@digilogiclabs/create-saas-app 1.20.1 → 2.1.0

package/dist/templates/infrastructure/kubernetes/base/template/serviceaccount.yaml

@@ -0,0 +1,9 @@
+# {{titleCaseName}} - Kubernetes Service Account
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{projectName}}
+  namespace: {{projectName}}
+  labels:
+    app.kubernetes.io/name: {{projectName}}
+automountServiceAccountToken: false

package/dist/templates/infrastructure/kubernetes/production/template/kustomization.yaml

@@ -0,0 +1,92 @@
+# {{titleCaseName}} - Production Overlay
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+
+metadata:
+  name: {{projectName}}-production
+
+namespace: {{projectName}}-production
+
+resources:
+  - ../../base/template
+
+nameSuffix: ""
+
+commonLabels:
+  app.kubernetes.io/environment: production
+
+# Production-specific image
+images:
+  - name: {{projectName}}
+    newName: ghcr.io/your-org/{{projectName}}
+    newTag: production
+
+# Production patches
+patches:
+  # Increase replicas
+  - target:
+      kind: Deployment
+      name: {{projectName}}
+    patch: |-
+      - op: replace
+        path: /spec/replicas
+        value: 3
+
+  # Increase resources
+  - target:
+      kind: Deployment
+      name: {{projectName}}
+    patch: |-
+      - op: replace
+        path: /spec/template/spec/containers/0/resources
+        value:
+          requests:
+            cpu: 250m
+            memory: 512Mi
+          limits:
+            cpu: 1000m
+            memory: 1Gi
+
+  # Update HPA for production
+  - target:
+      kind: HorizontalPodAutoscaler
+      name: {{projectName}}
+    patch: |-
+      - op: replace
+        path: /spec/minReplicas
+        value: 3
+      - op: replace
+        path: /spec/maxReplicas
+        value: 20
+
+  # Update PDB for production
+  - target:
+      kind: PodDisruptionBudget
+      name: {{projectName}}
+    patch: |-
+      - op: replace
+        path: /spec/minAvailable
+        value: 2
+
+  # Update ingress host for production
+  - target:
+      kind: Ingress
+      name: {{projectName}}
+    patch: |-
+      - op: replace
+        path: /spec/tls/0/hosts/0
+        value: "{{projectName}}.com"
+      - op: replace
+        path: /spec/tls/0/secretName
+        value: {{projectName}}-production-tls
+      - op: replace
+        path: /spec/rules/0/host
+        value: "{{projectName}}.com"
+
+# Production ConfigMap overrides
+configMapGenerator:
+  - name: {{projectName}}-config
+    behavior: merge
+    literals:
+      - APP_URL=https://{{projectName}}.com
+      - LOG_LEVEL=warn

