Vela Health
Sudbury, MA
Healthcare / Digital Health
AWS Control Tower AWS Organizations AWS Security Hub AWS CloudTrail AWS Config IAM Identity Center Amazon ECS Fargate Amazon ECR Amazon RDS (MySQL) Amazon ElastiCache (Redis) Amazon S3 Amazon CloudFront AWS Secrets Manager Amazon OpenSearch Amazon Bedrock Amazon CloudWatch AWS Budgets AWS KMS AWS Backup Amazon Route 53 AWS PrivateLink Terraform GitHub Actions (OIDC)
Vela Health is a digital health startup building a patient-facing mobile platform designed to modernize how patients engage with their healthcare journey. Facing an urgent MVP launch timeline, Vela Health needed to transform an ad-hoc, insecure cloud setup into a production-grade AWS environment, while simultaneously migrating their AI workloads from OpenAI to Amazon Bedrock, and their vector search infrastructure from ChromaDB/FAISS to Amazon OpenSearch. Avahi designed and delivered a secure, fully automated multi-environment AWS landing zone, a zero-static-credentials CI/CD pipeline, and a complete AI platform migration in just five weeks. Vela Health emerged from the engagement with the infrastructure, automation, and documentation needed to launch their patient-facing MVP with confidence.
Vela Health is a digital health company based in Sudbury, Massachusetts, building a patient-facing MVP platform to improve how patients access and interact with healthcare services. Operating in an industry where security, reliability, and compliance are non-negotiable, Vela Health’s technical stack includes a Flutter mobile application, containerized backend services built on FastAPI and Celery, and AI-powered features, all requiring a cloud foundation capable of supporting a real-world patient launch.
Vela Health had the product vision and the technology, but not the cloud infrastructure to support a production-grade launch. Their existing setup lacked the multi-environment separation, automated deployment pipelines, secure secrets management, and managed data services required to go live responsibly with a patient-facing application. Hard-coded AWS credentials, no environment isolation between dev, staging, and production, and a dependency on OpenAI for AI workloads created compounding security, cost, and operational risks.
The AI dependency on OpenAI was a specific liability. Without control over model behavior, prompt compatibility, cost, and data routing, Vela Health faced unpredictable latency and cost exposure, and an architecture that wasn’t aligned with the AWS-native strategy they needed for long-term scalability. Similarly, their vector search layer, built on ChromaDB/FAISS, needed to be migrated to a managed, production-ready service capable of supporting KNN search at scale.
The stakes were high. In healthcare, launching on an insecure, unstructured infrastructure doesn’t just create technical debt. It creates compliance exposure. Without a proper security baseline, governance structure, and audit trail in place before go-live, Vela Health would have been building patient trust on a foundation that couldn’t support it. A delayed or compromised launch in this context could have long-term consequences for both patient safety and the company’s regulatory standing.
AWS offered Vela Health the breadth of managed services, security tooling, and AI infrastructure needed to build a production-grade healthcare platform efficiently and responsibly. From multi-account governance through AWS Control Tower and AWS Organizations, to container orchestration with Amazon ECS Fargate, to AI inference via Amazon Bedrock — AWS provided a cohesive, integrated ecosystem that allowed Vela Health to move fast without compromising on security or scalability. Critically, the shift from OpenAI to Amazon Bedrock gave Vela Health direct control over AI model routing, cost visibility, and data governance, all within their own AWS environment and accessed securely via AWS PrivateLink.
AWS’s compliance-ready service portfolio also positions Vela Health well for the future. While full HIPAA readiness was outside the scope of this engagement, the architectural decisions made here — Security Hub, CloudTrail, Config, KMS encryption, and strict IAM boundaries — establish the security and audit foundation that a future HIPAA compliance engagement will build upon.
Vela Health engaged Avahi through the AWS Innovation Waves (IW) Migrate program, a structured, accelerated cloud migration engagement available through select AWS Premier Partners. This program framework was a natural fit for a startup on a tight timeline, providing milestone-driven delivery, clear accountability, and the technical depth of a seasoned AWS partner without the overhead of a longer-cycle engagement.
