postmodern.
Building facade
Structure as code

Open-source — Deploy-ready

Cloud-native
Terraform
Patterns.

A curated library of fully-baked infrastructure patterns.

Modify variables, not modules. Deploy in minutes, expand as needed.

Patterns

01

Serverless SSR

Multi-region server-side rendering on AWS Lambda with automatic CloudFront failover.

GitHub ↗ Registry ↗ Live Demo ↗

01

Serverless

No servers to provision. Lambda scales to zero between requests — ideal for variable traffic.

02

Multi-Region

Primary in us-east-1, DR in us-west-2. CloudFront origin groups fail over automatically on 5xx.

03

SSL & DNS

ACM certificates provisioned and renewed automatically. Route53 records managed by Terraform.

04

Infrastructure as Code

One Terraform module. Pass four variables, get a production-grade SSR platform.

Built with

  • Nuxt 3
  • AWS Lambda
  • CloudFront
  • DynamoDB
  • Terraform
  • GitHub Actions

02

OIDC

Full OIDC lifecycle on AWS — identity provider + scoped IAM roles. No static keys.

GitHub ↗ Registry ↗

01

No Static Keys

Eliminate long-lived AWS credentials. Use short-lived tokens issued via OIDC for secure authentication.

02

Scoped IAM Roles

Fine-grained permission boundaries. Each workload gets exactly the permissions it needs, nothing more.

03

GitHub Integration

Native GitHub Actions support. Authenticate workflows to AWS without storing secrets in GitHub.

04

Identity Provider

Complete OIDC identity provider setup with customizable claims and audience validation.

Built with

  • AWS IAM
  • OIDC
  • GitHub Actions
  • Terraform
  • Certificate-based Auth

03

Cognito Auth

Email-first Cognito module with app client defaults and Lambda-ready environment outputs.

GitHub ↗ Registry ↗

01

Email-First Defaults

Required and auto-verified email schema by default to reduce per-app Cognito drift.

02

Auth Flow Ready

App client ships with password, SRP, and refresh flows enabled for SSR/API backends.

03

Lambda Env Outputs

Exports `lambda_env_vars` so SSR/API Lambdas can consume pool ID, client ID, and region directly.

04

Configurable Security

MFA mode, password policy, and token validity are configurable without rewriting Cognito resources.

Built with

  • Amazon Cognito
  • JWT
  • Lambda
  • Terraform
  • OIDC-Friendly Auth

04

TFC Workspace

VCS-driven Terraform Cloud workspaces with optional OIDC dynamic credentials.

GitHub ↗ Registry ↗

01

VCS-Driven

Automatically trigger runs on git push. Branch-based workflows for dev, staging, and production.

02

Dynamic Credentials

Optional OIDC integration. Each workspace authenticates with short-lived, scoped credentials.

03

Team Management

Pre-configured team access patterns. Control who can plan vs apply with simple variables.

04

Notification Channels

Slack/Teams integration built-in. Get notified of runs, failures, and cost estimates.

Built with

  • Terraform Cloud
  • GitHub
  • OIDC
  • Slack
  • Teams

05

GraphQL API

Opinionated AppSync GraphQL APIs with Cognito auth, DynamoDB/Lambda data sources, and X-Ray tracing.

GitHub ↗ Registry ↗

01

Cognito Auth

Built-in Cognito integration. JWT validation, user pools, and fine-grained field-level authorization.

02

Flexible Data Sources

DynamoDB for persistence, Lambda for business logic. Choose the right tool for each resolver.

03

X-Ray Tracing

End-to-end request tracing. Debug performance bottlenecks across your entire API stack.

04

Subscriptions

Real-time WebSocket subscriptions out of the box. No additional infrastructure needed.

Built with

  • AWS AppSync
  • GraphQL
  • Cognito
  • DynamoDB
  • Lambda
  • X-Ray

06

Event Bus

Shared EventBridge bus foundation with schema registry, archive, and optional cross-region routing.

GitHub ↗ Registry ↗

01

Shared Foundation

A standalone bus layer for multi-service architectures. Producers and consumers stay independently deployable.

02

Event Archive

Optional event archive with configurable retention. Replay historical traffic for debugging and recovery.

03

Schema Registry

Built-in schema registry in primary region to document contracts and reduce accidental breaking event changes.

04

DR Routing

Optional cross-region forwarding keeps DR event bus warm for resilience and failover scenarios.

Built with

  • EventBridge
  • Schema Registry
  • Event Archive
  • Cross-Region Routing
  • Terraform

07

Event Consumer

Per-service EventBridge consumer with SQS buffering, optional Lambda processor, DLQ, and alarms.

GitHub ↗ Registry ↗

01

Per-Service Isolation

Each service owns its own subscription and queue. No shared consumer bottlenecks across teams.

02

Reliable Buffering

SQS absorbs bursts and decouples producer throughput from processing speed.

03

Optional Lambda

Enable Lambda wiring only when needed. Keep queue-only consumers lightweight by default.

04

Operational Guardrails

DLQ, retry controls, and alarms ship as first-class defaults for production reliability.

Built with

  • EventBridge
  • SQS
  • Lambda
  • CloudWatch
  • DLQ
  • Terraform

08

DynamoDB Global Table

Reusable DynamoDB table module with optional DR replica, GSIs, SSE/KMS, PITR, TTL, and migration-safe adoption.

GitHub ↗ Registry ↗

01

Primary + DR

Supports single-region tables or optional cross-region replica with provider aliases for deterministic routing.

02

Schema Flexibility

Hash/range key schema, custom attributes, and configurable GSIs let services model access patterns cleanly.

03

Data Protection

Built-in toggles for SSE/KMS, PITR, TTL, and deletion protection to match workload risk profiles.

04

Migration Safety

Designed for non-destructive migrations using moved/import workflows and no-destroy plan guardrails.

Built with

  • DynamoDB
  • Global Tables
  • KMS
  • PITR
  • TTL
  • Terraform

09

Edge Auth

S3 + CloudFront + Lambda@Edge. JWT-gated static sites — no server required.

— —