package/dist/templates/infrastructure/terraform/aws/template/README.md

@@ -0,0 +1,156 @@
+# {{titleCaseName}} - AWS Infrastructure
+
+Terraform configuration for deploying {{titleCaseName}} to AWS with Vercel frontend.
+
+## Architecture
+
+```
+┌─────────────────────────────────────────────────────────────┐
+│                         Internet                            │
+└─────────────────────────────────────────────────────────────┘
+                              │
+              ┌───────────────┼───────────────┐
+              ▼               ▼               ▼
+        ┌──────────┐   ┌───────────┐   ┌───────────┐
+        │  Vercel  │   │ CloudFront│   │  Supabase │
+        │ (App)    │   │ (CDN)     │   │ (Auth/DB) │
+        └──────────┘   └───────────┘   └───────────┘
+                              │
+                              ▼
+                       ┌───────────┐
+                       │    S3     │
+                       │ (Storage) │
+                       └───────────┘
+
+        ┌───────────┐   ┌───────────┐   ┌───────────┐
+        │    SQS    │   │  Secrets  │   │CloudWatch │
+        │ (Queue)   │   │ Manager   │   │ (Logs)    │
+        └───────────┘   └───────────┘   └───────────┘
+```
+
+## Prerequisites
+
+1. **AWS Account** with appropriate permissions
+2. **Vercel Account** with API token
+3. **Supabase Project** created
+4. **Terraform** >= 1.0 installed
+5. **AWS CLI** configured with credentials
+
+## Quick Start
+
+1. **Initialize Terraform:**
+   ```bash
+   terraform init
+   ```
+
+2. **Create variables file:**
+   ```bash
+   cp terraform.tfvars.example terraform.tfvars
+   ```
+
+3. **Update variables:**
+   Edit `terraform.tfvars` with your values.
+
+4. **Plan changes:**
+   ```bash
+   terraform plan
+   ```
+
+5. **Apply changes:**
+   ```bash
+   terraform apply
+   ```
+
+## Resources Created
+
+| Resource | Purpose |
+|----------|---------|
+| Vercel Project | Frontend hosting with automatic deployments |
+| S3 Bucket | File storage with versioning and encryption |
+| CloudFront Distribution | CDN for S3 content |
+| SQS Queues | Background job processing (main + DLQ) |
+| Secrets Manager | Secure storage for API keys |
+| IAM Role | Execution role for Lambda/ECS |
+| CloudWatch Log Group | Centralized logging |
+| SNS Topic | Alert notifications |
+
+## Environments
+
+### Staging
+```bash
+terraform workspace new staging
+terraform apply -var="environment=staging"
+```
+
+### Production
+```bash
+terraform workspace new production
+terraform apply -var="environment=production"
+```
+
+## Remote State (Recommended for Teams)
+
+1. Create S3 bucket and DynamoDB table:
+   ```bash
+   aws s3 mb s3://{{projectName}}-terraform-state
+   aws dynamodb create-table \
+     --table-name {{projectName}}-terraform-locks \
+     --attribute-definitions AttributeName=LockID,AttributeType=S \
+     --key-schema AttributeName=LockID,KeyType=HASH \
+     --billing-mode PAY_PER_REQUEST
+   ```
+
+2. Uncomment backend configuration in `main.tf`
+
+3. Re-initialize:
+   ```bash
+   terraform init -migrate-state
+   ```
+
+## Security Notes
+
+- All S3 buckets have public access blocked
+- Encryption enabled at rest (AES256)
+- Secrets stored in Secrets Manager
+- IAM follows least-privilege principle
+- CloudFront uses HTTPS only
+
+## Cost Estimation
+
+| Resource | Estimated Monthly Cost |
+|----------|----------------------|
+| Vercel | Free - $20 (Hobby/Pro) |
+| S3 | ~$5 (50GB storage) |
+| CloudFront | ~$10 (100GB transfer) |
+| SQS | ~$1 (1M requests) |
+| Secrets Manager | ~$1 (4 secrets) |
+| CloudWatch | ~$5 (10GB logs) |
+| **Total** | **~$22-42/month** |
+
+## Cleanup
+
+```bash
+terraform destroy
+```
+
+## Troubleshooting
+
+### Vercel API Token
+Generate at: https://vercel.com/account/tokens
+
+### AWS Credentials
+```bash
+aws configure
+# Or use environment variables:
+export AWS_ACCESS_KEY_ID="xxx"
+export AWS_SECRET_ACCESS_KEY="xxx"
+```
+
+### State Lock Issues
+```bash
+terraform force-unlock LOCK_ID
+```
+
+## License
+
+MIT - Built with DLL Platform

