flat fee per sprint but allow for scope changes (which are billed separately) at customer request. A typical engagement consists of 8-10 sprints that are 2 weeks (80 hours) in duration.
We can start as soon as you sign our Statement of Work. Typically we see this process take 2-3 weeks from the first introductory call to the start of our engagement.
Here's our checklist we'll need to complete before we can start.
- Execute Mutual NDA (ours or yours)
- Collaborate on Engagement Workbook via Google Docs
- Execute Statement of Work, and Master Services Agreement
- Deposit Payment
We can kick off the initial introductory call immediately, so please make sure that you schedule it today.
After talking with you and assessing if we're a proper fit, we'll execute a Mutual NDA and then send over an Engagement Workbook so we can gather all the requirements for your project and estimate the cost.
We believe in total transparency.
For this reason, you can expect no hidden fees from us.
IMPORTANT: Depending on the features you want to be implemented, certain third-party software subscriptions may be required (SaaS).
We do not include these costs in our contract because they are negotiated between your company and the vendor. Sometimes you may qualify for “startup” pricing.
If everything is open sourced, why don't teams just do it themselves instead of work with Cloud Posse?
Anyone is free to fork our repositories and try themselves, but our support eliminates the guesswork and shortens the time it takes to implement correctly.
Think of it like this: anyone can walk into a hardware store and pick up the materials to build a house. Very few people can build a house that won't fall down if they don't have the experience of using all the tools and hardware correctly. We fill the gap by providing the knowledge and experience to get you where you want to be faster than doing it yourself.
Cloud Posse's typical engagement is for greenfield projects.
The typical duration of our initial rollout is 3-4 months, broken down into 2-week sprints. Each sprint is focused on specific deliverables that are summarized in this list: https://cloudposse.com/what-we-do/
The whole package is recommended but not every item on this list is required to be delivered in every engagement, this is per-customer requirements. We work with your team to help them own the solution we build together once the engagement winds down, but we're always here to help!
Community support is available through our internal and public Slack communities (slack.sweetops.com) and our public Office Hours are available every Wednesday at 11:30 AM Pacific Time, you can also listen to previous sessions on our podcast or on our YouTube channel.
After an engagement ends, we offer optional ongoing support, and starting new projects is always an option as well
Our experience ensures you reach your goals in record time. Time is money. Salaries are by far the biggest cost for most startups. Think about how much you would pay to do this in-house and combine that with how long it will take you. During that time, your teams will be blocked or at the very least slowed down. Plus, you don't even have a predictable outcome. You can easily quantify this as your opportunity cost.
Our solution will pay for itself. You get a predictable solution delivered in record time for a fair price. Your engineers will be unblocked sooner and you'll be able to move faster.
Make sure you include all costs associated with your project.
- What is the cost of recruiting your team?
- What is your team’s fully-loaded cost?
- How long will it take to build and train the team?
- Will they stick around long enough to see the project through?
- What happens when everyone goes on holiday or takes a vacation?
- Will you have enough work for them when the project is over?
Our total project costs predictable. You'll know upfront what to expect and there are no surprises.
It depends. Your best bet is to schedule a discovery call with us so we can go over your specific concerns. Assuming your software runs on Linux and that you're able to make any necessary code changes to ensure your applications are “12 Factor App” compliant, there's a very high likelihood we'll be able to help you out.
We have a very specific mission, which means we may not be a good fit for all companies.
- Companies who are too small (1-2 engineers) may struggle with the upkeep of managing their own infrastructure.
- Companies who do not commit any in-house resources to learn the new software stack will have a tough time (you own it after all!)
- Companies who prefer to use different tools than we prescribe may run into integration challenges (we recommend what we know works)
If any of these sound familiar, please discuss with us before proceeding.
Here are some additional resources you can review:
- Our GitHub is where we publish over 140 terraform modules we've written and open-sourced under the Apache 2 software license. Our repos see over 11K unique visitors every single day and have over 5000 stars. We receive dozens of Pull Requests every week.
- Our Reviews are glowing both from our customers and from our community.
- Our Community will tell you how much we've helped them. You can scan through all of our archives to see what they say.
- Our YouTube Channel showcases many of our presentations and webinars
- Our Office Hours Recordings demonstrate our depth of knowledge and commitment to help others.
- Our Service Catalog is what lets us rapidly deploy the applications you see in our demos and is regularly updated.
- Our Work is Cited all over the place.
What’s it costing your business if you wait?
The longer you wait, the more time & effort you'll waste on maintenance rather than innovation. The more tech debt you'll amass. The more opportunities you'll miss.
