Veteran-Owned · Cloud Infrastructure Engineering
Aegis Cloud Group engineers and sustains AWS GovCloud environments for federal mission partners. We build the Terraform codebases and technical control artifacts your program needs to achieve Authority to Operate, and we stay on through lifecycle sustainment so critical mission services keep running without disruption. We're the infrastructure side of your compliance partnership.
“Working infrastructure. Not strategy decks.”
Four opinions that shape every engagement. No methodology pyramid, no five-pillar framework — these are the reasons behind every architectural call ACG makes.
The platform you deploy today will be wrong in six months. Design so the next change is a refactor, not a rewrite.
Evolvable beats optimal. Cloud infrastructure has one constant — it'll change — and the architectural calls that matter are the ones that make the next change cheap. I pay for that flexibility up front instead of eating it as a migration later.
A good-enough system shipped in month one beats a perfect one in month twelve.
Ship the smallest thing that holds up under load. Refactor toward elegance using real operational data, not committee consensus. Iterate is a verb, not a milestone — and most of the time, the month-one version is where you find out what “great” actually needs to be.
Every platform gets run by fewer people than built it. Build for the pager, not the demo.
Actionable problems alert loudly; non-actionable noise belongs in logs, never the pager. Toil is a bug — if it's manual, repetitive, and automatable, it gets automated before it becomes a job description. Observability is a product, not a dashboard.
“Defenders think in lists. Attackers think in graphs. As long as this is true, attackers win.” — John Lambert, Microsoft Threat Intelligence
Design federal infrastructure assuming attackers will find the edges the control inventory didn't map. They always do. Shrink the attack surface before it has to be catalogued. Prefer identity and network boundaries that fail closed. Treat the audit trail as a real product, not an afterthought. The control matrix is one view of the system. The threat graph is the one that matters.
Four engagement types, all built around the same model: ACG delivers the engineering artifacts your compliance team needs to carry through A&A and ATO.
Deadline-driven GovCloud migration or greenfield build for programs with an A&A review on the calendar. You buy a delivered environment, not a discovery phase. This is the tier you don't want to need — but if you need it, ACG has run it in 60 days and delivered on schedule.
Multi-account AWS GovCloud build from the ground up. Control Tower, org structure, IAM, network segmentation, KMS, logging and audit baselines, and the Terraform underneath all of it. Built to hand off to your compliance team as something they can document, not something they have to interpret.
Azure, on-prem, or commercial-AWS workloads re-architected into AWS GovCloud. Descope-first: shrink the attack surface before it has to be certified. Serverless where it fits, managed services where they fit, containers where they fit, and nothing else.
Senior cloud infrastructure engineering capacity for VA primes and federal cloud ISVs that need engineering hands without an FTE hire. Typical engagement: 20 hours/week, monthly minimum. Direct engineering time, not “strategic advisory.”
ACG is a newly formed practice. The engagement below is key-personnel past performance — work delivered by ACG's founder before the LLC existed. It's cited here because it's the closest match to how ACG delivers today.
Joel Comeaux, now ACG's founder, built and delivered the 60-day migration of a commercial learning platform from Azure Kubernetes Service to a fully serverless AWS GovCloud architecture. The platform serves a DoD customer and needed to pass a provisional ATO milestone on a fixed deadline. One engineer, end-to-end: architecture, Terraform, CI/CD, technical-control work, and handoff to the compliance team. This work was delivered as a W-2 employee of Enduvo in 2023 — not as an ACG engagement — and ACG cites it as principal past performance, not corporate past performance.
Read the full case study →Beyond the Enduvo engagement, ACG's founder brings over a decade of platform and reliability engineering at scale: SRE leadership at DocuSign (formerly Liveoak Technologies) for the Remote Online Notary product line, supporting Fortune 500 financial services clients; Lead Platform Engineer at Oak Ridge National Laboratory; PCI DSS audit ownership at Forward; and principal-level Kubernetes and Terraform engineering across multiple production environments, with additional posture work under SOC 2 and HIPAA. Leadership is real here too. He built the SRE function from scratch at Liveoak, then continued as team lead through the DocuSign acquisition of Liveoak, and later led platform teams at Indigo Tech and at Forward. ACG runs lean today, with the network, trusted peers, and leadership background to scale when an engagement genuinely needs more hands. All of it is cited as principal past performance, not as engagements delivered by ACG the LLC.
What you don't sell matters. It's how buyers tell engineering engagements from consulting engagements. Here's what ACG doesn't take on.
Whether you're a prime building a subcontract team, a program office preparing a system for A&A, or a federal cloud ISV racing an ATO milestone, ACG is available for engineering-side engagement. Tell me what you're working on and I'll follow up within one business day.