A comprehensive, production-ready monorepo template for building and deploying scalable SaaS applications on AWS. This template follows best practices for maintainable, type-safe, and efficient development workflows.
This monorepo is structured to support multiple applications and services while sharing common code, configurations, and infrastructure definitions. It provides a robust foundation for building complex serverless applications with a focus on developer experience and code quality.
├── apps/ # Application directories
│ ├── web/ # Next.js web application
│ └── docs/ # Documentation site
├── packages/ # Shared packages and utilities
│ ├── core/ # Core business logic and types
│ └── ui/ # Shared UI components
└── infra/ # Infrastructure as Code (SST)
- SST: Infrastructure as Code for AWS with superior developer experience
- Next.js 14: React framework with App Router and server components
- DynamoDB: Serverless NoSQL database
- S3: Object storage for public and private assets
- SES: Transactional email service
- TypeScript: End-to-end type safety
- tRPC: Type-safe API communication
- Zod: Runtime schema validation with static types
- Mantine: Modern React component library
- React Email: Email template system
- Nextra: Documentation framework
- Stripe: Payment processing and subscription management
- PostHog: Product analytics and feature flags
- Auth.js: Authentication with Magic Links and OAuth
- Clone the repository
git clone https://github.com/yourusername/serverless-monorepo-template.git- Install dependencies
pnpm install- Set up your environment variables
cp .env.example .env.local- Start the development environment
pnpm dev- Functional programming approach
- Type-safe development
- Modular and maintainable code
- Comprehensive testing strategy
pnpm dev: Start development environmentpnpm test: Run test suitepnpm build: Build all applicationspnpm deploy: Deploy to AWS
- Strict TypeScript configuration
- Comprehensive error handling
- Input validation and sanitization
- Secure authentication flows
- AWS best practices implementation
SST provides a built-in secrets manager that allows you to securely store and access sensitive information. Secrets are encrypted and stored in your AWS account using AWS SSM Parameter Store.
# Set a secret
pnpm sst secrets set STRIPE_SECRET_KEY sk_test_xxx
# Remove a secret
pnpm sst secrets remove STRIPE_SECRET_KEY
# List all secrets
pnpm sst secrets listYou can load all secrets for a specific stage at once using the SST CLI:
# Load secrets for development stage
npx sst secrets load .env.development
# Load secrets for production stage
npx sst secrets load .env --stage production
# Load secrets for any custom stage
npx sst secrets load .env.{YOUR_STAGE_NAME}The project uses a hierarchical approach to environment variables:
├── .env.example # Template for required environment variables
├── .env.local # Local development overrides (git-ignored)
├── .env.development # Development stage variables (git-ignored)
└── .env.production # Production stage variables (git-ignored)
- All environment variables are managed through the
infra/secrets.tsfile - Never add
.envfiles to individual packages - Access secrets in your Next.js apps:
// Server-side import { Resource } from "sst"; const mySecret = Resource.MySecret.value; // Client-side (prefix with NEXT_PUBLIC_) const publicValue = process.env.NEXT_PUBLIC_SOME_VALUE;
- AWS Credentials: AWS access keys and region configuration
- Authentication: Auth.js secret and OAuth provider credentials
- Payment Processing: Stripe public and secret keys
- Analytics: PostHog API keys
- Email Service: AWS SES credentials
- Database: DynamoDB access configurations
- Never commit secrets to version control
- Use different secrets for development and production
- Rotate secrets regularly
- Follow the principle of least privilege
- Use SST's built-in secrets management for AWS deployments
- Centralize all secret management in the
infra/directory - Prefix client-side variables with
NEXT_PUBLIC_in infrastructure code
- Node.js 18 or higher
- AWS CLI installed and configured
- pnpm installed globally (
npm install -g pnpm) - AWS IAM user with appropriate permissions (see AWS Setup section)
- Start the development environment:
pnpm devThis will:
- Start SST in development mode
- Launch the Next.js development server
- Set up local API endpoints
- Configure live Lambda function development
- Live Lambda reloading
- Local API Gateway
- Local DynamoDB for testing
- Automatic environment variable loading
- Hot module replacement for frontend
- AWS account with appropriate permissions
- Domain name (if using custom domains)
- Production environment variables configured
- Load production secrets:
npx sst secrets load .env.production --stage production- Deploy to production:
pnpm deploy --stage production- Automatic SSL certificate provisioning
- CDN distribution for static assets
- Database backups
- Logging and monitoring setup
- Error tracking integration
development: For development teamstaging: For QA and testingproduction: For live environment
Your AWS IAM user/role needs permissions for:
- Lambda
- API Gateway
- DynamoDB
- S3
- CloudFormation
- CloudWatch
- IAM
- SSM (for secrets)
- Route53 (for custom domains)
- Certificate Manager (for SSL)
Create an IAM user with:
AdministratorAccess(for initial setup)- Or use this minimal policy set:
{ "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "cloudformation:*", "lambda:*", "apigateway:*", "dynamodb:*", "s3:*", "iam:*", "ssm:*", "route53:*", "acm:*", "cloudwatch:*", "ses:*" ], "Resource": "*" } ] }
- Create an AWS account
- Install AWS CLI
- Configure AWS credentials:
aws configure- Use separate AWS accounts for development and production
- Follow the principle of least privilege
- Enable MFA for all IAM users
- Regularly rotate access keys
- Use AWS Organizations for account management
- Enable CloudTrail for audit logging