How a Leading Bank Scaled Cloud Infrastructure Faster With Pre-Approved IaC and Shared Golden Paths
How a Leading Bank Scaled Cloud Infrastructure Faster With Pre-Approved IaC and Shared Golden Paths
Summary:
- Services: Platform Engineering · IaC Modernization · Terraform Modules · AWS Account Strategy · RDS Standardization · Day-2 Operations
- Tech: Terraform · AWS RDS · AWS Lambda · Secrets Rotation · Pre-approved IaC Patterns · T-shirt Sizing Modules
- Industry: Financial Services / Banking
The Opportunity
Our client, a leading financial services company, supports millions of customers across a broad portfolio of financial products, making security, compliance, operational consistency, and infrastructure scalability mission-critical.
As the company accelerated its migration to AWS, the organization began shifting away from a traditional Account Vending Machine model, where workloads were distributed across many individual accounts. In partnership with AWS, they moved toward a more centralized, environment-based account strategy.
This new model created a different infrastructure challenge.
Instead of provisioning a small number of databases per account, our client now needed to support hundreds of RDS databases within shared environment accounts. At that scale, traditional patterns began creating operational pressure around:
- AWS service quotas
- Duplicate account-level resources
- Parameter group, option group, and subnet group sprawl
- Secrets rotation complexity
- Higher Lambda footprint and operational cost
- Manual review overhead
- Inconsistent database configurations
- Day-2 management at scale
They needed a platform-aligned IaC model that could support the new cloud operating model while preserving developer speed, governance, compliance, and flexibility.
What We Did
Tensure partnered with them to rearchitect its Terraform-based database provisioning framework for a centralized AWS account model.
The work focused on modernizing the existing pre-approved IaC approach so it could scale across hundreds of RDS databases per environment account without creating unnecessary resource duplication or operational overhead.
Re-architected Terraform for Shared Environment Accounts
We redesigned the Terraform architecture to support the company’s new environment-based account strategy. Instead of assuming each database or workload would live in a separate account with its own supporting resources, the framework was updated to use shared account-level infrastructure where appropriate.
This included support for shared:
- DB subnet groups
- Parameter groups
- Option groups
- Secrets rotation infrastructure
- Day-2 operational components
- Standardized security and networking patterns
By consolidating common resources, they reduced resource sprawl, lowered operational complexity, and improved quota efficiency across large shared accounts.
Preserved Flexibility for Special-Case Databases
While the platform encouraged standardized shared resources by default, it did not force every workload into a rigid model.
Databases with specialized requirements could still define and manage dedicated resources, including custom:
- Parameter groups
- Option groups
- Subnet groups
- Rotation behavior
- Engine-specific configuration
This allowed our client to standardize the majority of database deployments while still supporting exceptions where business, application, or compliance requirements demanded more control.
Standardized Pre-Approved Terraform Templates
We continued to build on the pre-approved Terraform template model, codifying their security and operational standards directly into reusable modules.
These modules standardized key database requirements, including:
- Encryption
- Networking
- Backup retention
- Monitoring
- Secrets management
- Engine configuration
- Performance profiles
- Operational guardrails
Using a T-shirt sizing model, developers could select a pre-approved database profile, provide only the required workload-specific inputs, and provision compliant infrastructure without going through a slow manual design process.
Redesigned Secrets Rotation and Day-2 Operations
The previous model relied on more isolated operational patterns, where individual databases or accounts could require their own dedicated Lambda-based automation.
As database density increased within shared AWS accounts, that approach became inefficient.
Tensure helped redesign the day-2 operations model around shared Lambda infrastructure. Instead of deploying separate rotation and operational Lambdas for every database pattern, the new model centralized common automation into reusable shared services.
This improved:
- Cost efficiency
- Operational consistency
- Lambda footprint
- Maintainability
- Upgradeability
- Cross-database support
- Long-term scalability
The shared Lambda model also made it easier to evolve operational capabilities over time without duplicating the same automation across hundreds of database deployments.
The Outcome
Our client gained a more scalable, cost-efficient, and governance-friendly infrastructure provisioning model aligned to its updated AWS cloud strategy.
The rearchitected framework helped the organization:
- Support hundreds of RDS databases within centralized environment accounts
- Reduce duplicate database support resources
- Improve AWS quota efficiency
- Lower operational cost through shared automation
- Simplify secrets rotation and day-2 operations
- Preserve flexibility for databases with special requirements
- Maintain pre-approved, compliant deployment paths
- Reduce developer friction when provisioning infrastructure
- Improve consistency across database environments
Business Impact
By modernizing the Terraform framework around shared golden paths, the company was able to support its cloud migration strategy without sacrificing governance, security, or developer velocity.
The updated model gave teams a faster path to provision compliant database infrastructure while giving platform and operations teams a more scalable way to manage the growing AWS footprint.
Instead of treating every database as a one-off infrastructure build, they now had a reusable platform pattern that could scale with its migration program, reduce cost of ownership, and improve long-term operational control.
Executive Summary
Our client’s shift to centralized AWS environment accounts required a new infrastructure operating model. Tensure helped rearchitect the Terraform-based database provisioning framework to support hundreds of RDS databases per account using shared resources, pre-approved patterns, and centralized day-2 automation. The result was a more scalable, cost-efficient, and compliant platform foundation for cloud migration.
What our partners say


More engineering wins
How a Leading Bank Scaled Cloud Infrastructure Faster With Pre-Approved IaC and Shared Golden Paths
How a Leading Bank Scaled Cloud Infrastructure Faster With Pre-Approved IaC and Shared Golden Paths
Synchrony Bank: Accelerating Infrastructure Delivery with Secure, Standardized IaC Templates
Synchrony Bank: Accelerating Infrastructure Delivery with Secure, Standardized IaC Templates
Pindrop: Modernizing Infrastructure and Accelerating Developer Efficiency with Platform Engineering Best Practices
Pindrop: Modernizing Infrastructure and Accelerating Developer Efficiency with Platform Engineering Best Practices
Smooth shipping is a few steps away
Let's see how we can help your team move faster. From developer platforms to cloud infrastructure and AI solutions that get your developers shipping again.
