CI/CD and Tenant Provisioning Overhaul for a Global Consulting Firm

5+

Times per day deployment frequency in all pre-production environments

5 days to 15 minutes

Reduction in week-long tenant provisioning

~90%

Drrop in certificate management work

Background

Our client is a global management consulting firm known for helping leading organizations solve complex business challenges through strategic insight, innovation, and digital transformation. With a presence in over 50 countries, they serve Fortune 500 companies, governments, and nonprofits across industries. As part of its commitment to driving next-generation solutions, they invest heavily in emerging technologies, including AI and cloud. Their innovation unit focuses on building advanced digital products and AI-powered platforms to help clients achieve scalable, data-driven outcomes. This combination of deep industry expertise and cutting-edge technical capability makes them a key player in shaping the future of business and technology.

Challenge

The goals of this project were to increase release velocity of a legacy application that had been recently refactored to use per-tenant containers rather than a multi-tenant monolith backend. The issues present were: Releases were manual and taking hours to build Deployment of the code was not automated and prone to failure Deployments lacked proper integration to AWS services (RDS, S3, SSM Parameter store) Tenant deployments were manual and complex. Certificates were causing a significant amount of issues due to provisioning with a 3rd-party vendor that needed manual work.

Approach

Analyze the current skill set of the dev team and operational maturity. Talked to the infrastructure team and discovered the rules of engagement for the operational system Analyzed the build stages to find ways to optimize out the delays Fully mapped out the tenant provisioning requirements

Key results

Fix the build. We began with fixing the build system by using selctive git checkouts, optimizing the dependency system, and woking through the build process to parrallelize the build where we could and generally cut the time down. Remove any configuration from the build artifacts as this would need to be added per-tenant down the road. Set the build to only generate artifacts and push them to AWS ECR.

Design the per-tenant infrastructure. Understand the isolation requirements. Create minimal infra required to service a tenant, in this case an Aurora cluster that could be expanded, S3 space, a pod group in Kubernetes, some SSM Parameter Store configuration, and all appropriate IAM roles. Setup the tenant’s AWS infrastructure as CloudFormation templates. Setup their Kubernetes infrastructure as a Helm template. Document the steps to deploy.

Automate tenant provisioning. Given the skill set of the programming team, the deployment code was written in Typescript so it could be maintained after my departure from the project. Create a state machine system to handle infra deployment and provisioning steps. This involved using a table in DynamoDB to store state info for all the deployments in a region, segragated by deployment emvironment. Created logic to handle the normal state transitions.

Benefits

Upon completion, the client benefited from: Increased deployment frequency from weekly to 5+ times per day in all pre-production environments Rapid provisioning of new tenants within minutes (excluding CAB process) Fully automated certificate management Centralized system functions via the Azure DevOps console