Cloud & Infrastructure

AWS, GCP, OVH, Cloudflare, Supabase, and Vercel architecture for MENA and European clients. Infrastructure as Code, cost optimization, and sovereign-cloud deployments.

Cloud architecture in 2026 has matured into a discipline where the decisions matter more than the features. Every cloud has every service; the right answer depends on your specific workload economics, data residency, team skills, and cost trajectory.

We help clients make those decisions and ship the resulting infrastructure.

Our practice covers

Architecture and migration

  • New-build cloud architecture for greenfield projects
  • Migration strategy and execution (AWS → Cloudflare, on-prem → cloud, single-cloud → multi-cloud)
  • Hybrid deployments where some workloads stay on-prem (regulatory or cost reasons) and others go to cloud
  • Sovereign-cloud and data-residency design for Egyptian financial services, healthcare, and government workloads

Cost optimisation

  • Reserved instance / savings plan analysis on AWS — typically a 20-40% reduction without changing what runs
  • Workload right-sizing using observability data
  • Storage class migration (S3 Intelligent-Tiering, GCS Nearline, etc.)
  • Egress cost reduction strategies (CDN tier-up, edge deployment, regional consolidation)

Cloud platforms we work with

PlatformStrengthTypical client fit
AWSBreadth, mature ecosystemEnterprise, regulated industries, complex multi-service stacks
GCPAI/ML, BigQuery, Vertex AIData-heavy and AI-first companies
OVHEU data residency, costEU-based or MENA-EU spanning workloads
Cloudflare WorkersGlobal edge, free tier, EU regionsStatic + edge-compute, content sites, AI inference at edge
SupabasePostgres-first BaaS, EU regionsStartups and SMB, Postgres-friendly stacks
VercelFrontend hosting, Next.jsFrontend-heavy teams already on Next.js

We are platform-agnostic and recommend based on workload economics, not vendor relationships.

Infrastructure as Code (IaC)

We work primarily in Terraform / OpenTofu with modules structured for reusability. Standard repo layout:

infrastructure/
  modules/           reusable building blocks (vpc, eks, rds, etc.)
  environments/
    staging/         per-environment configuration
    production/
  workflows/         CI/CD on plan + apply

Every infrastructure change goes through pull request review. terraform plan runs on PR, terraform apply runs on merge. Drift detection runs nightly.

Observability and reliability

  • Logging and metrics stack: Cloudwatch + Prometheus + Grafana, or Datadog, or open-source observability (OpenTelemetry → SigNoz)
  • Alerting on the metrics that map to user-visible incidents, not on noisy infrastructure-level signals
  • On-call rotation design and incident-response playbooks
  • Post-incident review process; blameless and learning-focused

What we deliver

Discovery (week 1-2)

  • Existing infrastructure audit (compute, storage, network, IAM, observability)
  • Cost analysis with itemised waste
  • Compliance audit against your regulatory requirements (CBE, SAMA, GDPR, etc.)
  • 12-week prioritised improvement roadmap

Build (weeks 3+)

  • Greenfield architecture or migration plan execution
  • Terraform modules and CI/CD wiring
  • Observability stack stand-up
  • Production cutover plan with rollback procedures
  • Documentation for your team to operate independently

Handover or ongoing partnership

  • For projects: knowledge transfer to your in-house ops team
  • For ongoing: quarterly architecture review + on-call advisory + cost-optimisation sweep

Typical outcomes

From engagements completed in 2025-2026:

  • MENA fintech: AWS bill reduced 38% in 6 weeks via right-sizing + reserved instances + S3 tiering
  • Cairo-based SaaS: Migration to Cloudflare Workers + Supabase, 70% infrastructure cost reduction at 2x performance (LCP)
  • European media client: Multi-region Terraform setup with automated failover; RTO went from 4 hours to 12 minutes
  • Egyptian healthcare startup: Sovereign-cloud deployment on local Egyptian provider for PII workloads + GCP for non-PII analytics; compliant with CBE draft AI rule

Engagement shapes and pricing anchors

For directional planning:

Cloud audit (2-3 weeks)

  • Existing infrastructure mapped (compute, storage, network, IAM)
  • Cost analysis with itemised waste and recommended consolidations
  • Compliance posture vs your regulatory requirements (CBE, SAMA, GDPR)
  • 90-day prioritised remediation roadmap with ROI per item
  • Typical investment: USD 15-30K depending on environment complexity

