SaaS Platform • License & Build • TypeScript + AWS CDK + Next.js

Do Not Build from Scratch. License a Production-Ready SaaS Foundation.

The Autolastic SaaS Platform gives you authentication, RBAC, billing, multi-tenancy, WAF, CI/CD, SSO, and 60+ enterprise features — fully implemented, fully tested, and ready on day one.

Stop spending months on infrastructure that is not your core product. License the platform, customize it with a single config file, and ship your SaaS faster.

Get Started — Contact Us See All Features

90+ features

Ready on day one

AWS CDK

Full Infrastructure as Code

TypeScript

End-to-end type safety

Upgradable

Pull all future improvements

What You Get on Day One

Auth, SSO, MFA, RBAC out of the box
Stripe billing fully integrated
WAF, CSP, and security hardened
Full IaC — CDK deploys everything
GitHub Actions CI/CD pre-wired
Multi-tenant organization model
Activity audit logging (GDPR-ready)
Smoke tests run on every deploy

Monthly and annual licensing available.

Why License Instead of Build?

Every SaaS product needs the same foundation. Stop reinventing it.

Months of Work — Instant

Auth, billing, multi-tenancy, IaC, and CI/CD take 3-6 months to build well. With the platform, you have it on day one.

Enterprise-Grade from the Start

WAF, SSO, RBAC, audit logging, GDPR export, and security hardening are production-ready — not afterthoughts added later.

Upgrade and Stay Current

Licensed customers can run the platform upgrade workflow and pull all improvements, bug fixes, and new features as they ship.

How It Works

From first call to production deploy — here is how you go live with the Autolastic SaaS Platform.

License & configure
Choose monthly or annual licensing. Set your domain, branding, billing plans, feature flags, and security policies in a single instance.config.ts file.
Bootstrap & deploy
Run the one-time bootstrap script to wire up AWS OIDC, IAM, and CDK. Then deploy your entire stack — auth, billing, API, and frontend — with a single CDK command.
Build your product
With 90+ features already handled, focus entirely on your product-specific logic. Add custom pages, API routes, and integrations on top of the platform packages.

What the Platform Is Built On

Enterprise-grade choices — no exotic dependencies.

Frontend

Next.js (static export)
TypeScript
AWS Amplify UI
S3 + CloudFront hosting

Backend

AWS Lambda (serverless)
API Gateway HTTP API
PostgreSQL (Aurora Serverless)
Zod schema validation

Infrastructure

AWS CDK v2 (TypeScript)
Route53, ACM, CloudFront
Cognito, Secrets Manager
WAF, SQS, EventBridge

DevOps

GitHub Actions CI/CD
GitHub OIDC (no stored keys)
AWS CodeArtifact (npm registry)
Playwright smoke tests

Licensed Customers Get All Future Improvements

The Autolastic SaaS Platform is continuously improved. Licensed customers can run the built-in upgrade-platform workflow at any time to pull the latest version — including new features, security patches, performance improvements, and bug fixes. You stay current without rebuilding anything.

Get Started

Complete Feature List

Everything implemented, tested, and documented. Not promises — shipped code.

Authentication & Identity

AWS Cognito User Pool integration with JWT-based auth
Email + password registration and login
Google OAuth 2.0 social sign-in (configurable)
TOTP multi-factor authentication (optional or required)
User profile management with avatar uploads
Configurable idle timeout and token validity (access, ID, refresh)
Token invalidation on sensitive operations
Account suspension, restoration, and purge lifecycle
Magic link invitations with secure token validation
Force password reset for compromised accounts
Cognito Hosted UI fallback support

Authorization & RBAC

Three built-in roles: Owner, Admin, Member
Custom org-scoped role creation and management
40+ fine-grained permissions across 20+ resources
Permission enforcement on all protected API routes
Role assignment at the organizational level
Superadmin privilege elevation with lineage tracking
Member status lifecycle: active, suspended, deleted
Feature flag system with resolution order: user > org > global
Audit middleware for tracking all user actions

Single Sign-On (SSO)

SAML 2.0 identity provider support
OpenID Connect (OIDC) identity provider support
Per-organization SSO configuration and enforcement
Just-in-time (JIT) provisioning for new SSO users
Email domain mapping to SSO providers
Multiple email domains per SSO config
OIDC client secrets stored in AWS Secrets Manager
SSO configuration testing and validation UI
Automatic Cognito IdP provisioning

