IMPORTANT ANNOUNCEMENT: We've got some cool events coming up this season...
14
MAY
CodeCon Bratislava
CodeCon Bratislava

We've stood at the Codecon stage many times, sharing what we’ve learned along the way. This time, we’re stepping in a bit differently & supporting the event as a partner. Come say hi and let's chat anything from DevOps and Platforms to specialty coffee!

Join Us
02
JUN
AWS for Startups [Prague]
AWS for Startups [Prague]

​AWS for Startups Prague is a one-day event for founders, engineers, and investors who want a clearer view on how startups actually build and scale today.

Join Us
Swipe for more
Close
AWS
12/5/2026

%%AWS Managed Services%% on LARA

AUTHOR
Martin Hauskrecht
Head of Engineering
SHARE

Labyrinth Labs operates your production AWS infrastructure on LARA, our battle-tested reference architecture, under a long-term managed services agreement. 24/7 monitoring, proactive operations, incident response, and continuous improvement, delivered by the same engineers who designed the platform.

A managed service, not a project

Our managed services engagement begins where most consultancies finish. After your AWS platform is live on LARA, our operations team takes over Day 2 and stays.

We run a collaborative managed service, not a black box. Your engineers retain full access to the AWS accounts, the Terraform repositories and the Kubernetes clusters we operate. Many of our customers choose to perform a meaningful share of the day-to-day operations themselves. Pushing infrastructure changes through GitOps, responding to their own application-level alerts, taking the first look at incidents during their business hours is in their hands because their teams are skilled and prefer to stay close to the platform.

Our role is to be the operational backbone underneath that: the 24/7 on-call coverage, the proactive cadence, the patching and upgrade pipeline, the incident escalation path, and the long-term platform stewardship that an in-house team rarely has time for. The mix between what we operate and what your team operates is agreed during onboarding and reviewed every quarter.

Collaboration model

We operate three engagement patterns under the same Managed Services Agreement, and customers commonly move between them as their team and workloads evolve:

Fully managed. We are the primary operations team. Your team owns product and application code; we own everything from the AWS account boundary down to the cluster, including in-cluster platform services. Suitable for teams without dedicated platform engineers.

Co-managed [most common]. Your engineers operate the platform during business hours and own changes through the same GitOps workflow we use. We provide 24/7 on-call, take primary responsibility for the LARA platform layer [EKS upgrades, networking, observability stack, security operations], and step in on incidents that exceed your team's capacity or fall outside business hours. This is how most of our customers run today.

On-call and advisory. Your team operates the platform end to end. We provide 24/7 on-call coverage as a safety net, LARA version upgrades, quarterly health reviews, and access to our engineers for design reviews and escalation. Suitable for mature platform teams that need depth, not breadth.

In every model, the operational responsibilities are documented in a RACI matrix agreed at onboarding and revisited every Quarterly Business Review. There are no surprises about who does what during an incident.

Why managing your AWS estate with us is different

A platform, not a snowflake. LARA is currently at version 9.0. Every customer benefits from improvements rolled into new versions: Kubernetes upgrades already tested across our other environments, new AWS service patterns we've productionised, security hardening informed by Prowler findings across the fleet.

Your team is not locked out. Because LARA is defined in Terraform, deployed through ArgoCD, and lives in your Git repositories, your engineers can read, review, and contribute to every part of the platform. You can hire a platform engineer tomorrow and they will be productive in days, not months. You can take the platform fully in-house at any point in the contract.

The team that built it operates it. There is no second-line handover from "delivery" to "support". The engineers who design and evolve LARA are the same engineers on call for your environment, and the same engineers your team collaborates with on changes day to day.

Infrastructure as Code from day one. Every change either of us makes, yours or ours, flows through the same reviewed pull request and ArgoCD reconciliation. There is no shell-to-prod path. Every action is traceable to a commit, a reviewer, and a pipeline run.

EU-based, GDPR-aware operations. Our delivery centre is in the EU. We support EU data residency requirements out of the box.

We manage your full AWS estate built on LARA [Labyrinth Labs Reference Architecture], the production-ready platform we have deployed and matured across more than 50 customer environments. LARA is fully defined in Terraform and operated through GitOps, which means every change, ours or yours, is reviewable, auditable, and reversible.

