Thoughts & Ideas
Henry Hund
Last updated: March 2026
If you're evaluating Heroku alternatives, you're probably not reacting to an outage. You're making a multi-year infrastructure decision.
This guide is written for CTOs, founding engineers, and small platform teams running real production workloads. Especially teams that:
Have revenue flowing through their app
Are seeing increased enterprise scrutiny
Are approaching HIPAA or regulated scope
Or are simply uncomfortable betting the next 3–5 years on a sustaining-mode platform
Heroku isn't shutting down. But the shift to sustaining engineering changes planning assumptions. The right move now depends on your cost profile, compliance trajectory, operational maturity, and appetite for platform ownership.
We'll walk through:
What the sustaining engineering shift actually means
Who should care most
The real technical tradeoffs across alternatives
What migration actually involves in practice
How HIPAA and regulatory scope change everything
When to stay on Heroku
When Aptible fits and when it doesn't
What Heroku's sustaining engineering shift means for production teams
Based on public statements from Heroku and Salesforce, the platform remains operational. Existing applications continue running. Support and security maintenance continue.
What has changed is strategic emphasis.
Heroku remains available
Existing apps continue operating
Security maintenance and support are ongoing
Net new feature development is deprioritized
Long-term roadmap visibility is thinner than before
There is no announced forced migration event.
However, sustaining engineering is a signal. It indicates that expansion and innovation are no longer the primary focus. If customer revenue declines meaningfully over time, strategic priorities could shift again. Larger teams, especially those running material revenue or regulated systems, need to account for that possibility in long-term planning.
A reduction in product investment can also affect support depth, ecosystem vitality, and enterprise confidence over time, even if nothing changes immediately.
If Heroku runs revenue-generating systems, regulated workloads, or core production infrastructure, this is the moment to reassess risk deliberately rather than reactively.
Who should care most about this announcement
Not everyone needs to react, but certain teams should evaluate deliberately.
1. Teams running mission-critical production systems
If customer revenue flows through Heroku, roadmap ambiguity becomes a board-level dependency discussion. That affects disaster recovery posture, enterprise sales conversations, vendor risk disclosures, and renewal leverage, all areas where platform stability is a prerequisite, not a nice-to-have.
2. Growth-stage teams accumulating workarounds
The tell is usually a growing list of things you've built around Heroku rather than with it: custom CI scripts compensating for release gaps, add-on sprawl, networking workarounds, externalized background processing, security controls layered around defaults. Sustaining engineering doesn't remove that friction. It cements it. And migration surface area only grows with time.
3. Regulated or security-sensitive workloads
Digital health, fintech, govtech, enterprise SaaS with heavy security questionnaires… In all of these, compliance expectations increase every year. A platform that's stable is useful. A platform whose compliance posture isn't evolving can become a liability as those expectations rise.
4. Teams already discussing AWS
If you've said "maybe we should just go to AWS" more than once, this announcement is a forcing function to evaluate that trade properly instead of reactively.
The real reasons teams consider Heroku alternatives
Migrations typically start with friction that shows up in one of three places: cost modeling, platform constraints, or compliance pressure.
Trigger | What works early | What changes at scale | Why it pushes evaluation |
|---|---|---|---|
Cost predictability | Simple dyno-based pricing. You scale by dyno size and count. Add-ons are easy to attach. | Dozens of add-ons across environments. Database tier jumps. Always-on worker dynos. Finance asking for forecast models instead of rough estimates. | The issue becomes governance and predictability, not sticker price. |
Platform constraints | Buildpacks handle packaging. Git push deploys are straightforward. Release phase runs migrations automatically. | Custom CI steps, containerization needs, complex worker orchestration, or network requirements stretch beyond Heroku's abstraction model. | You start building around the platform instead of with it. |
Compliance pressure | Shared infrastructure is fine. Logging and isolation are "good enough." | Auditors want evidence. Enterprise buyers want isolation clarity. Legal wants a BAA and defined boundaries. | Questions shift from "does it run?" to "can we prove how it runs?" |
Cost predictability at scale
Heroku pricing is capacity-shaped:
Dynos accrue usage while running (usage and billing)
Scaling is based on dyno type and count (scaling docs)
Add-ons layer in separately
At small scale, this model is simple. At growth stage, it becomes layered: multiple environments multiplying dyno counts, background workers that must stay warm, add-on sprawl across staging and production, database upgrades that happen in stepwise tiers.
