Noundry.Spinup 1.2.0

.NET 8.0 This package targets .NET 8.0. The package is compatible with this framework or higher. 
dotnet tool install --global Noundry.Spinup --version 1.2.0
This package contains a .NET tool you can call from the shell/command line. 
dotnet new tool-manifest
                    


                            if you are setting up this repo
                        

                    

                
dotnet tool install --local Noundry.Spinup --version 1.2.0
This package contains a .NET tool you can call from the shell/command line. 
#tool dotnet:?package=Noundry.Spinup&version=1.2.0
                    


                    

                
nuke :add-package Noundry.Spinup --version 1.2.0

Noundry.Spinup

A simple, cross-platform .NET CLI tool for provisioning cloud infrastructure (VMs, Networks, and Load Balancers) across AWS, Azure, GCP, and Digital Ocean using Terraform.

Features

  • Multi-Cloud Support: Provision resources on AWS, Azure, GCP, and Digital Ocean
  • Three Resource Types: VM, Network, and Load Balancer
  • Stack Deployments: Deploy complete application stacks with a single command
  • Security Hardening by Default: VMs are automatically hardened with industry best practices
  • Two Usage Modes:
    • Interactive wizard with beautiful TUI
    • Direct CLI arguments for automation
  • Terraform-Powered: Uses Terraform under the hood for reliable infrastructure provisioning
  • Simple State Management: Each resource gets its own workspace in ~/.spinup/

Prerequisites

  • .NET 8.0 or later
  • Terraform 1.0.0 or later (must be in PATH)
  • Cloud provider credentials (see Authentication section)

Installation

From NuGet (when published)

dotnet tool install -g Noundry.Spinup

From Source

git clone <repository-url>
cd Spinup
dotnet pack src/Noundry.Spinup.Cli/Noundry.Spinup.Cli.csproj
dotnet tool install -g --add-source ./src/Noundry.Spinup.Cli/bin/Release Noundry.Spinup

Quick Start

# Validate prerequisites
spinup validate

# Provision a VM interactively
spinup provision

# List all resources
spinup list

# Destroy a specific resource
spinup destroy --name my-vm

Stack Deployments

Spinup can deploy complete application stacks with a single command using built-in templates.

Stack Templates

Size VMs Network Load Balancer Description
small 2 No No 1 web + 1 database
medium 3 Yes No 2 web + 1 database
large 4 Yes Yes 3 web + 1 data (db+cache)
xl 7 Yes Yes 4 web + 2 database + 1 cache

Stack Commands

# View available templates
spinup stack templates

# Create a stack from a template
spinup stack create --template large --cloud aws --region us-east-1 --name myapp -y

# List all stacks
spinup stack list

# Destroy a stack (destroys all resources)
spinup stack destroy --name myapp -y

Quick Examples - All Clouds

# AWS - Large stack (3 web + 1 data + network + load balancer)
spinup stack create --template large --cloud aws --region us-east-1 --name myapp -y

# Azure - Medium stack (2 web + 1 db + network)
spinup stack create --template medium --cloud azure --region eastus --name myapp -y

# GCP - XL stack (4 web + 2 db + 1 cache + network + load balancer)
spinup stack create --template xl --cloud gcp --region us-central1 --name myapp -y

# DigitalOcean - Small stack (1 web + 1 db)
spinup stack create --template small --cloud digitalocean --region nyc3 --name myapp -y

Custom Stack Definition

Create a JSON file for custom stacks:

{
  "name": "myapp",
  "description": "Custom application stack",
  "cloud": "aws",
  "region": "us-east-1",
  "securityLevel": "default",
  "sshPort": 22,
  "resources": [
    {
      "type": "network",
      "name": "network",
      "cidr": "10.0.0.0/16"
    },
    {
      "type": "loadbalancer",
      "name": "lb",
      "port": 80
    },
    {
      "type": "vm",
      "name": "web",
      "count": 3,
      "instanceType": "t3.small",
      "role": "web"
    },
    {
      "type": "vm",
      "name": "db",
      "count": 1,
      "instanceType": "t3.large",
      "role": "database"
    }
  ]
}

# Deploy custom stack
spinup stack create --file mystack.json -y

Security Hardening (Enabled by Default)

Spinup automatically applies comprehensive security hardening to all provisioned VMs. Your current IP address is automatically detected and whitelisted for SSH access.

