>_ luke
← all work

Cloud Platform Engineer

Replacing enterprise PAM across the whole engineering org

Led the end-to-end replacement of an enterprise privileged-access tool with StrongDM for the entire engineering workforce — owning both the architecture and the delivery, and turning access provisioning into a self-service, GitOps-driven workflow.

StrongDMAWS IAMGCPTerraformECS

context

A large multi-account AWS estate, with privileged access running on an enterprise PAM tool that was being retired. Its coverage was narrow — servers and the cloud console — and the console path in particular was high-friction, brokered through a remote desktop session rather than accessed natively. The replacement had to serve the entire engineering workforce, broaden what privileged access covered — across more than one cloud — and not disrupt how people work day to day.

constraints

  • The whole workforce depends on this access daily — no flag day, no outage.
  • Least-privilege and full auditability were hard requirements.
  • Everything had to be infrastructure as code, reviewable and reproducible.
  • Central governance over the estate could not be loosened to move faster.

what I owned

The full programme, not just the build: the architecture, the Epic and tickets, the Key Design Decision documents, and architecture sign-off from Staff and Principal engineers — while managing a team of 4 and reporting progress to directors, management, and the end-user teams.

the access model

Rather than bolt the new tool on, I designed access around identity. It hooks into the existing single sign-on and account-provisioning pipeline, so granting access is a reviewed pull request rather than manual setup — and newly provisioned accounts arrive access-ready instead of needing a round of work afterwards. Access provisioning became self-service and GitOps-driven.

evolution: EC2 to ECS

The original deployment ran across a fleet of long-lived EC2 instances. Patching was automated, but automation that works on a schedule still falls back to people when it matters most — an urgent CVE meant manually cycling instances out of the fleet and waiting for replacements, exactly when you least want a manual step in the loop. I led the re-platform onto a containerised, declarative deployment on ECS — owning the Epic, architecture, and Staff/Principal sign-off, delivered across the wider team — so remediation became “ship a new image and roll” rather than hands-on instance surgery.

outcome

  • The entire engineering workforce moved onto the new access plane with no interruption to daily work.
  • Privileged access is now granted by code review — applied consistently and auditable by default.
  • New accounts arrive access-ready.
  • The ECS re-platform cut patching and instance toil.
  • Coverage expanded well beyond the old tool: from servers and a clunky console gateway to databases, data warehouses, Kubernetes, and CLI and console access across both AWS and GCP — all through one consistent, audited path.

what I’d do differently

The access model optimised hard for a single, consistent path. That kept it clean, but genuine edge cases had to bend to fit it. I’d build a clearer escape hatch for the real exceptions in from the start, rather than treating them as something to handle later.