IaC Bazaar

Terraform & OpenTofu modules

176 verified Terraform modules across 20 cloud providers — every one is OpenTofu-compatible and statically validated (tofu validate + tflint + Checkov) before it passes the publish gate. Each ships an annotated terraform.tfvars.example: copy, edit, tofu apply.

99 of 176 are live-tested — really applied, verified, then destroyed. The rest are static-validated, live-test pending. We never label a module “live-tested” without the real test — how we verify.

All Terraform & OpenTofu modules

AWS✓ live-tested

ACM Certificate (DNS-validated)

Requests a public, DNS-validated ACM TLS certificate that ACM auto-renews forever, outputting the validation records to publish — CT logging on, wildcards and SANs supported.

$49.00v1.0.0
AkamaiEdge & DNS

Akamai App & API Protector (WAF)

Security configuration with policy, WAF mode, match targets, rate controls, and IP/geo blocking, activated to staging or production.

$299.00v1.0.0
AkamaiEdge & DNS

Akamai CPS DV Certificate

Automated Domain Validated TLS enrollment with DNS/HTTP challenge outputs wired for Edge DNS.

$129.00v1.0.0
Akamai✓ live-tested

Akamai Edge DNS Zone

Authoritative Edge DNS zone with full recordset management on Akamai's DDoS-resilient anycast network.

$129.00v1.0.0
AkamaiEdge & DNS

Akamai Edge Redirector Cloudlet

Rule-driven edge redirects (vanity URLs, migrations) managed as code with versioned policy activation.

$129.00v1.0.0
AkamaiEdge & DNS

Akamai EdgeWorker with EdgeKV

Deploy JavaScript at the edge with bundle versioning, EdgeKV namespace, and network activation in one module.

$129.00v1.0.0
AkamaiEdge & DNS

Akamai GTM Failover/Weighted Domain

Global Traffic Management domain with datacenters and failover or weighted-round-robin properties plus liveness tests.

$129.00v1.0.0
AkamaiEdge & DNS

Akamai Ion Delivery Property

End-to-end Ion CDN property: origin, edge hostname, caching/performance rule tree, CP code, and staging/production activation.

$299.00v1.0.0
Akamai✓ live-tested

Akamai Network Lists

Versioned IP and geo block/allow lists with activation, ready to feed WAF policies and property rules.

$49.00v1.0.0
Alibaba CloudAlt & Specialty Clouds

Alibaba Cloud ACK Cluster

Managed ACK Kubernetes with node pools, VPC integration, and RAM roles.

$299.00v1.0.0
Alibaba CloudAlt & Specialty Clouds

Alibaba Cloud VPC Foundation

Multi-AZ VPC with vSwitches, NAT gateway, SNAT, security groups, and flow logs.

$129.00v1.0.0
Google Cloud✓ live-tested

AlloyDB for PostgreSQL Cluster

AlloyDB cluster with primary + read-pool instances, PSC connectivity, automated backups and columnar/vector engine flags.

$129.00v1.0.0
Oracle CloudOracle Cloud

API Gateway & Deployment

Managed API gateway with route deployments, JWT/auth policies, rate limiting, CORS and custom-domain TLS.

$129.00v1.0.0
AWS✓ live-tested

API Gateway HTTP API

HTTP API with routes, Lambda/ALB integrations, custom domain, JWT authorizers, and access logs.

$129.00v1.0.0
Google Cloud✓ live-tested

API Gateway (OpenAPI 2.0)

A serverless API Gateway fronting an OpenAPI 2.0 spec — API, immutable config and managed gateway — with a dedicated least-privilege backend service account and a built-in default spec.

$129.00v1.0.0
AWS✓ live-tested

API Gateway REST API (deny-by-default)

A REST API wired end to end — resource tree built from route paths, deny-by-default IAM authorization, MOCK/Lambda/HTTP integrations, deployment + stage with throttling and JSON access logs.

$129.00v1.0.0
Azure✓ live-tested

API Management (Consumption tier)

An API Management gateway tuned for the serverless Consumption tier — scale-to-zero, billed per call — with a system-assigned managed identity, TLS hardening, and HTTP/2 enabled.

$129.00v1.0.0
Azure✓ live-tested

Application Gateway v2 + WAF

Regional L7 load balancer with WAF v2 policy, TLS termination from Key Vault, autoscaling and health probes.

$129.00v1.0.0
AWS✓ live-tested

Application Load Balancer

ALB with HTTPS listeners, target groups, listener rules, and access logging — drop-in for ECS/EC2/Lambda targets.

$129.00v1.0.0
Google Cloud✓ live-tested

Artifact Registry Repositories

Docker/Maven/npm repos with cleanup policies, remote and virtual repositories, CMEK and reader/writer IAM.

$49.00v1.0.0
AWS✓ live-tested

Aurora Cluster (Serverless v2 ready)

Aurora PostgreSQL/MySQL cluster with instances, parameter groups, Serverless v2 scaling, and enhanced monitoring.