Finance eventually asks for forecasting discipline. At that point, the conversation shifts from "is this cheap?" to "is this predictable?"
That's when teams start modeling alternatives.
Platform constraints under sustaining engineering
Heroku's abstraction model is centered around buildpacks, git-based deploys, dyno process model, release phase tasks, and an add-on ecosystem.
These primitives are elegant, but they also assume a certain architecture style. As systems mature, teams often need container-level control, more explicit networking boundaries, custom scaling logic, deeper observability integration, or region and isolation control. Under a growth-oriented roadmap, you might expect the platform to expand alongside you. Under sustaining engineering, it's more realistic to assume those primitives will remain largely as-is.
Compliance and regulatory pressure
Once HIPAA, SOC 2 maturity, or enterprise security reviews enter the picture, the questions change: Where does PHI live? What are your isolation guarantees? How are infrastructure actions logged and retained? Who signs the BAA?
Heroku Shield addresses part of this through Private Spaces and enhanced logging. But teams must still evaluate long-term compliance posture, audit evidence workflows, and structural isolation clarity.
The four main categories of Heroku alternatives
Choosing a Heroku alternative is really choosing how much platform ownership you want. The framework matters more than the feature list. Teams should evaluate Heroku alternatives based on three factors: operational burden (DIY vs managed), compliance posture (built-in vs add-on), and cost model (predictable vs usage-based).
1. Heroku-like PaaS: Render, Fly.io, Railway
These platforms aim to preserve developer velocity while adding more explicit resource control than Heroku's dyno model.
Render
Render supports git-based deploys, preview environments, background workers and cron jobs, and instance-based scaling. It feels similar to Heroku but with more explicit resource sizing; you choose instance types and scale count rather than relying on buildpack-driven conventions.
Compliance note: Render offers a BAA path and documents HIPAA posture, but compliance scope is plan-dependent and shared responsibility still applies.
Best fit: Small to mid SaaS teams with moderate compliance needs who want Heroku-style workflows without the sustaining engineering risk.
Fly.io
Fly is container-first. You deploy Docker images, configure region-aware deployment, and manage volumes explicitly. You think in terms of regions and machines rather than dynos. That's powerful for distributed workloads and more infrastructure-shaped than Heroku.
Compliance note: Fly's docs emphasize primitives over compliance guidance. Confirm BAA availability directly and design isolation carefully before handling any regulated data.
Best fit: Infra-comfortable teams who want regional control or container-native deploys without running full Kubernetes.
Railway
Railway optimizes for fast iteration: quick start workflows, built-in private networking, and usage-based pricing. Operational burden is low early. Compliance posture requires the Enterprise tier and explicit evaluation.
Compliance note: Railway offers a HIPAA BAA on its Enterprise tier under a shared responsibility model. Confirm spend thresholds and independently validate encryption, access control, and logging for PHI handling.
Best fit: Early-stage teams prioritizing speed, typically pre-regulated scope.
2. Partial platforms: Vercel, Supabase, DigitalOcean
These replace layers of your stack, not the full runtime. In most cases you're composing a system rather than adopting a single cohesive platform.
Vercel
Vercel is strongest for frontend-heavy workflows and edge-first architectures. Core capabilities include git-based preview deployments, edge and region configuration for serverless functions, and usage-based pricing across bandwidth, function execution, and build minutes. If your system relies heavily on background workers, long-running jobs, or complex backend orchestration, you will need to compose additional infrastructure outside of Vercel.
Compliance note: Vercel documents HIPAA support and offers a BAA under a shared responsibility model. Compliance posture is architecture-wide: validate where PHI is processed, how logs are retained, and how external services are secured.
Best fit: Frontend-led teams and SaaS products where backend complexity is modest or intentionally externalized.
Supabase
Supabase accelerates Postgres-centric architectures. Core capabilities include managed Postgres, row-level security policies, auto-generated REST and GraphQL APIs, and edge functions for lightweight backend logic. It's particularly strong for database-first applications where authorization logic lives close to the data layer.
