Catalog
126 published artifacts · 20 providers
AWS
API Gateway HTTP API
HTTP API with routes, Lambda/ALB integrations, custom domain, JWT authorizers, and access logs.
$129.00
AWSApplication Load Balancer
ALB with HTTPS listeners, target groups, listener rules, and access logging — drop-in for ECS/EC2/Lambda targets.
$129.00
AWSAurora Cluster (Serverless v2 ready)
Aurora PostgreSQL/MySQL cluster with instances, parameter groups, Serverless v2 scaling, and enhanced monitoring.
$299.00
AWSAWS S3 Bucket (hardened)
Private S3 bucket with encryption, versioning, public-access block, and TLS-only policy.
$49.00
AWSCloudFront Site (S3 + ACM + Route53)
Complete HTTPS site/CDN: CloudFront distribution, OAC-locked S3 origin, ACM cert, and Route53 alias records.
$299.00
AWSCodeDeploy CI/CD (EC2 / ECS / Lambda)
CodeDeploy application, deployment groups, and the platform-correct service role for automated EC2/ECS/Lambda rollouts with auto-rollback on failure.
$129.00
AWSDynamoDB Table
DynamoDB table with GSIs/LSIs, TTL, streams, autoscaling or on-demand, and point-in-time recovery.
$49.00
AWSEC2 Instance
EC2 instance with IMDSv2, encrypted EBS, instance profile, and EIP — secure defaults out of the box.
$49.00
AWSECR Repository
ECR repo with lifecycle rules, scan-on-push, immutable tags, and cross-account/replication policies.
$49.00
AWSECS Fargate Service
Full Fargate stack: cluster, task definition, service with ALB integration, autoscaling, and Cloud Map discovery.
$299.00
AWSEKS Cluster with Managed Node Groups
Opinionated EKS cluster with node groups, core add-ons, Pod Identity, and KMS secret encryption.
$299.00
AWSIAM Roles, Policies & OIDC Trust
Least-privilege IAM roles, managed policies, and GitHub/EKS OIDC federation in one composable module.
$129.00
AWSKMS Key with Policy Patterns
Customer-managed KMS keys with sane key policies, aliases, rotation, and multi-region replicas.
$49.00
AWSLambda Function (Packaged & Wired)
Lambda with execution role, log group, triggers, aliases, and zip/container packaging handled.
$129.00
AWSProduction VPC (Multi-AZ)
Battle-tested multi-AZ VPC with public/private/database subnets, NAT, endpoints, and flow logs.
$129.00
AWSRDS Instance (PostgreSQL/MySQL)
Single-instance or Multi-AZ RDS with subnet/parameter/option groups, backups, and monitoring wired correctly.
$129.00
AWSSecrets Manager Secret
Secrets with versioning, resource policies, replication, and optional Lambda rotation scaffolding.
$49.00
AWSSecurity Group with Rule Presets
Security groups with named rule presets (https, postgres, redis...) using modern standalone rule resources.
$49.00
AWSSNS Topic with Subscriptions
SNS standard/FIFO topic with encryption, delivery policies, and SQS/Lambda/email subscriptions.
$49.00
AWSSQS Queue with DLQ
SQS standard/FIFO queue with dead-letter queue, redrive policy, SSE, and least-privilege queue policy.
$49.00
Azure
Application Gateway v2 + WAF
Regional L7 load balancer with WAF v2 policy, TLS termination from Key Vault, autoscaling and health probes.
$129.00
AzureAzure App Service (Linux Web App)
App Service plan + Linux web app with deployment slots, custom domain + managed TLS, VNet integration and autoscale.
$129.00
AzureAzure Bastion + Hardened Jumpbox
Bastion (Developer/Basic/Standard SKU) with optional hardened Linux VM, JIT-style NSG rules and boot diagnostics for secure VM access without public IPs.
$49.00
AzureAzure Container Apps Environment
Container Apps environment with workload profiles, Dapr, KEDA scale rules, ACR pull identity and custom domain.
$129.00
AzureAzure Container Registry
ACR with geo-replication, retention/trust policies, private endpoint and AcrPull role wiring for AKS/Container Apps.
