Infrastructure as code and provisioning

Boto3 is the AWS SDK for Python, providing a programmatic interface for managing and automating AWS cloud infrastructure and services. It serves as a cloud management API client and resource manager for provisioning, configuring, and scaling virtual servers, databases, and storage. The library enables the implementation of infrastructure-as-code through declarative templates and scripts, allowing for the deployment of identical resource stacks across multiple accounts and geographic regions. It also provides a framework for coordinating distributed workflows, serverless functions, and containerized applications within the cloud ecosystem. The toolkit covers a broad range of operational capabilities, including generative AI orchestration, identity and access control, and detailed cloud resource monitoring. It further extends to data lifecycle management, including automated backups and migrations, as well as comprehensive billing and cost optimization tools.

Sherlock is a command-line automation tool designed to orchestrate software build, execution, and deployment workflows. It functions as an ephemeral runtime orchestrator that executes applications directly from source code, bypassing the need for persistent system-wide installations or manual dependency management. By providing a unified, containerized development environment, it ensures that application dependencies and infrastructure configurations remain consistent across diverse host operating systems. The project distinguishes itself through its ability to synthesize container images declaratively, translating source code and configuration manifests into immutable artifacts. It utilizes documentation-driven discovery to parse technical guides and reference materials, allowing it to map command-line interfaces to automated execution routines. This approach enables the provisioning of short-lived, reproducible environments that maintain consistent behavior throughout the application lifecycle. Beyond its core orchestration capabilities, the tool provides a comprehensive infrastructure-as-code workflow for managing service dependencies and build processes. It abstracts low-level container runtime operations to handle networking, resource constraints, and lifecycle management, while offering integrated access to project documentation to assist with operational requirements.

The AWS Cloud Development Kit is an infrastructure-as-code framework that enables developers to define and provision cloud resources using familiar programming languages. By utilizing construct-based synthesis, it translates high-level, object-oriented code into declarative templates, allowing for the automated management of complex cloud environments through a centralized, code-driven control plane. The framework distinguishes itself through its ability to model infrastructure as a dependency-aware resource graph, ensuring that components are provisioned and updated in the correct order. It employs a language-agnostic intermediate representation to synthesize these definitions into platform-specific configurations, while supporting aspect-oriented policy injection to apply security and compliance rules across infrastructure definitions during the synthesis phase. Beyond core provisioning, the project provides a modular component registry for distributing and reusing pre-configured infrastructure building blocks. It supports multi-account orchestration, allowing for the deployment of consistent resource sets across different regions and accounts from a single template, and includes capabilities for detecting infrastructure drift to ensure deployed environments remain aligned with their defined state. The project is distributed as a software development kit, providing programmatic interfaces to manage the full lifecycle of cloud resources and integrate infrastructure definitions directly into application codebases.

Portainer is a unified infrastructure management platform that provides a centralized control plane for deploying, monitoring, and managing containerized applications. It functions as an orchestration-abstraction layer, translating user actions into platform-specific API calls to maintain consistency across diverse container runtimes and cluster technologies. By organizing users, teams, and resources into a single interface, it enables granular role-based access control and lifecycle management for containerized services and stacks. The platform distinguishes itself through its support for distributed edge infrastructure and secure remote connectivity. It utilizes encrypted tunnels and outbound-only agent communication to manage geographically dispersed environments without requiring inbound port exposure. Furthermore, it integrates a GitOps-driven reconciliation engine that automatically synchronizes service configurations from version-controlled repositories, facilitating continuous delivery workflows and automated stack redeployments. Beyond its core orchestration capabilities, the platform offers extensive tools for cluster administration, including web-based terminal access, namespace management, and resource monitoring. It supports standardized deployment through a template-based engine that allows for reusable configuration schemas and dynamic variable injection. Users can also manage multiple orchestration instances and remote environments through automated update scheduling, rollback mechanisms, and custom metadata tagging. The software is designed for flexible deployment, supporting air-gapped environments and providing programmatic access via secure API tokens.

This repository is a curated collection of reusable AWS CloudFormation templates that automate the provisioning of AWS resources using infrastructure as code. The templates serve as ready‑to‑deploy blueprints for common AWS components—such as VPCs, EC2 instances, databases, and security groups—and include serverless application templates that combine API Gateway with Lambda to create endpoints triggered by HTTP requests without manual configuration. The templates are written in declarative YAML or JSON and support nested stack composition, allowing related resources to be grouped into reusable child stacks referenced from a parent template. They expose parameterized variables for dynamic configuration at stack creation time and use stack output bindings to export values for use by other stacks or external systems. The catalog is structured into a categorized folder hierarchy, making it easy to discover and reuse templates across common service patterns. The collection also includes examples that demonstrate deploying a REST API with Lambda using non‑proxy integration, where incoming HTTP request data is transformed into function calls through custom mapping templates. These infrastructure‑as‑code examples provide a repeatable, version‑controlled way to define and manage AWS infrastructure as single stacks or as part of larger deployments.

