Replatforming EquityMultiple from Heroku to AWS
How ApplauseLab moved EquityMultiple's real estate investing platform from Heroku to AWS ECS, codified the infrastructure, and hardened production operations.
Heroku was no longer the right operating layer
EquityMultiple's investing platform needed more control than Heroku could comfortably provide: clearer infrastructure ownership, stronger AWS-native security controls, repeatable deployments, and better visibility into production behavior.
The work touched several connected systems:
- Application workloads running on Heroku
- Containerized services on AWS ECS
- Load balancers, networking, and runtime configuration
- Infrastructure managed as code
- AWS WAF, GuardDuty, Security Hub, and CloudFront edge controls
- JA3-based request protection at the edge
- CI/CD pipelines for safer releases
- Grafana Cloud monitoring, tracing, dashboards, and alerts
The migration raised several platform questions:
- How do we move production workloads from Heroku to ECS without turning the migration into a rewrite?
- What parts of the AWS platform should be codified so environments can be reviewed and reproduced?
- Where should security move from ad hoc configuration into managed AWS controls?
- What does the team need to see when production is slow, noisy, or under suspicious traffic?
The goal was a real platform migration, not a change of hosting provider. EquityMultiple needed AWS infrastructure that could be changed deliberately, deployed repeatedly, protected at the edge, and observed in production.
A controlled move onto AWS ECS
ApplauseLab replatformed the application from Heroku onto AWS ECS and built the operational layer around it: infrastructure as code, delivery pipelines, security controls, and observability.
The migration was handled as platform engineering work, not a lift-and-shift. ECS became the runtime, the AWS estate was codified, CI/CD made releases repeatable, and production signals were pulled into Grafana Cloud. Security was tightened with WAF, GuardDuty, Security Hub, and CloudFront protections, including JA3 signals for suspicious client behavior.
Key product surfaces
Heroku to AWS ECS migration
Moved application workloads out of Heroku and into ECS so runtime, scaling, networking, and deployment behavior could be owned inside AWS.
AWS platform architecture
Refined service boundaries, load balancing, configuration, and network shape around an AWS-native operating model.
Infrastructure as Code everywhere
Codified the platform so infrastructure changes could be reviewed, versioned, reproduced, and evolved without manual drift.
AWS-native security controls
Added WAF, GuardDuty, and Security Hub to improve edge protection, threat detection, and security posture management.
CloudFront JA3 protections
Strengthened edge defenses with CloudFront controls that use JA3 fingerprinting signals to identify suspicious clients.
CI/CD pipelines
Built and improved pipelines so application and infrastructure changes could move through environments consistently.
Grafana Cloud observability
Added monitoring, tracing, dashboards, and alerts so production behavior was visible before and during incidents.
Operational cleanup
Improved the day-to-day developer and operations workflow around deployments, infrastructure changes, and incident response.
What was achieved
- Moved the application platform from Heroku to AWS ECS
- IaC'ed the AWS infrastructure so changes are versioned and reviewable
- Added WAF, GuardDuty, Security Hub, and CloudFront JA3 protections
- Built CI/CD paths for repeatable application and infrastructure delivery
- Added Grafana Cloud monitoring, tracing, dashboards, and alerts
- Cleaned up the AWS architecture around maintainable platform operations
Need to modernize your cloud platform?
ApplauseLab helps teams move from fragile platform setups to AWS environments they can deploy, secure, observe, and evolve with confidence.