XeroOps provisions enterprise-grade AWS infrastructure into your own account in minutes — and ships a pre-wired Python SDK so your first route hits a HA database, Redis, and structured logging without touching a config file.
Every team re-solves the same infra problems. XeroOps eliminates that entirely — and the compiled Python SDK that comes with it distills decades of production patterns so you're not re-inventing those either.
Weeks setting up Terraform — VPCs, subnets, security groups, IAM roles, just to get started
Rebuild from toy to prod — local dev env collapses under real load, emergency rewrite in month 4
$800–1,200/month EC2 bills — always-on infra billing 24/7 even when nobody is coding
No connection pooling, no HA — PgBouncer and DB replication are "future problems" until they aren't
CI/CD duct-taped together — GitHub Actions into a single EC2, no rollback, no deployment history
One command, full infra — xeroops init provisions your entire AWS stack in minutes, not weeks
Production from day one — the same infra you dev against is the infra you run in production. No rebuild
Pay only when coding — stop EC2s in the evening, fixed infra costs zero. Start again in 60 seconds
PgBouncer + DB replication baked in — connection pooling and HA are not an afterthought, they're default
Redis-based CI/CD included — deployment subscriber on every node. Push wheel, it deploys everywhere
Your provisioned infra includes all of this — running, tested, production-hardened.
elements.db, elements.redis, elements.fastapi, elements.logger — pre-wired to your infra. Import and build. No boilerplate connection code.
Private encrypted tunnel into your infra. Your team connects, sees services internally. Nothing is exposed to the internet unnecessarily.
OpenResty handles SSL termination with auto-renewed Let's Encrypt certs, routing, and runs a Lua-based WAF at the edge — rate limiting, IP blocking, SQLi/XSS filtering. No AWS WAF cost.
Google OAuth and magic link — built in, on your own EC2. Role-based access control with per-domain user management, tier assignment, and permission groups. No third-party auth dependency.
Primary and replica nodes with streaming replication. PgBouncer handles connection pooling. HAProxy auto-configures from service discovery and routes writes to primary, reads to replica. Production patterns from day zero.
Push a wheel to S3, publish to Redis channel — every node pulls, installs, and restarts your service. No GitHub Actions, no pipeline setup.
JSON logs from every node, uploaded to S3. Inverted index in Management Redis. Full-text log search via your dashboard, no ELK stack needed.
Instance discovery service runs on all nodes. Writes health and topology to Management Redis. HAProxy config regenerates automatically on changes.
All nodes except the load balancer are in private subnets with no internet access. Data stays in your VPC, in your AWS account. Always.
Web Application Firewall running as Lua inside OpenResty. Rate limiting, IP blocking, request filtering — at the edge, before requests hit your app. No AWS WAF bill.
Scheduled WAL-G continuous archiving to your S3 bucket. Automated restore tests verify your backups actually work. Point-in-time recovery ready from day one.
Built-in web dashboard with five panels: cluster health and node status, distributed log search across all nodes, domain management, role-based access control, and user management — no third-party tooling required.
EC2 instances are the only thing that costs money. Your VPC, ENIs, security groups, EIPs, and S3 — all preserved, all free when idle.
When you start again, EC2s launch from AMIs, pull credentials from S3, your apps reinstall from the deployment subscriber, and everything is back to exactly where you left it.
Destroys EC2 instances only. All network config preserved. Takes 30 seconds.
Relaunches from AMIs. ENIs reattach with same IPs. WireGuard config still valid.
cloud-init pulls config from S3. Deployment subscriber reinstalls your apps. Fully operational.
That's what XeroOps means. The ops person provisions once. Everyone else just uses the product.
No monthly platform fee. No lock-in. You own the infrastructure — we provision it.
The questions we hear most from engineers evaluating XeroOps.
Terraform is a general-purpose provisioning tool — you still have to write all the infrastructure code. XeroOps is opinionated, pre-built, and includes running services (auth, database, VPN, CI/CD) not just AWS resources. One command, not 2,000 lines of HCL.
No. Everything runs in your AWS account. Your license is cryptographically bound to your AWS account ID — it doesn't work anywhere else. No backdoors, no agents phoning home, no Dassore servers involved after purchase.
It's your infrastructure. SSH in, edit nginx configs, change PostgreSQL settings, add services — anything you'd do on a normal server. XeroOps provisions and manages the lifecycle; it doesn't lock you in or prevent changes.
~$220/month if you run EC2 during business hours only (~45hrs/wk) and use xeroops cleanup overnight. ~$900/month if always-on. Your choice — the infrastructure scales to how you work.
Yes. XeroOps provisions the database servers, replication, and connection pooling — what you put in the databases is entirely yours. The elements SDK connects your FastAPI services to the databases with two lines of code.
The elements SDK is Python. The infrastructure itself — load balancer, VPN, database, Redis, S3 — works with any language or framework. Run Node, Go, Ruby behind the load balancer. The SDK just removes the PostgreSQL and Redis boilerplate for Python services.