Skip to content

Early access. Free tier, no credit card.

From template to live on AWS in minutes.

Sign in with GitHub and pick a template. Emergy creates an AWS account just for you and deploys the app from your own repo. Dev and prod URLs, managed from one workspace.

your repo, on your GitHub · a real AWS account per user · OIDC deploys, no static keys

The same timeline streams in your workspace while it runs.

Runs on GitHub Actions Terraform AWS Organizations CloudFront + S3 + Lambda ACM + Route 53 Secrets Manager

Sign up, then what

What happens when you sign up.

Every step below is visible in your workspace as it runs. Nothing happens behind your back.

  1. 01

    Sign in with GitHub

    you

    OAuth only. Nothing to install, no credit card. You land in an empty workspace.

  2. 02

    You get a real AWS account

    Emergy

    Created through AWS Organizations while you watch the job run. It holds your infrastructure and secrets, isolated from every other user.

  3. 03

    Create a repo from a template

    you

    One click opens GitHub's own Use this template page. The repo is created in your GitHub account and stays yours.

  4. 04

    Provisioning starts by itself

    Emergy

    The GitHub App spots the new repo, links it to your workspace, writes the deploy variables, and dispatches the first workflow.

  5. 05

    Actions deploys dev and prod

    your repo

    Terraform, build, deploy. All of it runs in your repo, into your AWS account, and streams back to the workspace.

From then on it is routine: push to deploy, promote any build by SHA, add a domain, set secrets. All of it from the workspace, all of it running in your repo and your account.

Access

What Emergy can touch.

We do not want your data. Emergy never reads your code, never sees your secret values, and never touches your traffic. It gets only what deploying needs, and here is that list in full.

The whole access list

  • One file in your repo

    The GitHub App has a single-file read permission for .emergy-cloud/config.json, the manifest that describes the project. It can read nothing else.

  • Repo variables and environments

    It writes deploy configuration (account id, role, hostnames) as plain repo variables you can read next to your code.

  • GitHub Actions runs

    It dispatches the build, deploy, and infrastructure workflows in your repo, and reads their status.

  • Deployment status and metadata

    Repo names, workflow results, and environment URLs, so the workspace can show you what is live where.

Permanently out of reach

  • Your code

    No content read or write permission, by design. Builds happen in GitHub Actions, inside your own repository.

  • Your secret values

    Secrets live in AWS Secrets Manager in your account. The platform stores key names only, to warn you when one is missing.

  • Static AWS keys

    Deploys assume a scoped IAM role through OIDC at run time. Credentials expire in minutes and never sit in repo secrets.

  • Your traffic

    The deployed app serves from your AWS account behind your CloudFront. Nothing proxies through Emergy.

Templates

Start from a repo that already knows how to ship.

Each template carries its own Terraform and workflows. You can read every line of what will run in your account.

Astro SSR + Supabase auth

Server-rendered Astro with sign in, sign up, and password reset wired to Supabase. Serves behind CloudFront with the SSR function on Lambda and API Gateway. Configuration reaches the app at boot from AWS Secrets Manager.

lambda api gateway cloudfront supabase secrets manager

Astro static site

Plain Astro on S3 behind CloudFront. No server, no database, same pipeline. Good for marketing sites, docs, and anything that builds to files.

s3 cloudfront static
dev + prod pipelines, staging optional build once, promote any SHA to any environment one manifest, .emergy-cloud/config.json, is all Emergy reads

Workspace

One tree, and it is real.

Folders in your workspace are AWS Organizations OUs, one to one. Accounts hold projects, projects hold environments and domains. What you see in the tree is what exists in the cloud.

  • Live status for every job, build, and deploy, streamed as it happens
  • New repos land in an unassigned inbox until you file them
  • ⌘K jumps to any account, project, or environment

Live pipelines

Terraform, build, and deploy steps stream into the project page. No console tab needed to know what is running.

Versions by SHA

Every build is stored by commit. Deploy any of them to any environment; rolling back is deploying an older one.

Domains + certificates

Managed Route 53 zone or your own DNS. ACM certificates requested and validated for you, per environment hostnames wired in.

Write-only secrets

Set keys from the app into Secrets Manager in your account. The platform keeps names, never values.

Plans

Start free. Pay when you outgrow one account.

Tiers change limits, never the pipeline or the access model. Upgrading is one Stripe checkout from the billing page.

Free

For the first project

  • 1 AWS account
  • dev + prod per project
  • All templates, domains, secrets
  • No credit card

Pro

most room

For real workloads

  • 3 AWS accounts
  • dev + staging + prod
  • Everything in Free

Scale

For lots of projects

  • 10 AWS accounts
  • dev + staging + prod
  • Everything in Pro

FAQ

The questions that matter before you connect anything.

Something else on your mind? Sign in and look around; the free tier is the fastest tour.

What happens right after I sign in?

You watch your AWS account being created. It takes a couple of minutes and every step is shown as it runs. When it turns green, you pick a template and create your first repo.

Whose AWS account is it?

A real account, created for you inside Emergy's AWS Organization and used only by you. Your infrastructure, certificates, and secrets live in it, isolated from every other user. You don't bring an AWS bill; usage is part of your plan.

Can Emergy read my code?

No. The GitHub App has a single-file permission for .emergy-cloud/config.json, plus access to Actions, repo variables, environments, and deployment status. It cannot read or write anything else in the repository. Builds run in GitHub Actions inside your own repo.

Where do my secrets live?

In AWS Secrets Manager, in your account, one secret per environment. You set values from the app, the platform never stores or logs them, and the deployed app loads them at boot. The workspace shows key names only.

What exactly gets provisioned?

Terraform in your repo creates the stack: S3 and CloudFront for the static template, plus Lambda and API Gateway for the SSR template. ACM certificates and Route 53 records are added when you attach a domain. An IAM role with an OIDC trust limited to your repo does the deploying.

What does it cost to start?

Nothing. The free tier includes one AWS account and two environments per project, with no credit card. Pro adds more accounts and a staging environment; upgrade from the billing page when you need it.

Can I leave?

Yes, cleanly. The repo already lives in your GitHub account with the Terraform inside it, and you can destroy a project's infrastructure from the app at any time. Nothing in the code depends on Emergy at runtime.

Your first deploy is the tour.

Sign in, watch your AWS account come up, and put a template live. It takes minutes and costs nothing.

early access · free tier · your repo, your account