DNAnexus scales infrastructure automation without sacrificing control

DNAnexus is the leading platform for precision health, enabling personalized treatments through a flexible ecosystem that makes omics and real-world data accessible, actionable, and secure, while generating insights that enhance patient lives. 

With roughly 225 employees and an engineering organization of around 120 people, DNAnexus operates complex, multicloud infrastructure across AWS, Azure, and Oracle Cloud Infrastructure (OCI). As the platform scaled, the DevOps team needed an infrastructure orchestration solution that could support automation, governance, and developer velocity without adding friction.

Before Spacelift, infrastructure management at DNAnexus relied on a mix of tools and approaches. This included open-source TACO (Terraform Automation and Collaboration Software), manual operations, and scripts.

That fragmentation created real operational pain.

Manual tasks were time-consuming and did not scale. Approved changes would need to be made directly in cloud consoles instead of infrastructure as code (IaC), increasing the risk of drift. End-to-end visibility of change impacts + preview across environments was limited due to deployment environment differences.

Developer enablement was another challenge. Developers could not run Terraform plans against production environments, which slowed delivery and concentrated delivery in a small group of trusted operators.

As Lukáš Hamrla, Senior Manager, DevOps at DNAnexus, explains, the situation made it hard to scale safely: Manual workflows took up too much time, delayed feature delivery, and limited automation across the infrastructure lifecycle. Planning changes across environments required hands-on work from DevOps engineers, slowing delivery and adding overhead.

As infrastructure grew, these limitations became a bottleneck for velocity and added fragility to systems.

The DNAnexus team evaluated several infrastructure orchestration platforms, including other commercial TACO tooling and Atlantis. Their requirements were clear:

• Automated plans on pull requests
• Support for both automated deployments and approval-based workflows
• Advanced policy support
• Scalable configuration through code and autodiscovery
• Bulk operations across many projects
• A fully self-hosted deployment option

Spacelift stood out for its flexibility and composability.

“Spacelift excelled in the flexibility of its configuration: All resources can be organized into a tree of Spaces with support for inheritance, tagging, custom views of resources, etc. Moreover, everything can be natively defined and managed by Terraform code,” says Lukáš Hamrla, Senior Manager, DevOps

That Terraform-native approach allowed DNAnexus to model its entire organization declaratively — isolating sensitive areas while sharing common infrastructure patterns. The streamlined GitHub App integration further reduced setup effort, enabling the team to get productive quickly.

Self-hosting was another key differentiator.

As Lukáš says, “Spacelift self-hosted deployment via Terraform is also very intuitive and allows for quite nice infrastructure customization.”

DNAnexus uses several monorepositories, each containing multiple infrastructure projects. Every repository is bootstrapped with a spacelift/ configuration folder managed through the Spacelift Terraform provider.

This turns each repository into a self-service control plane.

Stacks are created and managed through shared Terraform modules that define consistent behavior — including environment branches, previews, and local configuration. With this setup, registering a new Terraform project requires only a few lines of code.

Policies are applied globally from the root Space, ensuring that every Stack inherits the same baseline guardrails. Today, those policies focus on approvals, access controls, and notifications, with plan policies now being explored to further increase alignment to infrastructure standards.

Contexts play a central role as well. DNAnexus relies heavily on auto-attached Contexts to manage variables, mounted files, and hooks across many Stacks at once — making it easy to apply changes consistently without repetitive configuration.

The result is a platform that supports developer self-service while preserving governance, visibility, and auditability.

Once DNAnexus adopted Spacelift, the positive effects were immediate and measurable:

Faster deployments

Before Spacelift, deploying infrastructure across projects required manual coordination and ticket tracking.

“We can trigger all our infrastructure deployment in about two clicks, contrary to manually running each project and having to track which projects are supposed to be deployed via tickets on a given day.”

What used to take around two hours now takes about 10 minutes.

7× increase in weekly deployments

Previously, only about five to ten projects were deployed each week due to the overhead involved.

With Spacelift, all infrastructure code is deployed automatically, resulting in around 70 projects deployed every week, with that number expected to grow rapidly.

Zero manual planning overhead

Planning changes across environments previously required manual intervention from DevOps engineers with elevated access.

Each plan took five to ten minutes per environment, multiplied across three environments.

Today, plans are automatically generated on every pull request and run in parallel across environments — with zero extra manual effort beyond pushing code and reviewing results in Spacelift.

Moving toward full automation

DNAnexus adopted Spacelift with a clear goal in mind: complete automation of infrastructure management, from development through deployment.

With Spacelift in place, the DevOps team has eliminated manual toil, improved governance, and unlocked safe developer self-service at scale without sacrificing control or visibility.

Would Lukáš recommend Spacelift to other teams facing similar challenges?

“Definitely yes.”