AWS Amplify Gen 2 vs Supabase vs Firebase for SaaS Starters in 2026

Q: Why Supabase Wins for SaaS Boilerplates?

Real SQL. Every Supabase table is a Postgres table. You can do JOINs, CTEs, window functions, and use any Postgres extension. Compare this to Firebase's Firestore where you can't join two collections without application-level merging. Row Level Security. RLS policies run in the database — your auth rules live next to your data: Self-hostable. If Supabase's pricing becomes prohibitive, you can run the entire Supabase stack on your own infrastructure. No other BaaS offers this.

TL;DR

The Backend-as-a-Service (BaaS) market has three serious contenders in 2026: Supabase (the clear favorite for new SaaS projects — Postgres-native, excellent DX, generous free tier), Firebase (Google's platform — mature, proven at scale, but showing its age with NoSQL Firestore and complex pricing), and AWS Amplify Gen 2 (a genuine reinvention — TypeScript-first, code-defined backends, AWS-native with all that entails). Amplify Gen 2 is the sleeper in this comparison: its sandbox workflow and TypeScript-first approach are genuinely excellent, and AWS's underlying infrastructure means you never hit platform scaling limits. For most SaaS startups building on a boilerplate today, Supabase is the default choice — but Amplify Gen 2 is worth serious consideration if you're AWS-first or need enterprise compliance.

Key Takeaways

Supabase is Postgres — full SQL power, realtime subscriptions via pgListen, Row Level Security for auth, Storage, Edge Functions; the most SQL-complete BaaS
Firebase is NoSQL-first — Firestore's document model is powerful for mobile-style apps but awkward for relational SaaS data; Auth and Cloud Functions are excellent
Amplify Gen 2 is TypeScript-first — you define your backend in TypeScript (amplify/) and it generates AWS resources (DynamoDB, Cognito, AppSync, S3) — closest to SST's approach
Pricing comparison: Supabase free tier (500MB DB, unlimited API) → Firebase (generous spark plan, then pay-per-use) → Amplify (AWS free tier, then pay-per-use)
Boilerplate adoption: Supabase is in ~60% of Next.js SaaS boilerplates; Firebase in ~20%; Amplify Gen 2 in ~5% but growing
Vendor lock-in ranking: Firebase (highest — proprietary SDKs, NoSQL) → Amplify (medium — AWS services, but portable) → Supabase (lowest — standard Postgres, self-hostable)

The BaaS Landscape in 2026

"Build vs Buy" for backend services is settled: for SaaS startups with small teams, you don't build auth, real-time subscriptions, or file storage from scratch. You use a BaaS. The question is which one.

The three dominant players serve different philosophies:

Platform	Philosophy	Database	Auth	Storage	Functions
Supabase	Open source, self-hostable Postgres	PostgreSQL	GoTrue (JWT)	S3-compatible	Deno Edge Functions
Firebase	Google's mobile-first platform	Firestore (NoSQL) + RTDB	Firebase Auth	Cloud Storage	Cloud Functions
Amplify Gen 2	AWS-native, TypeScript-first	DynamoDB (or RDS)	Amazon Cognito	S3	Lambda

Supabase: The Default Choice for SaaS in 2026

Supabase has won the BaaS mindshare battle for web SaaS. The combination of genuine Postgres (not a Postgres-compatible wrapper), excellent developer experience, and an open-source commitment has made it the go-to choice.

Why Supabase Wins for SaaS Boilerplates

Real SQL. Every Supabase table is a Postgres table. You can do JOINs, CTEs, window functions, and use any Postgres extension. Compare this to Firebase's Firestore where you can't join two collections without application-level merging.