Multi-Tenancy & Organizations

Multi-organization support per user
Organization creation, updating, suspension, and deletion
Organization logo and branding asset uploads
Configurable max members per org and max orgs per user
Invite-only or public signup modes
Org status tracking: active, suspended, deleted
Test data flagging for isolation from production metrics
Organization metrics dashboard (user counts, activity summaries)
Org-level seat limits enforced by billing plan

Invitations & Access Control

Email-based org invitations with role assignment
Superadmin invitation flows
Invitation token generation with configurable TTL
Invitation acceptance with optional password setup
Pending invite listing and cancellation
Invite lifecycle: pending, accepted, cancelled

Billing & Subscriptions

Stripe integration for payment processing
Three-tier pricing model (Starter, Pro, Enterprise)
Monthly and annual billing cycles with discounts
Seat-based pricing per plan with configurable limits
Subscription plan creation, enabling, disabling, and archiving
Subscription upgrade, downgrade, and cancellation
Trial period support
Invoice history with PDF download
Payment method management (cards, brand, expiry)
Stripe Customer Portal integration (self-service)
Stripe Checkout integration (secure payment gateway)
Webhook handling for all subscription, invoice, and payment events
Stripe idempotency for webhook deduplication
Test mode support for staging/dev environments
Cancel at period end for graceful subscription wind-down
Billing period tracking (current_period_start, current_period_end)

Infrastructure & AWS

Serverless compute: AWS Lambda for all backend functions
API Gateway HTTP API with custom domains and CORS
Aurora Serverless PostgreSQL v16 with read replicas
RDS Proxy for connection pooling under high Lambda concurrency
AWS Cognito User Pools and Identity Providers
S3 for static app hosting, media uploads, and WAF logs
CloudFront CDN for global delivery of app and media
Route53 DNS with multi-subdomain routing
ACM TLS certificate management
AWS Secrets Manager for API keys, OAuth secrets, DB credentials
CloudWatch Logs, Metrics, and Alarms
WAF Web Application Firewall on CloudFront and API Gateway
VPC private networking for RDS
GitHub OIDC for CI/CD — no long-lived AWS keys stored
EventBridge scheduled rules for maintenance tasks
SQS FIFO queues for WAF change request processing
Kinesis Firehose for WAF log delivery to S3
AWS SES for transactional email delivery
X-Ray distributed tracing for all Lambda functions

Web Application & UI

Next.js static-export frontend (S3 + CloudFront)
Responsive dashboard with org and member metrics
User profile and account settings pages
Organization management and branding interface
Member and role management with RBAC UI
Subscription and billing pages with invoice viewer
Media upload UI with presigned URL flow
Activity and audit log viewer with filtering
Full-text search across users, orgs, and resources
Custom theme support (6-color palette + logo)
WAF management console (IP lists, rate limits, rules)
Feature flag admin interface with per-org overrides
CSP violation reporting and monitoring
SSO configuration UI (SAML and OIDC)
Superadmin management interface
Drag-and-drop sortable lists for plan ordering
QR code generation for TOTP MFA enrollment
Platform status and health check pages
Help and documentation pages with search

Security & Compliance

Content Security Policy (CSP) enforcement (report-only or enforce)
WAF managed rule groups: OWASP Top 10, Known Bad Inputs, Bot Control
IP allow/block/temporary-block lists (IPv4 and IPv6)
Global rate limiting (5,000 req/5 min) and endpoint rate limits
WAF audit log and change history with Kinesis Firehose
Secrets scanning in CI (gitleaks)
Least-privilege IAM roles — no IAM users
HTTPS-only enforcement with HSTS
CloudFront Origin Access Control (private S3)
Webhook HMAC signature verification
User token invalidation on sensitive operations
Org-level MFA enforcement policy (optional or required per org)
Email domain allowlisting for signup restriction
WAF temporary IP blocks with auto-expiry via EventBridge
IP block reason tracking and audit logging

Activity Logging & Audit Trail

Append-only audit log table (immutable)
Action, target type, target ID, and actor tracking
Filtering by action, target, date range, and actor
Activity export to CSV and JSON (GDPR compliance)
Organization-scoped activity visibility
Actor identity preserved after user deletion
WAF change request lifecycle tracking (pending, applying, applied, failed)
WAF revert capability with reason tracking

