Leaving a no-code platform means you own security, deployment, monitoring, database admin, SSL, and email deliverability. But with managed services and AI tools, the overhead is a fraction of what it was five years ago.
The Freedom Tax
Leaving a no-code platform feels like freedom. And it is — until the first Saturday morning when your SSL certificate expires and nobody gets an alert.
This is the article nobody writes. The migration guides cover architecture. They cover tech stacks. They cover the thrill of “real code.” They don’t cover the seven responsibilities that quietly transfer to your team the moment you leave a managed platform. Security scanning. Deployment pipelines. Uptime and high availability. Monitoring and alerting. Database administration. SSL/TLS certificate management. Email deliverability.
On Bubble, you didn’t think about any of these. Not because they didn’t exist — because someone else owned them. Now you do.
The good news: with managed services and AI-assisted operations, the overhead is a fraction of what it was five years ago. The bad news: “a fraction” is not zero. And the gap between zero and a fraction is where production incidents live.
The Seven Responsibilities
When we migrated an AI hiring decisioning platform from Bubble to Next.js on AWS, we mapped every operational responsibility that would transfer. Not the exciting ones — the authentication model, the data architecture, the AI integrations. The boring ones. The ones that don’t appear in any product roadmap but will absolutely appear in your incident log if you ignore them.
Here’s what we found — and how we mitigated each one.
1. Security Scanning
What Bubble handled: Vulnerability scanning of the underlying platform. Dependency management. You never saw a CVE alert because Bubble never showed you one.
What you now own: Every dependency in your codebase. Every Docker base image. Every npm package. Every transitive dependency three levels deep that you’ve never heard of but that has a critical vulnerability published last Tuesday.
How managed services + AI reduce the burden: CodeQL runs on every pull request — static analysis that catches SQL injection, XSS, and insecure patterns before code reaches production. Dependabot monitors every dependency and opens PRs automatically when patches are available. ECR image scanning checks your Docker containers. Three layers of automated scanning, configured once, running continuously. We had all three operational within 24 hours of setting up the repository.
The detail that matters: these tools don’t just find vulnerabilities. They fix them. Dependabot doesn’t send you an email saying “lodash has a CVE.” It opens a pull request with the patched version, runs your test suite against it, and waits for you to click merge. AI-assisted remediation means the median time from vulnerability disclosure to patched production code is hours, not weeks.
2. Deployment Pipelines
What Bubble handled: One-click deploy. Push changes live instantly. No pipeline, no staging, no verification.
What you now own: The entire path from code commit to production container. Linting. Type checking. Security scanning. Docker builds. Container registry. Rolling deployments. Health checks. Rollback.
How managed services + AI reduce the burden: GitHub Actions handles the entire CI/CD pipeline. One YAML file defines lint, type-check, scan, build, push, deploy, and verify. ECS Fargate handles container orchestration — no servers to patch, no clusters to manage, no capacity planning. The deployment pipeline for the hiring platform is 180 lines of YAML that hasn’t been touched since it was written.
The cost: $31 per month on Fargate for a production workload. Not a typo. Thirty-one dollars. That’s the compute cost for a containerised Next.js application serving production traffic with rolling deployments and automatic health-check recovery.
3. Uptime and High Availability
What Bubble handled: If Bubble was up, your app was up. If Bubble was down, every app on the platform was down — and you had no control over recovery.
What you now own: Availability targets. Failover. Redundancy. The decision about whether a Saturday outage is acceptable.
How managed services + AI reduce the burden: Multi-AZ ECS deployment means your containers run across multiple AWS availability zones. If one zone goes down, traffic routes to the others. ECS automatically replaces unhealthy containers. There’s no pager duty here — the infrastructure self-heals for the failure modes that matter most. You set a desired count, define a health check, and ECS handles the rest.
Self-managed availability on AWS is often better than platform-managed availability on Bubble. You choose your redundancy level. You choose your regions. On Bubble, you got whatever Bubble decided was good enough for everyone.
4. Monitoring and Alerting
What Bubble handled: Basic server logs. A debugger that works in development. When something broke in production, you found out because a customer complained.
What you now own: Knowing that your application is healthy. Knowing when it isn’t. Knowing why.
How managed services + AI reduce the burden: CloudWatch provides logs, metrics, and alarms out of the box with ECS. Structured JSON logging means every request, every error, every slow query is searchable and filterable. Set an alarm for error rate spikes, latency thresholds, or memory pressure — and get an alert before users notice.
The AI-assisted diagnosis pattern is genuinely transformative here. When an alert fires, you feed the error logs, the stack trace, and the recent deployment history to Claude. It identifies the root cause, suggests the fix, and often writes the patch. What used to require a senior DevOps engineer triaging at 2am is now a five-minute conversation with an AI that’s read every CloudWatch log you’ve ever generated.
5. Database Administration
What Bubble handled: Data storage, backups, indexing, scaling. You created data types in a visual editor and Bubble figured out the rest.
