Skip the setup. Keep your cloud.

Ready-to-code dev environments in your own AWS account.

Boxes boot from a baked AMI with repos cloned, secrets resolved and services running. Connect from any SSH client. They sleep when idle and wake when you need them.

30-day free trial · no card required

checkout-api — slothbox ssh

Product demo with three tabs. CLI tab: slothbox ls lists two boxes, then slothbox ssh checkout-api auto-starts the stopped box and connects to an interactive shell, where the Slothbox login banner reports the box id, uptime, free disk, Node and Python runtimes, Ubuntu 24.04, and the cloned projects. API tab: an automation diagram where CI pipelines and agents launch a fleet of test boxes through the REST API with a service key, the boxes run and are torn down, and signed webhooks report each state change. MCP tab: a Claude Code-style session where the assistant, with read-only context from mcp.slothbox.dev, launches a box over the REST API and runs the test suite on it with slothbox run, reporting 42 passing tests.

  • 0 inbound ports · no public IP
  • runs in your AWS account
  • every action in your CloudTrail
  • one static binary, no runtime

Why it's different

Your environment, the moment you SSH in.

Boxes boot from a baked machine image with repos, secrets and services already in place. There is nothing to install when you arrive.

Boots from a baked AMI, not a script.

Save a template and Slothbox bakes it into a machine image in your account. Boxes start from that image with setup scripts run, env files written and services up — and each developer's own GitHub key, provisioned automatically, so their repos are already cloned and pushes run as them.

Secrets stay in your account.

Secret values live in your SSM or Secrets Manager. Slothbox stores a pointer, and the box reads the value from your account at boot. Each box gets an IAM role scoped to its own secrets, deleted when the box is.

Closed by default.

No inbound security-group rules and no public IP. SSH runs over SSM with a 15-minute credential scoped to a single box and a key pushed just in time. IMDSv2 is enforced, and the cross-account role cannot escalate its own permissions.

Sleeps when idle. Wakes on demand.

Idle boxes stop themselves after a timeout you choose (30 minutes by default), and you can schedule sleep windows for nights and weekends. The disk is kept, so ssh brings a box back where you left off.

ssh wakes it
00:0012:0024:00

scheduled sleep 01:00–07:00

Your stack, as Docker images.

Pick services from a curated catalog of trusted images, or bring your own from any registry — private ones included. Slothbox composes them into the box and starts them on boot. Node 22/24 and Python 3.12 come ready too.

postgresredismysqldynamodb+ your own imageprivate registries

ubuntu 24.04 lts · arm64 / graviton · 18 aws regions

Built for orgs.

Signed webhooks, a 12-month audit log, live box metrics and per-member permissions, plus a read-only MCP server that works with Claude, Cursor and Codex.

Set up once · used by everyone

Set it up once. After that, the team connects.

    01

    Connect your AWS account.

    A pre-filled CloudFormation stack that calls back automatically, so there is no ARN to copy. The template is versioned, and the app tells you when a newer revision is available.

    aws-connection.json

    slothbox-connect

    CloudFormation · template v11

    connected

    cross-account roleleast-privilege

    auto-callbackverified

    02

    Define a template.

    Owners pick the services and projects a box should carry. Saving bakes a machine image in your account, and identical bundles are reused rather than rebuilt.

    template · api-stack

    api-stack

    custom AMI
    bakingreadycached & reused
    03

    Devs connect on demand.

    Launch from the web dashboard or the REST API, then run slothbox ssh. If the box is stopped it starts first, then you get a shell.

    checkout-api — slothbox ssh

    $ slothbox ssh checkout-api

    Starting checkout-api ready

    [ubuntu@checkout-api ~]$

    Running slothbox ssh checkout-api auto-starts the stopped box, prints “Starting checkout-api, ready”, and opens a shell prompt.

Developer experience

The terminal, the API, or MCP.

A single-binary CLI, a documented REST API and a hosted read-only MCP server.

curl -fsSL https://slothbox.dev/install.sh | sh

One static binary that keeps itself up to date. The only prerequisite is an OpenSSH client.

slothbox <command>
  • loginbrowser OAuth + PKCE
  • lslist your boxes
  • sshconnect, starting the box if it's stopped
  • runrun one command and stream the output
  • startboot a stopped box
  • stopstop a running box, disk preserved
  • terminatedelete a box (asks first)
  • updateself-update the binary
  • whoamishow the signed-in account

SECURITY & DATA RESIDENCY

Security your platform team signs off on.

