Deploy production-ready applications on AWS in minutes using AWS CDK for Java.
This repository demonstrates the CloudForge platform with opinionated defaults, multiple deployment options, and enterprise-grade compliance features.
- 15+ Supported Applications - Jenkins, GitLab, Grafana, PostgreSQL, Redis, Vault, SonarQube, and more
- EC2 or Fargate - Choose your compute type at deploy time
- Plugin Architecture - Extensible application and compliance plugins via Java SPI
- Multi-Framework Compliance - SOC2, PCI-DSS, HIPAA, GDPR out of the box
- OIDC Authentication - Cognito, AWS Identity Center, or external providers
- Application Load Balancer - Scalable, secure traffic routing with SSL/TLS
- Multi-Availability Zone - Fault tolerance at no extra effort
The interactive deployer guides you through configuration choices and generates a deployment context file.
# Synthesize with interactive prompts (creates deployment-context.json)
cdk synth
# Review the generated CloudFormation template, then deploy
cdk deploy
# Or preview changes without executing
cdk deploy --no-executeUse a pre-configured template for faster deployments.
# Copy a deployment context template
cp docs/deployment-contexts/examples/jenkins-dev.json deployment-context.json
# Edit with your settings
vim deployment-context.json
# Deploy
cdk deploy -c cfc=@deployment-context.json- AWS CDK CLI:
npm install -g aws-cdk - AWS Credentials:
aws configure - Java 21+: Required for compilation
- Maven: For building the project
| Category | Applications |
|---|---|
| CI/CD | Jenkins, GitLab, Drone |
| Version Control | Gitea |
| Monitoring | Grafana, Prometheus |
| Databases | PostgreSQL, Redis |
| Secrets Management | HashiCorp Vault |
| Artifact Registry | Nexus, Harbor |
| Collaboration | Mattermost |
| Analytics | Metabase, Apache Superset |
| Code Quality | SonarQube |
For comprehensive guides, API references, and detailed configuration options, visit the hosted documentation:
- Application catalog and deployment guides
- Deployment context configuration reference
- Compliance framework implementation
- Plugin development guides
- Authentication and security setup
| Application | Development | Production |
|---|---|---|
| Jenkins | jenkins-dev.json | jenkins-production.json |
| Mattermost | mattermost-dev.json | mattermost-production.json |
| Metabase | metabase-dev.json | metabase-production.json |
| GitLab | - | gitlab-production.json |
| Grafana | - | grafana-production.json |
| Harbor | - | harbor-production.json |
| SonarQube | - | sonarqube-production.json |
| Framework | Quick Start | Staging | Production |
|---|---|---|---|
| SOC2 | compliance-soc2-quick.json | compliance-soc2-staging.json | compliance-soc2-production.json |
| HIPAA | compliance-hipaa-quick.json | - | compliance-hipaa-production.json |
| PCI-DSS | - | - | compliance-pci-dss-production.json |
| Environment | Template | Cost Estimate |
|---|---|---|
| Dev Minimal | dev-minimal.json | ~$35/month |
| Dev Standard | dev-standard.json | ~$95/month |
| Staging SOC2 | staging-soc2.json | ~$220/month |
| Production SOC2 | production-soc2.json | ~$400/month |
| Production HIPAA | production-hipaa.json | ~$550/month |
| Production PCI-DSS | production-pci-dss.json | ~$710/month |
Visit the hosted documentation for comprehensive guides and API references.
- Getting Started - Interactive deployment guide
- Application Catalog - All supported applications
- Deployment Context Reference - Configuration options
- Compliance Frameworks - SOC2, HIPAA, PCI-DSS
- Plugin Development - Build custom plugins
- Authentication Setup - SSO and OIDC configuration
Note: The
/docsfolder in this repository serves as the source for the hosted documentation
cloudforge-sample/
├── src/main/java/com/cloudforgeci/samples/
│ ├── app/
│ │ ├── CloudForgeCommunitySample.java # Main CDK app entry point
│ │ └── InteractiveDeployer.java # Interactive CLI deployer
│ ├── launchers/
│ │ ├── ApplicationEc2Stack.java # Universal EC2 deployment stack
│ │ └── ApplicationFargateStack.java # Universal Fargate deployment stack
│ └── plugins/
│ ├── application/
│ │ └── SonarQubeApplicationSpec.java # Example application plugin
│ └── compliance/
│ └── CustomSecurityPolicyRules.java # Example compliance plugin
├── docs/
│ ├── applications/ # Application catalog and specs
│ ├── compliance/ # Compliance framework documentation
│ ├── databases/ # Database deployment guides
│ ├── deployment-contexts/ # Ready-to-use JSON templates
│ ├── guides/ # Implementation guides
│ ├── plugins/ # Plugin development documentation
│ └── setup/ # Initial setup guides
└── src/main/resources/META-INF/services/
├── com.cloudforge.core.interfaces.ApplicationSpec
└── com.cloudforge.core.interfaces.FrameworkRules
CloudForge uses Java's ServiceLoader for plugin discovery, enabling extensibility without modifying core code.
- Application Plugins - Define custom applications by implementing
ApplicationSpec - Compliance Plugins - Add custom compliance rules via
FrameworkRules
Example plugins are included in src/main/java/com/cloudforgeci/samples/plugins/.
CloudForge supports multiple authentication modes:
none- Application-native authentication (development)alb-oidc- ALB-level OIDC authenticationapplication-oidc- Application-level OIDC with group/role mapping
Supports Amazon Cognito, AWS IAM Identity Center, and external OIDC providers (Okta, Auth0, Azure AD).
CloudForge provides automated compliance enforcement for:
- SOC2 - Access control, encryption, audit logging
- PCI-DSS - Cardholder data protection, network security
- HIPAA - PHI encryption, audit trails, access controls
- GDPR - Data protection, consent management
Automated controls include S3 lifecycle management, IAM policy enforcement, CloudTrail audit logging, AWS Config monitoring, and encryption at rest.
CloudForge comes in two editions:
- Fully open, with no restrictions
- Use in personal, enterprise, or commercial projects at no cost
- Includes core features: EC2/Fargate deploys, ALB, Domain/Subdomain, SSL, Multi-AZ
Adds advanced features for production workloads:
- Web Application Firewall (WAF)
- Private Endpoints (ECR, S3, CloudWatch)
- Single Sign-On (SSO with ALB IdP + application integration)
- Automated Backups
- Advanced Monitoring
- Commercial support & feature roadmap
Eligible to receive Enterprise Edition features free of charge. Our way of honoring and supporting those who've served.
- Documentation: https://cloudforgeci.github.io/cfc-core/documentation/
- Issues: GitHub Issues
Apache 2.0 - See LICENSE for details.