AI-Native Cloud Provisioning

Infrastructure
that runs
itself.

Connect your cloud accounts. Describe what you need. Edict Labs provisions, secures, and manages your infrastructure with cryptographic authorization on every action. No IaC. No tickets. No two-week wait.

Join waitlist See the product

No IaC. No YAML. No platform team. No shortcuts.

Live operations Active
vpc-productionCreate VPC · 10.0.0.0/16
Authorized
rds-postgres-16Provision RDS · Multi-AZ
Authorized
ecs-api-serviceScale Fargate · 2→4 replicas
Executing
sg-db-accessModify security group
Pending Auth
iam-role-scopedCredential revoked · lifecycle end
Revoked
2,847Ops today
100%Authorized
0Incidents
Built on:
Cryptographic authorization on every action
Per-operation credentials, auto-revoked
Natural language, no IaC required
Day-0 to day-N lifecycle management
The Challenge

The infrastructure tax
is crushing small teams.

Too small for a platform team. Too big to wing it.

Slow
3–5 days

Median wait for a new environment. If there's a platform engineer to ask at all.

Expensive
$300K+

Annual cost of a platform engineer. Most teams at 20–150 engineers can't justify the headcount.

Risky
75%

Cloud security failures that start with misconfiguration, not attackers.

Wasteful
30%

Average cloud spend wasted on idle or forgotten resources. Nobody audits until it hurts.

What Edict Labs Does

The platform team
you can't hire.

Connect your AWS accounts. The platform discovers what's already running, provisions what's needed, and manages the full lifecycle, through natural language.

01 / New Infrastructure
Describe. Approve. Done.

Tell the platform what you need in plain language. "I need a staging environment with Postgres and Redis behind a load balancer." It infers the architecture, estimates cost, and runs policy checks, then provisions in minutes.

02 / Existing Infrastructure
Connect. See. Control.

Start in read-only mode. See what's running, what it costs, and where configuration has drifted. Bring it under management when you're ready. No rip-and-replace required.

03 / Ongoing Management
It keeps running right.

Drift detection, cost optimization, idle resource cleanup, TTL enforcement, and security posture monitoring. The platform doesn't just set up infrastructure. It keeps it running correctly long after provisioning.

Cryptographic Authorization

Authorization and execution
are always separate.

No single component can both approve and execute a privileged action. Compromise of any one service does not grant the ability to modify your infrastructure.

Per-operation, not per-deployment
Blast radius: exactly one API call
Credentials auto-revoked after execution
01 / Plan
Plans. Never executes.
Determines what to provision and attests intent. Cannot take direct action on your infrastructure. Authorization is always handled by a separate, independent component.
No cloud credentials
02 / Verify
Independently verified.
Every action is verified against policy by a component that cannot execute it. Verification and execution are architecturally separated, not just logically.
No execution capability
03 / Execute
Scoped. Ephemeral. Revoked.
Access is granted for exactly one operation and automatically revoked the moment it completes. No standing credentials. No persistent access window.
No policy knowledge
The Product

See it working.

Edict Labs provisions infrastructure through a conversational interface. Authorization status is visible on every resource, in real time.

platform.edictlabs.ai
Edict Labs
Home
Environments
Costs
Activity
Environments
staging-payments
production
dev-sandbox
staging-payments
Provisioning · 2 of 6 authorized
Set up a staging environment for payments: Postgres, Redis, Node.js API behind a load balancer. Same topology as production but t3.medium instances.
Architecture plan · 6 resources~$47/day · est. 8 min
VPC + private/public subnets · 10.0.2.0/24Authorized
RDS Postgres 16 · t3.medium · 100 GB encryptedAuthorized
ElastiCache Redis · cache.t3.micro · 2 nodesExecuting
ECS Fargate · Node.js API · 2 tasks · t3.mediumPending
ALB + target group + Route 53 · api.stagingPending
IAM roles · least-privilege scoped · TTL 14 daysPending
How it works

From intent to running infrastructure.

