Loading
Loading
Cookies & privacy
We use a couple of functional cookies plus privacy-respecting analytics to understand how the site is used. No advertising, no selling your data. Privacy Policy.
Healthcare · Q2 → Q4 2025
Multi-region GCP architecture with HIPAA-equivalent controls, deployed via Terraform modules now reused across four product teams.
P95 latency (Brazil)
LGPD findings
Regions in production
Teams reusing the module
The challenge
The client served patient-record workflows across the EU and Brazil from a single GCP region. Latency complaints from Brazilian customers were rising, and an upcoming LGPD audit had data-residency obligations the current architecture couldn't satisfy.
A previous attempt at multi-region had stalled because the team couldn't cleanly separate identity-managed and regionally-isolated data without rewriting the entire data layer.
Our approach
We started with the data classification, not the architecture. Three tiers: patient records (region-locked), operational metadata (region-replicated), and configuration (global). The architecture fell out of the classification almost by itself.
Built a regional-foundation Terraform module — VPC, GKE cluster, Cloud SQL, KMS, audit logging — that could be stamped per region with one variable change. Two regions launched in seven weeks. The third (DR-only) followed in two.
HIPAA-equivalent controls in code: key rotation policies, audit log shipping to a separate project, IAM constraints against cross-region data access. Compliance mappings documented in the same repo as the Terraform.
The outcome
Brazilian-customer P95 latency dropped from 380ms to 92ms after the São Paulo region went live. The LGPD audit closed in a single round without findings.
The regional-foundation module became the template four other product teams stamped out for their own new regions over the next quarter. The client's platform team owns it now; we review the occasional PR.
Total cloud spend rose 18% (expected — running three regions costs more than one) but per-tenant infra cost fell because the rightsizing pass that came with the rebuild trimmed the original region's over-provisioning.
Tech stack
Other engagements
European fintech · ~200 engineers
Cut cloud spend 34% while doubling deploy frequency. Migrated from a tangled mono-account AWS estate to a multi-account landing zone with Terraform-managed everything.
SaaS Platform · Series B, US
Cut AWS bill by 41% across three months while migrating to a Terraform-managed multi-account topology. Zero downtime, no team rotation needed mid-engagement.