Building a Secure Remote Development Stack on AWS EC2 with Mutagen and Claude Code

I’ve written before about the importance of having a culture of enablement within your organization. The organization I work for today is growing faster than any competitor in an industry that’s both mature and highly competitive. Why? Beyond a shadow of doubt, it’s because of the autonomy, accountability, and enablement our organization provides. Our engineers are solutions architects… there to solve problems, not to thwart progress for a false sense of security or consistency. We know we have to move fast to win, and they’re driving this culture.
Case in point. Last year, I worked on a data project in which I manually imported, assembled, and validated search data for the automotive industry. It took months and required me to write a ton of code, run a ton of queries, validate the data, and then output it for the company to market. It was a tedious, time-consuming process that required close attention, precision, and patience.
This year, instead of asking me to repeat the exercise, my engineering team provided me both a playground and enterprise access to Claude Code. They provided an empty AWS instance, an SSH login, and walked me through how to tunnel to my private stack, provided documentation on our production stack, security, and DevOps process to feed Claude Code… and then left me alone to learn and build whatever I could imagine.
Using Claude Code, I installed every service and fully configured the stack to mimic our production stack, then iterated through weeks of mistakes as I learned and fine-tuned what is now a mature enterprise platform that’s been migrated to production for our employees to leverage. The final tuning came a couple of weeks ago as my engineering team reviewed my code, ensured it was secure and performant, and moved it to an internally available instance.
I want to document how I used Claude Code, Mutagen, and a secure playground to build and ship features for our Dealer Search Intelligence Platform — a system that houses over 10GB of proprietary, location-based SERP data for the auto dealer industry, which has already resulted in groundbreaking research.

Instead of assembling a report, I built an entire platform that acquires and assembles all data, provides simple tools for managing data, and then outputs stunning reports (even in branded PDF format).
The Playground
Our engineering team stood up an isolated staging environment on AWS specifically so I could build, experiment, and iterate without risking production data or customer-facing systems. It is a complete, self-contained instance of our Search Intelligence Platform — a system that ingests, stores, and analyzes location-based search engine results for the automotive dealer industry, sitting on top of more than 10GB of proprietary search data.
The setup is intentionally lean and secure. Nothing was exposed to the public internet; everything runs inside containers, and every change I make is reversible. It is, in the truest sense, a playground: a place where I can think out loud in code with an AI pair programmer.
The AI Playground Stack
The platform is deliberately framework-light on the backend and modern on the frontend. Here is what powers it:
- AWS EC2: Hosts the isolated staging server and keeps the environment walled off from production.
- Claude Code: My AI collaborator. Reads the codebase, writes and edits code, runs commands, and helps me reason about the system end-to-end.
- Docker & Docker Compose: Packages every moving part of the application so it runs identically on staging and production — one command brings the whole system up or down.
- Git & GitHub: Source of truth for every change. Every feature, fix, and refactor lands as a commit that engineering can review.
- MySQL: Stores the 10GB+ of structured search data, parsed SERP results, and all analytical tables.
- Nginx: Fronts the application, terminates requests, and routes traffic to the PHP application and dashboard.
- Mutagen: Keeps my local project directory and the remote server continuously and bidirectionally in sync — my editor feels local, but the code runs on AWS.
- Next.js + React: Serves the dashboard — the visualization layer where all the data becomes intelligence.
- PHP (FPM): Powers the data collection workers, cron jobs, and the JSON API that feeds the dashboard. Intentionally framework-free and dependency-free for maximum control.
- Redis: An open-source, in-memory data structure store used as a distributed, in-memory key–value database, cache, and message broker.
- SSH Tunnel: Creates a secure, authenticated channel from my laptop to the remote MySQL instance, allowing me to query and debug without ever exposing the database.
- Tailwind: Styles the dashboard with a utility-first approach that keeps iteration fast.
- TypeScript: Adds static typing to the dashboard, making refactors safe and AI-assisted edits far more reliable.
How It’s Deployed
The entire application stack runs inside Docker on a single EC2 instance. The compose file defines the containers, the networks, and the volumes — so bringing the environment up is essentially a single command, and tearing it down is just as simple. That same compose definition is what engineering uses to deploy to production.

How I Access My Playground
There are two pieces that make remote work feel local: Mutagen and an SSH tunnel. Together, they close the gap between my laptop and the server so completely that I forget the work is happening on AWS.
- Mutagen: Mutagen watches my local project directory and the remote
/var/wwwdirectory on the EC2 instance, and continuously syncs changes in both directions. When I edit a file locally — or when Claude Code does — it appears on the server within a second. When engineering pushes something to the server, it appears on my laptop just as fast. No uploading, no FTP, no manualscp. Just edit and go. - SSH Tunnel: NGINX and MySQL are never exposed to the public. To query the database from my laptop, I open an SSH tunnel that forwards a local port to the database port on the server. Everything is encrypted, authenticated, and scoped to my session. When the tunnel closes, the door closes with it.
Why this matters: the combination of Mutagen and an SSH tunnel means I have the full productivity of a local environment without any of the security or performance trade-offs. The data never leaves the server perimeter, and nothing runs on my laptop other than Claude Code, Mutagen, and my browser.
The Claude Code Workflow
This is where the real leverage shows up. Claude Code lives in my terminal and has full read/write access to the project directory. Because Mutagen mirrors that directory to the server, any change Claude makes is live on staging moments later. And because Claude Code has my SSH credentials, it can manage, test, and troubleshoot issues on the server (with permission for each attempt). The loop is incredibly tight.

Version Bumps and Changelogs
Every meaningful change ends with a version bump and a changelog entry. Claude Code handles the mechanics — updating the app version constant, updating the API version, writing the changelog line, and crafting a commit message that describes the why, not just the what. The result is a Git history in my company’s account that reads like a product journal.
GitHub as the handoff
When a feature is ready, it lands on GitHub as a set of commits (or a pull request). That is the moment the playground ends and the engineering process begins. My engineers see exactly what changed, why it changed, and what version of the app it belongs to.
From Playground to Production
After I ship a feature, the engineering team takes over. They perform a full QA pass and a code review against the pushed commits on GitHub. Because the staging environment is containerized with the same Docker Compose definition as production, there are no surprises — what ran on my playground runs the same way in production. Deployment is a pull, a rebuild, and a restart. Clean, repeatable, boring in the best possible way.
Perhaps the best compliment ever came when they first deployed and told me they were impressed!
The takeaway: An isolated AWS playground, Mutagen, SSH, Claude Code, and Git are, in my experience, one of the most effective ways to build and deploy real software today. The environment is secure, the feedback loop is fast, the history is transparent, and the path from idea to production is short and well-lit.