Your developers will be less productive, which means you'll be paying more while getting less done in return.
The sooner you streamline your operations the faster you will move:
- Reduce your opportunity cost and capitalize on the investment sooner
- Release more features to customers faster
- Control operating costs to do more for less
Not to mention, your developers will love you for making their lives easier. The last thing developers want is to do things by hand.
When you hire Cloud Posse, you're buying an outcome that few others can provide. What a company is really buying from Cloud Posse is an end-to-end solution that includes time for implementation and integration. This is a solution that has cost our customers millions of dollars to implement and we are selling for a tiny fraction of the cost to implement it in-house.
We are not a traditional “DevOps as a Service” company that only does the grunt work; we provide thought leadership combined with expert execution and implementation. We have chosen to use an “Open Source” licensing model to simplify the software distribution because we provide 10x the value in our implementation.
During the course of our engagement, our customers have direct access to our team with tremendous experience in cloud architecture & implementation. Companies hire us to implement in a span of only 3-4 months would take even the most senior experienced team DevOps engineers years to develop, which makes our offering insanely affordable by comparison. By partnering with Cloud Posse, you're sparing all the hard “lessons learned” to achieve a greater outcome in a shorter amount of time with less risk.
You will find the industry-standard rate for experienced independent contractors/freelancers is around $150-250/hr. Note, when you hire freelancers they don't bring to the table the unparalleled library of code and experience that you get when you partner with Cloud Posse. We put our best foot forward on GitHub so you see exactly what you’re getting. Plus, freelancers and employees cannot offer business continuity, which leaves your company with no one to turn to when/if they leave or go on vacation. While a company might shave off a little bit on the hourly rate by going with an independent contractor, it's several orders of magnitude more expensive to implement a custom solution that is remotely comparable to what we offer; that solution will have greater uncertainty and result in greater risk for your business.
- Gruntwork doesn't provide open access to all their modules, they are a subscription service. Cloud Posse open sources everything.
- All of our code is in GitHub and can be forked and used with no concerns about licensing issues (APACHE2).
- Gruntwork's Reference Architecture requires Terragrunt
- Gruntwork is not a consulting company. They do not help with hands-on implementation. That's left up to you.
- We provide a comprehensive project plan consisting of hundreds of implementation tasks and design decisions that we execute together with your team.
- Our Slack community is free for anyone to join, not just paying customers.
- Because our work is Open Source, there's a lower barrier to getting started. That's why it's in use by thousands and thousands of companies. We receive dozens of Pull Requests every week enhancing our modules and fixing bugs.
Our goal is not to sell you on a solution that you don’t need or one that will frankly be overkill for you. We've worked with several customers that were pre-product and helped them launch successfully. What's important is that owning your infrastructure needs to be a competitive advantage. We work best with companies that have some experience running their apps in containers, using AWS in some capacity, companies that flexible in adopting the open-source tools we deliver as part of our solution.
Your best bet is to schedule a discovery call and we'll quickly assess if we're a good fit for your company.
Unfortunately, we're not able to take on small engagements. You can, however, join us every single week for 100% free “Office Hours”—where we seek to answer your questions. Just register for an invitation.
We hold our “Office Hours” every Wednesday at 11:30 am PT via Zoom. We're typically 30+ people on the call and all skill levels are welcome.
We work with companies who need to own their infrastructure as their competitive advantage.
Our customers are typically post-Series A technology startups who are seeing success in the market and need to accelerate their DevOps adoption in order to take their company to the next level.
They are backed by some of the biggest names in the industry and are solving really difficult problems with technology.
Can you help me understand where the boundaries of CloudPosse's responsibilities end, and where ours would start?
Cloud Posse's mission is to help companies own their infrastructure. We accelerate this journey by architecting your 4 layers with you and by taking the lead on the implementation. Since we have an opinionated framework, customers will need to learn how to leverage everything for their use cases. This will sometimes mean altering how you build and deploy your services.
Getting Started With Us
We always prefer to start with a green-field approach, where we build your infrastructure from the ground up together with your team. As part of our process, we'll walk you through all of the required design decisions, ensuring you have sufficient context to make informed decisions. This is why we expect our customers to have someone on their engineering team invested in the outcome. This part is absolutely critical, as it ensures what we deliver suits your business needs. Everything we do is delivered by pull request for your review and we will happily provide documentation on anything you want. Along the way, we'll assign homework exercises and provide ample documentation. This approach provides the best opportunity to gain a deep hands-on understanding of our solution.
We encourage you to ask as many questions as you want and challenge our assumptions. You also can volunteer for any task you want to take on as “homework” and we'll help you out as needed.