// Supabase — full SQL power
const { data: orders } = await supabase
  .from('orders')
  .select(`
    id,
    created_at,
    total,
    users!user_id (name, email),
    order_items (
      quantity,
      products!product_id (name, price)
    )
  `)
  .eq('status', 'pending')
  .gte('total', 100)
  .order('created_at', { ascending: false })
  .limit(25)

Row Level Security. RLS policies run in the database — your auth rules live next to your data:

-- Only users can see their own orders
create policy "Users can view own orders"
  on public.orders for select
  using (auth.uid() = user_id);

-- Admins can see all orders
create policy "Admins can view all orders"
  on public.orders for select
  using (
    exists (
      select 1 from public.profiles
      where id = auth.uid() and role = 'admin'
    )
  );

Self-hostable. If Supabase's pricing becomes prohibitive, you can run the entire Supabase stack on your own infrastructure. No other BaaS offers this.

Supabase in Boilerplates

The most popular boilerplates using Supabase:

Next SaaS Starter (free) — Next.js 15 + Supabase + Stripe
Supastarter (paid) — The most comprehensive Supabase-based SaaS kit
ShipFast — Includes Supabase auth option alongside MongoDB
T3 Stack variants — Community T3 + Supabase configurations
Open SaaS — Wasp + Supabase option

Firebase: The Legacy Champion

Firebase remains the most-used BaaS overall (due to mobile development legacy), but it's losing ground in web SaaS startups. Here's why:

Firebase Strengths

Firebase Auth is genuinely excellent — phone auth, email links, social OAuth, anonymous auth, all working smoothly across web and mobile
Cloud Firestore at scale is battle-tested — Google runs Firebase at massive scale and the platform has proven reliability
Firebase Emulator Suite for local development is comprehensive — Firestore, Auth, Storage, Functions all emulated locally
Mature ecosystem — thousands of tutorials, extensions, and community packages

Firebase Pain Points for SaaS

Firestore's data model forces denormalization. A relational SaaS (users → teams → projects → tasks) maps naturally to SQL. In Firestore, you end up duplicating data across subcollections or running multiple queries and joining in application code:

// Firebase — getting a team's recent orders requires multiple reads
const team = await getDoc(doc(db, 'teams', teamId))
const recentOrderIds = team.data().recentOrderIds  // Must track separately

// Multiple reads — can't JOIN
const orders = await Promise.all(
  recentOrderIds.map(id => getDoc(doc(db, 'orders', id)))
)

Pricing unpredictability. Firestore bills per read/write operation. A poorly optimized query that reads 10K documents costs money; an accidental N+1 pattern can produce a large bill. Supabase's pricing is based on compute + storage — much more predictable.

Best Firebase Boilerplates

SaaS Starter (Vercel + Firebase) — App Router + Firebase Auth + Firestore
next-firebase-auth-edge starter — Server-side Firebase auth in Next.js App Router
React + Firebase Vite template — Vite + Firebase SDK v9 modular

AWS Amplify Gen 2: The TypeScript-First Reinvention

AWS Amplify Gen 2 (released 2024) is a complete architectural rethink of Amplify. The original Amplify (Gen 1) was infamous for its JSON configuration complexity and black-box behavior. Gen 2 uses TypeScript-first, code-defined infrastructure:

// amplify/data/resource.ts — define your data model in TypeScript
import { defineData, a } from '@aws-amplify/backend'

const schema = a.schema({
  // This generates a DynamoDB table with AppSync GraphQL API
  Product: a.model({
    name: a.string().required(),
    price: a.float().required(),
    category: a.string(),
    inventory: a.integer().default(0),
    images: a.string().array(),
  })
  .authorization((allow) => [
    allow.authenticated().to(['read']),
    allow.group('Admins').to(['create', 'update', 'delete']),
  ]),
})

export const data = defineData({ schema })

// amplify/auth/resource.ts — define auth
import { defineAuth } from '@aws-amplify/backend'

export const auth = defineAuth({
  loginWith: {
    email: true,
    externalProviders: {
      google: {
        clientId: secret('GOOGLE_CLIENT_ID'),
        clientSecret: secret('GOOGLE_CLIENT_SECRET'),
      },
    },
  },
  groups: ['Admins', 'Users'],
})

Amplify Gen 2 Sandbox Workflow

The standout feature of Amplify Gen 2 is the sandbox — a personal, isolated dev environment in AWS that mirrors production:

npx ampx sandbox   # Creates YOUR personal dev environment in AWS
# ✓ Creates DynamoDB tables, Cognito User Pool, S3 bucket
# ✓ Watches amplify/ directory for changes
# ✓ Hot-deploys changes to AWS in seconds
# ✓ Generates TypeScript types from your schema

Every developer gets their own isolated sandbox — no shared dev environment, no database conflicts. When you change your schema, the types are regenerated automatically.