$49.00
AzureAzure Cosmos DB Account
Cosmos DB (NoSQL or MongoDB API) with multi-region failover, autoscale throughput, private endpoint and backup policy.
$129.00
AzureAzure Front Door (Std/Premium) + WAF
Global entry point: Front Door profile, endpoints, origin groups, custom domains with managed TLS and WAF policy.
$129.00
AzureAzure Functions App
Function app (Flex Consumption or Premium) with storage, Application Insights, managed identity and VNet integration.
$129.00
AzureAzure Key Vault
RBAC-mode Key Vault with private endpoint, diagnostics, and managed keys/secrets/certificates scaffolding.
$49.00
AzureAzure Kubernetes Service Cluster
Hardened AKS with system/user node pools, workload identity, Entra RBAC integration, Azure CNI overlay, and Container Insights wired in.
$299.00
AzureAzure Landing Zone Core
Management-group hierarchy, policy baseline (ALZ-aligned), centralized logging and RBAC scaffolding — the flagship enterprise starter.
$299.00
AzureAzure Monitor & Log Analytics Baseline
Central Log Analytics workspace, diagnostic-settings-everywhere pattern, action groups and starter alert pack (metric + log + activity).
$129.00
AzureAzure SQL Database
Logical SQL server + database with Entra-only auth, firewall/private endpoint, auditing, TDE and failover-group option.
$129.00
AzureAzure Storage Account (secure-by-default)
Storage account with containers/file shares, lifecycle rules, network rules, CMK encryption and private endpoint options — Azure's most-deployed resource done right.
$129.00
AzureAzure Virtual Network (hub-ready)
Production VNet with subnets, NSGs, route tables, peering and optional NAT Gateway — the network backbone every Azure deployment starts with.
$129.00
AzureEntra ID Workload Identity Baseline
App registrations, service principals, groups and federated credentials (OIDC for GitHub/Terraform) — the identity plumbing every Azure org rebuilds by hand.
$129.00
AzurePostgreSQL Flexible Server
Flexible Server with HA option, private VNet delegation, Entra auth, firewall and tuned server parameters.
$129.00
AzureResource Group + Naming/Tagging Baseline
Opinionated resource group factory with CAF-compliant naming, mandatory tags, locks and budget alert.
$49.00
Google Cloud
AlloyDB for PostgreSQL Cluster
AlloyDB cluster with primary + read-pool instances, PSC connectivity, automated backups and columnar/vector engine flags.
$129.00
GCPArtifact Registry Repositories
Docker/Maven/npm repos with cleanup policies, remote and virtual repositories, CMEK and reader/writer IAM.
$49.00
GCPBigQuery Dataset & Tables
Datasets with partitioned/clustered tables, authorized views, CMEK and dataset-level access controls.
$129.00
GCPCloud DNS Zones & Records
Public/private managed zones with record sets, DNSSEC, forwarding and peering configs.
$49.00
GCPCloud KMS Keyring & Keys
Keyrings and rotation-enabled crypto keys with per-key IAM for CMEK across GCS, BigQuery, Cloud SQL and disks.
$49.00
GCPCloud Run Function (gen2)
Event-driven or HTTP gen2 function with source upload, dedicated runtime SA and Eventarc trigger wiring.
$49.00
GCPCloud Run Service
Cloud Run v2 service with autoscaling, secret and VPC egress wiring, custom domain and invoker IAM done right.
$129.00
GCPCloud SQL (PostgreSQL/MySQL) HA Instance
Regional-HA Cloud SQL with private IP (PSA/PSC), automated backups, PITR, read replicas and IAM database auth.
$129.00
GCPCloud Storage Bucket
Hardened GCS bucket with uniform access, versioning, lifecycle/soft-delete policies, CMEK and least-privilege IAM.
$49.00
GCPGCP Project Factory
Opinionated project creation: API enablement, billing budget, default-SA lockdown, audit log sinks and baseline IAM.
