← All Case Studies
Media & Entertainment / Major UK Broadcaster

Multi-Cloud Streaming Platform

Delivered multi-tenanted cloud infrastructure across AWS and GCP supporting multiple OTT streaming services - standardising IaC patterns, establishing organisation-wide observability, and implementing Kubernetes security policies.

3 Streaming platforms supported
2 Cloud providers (AWS & GCP)
Technologies
AWSGCPEKSGKETerraformTerragruntAtlantisArgo CDPrometheusGrafanaVaultSealed SecretsAnsibleGolangBash

Results

  • Infrastructure standardisation adopted across the team - replaced an internal wrapper tool with a modern IaC approach that became the standard for all new deployments, including the complete cloud infrastructure rollout for a new international streaming service
  • Organisation-wide visibility across all AWS accounts through centralised metrics collection and dashboarding, giving the team cross-account observability for the first time
  • Kubernetes security policies implemented for shared hosting environments, enforced at admission time to prevent policy violations before they reach production
  • Improved developer velocity through Terraform pull request automation - GitHub comment-triggered plans, targeted applies, and automated state drift detection
  • Secure secrets management using centralised secret storage with GitOps-compatible encryption for Kubernetes workloads
  • Reusable infrastructure patterns designed for common needs (audit logging, configuration management) that could be replicated across projects and markets
  • Central shared services including Artifactory-as-a-Service running on Kubernetes across both cloud providers, serving the wider engineering community

The Problem

A major UK broadcaster’s Cloud Engineering Platforms team was responsible for delivering infrastructure across AWS and GCP to support multiple high-profile OTT streaming services across different markets:

  • No standardised IaC approach - the team was using an internal wrapper tool for Kubernetes deployments that limited flexibility and didn’t scale well across projects
  • Limited cross-account visibility - no centralised view of metrics across the AWS organisation, making it difficult to understand platform health at scale
  • No Kubernetes security enforcement - shared hosting environments had no admission-time policy controls, creating risk in multi-tenant clusters
  • Manual Terraform workflows - pull request automation was basic, with no support for targeted applies or drift detection, slowing the team down
  • Multi-cloud complexity - the need to support both AWS and GCP with consistent patterns while serving central services to the wider engineering organisation

What We Delivered

Infrastructure Standardisation

Drove the adoption of a modern IaC wrapper across the team, migrating away from the existing internal tool for Kubernetes deployments on both EKS and GKE. This became the team’s standard approach and was used for the complete cloud infrastructure rollout of a new international streaming service. Designed reusable Terraform modules for common infrastructure patterns including audit logging and configuration management.

Organisation-Wide Observability

Established centralised metrics collection across all AWS accounts, bringing CloudWatch metrics into a unified dashboarding platform. Automated the infrastructure provisioning with IaC and the configuration with configuration management tooling, making it repeatable and maintainable.

Kubernetes Security

Investigated, proposed, and implemented admission-time policy enforcement for Kubernetes shared hosting environments. Policies were written for fine-grained control over workload behaviour, preventing security violations before they reach production.

CI/CD Automation

Implemented significant improvements to the Terraform pull request automation workflow - adding GitHub comment-triggered plans, targeted applies for faster feedback, automated state drift detection, and new pipeline patterns for broader team adoption.

Central Services

Supported the Artifactory-as-a-Service offering running on Kubernetes across both AWS and GCP, providing a reliable shared service to the wider engineering community with high availability and disaster recovery patterns.