James's Ramblings

Why should you migrate your SaaS from Heroku to AWS?

Created: November 28, 2022

This article was originally published on The Scale Factory blog here.

Heroku and Amazon Web Services (AWS) are two competing cloud platforms. Each platform can host application code, however, the details and costs of this vary vastly between the two.

Heroku is a form of Platform as a Service(PaaS). In plain English, PaaS means you give the platform some application code (perhaps some business logic) and it takes care of everything else (including scaling).

AWS is a vast offering of over 200 distinct services. While AWS also offers PaaS, for the purposes of this article, we will be focussing on Infrastructure as a Service (IaaS). In plain English, IaaS means you can configure the underlying infrastructure (such as virtual machines) that a platform might run on. In other words, IaaS is less abstracted than PaaS and generally has more knobs to twiddle.

Under the hood, Heroku is actually built on top of AWS; Heroku’s value proposition is making AWS simpler.

Many businesses eventually reach a point where Heroku’s value proposition is not as enticing as it used to be. In the rest of this article, I will discuss why Software as a Service (SaaS) businesses may want to migrate away from Heroku and on to AWS.

Heroku to AWS

Compliance, security, and associated costs

On Heroku, if your business needs to comply with PCI DSS, HIPAA, ISO 27001, or SOC, Heroku Enterprise is required. Enterprise pricing is opaque but the information I could gather suggests it’s at least four figures per month (see here and here) before you have built anything.

SaaS applications hosted on AWS can achieve compliance to PCI DSS, HIPAA, ISO 27001, SOC, and many more standards. The Shared Responsibility Model means that there may be some work required to achieve compliance depending on the services used. Expensive enterprise plans are not required to achieve compliance on AWS. AWS also offers the Artifact service to easily retrieve Compliance Reports and has options to automate compliance at scale.

On the other hand, not all Heroku products are PCI DSS and HIPAA compliant. To achieve PCI DSS and HIPAA compliance, the more expensive “shield” set of products are required. The smallest shield Postgres database on Heroku (Shield 0) costs $350 per month. In comparison, an equivalent database on AWS might only cost $100 per month (see here for instance pricing and here for block storage pricing). Committing to Reserved Instances can knock up to 69% off of that $100.

Heroku may not offer a PCI DSS and HIPAA compliant version of the service you need. For example, more complex SaaS might require Kafka for event streaming or Redis as a fast in-memory caching layer; migration from Heroku or complex (and costly) multi-cloud integrations would be required to meet this requirement. AWS has a vast array of services to meet the requirements of complex SaaS applications – however, some work may be required to achieve compliance.

A private network on Heroku costs $1200 or $3600 /month; the $1200 option is the minimum requirement for ISO 27001 and SOC, whereas the $3600 option is required for PCI DSS and HIPAA.

On AWS, a private network (VPC) is free; there are some charges that largely correlate with network traffic though. The cost of Heroku networks also represents a substantial barrier to developer experience and cycle time, as it is a large disincentive to provide development networks.

If your SaaS business is not yet compliant with a security standard, our CEO, Jon Topper, has some interesting insight on how achieving it can help reduce SaaS sales cycles.

Heroku has also recently had a high-profile security incident where “the actor accessed and exfiltrated data from the database storing usernames and uniquely hashed and salted passwords for customer accounts”. This may make it more difficult to convince risk averse tenants that Heroku is an appropriate platform choice. AWS has a better track record with security; however, AWS security is more complex and getting expert advice is prudent.

Configurability, observability, and flexibility

As a PaaS offering, Heroku abstracts complexity at the cost of configurability and flexibility. SaaS businesses often find the abstraction useful at first as they can avoid employing infrastructure personnel and keep development focussed on value streams.

Businesses using Heroku can hit a point in their lifespan where there is a business case for more configurability. The IaaS offerings on AWS could provide this increased configurability.

For example, Heroku only has simple options for configuring autoscaling (scaling for more demand) based on response time. Response time may not be the limiting factor of your application, necessitating overprovisioning for additional costs. With AWS, there are various methods of configuring autoscaling, including using custom curves and custom metrics. Without aggressive scaling policies, SaaS applications may not be able to meet sudden increases in demand without service degradation.

Databases use sensible generics by default but can be customised to maximise performance for specific use cases. Heroku users lack the ability to fine-tune databases for optimal performance. AWS allows databases to be fine-tuned. Even the most expensive databases on Heroku only allow 500 connections. Databases on AWS can handle many more connections. By default, databases on Heroku are Internet-facing; Internet-facing databases containing sensitive data are a large risk. Private databases on Heroku come at a large premium. Public and private databases on AWS have the same pricing.

AWS also has much more powerful compute instances available, if you need them. For example, compute instances (“Dynos”) on Heroku can only have up to 14 GiB RAM. On AWS, compute instances can have up to 24TiB of RAM.

Compute instances below “Performance-M” on Heroku use shared virtual machines; this is a nonstarter for security and compliance as a malicious actor could use a compromised application on the virtual machine to attack your application. A “Performance-M” compute instance costs $250 / month. All instances on AWS use separate virtual machines; even the cheapest $3 / month machines.

Heroku free tier is ending on the 28th November 2022. While most serious SaaS businesses aren’t running their infrastructure on free tier – it does add cost to the development process. Developers can no longer spin-up free personal environments to test code. AWS has a free tier offering and there is no sign that is going to change.

The limited observability inside Heroku’s infrastructure may make it more difficult for development teams to troubleshoot service issues. The root cause of the service issue could very well be in parts of the stack managed by Heroku, leaving you to contact their support team, and hope for the best. IaaS on AWS provides more observability options, so your development team can troubleshoot more of the stack themselves.

There may come a time when tenants require their own isolated environments. On AWS, isolated compliant environments are already catered for via services such as AWS Organizations and Control Tower. Furthermore, the burden of maintenance can be reduced by automation tools. Achieving a similar level of isolation on Heroku would require multiple accounts; there are also no governance or orchestration mechanisms for managing multiple accounts.

Heroku only offers regions in Dublin, Frankfurt, Oregon, Sydney, Tokyo, and Virginia. At the time of writing, there are 30 AWS regions spread across the world. Applications located in data centres close to your customers will have lower latency, improving the customer experience. Some countries may also mandate that citizen data is held within the country.

Why AWS?

AWS is the global market leader in public cloud and has approximately 33% of the market share. Consequently, there’s continuous heavy investment going into AWS to provide more value to AWS customers. There’s also a plentiful supply of people and companies to hire to manage or improve AWS infrastructure.

AWS is competitive in pricing with other major cloud providers. Smaller/cheaper alternative cloud providers do not offer close to the same feature set and are missing essential features for serious SaaS businesses, such as easy disk encryption.

There’s over 200 distinct services on AWS. AWS may have a cheap or easy solution to problems that you don’t know you have yet.

Heroku is using AWS under the hood. By using Heroku you’re being charged a premium on top of what AWS is charging. When a SaaS business is small and the abstraction provided by Heroku has few disadvantages, this makes sense. When a business has scaled to the extent that they can or need to employ dedicated infrastructure personnel, migrating to AWS may be cheaper and provide a competitive advantage.

With Heroku’s Private Space Peering you can migrate part of your workloads to AWS and keep part in Heroku, allowing for a gradual phased migration; another strong case for AWS over other public cloud providers.

AWS has numerous programs available to help support and fund a migration. At The Scale Factory, we have experts in AWS migrations that can help you understand the costs and funding that is available.


Want to migrate from Heroku to AWS? Our team has experience in delivering timely and successful migrations. Talk to us for a free initial chat.