$299.00v1.0.0
Oracle CloudOracle Cloud

Autonomous Database (Serverless)

ATP/ADW/JSON/APEX autonomous database with private endpoint, mTLS wallet output, ACLs, auto-scaling and backup config.

$129.00v1.0.0
AWS✓ live-tested

AWS S3 Bucket (hardened)

Private S3 bucket with encryption, versioning, public-access block, and TLS-only policy.

$49.00v1.0.0
AzureAzure

Azure App Service (Linux Web App)

App Service plan + Linux web app with deployment slots, custom domain + managed TLS, VNet integration and autoscale.

$129.00v1.0.0
Azure✓ live-tested

Azure Bastion + Hardened Jumpbox

Bastion (Developer/Basic/Standard SKU) with optional hardened Linux VM, JIT-style NSG rules and boot diagnostics for secure VM access without public IPs.

$49.00v1.0.0
AzureAzure

Azure Cache for Redis

Azure Cache for Redis done cheap by default — the Basic C0 tier with TLS 1.2 minimum and the non-SSL port disabled — scaling cleanly up to Standard and Premium via precondition-guarded inputs.

$129.00v1.0.0
Azure✓ live-tested

Azure Container Apps Environment

Container Apps environment with workload profiles, Dapr, KEDA scale rules, ACR pull identity and custom domain.

$129.00v1.0.0
Azure✓ live-tested

Azure Container Instances (ACI)

Runs one or more containers on Azure Container Instances without VMs or an orchestrator — secure by default with no privileged containers, redacted secret fields, and an optional managed identity.

$129.00v1.0.0
Azure✓ live-tested

Azure Container Registry

ACR with geo-replication, retention/trust policies, private endpoint and AcrPull role wiring for AKS/Container Apps.

$49.00v1.0.0
Azure✓ live-tested

Azure Cosmos DB Account

Cosmos DB (NoSQL or MongoDB API) with multi-region failover, autoscale throughput, private endpoint and backup policy.

$129.00v1.0.0
Azure✓ live-tested

Azure DevOps Project + Repo + Pipeline

Bootstraps an Azure DevOps project with an initialized Git repository and a YAML build pipeline — repeatable team setup as code.

$129.00v1.0.0
AzureAzure

Azure Front Door (Std/Premium) + WAF

Global entry point: Front Door profile, endpoints, origin groups, custom domains with managed TLS and WAF policy.

$129.00v1.0.0
Azure✓ live-tested

Azure Functions App

Function app (Flex Consumption or Premium) with storage, Application Insights, managed identity and VNet integration.

$129.00v1.0.0
Azure✓ live-tested

Azure Key Vault

RBAC-mode Key Vault with private endpoint, diagnostics, and managed keys/secrets/certificates scaffolding.

$49.00v1.0.0
Azure✓ live-tested

Azure Kubernetes Service Cluster

Hardened AKS with system/user node pools, workload identity, Entra RBAC integration, Azure CNI overlay, and Container Insights wired in.

$299.00v1.0.0
Azure✓ live-tested

Azure Landing Zone Core

Management-group hierarchy, policy baseline (ALZ-aligned), centralized logging and RBAC scaffolding — the flagship enterprise starter.

$299.00v1.0.0
Azure✓ live-tested

Azure Linux Virtual Machine (self-contained)

A fully self-contained general-purpose Linux VM on Azure — one apply creates the resource group, VNet, subnet, NSG, NIC, optional public IP and an SSH-key-only VM with a system-assigned identity.

$129.00v1.0.0
Azure✓ live-tested

Azure Linux VM Scale Set (Uniform)

A self-contained Linux VM Scale Set (Uniform orchestration) on Azure — one apply creates the resource group, VNet, subnet, NSG and an SSH-key-only scale set with deny-all-inbound and no public IPs.

$299.00v1.0.0
Azure✓ live-tested

Azure Monitor & Log Analytics Baseline

Central Log Analytics workspace, diagnostic-settings-everywhere pattern, action groups and starter alert pack (metric + log + activity).

$129.00v1.0.0
Azure✓ live-tested

Azure Private DNS Zone

A self-contained Azure Private DNS zone with virtual-network links and optional record sets for private name resolution across VNets and Private Endpoints — VM auto-registration off by default.

$49.00v1.0.0
Azure✓ live-tested

Azure Private Endpoint (Private Link)

An Azure Private Endpoint giving a target PaaS resource a private IP inside your VNet so traffic stays on the Microsoft backbone — wire to existing subnet/target or run fully self-contained.

$129.00v1.0.0
Azure✓ live-tested

Azure Public DNS Zone & Records

An Azure public DNS zone plus a map-driven set of record sets — A, AAAA, CNAME, TXT, MX, NS, CAA and SRV — with relative naming, verbatim TXT values, and apex footgun guards.

