We don't have a dedicated DevOps or infrastructure person (small team of 4 engineers) so taking on the complexity and risk with lower-level AWS concerns me (especially considering our SaaS is mission critical for customers). The standard Heroku offering doesn't offer the security features necessary for SOC 2. AWS options would save a ton of $$ and allow us to hit all the security needs, but would require so much engineering bandwidth to set up and manage.
Heroku has their enterprise offering which meets our security needs. I'm curious what others' experience with Heroku Enterprise has been. Has it been worth the increased costs compared to cheaper infrastructure options? Would you do things differently? Have you switched from Heroku to AWS options — what has your experience been with that?
You might want to check us out: https://www.aptible.com/ . We built Aptible as an alternative to Heroku for startups that have more demanding requirements around security, compliance, reliability and scalability. Most of our customers look like yours: fast-growing startups who don't want to dedicate engineering resources to infrastructure.
Features required or useful for SOC 2 (like dedicated networking/load balancing/compute, SAML, granular RBAC) are core parts of the platform. Additional features like host/network IDS, vulnerability scanning and compliance dashboards/reporting are also available, at a much lower price than Heroku Enterprise.
Feel free to shoot me a note: jason at mantle dot systems
I did hit a snag with RDS - but found a helpful consultant who helped me for a few hours. He made good money and now we have a guy who can jump in and provide a direction when things get too complicated.
Costs are down dramatically and we are SOC 2 certified now. No regrets.
Enterprise Heroku would have paid the salary of a decent devops person.
If you can afford it and pass the costs on to customers, that’s great.
Have you looked into Dokku?