Project overview
The client needed to streamline and automate deployments for 30+ productive multi-tenant environments. Each tenant operated in its own AWS account, creating complexity and high error rates.
Challenges
- Manual deployments across multiple AWS accounts led to inconsistencies and errors
- Infrastructure had to scale to support growing tenants
- Secure deployments while maintaining isolation between client environments
- A small SRE team needed to manage everything efficiently
Our approach
We designed and implemented a CI/CD pipeline using AWS services and AWS CDK with TypeScript, delivering a true one-click deployment capability across all client environments.
Continuous Integration
- Bitbucket repository triggers the pipeline on commit
- Bitbucket Pipelines runs unit tests, lint and SonarQube static analysis
- Packaged code and CDK resources uploaded to a central S3 bucket
Continuous Deployment
- AWS CodePipeline deploys artifacts to target environments on upload
- Cross-account deployment via IAM roles and AWS CodeBuild
- Environment-specific configurations per client account
- Environment-specific IAM roles to contain blast radius on failure
Event-driven deployment
- S3 triggers EventBridge in the central account
- EventBridge forwards events to the correct target account
- Lambda triggers CodeBuild, which retrieves and deploys the artifact
Outcomes
- 75% faster deployments via the one-click model
- 90% fewer configuration and deployment errors
- 100% uniform deployments via CDK and centralized artifacts
- Small SRE team manages 30+ environments with minimal manual work