$49.00v1.0.0
AzureAzure

Azure SQL Database

Logical SQL server + database with Entra-only auth, firewall/private endpoint, auditing, TDE and failover-group option.

$129.00v1.0.0
Azure✓ live-tested

Azure Standard Load Balancer (L4)

An Azure Standard L4 load balancer with a self-created static public IP frontend, a backend address pool, health probes and load-balancing rules — Standard SKU throughout.

$129.00v1.0.0
Azure✓ live-tested

Azure Static Web App

Globally distributed hosting for static sites and SPAs on Azure Static Web Apps with optional serverless APIs, free auto-renewing TLS, and a built-in global CDN — defaulting to the cost-free Free SKU.

$129.00v1.0.0
Azure✓ live-tested

Azure Storage Account (secure-by-default)

Storage account with containers/file shares, lifecycle rules, network rules, CMK encryption and private endpoint options — Azure's most-deployed resource done right.

$129.00v1.0.0
Azure✓ live-tested

Azure Traffic Manager Profile

Global, DNS-based load balancing with a Traffic Manager profile and map-driven external endpoints — Performance, Priority, Weighted, Geographic, Subnet or MultiValue routing with an HTTPS health probe.

$49.00v1.0.0
Azure✓ live-tested

Azure Virtual Network (hub-ready)

Production VNet with subnets, NSGs, route tables, peering and optional NAT Gateway — the network backbone every Azure deployment starts with.

$129.00v1.0.0
Oracle CloudOracle Cloud

Base Database Service (DBCS VM)

Oracle Database VM system with DB home, TDE via Vault, automated backups and optional Data Guard standby.

$299.00v1.0.0
Oracle CloudOracle Cloud

Bastion Service

Zero-footprint managed bastion with session-managed SSH/port-forward access to private subnets — replaces jump hosts.

$49.00v1.0.0
Google Cloud✓ live-tested

BigQuery Dataset & Tables

Datasets with partitioned/clustered tables, authorized views, CMEK and dataset-level access controls.

$129.00v1.0.0
Google Cloud✓ live-tested

Certificate Manager (certificate map)

A Certificate Manager certificate map for external HTTPS load balancers, with an optional Google-managed certificate and DNS authorization provisioned when you supply a domain you control.

$49.00v1.0.0
CivoAlt & Specialty Clouds

Civo Compute Stack

Instances with network, firewall, volume, and reserved IP.

$49.00v1.0.0
CivoAlt & Specialty Clouds

Civo Kubernetes Cluster

Fast-launch k3s cluster with node pools, firewall rules, and network.

$129.00v1.0.0
Google Cloud✓ live-tested

Cloud Armor Security Policy (WAF)

A global Cloud Armor WAF policy with preconfigured OWASP SQLi and XSS rules enforcing by default, an optional per-client rate limit, and custom IP allow/deny rules — attachable to many backends.

$49.00v1.0.0
Google Cloud✓ live-tested

Cloud Bigtable Instance & Table

A single-cluster Cloud Bigtable instance (one 1-node SSD cluster, the smallest footprint) plus a table with column families, IAM-only access, optional CMEK, and deletion protection on.

$299.00v1.0.0
Google Cloud✓ live-tested

Cloud DNS Zones & Records

Public/private managed zones with record sets, DNSSEC, forwarding and peering configs.

$49.00v1.0.0
Google Cloud✓ live-tested

Cloud Filestore NFS Share

A managed Cloud Filestore NFS share for GKE and Compute Engine, VPC-peered with no public exposure, optional per-client export rules for least-privilege access, and deletion protection on.

$299.00v1.0.0
CloudflareEdge & DNS

Cloudflare DNS & WAF

Zone DNS records, security settings, and managed WAF rulesets for a Cloudflare zone — provider v5 ready.

$129.00v1.0.0
CloudflareEdge & DNS

Cloudflare Workers Platform

Worker with KV/R2/D1 bindings, routes, custom domain, and secrets — full edge app scaffold.

$129.00v1.0.0
CloudflareEdge & DNS

Cloudflare Zero Trust Access

Access application with policies, identity provider wiring, and a cloudflared tunnel to private origins.

$299.00v1.0.0
AWSAWS

CloudFront Site (S3 + ACM + Route53)

Complete HTTPS site/CDN: CloudFront distribution, OAC-locked S3 origin, ACM cert, and Route53 alias records.

$299.00v1.0.0
Google CloudGoogle Cloud

Cloud KMS Keyring & Keys

Keyrings and rotation-enabled crypto keys with per-key IAM for CMEK across GCS, BigQuery, Cloud SQL and disks.

$49.00v1.0.0
Google Cloud✓ live-tested

Cloud Monitoring, Alerting & Log Export

A self-contained observability bundle: a metric-threshold alert policy, a Monitoring dashboard, and a log-export sink to a locked-down GCS bucket with the sink writer-identity IAM grant wired in.