Avahi’s ability to execute a multi-workload migration — infrastructure greenfield build, AI platform migration, vector database migration, and mobile CI pipeline — within a single five-week engagement made them uniquely suited to Vela Health’s needs. Few partners could credibly take on that breadth simultaneously. Avahi’s security-first approach, particularly their zero-static-credentials architecture design, directly addressed the most pressing risk Vela Health faced going into their patient launch.
Avahi began by establishing a secure, governed multi-account AWS landing zone using AWS Control Tower with organizational units for Dev, Staging, and Production environments. AWS Organizations, AWS Security Hub, CloudTrail, and AWS Config were enabled at the organizational level to provide a continuous compliance and audit baseline from day one. IAM Identity Center was configured with SSO, providing admin and read-only permission sets that eliminated the need for individual IAM user credentials across environments.
The networking layer was built on a VPC spanning three Availability Zones with nine subnets, NAT/IGW routing, Amazon Route 53 DNS management across environments, and VPC endpoints for private service access. All infrastructure was codified in Terraform, with state backends provisioned via CloudFormation and GitHub Actions configured with OIDC-based authentication to AWS, eliminating static IAM keys entirely. This zero-credential architecture means every infrastructure change flows through PR-gated pipelines with a full audit trail, compressing what would typically be months of security remediation work into the initial build.
The container platform was built on Amazon ECS Fargate, running Vela Health’s FastAPI backend API and Celery worker services. An Application Load Balancer with TLS via AWS Certificate Manager handles traffic routing, with autoscaling configured for production workloads. Container images are stored in Amazon ECR, and all application secrets are managed through AWS Secrets Manager with zero long-lived credentials in the application layer.
The data layer was built on Amazon RDS (MySQL) with Multi-AZ configuration in production, Amazon ElastiCache for Redis serving as the Celery message broker and caching layer, and Amazon S3 for document storage and static asset hosting with encryption and lifecycle policies applied. Amazon CloudFront serves as the CDN for frontend static assets, and AWS KMS and AWS Backup provide encryption and automated data protection across the environment.
The AI workload migration from OpenAI to Amazon Bedrock was one of the most technically complex elements of the engagement. Avahi conducted model mapping and benchmarking — evaluating latency, response accuracy, and cost characteristics — before refactoring Vela Health’s FastAPI application using a modular LLM client pattern. This architecture allows the underlying model provider to be swapped without breaking application logic, giving Vela Health lasting flexibility as the Bedrock model catalog evolves. All Bedrock traffic is routed through AWS PrivateLink for secure, private inference. Alongside the AI migration, Vela Health’s vector search layer was migrated from ChromaDB/FAISS to Amazon OpenSearch, with KNN search validated post-migration.
Observability and cost governance were built in from the start. Amazon CloudWatch log groups, metrics, and alarms provide full-stack visibility, while AWS Budgets with anomaly detection protects against unexpected cost spikes. A mobile CI pipeline was also implemented using GitHub Actions with OIDC-backed signing for Android AAB builds. The engagement concluded with a complete documentation and knowledge transfer package — final architecture diagrams, runbooks, CI/CD guides, and a recorded two-hour knowledge transfer session — ensuring Vela Health’s team could operate the environment independently from day one.
In five weeks, Vela Health went from an ad-hoc, credential-exposed setup to a fully governed, multi-account AWS environment with automated CI/CD, managed data services, and an AWS-native AI stack, everything required to launch a production-ready patient-facing platform securely. The zero-static-credentials architecture eliminates one of the most common causes of cloud security incidents, while the Terraform-based IaC and OIDC-authenticated pipelines give Vela Health’s engineering team the tools to scale infrastructure safely and repeatably going forward.
The modular Bedrock migration positions Vela Health for long-term AI flexibility and cost control, replacing unpredictable third-party API dependency with a governed, private, AWS-native inference layer. With full documentation, runbooks, and a recorded knowledge transfer in hand, Vela Health’s team can operate, extend, and evolve the environment independently, with an architecture that is already laid out to support a future HIPAA compliance engagement.
Target Success Criteria Delivered Against:
Let’s explore your high-impact AI opportunities together in a complimentary session
