Skip to main content
株式会社オブライト
Software Development2026-07-06

"Stop Overcomplicating Your Stack, Just Deploy Everything to Cloudflare" — Fact-Checking @ibocodes' Viral $5/Month Post: Workers + D1 + KV + R2 + Queues + Hyperdrive + Email Routing + WAF/DDoS Built-In How Better Auth Fits, Where Durable Objects Belong, and How Flue Framework Rounds It Out

@ibocodes' X post — "my entire 2026 stack runs on cloudflare and I pay $5/month" — went viral (original tweet). The claim: Workers (compute) + D1 (SQL DB) + Better Auth + KV (cache) + R2 (object storage) + Queues (background jobs) + Hyperdrive (DB acceleration) + Email Routing (sending) + built-in WAF / DDoS — all on a $5/month floor, capped around $10 in the worst case. This column fact-checks that claim against Cloudflare's published pricing, walks through each of the eight services, calls out real-world cost inflection points, covers the Better Auth integration pattern, and situates the stack next to our prior Cloudflare Durable Objects and Flue Framework columns.

Real pricing structure: the Workers Paid plan is a $5/month floor and covers Workers itself + KV + Hyperdrive + some Durable Objects usage. D1, R2, and Queues layer on with generous free tiers plus usage-based billing. For a solo SaaS in its early stage, $5–10/month really is enough, but at production scale (DB reads, R2 storage, Queue messages) bills commonly stretch to $30–100/month.

Better Auth × D1: zpg6/better-auth-cloudflare provides a CLI that auto-provisions Workers + D1 + Hyperdrive + KV + R2 + geolocation end-to-end. Both Drizzle ORM and native D1 are supported, with guides for Hono / Next.js / React Router / SvelteKit. The critical implementation pattern: create a Better Auth instance per request (never a shared singleton) so the D1 binding for that request is injected correctly. Note also Better Auth's session-refresh bug #4203, which was reopened in January 2026.

The eight services:
- Workers — global serverless compute with near-zero cold-start
- D1 — distributed SQLite-based SQL DB with scale-to-zero billing
- KV — eventually-consistent key-value store (read-heavy, edge-cache use)
- R2 — S3-compatible object storage with zero egress cost
- Queues — message queue with no egress fees and at-least-once delivery
- Hyperdrive — connection pooling and edge caching for external Postgres / MySQL, available even on the Workers Free plan
- Email Routing — transactional email sending via Workers bindings or REST API
- WAF & DDoS — included in every plan, with industry-leading DDoS protection

Natural companions: pair with Durable Objects for strong-consistency state + WebSockets, and Flue Framework for the AI-agent layer — the all-Cloudflare distributed system is genuinely deployable end-to-end.

Caveats: single-vendor lock-in (AWS / GCP migration costs), CPU-heavy work is a bad fit for Workers (AI inference and heavy image processing need Cloudflare AI or external GPU), D1's write-throughput ceiling (high-write workloads belong on Durable Objects), and Better Auth's rough edges (the session bug and a few other issues). Even so, the honest conclusion is that the era where 90% of individual / startup / mid-market SaaS runs entirely on Cloudflare has arrived.


TL;DR — Does "Just Deploy Everything to Cloudflare" Actually Work?

@ibocodes' X post went viral (original):

> my entire 2026 stack runs on cloudflare and I pay $5/month for it
> - workers (compute)
> - d1 (sql db) + better auth
> - kv (cache)
> - r2 (object storage)
> - queues (background jobs)
> - hyperdrive (db acceleration)
> - email routing (sending)
> - + waf & ddos built-in

Four findings after fact-checking:

1. The $5/month floor is real — the Workers Paid plan includes Workers itself + KV + Hyperdrive + some Durable Objects usage
2. For a solo SaaS in its early stage, $5–10/month really is enough — the eight services' generous free tiers stack neatly
3. At production scale, the bill grows to $30–100/month — D1 row reads, R2 storage, and Queue messages tip you past the included allowances
4. CPU-heavy and write-heavy workloads are a poor fit — AI inference and hot-write workloads need Cloudflare AI or external GPUs designed in

This column complements our earlier Cloudflare Durable Objects and Flue Framework columns — a reality check on the full Cloudflare stack.

Eight Services, Roles, and Prices

1. Workers — Global Serverless Compute

Role: HTTP handler with near-zero cold start, V8-isolate-based, running in 300+ edge locations.

Pricing (official):
- Free: 100,000 requests/day, 10 ms CPU/request
- Paid ($5/month): 10M requests/month included, then $0.30 / 1M requests; CPU billed at $0.02 per million CPU-ms

Workers Paid = $5/month is the entirety of @ibocodes' "$5."

2. D1 — SQLite-Based Distributed SQL DB

Role: Cloudflare's SQLite fork with global read replicas; ORM integration via Drizzle, Kysely, or Prisma.