$49.00v1.0.0
Google Cloud✓ live-tested

Cloud NAT Gateway

A regional Cloud Router and Cloud NAT gateway giving private, external-IP-less instances outbound internet access, with auto-allocated NAT IPs, all-subnet coverage, and logging on by default.

$49.00v1.0.0
Google CloudGoogle Cloud

Cloud Run Function (gen2)

Event-driven or HTTP gen2 function with source upload, dedicated runtime SA and Eventarc trigger wiring.

$49.00v1.0.0
Google Cloud✓ live-tested

Cloud Run Job (v2)

A Cloud Run v2 Job for batch and run-to-completion workloads with a dedicated runtime service account, auto-wired Secret Manager accessor grants, VPC egress, bounded retries and per-task timeout.

$129.00v1.0.0
Google Cloud✓ live-tested

Cloud Run Service

Cloud Run v2 service with autoscaling, secret and VPC egress wiring, custom domain and invoker IAM done right.

$129.00v1.0.0
Google Cloud✓ live-tested

Cloud Scheduler HTTP Cron Job

A Cloud Scheduler cron job that calls an HTTP(S) endpoint on a schedule, with a bounded attempt deadline, capped exponential-backoff retries, and per-invocation OIDC/OAuth service-account auth.

$49.00v1.0.0
Google Cloud✓ live-tested

Cloud Spanner Instance & Database

A regional Cloud Spanner instance at the smallest billable size (100 processing units) plus a database with optional starter schema, drop protection, and Terraform deletion protection on.

$299.00v1.0.0
Google Cloud✓ live-tested

Cloud SQL (PostgreSQL/MySQL) HA Instance

Regional-HA Cloud SQL with private IP (PSA/PSC), automated backups, PITR, read replicas and IAM database auth.

$129.00v1.0.0
Google Cloud✓ live-tested

Cloud Storage Bucket

Hardened GCS bucket with uniform access, versioning, lifecycle/soft-delete policies, CMEK and least-privilege IAM.

$49.00v1.0.0
Google Cloud✓ live-tested

Cloud Tasks Queue

A Cloud Tasks queue with capped dispatch rate and concurrency, a bounded exponential-backoff retry policy, and full Stackdriver logging so failed dispatches are observable rather than silent.

$49.00v1.0.0
AWS✓ live-tested

CloudWatch Logs, Alarm & Dashboard

A self-contained CloudWatch observability bundle — an encrypted log group with retention, a metric alarm, and a dashboard — that stands up from just a name and points at any real metric.

$49.00v1.0.0
Google Cloud✓ live-tested

Cloud Workflows (least-privilege identity)

A Cloud Workflows workflow that runs as a dedicated least-privilege service account instead of the broad Compute Engine default, with inline YAML, deletion protection, and call logging.

$49.00v1.0.0
AWS✓ live-tested

CodeDeploy CI/CD (EC2 / ECS / Lambda)

CodeDeploy application, deployment groups, and the platform-correct service role for automated EC2/ECS/Lambda rollouts with auto-rollback on failure.

$129.00v1.0.0
AWS✓ live-tested

CodePipeline + CodeBuild CI/CD

AWS-native CI/CD: CodePipeline orchestrating a CodeBuild project, with an encrypted private artifact bucket and least-privilege roles. Sources from S3 (or GitHub).

$129.00v1.0.0
AWS✓ live-tested

Cognito User Pool & App Client

A secure-by-default Cognito user pool and app client with optional hosted-UI domain — strong password policy, TOTP MFA, account-enumeration protection, SRP-only flows, and refresh-token revocation.

$49.00v1.0.0
DigitalOceanAlt & Specialty Clouds

DigitalOcean App Platform Service

Declarative App Platform deployment with services, workers, domains, and alerts.

$129.00v1.0.0
DigitalOceanAlt & Specialty Clouds

DigitalOcean DOKS Cluster

Production DOKS with node pools, VPC, registry hookup, and maintenance windows in one apply.

$299.00v1.0.0
DigitalOceanAlt & Specialty Clouds

DigitalOcean Droplet Stack

Hardened droplet(s) with VPC, firewall, volume, reserved IP, and cloud-init bootstrap.

$129.00v1.0.0
DigitalOceanAlt & Specialty Clouds

DigitalOcean Managed Database

Managed PG/MySQL/Valkey cluster with firewall trust list, users, DBs, and replicas.

$129.00v1.0.0
Oracle CloudOracle Cloud

DNS Zone & Traffic Steering

Public/private DNS zones with record sets, failover/geo steering policies and health-check probes.

$49.00v1.0.0
Oracle CloudOracle Cloud

DRG Hub & Spoke Connectivity

Dynamic Routing Gateway with VCN attachments, custom DRG route tables, remote peering and IPSec/FastConnect attach points.

$129.00v1.0.0
AWS✓ live-tested

DynamoDB Table

DynamoDB table with GSIs/LSIs, TTL, streams, autoscaling or on-demand, and point-in-time recovery.

