Pro
Enterprise SaaS · 6 tools

The Enterprise SaaS Stack

A stack tuned for a funded team selling B2B, where closing deals depends on SSO, billing depth, and a security posture procurement will sign off on. The deliberate opposite of an MVP stack: more control, less managed convenience.

Published · For: Funded teams, Platform engineers, B2B SaaS
The stack
  1. 01
    NE
    App framework

    Next.js

    Meta Frameworks

    One framework for the app and the API, with server components keeping secrets server-side. The large ecosystem and hiring pool matter more as the team grows.

  2. 02
    AM
    Cloud and infrastructure

    Amazon Web Services

    Hosting

    The hyperscaler enterprise procurement expects, with the broadest managed-service catalog, every major compliance certification, and the regions and SLAs large contracts demand.

  3. 03
    PO
    Database

    PostgreSQL

    Databases

    Run on a managed service like RDS or Aurora and you keep the operational levers a platform team expects, on a database that stays mature and predictable at scale.

  4. 04
    WO
    Auth and SSO

    WorkOS

    Auth

    SAML, SCIM, and directory sync are the features enterprise buyers gate deals on. WorkOS ships them without a multi-quarter in-house build.

  5. 05
    ST
    Payments

    Stripe

    Payments

    At scale, Stripe's lower per-transaction fees and depth in invoicing, usage billing, and tax outweigh the convenience of a merchant of record.

  6. 06
    CL
    Edge and security

    Cloudflare

    Hosting

    Sits in front of the app as CDN, WAF, and DDoS protection. The security layer procurement reviews ask about by name, complementing the cloud rather than replacing it.

Why this combo

This is the deliberate opposite of an MVP stack. The picks optimize for closing enterprise deals rather than for speed. AWS is the foundation because it is the cloud large-org procurement already trusts: the compliance certifications, regions, and managed-service breadth that gate enterprise contracts. WorkOS unblocks the SSO and SCIM requirements those contracts demand, Stripe absorbs the billing complexity they bring, and Cloudflare sits in front as the CDN, WAF, and DDoS layer every security review asks about. Postgres runs managed on the same cloud, and Next.js stays because ecosystem depth and hiring pool count for more as headcount climbs.

This stack assumes you have revenue, a team, and customers whose security teams will read your architecture before signing. It trades the speed and low fixed cost of a managed MVP stack for control, depth, and the specific features that unblock enterprise contracts.

What this costs to run

This is not free-tier territory, and it should not be. AWS billed on usage, WorkOS pricing keyed to enterprise connections, and Cloudflare’s business features all assume a business behind them. The trade is intentional: each line item maps to revenue it protects or unlocks. WorkOS pays for itself the first time SSO is the checkbox that closes a six-figure deal, and AWS Savings Plans or Reserved Instances bring the compute bill down sharply once usage is steady enough to commit.

What to swap when you scale

  • Database load: read replicas, partitioning, and connection pooling are levers a managed Postgres on RDS or Aurora exposes without you operating the cluster by hand.
  • Compliance scope: WorkOS covers SSO and directory sync; audit logging and fine-grained authorization are the next layer to add as enterprise requirements deepen.
  • Edge logic: Cloudflare Workers can take on rate limiting, bot management, and request shaping as traffic and abuse both grow.

Where it is not the right call

If you are pre-revenue or a solo founder, this stack is overbuilt and will slow you down. The whole point of an MVP stack is to defer exactly the operational weight this one takes on deliberately. Reach for this when enterprise buyers are gating deals on capabilities you do not yet have, not before.

esc