package/dist/templates/infrastructure/terraform/aws/template/main.tf

@@ -0,0 +1,343 @@
+# {{titleCaseName}} - AWS Infrastructure
+# Terraform configuration for deploying to AWS with Vercel frontend
+
+terraform {
+  required_version = ">= 1.0"
+
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 5.0"
+    }
+    vercel = {
+      source  = "vercel/vercel"
+      version = "~> 1.0"
+    }
+  }
+
+  # Uncomment for remote state storage
+  # backend "s3" {
+  #   bucket         = "{{projectName}}-terraform-state"
+  #   key            = "terraform.tfstate"
+  #   region         = "us-east-1"
+  #   dynamodb_table = "{{projectName}}-terraform-locks"
+  #   encrypt        = true
+  # }
+}
+
+provider "aws" {
+  region = var.aws_region
+
+  default_tags {
+    tags = {
+      Project     = "{{projectName}}"
+      Environment = var.environment
+      ManagedBy   = "Terraform"
+    }
+  }
+}
+
+provider "vercel" {
+  api_token = var.vercel_api_token
+  team      = var.vercel_team_id
+}
+
+# ============================================
+# Vercel Project
+# ============================================
+
+resource "vercel_project" "app" {
+  name      = "{{projectName}}-${var.environment}"
+  framework = "nextjs"
+
+  git_repository = {
+    type = "github"
+    repo = var.github_repo
+  }
+
+  environment = [
+    {
+      key    = "NEXT_PUBLIC_SUPABASE_URL"
+      value  = var.supabase_url
+      target = ["production", "preview", "development"]
+    },
+    {
+      key    = "NEXT_PUBLIC_SUPABASE_ANON_KEY"
+      value  = var.supabase_anon_key
+      target = ["production", "preview", "development"]
+    },
+    {
+      key    = "SUPABASE_SERVICE_ROLE_KEY"
+      value  = var.supabase_service_role_key
+      target = ["production"]
+    },
+    {
+      key    = "NEXT_PUBLIC_APP_URL"
+      value  = "https://${var.domain}"
+      target = ["production"]
+    }
+  ]
+}
+
+resource "vercel_project_domain" "app" {
+  project_id = vercel_project.app.id
+  domain     = var.domain
+}
+
+# ============================================
+# S3 Bucket for File Storage
+# ============================================
+
+resource "aws_s3_bucket" "storage" {
+  bucket = "{{projectName}}-${var.environment}-storage"
+}
+
+resource "aws_s3_bucket_versioning" "storage" {
+  bucket = aws_s3_bucket.storage.id
+  versioning_configuration {
+    status = "Enabled"
+  }
+}
+
+resource "aws_s3_bucket_server_side_encryption_configuration" "storage" {
+  bucket = aws_s3_bucket.storage.id
+
+  rule {
+    apply_server_side_encryption_by_default {
+      sse_algorithm = "AES256"
+    }
+  }
+}
+
+resource "aws_s3_bucket_public_access_block" "storage" {
+  bucket = aws_s3_bucket.storage.id
+
+  block_public_acls       = true
+  block_public_policy     = true
+  ignore_public_acls      = true
+  restrict_public_buckets = true
+}
+
+resource "aws_s3_bucket_cors_configuration" "storage" {
+  bucket = aws_s3_bucket.storage.id
+
+  cors_rule {
+    allowed_headers = ["*"]
+    allowed_methods = ["GET", "PUT", "POST", "DELETE", "HEAD"]
+    allowed_origins = ["https://${var.domain}"]
+    expose_headers  = ["ETag"]
+    max_age_seconds = 3000
+  }
+}
+
+# ============================================
+# CloudFront CDN for S3
+# ============================================
+
+resource "aws_cloudfront_origin_access_control" "storage" {
+  name                              = "{{projectName}}-${var.environment}-oac"
+  origin_access_control_origin_type = "s3"
+  signing_behavior                  = "always"
+  signing_protocol                  = "sigv4"
+}
+
+resource "aws_cloudfront_distribution" "storage" {
+  enabled             = true
+  is_ipv6_enabled     = true
+  comment             = "{{titleCaseName}} Storage CDN"
+  default_root_object = "index.html"
+  price_class         = "PriceClass_100"
+
+  origin {
+    domain_name              = aws_s3_bucket.storage.bucket_regional_domain_name
+    origin_id                = "S3-${aws_s3_bucket.storage.id}"
+    origin_access_control_id = aws_cloudfront_origin_access_control.storage.id
+  }
+
+  default_cache_behavior {
+    allowed_methods  = ["GET", "HEAD", "OPTIONS"]
+    cached_methods   = ["GET", "HEAD"]
+    target_origin_id = "S3-${aws_s3_bucket.storage.id}"
+
+    forwarded_values {
+      query_string = false
+      cookies {
+        forward = "none"
+      }
+    }
+
+    viewer_protocol_policy = "redirect-to-https"
+    min_ttl                = 0
+    default_ttl            = 3600
+    max_ttl                = 86400
+  }
+
+  restrictions {
+    geo_restriction {
+      restriction_type = "none"
+    }
+  }
+
+  viewer_certificate {
+    cloudfront_default_certificate = true
+  }
+}
+
+resource "aws_s3_bucket_policy" "storage" {
+  bucket = aws_s3_bucket.storage.id
+  policy = jsonencode({
+    Version = "2012-10-17"
+    Statement = [
+      {
+        Sid       = "AllowCloudFrontAccess"
+        Effect    = "Allow"
+        Principal = {
+          Service = "cloudfront.amazonaws.com"
+        }
+        Action   = "s3:GetObject"
+        Resource = "${aws_s3_bucket.storage.arn}/*"
+        Condition = {
+          StringEquals = {
+            "AWS:SourceArn" = aws_cloudfront_distribution.storage.arn
+          }
+        }
+      }
+    ]
+  })
+}
+
+# ============================================
+# SQS Queue for Background Jobs
+# ============================================
+
+resource "aws_sqs_queue" "jobs" {
+  name                       = "{{projectName}}-${var.environment}-jobs"
+  delay_seconds              = 0
+  max_message_size           = 262144
+  message_retention_seconds  = 1209600
+  receive_wait_time_seconds  = 10
+  visibility_timeout_seconds = 300
+
+  redrive_policy = jsonencode({
+    deadLetterTargetArn = aws_sqs_queue.jobs_dlq.arn
+    maxReceiveCount     = 3
+  })
+}
+
+resource "aws_sqs_queue" "jobs_dlq" {
+  name                      = "{{projectName}}-${var.environment}-jobs-dlq"
+  message_retention_seconds = 1209600
+}
+
+# ============================================
+# Secrets Manager
+# ============================================
+
+resource "aws_secretsmanager_secret" "app_secrets" {
+  name        = "{{projectName}}/${var.environment}/app"
+  description = "Application secrets for {{titleCaseName}}"
+}
+
+resource "aws_secretsmanager_secret_version" "app_secrets" {
+  secret_id = aws_secretsmanager_secret.app_secrets.id
+  secret_string = jsonencode({
+    STRIPE_SECRET_KEY      = var.stripe_secret_key
+    STRIPE_WEBHOOK_SECRET  = var.stripe_webhook_secret
+    OPENAI_API_KEY         = var.openai_api_key
+    ANTHROPIC_API_KEY      = var.anthropic_api_key
+  })
+}
+
+# ============================================
+# IAM Role for Lambda/ECS
+# ============================================
+
+resource "aws_iam_role" "app_execution" {
+  name = "{{projectName}}-${var.environment}-execution"
+
+  assume_role_policy = jsonencode({
+    Version = "2012-10-17"
+    Statement = [
+      {
+        Action = "sts:AssumeRole"
+        Effect = "Allow"
+        Principal = {
+          Service = ["lambda.amazonaws.com", "ecs-tasks.amazonaws.com"]
+        }
+      }
+    ]
+  })
+}
+
+resource "aws_iam_role_policy" "app_execution" {
+  name = "{{projectName}}-${var.environment}-execution-policy"
+  role = aws_iam_role.app_execution.id
+
+  policy = jsonencode({
+    Version = "2012-10-17"
+    Statement = [
+      {
+        Effect = "Allow"
+        Action = [
+          "s3:GetObject",
+          "s3:PutObject",
+          "s3:DeleteObject"
+        ]
+        Resource = "${aws_s3_bucket.storage.arn}/*"
+      },
+      {
+        Effect = "Allow"
+        Action = [
+          "sqs:SendMessage",
+          "sqs:ReceiveMessage",
+          "sqs:DeleteMessage",
+          "sqs:GetQueueAttributes"
+        ]
+        Resource = [
+          aws_sqs_queue.jobs.arn,
+          aws_sqs_queue.jobs_dlq.arn
+        ]
+      },
+      {
+        Effect = "Allow"
+        Action = [
+          "secretsmanager:GetSecretValue"
+        ]
+        Resource = aws_secretsmanager_secret.app_secrets.arn
+      },
+      {
+        Effect = "Allow"
+        Action = [
+          "logs:CreateLogGroup",
+          "logs:CreateLogStream",
+          "logs:PutLogEvents"
+        ]
+        Resource = "*"
+      }
+    ]
+  })
+}
+
+# ============================================
+# CloudWatch Log Group
+# ============================================
+
+resource "aws_cloudwatch_log_group" "app" {
+  name              = "/{{projectName}}/${var.environment}"
+  retention_in_days = 30
+}
+
+# ============================================
+# SNS Topic for Alerts
+# ============================================
+
+resource "aws_sns_topic" "alerts" {
+  name = "{{projectName}}-${var.environment}-alerts"
+}
+
+resource "aws_sns_topic_subscription" "alerts_email" {
+  count     = var.alert_email != "" ? 1 : 0
+  topic_arn = aws_sns_topic.alerts.arn
+  protocol  = "email"
+  endpoint  = var.alert_email
+}

