CASE STUDIES
SaaS, AI, health care, and financial startups trust FivexL to build their infrastructure in AWS, empowering their businesses to grow faster. Learn how. Book a consultation
“What impressed us most was the speed and the depth of expertise. FivexL understood exactly what an AI-native product needs on AWS - multi-tenancy, data isolation, Bedrock integration - and delivered it all with security baked in from the start. The SSO Elevator setup means nobody has standing access to production, which is exactly the posture we need when handling customer data. We expected a solid foundation; what we got was a competitive advantage.”
Daniil Goloviznin, Head of Infrastructure at Sirob Technologies
Book a consultation
Two lead consultants for the project
Anton Eremin
AWS Cloud Engineer Accomplished AWS Solutions Architect AWS Open-Source Maintainer & Contributor Public speaker
About Sirob Technologies
Sirob Technologies is an Estonian Agentic AI SaaS company building B.O.R.I.S. - an AI DevOps teammate that connects to an engineering team’s existing tools (logs, metrics, dashboards, tickets, repos, configs) and translates operational noise into structured, AI-ready context. When an incident hits, BORIS investigates, correlates signals, and answers with evidence - then captures the resolution path so the next incident is faster and less dependent on who happens to be online. The result: less toil, fewer repeat outages, and more productive engineers.
Challenge
Building an AI product is one thing. Running it in production for real customers is a different problem entirely.Sirob Technologies had a working prototype of BORIS - an agentic AI DevOps teammate powered by Amazon Bedrock. The AI worked. But the infrastructure underneath was manually configured, single-tenant, and nowhere near ready for paying customers. A familiar situation for any AI startup: the model is promising, but the platform around it isn't there yet.
To start onboarding customers, Sirob needed to solve several hard infrastructure problems at once: how to run Bedrock-powered agents in a secure, multi-tenant setup where each customer's data stays strictly isolated. How to deploy and update agents without downtime. How to trace and audit every action an AI agent takes in a customer's environment - a non-negotiable when your product touches production infrastructure. And how to control costs and enforce guardrails around LLM usage so that scaling doesn't mean runaway bills.
With a small team and paying customers waiting, Sirob couldn't afford a year-long infrastructure build. Every week without a production-ready platform was a week of lost revenue and a week of delayed go-to-market.
Solution
FivexL designed a phased approach to take Sirob from a manually configured MVP to a fully productized, secure AWS platform - all delivered in under two months.
Phase 1: Secure Landing Zone with RightStart (about a month)
FivexL started with its RightStart for AWS productized service to establish a compliant, secure Landing Zone. This gave Sirob a governed multi-account AWS Organization with dedicated accounts for workloads, security tooling, and shared services - built on AWS Control Tower with full Terraform automation.
The Landing Zone was configured with multiregional deployment support from the start, addressing data sovereignty requirements critical for Sirob’s international customer base. Cost anomaly detection and budget alerts were set up to give the small team early visibility into spending patterns.
Phase 2: True Least-Privilege Access (< 1 week)
FivexL deployed its open-source SSO Elevator to implement a zero-standing-access model. No one - not even infrastructure leads - has permanent access to production. All elevated access is temporary, requested through Slack, and fully audited. For an AI product handling customer operational data, this posture isn’t optional - it’s a competitive requirement.
Phase 1: Secure Landing Zone with RightStart (about a month)
FivexL started with its RightStart for AWS productized service to establish a compliant, secure Landing Zone. This gave Sirob a governed multi-account AWS Organization with dedicated accounts for workloads, security tooling, and shared services - built on AWS Control Tower with full Terraform automation.
The Landing Zone was configured with multiregional deployment support from the start, addressing data sovereignty requirements critical for Sirob’s international customer base. Cost anomaly detection and budget alerts were set up to give the small team early visibility into spending patterns.
Phase 2: True Least-Privilege Access (< 1 week)
FivexL deployed its open-source SSO Elevator to implement a zero-standing-access model. No one - not even infrastructure leads - has permanent access to production. All elevated access is temporary, requested through Slack, and fully audited. For an AI product handling customer operational data, this posture isn’t optional - it’s a competitive requirement.