Compliance note: HIPAA support requires a signed BAA, enrollment in the HIPAA add-on, and use of high-compliance project configurations. Compliance is conditional and configuration-dependent.
Best fit: Database-centric SaaS products and internal tools where the data layer is central to the architecture.
DigitalOcean
DigitalOcean spans lightweight PaaS and infrastructure primitives. App Platform supports git-based application deploys, managed databases, and autoscaling on dedicated CPU plans. Droplets and Kubernetes provide deeper flexibility but significantly increase operational ownership.
Compliance note: DigitalOcean offers BAA support at the account level, but compliance posture depends entirely on architecture and implementation. Isolation boundaries, logging retention, and network controls are your responsibility to design.
Best fit: Small to mid-size teams that want predictable infrastructure pricing and moderate operational control without fully embracing hyperscaler complexity.
3. DIY cloud: AWS, GCP, Azure
Moving to raw cloud increases flexibility and control. It also makes you responsible for everything Heroku previously abstracted. This path is usually driven by scale, enterprise procurement alignment, or the need for architectural freedom.
AWS
Common migration landing zones include ECS with Fargate, EKS for Kubernetes-based orchestration, and Elastic Beanstalk for lighter abstraction. You must explicitly design IAM policies, VPC architecture, observability and logging pipelines, CI/CD governance, and cost tagging and monitoring discipline.
Compliance note: AWS provides a list of HIPAA-eligible services and supports BAAs under a shared responsibility model. Compliance posture depends on correct service selection, configuration, and ongoing governance.
Best fit: Organizations with platform engineering capacity, multi-service architectures, and a long-term need for maximum control.
GCP
Cloud Run is a common Heroku migration target: managed container execution with integrated CI/CD via Cloud Build. GCP emphasizes container-native workflows and managed services.
Compliance note: GCP supports HIPAA BAAs and provides compliance tooling, including Compliance Reports Manager and documented service coverage. As with AWS, posture depends on architecture and configuration discipline.
Best fit: Teams comfortable with containers who want a managed runtime without committing to full Kubernetes from day one.
Azure
Common migration paths include App Service for managed app hosting and AKS for Kubernetes orchestration. Azure is frequently chosen for enterprise procurement alignment, particularly in Microsoft-centric organizations.
Compliance note: Azure offers HIPAA BAA coverage and extensive compliance documentation via its Service Trust Portal. As with other hyperscalers, compliance is enforced through architecture, IAM discipline, and operational controls.
Best fit: Enterprises already standardized on Microsoft tooling or organizations prioritizing procurement consolidation.
4. Compliance-first platforms: Heroku Shield, Aptible
For regulated teams, these two platforms sit in a separate category from the alternatives above. The key distinction is where compliance appears in the architecture. For most alternatives, compliance is an add-on tier or an enterprise feature you configure. For Heroku Shield and Aptible, it's structural, built into how the platform is designed, not layered on top.
Dimension | Heroku Standard | Heroku Shield | Aptible |
|---|---|---|---|
Isolation | Multi-tenant dynos | Shield dynos in Private Spaces | Isolated AWS environments by default |
Compliance posture | Moderate | Enhanced tier | Baseline design |
Audit logging | Limited | Expanded | Infrastructure actions logged and retained |
Networking | Shared infra | Private Spaces | Private-by-default networking |
Primary optimization | Developer simplicity | Regulated within Heroku model | Regulated production by design |
Heroku Shield
Heroku Shield extends standard Heroku with Private Spaces, enhanced logging, and tighter isolation controls. For teams already invested in the Heroku model and approaching regulated scope, Shield is the lowest-friction path to an enhanced compliance posture without the migration cost of moving platforms entirely.
Compliance note: Shield Private Spaces provide meaningful isolation improvements over standard dynos. Evaluate the scope of audit logging export capabilities and factor long-term roadmap confidence into your decision.
Best fit: Growth-stage teams handling PHI or sensitive PII that want to remain in the Heroku model with enhanced isolation.
Aptible
For teams handling PHI or sensitive data, Aptible's structure is different from most alternatives: security controls and audit logging are enforced by default, not offered as a premium tier. Aptible sits between Heroku-level developer ergonomics and full AWS ownership: container-based deploys with clear isolation boundaries, private networking, audit logging on by default, and predictable resource meters.