Amplify Gen 2 Best Fit

Amplify Gen 2 is ideal when:

AWS-first organization — existing AWS account, IAM, VPC, compliance setup
Mobile + Web parity — Amplify's React Native and Flutter SDKs share the same backend
GraphQL preference — AppSync's GraphQL is Amplify's primary API layer
Enterprise compliance — Cognito + AWS infrastructure for SOC 2, HIPAA, FedRAMP

Amplify Limitations

DynamoDB as primary DB — great for scale, but NoSQL design patterns are harder than SQL
AppSync complexity — GraphQL subscriptions are powerful but verbose to define
Smaller boilerplate ecosystem — fewer community starters compared to Supabase
AWS lock-in — unlike Supabase, you can't self-host Amplify's services

Pricing at Scale: What You'll Actually Pay

Supabase Pricing (March 2026)

Plan	Cost	DB	Bandwidth	Edge Functions
Free	$0	500MB	5GB	500K invocations
Pro	$25/month	8GB	250GB	2M invocations
Team	$599/month	Custom	Custom	Custom

Real cost at 10K MAU SaaS: ~$25/month (Pro plan) — fits comfortably with most apps.

Supabase cost cliff: Expensive compute addons ($10-$470/month for more compute), but the base Postgres instance is very capable. Database branching (preview DB per PR) is Pro-only.

Firebase Pricing

Firebase's "Spark" (free) plan is generous. The "Blaze" (pay-as-you-go) pricing can be unpredictable:

Firestore: $0.06 per 100K reads, $0.18 per 100K writes
Cloud Functions: $0.40 per 1M invocations
Storage: $0.026/GB

Real cost at 10K MAU SaaS: $0-50/month — very low if your queries are efficient. Can spike with N+1 patterns.

Firebase cost cliff: A misconfigured listener that reads the entire collection on every change can produce unexpected bills. Firebase's cost calculator is essential before launch.

AWS Amplify Gen 2 / AWS Pricing

Amplify itself is free — you pay for underlying AWS services:

DynamoDB: $0.25/GB/month + $1.25 per 1M read units
AppSync: $4 per 1M API calls
Cognito: Free up to 50K MAU, then $0.0055 per MAU
Lambda (for functions): $0.20 per 1M requests
S3 + CloudFront: $0.023/GB storage + $0.0085/GB transfer

Real cost at 10K MAU SaaS: ~$15-40/month — often cheaper than Supabase Pro, but requires more careful architecture to keep DynamoDB costs low.

Migration Paths

Moving Off Firebase to Supabase

The most common migration in 2026 is Firebase → Supabase (Firestore → Postgres):

Schema design: Map Firestore document collections to Postgres tables
Auth migration: Firebase Auth UIDs can be preserved in Supabase Auth's users table
Data export: Firestore export to JSON via gcloud firestore export, transform and import to Postgres
SDK swap: Replace firebase/firestore with @supabase/supabase-js

The hardest part is restructuring NoSQL documents to relational tables. A flat Firestore document maps cleanly; deeply nested subcollections require schema design work.

// Before (Firebase Firestore)
const user = await getDoc(doc(db, 'users', userId))
const userSubscription = await getDoc(doc(db, 'subscriptions', userId))

// After (Supabase)
const { data: user } = await supabase
  .from('users')
  .select('*, subscriptions(*)')
  .eq('id', userId)
  .single()

Head-to-Head Comparison

Factor	Supabase	Firebase	Amplify Gen 2
Database	PostgreSQL ✅	Firestore (NoSQL) ⚠️	DynamoDB (NoSQL) ⚠️
SQL queries	Full SQL	No	No
Self-hostable	✅	❌	❌
Auth	JWT/GoTrue	Excellent	Cognito
Real-time	Postgres LISTEN	Firestore live	AppSync subscriptions
File storage	S3-compatible	Cloud Storage	S3
Free tier	500MB DB, 1GB storage	Generous spark plan	AWS free tier
Cold starts	None (Postgres)	Functions: yes	Lambda: yes
Boilerplate adoption	Very high	Moderate	Low but growing

Local Development Experience

A practical comparison of how each platform handles local development reveals meaningful differences in day-to-day workflow.