When You Own It
Once our job is done, this is where you take the driver's seat. We'll help you get everything set up for a smooth transition from your heritage environment to your shiny new infrastructure. Rest assured that we'll stick around until your team is confident and has the know-how to operate these platforms in production. We don't expect teams to pick this up overnight, that's why we'll stay engaged for as long as you need. We're happy to answer questions and jump on Zoom for pair programming sessions.
After our engagement, you will have a solid foundation powering your apps, and all the tools you need for infrastructure operations. This means your team is responsible for the ongoing maintenance, including upgrades (e.g. EKS clusters, and all open-source software), patching systems, incident response, triaging, SRE (e.g. adding monitors and alerts), as well as security operations (responding to incidents, staying on top of vulnerabilities/ CVEs). Cloud Posse is continuously updating its Open Source module ecosystem, but it's your responsibility to regularly update your infrastructure. Staying on top of these things is critical for a successful long-term outcome, with minimal technical debt.
For companies that want to focus more on their business and less on maintenance, we provide ongoing support engagements exclusively for customers that have completed our accelerator.
Check out our approach to learn more!
If you're interested in keeping us around after you're finished with our DevOps Accelerator program, we suggest a quarterly retainer that covers 3 months (120+ hours) that will enable us to continue to consult and support you.
This would include:
- Slack support via shared channels
- Zoom pair programming sessions
- Project management with direct Jira access
- Weekly status check-ins (for 120+ hour retainers)
Typical tasks include:
- Patch and update services (e.g. kubernetes and associated services)
- Keep infrastructure code current (terraform modules, helm charts)
- Support major version upgrades of Helm and Terraform
- Implement new infrastructure components, monitors, or environments
- Assist with triaging incidents and remediations
- Optimize performance and cloud spend
How we use the retainer is entirely up to you. We'll suggest tasks as they come up and add them to the backlog. We'll prioritize the work together with you on our check-in calls.
Tasks (and projects) are typically assessed by how much time we want to invest in them. We are happy to collaborate with you to help figure out the best use of our time, but we generally don't guarantee estimates and deadlines as part of ongoing support. This is why we recommend instead to timebox requests, that way you can stay informed if something takes longer than you had expected. It also gives the engineer(s) the ability to quickly communicate if the requested task is going to take shorter or longer than expected.
Our standard quarterly retainer size is 120 hours. You can expect to be provided with detailed billing reports and have direct communication with us every step of the way. We invoice retainers in advance of services under Net-30 terms. Additional retainers can be purchased at any time with written approval. In other words, any time you want to guarantee more bandwidth with us, all we need is an email approval.
We offer service credits (hours) discount for customers participating in a successful, published case study. Here's how it works:
- Obtain provisional approval for conducting a case study.
- Interview stakeholders involved in the project.
- Prepare a private case study published on our site (password protected).
- Submit case study for approval. Make any required changes.
- Publish the case study.
You might be wondering if you can expect to come out the other end of our accelerator with a team ready and able to take over day-to-day operations and migrate additional products into this stack using Cloud Pose's modules.
TL;DR: Yes! But there's homework involved.
When you work with Cloud Posse, it's more of a “delivery” model of engagement in the sense we're doing 95% of the work, in your repo, from day one – one pull request at a time. Our strategy of handoff is helping your team pick up the ropes by assisting them with self-prescribed homework assignments. We do not at this time have any formal curriculum for training, since every team has different needs. What we provide is a standard set of documentation, architectural diagrams, and office hours. We will also document any requested processes or systems as general support. Cloud Posse does not provide Staff Augmentation or Training arrangements.
Think of it more like this… while we're engaged and building out your platform, your team has full access to ask us anything. They can follow along in GitHub, review pulls requests, ask for demos, etc. We'll jump on the phone anytime to help triage, pair program, research, or prototype anything else they want. The most successful teams take advantage of this opportunity early on in the engagement. Those are the teams that are ready to migrate additional products.
Case in point: we have a customer that after 3 weeks of working with us took the initiative and used our Datadog component and migrated all their existing legacy Datadog monitors into terraform. The way we found out was they tagged us on the pull request. That's rad. After multiple reviews and comments, the PR got merged and they're well on their way.
When we're done building everything out, we'll stick around for as long as you need our help – but that's optional. Most customers keep us around for some time afterward until their team feels fully confident operating everything. Also, what we frequently see happen is that teams decide to expand the scope and tack on additional services in their catalog (E.g. EMR, RedShift, StrongDM, etc are examples of this)