From eight manual steps to one command

Tue, 03 Mar 2026 09:00:00 -0600

I provisioned two tenants by hand before I decided that nobody should ever provision a tenant by hand.

The provisioning flow for our multi-tenant SaaS platform was 8 steps across 4 tools — a Python CLI, a shell script with 5 flags per invocation, a GitHub Actions workflow, and two Kubernetes job manifests requiring injected DB connection strings. Each step had different inputs, different env files, and subtly different flag names for the same concept. The two populate runs used --appname apiserver and --appname tenant_auth_service — note the underscore in one and not the other. That naming inconsistency is a guaranteed typo on a Friday afternoon. Each flag is a chance to silently write 24 SSM parameters to the wrong path.

Your onboarding flow is your architecture's report card

Tue, 03 Mar 2026 00:00:00 +0000

I ran a colleague’s manual tenant onboarding flow for a multi-tenant SaaS platform. Five steps, two attempts, and a list of errors that mapped precisely to every automation gap in the system. The onboarding flow wasn’t broken. It was a diagnostic.

The five steps

The flow to bring a new tenant from nothing to working:

Run a Python registration script that calls the auth-handler API, creates an org in the identity provider, and sends a confirmation email to the devops team.
Read the devops email. Manually extract two values: a tenant hash and an org code.
Run populate scripts that seed 38 SSM parameters — 24 for apiserver, 14 for tenant-auth-service.
Trigger a GitHub Actions workflow. Terraform creates the namespace, deployments, ExternalSecrets, DNS records, HTTPS.
Manually apply Kubernetes jobs for ETL seed data and first-user creation.

Step 4 is automated. Steps 1, 2, 3, and 5 are manual. The manual steps are where the architecture’s seams show.

Automation on ferkakta.dev

From eight manual steps to one command

Your onboarding flow is your architecture's report card

The five steps