Quest1

From Hours to Minutes: An AWS-Native CI/CD Pipeline for a Multi-Sided TMS Platform

How G2Mint, a transport management SaaS connecting brokers, shippers, and carriers, replaced manual build-deploy cycles with end-to-end automated application and infrastructure pipelines on AWS — and cut deployment time from hours to minutes in the process.

$ cat case-study/details.yaml
Industry
Logistics
Service
DevOps and Automation
Partner
AWS
Client
G2Mint — a transport management SaaS platform connecting brokers, shippers, and carriers
$ read /case-study/01-the-problem.md

The Problem.

G2Mint is building a single connected platform for the transport management industry — a SaaS that brings brokers, shippers, and carriers together to optimize sourcing, rating, and freight management. The product thesis is straightforward: a multi-sided platform that takes cost out of the freight value chain by replacing fragmented point-to-point integrations with one connected workflow.

Delivering that platform reliably depends on a build-deploy cycle that can keep pace with product velocity. Early on, the cycle didn't. Build and deploy were slow, manual or partially automated, and inconsistent enough across application and infrastructure changes that engineering hours were going into the cycle itself rather than into the product.

Two structural decisions had to be made before any of that could be fixed. First, the CI/CD strategy needed to be AWS-native — consolidating around AWS services rather than stitching together a long tail of third-party tools — so the pipeline footprint matched the platform's hosting choice and the total cost of ownership stayed predictable. Second, the strategy needed to cover both the application pipelines (the SaaS itself) and the infrastructure pipelines (the AWS environments those applications run on) under a single coherent design — because automating one without the other moves the bottleneck rather than removing it.

The objective for the engagement: design and implement that strategy end to end, in production, on AWS, with both application and infrastructure pipelines automated.

$ read /case-study/02-what-we-built.md

What we built.

Quest1 designed and implemented G2Mint's CI/CD DevOps strategy in four phases — Assessment & Review, Strategy & Definition, Implementation Planning, and Execution & Monitoring — with the AWS-native consolidation as the architectural anchor.

Application pipelines, fully automated on AWS-native CI/CD.
The application build and deploy flow was rebuilt around AWS CodeCommit, CodeBuild, CodePipeline, and CodeDeploy, with BitBucket as the upstream source-of-record for code, JFrog Artifactory for build artifacts, and Cypress for end-to-end test automation in the pipeline. nx-cloud was added to accelerate monorepo build performance through distributed caching. The result was a single, observable application pipeline that took commits to deployed artifacts without human intervention in the critical path.
Infrastructure pipelines, treated as first-class.
The infrastructure side was automated against the same standards as the application side. AWS CloudFormation defined the environment topology declaratively, with AWS Control Tower governing account structure and guardrails. Infrastructure changes flowed through their own CodePipeline-driven cycle, separate from but integrated with the application flow, so environment changes could ship safely without freezing application releases.
Account-segregated, parallel-by-default.
Application functionality was segregated by AWS account, which let unrelated build flows run in parallel rather than queue against each other and gave dependency management between packages a clean boundary. Components untouched by a code commit didn't get rebuilt. The throughput compounded: parallelization at the build layer, dependency isolation between packages, and account-level boundaries that kept blast radius contained.
A managed-policy backbone via transit gateways.
As the multi-account topology scaled, network policy enforcement was anchored on AWS transit gateways — keeping inter-account routing, policy attachment, and traffic governance manageable rather than letting peering relationships sprawl into something unmaintainable.
Identity, secrets, and security baked into the pipeline.
AWS Cognito handled authentication; permit.io managed authorization policy; AWS Secrets Manager held credentials cleanly out of code and config. Security and observability ran continuously alongside the pipelines: AWS GuardDuty for threat detection, Security Hub for posture aggregation, AWS Config for compliance state, and CloudWatch as the operational telemetry plane. OpenSearch provided log aggregation and search across the stack.

Total cost of ownership was a strategic input, not an afterthought. Consolidating on AWS-native services — rather than running a parallel stack of third-party CI/CD, secrets, identity, and observability tools — kept the cost envelope tight and the operational surface area small.

$ read /case-study/03-the-impact.md

The Impact.

G2Mint now runs a fully automated CI/CD pipeline for both application and infrastructure changes. The build-deploy cycle that used to take hours, with manual steps and human waiting, takes minutes. The velocity gain comes from three compounding sources: full automation of cycles that used to involve manual coordination, parallelization across account-segregated build flows, and the elimination of redundant rebuilds for components untouched by a given commit.

The architectural choices that made the pipeline fast also made it durable. Account-based segregation kept dependency management clean and limited blast radius. Transit-gateway-anchored policy enforcement scaled with the platform rather than fighting it. And the AWS-native consolidation kept the operational stack — and the bill — bounded.

  • An end-to-end CI/CD pipeline covering both application and infrastructure changes, AWS-native throughout.
  • A multi-account AWS Control Tower topology with account-level segregation by application functionality, enabling parallel builds and clean dependency boundaries.
  • Continuous security and compliance posture through GuardDuty, Security Hub, AWS Config, and CloudWatch, integrated into the pipeline rather than bolted on.
  • A transit-gateway-based network policy layer that holds up as the multi-account footprint grows.
  • A reference for how to consolidate CI/CD on AWS-native services without taking on a long tail of third-party tooling — a pattern Quest1 can apply to comparable AWS-hosted SaaS platforms.
$ cat metrics.summary
build-deploy time, after pipeline automation
Hours → minutes
application + infrastructure, end to end
100% automated cycle
consolidated stack, contained TCO
AWS-native throughout