Slothbox is built around your account boundary. Code, data and secret values stay on your side of it.

  • No inbound rules, no public IP

  • sts:SourceIdentity stamps every brokered action to a named person in your CloudTrail

  • Secret values resolved in your account — never transit Slothbox on read

  • TOTP MFA, org-enforceable

  • Immutable audit log — 17 action types, 12-month retention

Secret resolution — most-specific wins
envtemplaterepoorg
Architecture diagram of the Slothbox account boundary. A large plane labelled “Your AWS account” contains the EC2 box (with zero inbound rules and a scoped per-box IAM role that is reaped on terminate), SSM, Secrets Manager, and CloudTrail, which records SourceIdentity on every action. A small plane labelled “Slothbox” contains only the control plane and pointers. A single arrow runs from Slothbox into the IAM role, labelled “assume role plus SourceIdentity”. A second arrow labelled “secret values” is stopped at the account boundary with a red cross: secret values never cross the line into Slothbox.

Pricing

One subscription. Your AWS bill stays yours.

Every plan starts with a 30-day free trial — no card required. And we don't take a cut of your infrastructure.

save 40%

Team

Most popular
£36/user/yr

per seat, billed for people

30-day free trial · no card

Start free
  • Environments in your own AWS account
  • Templates, baked AMIs & auto-sleep
  • CLI, web dashboard & REST API
  • Personal API keys for light scripting
  • Signed webhooks & 12-month audit log
  • Org-enforced MFA & granular permissions

API plan

£1,000/yr

Includes 5 seats · for headless work

30-day free trial · no card

Start free
  • Everything in Team
  • Org service-account keys for CI & agents
  • Removes the per-seat box ceiling
  • 50× request-rate tier for service keys
  • Self-serve on & off

For agents & CI that need the real environment — your repos, services and secrets, in your own cloud. Not a throwaway sandbox.

Enterprise

Let's talk

for larger organisations

Contact us
  • Custom seat & API-plan bundles
  • Advanced access controls
  • Custom integration support
  • Priority response

One org subscription. Seats are for people; the API plan is for automation. Prices in GBP.

How it compares

Slothbox vs. Codespaces, Replit, Coder.

The data residency of self-hosting, without running the platform. Your code, secrets, and audit trail stay in the account you already own — and there's no control plane for you to operate.

Feature comparison of Slothbox against GitHub Codespaces, Replit, and Coder across nine capabilities, where Slothbox leads on data residency, managed operation, and cost control.
CapabilitySlothboxGitHub CodespacesReplitCoder
Runs in your AWS account, on your billSlothbox: YesGitHub Codespaces: NoReplit: NoCoder: Only with manual setup you build and run yourself
No control plane to run or patch yourselfSlothbox: YesGitHub Codespaces: YesReplit: YesCoder: No
Per-user GitHub keys provisioned onto every boxSlothbox: YesGitHub Codespaces: NoReplit: NoCoder: No
Works with any SSH clientSlothbox: YesGitHub Codespaces: NoReplit: NoCoder: Yes
Secrets stay in your SSM / Secrets ManagerSlothbox: YesGitHub Codespaces: NoReplit: NoCoder: Only with manual setup you build and run yourself
Per-action attribution in your CloudTrailSlothbox: YesGitHub Codespaces: NoReplit: NoCoder: Only with manual setup you build and run yourself
Org-wide auto-sleep policiesSlothbox: YesGitHub Codespaces: YesReplit: YesCoder: Only with manual setup you build and run yourself
Your AWS savings plans & discounts applySlothbox: YesGitHub Codespaces: NoReplit: NoCoder: Only with manual setup you build and run yourself
Flat per-user pricing — no infra markupSlothbox: YesGitHub Codespaces: NoReplit: NoCoder: Yes

Based on each vendor's documented managed offering. “manual setup” means a competitor can match it only on a deployment you stand up, run, and patch yourself.

FAQ

Questions we get asked.

Slothbox gives your team remote dev environments in your own AWS account. You define a box once (repos, services, secrets, setup scripts) and Slothbox bakes it into a machine image. Launch from the web dashboard or the REST API, connect with slothbox ssh from any SSH client, and you land on a shell with your repos cloned, secrets in place and services running.

Open a box. It's already set up.

Spin up your first box in your own cloud.

The trial runs 30 days, needs no card, and your AWS bill stays yours.

Start freeRead the docs →