LocalStack is an infrastructure development environment that provides a local simulation of cloud services. By leveraging container-orchestrated service lifecycles, it allows developers to build, test, and debug cloud-native applications on their local machines without requiring remote connectivity or incurring cloud provider costs. The platform distinguishes itself through sophisticated traffic redirection and request routing, which intercept cloud service calls at the network layer and redirect them to local handlers. This enables seamless integration with existing development workflows, allowing users to mock cloud resources, replicate infrastructure states, and execute ephemeral testing environments within continuous integration pipelines. Beyond core emulation, the platform includes a comprehensive suite of developer tools for managing service lifecycles, monitoring activity, and configuring runtime environments. It supports complex distributed architectures through event-driven simulation, persistent storage mapping, and dynamic configuration injection, ensuring that local environments accurately mirror production requirements. The system is designed for integration into automated build and deployment workflows, providing visual dashboards and terminal-based interfaces for real-time resource management and infrastructure troubleshooting.

Vagrant is a virtual machine environment manager and infrastructure as code tool used to create and configure consistent development environments. It acts as a virtual machine provisioner and hypervisor abstraction layer, allowing users to define machine specifications and automate software installation on guest systems via declarative configuration files. The project enables cross-hypervisor orchestration by decoupling the command interface from specific virtualization backends. It ensures environment consistency through the distribution of pre-configured machine images and the orchestration of identical virtualized setups across different providers. The system covers virtual machine lifecycle management, including the ability to start, halt, and destroy instances or manage point-in-time snapshots. It provides capabilities for guest software provisioning, host-guest file synchronization, and virtual networking configuration via bridged interfaces, host-only networks, and port forwarding. Extensibility is supported through a plugin SDK that allows the addition of new capabilities to the core system.

Awesome Compose is a collection of resources designed to demonstrate the orchestration of multi-container applications. It serves as a practical reference for using declarative configuration files to define, manage, and deploy complex software stacks, ensuring that services run consistently across development, testing, and production environments. The project highlights the capabilities of container lifecycle management by providing examples of how to bundle software with its dependencies into isolated, portable units. It emphasizes the use of multi-stage build pipelines to optimize image sizes and the integration of environment variables to decouple application logic from host-specific settings. By leveraging these patterns, users can standardize development workspaces and automate the maintenance of interconnected service architectures. Beyond basic orchestration, the repository covers the broader surface of container infrastructure, including the management of image registries, network configurations, and storage drivers. It also demonstrates how to execute build-time commands and embed complex scripts directly into configuration files to streamline the assembly of containerized environments.

Kubernetes is a distributed container orchestration platform that automates the deployment, scaling, and management of containerized applications across clusters of computing nodes. It functions as a declarative infrastructure controller, utilizing a control loop architecture that continuously monitors the current system state against user-defined configurations to ensure desired operational outcomes. The system relies on a centralized API-driven interface and a replicated key-value store to maintain a consistent source of truth for all cluster objects. The platform distinguishes itself through a highly extensible design that allows users to define domain-specific objects using the same native API and control loop infrastructure. It employs a standardized abstraction layer for container runtimes, enabling modular execution engines, and utilizes a pluggable controller pattern that supports third-party integrations without requiring modifications to the core codebase. An algorithmic bin-packing engine further optimizes hardware utilization by dynamically matching workload requirements with available cluster capacity. Beyond core orchestration, the system provides comprehensive operational support for distributed environments, including automated lifecycle management, horizontal and vertical scaling, and self-healing mechanisms that maintain service availability. It encompasses integrated solutions for networking, persistent storage orchestration, and secure secret management. Diagnostic utilities for monitoring performance metrics, aggregating logs, and troubleshooting infrastructure-level issues are also included to support cluster health and reliability.