Pricing (D1 Pricing):
- Free: 5M row reads/day, 100K row writes/day, 5 GB storage
- Paid: 25B row reads/month included, then $0.001/M; 50M row writes/month included, then $1.00/M; 5 GB-month included, then $0.75/GB-month

Attributes: scale-to-zero billing (idle = $0), full SQL flexibility (JOINs, indexes, transactions), multi-region read replicas.

3. KV — Eventually-Consistent Key-Value

Role: read-heavy edge cache, feature flags, session store. Writes take minutes to propagate globally (eventual consistency), so use for read-dominant workloads.

Pricing:
- Free: 100K reads/day, 1K writes/day, 1 GB storage
- Paid: 10M reads/month included + $0.50/M; 1M writes/month included + $5.00/M; 1 GB + $0.50/GB-month

4. R2 — S3-Compatible Object Storage

Role: persistent storage for images, video, binaries, backups. S3 API compatible.

The pricing headline: egress is completely free. What costs $0.09/GB on AWS S3 costs $0 on R2.
- Free: 10 GB storage, 1M Class A ops/month, 10M Class B ops/month
- Paid: $0.015/GB-month, Class A $4.50/M ops, Class B $0.36/M ops

For video streaming and heavy download services, R2 often comes in at 1/5–1/10 the S3 cost.

5. Queues — Message Queue

Role: background jobs, async processing, pub/sub, deferred execution. At-least-once delivery.

Pricing:
- Free: none (Paid plan required)
- Paid: 1M operations/month included + $0.40/M; $0 egress

Operations = write + read + delete, so a single message normally consumes 3 ops.

6. Hyperdrive — External-DB Pooling + Edge Cache

Role: pool and cache connections to external Postgres / MySQL / Neon / Supabase / PlanetScale at Cloudflare's edge — reduce latency to distant DB regions.

Pricing: free on both the Free and Paid plans. Data transfer is included.

Use cases: your write volume exceeds D1's ceiling, you have existing Postgres data assets, or you need complex SQL (Full Text Search, PostGIS) — put the external DB behind Hyperdrive and access from Workers.

7. Email Routing — Transactional Email

Role: send transactional email from Workers (signup confirmations, password resets, notifications). Inbound routing is also supported (route emails to your domain into Workers via webhook).

Pricing: free at baseline (with a monthly send cap). A viable alternative for teams that used to pay $10–30/month for SendGrid / Mailgun / Postmark.

API: Workers bindings + REST API, callable from Node.js / Python / Go / etc.

8. WAF & DDoS — Security Included by Default

Role: a Web Application Firewall blocking OWASP Top 10-class attacks, plus industry-leading DDoS protection, bot mitigation, and API security.

Pricing: included on every Free plan. You only pay when custom-rule limits or Enterprise-grade API-security features are needed.

Testing the $5/Month Claim — Yes, for Early-Stage

Scenario A: personal blog / portfolio (100K monthly PV)

- Workers: 100K requests < Free tier, $0 (assuming Paid $5 for the account)
- D1: 1M reads < Free tier, $0
- R2: 5 GB < Free tier, $0
- KV: 50K reads < Free tier, $0
- Queues: unused, $0
- Hyperdrive: unused, $0
- Email Routing: hundreds of emails, $0
- WAF/DDoS: included, $0

Total: $5/month (just the Workers Paid floor) — the claim holds.

Scenario B: small SaaS (1M req/month, 1,000 users, 5,000 tx/month)

- Workers: 1M req < 10M-included in Paid, $5
- D1: 5M reads + 50K writes < included, $0
- R2: 20 GB storage, $0.15 (10 GB free + 10 GB × $0.015)
- KV: 1M reads + 10K writes < included, $0
- Queues: 30K messages × 3 ops = 90K ops < 1M included, $0
- Hyperdrive: $0 (free even in use)
- Email Routing: 10K emails, $0
- WAF/DDoS: $0

Total: about $5.15/monthgenuinely under $10.

Scenario C: mid-scale production SaaS (50M req/month, 100K users, heavy R2)

- Workers: 50M req = 10M included + 40M × $0.30/M = $17
- D1: 500M reads (over-tier) $0.5 / 10M writes × $1.00 = $10.5
- R2: 500 GB storage = ($500 - $10 free) × $0.015 = $7.35
- KV: 50M reads × ($0.50/M for excess) = $20
- Queues: 3M ops × ($0.40/M for excess) = $0.80
- Hyperdrive + Email Routing + WAF: $0 (within free)

Total: about $55/month — the "$10" claim breaks, but it's still 1/5 to 1/10 of the equivalent AWS build.

Better Auth × Cloudflare Integration Pattern

The one non-Cloudflare-native piece in @ibocodes' eight-service stack is Better Auth — the TypeScript open-source auth library at betterauth.com.

