Building a unified hybrid cloud with Infrastructure as Code at RBC

Organizations must balance compliance, cost control, and developer experience while delivering consistency at scale. At RBC, we addressed this by building a secure and scalable Infrastructure as Code (IaC) strategy tailored for hybrid environments. RBC’s ambition extends beyond being a leading financial institution—we are building the internal capabilities, engineering practices, and developer platforms to operate like a modern technology company.

Hybrid cloud strategy: A unified approach

To deliver a consistent infrastructure experience, RBC embraced three guiding principles: compliance, cost management, and developer convenience. Security and regulatory requirements were prioritized, cloud spending was monitored and optimized, and developer productivity was enhanced by making infrastructure management seamless. A centralized IaC platform enabled uniform workflows. By deploying execution agents within each cloud or on-premises zone, deployments became faster, localized, and more secure—keeping sensitive data within appropriate boundaries. This was a foundational step in our broader transformation—elevating infrastructure as a first-class product and treating internal platform engineering as a core competency, not a support function. It’s how we’re enabling RBC to scale, while preserving the security and trust expected of a global financial institution.

Secure and controlled deployments

Operating in a regulated industry means security is non-negotiable. RBC embedded policy-as-code into every stage of the infrastructure lifecycle. These policies were designed to catch issues like deployments in unauthorized regions or improper tagging structures. Role-based access controls and audit logging enforced transparency and accountability. Pre-deployment scanning tools flagged risks early, and gated workflows introduced human approvals for high-risk operations. By codifying security and compliance into the IaC toolchain, RBC shifted left on governance and reduced time-to-remediation. The next phase? Exploring how to augment these capabilities with AI—with the ability to detect policy violations in real-time, reason about misconfigurations, and suggest or even auto-remediate potential issues before deployment begins.

Standardization and GitOps best practices

RBC standardized its IaC modules and tightly integrated them with GitOps workflows. This allowed teams to deploy infrastructure consistently—across any environment—using the same patterns, approvals, and validation steps. This wasn’t just about operational excellence. It was about building an internal engineering culture that values repeatability, transparency, and automation. We saw an opportunity to reduce tribal knowledge, make infrastructure accessible to every developer, and accelerate delivery by treating IaC modules as building blocks.

Solving the on-premises infrastructure challenge

Public cloud environments benefit from mature IaC integrations, but on-premises infrastructure can be fragmented and vendor-specific. To overcome this, we developed a set of custom IaC extensions for on-premises systems. This abstraction provided a consistent schema for managing compute, storage, networking, and databases—regardless of vendor. Authentication workflows were simplified, and advanced error handling ensured state remained in sync with the real infrastructure. This internal investment empowered our engineers to treat on-premises environments the same way they treat the cloud. No special-case tooling. No unique specialized knowledge. Just infrastructure, delivered as code.

Building a custom IaC provider for on-premises environment

Developing a provider abstraction layer was critical to bridging the cloud-on-premises divide. It reduced the cognitive load on engineers, unified deployment flows, and handled token lifecycle management automatically. The solution enabled IaC-driven deployments for both traditional and modern platforms, making on-premises infrastructure feel as seamless and programmable as the cloud. We viewed this as an opportunity to build internal IP—developing our own tooling and APIs that align with our engineering principles.

Achievements and future plans

RBC operates a standardized, scalable, and secure hybrid infrastructure platform. Centralized IaC workflows have increased consistency. GitOps-based deployments offer traceability, approval gates, and rollback capabilities. Operational efficiency has improved across thousands of workloads spanning public and private environments. Security posture has also strengthened with automated guardrails, while cost optimization features—like auto-tagging, resource audits, and usage policies—are driving savings. Looking forward, we’re continuing to develop AI integration—to enable capabilities like:

• Self-healing infrastructure that automatically remediates drift or failure conditions.
• AI-driven policy enforcement that reasons about complex configurations and flags violations proactively.
• Developer copilots that assist with infrastructure generation, validation, and best-practice enforcement at the time of authoring.
• Intelligent optimization of resources based on usage patterns and cost-performance trade-offs.

This AI vision complements our broader ambition: to operate like a modern software company—with strong engineering foundations, open tooling, and a relentless focus on improving developer experience.

Final words

Operating hybrid infrastructure at scale requires balancing governance, developer experience, and operational efficiency. RBC’s journey with IaC demonstrates how standardized, policy-driven workflows can streamline deployments and improve security posture across complex environments. But the real story here is transformation. From a traditional enterprise to a technology-first bank. From scripts to standardized platforms. From reactive policies to intelligent automation. RBC is building for the future—with infrastructure that is programmable, secure, and AI-augmented.

A word from our lawyers