This repository serves as a library of reference patterns and scripts for infrastructure automation and configuration management. It provides a collection of standardized examples designed to demonstrate how to define and maintain server environments as code, ensuring consistency across development, testing, and production stages. The project focuses on implementing infrastructure as code best practices by showcasing how to structure automation logic for complex deployments. These examples illustrate the use of declarative modeling to define desired system states, alongside modular task abstraction to handle platform-specific operations. By providing these reference patterns, the repository acts as a guide for engineers to build maintainable and scalable system administration workflows. The included scripts cover the orchestration of software stacks and the management of remote infrastructure. These examples are structured to be accessible for those learning to implement repeatable deployment processes and standardized configuration management within their own environments.

Helm is a package manager for Kubernetes that simplifies the deployment and management of multi-component applications. It functions as a template rendering engine and release coordinator, allowing users to bundle, version, and deploy software as standardized packages. By maintaining a persistent metadata layer within the cluster, it tracks release history and manages the full lifecycle of applications, including installations, upgrades, and rollbacks. What distinguishes Helm is its ability to handle complex application hierarchies through automated dependency resolution and the composition of umbrella charts. It provides robust security through cryptographic provenance verification, ensuring package integrity via digital signatures and hashes. Furthermore, it leverages standard container image registries for artifact distribution and utilizes server-side logic to resolve configuration conflicts during concurrent infrastructure updates. The project offers a comprehensive suite of tools for infrastructure management, including lifecycle hooks for custom automation, readiness testing, and advanced deployment strategies. It supports a highly extensible plugin architecture and provides developer utilities such as package inspection and repository management. Users can define reusable configuration logic through a sophisticated templating framework that supports dynamic data injection, flow control, and global value management. Helm is distributed as a command-line interface tool, providing a unified experience for managing containerized environments across development and production workflows.

aiac is an AI-powered command line tool designed to translate natural language requests into infrastructure code, DevOps workflows, and system scripts. It operates as a generator that uses large language models to produce cloud provisioning files, configuration files, and executable automation scripts directly from the terminal. The tool features a provider-agnostic model abstraction and a configuration-based routing system, allowing users to switch between different AI backends and discover compatible models. It includes an interactive shell interface for refining generated outputs through iterative prompts and retries. Capabilities cover a broad range of DevOps automation, including the generation of CI/CD pipelines, deployment manifests, and policy-as-code governance rules. It also supports the creation of complex database queries and system administration commands, with options to export the resulting code to the local file system or the system clipboard.

Kubernetes The Hard Way is an educational curriculum designed to teach the fundamental architecture and operational requirements of container orchestration platforms. It provides a structured, hands-on learning path that guides users through the manual bootstrapping of a multi-node cluster from scratch, intentionally avoiding automated installers to ensure a deep understanding of how individual control plane and worker node components interact. The project distinguishes itself by requiring the manual configuration of every layer of the infrastructure, including the generation of cryptographic identities for mutual authentication and the establishment of encrypted communication channels between distributed components. Participants gain practical experience in managing distributed key-value consensus, configuring network-overlay routing for pod communication, and handling the lifecycle of system services through manual configuration files. This guide covers the entire provisioning process, from setting up compute resources to implementing security protocols and managing binary-based service deployments. By building the system piece by piece, users develop the operational knowledge necessary to troubleshoot complex failures in production environments. The tutorial requires four virtual or physical machines and provides a comprehensive walkthrough of the steps needed to establish a functional cluster environment.

Omarchy is a directory structure orchestrator that automates the provisioning and maintenance of file system hierarchies. By utilizing declarative configuration files, it allows users to define a desired workspace layout that serves as a single source of truth, ensuring that local development environments remain consistent and reproducible across distributed teams. The tool functions as an infrastructure-as-code utility for local environments, employing idempotent reconciliation to compare the current file system state against the defined configuration. It automatically applies only the necessary changes to align the workspace with the target state, effectively managing complex, nested directory trees through a recursive traversal engine. Beyond basic directory management, the system provides a platform-agnostic abstraction layer that enables standardized environment setup across different host operating systems. This approach supports the synchronization of workspace layouts and the automated configuration of necessary tools, facilitating uniform development standards regardless of the underlying hardware.

The Serverless Framework is a declarative infrastructure-as-code tool designed to automate the deployment, scaling, and lifecycle management of cloud-native applications. It provides a unified command-line interface that translates high-level configuration files into provider-specific resource templates, enabling developers to orchestrate complex architectures, event-driven functions, and cloud resources within a single project structure. What distinguishes this framework is its focus on developer experience and multi-environment parity. It supports local function invocation and event proxying, allowing developers to test and debug code locally against live cloud events without requiring constant redeployments. The framework also features a modular plugin system for extensibility and advanced service composition, which allows teams to manage related services as a single unit, share outputs between components, and coordinate deployments across multiple cloud accounts and stages. The platform covers a broad capability surface, including integrated secret management, dynamic variable resolution, and comprehensive observability tools that aggregate logs, metrics, and traces. It also provides specialized support for configuring API infrastructure, managing GraphQL schemas, and exposing business logic to AI agents through secure gateway controls and standardized interface definitions. The framework is managed through configuration files that define infrastructure, event triggers, and environment-specific settings, with installation and operation handled via a standard command-line interface.

