Masterpoint stands with Ukraine. Here’s how you can help Ukraine with just a few clicks. >
MarketSpark logo
Masterpoint logo
CASE STUDY SUCCESS STORY

Modernizing MarketSpark's AWS Cloud into a 100% Infrastructure as Code, Automated & Multi-Account Platform

1 → 11
monolithic AWS account to AWS Organization
0% → 100%
Infrastructure as Code
100+ Services
AWS ECS & Lambda codified with PoLP across all environments
hours, not weeks
full-region disaster recovery
Telecommunications and managed wireless connectivity
The Challenge

The Starting Point

MarketSpark had outgrown the AWS environment they started on, especially as the company’s customer base grew, product surface widened, and they began to get compliance framework requests. All environments (including development, staging, production, and others) lived inside a single monolithic AWS account, and every change was a manual operation (ClickOps) in the AWS Console.

The MarketSpark team felt this. They had already begun planning improvements, and they partnered with Masterpoint for the deep platform expertise to execute.

MarketSpark and Masterpoint on AWS
What Masterpoint Built

From a single account to a platform built to scale

Our engagement started with a deep-dive Infrastructure as Code (IaC) and Amazon Web Services (AWS) audit. We sat down with stakeholders and engineers, mapped the existing architecture, identified risks, produced recommendations, and delivered a modernization roadmap.

From there, we rebuilt the environment from the ground up.

01 · AWS Structure

Multi-Account AWS Organization

The original single (1) monolithic AWS account became eleven (11) under the AWS Organization for a mature multi-account architecture and proper separation of concerns. Each environment has its own VPC & networking and a hard IAM boundary.

  • Long-lived IAM credentials are gone. A security liability we see in nearly every cloud audit, replaced by AWS IAM Identity Center (SSO) federated to Microsoft Entra ID. CI/CD & automation systems like GitHub Actions and Spacelift authenticate over short-lived OIDC trust.
  • Service Control Policies are put in place as guardrails at the Organization level, enforcing security boundaries and blocking high-risk actions (e.g. disabling logging) by default.
One monolithic account becomes eleven accounts under an AWS Organization, each with its own VPC and IAM boundary
AWS Security Reference Architecture Diagram Example
02 · Infrastructure as Code

100% of the cloud in Infrastructure as Code

Every cloud resource is now declared in OpenTofu, the open-source licensed successor to Terraform: VPCs, Aurora databases, ECS services, Lambdas, API Gateways, SQS queues, S3 buckets, CloudFront, WAF, and far more. If it runs in MarketSpark’s cloud infrastructure, it lives in Git.

That turns infrastructure into software: reusable, consistent, version-controlled, and self-documenting.

  • 100+ ECS and Lambda services are codified and consistent across Development, Staging, and Production.
  • Serverless Fargate. The ECS fleet migrated from EC2 to AWS Fargate’s serverless compute engine that lets engineers focus on the applications without managing servers.
  • Principle of Least Privilege (PoLP) applied everywhere. With every IAM and security resource being rebuilt in IaC, Masterpoint engineers treated it as the perfect opportunity to codify PoLP across all surfaces.
Every AWS resource type declared in OpenTofu and stored in Git
OpenTofu is a reliable, enterprise-grade infrastructure as code (IaC) tool under the Linux Foundation.
03 · Infrastructure Automation

100% of IaC automated

Nothing ships by hand. Every change is automated through Spacelift’s orchestration: CI plans for GitHub Pull Requests, deployment applies on merge, and evaluated with custom policy-as-code (OPA). Even Spacelift itself is automated & managed as code through Masterpoint’s open-source terraform-spacelift-automation module.

Because provisioning is fully self-service and automated with guardrails (enforced with Spacelift Policies through OPA Rego), MarketSpark’s long-term cloud infrastructure growth is never bottlenecked. The platform scales alongside the business as it grows.