Media & Asset Management

S3-based file upload with presigned URLs
Avatar and organization logo management
Image processing: WebP conversion and responsive sizing
Multi-size image variant generation
Soft-delete with deferred S3 cleanup
CloudFront CDN delivery with custom media domain
File size and content type validation

Observability & Monitoring

Structured CloudWatch Logs for all Lambda functions
CloudWatch Alarms for Lambda errors, throttles, and API 5xx
RDS connection monitoring and alerts
WAF event insights via CloudWatch metrics
X-Ray distributed tracing support
Request and response logging with sensitive data redaction
Performance metrics: route, status code, duration
WAF CloudWatch dashboard (6h, 24h, 48h, 7d views)
Dead letter queue alarm for failed async jobs

CI/CD & DevOps

GitHub Actions: CI, release, version bump, publish, deploy
Reusable GitHub Actions workflows for infra and app deployments
AWS CDK v2 Infrastructure as Code (TypeScript)
Change detection — only deploy changed components
Playwright smoke tests run automatically post-deploy
Rollback workflows for emergency redeployment
Private npm packages published to AWS CodeArtifact
Semantic versioning with automated bump and tagging
Pre-push hooks run all CI checks locally before any push
Self-healing doctor.sh for local environment setup

Customization & White-Label

Single instance.config.ts file as the source of truth
Domain customization (root domain and subdomain prefixes)
6-color theme palette fully configurable
Logo URL and brand name customization
Feature flag toggles per instance (billing, SSO, MFA, media, etc.)
Billing plan definitions: names, prices, seat limits, features
Security policy configuration (token TTL, idle timeout, MFA mode)
Email configuration (support email, from name)
Navigation customization (sidebar position, instance-specific pages)
Email domain restrictions for signup (allow-list)

Scalability & Performance

Serverless architecture — no servers to manage
Aurora Serverless auto-scaling (pay-per-request mode available)
RDS Proxy handles thousands of concurrent Lambda connections
CloudFront caching for static assets and CDN delivery
Pagination on all list endpoints (limit/offset)
Composite database indexes for common query patterns
SQL advisory locking to prevent cold-start thundering herd
Lambda secrets caching to minimize cold-start latency
Zod schema validation on all API request bodies

Platform Administration

Superadmin role with global platform access
Platform-wide settings: shutdown mode and test mode
Feature flag overrides per organization and per user
All organization billing data accessible to superadmins
Test data management: creation and cleanup scripts
Database management via RDS Data API
Cognito user pool administration endpoints
User orphan detection (users with no organizations)
Platform health check and status API endpoints
Superadmin invitation, suspension, and purge lifecycle

Licensing Pricing

One license. All features. All future updates. Save 15% with annual billing.

Monthly License

$9,000/month

Full access to the Autolastic SaaS Platform. Cancel any time.

All 90+ features included
Access to all platform updates
Run the upgrade workflow to stay current
Single config file customization
White-label branding and theming

Annual LicenseSave 15%

$91,800/year

Full access at a 15% discount over monthly. Best for committed builds.

Everything in Monthly
15% annual savings ($16,200 saved)
Priority support
Onboarding assistance

Custom enterprise pricing available for multi-instance or reseller arrangements. Contact us to discuss.

FAQ

Common questions about the SaaS Platform license.

What do I get when I license the platform?

You get full access to the Autolastic SaaS Platform codebase: all packages, all infrastructure code, all CI/CD workflows, documentation, and the upgrade mechanism. You configure it with a single TypeScript config file and deploy with a single CDK command.

Can I customize it for my product?

Yes. The platform is designed for customization. You set your domain, branding, feature flags, billing plans, security policies, and more via instance.config.ts. You can also add custom pages and API routes by building on top of the platform packages.

How do platform upgrades work?

The platform includes a reusable GitHub Actions workflow called upgrade-platform. Running it pulls the latest platform version, updates your packages, runs CI, and deploys — keeping your instance current without manual migration work.

What AWS services does it use?

The platform uses Lambda, API Gateway, Aurora Serverless PostgreSQL, RDS Proxy, Cognito, S3, CloudFront, Route53, ACM, Secrets Manager, CloudWatch, WAF, SQS, EventBridge, Kinesis Firehose, and CodeArtifact. All provisioned and managed via AWS CDK.

Do I need to build my own CI/CD pipeline?

No. The platform ships with pre-built GitHub Actions workflows for CI, deploy, release, smoke tests, rollback, and version upgrades. You run one bootstrap script and CI is fully operational.