Hacker Newsnew | past | comments | ask | show | jobs | submitlogin
Ask HN: Are you using Heroku Enterprise in production?
3 points by seancoleman on July 21, 2023 | hide | past | favorite | 4 comments
I'm working with a small, fast-growing SaaS startup running a Rails app on Heroku. Our dyno usage/spend is accelerating ($3k+ per month) plus we're looking at getting SOC 2 compliant this year, so we're evaluating a move to AWS (Elastic Beanstalk or ECS).

We don't have a dedicated DevOps or infrastructure person (small team of 4 engineers) so taking on the complexity and risk with lower-level AWS concerns me (especially considering our SaaS is mission critical for customers). The standard Heroku offering doesn't offer the security features necessary for SOC 2. AWS options would save a ton of $$ and allow us to hit all the security needs, but would require so much engineering bandwidth to set up and manage.

Heroku has their enterprise offering which meets our security needs. I'm curious what others' experience with Heroku Enterprise has been. Has it been worth the increased costs compared to cheaper infrastructure options? Would you do things differently? Have you switched from Heroku to AWS options — what has your experience been with that?



(Disclaimer: I'm the founder of Aptible)

You might want to check us out: https://www.aptible.com/ . We built Aptible as an alternative to Heroku for startups that have more demanding requirements around security, compliance, reliability and scalability. Most of our customers look like yours: fast-growing startups who don't want to dedicate engineering resources to infrastructure.

Features required or useful for SOC 2 (like dedicated networking/load balancing/compute, SAML, granular RBAC) are core parts of the platform. Additional features like host/network IDS, vulnerability scanning and compliance dashboards/reporting are also available, at a much lower price than Heroku Enterprise.


We were in the same situation as you with our startup. Heroku was killing us. Just bite bullet and go to AWS. It's not bad at all.

I did hit a snag with RDS - but found a helpful consultant who helped me for a few hours. He made good money and now we have a guy who can jump in and provide a direction when things get too complicated.

Costs are down dramatically and we are SOC 2 certified now. No regrets.


I've been on this journey many times with startups to large enterprises. In my experience going all in on a cloud provider of your choosing provides the best long term outcome. While IaC brings some complexity you can recreate a heroku like experience using AWS primitives fairly quickly.

Feel free to shoot me a note: jason at mantle dot systems


It was way too expensive last I checked. We needed SOC 2 for HIPAA audits, so we stuck with dedicated AWS instances.

Enterprise Heroku would have paid the salary of a decent devops person.

If you can afford it and pass the costs on to customers, that’s great.

Have you looked into Dokku?




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: