reference deployment

Superwerker on AWS

Automates AWS Cloud deployments backed by decades of expertise and best practices

This Partner Solution is for organizations who want to get started with the Amazon Web Services (AWS) Cloud without investing in consultants or devoting time to extensive research. Superwerker is a free, open-source product that you can deploy to an AWS Cloud environment following best practices for security and efficiency so you can focus on your core business. For more information, refer to Superwerker.

superwerker logo

This Partner Solution was developed by Kreuzwerker GmbH and Superluminar GmbH in collaboration with AWS. Both Kreuzwerker and Superluminar are Advanced AWS Partners.  

  •  What you'll build
  • The Partner Solution automates the configuration of the following AWS services and features:

    • AWS Control Tower for setting up and governing a secure, multi-account AWS environment.
    • AWS Single Sign-On (AWS SSO) for managing access to multiple AWS accounts and business applications with a single login.
    • Amazon GuardDuty for monitoring and protecting your AWS accounts, workloads, and data against malicious activity, threats, and breaches.
    • AWS Security Hub for aggregating, organizing, and prioritizing your security alerts and findings from AWS services.
    • AWS Backup for centrally managing and automating backups across AWS services.
    • AWS Budgets for configuring cost threshold alarms.
    • Preventative guardrails with service control policies that protect the infrastructure from intentional or unintentional mistakes, such as using restricted AWS Regions, deleting backup copies, and deactivating security features.
    • AWS Systems Manager, including its OpsCenter resource for viewing, investigating, and resolving operational issues.
    • Amazon Simple Email Service (Amazon SES) for providing secure mailboxes and IT service catalog aliases for all root accounts.
    • Amazon CloudWatch dashboard with information and links to resources, such as how to set up your AWS account, how to set up SSO with existing identity providers, and how to access GuardDuty and Security Hub dashboards.
    • Feature flippers for gradually enabling functionality as needed.
  •  How to deploy
  • To deploy Superwerker, follow the instructions in the deployment guide. A standard deployment takes about 1.5 hours. The deployment process includes these steps:

    1. If you don't already have an AWS account, sign up at, and sign in to your account.
    2. Launch the Partner Solution by selecting the template. Be sure to choose the Region from the top toolbar before creating the stack. 
    3. Complete the post-deployment steps in the CloudWatch Superwerker dashboard.

    Amazon may share user-deployment information with the AWS Partner that collaborated with AWS on this solution.  

  •  Costs and licenses
  • Superwerker is a free, open-source solution that operates under an MIT license. For more information, refer to the MIT License in the Superwerker GitHub repository.
    You are responsible for the cost of the AWS services and any third-party licenses used while running this Partner Solution reference deployment. There is no additional cost for using the Partner Solution.

    The AWS CloudFormation templates for this Partner Solution include configuration parameters that you can customize. Some of these settings, such as instance type, affect the cost of deployment. For cost estimates, refer to the pricing pages for each AWS service you use. Prices are subject to change.

    Tip: After you deploy the Partner Solution, enable the AWS Cost and Usage Report to track costs associated with the Partner Solution. This report delivers billing metrics to an Amazon Simple Storage Service (Amazon S3) bucket in your account. It provides cost estimates based on usage throughout each month and aggregates the data at the end of the month. For more information, refer to  What are AWS Cost and Usage Reports?