Teams usually choose Aptible when PHI or sensitive PII is core to the business, enterprise security reviews are frequent, or audit evidence generation is consuming meaningful engineering time.
When Aptible isn't right: If your workload doesn't involve regulated data, if you're pre-revenue and budget is the primary constraint, or if you want full DIY infrastructure control (Kubernetes, custom networking), Aptible will feel like more compliance structure than you need. In those cases, Render or a raw cloud platform is likely the better fit.
Best fit across Heroku alternatives
Platform | Category | Best fit |
|---|---|---|
Heroku (Standard) | General-purpose PaaS | Early to growth-stage SaaS teams prioritizing developer speed and minimal infrastructure ownership. |
Heroku Shield | Regulated tier within Heroku | Growth-stage teams handling PHI or sensitive PII that want to remain in the Heroku model with enhanced isolation. |
Render | Heroku-like PaaS | Small to mid-size SaaS teams wanting Heroku-style workflows with more explicit resource control and moderate compliance needs. |
Fly.io | Container-first PaaS | Infra-comfortable teams needing regional control, distributed workloads, or container-native deploys without running full Kubernetes. |
Railway | Lightweight PaaS | Early-stage startups optimizing for speed and minimal operational overhead, typically pre-regulated scope. |
Vercel | Frontend platform | Frontend-led teams building edge-first or serverless-heavy applications with relatively simple backend needs. |
Supabase | Database-first backend platform | Postgres-centric applications where data-layer logic and RLS are central to the architecture. |
DigitalOcean | Hybrid PaaS + IaaS | Teams wanting predictable infrastructure pricing and moderate flexibility without full hyperscaler complexity. |
AWS | Hyperscaler | Organizations with platform engineering capacity that require maximum architectural control and long-term scalability. |
GCP | Hyperscaler | Container-native teams seeking managed runtime flexibility without committing to full Kubernetes immediately. |
Azure | Hyperscaler | Enterprises aligned with Microsoft ecosystems or prioritizing procurement consolidation. |
Aptible | Regulated production PaaS | SaaS teams handling PHI or high-risk PII that want container-based deploys, strong isolation guarantees, and compliance as a baseline rather than an add-on. |
Compliance considerations across Heroku alternatives
Platform | BAA availability | Compliance posture model | What requires validation |
|---|---|---|---|
Heroku (Standard) | Limited / plan-dependent | Shared responsibility | Isolation guarantees, logging depth, and service eligibility. |
Heroku Shield | Yes | Enhanced isolation within Heroku model | Scope of Private Spaces, audit logging export, long-term roadmap confidence. |
Render | Yes (plan-dependent) | Shared responsibility | Service coverage, logging retention, network boundaries. |
Fly.io | Enterprise engagement required | Shared responsibility | Region isolation, data residency, logging controls, BAA terms. |
Railway | Enterprise BAA add-on | Shared responsibility | Spend thresholds, encryption controls, access restrictions, logging retention. |
Vercel | Yes (Enterprise) | Shared responsibility | Architecture-wide PHI handling, external services, logging configuration. |
Supabase | Yes (HIPAA add-on) | Configuration-dependent | Correct project tier, encryption settings, RLS enforcement, logging posture. |
DigitalOcean | Yes (account-level BAA) | Architecture-dependent | VPC isolation, IAM, logging retention, service selection discipline. |
AWS | Yes | Shared responsibility with HIPAA-eligible services list | Correct service usage, IAM configuration, audit logging, encryption controls. |
GCP | Yes | Shared responsibility | Service eligibility, container configuration, logging and IAM governance. |
Azure | Yes | Shared responsibility | Identity governance, network segmentation, logging and compliance controls. |
Aptible | Yes | Compliance-first baseline | Application-layer controls and customer-side data handling policies. Infrastructure isolation, logging, and private networking are default assumptions. |
What migrating off Heroku actually involves
Heroku migration is a common enough pattern that there are clear steps. In many of the migrations we've supported: 70% of time is planning and validation, 20% is actual infrastructure work, and 10% is cutover. The planning phase is where teams most often underestimate complexity.
