A UK healthcare platform migrated from manual EC2 deployments to fully automated ECS Fargate with Terraform, GitHub Actions CI/CD, and NHS-compliant security. Deployment time dropped from hours to under 10 minutes.
Industry
Medtech, Healthcare
Location
United Kingdom
Time
11.2023 - Present (ongoing retainer)
Company
UK Startup, Healthcare Platform
Our client is a UK-based healthcare and wellbeing platform connecting users with health professionals and community services. Operating in a highly regulated sector with integrations to NHS systems, they must comply with UK Cyber Essentials Plus and GDPR standards while maintaining the availability and integrity of sensitive health data.
The client’s infrastructure was running on bare EC2 instances with no automation in sight. Deployments were manual over SSH, infrastructure was provisioned through the AWS Console, and there was no separation between staging and production. As the product roadmap demanded more services, including a search API, an analytics engine, and an AI enrichment layer, this approach simply couldn’t keep up.
The risks were real: slow and error-prone releases, no rollback capability, no audit trail, growing compliance gaps, and zero visibility into infrastructure health. Something had to change before scale made these problems unrecoverable.
This is a typical example of how our CI/CD consulting services and CloudOps maintenance work together to transform legacy infrastructure into a modern, automated platform.
We partnered with the client to design and implement a modern AWS architecture from the ground up, replacing manual operations with automation at every layer.
We migrated all workloads from EC2 to Amazon ECS on AWS Fargate, breaking the monolith into independently deployable and scalable containerised services. We evaluated EKS, Elastic Beanstalk, and Lambda before settling on ECS Fargate as the right fit. It offered the container isolation and scaling the client needed without the operational overhead of Kubernetes or the constraints of more opinionated platforms.
We deployed Amazon OpenSearch Service with a multi-node cluster including dedicated ML nodes for semantic vector search, giving the platform intelligent search capabilities across its listings and referral data.
We migrated database workloads to Amazon RDS for MySQL with automated backups, encryption at rest and in transit, and point-in-time recovery. We have since executed a major version upgrade in production with zero data loss.
Every AWS resource is managed through Terraform and Terragrunt, from ECS services and ALB configurations to IAM roles and security groups. Adding a new service to the platform now follows a repeatable, templated pattern rather than a manual provisioning marathon.
We implemented GitHub Actions pipelines for every service. A code merge triggers an automated build, test, and deployment cycle with no manual steps. CI/CD authenticates to AWS via OIDC federation, eliminating long-lived access keys entirely. See our CI/CD consulting services for more on how we approach pipeline design.
IAM least-privilege policies defined in code. Secrets managed through AWS Secrets Manager. Network traffic locked down with layered security groups. CloudTrail and AWS Config enabled for full auditability. Security Hub running continuous compliance checks. All aligned with the client’s Cyber Essentials Plus and GDPR obligations.
Handling the connection to NHS systems is a topic on its own. The compliance requirements, data handling standards, and integration patterns involved are substantial and informed much of our security architecture decisions.
This was our first engagement requiring full Cyber Essentials Plus compliance, and we treated it as a proper learning exercise. Since then we have had many occasions to apply this experience with other clients in regulated sectors. See our security and compliance services for details.
CloudWatch metrics, alarms, and centralised logging across all components, including ECS, RDS, OpenSearch, and ALB, giving the team visibility they never had before and alerting that catches problems proactively.
Multi-AZ deployments, automated health checks and task replacement, database point-in-time recovery, and documented RTO/RPO targets across critical workloads.
What started as a modernisation project became an ongoing partnership. After the initial transformation, the client signed a retainer for continued CloudOps and maintenance. We continue to deploy new services, manage production operations, and optimise costs through the same IaC and CI/CD foundations we built from day one.
AWS Services: Amazon ECS (Fargate), Amazon ECR, Application Load Balancer, Amazon RDS, Amazon OpenSearch Service, AWS Secrets Manager, AWS Systems Manager, Amazon CloudWatch, AWS CloudTrail, AWS Config, AWS Security Hub, Amazon Route53, AWS KMS, Amazon S3, AWS IAM
Tools: Terraform, Terragrunt, GitHub Actions, Docker
Deployment time dropped from hours to under 10 minutes. New service provisioning went from multi-day manual efforts to 2-4 hours using IaC templates. What started as a modernisation project became an ongoing CloudOps retainer.