CASE 07 · ATLAS · 2026
A data lake that the legal team actually signed off on.
A streaming media company had four analytics teams, three of them writing to the same S3 bucket with overlapping prefixes, and a legal team that had quietly stopped reading the architecture diagrams. We rebuilt the analytics estate as a producer-consumer data lake with fifteen accounts, Lake Formation governance, and one row-level access policy per consumer.
Streaming media
LANDING ZONE
2026
RESULTS
What changed, by the numbers.
CROSS-TEAM INCIDENTS
−96%
ACCOUNTS
15
QUERY COST
−38%
TIME-TO-ACCESS
< 1d
HOW IT WENT
The legacy bucket had thirteen prefixes, four IAM principals with `s3:*` on the whole thing, and a Slack channel where the analytics teams negotiated who would write to which directory. The legal team had asked, more than once, who could see what. Nobody had an answer they trusted.
We rebuilt around AWS Organizations: a producer account per source system, a curated zone per data domain, and a consumer account per analytics team. Lake Formation enforced row- and column-level filters at query time, with IAM Identity Center carrying user identity into the Lake Formation grants. Glue jobs landed Iceberg tables, partitioned and projected so Athena scans stayed under a gigabyte.
The legal team got their map of "who sees what data, under which legal basis." The analytics teams got their own buckets, their own quotas, and a one-day onboarding instead of a three-week negotiation. Query bills dropped 38% on better partitioning alone.
RELATED · SAME DOMAIN
Other engagements in this space.
READY WHEN YOU ARE
Let's get your AWS bill (and architecture) in order.
The discovery call is free. You walk away with at least one concrete idea — even if we never work together.