Healthtech company’s move from ClickOps to IaC with Gruntwork

A large healthtech organization that is a leader in healthcare training, certification, and SaaS tools for medical coding, was HIPAA-compliant but struggling with legacy infra as they eyed HITRUST for B2B expansion.

As the organization grew, so did the demands on its technology stack. When a new senior leader overseeing platform engineering and DevOps came aboard, he found an infrastructure that reflected years of manual effort ready for modernization. Like many organizations that began their cloud journey early, the company relied on console-driven setups in AWS rather than Infrastructure as Code (IaC). This approach worked for a time but introduced familiar challenges: environments that drifted apart, tests that didn’t always reflect production, and deployments that occasionally bypassed staging in the interest of speed.

Leadership recognized that achieving HITRUST certification would be essential for growth in B2B, where enterprise clients wanted stronger assurances around handling sensitive healthcare data. However, manual and inconsistent environments stood in the way. As the new leader put it, “We were HIPAA compliant, but had no IaC, tons of environment drift, and couldn’t support real growth until we fixed the infra.”

He made it his mission to modernize with IaC and earn HITRUST certification.

Forging a path toward consistency and compliance

Infrastructure maintenance and operations in the early days were challenging, relying heavily on manual effort. Deployments and CI/CD were functional but time-consuming, and security rules were often managed directly at the server level. The team kept systems moving, but without centralized patterns or traceability, audits and cross-environment consistency were more complex than leadership wanted.

The DevOps leader had faced similar challenges in a prior role and knew what a mature IaC practice could deliver. At that organization, Gruntwork supported an advanced DevOps setup with dozens of ephemeral test environments and multiple production releases per day. He saw the same potential at his new company.

While he looked at alternatives, his prior success with Gruntwork gave him confidence it could provide a stable starting point for IaC without adding unnecessary complexity. Prebuilt Terraform modules offered a foundation the team could build on, and the documentation and consistency were an advantage for meeting HIPAA and HITRUST requirements.

Cost also played a role. The investment compared favorably to bringing on additional DevOps staff to develop and maintain modules in-house, and it came with ongoing support. Leadership was comfortable with the decision, supported by positive references from peers who had taken a similar approach.

“Gruntwork gives you that head start. It accelerates time to market really fast and now we’re moving faster with fewer mistakes.”

– Senior Director of Platform Engineering and DevOps

The implementation journey: from greenfield to migration

The team began by building new workloads in greenfield environments using Gruntwork modules. The engineering leader took a hands-on role in the early days, establishing base patterns for VPCs, ECS services, and security. He then guided his team on how to use the service catalog, wrap modules with customizations, and adopt best practices.

After about three months, the team reached a level of self-sufficiency. Engineers were confidently creating their own PRs, following established patterns, and building services on top of Gruntwork modules.

Migrating legacy workloads was the next big move for the team. Many applications were still running directly on EC2 instances without containerization. Some legacy infrastructure relied on custom DNS servers lifted into EC2, which required manual DNS resolutions even for AWS-native services. Interfacing between new IaC-based environments and legacy resources involved careful VPC peering and additional configuration.

The team is now pushing towards developer self-service: developers will be able to define infrastructure through PRs, with DevOps acting as reviewers rather than bottlenecks.

“Absolute dollar value wise, it’s so worth it. One offshore engineer cannot build and maintain what Gruntwork provides year over year.”

– Senior Director of Platform Engineering and DevOps

Outcomes and impacts while working toward HITRUST

Six months into the transition, the results are clear.

• Consistency across environments: Dev, UAT, and production now share identical configurations, enabling reliable testing and faster deployments. This is particularly valuable as the company rolls out new B2B features like self-service APIs.
• Developer empowerment: Infrastructure lives in GitHub, giving developers visibility into environment variables, resource allocations, and configurations. This transparency reduces the handholding previously required from DevOps.
• Efficiency gains: Provisioning tasks that once took weeks can now be accomplished in under an hour with Gruntwork modules. Unused trial resources are eliminated, meaning every infrastructure change is tied to a production ticket or removed.
• Compliance readiness: IaC provides a complete history of infrastructure changes, simplifying audits and disaster recovery. Gruntwork’s modules enforce best practices like perimeter security through VPCs and Network ACLs, replacing fragile resource-level rules. Moving workloads from EC2 to ECS reduces the number of “endpoints” that must be documented in HITRUST, streamlining evidence collection.

Perhaps most importantly, the organization now feels confident in its direction. With Gruntwork at the foundation, the team can make realistic promises about delivery timelines and infrastructure readiness. “With Gruntwork, we’re confident we’re doing the right thing. It lets us promise timelines that are actually achievable.”

“The biggest improvement has been consistency across environments. That directly supports faster delivery and compliance readiness.”

– Senior Director of Platform Engineering and DevOps

Looking ahead

The modernization journey is ongoing. The next milestones include fully migrating legacy workloads, expanding developer self-service, and tackling infrastructure dependencies like DNS modernization. The ultimate goal is HITRUST certification, which will be critical to the company’s B2B growth strategy.

By enforcing consistency, providing auditability, and accelerating delivery, the organization is positioned to meet compliance requirements while building a scalable, modern platform for the future.

“Time to market is a big thing these days. Gruntwork accelerates that really, really fast. I can build my VPC subnets, all the security groups, all ACLs — everything with just one file in a span of 30 minutes.”

– Senior Director of Platform Engineering and DevOps