Without a doubt the first questions you have about creating an Environment are "What is the upfront cost?", "What do you provision by default?", and "How does it work?" so let's dig in to that.
First and foremost, our goal is to provision the minimum resources required to securely and reliably run your app. If your web traffic doesn't necessitate a load balancer or your security posture doesn't require a NAT gateway, we won't provision them.
How it works
FlexStack deploys to your own AWS account, but offers numerous benefits you would not otherwise get.
- We can select the cheapest architecture for your needs automatically as your traffic scales. Since the cost of various architectures can be reliably computed, we can swap out architectures automatically without downtime . As your project grows, your needs will change. This is a fundamental law of engineering. Our goal as a company is to solve that for architecture and infrastructure.
- We check the state of your architecture's cost performance daily during a maintenance window unique to each environment. We won't make changes to your architecture outside of this maintenance window. We also prevent changes from occurring on weekends and all major US holidays.
- When you deploy something to FlexStack or some FlexStack-managed resource changes, AWS sends us an event notifying us of the change. This allows us to effectively remain synced to your current infrastructure. We will not receive any events unrelated to FlexStack resources.
- FlexStack comes with continuous deployment out-of-the-box. Just install our app to your GitHub account, import a repo, and we'll deploy your changes each time you push to the configured branch.
- The quickest, most reliable way to deploy something is to not deploy at all. We strive to deploy only what changes and nothing else. That means your services are logically separated in to separate stacks and we will only redeploy stacks when one of their dependencies change.
What is the upfront cost?
Creating any Development, Staging, or Production grade environment, with any Target Availability costs you just $0.00055/hr per region and $0.50/mo per environment upfront. The only resources we provision by default with upfront cost are an AWS Secrets Manager Secret that contains an API key for connecting your account's default regional EventBus to FlexStack and an AWS Cloud Map namespace to enable service discovery in your environment.
What do you provision when an environment is created?
Deploying your first environment on FlexStack creates three CloudFormation stacks:
FlexStack-Toolkit
- Deployed once per region, per account.
- Includes an AWS Secrets Manager Secret that contains an API key for connecting your account's default regional EventBus to FlexStack.
- Includes EventBridge rules for syncing the resources created by FlexStack on your behalf back to FlexStack.
- Allows us to know the state of a given resource on AWS. We use this information to queue your deployments, alert you when deployments fail, and provide other rich features to you in our dashboard.
- We will not receive any events about resources that were not created through FlexStack.
- Includes roles that allow CloudFormation to manage your deployments.
- Includes an S3 bucket which stores your deployment assets so they can be used by CloudFormation and other AWS services. Also allows for caching assets between deployments.
- Includes an ECR repository that stores Docker images used by your services.
FlexStack-Project-[Project ID]
- Deployed once per project.
- Allows FlexStack to assume an Administrator role on your account for a given project so that we may provision resources on your behalf. This is the most secure way to allow third parties to manage your AWS account.
- To view the current version of this stack template click here.
FlexStack-Environment-[Environment ID]
- Deployed once per environment.
- Includes a Virtual Private Network (VPC), availability zones, subnets
- Includes an ECS Cluster. This is where we deploy your containerized applications and tasks.
- If you're using Enhanced Network Security, this will include a NAT Gateway (or NAT Instance in development/staging environments) which will incur an extra fee.
- Includes a Log Group which is shared by all of your environment's container services, providing a powerful observability construct to your environment.
- If traffic to your web services warrants it (trending toward 16M requests per month), this will include a Load Balancer which will incur a fee of about $16/month at the time of this writing.
Am I locked in?
You are not locked in to our platform. You can get rid of us with ease and the infrastructure we provisioned on your behalf will function without issue. You can continue to self-manage it without us after you've removed our permission to access your account. To do so, you'll have to maintain the CloudFormation stacks we created on your behalf or migrate them to a tool like CDK or Terraform.
How can I leave FlexStack?
Should you choose to leave the platform, you will lose the automation benefits of FlexStack described above. However, we understand that organizations change and we strive to make it as easy as possible to leave our platform without removing your resources.
Disconnecting a project
To disconnect a project, go to the "Project settings" page and scroll down to the "Danger zone". Here you'll see a callout for disconnecting projects.
When you disconnect a project, FlexStack will no longer be able to manage the resources in this project on your behalf. We will lose all IAM roles that allowed us to access resources in this project. All of the active resources in this project will be left in their current state. None will be deleted.
You will be able to reconnect this project at any time, but we will lose any updates made to the resources in this project since the disconnection.
When you disconnect a project and visit its stack in CloudFormation, you'll notice that it is in a "DELETE_FAILED" state. Despite appearances, this is actually a good thing because it means the token we used to delete ourselves is no longer valid, meaning that we no longer have access to your AWS account, thus revocation worked. You can continue with deleting the stack manually in the CloudFormation UI, at which point it'll be entirely removed from your account.
Deleting a project
To delete a project, go to the "Project settings" page and scroll down to the "Danger zone". Here you'll see a callout for deleting projects. Deleting a project requires that all environments within the project have also been deleted. That means all of the resources we provisioned on your behalf will be deleted, too and your application will cease to function. For that reason, disconnecting a project is typically preferable.
Ifyour goal is to completely clean FlexStack from your AWS account, this is the preferable option. Deleting projects also delete resources created by the "FlexStack-Toolkit" stack mentioned above if this is the last project in a region.
Manually disconnect a project
To disconnect a project manually, that is without using the FlexStack UI, delete the FlexStack-Project-[Project ID] stack in the Oregon (us-west-2) CloudFormation page on AWS. This will immediately revoke FlexStack's access to your account for the project, but retain any resources created within the project if they exist.
In the screen grab below, you'd click the "Delete" button below the name of the stack.
How can I identify resources created by FlexStack in AWS?
All of the resources we create on your behalf are tagged in AWS:
Tag name | Description |
---|---|
PoweredBy | The value of this tag will always be "FlexStack" |
FlexStack:ProjectID | The ID of the project a resource belongs to |
FlexStack:ProjectName | The name of the project a resource belongs to |
FlexStack:EnvironmentID | The ID of the environment a resource belongs to |
FlexStack:EnvironmentName | The name of the environment a resource belongs to |
FlexStack:ComponentID | If a resource belongs to a component ID, this will contain the ID |
Getting a cost breakdown
As noted above, all FlexStack created resources are tagged. You may use these tags to allocate costs in the AWS billing dashboard. For example, you could allocate based on the PoweredBy tag to segment the entirety of your FlexStack spend. Additionally, you can break it down by Environment, Project, or Component by using their specific tags.
From there, you can even narrow things down by AWS service (e.g. API Gateway, ECS, Secrets Manager).
We plan on adding this information to the FlexStack dashboard soon.