What Gets Applied

Security Feature Description
Auto Updates Unattended-upgrades configured for automatic security patches
SSH Hardening Root login disabled, password auth disabled, key-only authentication
UFW Firewall Default deny incoming, only SSH allowed, your IP whitelisted
Fail2ban Automatic IP banning after 3 failed SSH attempts
Kernel Hardening IP spoofing protection, SYN flood protection, ICMP attack mitigation

Security Options

# Default security (recommended)
spinup provision --cloud aws --region us-east-1 --resource vm --name my-server -y

# Maximum security
spinup provision --cloud aws --region us-east-1 --resource vm --name my-server --security-level maximum -y

# Minimal security (basic hardening)
spinup provision --cloud aws --region us-east-1 --resource vm --name my-server --security-level minimal -y

# Skip security hardening (not recommended)
spinup provision --cloud aws --region us-east-1 --resource vm --name my-server --skip-security -y

# Custom SSH port
spinup provision --cloud aws --region us-east-1 --resource vm --name my-server --ssh-port 2222 -y

Security Levels

Feature Minimal Default Maximum
Auto Updates
Disable Root SSH
Key-Only Auth -
UFW Firewall + IP Whitelist
Fail2ban -
Kernel Hardening -
Remove Unnecessary Packages - -
Disable IPv6 - -

Commands

spinup provision

Provision a single resource.

spinup provision --cloud aws --region us-east-1 --resource vm --name my-server --size t3.medium -y
spinup provision --cloud azure --region eastus --resource network --name my-network --cidr 10.0.0.0/16 -y
spinup provision --cloud gcp --region us-central1 --resource loadbalancer --name my-lb --port 80 -y

spinup stack create

Deploy a complete application stack.

spinup stack create --template large --cloud aws --region us-east-1 --name myapp -y
spinup stack create --file mystack.json -y

spinup list

List all provisioned resources.

spinup stack list

List all deployed stacks.

spinup destroy

Destroy a single resource.

spinup destroy --name my-server -y

spinup stack destroy

Destroy a complete stack (all resources).

spinup stack destroy --name myapp -y

spinup validate

Check prerequisites and validate cloud provider credentials.

Authentication

AWS

export AWS_ACCESS_KEY_ID=your-access-key
export AWS_SECRET_ACCESS_KEY=your-secret-key

Or use ~/.aws/credentials file or aws configure.

Azure

export ARM_CLIENT_ID=your-client-id
export ARM_CLIENT_SECRET=your-client-secret
export ARM_SUBSCRIPTION_ID=your-subscription-id
export ARM_TENANT_ID=your-tenant-id

Or use az login.

GCP

export GOOGLE_APPLICATION_CREDENTIALS=/path/to/service-account.json
export GOOGLE_CLOUD_PROJECT=your-project-id

Or use gcloud auth application-default login.

DigitalOcean

export DIGITALOCEAN_TOKEN=your-api-token

Supported Regions

AWS

us-east-1, us-east-2, us-west-1, us-west-2, eu-west-1, eu-central-1, ap-south-1, ap-southeast-1

Azure

eastus, eastus2, westus, westus2, centralus, northeurope, westeurope, southeastasia

GCP

us-central1, us-east1, us-west1, europe-west1, europe-west2, asia-east1, asia-southeast1

DigitalOcean

nyc1, nyc3, sfo3, ams3, sgp1, lon1, fra1

Post-Deployment

After stack creation, SSH into VMs to install your software:

PostgreSQL (Database VM):

ssh -i ~/.spinup/workspaces/myapp-db/myapp-db_ssh_key.pem ubuntu@<db-ip>
sudo apt update && sudo apt install -y postgresql postgresql-contrib

Redis (Cache VM):

ssh -i ~/.spinup/workspaces/myapp-cache/myapp-cache_ssh_key.pem ubuntu@<cache-ip>
sudo apt update && sudo apt install -y redis-server

Node.js (Web VM):

ssh -i ~/.spinup/workspaces/myapp-web-1/myapp-web-1_ssh_key.pem ubuntu@<web-ip>
curl -fsSL https://deb.nodesource.com/setup_20.x | sudo -E bash -
sudo apt-get install -y nodejs

Troubleshooting

Terraform not found:

Credentials not found:

  • Run spinup validate to check credential status
  • Follow the authentication instructions for your cloud provider

Resource already exists:

  • Use a different name or destroy the existing resource first

Permission denied:

  • Ensure your cloud provider credentials have sufficient permissions

License

MIT License

Product Compatible and additional computed target framework versions.
.NET net8.0 is compatible.  net8.0-android was computed.  net8.0-browser was computed.  net8.0-ios was computed.  net8.0-maccatalyst was computed.  net8.0-macos was computed.  net8.0-tvos was computed.  net8.0-windows was computed.  net9.0 was computed.  net9.0-android was computed.  net9.0-browser was computed.  net9.0-ios was computed.  net9.0-maccatalyst was computed.  net9.0-macos was computed.  net9.0-tvos was computed.  net9.0-windows was computed.  net10.0 was computed.  net10.0-android was computed.  net10.0-browser was computed.  net10.0-ios was computed.  net10.0-maccatalyst was computed.  net10.0-macos was computed.  net10.0-tvos was computed.  net10.0-windows was computed. 
Compatible target framework(s)
Included target framework(s) (in package)
Learn more about Target Frameworks and .NET Standard.

This package has no dependencies.

Version Downloads Last Updated
1.2.0 106 3/4/2026