Travis CI Hitting Limits and CloudFormation Sprawl
The client runs a global fitness brand with millions of active users and several engineering squads shipping in parallel. Security and uptime expectations are high. The organization had grown quickly, and the CI/CD setup had not kept pace.
Travis CI had served them well in the early days but was becoming a bottleneck. Maintenance overhead kept climbing. Pipeline configurations had drifted across repositories, with each squad inventing their own approach. The underlying infrastructure was provisioned through CloudFormation templates that had accreted over years without much coordination. Nobody was confident about what lived where or why.
Frontend teams had a particular headache: runtime secrets. Credentials needed by the app at runtime were being handled inconsistently, sometimes baked into images, sometimes injected in ways that left traces in build logs. The provenance of any given secret was murky.
Shared Libraries, Terraform Modules, and a Clean Secret Model
Sequoia Applied Technologies is a Santa Clara software engineering firm that works on cloud infrastructure, DevOps tooling, and production systems for technology companies. This engagement was about untangling accumulated cruft and putting a maintainable foundation in place.
The first move was replacing Travis CI with Jenkins. Jenkins gave the client more control over execution environments, better hooks into AWS services, and the ability to enforce pipeline behavior through shared libraries. Sequoia built those libraries so every squad inherited a working baseline: correct stages, correct steps, correct guardrails. New repos could adopt the standard template in an afternoon instead of reinventing the wheel.
CloudFormation got replaced by Terraform. The existing stacks were audited, and the infrastructure was rewritten as modules with plan and apply gates, state hygiene, and defaults for least privilege access. If a squad needed to provision a new service, they pulled in the module rather than copying and pasting from some other team's stack.
The secret injection problem got its own solution. Sensitive values now come from AWS Systems Manager Parameter Store and Secrets Manager, fetched at deploy time and injected as environment variables. Container images stay generic. They can be promoted from staging to production without modification. Secrets never land in version control, build logs, or image layers.
How the Pieces Fit Together
Groovy libraries that encode pipeline stages, steps, and validation logic. Squads inherit a working baseline and override only what they need to. Changes to the shared library propagate across all repos automatically.
Reusable modules for compute, networking, and IAM with baked in defaults for least privilege. Plan and apply gates prevent unreviewed changes from reaching production. State is managed centrally with locking.
Deploy scripts fetch values from AWS SSM Parameter Store and Secrets Manager, then inject them as environment variables. Images stay clean. Secrets stay out of git, out of logs, out of layers.
Branch policies enforce the standard pipeline. New repos get stood up using a template that pulls in the shared library and Terraform modules. Quickstart docs walk teams through the first deploy.
40%+ Cost Reduction and Faster Squad Onboarding
The move from Travis CI to Jenkins, combined with the Terraform rewrite, cut tooling and maintenance costs by more than 40%. The number is real: it showed up in the client's cloud bill.
Onboarding new services went from a multi-day slog to something a squad could finish in an afternoon. The shared libraries and modules meant less reinvention and fewer opportunities for drift. Secret handling became consistent and auditable instead of a patchwork.
The rollout happened squad by squad over several months. Sequoia engineers worked directly with each team during migration, then handed off with documentation and office hours for follow-up questions.
Common Questions About CI/CD Modernization
How do you standardize CI/CD pipelines across multiple development squads?
Sequoia Applied Technologies built shared Jenkins libraries that encoded the correct stages, steps, and guardrails for this client's environment. Each squad inherited a working baseline rather than inventing their own. Terraform modules handled infrastructure provisioning with agreed defaults for networking, IAM, and runtime configuration. The combination meant new repos could be stood up quickly without drifting from the organization's standards.
Why migrate from Travis CI to Jenkins?
Travis CI had served the client well initially but was hitting limits as the organization scaled. Maintenance overhead was climbing. Jenkins offered more control over execution environments, better integration with AWS services, and the ability to run shared libraries that enforced consistent pipeline behavior across dozens of repositories. The move also reduced tooling costs by over 40%.
How do you handle secrets for frontend deployments without baking them into container images?
The deploy step fetches sensitive values from AWS Systems Manager Parameter Store and Secrets Manager at runtime, then injects them as environment variables. Container images stay generic and can be promoted between environments without modification. The pattern keeps secrets out of version control, out of build logs, and out of the image layers where they might be extracted.
What does replacing CloudFormation with Terraform involve?
CloudFormation templates had accumulated over time without much coordination, leading to drift and inconsistency across stacks. Sequoia rewrote the infrastructure layer as Terraform modules with plan and apply gates, state hygiene, and encoded defaults for least privilege access. The modules became the single source of truth for how infrastructure should be provisioned.
How long does CI/CD modernization take for a large engineering organization?
It depends on how many repositories are in scope and how divergent they have become. For this client, the rollout happened squad by squad over several months. The shared libraries and Terraform modules were built first, then individual teams migrated their repos using quickstart documentation and direct support from Sequoia engineers.
What kind of companies does Sequoia Applied Technologies work with on DevOps and infrastructure?
Sequoia Applied Technologies is a Santa Clara, California software engineering firm. The firm works with product companies across enterprise software, fitness and consumer technology, life sciences, healthcare, and IoT. Engagements include CI/CD modernization, cloud architecture, infrastructure automation, and production delivery.