The better-auth-cloudflare library (zpg6/better-auth-cloudflare):
- CLI that provisions Workers + D1 + Hyperdrive + KV + R2 + geolocation
- Both Drizzle ORM and native D1 supported
- Guides for Hono / Next.js / React Router / SvelteKit

The critical implementation pattern (Better Auth on Cloudflare - Hono docs):

ts
// ❌ Don't share a singleton — each Worker isolate has its own D1 binding
export const auth = betterAuth({...});

// ✅ Create Better Auth per request
app.use('*', (c, next) => {
  const auth = betterAuth({
    database: drizzle(c.env.DB),  // inject THIS request's D1 binding
    // ...
  });
  c.set('auth', auth);
  return next();
});

Ignore this pattern (export the auth instance from module top-level) and you'll get silent failures in production.

Known bug: Better Auth #4203 (session refresh) was reopened in January 2026. Under certain conditions the session doesn't refresh cleanly. Workarounds exist; verify the issue tracker before production adoption.

Recommended Companions: Durable Objects + Flue Framework

The eight services can carry a production SaaS, but adding two more makes the stack a full distributed system:

(1) Durable Objects — name-addressed stateful instances with co-located SQLite. Use for strong-consistency workloads with WebSockets or hibernation — chat, LLM sessions, collaborative editing. Fills the gap that Workers + KV + D1 alone leaves.

(2) Flue Framework — the Astro team's TypeScript AI-agent harness. Builds LLM agents and workflows on top of Durable Objects, with 25+ external integrations (Slack, GitHub, Linear, ...) included.

This 8+2 combination is emerging as the de-facto stack for "modern distributed AI SaaS built entirely on Cloudflare."

When Cloudflare Alone Isn't Enough

(1) CPU-heavy work: Workers cap CPU at 30 seconds (Paid), so AI inference, mass image processing, and video encoding don't fit. → Use Cloudflare AI (Workers AI) for LLM inference, or delegate to an external GPU (Runpod / Lambda Labs / a domestic GPU cloud).

(2) High-frequency writes: past D1's per-region write ceiling (~100 tx/s), shard across per-tenant Durable Objects or route through Hyperdrive to external Postgres.

(3) Large-scale analytics: OLAP / data warehouses (BigQuery / Snowflake / Databricks-class) don't exist on Cloudflare. Export to an external DWH periodically, or store Parquet in R2 and run analytics elsewhere.

(4) SDK / runtime dependencies: Python-heavy libraries, certain Node.js native modules, CUDA. Workers is a V8 isolate, not full Node.js — check dependencies before committing.

(5) Enterprise contract needs: strict SLA, audit logs, data-residency guarantees push you to Enterprise pricing — the $5/month conversation goes away.

Vendor Lock-in Is Real

The biggest risk of the all-Cloudflare bet is vendor lock-in:

Migration difficulty (Cloudflare → AWS / GCP):
- Workers → Lambda / Cloud Run: moderate; V8-isolate quirks (no fs, etc.) and latency profile change
- D1 → Aurora / Cloud SQL: SQLite → Postgres/MySQL migration; via ORM, moderately easy
- KV → DynamoDB / Memorystore: same eventual-consistency semantics, API rewritten
- R2 → S3: nearly drop-in (S3-compatible), but egress bills explode
- Queues → SQS / Cloud Tasks: similar concepts, API rewritten
- Hyperdrive → RDS Proxy / Cloud SQL Proxy: equivalent function, entirely different config
- Durable Objectsno direct equivalent (on AWS, build with Actor Framework + DynamoDB; Azure Durable Functions is closest)

Durable Objects and V8-isolate-native Workers are the main barriers to portability. Treat the choice as a strategic bet on Cloudflare.

Cost Comparison Against Equivalent AWS

For Scenario C (50M req/month, 100K users, 500 GB R2), an AWS-equivalent build:

ItemCloudflareAWS-equivalent
ComputeWorkers $17Lambda + API Gateway ~$80
SQL DBD1 $11Aurora Serverless ~$50–80
CacheKV $20ElastiCache ~$50
Object storageR2 $7S3 $12 + ~$450 egress (video streaming assumption)
QueueQueues $1SQS ~$5
DB proxyHyperdrive $0RDS Proxy ~$15
EmailEmail Routing $0SES ~$10
WAF/DDoSIncludedShield Standard included / Advanced $3,000/mo
Total~$55/month~$220–680/month (depending on video volume)

R2's zero-egress cost is the decisive factor for the all-Cloudflare stack. For video and heavy-download services, the cost gap easily reaches 10×.