Chef is a configuration management platform and infrastructure as code framework used to automate the deployment and maintenance of infrastructure state across a fleet of servers. It operates as an idempotent automation engine, ensuring systems converge to a desired state by applying only the necessary changes to resolve differences. The system functions as a multi-platform server orchestrator capable of managing infrastructure across different operating systems, cloud providers, and hardware architectures. It includes a dedicated infrastructure testing framework to verify configuration code by deploying it to temporary virtual instances and running automated validation checks. The platform covers broad capability areas including cloud environment provisioning, enterprise server automation, and the management of Windows infrastructure. It provides tools for detecting system runtimes, virtualization states, and node architectures to apply conditional configuration logic.

This project is a production-ready enterprise boilerplate and starter for building high-performance web applications with Next.js. It provides a foundational architecture for large-scale application bootstrapping, combining a TypeScript web starter with a pre-configured project structure and professional toolset. The project distinguishes itself through an integrated suite of operational tools, including CI/CD deployment pipelines, infrastructure-as-code provisioning, and a component-driven UI development sandbox. It incorporates a utility-first styling architecture using Tailwind CSS and a layered testing strategy that spans unit, integration, and end-to-end tests. The codebase further covers comprehensive quality and reliability capabilities, including type-safe environment configuration, automated quality gate pipelines, and bundle size analysis. It also implements observability-driven health monitoring to track the status of live production environments.

Colima is a command-line utility that provides lightweight container runtimes and local Kubernetes orchestration by managing isolated virtual machine environments. It functions as a virtualization manager that abstracts the underlying container engine, allowing users to run containerized applications and system workloads on non-native operating systems without the overhead of heavy desktop software. The project distinguishes itself through its support for hardware-accelerated workloads, enabling direct GPU passthrough to virtual machines for high-performance machine learning tasks. It offers robust profile-based configuration management, which allows users to maintain multiple independent runtime instances with dedicated resources, and supports seamless switching between different container engines to suit specific development requirements. Beyond core container and orchestration management, the tool provides comprehensive control over virtual machine lifecycles, including persistent volume mapping and resource optimization for CPU, memory, and disk usage. It facilitates secure interaction with these environments through socket forwarding and direct shell access, ensuring that developers can monitor and debug isolated instances effectively. Colima is distributed as a command-line tool that automates the initialization and configuration of virtualized environments through simple flags and configuration files.

Coder is a self-hosted platform for provisioning and managing isolated, containerized development environments. It provides a centralized infrastructure for teams to deploy ephemeral workspaces on private cloud or on-premises hardware, ensuring consistent toolchains and dependencies across distributed development environments. The platform distinguishes itself through its focus on secure, infrastructure-as-code governance and autonomous agent integration. It allows organizations to define reusable, versioned environment templates that integrate with existing identity providers and role-based access controls. Beyond standard workspace management, it supports AI-assisted coding workflows by executing autonomous agents within secure, sandboxed environments, providing centralized oversight and planning enforcement for complex development tasks. The system covers a broad range of operational capabilities, including automated lifecycle management, cost optimization through resource scaling, and bidirectional file synchronization between local machines and remote instances. It supports diverse access methods, ranging from browser-based terminals and remote graphical desktops to direct integration with local desktop editors. The platform is designed for deployment across various infrastructure providers and supports operation within air-gapped or disconnected networks. Documentation and installation guides are provided to assist with the setup of server clusters and the configuration of environment templates.

This project is an automated command-line tool designed to install and configure a secure network gateway on a host machine. By utilizing established open-source security protocols, it establishes a private tunnel endpoint that encrypts internet traffic and facilitates remote access connectivity for authorized users. The tool functions as an infrastructure lifecycle manager, streamlining the deployment of private network services through shell-script-based orchestration. It distinguishes itself by integrating directly with the Linux kernel to manage packet filtering rules and providing credential-based access control, which generates and stores unique security keys locally for identity verification. Beyond the initial setup, the software includes administrative utilities for managing user accounts and configuring network parameters such as custom domain name servers via environment variables. It also supports the complete removal of the gateway and its associated configuration files to manage system resources.