$299.00
GCPGCP VPC Network Foundation
Production VPC with subnets, secondary ranges, firewall rules, Cloud Router and Cloud NAT — the network base every GCP workload sits on.
$129.00
GCPGKE Cluster (Autopilot & Standard)
Private, Workload-Identity-enabled GKE cluster with managed node pools, release channels and maintenance windows, hardened to Google best practice.
$299.00
GCPGlobal External HTTPS Load Balancer
Global ALB with managed TLS certs, URL map, serverless/instance NEG backends, optional Cloud CDN and Cloud Armor policy.
$299.00
GCPHA VPN (Site-to-Site)
99.99% SLA HA VPN gateway pair with BGP-dynamic routing — GCP-to-on-prem or GCP-to-AWS/Azure.
$129.00
GCPMemorystore Redis/Valkey
Private Memorystore instance or cluster (Redis or Valkey) with auth, TLS and maintenance policy on your VPC.
$49.00
GCPPub/Sub Topics & Subscriptions
Topics with schemas, push/pull/BigQuery subscriptions, dead-letter queues and retry policies preconfigured.
$49.00
GCPSecret Manager Secrets
Secrets with versions, replication policy, rotation schedules, expiry and accessor IAM.
$49.00
GCPService Accounts & IAM Bindings
Service accounts with least-privilege project/resource IAM and optional Workload Identity Federation for keyless CI/CD (GitHub Actions).
$49.00
Oracle Cloud
API Gateway & Deployment
Managed API gateway with route deployments, JWT/auth policies, rate limiting, CORS and custom-domain TLS.
$129.00
Oracle CloudAutonomous Database (Serverless)
ATP/ADW/JSON/APEX autonomous database with private endpoint, mTLS wallet output, ACLs, auto-scaling and backup config.
$129.00
Oracle CloudBase Database Service (DBCS VM)
Oracle Database VM system with DB home, TDE via Vault, automated backups and optional Data Guard standby.
$299.00
Oracle CloudBastion Service
Zero-footprint managed bastion with session-managed SSH/port-forward access to private subnets — replaces jump hosts.
$49.00
Oracle CloudDNS Zone & Traffic Steering
Public/private DNS zones with record sets, failover/geo steering policies and health-check probes.
$49.00
Oracle CloudDRG Hub & Spoke Connectivity
Dynamic Routing Gateway with VCN attachments, custom DRG route tables, remote peering and IPSec/FastConnect attach points.
$129.00
Oracle CloudFile Storage (NFS)
Elastic NFSv3 file system with mount target, export options, snapshots and NSG-scoped access.
$49.00
Oracle CloudFlexible Load Balancer (L7)
HTTPS load balancer with backend sets, health checks, TLS certificates, rule sets and WAF-ready listeners.
$129.00
Oracle CloudFunctions Application
Serverless Fn application with functions, provisioned concurrency, invoke logging and Events-rule trigger wiring.
$49.00
Oracle CloudInstance Pool with Autoscaling
Self-healing instance pool from an instance configuration with metric- or schedule-based autoscaling and LB attachment.
$129.00
Oracle CloudMySQL HeatWave DB System
Managed MySQL with optional HeatWave analytics cluster, HA, backups, configuration and inbound replication channel.
$129.00
Oracle CloudNetwork Load Balancer (L4)
Low-latency pass-through NLB with TCP/UDP listeners, backend health checks and preserved client IPs.
$49.00
Oracle CloudObject Storage Bucket
Bucket with versioning, lifecycle/auto-tiering, retention rules, replication and pre-authenticated request support.
$49.00
Oracle CloudOCI Compute Instance (flex shapes)
Opinionated VM with E5/A1 flex shapes, cloud-init, attached block volumes, NSGs and in-transit encryption.
$49.00
Oracle CloudOCI IAM Foundation (compartments + policies)
Tenancy landing-zone core: compartment hierarchy, groups, dynamic groups, policy statements and tag namespaces from a single map.
$129.00
Oracle CloudOCI VCN (hub-ready network foundation)
Production VCN with public/private subnets, internet/NAT/service gateways, route tables, NSGs and IPv6 — the module every OCI tenancy starts with.
