AWS Cloud OperationsCloud AIState and Local GovernmentPublic CloudAWSCloud Migration and ModernizationCloudPublic Sector
Case Study8 minute read

Large State Government Modernizes Operations, Takes Control of Cloud Growth

Learn how a state government partnered with WWT to modernize cloud operations across AWS, implementing Terraform infrastructure automation, FinOps cost visibility and containerization to bring structure and compliance to a rapidly expanding 93-account environment spanning 20+ agencies.

In this case study

 Challenge

Cloud adoption is be frictionless by design. Scaling the operations to manage what you've adopted is anything but. For one WWT client, a large state government, the cloud environment had quickly grown to approximately 65 accounts, spanning roughly 20 agencies, with no standardized provisioning model and no end to the rapid expansion in sight. The internal team was skilled and committed. Yet the pressure showed up in three places: runaway cloud costs with no visibility into the source, a compliance posture that had fallen behind requirements, and foundational automation code that was failing every time someone needed it.

  1. Cost was an immediate pressure. All cloud spend was rolled up into a single Amazon Web Services (AWS) master account, giving leadership a total monthly number but nothing more. There was no breakdown by agency, no visibility into which workloads were driving spend, and no practical way to identify where to reduce it.
  2. Security added a layer of urgency. As a state government, the organization was required to operate within the NIST 800-53 framework, a rigorous standard covering data encryption, logging, network access and software configurations. The tools to assess compliance were already in place: Tenable had been deployed for vulnerability scanning but was not being actively used. When WWT activated it against the client's NIST 853 profile, it surfaced a significant backlog of vulnerabilities and non-compliant configurations that had accumulated undetected.
  3. Compounding both issues were 20 agencies managing workloads in relative isolation with limited coordination on architecture or design standards. Every new project required bridging that gap. And the scripts that provisioned network resources for every new account hadn't been updated in years. They were failing on deployment often enough that standing up each new account had become an hours-long troubleshooting exercise.

 Solution

In 2023, the state engaged World Wide Technology (WWT) as a cloud operations partner across AWS and Microsoft Azure, embedding senior WWT engineering resources directly alongside the state's internal team. The engagement was organized around four workstreams, each targeting a specific gap: standardizing how infrastructure gets built, modernizing the networking automation that had become a bottleneck, introducing containerization to improve how applications are deployed and managed, and bringing cost visibility to an environment that had been running largely blind.

 1. Infrastructure automation via Terraform

The starting point was standardization. WWT built a library of 15+ Terraform modules mapped to individual AWS services, including EC2, RDS, DynamoDB and CloudFront, establishing a consistent and repeatable way to provision infrastructure across the entire environment. Cost-discipline was embedded from the start, through three defaults built into every module:

  • Autoscaling was off until requirements are confirmed.
  • Resources defaulted to on-demand pricing until capacity patterns were understood.
  • Storage was sized from historical baselines rather than estimates.

 2. Networking automation modernization

Fixing the networking automation was both urgent and foundational. WWT replaced the failing legacy scripts with a Terraform V2 module that provisions all required network resources for a new AWS account from just seven or eight input variables:

  • VPCs, subnets and security groups
  • Access control lists
  • Aviatrix gateways for data center connectivity

A process that had required hours of troubleshooting now completes in minutes, with a consistent output every time.

 3. Application containerization

WWT introduced the client's first use of containers in the cloud, deploying applications via Docker and managing them through AWS Elastic Container Service (ECS). The workloads span both net-new deployments and migrations from on-premises environments. Approximately 10 applications now run in this model, with improved portability, scalability and consistency across deployments.

 4. Cost visibility and FinOps

Alongside the engineering work, WWT configured Cloudability, an Apptio product, to break cloud spend down by account, agency and resource. For the first time, leadership could see exactly where money was going. FinOps tagging was applied across EC2, RDS and other key services, enabling daily cost reporting at the agency level. The effect was immediate: Oonce agencies could see their own numbers, many came forward requesting help identifying and eliminating resources they no longer needed.