Supabase local development is CLI-driven and excellent. Running supabase start spins up the entire Supabase stack locally using Docker: PostgreSQL, GoTrue (auth), Storage, Edge Functions runtime, and the Studio dashboard. Your local database matches production schema via migration files committed to the repo. The supabase db diff command generates migration files from schema changes, and supabase db reset rebuilds your local database from scratch using those migrations. For teams with multiple developers, this means everyone works against identical local environments.

supabase start          # Start local Supabase stack
supabase db diff        # Generate migration from schema changes
supabase db reset       # Reset local DB to migration baseline
supabase functions serve # Run Edge Functions locally with hot reload

Firebase's Emulator Suite is comprehensive and mature. You get local emulators for Firestore, Auth, Storage, Functions, and Hosting — all running in a single firebase emulators:start command. The emulator UI at localhost:4000 lets you inspect data and trigger auth flows locally. The main limitation: Firestore emulator state is in-memory by default, though you can import/export data. For development workflows that need reproducible test data, seeding the Firestore emulator requires custom tooling.

Amplify Gen 2's sandbox is genuinely impressive for the AWS ecosystem. npx ampx sandbox provisions real AWS resources (DynamoDB tables, Cognito, S3) in a personal sandbox environment — you're not running against local mocks but against actual AWS in a designated dev namespace. Every developer gets isolated resources. Schema changes hot-deploy as you edit TypeScript. The tradeoff: each developer needs AWS credentials and the sandbox costs real (though minimal) money.

Database Migration Workflows

For teams that care about database migrations — and every SaaS team should — the differences between Supabase and the NoSQL options are significant.

Supabase uses standard SQL migration files managed by the Supabase CLI. Migrations are committed to version control alongside application code:

-- supabase/migrations/20260308_add_subscription_tier.sql
ALTER TABLE users ADD COLUMN subscription_tier text NOT NULL DEFAULT 'free';

CREATE INDEX idx_users_subscription_tier ON users (subscription_tier);

-- Backfill existing users
UPDATE users SET subscription_tier = 'pro' WHERE created_at < '2026-01-01';

Firebase Firestore has no schema and no migrations. Adding a field means adding it in your application code and backfilling existing documents via a script — there's no built-in tooling. For a SaaS evolving its data model, this flexibility becomes a liability: production documents can have inconsistent shapes, and understanding the current "schema" requires reading application code.

Amplify Gen 2's DynamoDB approach auto-generates tables from your TypeScript model definitions. Schema changes update the DynamoDB table (add/remove GSIs, update types). The challenge: DynamoDB's single-table design patterns and access-pattern-first modeling require up-front design that SQL's flexible querying doesn't. Getting this wrong early means painful table redesigns.

Methodology

Pricing data from Supabase (supabase.com/pricing), Firebase (firebase.google.com/pricing), AWS (aws.amazon.com/amplify/pricing), March 2026
Boilerplate adoption data: survey of top 50 open-source SaaS boilerplates on GitHub
Sources: AWS re:Invent Amplify Gen 2 announcements, Supabase blog, Firebase documentation

Compare Supabase, Firebase, and Amplify-based boilerplates on StarterPick — filter by backend technology.

See the best SaaS boilerplates guide — most top starters are pre-configured for Supabase.

For an architecture-level view of the full SaaS tech stack, see the Next.js SaaS tech stack guide.

Looking at open-source alternatives to these BaaS platforms? The best free open-source SaaS boilerplates guide covers self-hostable options.

AWS Amplify vs Supabase vs Firebase 2026