Spacelift: provision, configure, govern
While We Were Under the Hood

A modernization rebuild is the perfect time to address technical debt

With the infrastructure already under the knife, Masterpoint engineers folded in several improvements uncovered during the audit, alongside the core rebuild:

  • Tailscale Zero-Trust Access: Identity-aware Tailscale subnet router architecture replaced a legacy VPN with manual key management.

  • Centralized Datadog Observability: APM, tracing, logs, and monitors defined in IaC and baked into services, so visibility ships with every service.

  • Databases Upgraded in Flight: Aurora PostgreSQL jumped two major versions ahead of AWS end-of-life deprecation.

  • Rearchitected IoT Connectivity: The IoT VPN path moved from scattered application-layer logic to clean network-layer routing with network address translation (NAT).

  • Standardized Naming & Tagging (FinOps): A uniform strategy unlocked FinOps-ready per-environment, per-service cost allocation.

  • TLS Everywhere: Databases sit behind RDS Proxy, with database and ElastiCache (Valkey/Redis) connections enforced over TLS.

The Outcomes

Business Impact

Faster Product Velocity, Lower Operational Risk

Provisioning and updating application infrastructure takes minutes instead of days through democratized IaC and automation with Spacelift, versus manual operations in the AWS Console. Centralized observability means MarketSpark catches incidents in minutes instead of hearing about them from customers.

Hardened Security & Blast-Radius Containment

A misconfiguration, runaway process, or compromised credential in a lower environment (e.g. Staging/QA) can no longer reach customer-facing Production workloads. Each environment runs in its own AWS account with its own IAM scope and isolated VPC networking.

Full-Region Disaster Recovery in Hours

Disaster recovery is accomplishable in hours with automated deploys instead of days or weeks of manual rebuilding. Infrastructure as Code enables seamless multi-region infrastructure for MarketSpark’s growing business.

Less Overhead, Lower Spend

The migration towards AWS Fargate’s serverless compute engine enables MarketSpark to run their applications without needing to manage underlying servers. Fargate also reduced compute spend on the same workloads with proper per service right sizing (additionally, Fargate Spot is utilized where tolerated, delivering up to a 70% AWS discount).

Auditable, Self-Documenting Infrastructure

IaC is now the single source of truth, deploying infrastructure consistently across environments, and every change is version-controlled and peer-reviewed with a full audit trail. Onboarding a new engineer, archaeology questions, or auditing a config no longer depends on tribal knowledge, stale Confluence pages, or screenshots.

Enterprise-Grade Trust and Compliance Posture

MarketSpark’s AWS environment is aligned with industry security and compliance frameworks (SOC 2, ISO 27001, etc.) that enterprise customers expect. IaC itself is a strong control that compliance auditors look for, and MarketSpark now has a credible, auditable infrastructure story, something that was not easily possible with the previous manually-managed environment.

Built so the team could own it

Knowledge transfer wasn’t a final phase, it ran in parallel with the work. We held training sessions, recorded walkthroughs, drew architecture diagrams, and documented operations extensively. By handoff, MarketSpark’s engineers weren’t inheriting a black box. They were already shipping changes and self-deploying infrastructure against the new platform.

Charlie Wilson

We chose Masterpoint over the giant consulting firms because a boutique firm meant a real partnership and actual flexibility to work the problem alongside us. We’ve worked with enough of both to know it’s always better to work with people making local decisions that affect the outcome than to get an ivory-tower, boilerplate approach. We’re 100% happy with the decision to bring in Masterpoint.

Charlie WilsonChief Technology Officer (CTO), MarketSpark

👋 Curious if Masterpoint could help your team too? We partner with engineering organizations across the full spectrum — from unicorn startups to Fortune 500 enterprises — to deliver infrastructure systems and patterns that truly scale. Get in touch and we'll walk through your environment, your roadmap, and see where we can help.

Get a standardized, predictable, and efficient infrastructure management process

Skip the stress and let us organize the mess. Reach out today for a free assessment.

Schedule Your Free Assessment →