Problem
The CRI cloud environment needed reliable mission support, stronger boundary defense, consistent change control, compliance alignment, and cost discipline across multiple teams and government stakeholders.
Architecture
The work centered on multi-account AWS networking with Transit Gateway, dozens of VPCs, and six site-to-site VPNs for centralized routing, policy enforcement, and hybrid connectivity. It also included multi-AZ centralized ingress/egress and inspection architecture with firewall enforcement and dual NAT across two AZs.
Constraints
- Support a cloud-based ground system for 3+ experimental satellites.
- Coordinate changes across 4+ teams and 50+ personnel while preserving uptime, security, compliance, and technical direction.
- Align technical changes with RMF/ATO negotiation, customer strategy, and government stakeholder requirements.
- Close CUI compliance gaps while coordinating three government stakeholders and multiple contractor teams.
Technologies
Outcome
The work reduced security findings by about 90%, reduced AWS spend by about 50%, delivered about $15K/month sustained savings, and built STIG scanning and ATO artifact automation across 14 AWS accounts that reduced manual effort by about $10K/month.