Reference Stack

Recommended full-stack TypeScript SaaS:

Frontend: [TanStack Router + Tailwind CSS v4 + Vite](../columns/tanstack-router-tailwind-vite-2026-07)
Backend:  Hono (on Workers) + Better Auth
DB:       D1 (SQLite) or Postgres + Hyperdrive
Cache:    KV
Static:   R2 + Cloudflare Images
BG jobs:  Queues + Durable Object Alarms
AI:       Cloudflare AI or Anthropic API
Agent:    [Flue Framework](../columns/flue-framework-astro-team-agent-2026-07) (if you need agents)
Mail:     Email Routing + Resend (for volume)
Auth:     Better Auth on D1
Monitor:  Workers Analytics Engine

On this stack, a 1M-req/month-class SaaS runs for $10–30/month — an area where AWS-native builds used to start at $200–500.

Operational Caveats

(1) Daily-reset free tiers: D1 read 5M/day, Queues, etc. reset daily. Nightly batch bursts can burn the daily quota.

(2) Traffic spikes hurt: viral bursts can add $50–100 in a single day. Use the Cloudflare dashboard's Spending Cap.

(3) No safe fallback if Cloudflare goes down: an outage takes all eight services with it. At minimum, replicate R2 buckets to S3, and design a Better Auth → external IdP fallback for business-critical work.

(4) Documentation maturity: per-service docs are excellent, but cross-service best practices (e.g., D1 + KV + Durable Objects data-consistency design) are scattered across community sources. There's a learning cost.

(5) Japanese-language material is sparse: as of 2026, the JP community is roughly two years behind the anglosphere. Troubleshooting mostly means reading English sources.

Bottom Line — the Viral Claim Is Mostly True, With Conditions

@ibocodes' "$5/month for all 8 services":

- Personal SaaS / portfolios / early-stage startupsfully accurate; $5–10/month really is enough
- Mid-scale production SaaS (50M req/month class)grows to $30–100/month; still 1/5–1/10 of AWS
- CPU-heavy / high-write / OLAPCloudflare alone isn't enough; add supplemental services

Why it went viral: it answers the industry's fatigue with complex multi-cloud setups with a satisfying "just do this." For individual devs and small teams, the reality is that 90% of workloads really do fit on Cloudflare alone.

Related services from us — software development, web development, and AI consulting. For help building a full Cloudflare stack, migrating from AWS, or designing Better Auth × D1 integrations, get in touch.

Wrap-Up

"Stop overcomplicating your stack, just deploy everything to cloudflare" holds up as a technical claim in 2026. Workers + D1 + KV + R2 + Queues + Hyperdrive + Email Routing + WAF/DDoS cover the $5–10/month zone for individual and small-scale use, and adding Durable Objects + Flue Framework turns the stack into a fully-Cloudflare production distributed AI SaaS.

Three enduring impacts:

1. R2's zero-egress cost is 1/5–1/10 of the AWS equivalent — particularly decisive for video and heavy-download apps
2. Better Auth + D1 lets auth complexity fit inside $5/month — a real alternative to Auth0 / Clerk / Firebase Auth at $30–100/month
3. 90% of personal SaaS and startups will live on Cloudflare alone — a clean answer to multi-cloud fatigue

Caveats: single-vendor lock-in, CPU-heavy / write-heavy workloads need supplementary design, Better Auth session bug, sparse Japanese-language material, and Enterprise-tier pricing when contractual requirements kick in.

References

Viral post:
- @ibocodes on X — my entire 2026 stack runs on cloudflare

Official docs:
- Cloudflare Workers Pricing
- Cloudflare Workers Plans
- Cloudflare Durable Objects Pricing
- Cloudflare D1 Pricing
- Cloudflare Hyperdrive
- Cloudflare Storage Options Overview
- Cloudflare Products
- Cloudflare Developer Docs

Better Auth × Cloudflare:
- zpg6/better-auth-cloudflare
- Better Auth on Cloudflare — Hono docs
- Medium (Valentyn Cherevatyi) — Better Auth + Cloudflare Workers: The Integration Guide
- kemalyilmaz — Setting up Better Auth with Cloudflare Workers + D1 + Kysely
- DEV (atman33) — Setup Better Auth with React Router & Cloudflare D1
- Medium (David) — SvelteKit + Better Auth + Cloudflare D1 + Drizzle

Pricing / comparisons:
- MakerKit — Cloudflare Workers Pricing Calculator (2026)
- MorphLLM — Cloudflare Workers vs Vercel (2026)
- Spendhound — Cloudflare Pricing 2026
- ToolRadar — Cloudflare Workers Pricing 2026

Architecture:
- Architecting on Cloudflare — Chapter 3: Workers
- Cloudflare Blog — Agents Week 2026
- Lushbinary — Cloudflare Agents Week 2026: Every Release Explained

Related columns:
- Cloudflare Durable Objects
- Flue Framework — the Astro team's AI agent framework
- TanStack Router + Tailwind CSS + Vite
- Apple Container
- Local LLM June 2026 Update

Feel free to contact us

Contact Us