AWS Migration and CI/CD Automation for a B2B Software Company

Introduction

A growing B2B software company partnered with Perfsys to move its infrastructure from Microsoft Azure to Amazon Web Services (AWS) . The goal was to build a secure, compliant, and developer-friendly platform that could handle increasing demand and simplify software delivery.

Perfsys led the migration process, set up full CI/CD automation, and deployed production-ready infrastructure in line with SOC2 requirements and cloud engineering best practices.

Background

The company initially built its entire platform on Microsoft Azure using services like AKS (Kubernetes), Blob Storage, Cosmos DB (Gremlin), Azure Tables, and Azure Pipelines. This setup worked during early development but began showing limitations ahead of a public launch.

Issues like unreliable environment isolation, difficulty managing secrets, and fragmented automation slowed down development. As the team prepared for SOC2 certification and larger user loads, it became clear that they needed a new cloud setup.

Perfsys was brought in to support the move to AWS and design a scalable system with strong automation, better structure, and long-term maintainability.

Challenges

The existing Azure setup created several roadblocks:

• Inflexible environments made it hard to spin up temporary test or staging systems.
• CI/CD workflows lacked consistency, slowing down releases.
• Role management and access control were hard to manage at scale.
• Monitoring and alerting had to be set up manually, making compliance harder.
• Observability and cost control were limited for Kubernetes workloads.

The company needed a complete migration plan that would improve structure, support automation, and keep data secure across cloud services, APIs, and databases.

Solution Overview

Perfsys delivered the solution in five structured phases, each focused on delivering clear results tied to business needs.

Milestone 1: Discovery and Planning

Work began with a deep assessment of the company's Azure environment. Perfsys:

• Evaluated cloud service dependencies and mapped architecture components.
• Gathered compliance requirements for SOC2.
• Reviewed the CI/CD process in Azure DevOps.
• Audited Kubernetes setup for scaling and storage needs.

Key deliverables included a network design, IAM and access role plan, and a roadmap for replacing services with AWS alternatives.

Milestone 2: AWS Organization and Identity Setup

Perfsys created a solid foundation for secure and manageable cloud operations:

• Deployed an AWS Organization with separate accounts for production, staging, and development.
• Set up AWS IAM Identity Center (SSO) linked to Google Workspace.
• Created access policies tailored for developers, administrators, and auditors.
• Centralized logging and audit trails using AWS CloudTrail and Security Hub.
• Enabled SOC2-related controls using AWS Control Tower.

This setup provided a clear structure for managing users, permissions, and security across all environments.

Looking to build a secure, compliant cloud foundation for your team?

Learn how our Migration services can help you design scalable environments and accelerate delivery — without sacrificing security or maintainability.

Contact Us

Milestone 3: Infrastructure and Networking

Perfsys deployed core infrastructure using Infrastructure-as-Code:

• A VPC with subnet segmentation, routing, NAT gateways, and VPN access.
• Amazon RDS for PostgreSQL replaced Cosmos DB.
• Amazon S3 buckets were used for file storage across environments.
• ALBs were configured for load balancing and HTTPS.

This setup ensured secure and scalable access to APIs, databases, and services for container-based workloads.

Milestone 4: CI/CD Automation and ECS Setup

The team automated deployments with a hybrid pipeline connected to existing Azure tooling:

• Docker images were built using Azure DevOps agents.
• Artifacts were stored in AWS ECR.
• Terraform deployed containers to Amazon ECS (EC2-backed).
• Azure Key Vault secrets were used securely within ECS tasks.
• Connections between ECS services, databases, and S3 were verified.

Milestone 5: Production Deployment

Perfsys supported the rollout of the live application in the AWS environment:

• Containers were deployed behind an internal Nginx proxy, routing traffic to microservices.
• Only VPN-based access was allowed — keeping the APIs private.
• ECS services had direct, secure access to required services: databases, object storage, APIs, and secrets.
• Safe deployment features were added, including image promotion, network isolation, and tag policies.

Results

By the end of the project, the company had a new cloud foundation with:

• A fully automated CI/CD pipeline across development, staging, and production.
• A SOC2-ready AWS setup with centralized logging and permission control.
• Private infrastructure with VPN-only access to internal resources.
• Reproducible environments managed through Terraform.
• Reduced operational workload via container orchestration and autoscaling.
• Secure handling of secrets through both Azure and AWS tools.

Developers now benefit from faster testing, reliable automation, and environments they can spin up or tear down as needed.

Conclusion

This project shows how startups with a complex engineering stack can move quickly and confidently by adopting a well-planned cloud migration strategy. With help from Perfsys, this B2B software company shifted away from rigid infrastructure and built a flexible AWS platform ready for scale and compliance.

The result is a cloud environment that supports high-velocity development and safe, secure product delivery — built to keep pace with growing demand and evolving product requirements.

Eugene Orlovsky

CEO & Founder | Serverless architect with 10+ years of hands-on experience designing cloud-native architectures on AWS, backed by multiple AWS certifications. He is writing bridges deep technical expertise with real-world business strategy, covering topics from AWS best practices to scaling tech-driven organizations.