The Challenge

RedRock was engaged by an executive agency of the UK Government responsible for procuring common goods and services across the public sector. The organisation also operates several high-profile public-facing websites and digital services.

These services were hosted on an existing AWS-based platform that was due to be decommissioned. With a fixed deadline approaching, the agency needed to migrate all websites and services to a new, secure cloud environment without disruption to users or compromising security standards.

The decision was made to move each website and service onto AWS Elastic Container Service (ECS), with each running in its own fully segregated AWS account and environment. This significantly increased security and resilience, but also added technical complexity to the migration.

RedRock was selected to provide specialist platform engineering expertise to design, build and deliver this migration at pace.

 

Our Approach

RedRock worked closely with the client to design a cloud platform that was secure, scalable and aligned with government security and assurance requirements.

A key part of the challenge was safely transferring data, including databases, files and storage objects, from the existing platform into the new, segregated environments. This required the creation of repeatable, automated processes that could be executed reliably across multiple services and accounts.

To support this, RedRock designed an automated delivery pipeline that allowed migrations to be coordinated, monitored and controlled centrally.

 

Platform Design and Delivery

The client had already invested heavily in Jenkins, including staff training and existing automation code. RedRock therefore built on this foundation rather than introducing unnecessary new tooling.

An initial proof of concept explored running Jenkins directly on ECS. However, limitations around secure access across multiple AWS accounts led to a revised approach that better supported the client’s security and audit requirements.

RedRock recommended deploying Jenkins on AWS Elastic Kubernetes Service (EKS), which allows individual workloads to securely assume different permissions when working across multiple AWS accounts, without the need for static credentials. This approach aligned well with an ongoing external security audit.

The platform was delivered incrementally over several months, starting with the secure network foundation and progressing through to the full production environment. Cost efficiency and resilience were built in from the outset, using a mix of on-demand and spot cloud resources and designing the platform to automatically recover from change or failure.

Security was a core design principle throughout. Access to the platform was tightly controlled, encrypted and restricted to approved networks. Where access was required temporarily, RedRock implemented a self-service process that allowed teams to request and manage short-term access safely and audibly.

 

Security and Governance

The solution was designed to meet high public sector security standards, including:

• Strong separation between environments and accounts
• Encrypted data in transit and at rest
• Restricted network access based on approved IP ranges
• Centralised management of secrets and configuration
• Full auditability of access and changes

This approach ensured the platform could withstand scrutiny from external auditors while remaining practical for delivery teams to use.

 

The Outcome

All websites and services were successfully migrated to the new cloud platform ahead of the decommissioning deadline, with no disruption to users.

The client now benefits from:

• A secure, modern cloud platform with long-term scalability
• Improved resilience and performance across all services
• A cost-effective solution designed to grow with future demand
• Strong security controls aligned with government standards

Following the migration, the organisation identified additional opportunities to reuse the new Jenkins-based platform for wider continuous integration and delivery needs. RedRock continued to support these initiatives, helping the client extract further value from the investment.

Why This Matters

This case study demonstrates how complex, time-critical cloud migrations can be delivered safely and successfully when technical expertise is combined with a clear understanding of public sector security and governance.

By designing a solution that balanced security, cost and usability, RedRock enabled the organisation to meet its deadline with confidence and establish a cloud platform that will support digital services for many years to come.