CloudForge Sample Project

Deploy production-ready applications on AWS in minutes using AWS CDK for Java.

This repository demonstrates the CloudForge platform with opinionated defaults, multiple deployment options, and enterprise-grade compliance features.

---

Features

• 15+ Supported Applications - Jenkins, GitLab, Grafana, PostgreSQL, Redis, Vault, SonarQube, and more
• EC2 or Fargate - Choose your compute type at deploy time
• Plugin Architecture - Extensible application and compliance plugins via Java SPI
• Multi-Framework Compliance - SOC2, PCI-DSS, HIPAA, GDPR out of the box
• OIDC Authentication - Cognito, AWS Identity Center, or external providers
• Application Load Balancer - Scalable, secure traffic routing with SSL/TLS
• Multi-Availability Zone - Fault tolerance at no extra effort

---

Quick Start

Option 1: Interactive Deployer (Recommended)

The interactive deployer guides you through configuration choices and generates a deployment context file.

# Synthesize with interactive prompts (creates deployment-context.json)
cdk synth

# Review the generated CloudFormation template, then deploy
cdk deploy

# Or preview changes without executing
cdk deploy --no-execute

Option 2: Deployment Context File

Use a pre-configured template for faster deployments.

# Copy a deployment context template
cp docs/deployment-contexts/examples/jenkins-dev.json deployment-context.json

# Edit with your settings
vim deployment-context.json

# Deploy
cdk deploy -c cfc=@deployment-context.json

Prerequisites

1. AWS CDK CLI: npm install -g aws-cdk
2. AWS Credentials: aws configure
3. Java 21+: Required for compilation
4. Maven: For building the project

---

Supported Applications

Category	Applications
CI/CD	Jenkins, GitLab, Drone
Version Control	Gitea
Monitoring	Grafana, Prometheus
Databases	PostgreSQL, Redis
Secrets Management	HashiCorp Vault
Artifact Registry	Nexus, Harbor
Collaboration	Mattermost
Analytics	Metabase, Apache Superset
Code Quality	SonarQube

---

Documentation

📚 Complete Documentation

For comprehensive guides, API references, and detailed configuration options, visit the hosted documentation:

• Application catalog and deployment guides
• Deployment context configuration reference
• Compliance framework implementation
• Plugin development guides
• Authentication and security setup

---

Ready-to-Use Templates

By Application

Application	Development	Production
Jenkins	jenkins-dev.json	jenkins-production.json
Mattermost	mattermost-dev.json	mattermost-production.json
Metabase	metabase-dev.json	metabase-production.json
GitLab	-	gitlab-production.json
Grafana	-	grafana-production.json
Harbor	-	harbor-production.json
SonarQube	-	sonarqube-production.json

By Compliance Framework

Framework	Quick Start	Staging	Production
SOC2	compliance-soc2-quick.json	compliance-soc2-staging.json	compliance-soc2-production.json
HIPAA	compliance-hipaa-quick.json	-	compliance-hipaa-production.json
PCI-DSS	-	-	compliance-pci-dss-production.json

By Environment & Cost

Environment	Template	Cost Estimate
Dev Minimal	dev-minimal.json	~$35/month
Dev Standard	dev-standard.json	~$95/month
Staging SOC2	staging-soc2.json	~$220/month
Production SOC2	production-soc2.json	~$400/month
Production HIPAA	production-hipaa.json	~$550/month
Production PCI-DSS	production-pci-dss.json	~$710/month

---

Documentation

📚 Complete Documentation

Visit the hosted documentation for comprehensive guides and API references.

Quick Links

• Getting Started - Interactive deployment guide
• Application Catalog - All supported applications
• Deployment Context Reference - Configuration options
• Compliance Frameworks - SOC2, HIPAA, PCI-DSS
• Plugin Development - Build custom plugins
• Authentication Setup - SSO and OIDC configuration

Note: The /docs folder in this repository serves as the source for the hosted documentation

---

Project Structure

cloudforge-sample/
├── src/main/java/com/cloudforgeci/samples/
│   ├── app/
│   │   ├── CloudForgeCommunitySample.java    # Main CDK app entry point
│   │   └── InteractiveDeployer.java          # Interactive CLI deployer
│   ├── launchers/
│   │   ├── ApplicationEc2Stack.java          # Universal EC2 deployment stack
│   │   └── ApplicationFargateStack.java      # Universal Fargate deployment stack
│   └── plugins/
│       ├── application/
│       │   └── SonarQubeApplicationSpec.java # Example application plugin
│       └── compliance/
│           └── CustomSecurityPolicyRules.java # Example compliance plugin
├── docs/
│   ├── applications/      # Application catalog and specs
│   ├── compliance/        # Compliance framework documentation
│   ├── databases/         # Database deployment guides
│   ├── deployment-contexts/ # Ready-to-use JSON templates
│   ├── guides/            # Implementation guides
│   ├── plugins/           # Plugin development documentation
│   └── setup/             # Initial setup guides
└── src/main/resources/META-INF/services/
    ├── com.cloudforge.core.interfaces.ApplicationSpec
    └── com.cloudforge.core.interfaces.FrameworkRules

---

Plugin System

CloudForge uses Java's ServiceLoader for plugin discovery, enabling extensibility without modifying core code.

• Application Plugins - Define custom applications by implementing ApplicationSpec
• Compliance Plugins - Add custom compliance rules via FrameworkRules

Example plugins are included in src/main/java/com/cloudforgeci/samples/plugins/.

📖 Plugin Development Guide

---

Authentication Options

CloudForge supports multiple authentication modes:

• none - Application-native authentication (development)
• alb-oidc - ALB-level OIDC authentication
• application-oidc - Application-level OIDC with group/role mapping

Supports Amazon Cognito, AWS IAM Identity Center, and external OIDC providers (Okta, Auth0, Azure AD).

📖 Authentication Setup Guide

---

Compliance Frameworks

CloudForge provides automated compliance enforcement for:

• SOC2 - Access control, encryption, audit logging
• PCI-DSS - Cardholder data protection, network security
• HIPAA - PHI encryption, audit trails, access controls
• GDPR - Data protection, consent management

Automated controls include S3 lifecycle management, IAM policy enforcement, CloudTrail audit logging, AWS Config monitoring, and encryption at rest.

📖 Compliance Framework Guide

---

Free vs Enterprise

CloudForge comes in two editions:

Free Edition

• Fully open, with no restrictions
• Use in personal, enterprise, or commercial projects at no cost
• Includes core features: EC2/Fargate deploys, ALB, Domain/Subdomain, SSL, Multi-AZ

Enterprise Edition

Adds advanced features for production workloads:

• Web Application Firewall (WAF)
• Private Endpoints (ECR, S3, CloudWatch)
• Single Sign-On (SSO with ALB IdP + application integration)
• Automated Backups
• Advanced Monitoring
• Commercial support & feature roadmap

Veteran-Owned Businesses

Eligible to receive Enterprise Edition features free of charge. Our way of honoring and supporting those who've served.

---

Support

• Documentation: https://cloudforgeci.github.io/cfc-core/documentation/
• Issues: GitHub Issues

---

License

Apache 2.0 - See LICENSE for details.