Years of growth and acquisitions tend to leave a mark on a platform’s infrastructure — a patchwork of services, runtimes and accounts that becomes harder to operate and scale over time. That was the starting point for Kigo, a mobility platform serving 4 million users across Latin America. Working with Craftech, an AWS Advanced Tier Services Partner, Kigo consolidated a heterogeneous legacy stack into a single, standardized platform on Amazon EKS, hosted in the new AWS Mexico region (mx-central-1) to sit closer to its users.
About Kigo
Kigo is a mobility platform serving 4 million users — roughly 700,000 of them monthly active — across Mexico, Colombia, Guatemala and Panama. Its products span virtual parking meters, digital parking and enforcement, and access control for private locations. With Mexico as its primary market, proximity, availability and operational simplicity are central to the experience it delivers.
The challenge
Multiple acquisitions over the years had produced a heterogeneous infrastructure: services running on Amazon ECS, Amazon EC2 and AWS Elastic Beanstalk with obsolete runtimes (PHP 5.6, Python 2.7), spread across several AWS accounts in the us-east-1 and us-west-2 regions. That setup created several pressures:
- No real high availability. Many environments ran single-instance configurations (Min/Max 1/1), leaving the platform exposed.
- Inconsistent or absent automation. CI/CD was manual or non-existent across the majority of repositories.
- Cross-region latency. With its core user base in Mexico, running the workload out of us-east-1 added avoidable distance between users and services.
- Fragmented access control and aging runtimes. Identity was inconsistent, and obsolete language runtimes carried growing maintenance and security risk.
Kigo needed to consolidate, modernize and standardize the workload while preserving a zero-tolerance stance on downtime, lowering operational overhead, and creating a foundation for further growth.
The solution: a consolidated, GitOps-driven platform on Amazon EKS
Craftech designed and executed a phased modernization built on a multi-account AWS Organizations structure (13 accounts) centered on the mx-central-1 region in Mexico.
The compute layer was unified on Amazon EKS with Karpenter for dynamic node provisioning, running a fleet of containerized microservices (kigo-mobility, kigo-parkingmeter, kigo-enforcement, kigo-qr-hub, kigo-auth, kigo-core, kigo-kyc, kigo-ed) behind an Amazon API Gateway HTTP API that routes traffic to internal Application Load Balancers inside the cluster.
The data layer was modernized with Amazon Aurora MySQL 8.0 (multi-AZ), Amazon RDS for PostgreSQL with Amazon DevOps Guru for proactive anomaly detection, and Amazon ElastiCache for Redis with TLS in transit.
Deployments are fully declarative through ArgoCD GitOps, sourced from GitLab and GitHub repositories, with builds running in GitHub Actions authenticated to AWS via OIDC — no long-lived credentials. Secrets are managed centrally in AWS Secrets Manager and consumed by pods through the External Secrets Operator, while pods reach AWS services via EKS Pod Identity for scoped, pod-level access.
Observability runs on Prometheus with Thanos (long-term retention on Amazon S3), Loki with Promtail, and Amazon Managed Grafana. Access is federated through AWS IAM Identity Center — delegated to a dedicated identity account and integrated with Google Workspace via SAML and SCIM — eliminating long-lived access keys. AWS WAF with eight rules protects the public load balancers, with AWS CloudTrail and AWS Config providing governance and audit.
The full environment is declared as code with Terraform/Terragrunt across three repositories, and the architecture was deliberately designed to be operated by Kigo’s own SMB-scale platform team, without requiring a dedicated cloud-operations organization.
Migrating the data with minimal downtime
The trickiest part of a project like this is moving production databases across regions and accounts without disrupting service. Because Amazon Aurora Global Database is not yet available in mx-central-1, Craftech used AWS Database Migration Service (DMS) with Full Load plus change data capture (CDC) and binlog synchronization to move production data from us-east-1 to mx-central-1 — achieving sub-minute switchover downtime.
Results
Key outcomes delivered:
- Workload consolidation: 8 production microservices migrated from heterogeneous legacy environments (ECS, EC2, Elastic Beanstalk on PHP 5.6 / Python 2.7) into a single Amazon EKS cluster with consistent runtime and deployment standards.
- Standardized CI/CD: 100% of production-migrated repositories now run a standardized GitHub Actions + OIDC pipeline pushing images to Amazon ECR, with ArgoCD keeping deployments in sync — replacing largely manual processes.
- Lower latency for users: running in mx-central-1 brings the platform closer to its primary user base in Mexico, removing cross-region latency from us-east-1.
- High-availability foundation: multi-AZ EKS, multi-AZ Aurora MySQL and Karpenter elastic compute replace fragile single-instance configurations.
- Built-in cost optimization: Karpenter scales in non-production nodes outside business hours and on weekends, with right-sizing guided by AWS Compute Optimizer, Goldilocks and VPA.
- Stronger security posture: federated identity with no long-lived keys, scoped pod-level access via EKS Pod Identity, secrets kept out of container images, and WAF, CloudTrail, Config and DevOps Guru for protection and detection.
- AWS MAP enrollment: all resources are tagged
map-migrated, qualifying the migration for AWS Migration Acceleration Program credits.
Looking ahead
With a single, standardized platform now in place — and designed to be run by Kigo’s own team — the company has a modern, highly available foundation in its core market, ready to support continued growth across the region.
Building or modernizing your platform on AWS? Craftech is an AWS Advanced Tier Services Partner helping companies across LATAM migrate, modernize and operate on AWS. Get in touch to talk through your project.