$49.00v1.0.0
AWS✓ live-tested

EC2 Instance

EC2 instance with IMDSv2, encrypted EBS, instance profile, and EIP — secure defaults out of the box.

$49.00v1.0.0
AWS✓ live-tested

EC2 Launch Template + Auto Scaling Group

EC2 launch template and Auto Scaling group with IMDSv2 enforced, encrypted gp3 root volume, an egress-only security group, and scale-to-zero defaults so it applies cleanly with no compute cost.

$129.00v1.0.0
AWS✓ live-tested

ECR Repository

ECR repo with lifecycle rules, scan-on-push, immutable tags, and cross-account/replication policies.

$49.00v1.0.0
AWS✓ live-tested

ECS Fargate Service

Full Fargate stack: cluster, task definition, service with ALB integration, autoscaling, and Cloud Map discovery.

$299.00v1.0.0
AWS✓ live-tested

EFS File System (encrypted, in-transit TLS)

An EFS file system with mount targets, a least-privilege NFS security group, lifecycle tiering, automatic backups, and a resource policy that enforces encryption in transit.

$129.00v1.0.0
AWS✓ live-tested

EKS Cluster with Managed Node Groups

Opinionated EKS cluster with node groups, core add-ons, Pod Identity, and KMS secret encryption.

$299.00v1.0.0
AWS✓ live-tested

ElastiCache for Redis / Valkey

A cluster-mode-disabled ElastiCache Redis/Valkey cache with encryption at rest and in transit both on, no public exposure, and the subnet group and security group created for you.

$129.00v1.0.0
Azure✓ live-tested

Entra ID Workload Identity Baseline

App registrations, service principals, groups and federated credentials (OIDC for GitHub/Terraform) — the identity plumbing every Azure org rebuilds by hand.

$129.00v1.0.0
Google Cloud✓ live-tested

Eventarc Pub/Sub Trigger

An Eventarc Pub/Sub trigger wired into a self-contained pipeline — a Cloud Run target, a dedicated delivery service account, and the run.invoker and eventReceiver grants Eventarc silently requires.

$49.00v1.0.0
AWS✓ live-tested

EventBridge Bus, Rule & Target

A custom EventBridge event bus, a pattern-filtered rule, and a target wired end-to-end — encryption at rest always on, least-privilege log delivery, and a 24h retry policy with optional DLQ.

$49.00v1.0.0
Azure✓ live-tested

Event Grid Topic & Subscriptions

An Event Grid custom topic plus event subscriptions with an optional in-module Storage Queue target — SAS auth off (Entra ID), a system-assigned identity, and HTTPS-only TLS 1.2+ storage.

$49.00v1.0.0
Azure✓ live-tested

Event Hubs Namespace & Hubs

An Event Hubs namespace plus hubs, each with consumer groups and least-privilege SAS rules for high-throughput (Kafka-compatible) ingestion — TLS 1.2 floor and optional default-deny networking.

$129.00v1.0.0
ExoscaleAlt & Specialty Clouds

Exoscale DBaaS

Managed PG/MySQL/Kafka with IP filters and TF-managed users.

$129.00v1.0.0
ExoscaleAlt & Specialty Clouds

Exoscale SKS Cluster

SKS Kubernetes with node pools, security groups, and anti-affinity.

$129.00v1.0.0
Oracle CloudOracle Cloud

File Storage (NFS)

Elastic NFSv3 file system with mount target, export options, snapshots and NSG-scoped access.

$49.00v1.0.0
Oracle CloudOracle Cloud

Flexible Load Balancer (L7)

HTTPS load balancer with backend sets, health checks, TLS certificates, rule sets and WAF-ready listeners.

$129.00v1.0.0
Oracle CloudOracle Cloud

Functions Application

Serverless Fn application with functions, provisioned concurrency, invoke logging and Events-rule trigger wiring.

$49.00v1.0.0
Google CloudGoogle Cloud

GCP Project Factory

Opinionated project creation: API enablement, billing budget, default-SA lockdown, audit log sinks and baseline IAM.

$299.00v1.0.0
Google Cloud✓ live-tested

GCP VPC Network Foundation

Production VPC with subnets, secondary ranges, firewall rules, Cloud Router and Cloud NAT — the network base every GCP workload sits on.

$129.00v1.0.0
Google CloudGoogle Cloud

GKE Cluster (Autopilot & Standard)

Private, Workload-Identity-enabled GKE cluster with managed node pools, release channels and maintenance windows, hardened to Google best practice.

$299.00v1.0.0
Google CloudGoogle Cloud

Global External HTTPS Load Balancer

Global ALB with managed TLS certs, URL map, serverless/instance NEG backends, optional Cloud CDN and Cloud Armor policy.

$299.00v1.0.0
Google CloudGoogle Cloud

HA VPN (Site-to-Site)

99.99% SLA HA VPN gateway pair with BGP-dynamic routing — GCP-to-on-prem or GCP-to-AWS/Azure.

