Most "DevOps for startups" guides are written by people selling enterprise tools to 5-person teams. The reality: a startup needs 20% of the DevOps practice that a 200-person company needs, but you have to pick the right 20%. Get it wrong and you either burn three months on Kubernetes for an app that runs fine on a $20 VPS, or you ignore everything and discover in production what observability is for.
Here is the actual minimum we ship for early-stage SaaS, plus what you can safely defer.
Day 1 — non-negotiable
1. Hosted git + protected main branch
GitHub or GitLab. Main branch protected: no direct pushes, all changes via PR with at least one review (you reviewing your own PR before merge counts when solo).
2. CI on every PR
GitHub Actions or equivalent. Run typecheck, lint, tests, build. PR cannot merge if CI fails. This catches 80% of regressions before deploy.
3. Auto-deploy from main
Merge to main → deploy to production automatically. Vercel / Netlify do this for free. Manual deploys are how production environments fall behind.
4. Preview environments per PR
Every PR gets its own preview URL. Reviewers can click and see the change before merging. Vercel and Netlify give this for free with no setup.
5. Secrets in a vault, not in env files
AWS Secrets Manager, Doppler, or even Vercel's env UI. .env files committed to git is the most common security disaster in early-stage. Audit your repo for leaked secrets on day one (gitleaks).
6. Error tracking
Sentry. $26/month. Catches real errors users hit in prod that you would otherwise never know about. Skip this and you will ship broken code for months without realizing.
Month 1 — quick wins
7. Logging that you can search
Any centralized log destination — Vercel logs, Cloudflare, Logtail, Better Stack. The bar is "I can search logs by user/request, not just tail a file." Adds debugging speed dramatically.
8. Database backups, automated
Managed databases (RDS, Supabase, Neon) include automated daily backups with point-in-time recovery. If yours does not, fix it before you have any real data.
9. Uptime monitoring on critical endpoints
Better Uptime, UptimeRobot, BetterStack — pings your healthcheck every minute and pages someone if it fails. Free tier covers most early-stage needs.
10. Performance monitoring on the hot paths
Vercel Analytics, Cloudflare Analytics, or Sentry Performance. Lets you see when a key endpoint slows down before users complain. Critical once you have paying users.
Quarter 2+ — graduate when you grow
11. Infrastructure as Code (Terraform / Pulumi)
Worth it once you have more than ~5 cloud resources and multiple engineers. Before that, manual click-ops in the AWS / Vercel UI is faster.
12. Staging environment
A persistent non-production environment with production-like data. Worth it once preview-per-PR is not enough — usually when you have integrations that depend on stable URLs (webhooks, OAuth).
13. Centralized observability (OpenTelemetry, Datadog, Grafana Cloud)
Worth the integration cost once you have multiple services to correlate. Before that, individual tools (Sentry + Vercel logs) are sufficient.
14. On-call rotation
When you have customers paying for SLA-backed availability. Until then, founders take pages.
What you can skip (for now)
- Kubernetes — almost certainly until you have multiple stateful services and a real ops team.
- Service mesh — same, plus 2 more years.
- Multi-region deployment — until you have customers in multiple geos complaining about latency.
- Self-hosted CI runners — your minutes are cheap; managed CI is free up to a high tier.
- Custom log aggregation — pay for a managed service; your time is more expensive.
The shape of a good early-stage stack (2026)
For a typical SaaS we are building right now, the stack looks like: Vercel (web + API) + Neon or Supabase (Postgres) + Sentry (errors) + Better Stack (logs + uptime) + Stripe (billing) + Doppler (secrets). Total ops cost: $50–$150/month at launch scale. Total ops time: <30 minutes/week if everything is working.
When you outgrow this — usually around the time you have 3+ engineers and real revenue — graduating to AWS or GCP with proper IaC starts paying for itself. Before that, fight the urge to over-engineer.
How we work with startup teams
Our DevOps engagements with early-stage teams typically cover the day-1 and month-1 items above as a 1–2 week setup, then a transition to in-house ownership. We do not run your ops indefinitely; we set you up to do it yourselves with minimal time.