We design and run the cloud infrastructure your product depends on — AWS Cape Town first, defined in code, with CI/CD that ships safely, monitoring that pages you before customers do, and disaster-recovery that's been actually tested.
Hosting is invisible — until it isn't. By the time you notice it's a problem, the cost has been compounding for months. Here's how it goes.
Nobody knows quite how it got configured. There's no infrastructure-as-code, no documented runbook, no second person who knows where the keys live. The day Vusi goes on leave, every deploy becomes high-risk theatre.
No CI/CD, no test-gate, no rollback path. So changes get batched, ship rarely, and when they do ship they take down the site for the half-hour it takes to figure out what broke. Every deploy is a hold-your-breath event.
No monitoring, no alerts, no on-call. The site has been down for 47 minutes before anyone notices. Or worse: the homepage is up but checkout is broken, and the bleed runs for hours before someone happens to test it.
You think you're backed up. You're not — at least not in any way you can actually restore. Or the backups exist but nobody has ever tested a restore. The day you need them, you discover none of it works.
Six things that are not optional, ever. They're what separate "running on the cloud" from "production-grade infrastructure that lets you sleep at night".
Every resource defined in Terraform. No "click in the console" changes. The infrastructure is reproducible, reviewable, and rollback-able.
Every push triggers tests, then a deploy through dev → staging → prod with manual gates. Rollback is one click. Bad deploys never reach customers.
Metrics, logs, traces, and SLOs from day one. Sentry for errors, Datadog/Grafana for APM. When something goes wrong, you know first.
Secrets in AWS Secrets Manager (never in env files or repos), WAF on the edge, IAM least-privilege, key rotation enforced. POPIA-friendly from day one.
Automated daily backups, retained 30 days, tested quarterly. Documented disaster-recovery runbook with RTO + RPO targets you can actually meet.
Auto-scale on real signals (CPU, queue depth, request rate). Right-sized instances, reserved capacity for baseline, spot for batch. Monthly cost dashboards.
AWS is our default for SA-hosted production workloads. But the right choice depends on your stack, scale, compliance needs, and team. Here's the honest breakdown.
Most mature SA region (af-south-1), best service breadth, mature Terraform support. Default for production SaaS, e-commerce, and anything compliance-sensitive.
Strongest data-warehouse story (BigQuery), best managed-Kubernetes (GKE), and great fit for ML workloads. We deploy here when data + AI are the centre of gravity.
When your customers live in the Microsoft ecosystem, when SSO via Entra ID matters, or when on-prem AD integration is a hard requirement. We default here for enterprise sales-led products.
Cleaner UX, predictable pricing, fewer services to choose from. Great for early-stage products, internal tools, and clients who want lower monthly cost than AWS.
Aggressively cheap dedicated servers + cloud, EU-hosted. Excellent for non-SA-data-resident workloads, internal tools, batch jobs, anywhere a R600/month AWS bill should be R150 instead.
Pure-frontend deployments (Next.js, Nuxt, Astro). Edge functions, global CDN, zero ops. Almost always paired with a separate AWS/GCP backend.
Boring, well-supported, well-documented choices — not the latest shiny thing. You hire us for engineering, not novelty.
From `git push` to `200 OK on production` — here's what every deploy goes through on Sitect-built infrastructure. Bad code never reaches your customers.
Branch + PR opened, linked to ticket
Unit + integration + lint + types
Code review + preview deploy
Merge → deploy → smoke tests
5% traffic for 10 min, watched
100% · auto-rollback armed
You own the code, the credentials, the dashboards, the runbooks. We design for hand-off — your team or any competent agency should be able to take over.
Every AWS resource defined in code, env-specific configs, state in S3 with locking, PR-reviewed changes. Bring up a fresh environment with one command.
GitHub Actions / GitLab CI workflows for tests, build, deploy. Auto-migrate, canary rollout, auto-rollback on SLO breach.
Sentry, Datadog (or Grafana), CloudWatch — pre-configured dashboards for every service, SLO definitions, alert routing to your on-call.
Incident-response runbook, deploy-procedure playbook, common-failures cheat-sheet, on-call rotation template. All in your repo.
Daily automated backups, 30-day retention, cross-region replication, RTO/RPO targets documented and tested with a live restore drill.
Secrets in AWS Secrets Manager, IAM least-privilege roles, Cloudflare WAF tuned, audit logs to CloudTrail, POPIA data-flow document.
Indicative metrics across SA infrastructure engagements, measured 90 days post-handover. The biggest gains are the ones you don't see — incidents that never happened.
One-off audits, one-off set-up engagements, and ongoing managed retainers. We can also augment your in-house DevOps engineer on a fractional basis — POA.
Honest answers about cloud choices, AWS lock-in, monthly costs, on-call, and when you don't yet need this work.
Share your current setup (or the chaos you're escaping). We'll come back with a 45-min review call, a graded scorecard, and an indicative price for a set-up or managed retainer.