AWS services we operate

Compute & Containers

  • Amazon EKS [cluster lifecycle, version upgrades, add-on operations]
  • EC2 managed node groups, Karpenter-managed nodes, ARM64/AMD64 fleets
  • AWS Lambda for event-driven workloads

Networking & Edge

  • Multi-account VPC topology with hub-and-spoke peering
  • Amazon Route 53 [public and private zones across accounts]
  • Amazon CloudFront, Elastic Load Balancing, VPC Endpoints
  • Site-to-site VPN access via WireGuard or Firezone
  • NAT operations [NAT Gateway and AlterNAT cost-optimized alternatives]

Databases & Data Platforms

  • Amazon RDS Aurora [PostgreSQL and MySQL]
  • Amazon ElastiCache [Redis, Memcached, Valkey]
  • Amazon OpenSearch Service
  • Amazon Redshift
  • Amazon MSK and Amazon MQ for streaming and messaging
  • ScyllaDB on EKS for time-series workloads

Storage

  • Amazon S3 [object storage, lifecycle policies, replication]
  • Amazon EBS and Amazon EFS via the CSI drivers
  • Backup operations and disaster-recovery drills

Security & Identity

  • AWS Organizations and multi-account governance
  • AWS IAM Identity Center [SSO], IAM and IRSA operations
  • AWS Secrets Manager [synced into clusters via External Secrets Operator]
  • AWS KMS key lifecycle and rotation
  • AWS Security Hub, Amazon GuardDuty, AWS Config, AWS CloudTrail
  • Prowler continuous CIS-benchmark assessment

Observability stack

  • Prometheus for metrics with Thanos for long-term S3-backed storage
  • Loki for logs, Vector for log shipping
  • Grafana for dashboards and alerting, backed by Aurora for HA
  • PagerDuty integration for on-call paging

Delivery platform

  • ArgoCD-based GitOps for all add-on operations
  • Self-hosted GitHub Actions or GitLab runners on EKS
  • Amazon ECR with pull-through registry cache

In total, LARA covers 40+ AWS services and 50+ Kubernetes platform components, all operated by us under a single managed services contract.

24/7 monitoring

Every workload we operate is observed continuously by our Network Operations Centre. The observability stack we install with LARA [Prometheus, Thanos, Loki, Grafana and PagerDuty] provides:

  • Multi-layered alerting at the infrastructure, platform, and application level
  • Cross-environment global queries via Thanos so we can correlate incidents across regions and accounts
  • Synthetic checks for customer-facing endpoints
  • Alerts ingested into PagerDuty with documented escalation policies
  • Real-time Grafana dashboards shared with your team

We do not bolt on third-party monitoring. The observability stack is part of LARA, deployed identically into every customer environment, which is why our engineers can respond to an incident in any of our managed estates without context-switching delays.

Get in touch

We'd like to understand what you operate today, where the operational pain is, and what good looks like for your team. The discovery conversation is free and takes 30 minutes.

No items found.
Something not clear?
Check Our FAQ

Similar articles

Have some time to read more? Here are our top picks if this topic interested you.

Utilizing the AWS Well-Architected Framework for Optimal Cloud Infrastructure
AWS
13/6/2024
Utilizing the %%AWS Well-Architected Framework%% for Optimal Cloud Infrastructure

Optimize your cloud infrastructure with AWS Well-Architected Framework Review. Ensure security, efficiency, and cost-effectiveness with Labyrinth Labs, AWS Advanced Tier Partner.

Choosing the Right Cloud Consulting Partner: A Detailed Guide for Cloud Success
AWS
14/3/2025
Choosing the Right Cloud Consulting Partner: %%A Detailed Guide for Cloud Success%%

Find the perfect cloud consulting partner with our expert guide. Ensure security, cost efficiency, and easy cloud operations for long-term success.

LARA 9.0 Delivers: GPUs Support, OpenTelemetry & Faster Terraform
Technologies
23/2/2026
%%LARA 9.0 Delivers:%% GPUs Support, OpenTelemetry & Faster Terraform

Continuous investment in LARA ensures that these ecosystem shifts are handled at the platform level, instead of being solved repeatedly by every team on their own.