$129.00
Oracle CloudOKE Managed Kubernetes Cluster
Enhanced OKE cluster with managed + virtual node pools, private API endpoint, NSGs, addons and OIDC — flagship OCI workload platform.
$299.00
Oracle CloudVault, Keys & Secrets
KMS vault with HSM/software master keys, key rotation and secret lifecycle management for app credentials.
$129.00
Linode
Linode Block Storage Volume
Attachable, resizable NVMe block volume with safe attach/detach lifecycle handling.
$49.00
Alt & Specialty CloudsLinode Cloud Firewall Baseline
Opinionated stateful firewall with deny-by-default inbound, curated allow rules, and multi-device attachment.
$49.00
Alt & Specialty CloudsLinode Compute Instance (production-ready)
Hardened Linode VM with cloud-init, disk encryption, reverse DNS, backups, and firewall attachment in one apply.
$129.00
Alt & Specialty CloudsLinode DNS Zone & Records
Complete DNS zone with typed record management and sane TTL defaults on Linode's free DNS Manager.
$49.00
Alt & Specialty CloudsLinode Kubernetes Engine Cluster
Production LKE cluster with autoscaling node pools, HA control plane, disk encryption, ACL, and optional Enterprise tier.
$299.00
Alt & Specialty CloudsLinode Managed Database (MySQL/PostgreSQL)
HA managed database cluster with allowlists, maintenance windows, and fork/restore support on the new Aiven platform.
$129.00
Alt & Specialty CloudsLinode NodeBalancer Load Balancer
Managed L4/L7 load balancer with TLS termination, health checks, session stickiness, and UDP support.
$129.00
Alt & Specialty CloudsLinode Object Storage Bucket
S3-compatible bucket with scoped access keys, versioning, lifecycle rules, and optional static-site hosting.
$129.00
Alt & Specialty CloudsLinode VPC with Subnets
Isolated VPC network with labeled subnets ready for instances, LKE, and NodeBalancer backends.
$49.00
Akamai
Akamai App & API Protector (WAF)
Security configuration with policy, WAF mode, match targets, rate controls, and IP/geo blocking, activated to staging or production.
$299.00
Edge & DNSAkamai CPS DV Certificate
Automated Domain Validated TLS enrollment with DNS/HTTP challenge outputs wired for Edge DNS.
$129.00
Edge & DNSAkamai Edge DNS Zone
Authoritative Edge DNS zone with full recordset management on Akamai's DDoS-resilient anycast network.
$129.00
Edge & DNSAkamai Edge Redirector Cloudlet
Rule-driven edge redirects (vanity URLs, migrations) managed as code with versioned policy activation.
$129.00
Edge & DNSAkamai EdgeWorker with EdgeKV
Deploy JavaScript at the edge with bundle versioning, EdgeKV namespace, and network activation in one module.
$129.00
Edge & DNSAkamai GTM Failover/Weighted Domain
Global Traffic Management domain with datacenters and failover or weighted-round-robin properties plus liveness tests.
$129.00
Edge & DNSAkamai Ion Delivery Property
End-to-end Ion CDN property: origin, edge hostname, caching/performance rule tree, CP code, and staging/production activation.
$299.00
Edge & DNSAkamai Network Lists
Versioned IP and geo block/allow lists with activation, ready to feed WAF policies and property rules.
$49.00
DigitalOcean
DigitalOcean App Platform Service
Declarative App Platform deployment with services, workers, domains, and alerts.
$129.00
Alt & Specialty CloudsDigitalOcean DOKS Cluster
Production DOKS with node pools, VPC, registry hookup, and maintenance windows in one apply.
$299.00
Alt & Specialty CloudsDigitalOcean Droplet Stack
Hardened droplet(s) with VPC, firewall, volume, reserved IP, and cloud-init bootstrap.
$129.00
Alt & Specialty CloudsDigitalOcean Managed Database
Managed PG/MySQL/Valkey cluster with firewall trust list, users, DBs, and replicas.