$129.00v1.0.0
HetznerAlt & Specialty Clouds

Hetzner Load-Balanced Web Tier

Managed LB with health checks, cert, and label-selected server targets.

$129.00v1.0.0
HetznerAlt & Specialty Clouds

Hetzner Private Network + NAT

Private network with subnets, routes, and a NAT gateway server for egress-only fleets.

$49.00v1.0.0
HetznerAlt & Specialty Clouds

Hetzner Server Fleet

N-server fleet with placement group, firewall, primary IPs, and cloud-init — Hetzner's price/perf with guardrails.

$129.00v1.0.0
Huawei CloudAlt & Specialty Clouds

Huawei Cloud CCE Cluster

CCE Kubernetes with VPC/subnet, node pool, and EIP-attached ingress.

$299.00v1.0.0
AWS✓ live-tested

IAM Roles, Policies & OIDC Trust

Least-privilege IAM roles, managed policies, and GitHub/EKS OIDC federation in one composable module.

$129.00v1.0.0
IBM CloudAlt & Specialty Clouds

IBM Cloud Kubernetes (IKS) on VPC

IKS cluster on VPC Gen2 with worker pools and COS-backed registry namespace.

$299.00v1.0.0
IBM CloudAlt & Specialty Clouds

IBM Cloud VPC Landing Zone (Lite)

VPC with subnets, public gateways, ACLs, and security groups following IBM SLZ patterns.

$129.00v1.0.0
Oracle CloudOracle Cloud

Instance Pool with Autoscaling

Self-healing instance pool from an instance configuration with metric- or schedule-based autoscaling and LB attachment.

$129.00v1.0.0
Google Cloud✓ live-tested

Internal Passthrough Load Balancer (L4)

An internal passthrough L4 load balancer — health check, regional backend service and forwarding rule — that stands up before any backends exist, preserving client source IPs, with optional global access.

$129.00v1.0.0
AWS✓ live-tested

Jenkins Controller on AWS (EC2)

Self-hosted Jenkins controller on a hardened EC2 instance — restricted security group, IMDSv2 enforced, SSM access, encrypted root volume, Jenkins auto-installed via user-data.

$129.00v1.0.0
Azure✓ live-tested

Jenkins Controller on Azure (VM)

Self-hosted Jenkins on a hardened Azure Linux VM — self-contained vnet/subnet/NSG, SSH-key auth only, managed-disk encryption, Jenkins installed via cloud-init.

$129.00v1.0.0
AWS✓ live-tested

Kinesis Data Stream (on-demand)

A Kinesis Data Stream with KMS encryption at rest on by default and ON_DEMAND capacity (no shard math), plus optional enhanced fan-out consumers and IAM-only access.

$129.00v1.0.0
AWS✓ live-tested

KMS Key with Policy Patterns

Customer-managed KMS keys with sane key policies, aliases, rotation, and multi-region replicas.

$49.00v1.0.0
AWS✓ live-tested

Lambda Function (Packaged & Wired)

Lambda with execution role, log group, triggers, aliases, and zip/container packaging handled.

$129.00v1.0.0
LinodeAlt & Specialty Clouds

Linode Block Storage Volume

Attachable, resizable NVMe block volume with safe attach/detach lifecycle handling.

$49.00v1.0.0
LinodeAlt & Specialty Clouds

Linode Cloud Firewall Baseline

Opinionated stateful firewall with deny-by-default inbound, curated allow rules, and multi-device attachment.

$49.00v1.0.0
LinodeAlt & Specialty Clouds

Linode Compute Instance (production-ready)

Hardened Linode VM with cloud-init, disk encryption, reverse DNS, backups, and firewall attachment in one apply.

$129.00v1.0.0
LinodeAlt & Specialty Clouds

Linode DNS Zone & Records

Complete DNS zone with typed record management and sane TTL defaults on Linode's free DNS Manager.

$49.00v1.0.0
LinodeAlt & Specialty Clouds

Linode Kubernetes Engine Cluster

Production LKE cluster with autoscaling node pools, HA control plane, disk encryption, ACL, and optional Enterprise tier.

$299.00v1.0.0
LinodeAlt & Specialty Clouds

Linode Managed Database (MySQL/PostgreSQL)

HA managed database cluster with allowlists, maintenance windows, and fork/restore support on the new Aiven platform.

$129.00v1.0.0
LinodeAlt & Specialty Clouds

Linode NodeBalancer Load Balancer

Managed L4/L7 load balancer with TLS termination, health checks, session stickiness, and UDP support.

$129.00v1.0.0
LinodeAlt & Specialty Clouds

Linode Object Storage Bucket

S3-compatible bucket with scoped access keys, versioning, lifecycle rules, and optional static-site hosting.

$129.00v1.0.0
LinodeAlt & Specialty Clouds

Linode VPC with Subnets

Isolated VPC network with labeled subnets ready for instances, LKE, and NodeBalancer backends.