The work was technical. The impact was organizational. Across cost, compliance, automation and visibility, the state had the foundation it needed to move forward with confidence.

 Results

 Compounding cost savings 

Before WWT, the state could see what cloud services cost in total but had no way to connect that number to the agencies, workloads or resources generating it. That changed. WWT's cleanup of orphaned EBS volumes, storage assets untouched for 90 or more days, identified approximately 70 candidates for deletion and yielded roughly $1,100 per month in recurring savings. 

More significantly, cost optimization is now structural rather than episodic. Every new build is right-sized from the start through Terraform module defaults, and Cloudability continuously surfaces reduction opportunities across all 93 of the state's active AWS accounts, up from 65 when the engagement began. Savings no longer require a dedicated audit. They accumulate as a byproduct of how the environment operates.

 From sprawl to strategy

When WWT joined the engagement in 2023, the state had approximately 65 AWS accounts and no standardized way to manage the growth that was coming. The 93 accounts in place as of today did not accumulate by accident. They reflect agencies choosing to bring more workloads to a platform that had become reliable, well-governed and easier to build on. 

That shift in confidence produced a consequential strategic decision: The state committed to vacating one of its two legacy data centers and migrating the majority of its workloads to AWS — a move the state was not positioned to make until WWT had stabilized and matured the client's environment. New workloads are now directed to AWS as the default, supported by automation infrastructure that makes standing up a new account or onboarding a new workload fast, consistent and cost-effective across every agency.

 Reliable and tested operations at scale

Managed cloud operations are only as valuable as the reliability they deliver. When an application goes down or a build request comes in, response time matters. Under WWT's management, the state's cloud environment now operates to a consistent and predictable standard:

  • Infrastructure incidents and application issues are resolved within 24 to 48 hours.
  • Simple resource provisioning turns around in hours. Complex, multi-agency deployments can take up to four weeks.
  • No significant security events have occurred under WWT's operational management.

That reliability also showed up when a major storm threatened the region. WWT worked proactively with the state to ensure that a critical public safety application, one used by first responders to locate available hospital beds across the state, had the infrastructure capacity to handle a sudden surge in demand. The storm came. The application held. That is the sort of work that does not appear in a cost report but defines what a genuine operations partnership looks like in practice.

 Internal resources freed up for higher-value work

A well-run operations partnership does more than keep the lights on. It creates capacity. With WWT managing the day-to-day complexity of the state's cloud environment, the state's own people were able to turn their attention to the work that had been waiting for them.

Three outcomes from that shift stand out:

  • In early 2025, the state moved its most experienced cloud engineer, previously the lead of the internal cloud team, into the head role on the state architecture team. The state architecture team had an immediate need for stronger technical leadership. They felt confident enough in WWT's ability to carry the cloud operations work that it could afford to move its best technical resource to where the need was greater.
  • The state stood up a dedicated AI initiative team to develop use cases specific to state government challenges. The team selected AWS as its platform, a direct reflection of the confidence the state now has in the environment WWT manages.
  • A separate WWT-led workstream is managing the data center migration in parallel with the core cloud operations engagement, with a different WWT team dedicated to that effort.

What began as an effort to bring structure to a rapidly expanding cloud environment has since grown into something larger. A data center is being vacated. An AI initiative is underway. A partnership that started in 2023 has been extended through 2027. The state is not managing the cloud anymore. It is building with it.

 Accelerate your cloud transformation today

WWT's Cloud, technical delivery and engineering practices bring two decades of state and local government experience to engagements. For state and local government organizations managing rising cloud costs, growing agency demand, and internal teams stretched beyond their bandwidth, WWT offers a proven model that scales with your goals, builds cost control into every deployment, and frees your people to focus on strategic endeavors. 

Technologies