Step 1: Inventory your reality
Before touching infrastructure, list all apps and worker processes, map dyno formation, document add-ons and their equivalents, extract environment variables, identify release-phase tasks, and capture background job patterns. Many teams discover complexity they forgot about.
Step 2: Containerization
Heroku buildpacks hide complexity. When you move, the build must be reproducible, runtime vs build-time config must be explicit, and secrets handling must be disciplined. AI-assisted Dockerfile generation helps, but validation is what matters.
Step 3: Database migration
This is the highest-risk portion. Common patterns include logical replication with controlled cutover, read replica sync, and scheduled downtime windows with dump/restore. Whichever approach you take, it requires rehearsal.
Step 4: Side-by-side validation
Run both environments in parallel. Validate logs and metrics, test rollback, lower DNS TTL before cutover, and treat the traffic shift like an incident rather than a routine deploy.
For step-by-step guidance, see:
If you're handling PHI, the Shield-specific guide is particularly important because network boundaries and isolation assumptions differ.
When to stay on Heroku
Not every team should migrate. In some situations, staying on Heroku is the rational choice, and it's worth being direct about that.
Your workload is simple and stable. If you're running a low-traffic app, an internal tool, or a side project with no regulated data, Heroku's abstractions are genuinely well-suited to the job. The developer experience for straightforward apps is hard to beat, and no migration comes for free.
Your team has no platform engineering bandwidth. Migration requires real engineering time: scoping, containerizing, running parallel environments, managing cutover. If you're a two-person team shipping product, that's often the wrong trade to make right now.
Your compliance posture doesn't actually require more. If you've done the evaluation and Heroku Standard or Shield legitimately meets your current requirements, there's no reason to move. Compliance overhead for its own sake isn't useful.
The migration complexity outweighs the benefit. Some apps have accumulated enough Heroku-specific add-ons and architecture patterns that migration would be a multi-month project. If the risk calculus doesn't favor moving, don't move.
Sustaining engineering is a signal worth monitoring, not necessarily a trigger for immediate action. Plan deliberately. Don't react.
FAQ: Common questions about Heroku alternatives
Is Heroku shutting down?
No. Heroku remains operational but has shifted to sustaining engineering, meaning active feature development is deprioritized. Existing applications continue running, support continues, and security maintenance is ongoing. There is no announced forced migration event.
What happened to Heroku free tier?
Heroku eliminated free dynos in November 2022. The lowest tier is now $5/month for Eco dynos. This change drove a significant wave of teams evaluating alternatives, particularly for hobby projects, side projects, and low-traffic apps that had relied on the free tier.
What's the best Heroku alternative for HIPAA?
For HIPAA-compliant workloads, Aptible and Heroku Shield are the primary options with BAAs and compliance-first architectures. Aptible treats isolation, audit logging, and private networking as default assumptions. Heroku Shield provides enhanced isolation within the Heroku model via Private Spaces. Render, Railway, and the major cloud providers (AWS, GCP, Azure) also offer BAAs, but compliance posture is architecture-dependent and requires more active configuration and validation.
How hard is it to migrate from Heroku?
Migration complexity varies. Simple apps can migrate in a day; complex systems with multiple add-ons and databases may take 2–4 weeks of planning plus a controlled cutover window. The most common underestimate is add-on sprawl; teams often discover dependencies they hadn't fully documented. Based on migrations we've supported, roughly 70% of the effort is in planning and validation, not the infrastructure work itself.
Is there a free alternative to Heroku?
Several platforms offer free or very low-cost tiers for hobby and low-traffic projects. Render, Railway, and Fly.io all have free or low-cost entry points. For production workloads, the more relevant question is cost predictability at scale, not entry-level pricing. The dynamics change significantly once you add staging environments, background workers, and database tiers.
Final perspective
Heroku remains viable today. But sustaining engineering shifts long-term confidence calculations.
If your workload is simple and stable, staying may be rational.
If compliance scope is expanding, enterprise scrutiny is increasing, or cost modeling is becoming harder, planning early will reduce risk.
If you're handling PHI or entering regulated scope, structural clarity matters more than surface-level developer experience.
If you want a straight technical read on your current footprint (migration complexity, compliance gaps, and whether Aptible actually makes sense for your situation) talk to an engineer. We're not going to tell you to migrate if you shouldn't.