Phase 3: Security and Operational Monitoring (1 week)
The AWS environment was instrumented with centralized security monitoring across all accounts: CloudTrail for audit logging, Security Hub for posture management, GuardDuty for threat detection, and Config for resource compliance tracking. Alerts flow to the team’s existing channels, keeping operational overhead minimal for a small team.
Phase 4: Productized Bedrock Deployment on ECS (2 weeks)
This was the core platform build. FivexL migrated BORIS from the manual MVP setup to FivexL’s ECS Blueprint - a battle-tested container orchestration pattern running on AWS Fargate. The deployment includes:
Amazon Bedrock integration using the latest platform features, giving BORIS managed access to foundation models with built-in guardrails for content filtering, token limits, and cost controls.
Multi-tenant isolation ensuring each customer’s data, agent runs, and context remain strictly separated - enforced at the network, IAM, and application layers.
Automated CI/CD pipelines enabling frequent, zero-downtime deployments so the Sirob team can ship updates to BORIS without interrupting customer environments.
Observability stack with structured logging and tracing across agent runs, providing auditable records of every action BORIS takes in a customer environment.
The AWS environment was instrumented with centralized security monitoring across all accounts: CloudTrail for audit logging, Security Hub for posture management, GuardDuty for threat detection, and Config for resource compliance tracking. Alerts flow to the team’s existing channels, keeping operational overhead minimal for a small team.
Phase 4: Productized Bedrock Deployment on ECS (2 weeks)
This was the core platform build. FivexL migrated BORIS from the manual MVP setup to FivexL’s ECS Blueprint - a battle-tested container orchestration pattern running on AWS Fargate. The deployment includes:
Amazon Bedrock integration using the latest platform features, giving BORIS managed access to foundation models with built-in guardrails for content filtering, token limits, and cost controls.
Multi-tenant isolation ensuring each customer’s data, agent runs, and context remain strictly separated - enforced at the network, IAM, and application layers.
Automated CI/CD pipelines enabling frequent, zero-downtime deployments so the Sirob team can ship updates to BORIS without interrupting customer environments.
Observability stack with structured logging and tracing across agent runs, providing auditable records of every action BORIS takes in a customer environment.
Benefits
From MVP to customer-ready platform in under two months - Sirob Technologies went from a manually configured prototype to onboarding paying customers on a secure, production-grade AWS platform.Immediate outcomes
Sirob started onboarding customers and winning business immediately. Enterprise-grade security, strict data isolation, and auditable access controls gave prospects the confidence to commit. The zero-standing-access model via SSO Elevator became a selling point in security-conscious sales conversations.
Operational efficiency for a small team
The fully automated, Terraform-managed platform means the team spends time building BORIS features, not managing AWS resources. Automated deployments, centralized monitoring, and cost alerting keep the operational burden near zero.
Longer-term outcomes
The multi-tenant architecture scales with demand - new tenants without architectural changes. The multiregional Landing Zone supports expansion into markets with data residency requirements. And because the entire infrastructure is defined as code, the team can evolve the platform independently.
Our happy customers
-
FivexL didn't just set up infrastructure - they gave us a production platform we could trust from day one. We went from a manual MVP to onboarding real customers in weeks.
Daniil Goloviznin, Head of Infrastructure at Sirob Technologies
Sirob Technologies
Case StudyFivexL built a secure, multi-tenant AWS platform for an Estonian AI startup, taking their agentic DevOps product from early MVP to production-ready infrastructure in under two months.
Read more -
FivexL were very clear on scope and delivered exactly what we needed: an AWS foundation we could build on with confidence while keeping our Google Cloud environment running.
Neverless Team
Neverless
Case StudyFivexL delivered a secure, production-ready AWS foundation for a London fintech company expanding beyond Google Cloud.
Read more -
The FivexL team had laid the foundation for SOC2, and we didn’t need to make major changes to get certified.
Mattias Hemmingsson, Head of Security at Hippo
Hippo
Case StudyRightStart for AWS by FivexL gave a U.S. healthcare startup a compliance-ready foundation and multi-account setup, helping them achieve SOC2 certification.
Read more -
I think FivexL did a really good job of being deliberate, explicit, and highly consistent about the work.
Nate Sesti, CTO at Continue
Continue
Case StudyFivexL’s RightStart for AWS and production-ready ECS setup gave a U.S. AI startup the infrastructure needed for commercial launch and global scaling.
Read more
◂
▸