A production-grade AWS serverless SaaS skeleton — auth, IAM-authed database, email, CI/CD, and observability — plus the maintained stream of hard-won knowledge that keeps you shipping.
Free until you have real users. Serverless cost tracks usage, not time — measured spend before revenue is under $2/month.
The things that separate "a demo" from "a product you can actually run."
Auth, IAM-authed DB, secrets isolation, rate limiting, OWASP error handling.
Five test layers and a staging gate stand between you and production.
GitHub Actions check every push and gate every deploy — nothing reaches prod un-tested.
CloudWatch alarms for errors, throttles, latency and 5XX, plus an AWS Budgets alarm.
Serverless cost tracks usage — under $2/month before revenue.
A complete, opinionated, production-grade skeleton.
The stackVanilla JS SPA → API Gateway → Lambda (Node 24, Express) → Aurora DSQL (scales to zero) → SES — all IAM-authed, no long-lived DB password.
Auth done rightbcrypt, JWT, email verification, admin approval, brute-force lockout, enumeration prevention, password strength.
The full delivery pipelineSetup wizard, schema migrations, staging gate, smoke tests, frontend deploy with cache invalidation, a doctor health check.
CI/CD + observabilityGitHub Actions for test-on-push and gated deploys, plus one-command CloudWatch + budget alarms.
The ingredient guidesTesting, security, scalability, observability and cost docs — so you understand the system, not just run it.
The "now what?" bridgeA guide that walks you from a working skeleton to your first real feature, in the order that never burns you.
A free boilerplate is a snapshot. This is a maintained knowledge stream.
The real cost of building on AWS isn't the first deploy — it's the hundred small, expensive mistakes between deploy and a stable product: the DSQL constraint that isn't standard Postgres, the API Gateway timeout you hit at 29 seconds, the config call that silently wipes your env vars, the CloudFront cache that serves a stale frontend for hours. Every one of those is already a documented pitfall here, with the cost and the fix.
You're not buying a folder of files. You're buying the compounding output of every debugging session that's already been paid for — so you don't pay for it again.
Most builders abandon a SaaS attempt at one of five predictable cliffs.
| The cliff | The fix |
|---|---|
| Setup too hard | Dependency-free setup wizard + SETUP guide + a doctor health check |
| First deploy fails | doctor validates the whole environment before you deploy; staging gate catches prod-path bugs |
| Cost shock | Sourced cost numbers + "free until real users" + budget-alarm setup |
| "Now what?" | An end-to-end guided bridge to your first feature |
| Drift | Schema contract, smoke tests, pitfall catalog, and a live state file keep the project honest |
Honesty is part of the product. For a commercial SaaS you'll also need things this skeleton doesn't ship today — flagged plainly, and on the upgrade roadmap:
Access is granted by invitation. Request access below and verify your email — you'll be approved by the owner before you can sign in.