You're getting downvoted probably because of your assumption that a vanilla tech stack is somehow absent of security best practices. Ruby on Rails "vanilla" is a well maintained server-side framework that receives constant security hotfixes. AWS is a cloud platform that supports robust IAM and VPC networks. It's more likely that a tried and true tech stack like this is more secure than something experimental.