← back to blog
devopsFeatured·Aug 12, 2025·12 min read

Platform Engineering: Building an Internal Developer Platform on AWS

Building an IDP that cut deployment lead time by 70% — self-service infrastructure with Backstage, golden paths using Terraform modules, automated environment provisioning, and developer experience metrics.

SJ
Sabin Joshi
DevOps Engineer
#platform-engineering#devops#backstage#idp#terraform#developer-experience#dx

Why Platform Engineering?

Platform engineering solves the DevOps bottleneck at scale. When you have 10 developers, a shared DevOps team works. When you have 200 developers, every team waiting on infrastructure becomes a critical path. The answer: build a platform that lets developers self-service infrastructure without needing to know Terraform, AWS, or Kubernetes.

70%
deployment lead time reduction
50%
fewer DevOps support tickets
4.7/5
developer satisfaction
15min
new env provisioning (was 3 days)

IDP Architecture

Internal Developer Platform Architecture
{arr('a','#555')}{arr('ag','#00ff88')} Backstage service catalog templates tech docs ownership graph Developer picks template, fills form GitHub scaffolded repo PR opened Golden Paths TF modules library opinionated defaults GitHub Actions build + test security scan tf plan + apply ArgoCD app deployment drift detection AWS Infra VPC, RDS, EKS... EKS Cluster app workloads DORA Metrics Dashboard — deploy freq · lead time · MTTR · change failure rate

Backstage as the Developer Portal

Backstage is the single pane of glass for developers. Every service, database, and infrastructure component is registered in the software catalog. Developers can create new services by selecting a template — the platform scaffolds the repo, CI/CD pipeline, and baseline infrastructure automatically.

# Backstage template — scaffolds a new microservice
apiVersion: scaffolder.backstage.io/v1beta3
kind: Template
metadata:
  name: node-microservice
  title: Node.js Microservice
spec:
  parameters:
    - title: Service Details
      properties:
        serviceName: { type: string, title: Service Name }
        teamOwner: { type: string, enum: [payments, auth, platform] }
        dbRequired: { type: boolean, title: Needs Database? }
  steps:
    - id: fetch-template
      action: fetch:template
      input: { url: ./skeleton }
    - id: create-repo
      action: publish:github
    - id: register-catalog
      action: catalog:register

Golden Paths, Not Gates

The key insight in platform engineering: make the right way the easy way. Our Terraform module library abstracts away VPC configuration, IAM roles, security groups, and tagging requirements. A developer can provision a production-ready RDS instance with 5 lines of Terraform because the hard parts are in the module.

# Developer-facing module — all hardening is inside
module "my_database" {
  source      = "git::https://github.com/org/tf-modules//rds-aurora"
  name        = "my-service"
  environment = "production"
  team        = "payments"
  instance_class = "db.t3.medium"
  # Encryption, Multi-AZ, backups, tags — all enforced by module
}

Measuring with DORA Metrics

We track the four DORA metrics to measure platform effectiveness: Deployment Frequency (how often we deploy), Lead Time for Changes (commit to production), Mean Time to Recover (MTTR on incidents), and Change Failure Rate (% deploys causing incidents). Before the IDP: lead time averaged 3 days. After: 47 minutes.

💡Start with a service catalog and documentation portal — these deliver immediate value without requiring infrastructure changes. Add self-service provisioning in phase 2 once teams trust the platform.