Gilead Sciences logo
AWS ProServe2022-2024

Gilead Sciences

Reimagining AWS Strategy & Platform Engineering

Building the cloud foundation that enabled an $80B biopharma company to accelerate

30+ days
→ 45 minutes
Account Vending
60+
Service Control Policies
250+
AWS Accounts Managed
~85%
Workloads Migrated to AWS

The Challenge

Gilead Sciences in 2019 faced common enterprise cloud adoption challenges that had compounded over multiple years and consulting engagements. Multiple teams were involved: an existing consultancy managing the AWS infrastructure, ThoughtWorks building the data platform, and various internal teams executing lift-and-shift migrations in phases.

The infrastructure layer had become a bottleneck. An existing monorepo managed over 250 AWS accounts with a problematic architecture. When attempting to deploy a new Organizational Unit (OU) and AWS account, the system tried to delete another team's OU and account. Account vending took 30+ days. Every team trying to deliver was slowed by the foundation.

I was brought in through AWS Professional Services by a colleague I'd worked with at Pearson years earlier. The initial engagement was an assessment. My finding was direct: the AWS infrastructure approach needed to be reimagined to enable the rest of the transformation.

Part 1: The Assessment

Infrastructure Findings

  • Monorepo managing 250+ AWS accounts with dangerous cross-account dependencies
  • Account vending taking 30+ days due to manual processes and queue time
  • Problematic 1:1 relationship between OUs and AWS accounts
  • Other teams (data platform, migrations) blocked by infrastructure bottlenecks

Being a truth-teller in a room full of promises is never easy. The assessment was clear: the AWS infrastructure layer was blocking the entire transformation. Other teams—including the data platform team and migration teams—couldn't move at the pace the business needed. Leadership appreciated the candor, and we were given the green light to rebuild the foundation.

Part 2: Building the Team

We assembled a core team of 5 AWS ProServe engineers and got to work. The first priority was account vending - getting new AWS accounts into engineers' hands quickly.

The SLA Commitment

45 minutes
Island accounts vended
2 days
Connected accounts vended

We built a new AWS Landing Zone with over 60 Service Control Policies (SCPs), custom permission sets, SSO integration, and auto-termination of sandbox accounts. Queue time kills productivity - we eliminated it.

Part 3: The Platform

As the engagement scaled, we organized into 5 focused scrum teams:

Core Team

AFT, Landing Zone, account management

CICD Team

Self-service pipelines, GitHub runners

E2E Observability Team

Monitoring, logging, tracing

GxP Compliance Team

Automated compliance for regulated workloads

Developer Experience Portal Team

Self-service portal for developers

Gilead Cloud Platform Architecture showing foundation, provisioning, and security layers
Cloud Platform Architecture — Foundation, Provisioning, and Security principles.Source: AWS re:Invent 2024 (PRO302)

The CICD platform implemented declarative pipelines with Terraform "formations" - teams could enable or disable specific modules within their pipeline. Centralized control with flexible team configurations.

Gilead Cloud Operating Model showing governance structure and Cloud Platform Engineering teams
Cloud Operating Model — Governance structure with Cloud Council, Architecture Board, and Platform Engineering teams.Source: AWS re:Invent 2024 (PRO302)

Part 4: The Outcome

The foundation we built unblocked the entire transformation. With account vending down to 45 minutes, the data platform team could iterate faster. Migration teams could provision environments without waiting in queue. The platform became an enabler rather than a bottleneck.

Platform Team Deliverables

  • New AWS Landing Zone with 60+ Service Control Policies
  • Account vending: 30+ days reduced to 45 minutes (island) / 2 days (connected)
  • Self-service CI/CD platform with declarative Terraform formations
  • GxP-compliant infrastructure for regulated pharmaceutical workloads

Transformation-Wide Outcomes

These outcomes were achieved by the full transformation team—multiple consultancies, internal teams, and partners working together:

  • ~85% of on-premises workloads migrated to AWS Cloud
  • Data Mesh with ~900 data products across all business units (Gilead-DnA platform, ThoughtWorks-led architecture)
  • Early access to AWS Bedrock for generative AI experimentation
  • Featured at AWS re:Invent 2023 and 2024
  • Industry recognition: Intelligent Digital Enterprise of the Year, Data Mesh of the Year, CIO 100 Award
"Gilead envisions a substantial reduction in the time needed for target assessment – by several months – thanks to the efficient generation of high-quality target assessment reports facilitated by generative AI."
— Marc Berson, AWS re:Invent 2023 Keynote

Key Lessons

Foundation Enables Velocity

A solid cloud foundation is critical for AI and business transformation. You can't build fast on a broken foundation.

Queue Time Kills

Most delays are queue time, not work time. 30 days of account vending was really 20-30 minutes of actual work.

Honest Assessment First

Being a truth-teller in a room full of promises isn't easy, but it's the only path to real transformation.

Further Reading

Key Takeaways from Gilead's Innovation Talk at re:Invent 2023

AWS Industries Blog

Transformative Journey at Gilead: Confluence of Cloud, Data, and GenAI

LinkedIn Article

Gilead Sciences: Operational Excellence for Cloud, Data, and AI/ML

AWS re:Invent 2024 Slides (PDF)

Back to All Case Studies

Facing Similar Challenges?

Let's discuss how these approaches might apply to your cloud transformation.

Schedule a Conversation