What you now own: Schema design. Migrations. Backups. Performance tuning. Connection pooling. The decision about when to add an index.
How managed services + AI reduce the burden: Supabase provides managed PostgreSQL with automatic daily backups, point-in-time recovery, connection pooling, and a dashboard for monitoring query performance. You write SQL migrations — but Claude writes the SQL migrations. You decide what the schema should be — but you don’t manage replication, failover, or backup rotation.
The separation is clean: you own the schema decisions (what data to store, how to structure it, what to index). Supabase owns the operational mechanics (backups, replication, connection management, upgrades). Row Level Security policies live in your codebase and deploy with your application. Database administration becomes database design — which is the part that actually requires your domain knowledge.
6. SSL/TLS Certificate Management
What Bubble handled: SSL certificates for your custom domain. You pointed DNS and it worked.
What you now own: Certificate provisioning, renewal, and monitoring. The thing that breaks silently at 3am on a Saturday.
How managed services + AI reduce the burden: AWS Certificate Manager provides free SSL certificates that auto-renew. Configure it once. Never touch it again. This is genuinely a solved problem — but only if you choose a managed service. Self-managing certificates with Let’s Encrypt and cron jobs is how you end up on Hacker News for the wrong reasons.
7. Email Deliverability
What Bubble handled: Sending transactional emails. Deliverability. SPF/DKIM/DMARC records. You called “send email” in a workflow and it worked.
What you now own: Email infrastructure. Sender reputation. DNS records. Bounce handling. Spam filtering. The subtle art of making sure your password reset email doesn’t land in junk.
How managed services + AI reduce the burden: AWS SES or a service like Resend handles the sending infrastructure. You configure SPF, DKIM, and DMARC records once (and AI will generate the exact DNS records you need). Bounce and complaint handling is automatic. The managed service maintains the sender reputation.
The gap most teams miss: email deliverability isn’t a feature you build. It’s a reputation you maintain. A managed email service handles the mechanics, but you still need to monitor bounce rates, avoid sending patterns that trigger spam filters, and keep your domain reputation clean. It’s not hard — but it’s not nothing.
Three Force Multipliers
Seven responsibilities sounds like a lot. Five years ago, it was. Each one required specialist knowledge, dedicated tooling, and ongoing attention. Today, three force multipliers compress the burden dramatically.
Managed services. Supabase, AWS ECS Fargate, AWS Certificate Manager, AWS SES, GitHub Actions. Each one eliminates the operational mechanics of a responsibility while leaving you the decisions. You decide what to deploy, what to monitor, what to back up. The service handles how.
AI-assisted operations. Security scanning produces alerts — AI triages them. Deployment fails — AI diagnoses it. A new responsibility emerges — AI writes the initial configuration, the monitoring rules, the runbook. The pattern isn’t “AI replaces ops.” It’s “AI makes ops accessible to people who aren’t ops specialists.”
The pattern isn’t “AI replaces ops.” It’s “AI makes ops accessible to people who aren’t ops specialists.”
Proven experience. This is the one that doesn’t scale to a blog post. Knowing which managed service to choose, how to configure it, what to monitor, and what to ignore comes from having done it before. The hiring platform’s operational posture wasn’t designed from scratch — it was assembled from patterns that have worked across dozens of production deployments. The recipe exists because the mistakes have already been made.
The Real Cost
Here’s the operational spend for a production-grade setup running the hiring platform:
Fargate compute: $31/month. Supabase (managed Postgres): $25/month. GitHub Actions CI/CD: Free tier. AWS Certificate Manager: Free. CloudWatch: ~$5/month. Email sending (SES): ~$1/month at current volumes.
Total: roughly $62/month for production infrastructure with automated security scanning, CI/CD, multi-AZ availability, managed database with backups, SSL, monitoring, and email.
Compare that to what you’re paying Bubble for a production app. Then compare the control, the visibility, and the ability to answer an enterprise customer’s security questionnaire.
Not Scary. Not Trivial. But Manageable.
The seven responsibilities are real. Ignoring them is how startups end up with data breaches, expired certificates, and the kind of outage that makes customers leave. But romanticising them — treating ops as this fearsome discipline that requires a dedicated team — is equally wrong.
Every responsibility on this list is mitigated by either a managed service, an automated tool, or both. The operational overhead of self-managing is a fraction of what it would have been five years ago. A single engineer with the right managed services, the right CI/CD pipeline, and AI-assisted tooling can maintain an operational posture that would have required a three-person DevOps team in 2020.
The constraint isn’t capability. It’s awareness. You need to know these responsibilities exist. You need to make explicit decisions about each one. And you need to choose your managed services deliberately — not stumble into them after the first incident.
If you’ve already mapped the migration recipe, the operational responsibilities are the natural next step. If you’ve already set up security scanning, most of the hardest operational work is done.
The window is open. The economics work. The responsibilities are manageable. The only mistake is pretending they don’t exist.