$49.00v1.0.0
Azure✓ live-tested

Logic App (Consumption) Workflow

An Azure Logic App (Consumption) workflow with a built-in Recurrence trigger — serverless pay-per-execution automation with a system-assigned managed identity and inbound IP allowlists.

$129.00v1.0.0
Google Cloud✓ live-tested

Managed Instance Group (autoscaling, autohealing)

A zonal Managed Instance Group built from a hardened Shielded-VM instance template, private by default, with optional CPU autoscaling, autohealing, and zero-downtime rolling template updates.

$129.00v1.0.0
Google Cloud✓ live-tested

Memorystore Redis/Valkey

Private Memorystore instance or cluster (Redis or Valkey) with auth, TLS and maintenance policy on your VPC.

$49.00v1.0.0
AWS✓ live-tested

MSK Serverless (Apache Kafka)

An MSK Serverless Apache Kafka cluster with no brokers to size — SASL/IAM authentication only, encryption in transit and at rest always on, multi-AZ placement, and a locked-down security group.

$299.00v1.0.0
AzureAzure

MySQL Flexible Server

Azure Database for MySQL Flexible Server with TLS required by default, correct delegated-subnet + private DNS zone ordering, an Entra administrator, databases, and cheapest-by-default Burstable sizing.

$299.00v1.0.0
Oracle CloudOracle Cloud

MySQL HeatWave DB System

Managed MySQL with optional HeatWave analytics cluster, HA, backups, configuration and inbound replication channel.

$129.00v1.0.0
AWS✓ live-tested

Network Load Balancer (L4)

A Layer-4 Network Load Balancer with map-driven TCP/UDP/TLS listeners and target groups, modern TLS 1.3 termination from an ACM cert, and self-contained default-VPC networking.

$129.00v1.0.0
Oracle CloudOracle Cloud

Network Load Balancer (L4)

Low-latency pass-through NLB with TCP/UDP listeners, backend health checks and preserved client IPs.

$49.00v1.0.0
Oracle CloudOracle Cloud

Object Storage Bucket

Bucket with versioning, lifecycle/auto-tiering, retention rules, replication and pre-authenticated request support.

$49.00v1.0.0
Oracle CloudOracle Cloud

OCI Compute Instance (flex shapes)

Opinionated VM with E5/A1 flex shapes, cloud-init, attached block volumes, NSGs and in-transit encryption.

$49.00v1.0.0
Oracle CloudOracle Cloud

OCI IAM Foundation (compartments + policies)

Tenancy landing-zone core: compartment hierarchy, groups, dynamic groups, policy statements and tag namespaces from a single map.

$129.00v1.0.0
Oracle CloudOracle Cloud

OCI VCN (hub-ready network foundation)

Production VCN with public/private subnets, internet/NAT/service gateways, route tables, NSGs and IPv6 — the module every OCI tenancy starts with.

$129.00v1.0.0
Oracle CloudOracle Cloud

OKE Managed Kubernetes Cluster

Enhanced OKE cluster with managed + virtual node pools, private API endpoint, NSGs, addons and OIDC — flagship OCI workload platform.

$299.00v1.0.0
OVHcloudAlt & Specialty Clouds

OVHcloud Managed Database

Managed PG/MySQL/Kafka with users, IP restrictions, and private network egress.

$129.00v1.0.0
OVHcloudAlt & Specialty Clouds

OVHcloud Managed Kubernetes

MKS cluster with node pools and private-network (vRack) attachment.

$299.00v1.0.0
AzureAzure

PostgreSQL Flexible Server

Flexible Server with HA option, private VNet delegation, Entra auth, firewall and tuned server parameters.

$129.00v1.0.0
AWS✓ live-tested

Production VPC (Multi-AZ)

Battle-tested multi-AZ VPC with public/private/database subnets, NAT, endpoints, and flow logs.

$129.00v1.0.0
Google Cloud✓ live-tested

Pub/Sub Topics & Subscriptions

Topics with schemas, push/pull/BigQuery subscriptions, dead-letter queues and retry policies preconfigured.

$49.00v1.0.0
AWS✓ live-tested

RDS Instance (PostgreSQL/MySQL)

Single-instance or Multi-AZ RDS with subnet/parameter/option groups, backups, and monitoring wired correctly.

$129.00v1.0.0
AWS✓ live-tested

Redshift Cluster (encrypted, private)

A production-ready single-node Redshift cluster with encryption always on, never publicly accessible, a parameter group enforcing require_ssl, and a generated admin password stored in Secrets Manager.

$299.00v1.0.0
Azure✓ live-tested

Resource Group + Naming/Tagging Baseline

Opinionated resource group factory with CAF-compliant naming, mandatory tags, locks and budget alert.

$49.00v1.0.0
AWS✓ live-tested

Route 53 Hosted Zone & Records

A Route 53 hosted zone (public or private via vpc_ids) plus a map-driven set of records, with name normalisation and the alias-vs-rdata distinction resolved and inputs validated.

