Skip to content
A cute hedgehog picking up a building block A cute hedgehog picking up a building block Stackattack

Components

Stackattack provides opinionated, secure-by-default AWS infrastructure components built on top of Pulumi.

Getting Started

Section titled “Getting Started”

All components follow the same basic pattern:

import * as saws from "@stackattack/aws";


const ctx = saws.context();
const component = saws.componentName(ctx, { ... });

See each component’s documentation for information about arguments and usage.

Available Components

Section titled “Available Components”
  • bucket - S3 buckets in AWS are the standard way to store files within “buckets”. Stackattack creates S3 buckets with secure defaults including encryption and public access blocking.
  • certificate - ACM certificates in AWS provide SSL/TLS certificates for secure HTTPS connections. Stackattack creates certificates with automatic DNS validation through Route53, supporting wildcards and multiple domains.
  • cluster - ECS clusters in AWS provide compute capacity for running containerized applications. Stackattack’s cluster component provides an easy way to set up working ECS clusters for running applications on EC2 instances with auto-scaling and private inter-service communication.
  • database - RDS databases in AWS provide managed relational database instances. Stackattack creates PostgreSQL databases with secure networking, automatic backups, encryption at rest, and SSL connections enabled by default.
  • emailDomain - Amazon SES (Simple Email Service) domain configuration enables sending transactional emails from your custom domain with full deliverability tracking. This component sets up domain verification, DKIM authentication, SPF/DMARC records, and event logging for production email sending.
  • githubRole - GitHub Actions IAM roles enable secure deployment from GitHub workflows to AWS without storing long-term credentials. Using OpenID Connect (OIDC), GitHub Actions can assume AWS IAM roles with fine-grained permissions and repository-scoped access controls.
  • gmailDomain - Gmail custom domain configuration enables using your own domain (like mail@yourcompany.com) with Gmail/Google Workspace email services. This component creates the necessary DNS records in Route53 for domain verification and email routing to Google’s mail servers.
  • googleSiteVerification - Sets up a google site verification record. This can be used for verifying you own a domain for usage with Gmail and the Google Search console, among other things.
  • loadBalancer - Application Load Balancers (ALBs) in AWS distribute incoming HTTP/HTTPS traffic across multiple targets. Stackattack creates ALBs with SSL termination, health checks, and integration with ECS services for high availability web applications.
  • redis - ElastiCache Redis in AWS provides managed Redis instances for caching and session storage. Stackattack creates Redis clusters with secure networking, parameter groups, and proper security group configuration.
  • s3Firehose - Amazon Kinesis Data Firehose is a fully managed service for streaming data to S3 with automatic scaling, data transformation, and format conversion. It enables real-time analytics by delivering streaming data to data lakes, with built-in compression, partitioning, and optional Parquet conversion for cost-effective storage.
  • service - ECS services in AWS provide a managed way to run containerized applications. Stackattack creates ECS services with task definitions, load balancer integration, health checks, and service discovery.
  • serviceAutoscaling - Application Auto Scaling in AWS provides automatic scaling for ECS services based on CloudWatch metrics. Stackattack creates auto scaling policies with CloudWatch alarms that can scale services up or down based on custom metrics.
  • staticSite - Static sites in AWS combine S3 storage with CloudFront CDN for fast global content delivery. Stackattack creates static websites with custom domains, SSL certificates, and framework-specific routing (like Astro).
  • topicWebhook - Amazon SNS (Simple Notification Service) webhook subscriptions deliver messages from SNS topics to HTTP/HTTPS endpoints with configurable retry policies and delivery guarantees. This enables integration with external services, monitoring systems, and event-driven architectures.
  • twingateConnector - Twingate connectors provide secure zero-trust network access to private resources in AWS. Stackattack deploys Twingate connectors as ECS services to create encrypted tunnels between your Twingate network and AWS VPC.
  • vercelDomain - Vercel custom domain configuration enables using your own domain with Vercel-hosted applications by creating the necessary DNS records in Route53. This component sets up CNAME records that point to Vercel’s edge infrastructure for optimal performance and SSL certificate management.
  • vpc - VPCs in AWS are isolated virtual networks that provide the networking foundation for your applications. Stackattack creates VPCs with public and private subnets across multiple availability zones, internet gateways, NAT gateways, and VPC endpoints.
  • vpn - AWS Client VPN endpoints provide secure remote access to VPC resources using SSL/TLS certificate-based authentication. They enable secure connections for remote workers, contractors, or administrators who need access to private AWS resources without exposing them to the internet.