Skip to main content

Anvil — secure-by-default cloud infrastructure components

Project description

anvil-cloud

Cloud infrastructure that's secure by default — not by accident.

Anvil wraps raw cloud resources into opinionated, production-ready components. No boilerplate. No copy-pasting security configs. Just declare what you need.

Built on Pulumi.

Install

pip install anvil-cloud

Secure by default

Every Anvil component ships with defaults aligned to production from day one — public access blocked, encryption enforced, cost tags applied. The goal isn't to make compliance automatic, but to make it a platform you can actually build on.

The App class

Every Anvil program starts with anvil.App(). The run callback receives a Context with:

  • ctx.stage — current deployment stage (defaults to your OS username for dev isolation)
  • ctx.project — project name from anvil.yaml
  • ctx.export(name, value) — export stack outputs
  • ctx.providers — named cloud providers for multi-region / multi-account

Grants

Grants are how Anvil wires permissions between resources. Instead of writing IAM policies by hand, you call .grant() on a resource and Anvil handles both the IAM role policy and the environment variable injection automatically.

A Lambda reading from a Bucket:

import anvil_cloud as anvil

def infra(ctx: anvil.Context):
    bucket = anvil.aws.Bucket("uploads",
        data_classification="sensitive",
    )

    fn = anvil.aws.Lambda("processor",
        runtime="nodejs20.x",
        handler="index.handler",
        code="./src",
    )

    # Grants the Lambda read access to the bucket and scopes down to specific bucket paths.
    # Anvil creates the IAM policy and injects UPLOADS_BUCKET_NAME
    # into the Lambda's environment automatically.
    bucket.grant(fn, actions=["read"], path=["user/*"])

anvil.App(run=infra)

What Anvil does under the hood:

  • Creates an IAM RolePolicy scoped to the exact actions requested
  • Injects the resource identifier as an environment variable on the target (e.g. UPLOADS_BUCKET_NAME)
  • No manual ARN wiring, no forgotten permissions

SvelteKit deployment

Deploy a SvelteKit app to AWS with a single component. Anvil provisions S3, CloudFront, ACM, Lambda (via Lambda Web Adapter), and Route53 — with HTTPS and a custom domain out of the box:

import anvil_cloud as anvil

def infra(ctx: anvil.Context):
    site = anvil.aws.SvelteKitSite("web",
        domain="myapp.com",
    )
    ctx.export("url", site.url)

anvil.App(run=infra)

Overrides

Every component accepts a transform argument to override the underlying resource config when you need to break from the defaults:

bucket = anvil.aws.Bucket("custom",
    data_classification="non-sensitive",
    transform=anvil.aws.BucketTransformArgsArgs(
        overrides=anvil.aws.BucketOverridesArgs(
            force_destroy=True,
            tags={"env": "dev"},
        ),
    ),
)

Requirements

  • Python >= 3.8
  • Pulumi >= 3.0.0
  • Anvil CLI: curl -fsSL https://raw.githubusercontent.com/DamienPace15/anvil/master/install.sh | sh

Links

License

Apache-2.0

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

anvil_cloud-0.0.16.tar.gz (96.9 kB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

anvil_cloud-0.0.16-py3-none-any.whl (118.3 kB view details)

Uploaded Python 3

File details

Details for the file anvil_cloud-0.0.16.tar.gz.

File metadata

  • Download URL: anvil_cloud-0.0.16.tar.gz
  • Upload date:
  • Size: 96.9 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/6.2.0 CPython/3.14.3

File hashes

Hashes for anvil_cloud-0.0.16.tar.gz
Algorithm Hash digest
SHA256 166b0874203ba7aabc2ad556be5309b6d450daeb1e7c5d23b887bbeb4eec512a
MD5 095017883baf48731289d6741960d250
BLAKE2b-256 623d288e33af4b3951c546d1c9a21a7ba584b8b53b9c94bdec05723a6fb5d9c6

See more details on using hashes here.

File details

Details for the file anvil_cloud-0.0.16-py3-none-any.whl.

File metadata

  • Download URL: anvil_cloud-0.0.16-py3-none-any.whl
  • Upload date:
  • Size: 118.3 kB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/6.2.0 CPython/3.14.3

File hashes

Hashes for anvil_cloud-0.0.16-py3-none-any.whl
Algorithm Hash digest
SHA256 8fe4e05f57d0e91c4b3ea1a4201fa980707c489ba8f9371fecf371748332ce92
MD5 60aa95a098eae27ce17c4e497546ebde
BLAKE2b-256 eca68a5e27c351d3e4d0acee960366d64bc138eb3baa50627cdc934c297f3f21

See more details on using hashes here.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page