Tapestry Builds a Scalable IaC Platform with Built-In Governance and Security

by Aditya Pendyala, Julio Hanna, and Rehan Mubashir | on

Global luxury fashion company Tapestry Inc. (Tapestry) has been undergoing a company-wide digital transformation. To support these efforts, Tapestry wanted to modernize its legacy business applications. Prior to undertaking this project, the company performed a lift-and-shift cloud migration to Amazon Web Services (Amazon Web Services), completed in March 2021. Following this milestone, Tapestry wanted to further its modernization by building a scalable infrastructure-as-code (IaC) platform for facilitating seamless deployment of modernized workloads in a nimble, consistent, and repeatable manner, establishing security and governance.

To accomplish this, Tapestry decided to build a platform with standardized IaC private modules and IaC templates using serverless solutions on Amazon Web Services. The services included Amazon Web Services Lambda —a serverless, event-driven compute service—and Amazon API Gateway , a fully managed service that makes it easier for developers to create, publish, maintain, monitor, and secure APIs at nearly any scale. The company also used Amazon Cognito —which provides user sign-up and sign-in features for controlled access to web and mobile applications—and Amazon CloudFront , a content delivery network service built for high performance, security, and developer convenience. Tapestry used Terraform, a product of HashiCorp , an Amazon Web Services Partner , to provision infrastructure on Amazon Web Services.

In about six months, Tapestry completed the build of its IaC provisioning platform, and has deployed 15 new serverless applications. With this platform,Tapestry has accelerated its digital transformation while bolstering its security and governance and reducing its time to deployment.

The IaC Platform for Modernized Workloads Provisioning

Previously, Tapestry had built and provisioned infrastructure in the cloud manually, which was time consuming and prone to human error, with inconsistent environments, security and compliance risks. These challenges complicated Tapestry’s goal of optimizing its legacy applications. This process of manually provisioning infrastructure could take weeks to complete. To solve these issues, Tapestry started building the IaC-based, automated platform in December 2021.

“Now that we’ve migrated to the cloud, we’re starting to transform our workloads,” says Rehan Mubashir, director and principal of cloud platform architecture and engineering at Tapestry. “We wanted to take an IaC approach to deploy our workloads securely and consistently.” Using Amazon Web Services services alongside Terraform, Tapestry found streamlined and reliable solutions for its infrastructure provisioning and framework.

Building an IaC Platform for Provisioning Serverless Workloads on Amazon Web Services

Tapestry first conducted a deep assessment of its use cases and created prevetted standardized architectural patterns for security and compliance. They aligned with Amazon Web Services Well-Architected Framework , which teaches architectural best practices for designing and operating reliable, secure, efficient, cost-effective, and sustainable systems in the cloud. These reference architectures can be readily used or tweaked to fit nearly any given use case.

After establishing the standardized patterns to make the provisioning repeatable, consistent, inherently secure, and compliant, Tapestry created prevetted, parameterized IaC modules and IaC templates.The parameterization of the IaC modules facilitates the reuse of code for almost any use case without having to write all the IaC from scratch, saving time. Additionally, IaC templates make the provisioning process repeatable and consistent.

Tapestry now maintains a Terraform Enterprise (TFE) private module registry of around 80 modules and over 15 IaC templates. Like the standardized reference architectures and IaC modules, these are prevetted, cloud center of excellence (CCoE) aligned, and follow industry best practices. Next, to ensure governance, Tapestry established a standardized infrastructure provisioning workflow based on version control systems (VCS) and Terraform pipelines, which incorporate approvals and is auditable. To support workloads with different levels of criticality, Tapestry built the platform to handle all disaster recovery tiers, along with high-availability or redundancy options as needed. And finally, to facilitate speed to market and post deployment application lifecycle management, Tapestry also built various cloud-native pipelines.

Since finishing the build of its IaC-based provisioning process, Tapestry has improved its business agility and streamlined internal workflows. Tapestry was able to successfully deploy 15 applications across multiple environments. Compared with its previous manual process, provisioning infrastructure takes only days instead of weeks. Implementation times have also decreased from days to hours. With these extra time savings, Tapestry’s employees can focus on modernizing the company’s legacy applications and identifying additional opportunities for further innovation. “We are always adopting new technologies,” says Mubashir. “We are excited about all the innovations coming from Amazon Web Services, and we look forward to introducing more of those to the company.”

Accelerating Its Digital Transformation

Tapestry is continuing to innovate while it optimizes more of its legacy applications for cloud-native and serverless architectures. Tapestry plans to modernize many more applications using its IaC pipeline and to decommission its legacy environment, completing the company’s digital transformation.

“We have matured enough that we are now transforming the legacy applications to modernized cloud-native technologies,” says Mubashir. “We are excited to find new ways to benefit the business, test our ideas, and innovate on Amazon Web Services.”

Check out more Amazon Web Services Partners or contact an Amazon Web Services Representative to know how we can help accelerate your business.

For further reading :

  • Infrastructure as code (IaC)
  • IaC in DevOps
  • Should Startups Use Infrastructure as Code (IaC)?
Aditya Pendyala

Aditya Pendyala

Aditya is a Principal Solutions Architect at Amazon Web Services based out of NYC. He has extensive experience in architecting cloud-based applications. He is currently working with large enterprises to help them craft highly scalable, flexible, and resilient cloud architectures, and guides them on all things cloud. He has a Master of Science degree in Computer Science from Shippensburg University and believes in the quote “When you cease to learn, you cease to grow.”

Julio Hanna

Julio Hanna

Julio is a Solutions Architect at Amazon Web Services based in New York. Throughout his career, Julio focused on helping organizations to deliver technology solutions and drive efficiency in enterprise technology operations. Currently, Julio is navigating the waters of Artificial Intelligence and Machine Learning and leverage their potential in innovation.

Rehan Mubashir

Rehan Mubashir

Rehan Mubashir is the Director and Principal of Cloud Platform Architecture and Engineering at Tapestry, a New York based luxury fashion company. He has extensive experience in shaping and guiding the cloud strategy and architecture for large enterprises. His primary responsibilities encompass overseeing the design, implementation, and optimization of cloud solutions and overall cloud architecture. He stays abreast of emerging cloud trends and best practices and guides the organization in adopting the latest innovations. His expertise has been critical in driving digital transformation, fostering cloud adoption, and enabling efficient, secure, and highly available cloud environments. He has a Master of Science degree in Cloud Computing from UMGC and holds various professional level cloud certifications and competencies in Amazon Web Services, Hashi among many.


The mentioned AWS GenAI Services service names relating to generative AI are only available or previewed in the Global Regions. Amazon Web Services China promotes AWS GenAI Services relating to generative AI solely for China-to-global business purposes and/or advanced technology introduction.