$129.00
Cloudflare
Cloudflare DNS & WAF
Zone DNS records, security settings, and managed WAF rulesets for a Cloudflare zone — provider v5 ready.
$129.00
Edge & DNSCloudflare Workers Platform
Worker with KV/R2/D1 bindings, routes, custom domain, and secrets — full edge app scaffold.
$129.00
Edge & DNSCloudflare Zero Trust Access
Access application with policies, identity provider wiring, and a cloudflared tunnel to private origins.
$299.00
Hetzner
Hetzner Load-Balanced Web Tier
Managed LB with health checks, cert, and label-selected server targets.
$129.00
Alt & Specialty CloudsHetzner Private Network + NAT
Private network with subnets, routes, and a NAT gateway server for egress-only fleets.
$49.00
Alt & Specialty CloudsHetzner Server Fleet
N-server fleet with placement group, firewall, primary IPs, and cloud-init — Hetzner's price/perf with guardrails.
$129.00
Scaleway
Scaleway Kapsule Cluster
Kapsule Kubernetes with pools, private network, and autoscaling/autoheal presets.
$299.00
Alt & Specialty CloudsScaleway Managed Database
RDB PostgreSQL/MySQL with HA, private-network endpoint, users, and ACLs.
$129.00
Alt & Specialty CloudsScaleway Serverless Container
Container namespace, deployed container, custom domain, and registry wiring.
$49.00
Alibaba Cloud
Alibaba Cloud ACK Cluster
Managed ACK Kubernetes with node pools, VPC integration, and RAM roles.
$299.00
Alt & Specialty CloudsAlibaba Cloud VPC Foundation
Multi-AZ VPC with vSwitches, NAT gateway, SNAT, security groups, and flow logs.
$129.00
Civo
Exoscale
IBM Cloud
IBM Cloud Kubernetes (IKS) on VPC
IKS cluster on VPC Gen2 with worker pools and COS-backed registry namespace.
$299.00
Alt & Specialty CloudsIBM Cloud VPC Landing Zone (Lite)
VPC with subnets, public gateways, ACLs, and security groups following IBM SLZ patterns.
$129.00
OVHcloud
OVHcloud Managed Database
Managed PG/MySQL/Kafka with users, IP restrictions, and private network egress.
$129.00
Alt & Specialty CloudsOVHcloud Managed Kubernetes
MKS cluster with node pools and private-network (vRack) attachment.
$299.00
Tencent Cloud
Tencent Cloud VPC Foundation
VPC with subnets, route tables, NAT, and security groups across AZs.
$129.00
Alt & Specialty CloudsTencent TKE Cluster
Managed TKE Kubernetes with node pools and VPC-CNI networking.
$299.00
UpCloud
UpCloud Managed Database
Managed PG/MySQL with properties tuning, users, and logical DBs.
$129.00
Alt & Specialty CloudsUpCloud Server Stack
Servers on SDN private network with storage, router, and firewall rules.
$49.00
Vultr
Huawei Cloud
Multi-cloud & platform-agnostic
Baseline Linux Hardening
SSH hardening drop-in, sysctl security profile, login banner, and time sync. Original, live-tested (Molecule) role.
$49.00
Web ServersNginx (verified role)
Verified wrapper around geerlingguy.nginx pinned at 3.3.0 plus an IaC Bazaar hardening overlay (server_tokens off, security headers, default-vhost removal); live-tested for idempotence and functionally verified: systemd unit active, HTTP 200, headers present, no version leak.
$39.00
DatabasesPostgreSQL Server (EL)
PostgreSQL server with guarded initdb, SCRAM-SHA-256 auth, managed conf.d drop-in, templated pg_hba, and app database + owner provisioning. Original, live-tested (Molecule/podman) role.
$99.00
ObservabilityPrometheus node_exporter (verified)
Official node_exporter release (pinned v1.11.1) with sha256 checksum-verified install, dedicated shell-less system user, and a systemd unit on :9100; live-tested for idempotence with a functional /metrics verification.
$39.00
Security & SecretsVault Policies & Auth
Vault policies, auth backends, and secret engine configuration as code.
$129.00