$49.00v1.0.0
ScalewayAlt & Specialty Clouds

Scaleway Kapsule Cluster

Kapsule Kubernetes with pools, private network, and autoscaling/autoheal presets.

$299.00v1.0.0
ScalewayAlt & Specialty Clouds

Scaleway Managed Database

RDB PostgreSQL/MySQL with HA, private-network endpoint, users, and ACLs.

$129.00v1.0.0
ScalewayAlt & Specialty Clouds

Scaleway Serverless Container

Container namespace, deployed container, custom domain, and registry wiring.

$49.00v1.0.0
Google Cloud✓ live-tested

Secret Manager Secrets

Secrets with versions, replication policy, rotation schedules, expiry and accessor IAM.

$49.00v1.0.0
AWS✓ live-tested

Secrets Manager Secret

Secrets with versioning, resource policies, replication, and optional Lambda rotation scaffolding.

$49.00v1.0.0
AWS✓ live-tested

Security Group with Rule Presets

Security groups with named rule presets (https, postgres, redis...) using modern standalone rule resources.

$49.00v1.0.0
Google Cloud✓ live-tested

Service Accounts & IAM Bindings

Service accounts with least-privilege project/resource IAM and optional Workload Identity Federation for keyless CI/CD (GitHub Actions).

$49.00v1.0.0
Azure✓ live-tested

Service Bus Namespace, Queues & Topics

An Azure Service Bus namespace with queues, topics and subscriptions on the Standard SKU — SAS local auth off (Entra ID + RBAC), TLS 1.2+ minimum, and dead-lettering of expired messages.

$129.00v1.0.0
AWS✓ live-tested

SES v2 Sending Stack

An SES v2 sending stack — a configuration set with an optional domain/email identity (Easy DKIM) — with TLS required, bounce/complaint suppression, and reputation metrics to CloudWatch.

$49.00v1.0.0
AWS✓ live-tested

SNS Topic with Subscriptions

SNS standard/FIFO topic with encryption, delivery policies, and SQS/Lambda/email subscriptions.

$49.00v1.0.0
AWS✓ live-tested

SQS Queue with DLQ

SQS standard/FIFO queue with dead-letter queue, redrive policy, SSE, and least-privilege queue policy.

$49.00v1.0.0
AWS✓ live-tested

SSM Parameter Store (map-driven)

Map-driven SSM Parameter Store parameters — String, StringList, and SecureString — created from a single map, with SecureString always KMS-encrypted and the free Standard tier by default.

$49.00v1.0.0
AWS✓ live-tested

Step Functions State Machine

A Step Functions state machine (STANDARD or EXPRESS) with a least-privilege execution role, a managed CloudWatch log group, X-Ray tracing, and encryption at rest — working out of the box from a single name.

$49.00v1.0.0
Tencent CloudAlt & Specialty Clouds

Tencent Cloud VPC Foundation

VPC with subnets, route tables, NAT, and security groups across AZs.

$129.00v1.0.0
Tencent CloudAlt & Specialty Clouds

Tencent TKE Cluster

Managed TKE Kubernetes with node pools and VPC-CNI networking.

$299.00v1.0.0
UpCloudAlt & Specialty Clouds

UpCloud Managed Database

Managed PG/MySQL with properties tuning, users, and logical DBs.

$129.00v1.0.0
UpCloudAlt & Specialty Clouds

UpCloud Server Stack

Servers on SDN private network with storage, router, and firewall rules.

$49.00v1.0.0
Azure✓ live-tested

User-Assigned Managed Identities

A map-driven module creating one or many user-assigned managed identities, each with optional workload identity federation (OIDC) and least-privilege RBAC role assignments — no secrets to rotate.

$49.00v1.0.0
Oracle CloudOracle Cloud

Vault, Keys & Secrets

KMS vault with HSM/software master keys, key rotation and secret lifecycle management for app credentials.

$129.00v1.0.0
Multi-cloud & platform-agnosticSecurity & Secrets

Vault Policies & Auth

Vault policies, auth backends, and secret engine configuration as code.

$129.00v1.0.0
Google Cloud✓ live-tested

Vertex AI Endpoint

A Vertex AI Endpoint for online prediction with optional CMEK, optional Private Service Access networking and request/response logging — model deployment left to you, so it stands up for cents.

$129.00v1.0.0
VultrAlt & Specialty Clouds

Vultr Compute Stack

Instances with VPC, firewall, block storage, and reserved IP.

$49.00v1.0.0
VultrAlt & Specialty Clouds

Vultr VKE Cluster

VKE Kubernetes with node pools, VPC, and firewall in one module.

$129.00v1.0.0
AWS✓ live-tested

WAFv2 Web ACL (managed rules + rate limit)

A WAFv2 web ACL (REGIONAL or CLOUDFRONT) with a default-allow posture, configurable AWS managed rule groups blocking by default, and a rate-based rule that throttles abusive IPs.

$49.00v1.0.0