🏆 Achievements

  • 🚚 Zero-downtime phased migration: product kept shipping throughout with no disruption to operations
  • 🚀 16x faster deployments after replacing CDK/CloudFormation with Terraform, which also eliminated infrastructure drift
  • 💸 $60K/year saved by automating scale-to-zero on non-prod environments via EventBridge + Step Functions
  • ✅ Trunk-based CI/CD enforced: no untested code ever reached production

Client Story

The client needed a phased migration from an aging on-premise environment to AWS, without disrupting day-to-day operations or slowing down an actively growing product.

The database, application services, and scheduled processing tasks all had to move gradually, staying compatible and secure with minimal downtime along the way.

Solution Used

  • Migrated the on-prem MS SQL database to Amazon Aurora using AWS DMS.
  • Added a write-through cache with Redis (ElastiCache) to speed up queries.
  • Containerized and deployed application services with Docker on ECS Fargate.
  • Rebuilt supporting logic as AWS Lambda functions where it made sense.
  • Exposed external functionality through HTTP API Gateway with AD JWT authorizers.
  • Secured entry points with CloudFront, AWS WAF, and edge protections (CF Functions, Lambda@Edge).
  • Implemented scheduled data-processing tasks with AWS Glue Jobs.
  • Published WAL (write-ahead log) changes to Kafka using logical replication.

Architecture Overview

Code Organization

The main stack was written in Python, with infrastructure mainly in Terraform and some bits still in CDK (CloudFormation). I later moved the CDK bits into Terraform so the whole stack is managed with one tool instead of two.

The CI/CD pipeline had two hard requirements:

  1. No untested code ships to production.
  2. Development had to stay fast and agile, using a trunk-based development approach.

The main part of the application was located in the monorepository so the CI/CD pipeline was built with those requirements in mind.