US EdTech SaaS Platform Technology / SaaS

CloudFormation Drift Remediation + Multi-Region Deployment | Case Study | Logicata

Logicata remediated CloudFormation drift across a US EdTech SaaS estate and enabled multi-region deployment, unlocking regional failover with IaC parity.

Remediated Drift
Multi-region Topology

Executive Summary

A SaaS platform company needed to deploy into AWS GovCloud for a government client, but their existing CloudFormation stacks had drifted significantly from reality. Years of console-driven changes had left the IaC untrustworthy, the templates non-portable, and the customer unable to reliably replicate their infrastructure for a high-value onboarding. Logicata ran drift detection across all in-scope stacks, then rewrote 11 CloudFormation stacks: standardised YAML, region-agnostic, parameterised to zero-input deployment, drift-reconciled, and ready to deploy in both commercial and GovCloud regions.

Customer Overview

Sector: Technology / SaaS

Location: United States

The customer operates a cloud-based SaaS platform providing mobile-first digital experiences for campus environments. The platform runs on AWS and serves multiple enterprise clients across different sectors, including one requirement for deployment in AWS GovCloud.

The Challenge

The platform’s core AWS infrastructure had been deployed via CloudFormation originally, but technical debt had accumulated:

  • Infrastructure drift. Resources had been added, modified, and deleted directly in the AWS Console over time. CloudFormation state had drifted significantly from reality.
  • Hardcoded values. Region-specific ARNs, account IDs, and resource references were hardcoded throughout. The templates were not portable.
  • Mixed formats. Stacks were inconsistently written in both JSON and YAML.
  • No parameterisation. Deployments required manual intervention and specialist knowledge of the environment.
  • Dead code. Commented-out legacy code reduced readability and increased maintenance risk.
  • GovCloud incompatibility. ARN formats differ between commercial AWS and GovCloud partitions. The existing templates would fail to deploy in the target region.

The customer was blocked from onboarding a high-value client because they could not reliably replicate their infrastructure in a GovCloud region.

The Solution

Logicata delivered a two-phase CloudFormation remediation.

Phase 1: Drift detection and scoping

A single-day drift detection exercise across all in-scope CloudFormation stacks documented every difference between template state and actual deployed resources: additions, modifications, and deletions. The output was an accurate scope for the rewrite, grounded in reality rather than wishful thinking.

Phase 2: Full stack remediation

Logicata rewrote 11 CloudFormation stacks covering the entire platform infrastructure:

  • VPC and networking. Subnets, route tables, security groups.
  • Load balancing. Application Load Balancers with target groups (additional ALB now captured in IaC).
  • Compute. Auto Scaling Groups (four of them), persistent EC2 instances, bastion host.
  • Data. RDS databases with AWS Secrets Manager integration and AWS Backup configuration.
  • Storage. Amazon EFS with backup solution, S3 configuration buckets.
  • Security. AWS WAF v2 captured in CloudFormation for the first time (previously console-only).
  • DNS. Route 53 private hosted zones.
  • Cross-stack references. SSM Parameter Store for parameterisation and inter-stack lookups.

Every stack was:

  • Converted to standardised YAML
  • Made region-agnostic using pseudo-parameters and partition-aware ARN construction (so the same code deploys to commercial and GovCloud)
  • Parameterised with sensible defaults and SSM lookups, enabling zero-input deployment by non-specialists
  • Drift-reconciled to reflect actual deployed state, not outdated template state
  • Cleaned of all dead and commented-out code

A test deployment in a nominated AWS account validated the full stack deployment sequence end to end.

Results

  • 11 CloudFormation stacks fully rewritten
  • 100% YAML standardisation (previously mixed JSON and YAML)
  • Deployable to both commercial and GovCloud regions from a single codebase
  • Zero-parameter deployment so a non-specialist can run it
  • Drift reconciled. CloudFormation state matches actual infrastructure.
  • WAF, Backup, and Secrets Manager captured in IaC for the first time
  • New client onboarding unblocked. New environments deployable in hours rather than weeks.
  • GovCloud deployment unblocked for the government client

AWS Services Used

  • AWS CloudFormation
  • Amazon VPC
  • Elastic Load Balancing (ALB)
  • Amazon EC2 with Auto Scaling
  • Amazon RDS
  • Amazon EFS
  • AWS WAF v2
  • Amazon S3
  • Amazon Route 53
  • AWS Secrets Manager
  • AWS Backup
  • AWS Systems Manager (Parameter Store)

About Logicata

Logicata is an AWS Advanced Partner holding the AWS Cloud Operations Management Competency, validated through an independent third-party audit. Logicata helps organisations build and operate secure, well-governed cloud platforms on AWS, enabling customers to reduce operational risk, meet assurance expectations, and scale with confidence.

See how we can help your business

Every engagement starts with understanding where you are today. Book a free AWS consultation.

Book a free AWS consultation
Up to 80% Infrastructure costs cut
300% Traffic spike handled
4.9/5 Client CSAT
24/7 UK & US support
AWS Advanced Partner. View our credentials BSI ISO 27001 Certified PCI DSS Compliant BCS Services Company of the Year Finalist 2023 UK Business Tech Awards Finalist 2023

Trusted by

Virgin Experience DaysStream (formerly Wagestream)CharangaChemist 4 UAtriumMohidThe eArIPOSGVectorTracxTMSWild DogLinxSideLightPupil TrackingVitaccessLucky Day CompetitionsFlorida RealtorsFHCNEMSQBenchVirgin Experience DaysStream (formerly Wagestream)CharangaChemist 4 UAtriumMohidThe eArIPOSGVectorTracxTMSWild DogLinxSideLightPupil TrackingVitaccessLucky Day CompetitionsFlorida RealtorsFHCNEMSQBench