Migration engagement (8-16 weeks)

  • Migration plan from current state to target (AWS → Cloudflare, on-prem → cloud, etc.)
  • Terraform / OpenTofu modules built for the target architecture
  • CI/CD pipelines on plan/apply, drift detection nightly
  • Phased cutover with rollback procedures at each stage
  • Knowledge transfer to your team for ongoing operation
  • Typical investment: USD 80-220K depending on workload count and complexity

Reliability / SRE retainer (6-12 months)

  • Monthly architecture review, on-call advisory, quarterly cost-optimisation sweep
  • Incident response support during your team’s growing-pain phase
  • Typical investment: USD 6-15K/month depending on environment scale

These are anchors, not quotes. We tailor every proposal to scope.

When you should NOT engage us

Honest about when we are not the right fit:

  • Want to push everything to Kubernetes regardless of fit — we will fight you on this. Under 50 services, Kubernetes is usually wrong. If your decision is set, hire a Kubernetes specialist, not us
  • Multi-cloud “for resilience” without a clear failure-mode story — multi-cloud doubles your operational complexity and rarely doubles your resilience. We will challenge the assumption; if you reject the challenge, we are probably not the firm
  • Outsourcing infrastructure entirely — we build the capability into your team. If you have no internal ops capacity and no intent to build it, you need a managed service provider, not a consultancy
  • Cloud-shopping based on credits — VC-fund cloud credits distort architecture decisions in ways that hurt at scale. We design for the cost curve you will face at scale, not the price point under credit subsidy

Get in touch

Email contact@kalastor.net with your current cloud spend (rough), the top 3 pain points, and any compliance constraints we should know about. We respond within 24 hours.

Cloud & Infrastructure — frequently asked questions

Which cloud do you recommend for MENA enterprises?
It depends on data residency, the workload, and existing skills. For data-residency-sensitive workloads (Egyptian financial services under the draft CBE AI rule), OVH (Marseille), Cloudflare Workers (global edge with EU regions), or sovereign-cloud providers approved by local regulators. For non-sensitive workloads, AWS is the default for breadth, GCP for AI/ML-heavy workloads, Cloudflare Workers for edge-first deployment.
Do you do Cloudflare Workers deployments?
Yes — extensively. We have shipped production sites on Cloudflare Workers Static Assets (the migration path Cloudflare itself recommends from Pages in 2026), Workers AI for inference at the edge, and Workers KV/D1/R2 for data layers. The combination of global edge presence, generous free tier, and EU data zones makes Cloudflare an excellent default for MENA-Europe-spanning workloads.
Can you help us migrate off AWS to reduce costs?
Often, yes — AWS bills are frequently 30-50% inflated through unused reserved capacity, oversized instances, and forgotten services. But we will tell you honestly when migration is the wrong move. Cost reduction within AWS (savings plans, Graviton instances, S3 storage class optimisation) is usually faster ROI than a full migration.
Do you do Kubernetes?
Reluctantly, and only when justified. Most enterprises with under 50 services do not need Kubernetes — the operational overhead is greater than the benefit. We will deploy on Kubernetes when the use case warrants it (multi-tenant SaaS, complex microservices), and aggressively push toward simpler alternatives (managed container services, serverless) when it does not.
What does Infrastructure as Code mean in practice?
Every piece of cloud infrastructure (compute, storage, network, IAM) is defined in version-controlled code, applied via CI/CD, and reviewable via pull request. We use Terraform / OpenTofu as the default. The benefit: every environment is reproducible, every change is auditable, and disaster recovery is a `terraform apply` rather than a 3-day rebuild.
How do you handle Egyptian data-residency compliance?
Two options depending on workload sensitivity: (1) deploy inside Egypt on a CBE-approved sovereign-cloud provider — limited options but adequate for most workloads, or (2) deploy in adjacent jurisdictions (UAE, Saudi Arabia) with explicit consent flows and anonymisation. For LLM inference specifically, on-prem deployments of open-weights models alongside commercial API calls (for non-PII workflows) is a common pattern.

Ready to engage?

Email contact@kalastor.net with a one-page brief. We respond within 24 hours.