package/dist/templates/infrastructure/terraform/aws/template/outputs.tf

@@ -0,0 +1,66 @@
+# {{titleCaseName}} - Terraform Outputs
+
+output "vercel_project_id" {
+  description = "Vercel project ID"
+  value       = vercel_project.app.id
+}
+
+output "vercel_domains" {
+  description = "Vercel project domains"
+  value       = [var.domain]
+}
+
+output "s3_bucket_name" {
+  description = "S3 storage bucket name"
+  value       = aws_s3_bucket.storage.id
+}
+
+output "s3_bucket_arn" {
+  description = "S3 storage bucket ARN"
+  value       = aws_s3_bucket.storage.arn
+}
+
+output "cloudfront_distribution_id" {
+  description = "CloudFront distribution ID"
+  value       = aws_cloudfront_distribution.storage.id
+}
+
+output "cloudfront_domain" {
+  description = "CloudFront distribution domain"
+  value       = aws_cloudfront_distribution.storage.domain_name
+}
+
+output "sqs_queue_url" {
+  description = "SQS jobs queue URL"
+  value       = aws_sqs_queue.jobs.url
+}
+
+output "sqs_queue_arn" {
+  description = "SQS jobs queue ARN"
+  value       = aws_sqs_queue.jobs.arn
+}
+
+output "sqs_dlq_url" {
+  description = "SQS dead letter queue URL"
+  value       = aws_sqs_queue.jobs_dlq.url
+}
+
+output "secrets_arn" {
+  description = "Secrets Manager secret ARN"
+  value       = aws_secretsmanager_secret.app_secrets.arn
+}
+
+output "execution_role_arn" {
+  description = "IAM execution role ARN"
+  value       = aws_iam_role.app_execution.arn
+}
+
+output "log_group_name" {
+  description = "CloudWatch log group name"
+  value       = aws_cloudwatch_log_group.app.name
+}
+
+output "sns_alerts_topic_arn" {
+  description = "SNS alerts topic ARN"
+  value       = aws_sns_topic.alerts.arn
+}

package/dist/templates/infrastructure/terraform/aws/template/terraform.tfvars.example

@@ -0,0 +1,28 @@
+# {{titleCaseName}} - Terraform Variables
+# Copy to terraform.tfvars and fill in values
+
+# General
+environment = "staging"
+aws_region  = "us-east-1"
+
+# Vercel
+vercel_api_token = "your-vercel-api-token"
+vercel_team_id   = null  # Optional: your-team-id
+github_repo      = "your-org/{{projectName}}"
+domain           = "{{projectName}}.com"
+
+# Supabase
+supabase_url              = "https://xxx.supabase.co"
+supabase_anon_key         = "your-supabase-anon-key"
+supabase_service_role_key = "your-supabase-service-role-key"
+
+# Stripe (Optional - leave empty if not using payments)
+stripe_secret_key     = ""
+stripe_webhook_secret = ""
+
+# AI (Optional - leave empty if not using AI features)
+openai_api_key    = ""
+anthropic_api_key = ""
+
+# Monitoring
+alert_email = "alerts@{{projectName}}.com"