SECURITY BY DEFAULT

Spinup

Multi-cloud VM provisioning CLI with automatic security hardening

Deploy hardened VMs to AWS, Azure, GCP, and DigitalOcean with a single command. Your IP is automatically whitelisted for SSH access.

$ dotnet tool install --global Noundry.Spinup

Cloud Providers

Security Features

Command to Deploy

Config Required

Security Hardening by Default

Every VM provisioned with Spinup is automatically hardened with industry best practices. Your IP address is automatically detected and whitelisted for SSH access.

What Gets Applied Automatically

Auto Updates

Unattended security patches

SSH Hardening

No root, key-only auth

UFW Firewall

Default deny + your IP whitelisted

Fail2ban

Auto-ban brute force IPs

Kernel Hardening

IP spoofing, SYN flood protection

IP Whitelisting

Your IP auto-detected & allowed

Deploy to Any Major Cloud

☁️

AWS

EC2 instances with security groups

t2, t3, m5 instances

🔷

Azure

VMs with NSG and VNet

Standard_B, Standard_D series

🌐

Google Cloud

Compute Engine with firewall rules

e2, n1 machine types

🐳

DigitalOcean

Droplets with cloud firewall

s-1vcpu, s-2vcpu droplets

Quick Start

1. Install Spinup

# Install as .NET global tool

$ dotnet tool install --global Noundry.Spinup

# Verify installation

$ spinup validate

2. Configure Cloud Credentials

# AWS

$ aws configure

# Azure

$ az login

# GCP

$ gcloud auth application-default login

# DigitalOcean

$ export DIGITALOCEAN_TOKEN=your-token

3. Provision a Hardened VM

# Interactive mode (wizard)

$ spinup provision

# Or specify all options

$ spinup provision --cloud aws --region us-east-1 \

--resource vm --name my-server --instance-type t3.medium

Your public IP will be automatically detected and whitelisted for SSH access.

Security Levels

Choose the right level of hardening for your use case

Feature	Minimal	Default	Maximum
Auto Updates	✓	✓	✓
Disable Root SSH	✓	✓	✓
Key-Only SSH Auth	-	✓	✓
UFW Firewall + IP Whitelist	✓	✓	✓
Fail2ban	-	✓	✓
Kernel Hardening	-	✓	✓
Remove Unnecessary Packages	-	-	✓
Disable IPv6	-	-	✓

# Use different security levels

$ spinup provision --cloud aws --resource vm --name dev-server --security-level minimal

$ spinup provision --cloud aws --resource vm --name prod-server --security-level maximum

# Custom SSH port

$ spinup provision --cloud aws --resource vm --name secure-server --ssh-port 2222

Commands

`spinup provision`

Provision a new VM, network, or load balancer.

# Interactive wizard

$ spinup provision

# Full CLI options

$ spinup provision --cloud aws --region us-east-1 --resource vm \

--name web-server --instance-type t3.medium --auto-approve

Options: --cloud, --region, --resource, --name, --instance-type, --security-level, --ssh-port, --skip-security, --auto-approve

`spinup list`

List all provisioned resources.

$ spinup list

`spinup destroy`

Destroy a provisioned resource.

$ spinup destroy --name web-server

# Auto-approve destruction

$ spinup destroy --name web-server --auto-approve

`spinup validate`

Check prerequisites and validate cloud credentials.

$ spinup validate

Complete Workflow

Provision, connect, verify security, and clean up:

# 1. Validate setup

$ spinup validate

# 2. Provision a hardened VM (your IP auto-whitelisted)

$ spinup provision --cloud aws --region us-east-1 \

--resource vm --name prod-server --instance-type t3.medium -y

# 3. Connect via SSH (command provided in output)

$ ssh -i prod-server_ssh_key.pem ubuntu@54.123.45.67

# 4. Verify security hardening on the VM

$ cat /var/log/spinup-security.log

$ sudo ufw status verbose

$ sudo fail2ban-client status sshd

# 5. List all resources

$ spinup list

# 6. Clean up when done

$ spinup destroy --name prod-server -y

What You See

Clear, informative output showing exactly what security measures are applied

Terminal

Detecting your public IP address for SSH whitelist...

Detected IP: 203.0.113.45

Your IP will be whitelisted for SSH access.

┌─────────────────────────────────────────────────────────┐

│ Security Hardening Settings │

└─────────────────────────────────────────────────────────┘

[✓] Automatic Security Updates: Enabled

→ Critical security patches applied automatically

[✓] Root SSH Login Disabled: Enabled

→ Direct root access via SSH is blocked

[✓] SSH Password Auth Disabled: Enabled

→ Only SSH key authentication allowed

[✓] UFW Firewall: Enabled

→ Default deny, SSH on port 22 (your IP 203.0.113.45 whitelisted)

[✓] Fail2Ban: Enabled

→ IPs with failed logins automatically banned

[✓] Kernel Hardening: Enabled

→ IP spoofing, SYN flood protections enabled

Resource Types

🖥️

Virtual Machines

Security-hardened VMs with SSH key auth and firewall

--resource vm

🔗

Networks

VPCs/VNets with subnets and route tables

--resource network

⚖️

Load Balancers

Application load balancers with health checks

--resource loadbalancer

Why Spinup?

🔒 Security First

Every VM is hardened automatically. No security expertise required. Your IP is detected and whitelisted so you're never locked out.

☁️ Cloud Agnostic

Same CLI, same workflow across AWS, Azure, GCP, and DigitalOcean. Switch clouds without changing your process.

⚡ Terraform Powered

Built on Terraform for reliable, reproducible infrastructure. All configurations stored in ~/.spinup for transparency.

🎯 Zero Config

Interactive wizard or full CLI mode. No YAML files to write. Just install, configure cloud credentials, and go.

Spinup

Security Hardening by Default

What Gets Applied Automatically

Deploy to Any Major Cloud

AWS

Azure

Google Cloud

DigitalOcean

Quick Start

1. Install Spinup

2. Configure Cloud Credentials

3. Provision a Hardened VM

Security Levels

Commands

spinup provision

spinup list

spinup destroy

spinup validate

Complete Workflow

What You See

Resource Types

Virtual Machines

Networks

Load Balancers

Why Spinup?

🔒 Security First

☁️ Cloud Agnostic

⚡ Terraform Powered

🎯 Zero Config

Ready to Deploy Secure VMs?

`spinup provision`

`spinup list`

`spinup destroy`

`spinup validate`