← All case studies

Mobility

Pan-European car leasing company

AWS landing zone with custom Terraform providers, Vault plugins, and a Go-based compliance framework. Artifact management cost dropped from €1.8M to €100K per year.

Pan-European car leasing company
Client

A pan-European Car-as-a-Service company with around 1.9 million vehicles under management across 29 countries. They purchase, finance, and operate vehicles on behalf of corporate customers, typically on three- to four-year contracts.

That business runs on a sprawling technology estate covering reservations, vehicle ops, billing, and country-specific regulatory work. As part of an ongoing move to AWS, they wanted both the platform and the tooling around it to be more consistent and less expensive to run.

Challenges

When we started, the cloud platform had grown faster than the patterns around it:

  • No standardised AWS landing zone, so account structure, network design, and security controls varied between teams and regions.
  • Change management and compliance checks were largely manual, which slowed deployments and left room for mistakes.
  • Access to cloud resources and sensitive systems was managed by hand, with the usual administrative cost and the usual security worries.
  • Development environments differed enough between teams that integration work consistently turned up surprises.
  • Provisioning and configuration relied on people doing the same steps repeatedly across regions.
  • Artifact management ran on JFrog Artifactory at a cost of roughly €1.8 million per year, which the platform team could not justify against the value it was getting.
What we did

We worked across infrastructure, security, and developer tooling:

  • Designed and implemented an AWS landing zone with standard account structure, networking, security controls, and monitoring, so teams could deploy into a known-good baseline.
  • Wrote custom Terraform providers for the company-specific systems that did not have official providers, so those systems could be managed through code instead of UIs and tickets.
  • Built HashiCorp Vault plugins to handle credentials and access patterns specific to the company, so applications could fetch what they needed without long-lived secrets sitting in config.
  • Shipped a change management and compliance framework in Go that automated the most common checks and produced audit trails as a side effect, so compliance review stopped being a separate phase.
  • Replaced JFrog Artifactory with a self-hosted artifact repository. Workflows stayed the same as far as the engineering teams were concerned.
  • Partnered with security, operations, and product engineering teams throughout, so each piece landed with the people who would run it after we left.
Results
  • Onboarding a new workload to the platform dropped from weeks to days.
  • Secret management and security controls became consistent across regions, which simplified audits and removed a class of recurring incidents.
  • Manual effort on provisioning and compliance dropped by roughly 70%, on the team’s own measurement.
  • The change management framework gave platform and audit teams real visibility into what was changing in production.
  • Artifact management costs went from about €1.8 million per year to about €100,000 per year, a 95% reduction, with the budget reallocated to other platform work.
  • Developers across regions worked on the same environments and patterns, which made it easier to move people and projects between markets.

Working on something similar?

Send a few sentences about what you're building. We'll be honest about whether we can help.

Start a conversation