← All Case Studies
Media & Entertainment

Multi-Cloud Streaming Platform

Sky

Delivered multi-tenanted cloud infrastructure across AWS and GCP supporting NOW, Peacock, and SkyShowtime streaming services.

3 Streaming platforms supported
2 Cloud providers (AWS & GCP)
Technologies
AWSGCPEKSGKETerraformTerragruntAtlantisArgo CDPrometheusGrafanaVaultSealed SecretsAnsibleGolangBash

The Challenge

Sky’s Cloud Engineering Platforms team needed to deliver infrastructure for multiple high-profile streaming services:

  • NOW: Sky’s existing streaming platform
  • Peacock: NBCUniversal’s streaming service
  • SkyShowtime: New joint venture streaming service for European markets

Requirements included:

  • Multi-tenanted infrastructure across AWS and GCP
  • Central services including Artifactory-as-a-Service
  • Standardised patterns that could be replicated across projects
  • Security policies for shared Kubernetes hosting

Our Approach

Infrastructure Standardisation

Drove adoption of Terragrunt within the team:

  • Migrated away from an internal wrapper tool for EKS and GKE deployments
  • Established Terragrunt as the preferred Terraform wrapper
  • Used for the complete cloud infrastructure rollout of SkyShowtime
  • Designed reusable Terraform modules for common infrastructure patterns (Audit Logging, DAC, Artifactory Configuration Management)

Organisation-Wide Visibility

Enhanced observability across the AWS organisation:

  • Exported CloudWatch metrics from all AWS accounts
  • Centralised dashboards in Prometheus and Grafana
  • Automated infrastructure provisioning with Terraform
  • Configuration management with Ansible

CI/CD Automation

Implemented improvements to Jenkins Terraform automation:

  • GitHub comment-triggered Terraform plans
  • Targeted applies for faster feedback
  • Terraform state drift detection
  • New pipeline patterns for team adoption

Kubernetes Security

Investigated, proposed, and implemented OPA Gatekeeper policies:

  • Security policies for shared Kubernetes hosting
  • Written in Rego for fine-grained control
  • Enforced at admission time to prevent policy violations

Secrets Management

Implemented secure secrets handling using:

  • HashiCorp Vault for centralised secret storage
  • Sealed Secrets for GitOps-compatible secret encryption

Automation & Scripting

Developed internal tooling and automation:

  • Bash scripts for operational tasks
  • Golang utilities for platform automation

Central Services

Supported the Artifactory-as-a-Service offering:

  • Kubernetes deployments in EKS and GKE
  • Served the wider Sky engineering community
  • High availability and disaster recovery patterns

Results

  • Terragrunt standardisation now used across the team and for SkyShowtime rollout
  • Unified visibility across all AWS accounts through centralised metrics
  • Improved developer velocity with GitHub-integrated Terraform automation
  • Security enforcement through OPA Gatekeeper policies
  • Reliable central services supporting multiple streaming platforms