01
Intent
Describe what you need.
Plain language. No YAML, no Terraform, no infrastructure expertise required. The AI asks clarifying questions for ambiguous requests.
You: "Set up a staging environment for payments: Postgres, Redis, Node.js API behind a load balancer."
02
Plan
AI architects the solution.
The engine infers the right architecture, policy checks run, cost is estimated. Approve once, or it runs autonomously if trust score allows.
Edict Labs: VPC + ECS Fargate + ALB + RDS Postgres 16 + ElastiCache
~$47/day · ready in ~8 min · Approve?
03
Execute & Manage
Provisioned, secured, managed.
Every action passes cryptographic authorization. Credentials scoped to one call. Environment monitored, right-sized, and auto-torn-down at TTL.
✓ Running · Secrets injected · Monitoring attached
TTL: 14 days · 2,847 ops · 0 incidents
Progressive Autonomy

Trust is earned,
not configured.

Edict Labs starts cautious and earns autonomy through a track record of successful operations. Destructive actions always require authorization.

Autonomous: Scaling replicas, extending storage, right-sizing instances execute without interruption.
Authorization required: New VPCs, security group changes, IAM modifications need one-click approval.
Full authorization: Teardowns and destructive operations require independent authorization across trust domains.
Trust Score: Acme Corp78
Scale ECS replicas (2→8)Autonomous
Extend RDS storage to 500 GBAutonomous
Add ElastiCache read replicaAutonomous
Create security groupAuth required
Modify IAM role policyAuth required
Teardown production VPCFull auth
Use Cases

What teams build
with Edict Labs.

Common workflows
Ephemeral environmentsPR-triggered preview environments, created on open, destroyed on merge.
Staging from a sentence"I need staging that mirrors prod but smaller instances." Done in minutes.
Prototype to productionGo live without writing or maintaining a line of IaC.
Cost cleanupAudit and destroy idle resources across all accounts automatically.
Drift remediationDetect when someone changed something in the console. Remediate with one click.
Production infrastructureDefine, manage, and audit production workloads with the same authorization guarantees as everything else. Every change is tracked, every credential is scoped.
Compliance readinessEvery action audited. Every credential scoped and revoked. SOC 2 and HIPAA ready by design.
Who it's for
Developers

Get infrastructure in minutes instead of waiting days. Describe what you need, skip the Terraform.

Overloaded platform engineers

Automate the bulk of provisioning requests. Focus on architecture, not tickets.

Engineering leaders

See what infrastructure costs, auto-teardown idle resources, enforce policy without policing.

Enterprise teams

SOC 2 and HIPAA ready. Every action audited. Custom policies. SSO/SAML. Dedicated trust domain.

How We Compare

Everyone launched AI.
We built the control plane.

The market is tools that assist you with IaC. We replace the IaC layer entirely, and manage what comes after.

Traditional IaCIaC + AI LayerAI Ops AssistantsEdict Labs
ExamplesTerraform, PulumiSpacelift, env0Resolve.ai, Cleric
InterfaceCode (HCL, TS)Code + NL assistNL for diagnosisNL for everything
ScopeProvision (manual)Provision (assisted)Diagnose + recommendProvision + manage + secure
CredentialsStatic / per-jobPer-stack / per-runRead-onlyPer-operation, auto-revoked
LifecycleCreate onlyCreate + limited driftDay-2 onlyDay-0 to day-N
AutonomyNoneStatic configPassive observationProgressive, earned
Pricing

Replace a $300K+ hire
for a fraction of the cost.

Early access only. No credit card. Cryptographic authorization on every plan.

Early Access
Free
Invite only. No credit card required.
  • Full platform access for 14 days
  • 1 AWS account
  • Up to 5 environments
  • Cryptographic authorization on all actions
  • Provisioning, drift detection, cost visibility
  • Community support
Join waitlist
Team
Contact us
Pricing not finalized. Join waitlist for early access.
  • Multiple AWS accounts
  • Unlimited environments
  • Custom TTL and trust policies
  • Full progressive trust engine
  • Email support
  • 90-day audit log
  • Free trial included
Join waitlist
Enterprise
Contact us
Custom pricing for larger teams.
  • Unlimited AWS accounts
  • Custom operation limits
  • Custom policy engine
  • SSO / SAML integration
  • Dedicated support + SLA
  • Audit log export (forever)
  • On-premise deployment option

All plans include cryptographic authorization on every action. No shared credentials. No exceptions.

Early Access

Go from manual tickets
to infrastructure that ships itself.

We're onboarding select engineering teams. No IaC experience required. Get in early.

No spam. No pitch decks. Early access when we're ready for you.

Get in touch

We'll get back to you within one business day.

Something went wrong. Email hello@edictlabs.ai

Message received.

We'll be in touch shortly.