Right Place Geo — Right Place being a bush term for something “bang on,” “perfect,” or “schmick” — is an Australian geospatial consultancy delivering “Tech Solutions for People in the Bush.” Led by Stafford Smith, the business brings over a decade of on-Country experience across cultural mapping, drone programs, GIS strategy, field data collection, and custom geospatial software development. They’re an official Fulcrum Partner and CesiumJS Certified — the kind of technical credentials backed by real time spent working alongside Traditional Owners, Rangers, and land management groups across Australia.
Their flagship software product, Culturemap, is a 3D cultural database co-designed with Traditional Owners and Rangers — a private Google Earth and YouTube combined, purpose-built for Native Title organisations to record, protect, and share cultural knowledge on Country. What began as a build with four people has grown into a platform shaped by codesign sessions with 40+ Traditional Owners, Rangers, and board members, with each client organisation getting its own private instance.
The promise that runs through everything Right Place Geo does — your data, your Country, your control — is non-negotiable. That promise had to be matched in the infrastructure underneath it.
As Culturemap moved from passionate prototype toward a production platform serving multiple Native Title organisations, the underlying AWS environment needed to evolve with it. Right Place Geo had built the application itself with care and conviction, but cloud infrastructure is its own discipline — and the existing setup had grown organically alongside the product rather than being designed for the scale and assurance it was now heading toward.
Three broad themes emerged:
A foundation built for prototyping, not for scale. The environment had served well during early co-design and pilot deployments, but stretching it across multiple client organisations, multiple environments, and a growing roadmap meant the architecture needed a step change rather than another iteration.
Manual where automation was needed. Infrastructure changes, application deployments, and certificate management were largely hands-on processes. That was workable for a small team shipping carefully, but it was becoming a bottleneck — and every manual step is a step where something subtle can drift.
A clearer story on multi-client separation. Culturemap’s core promise is that each Traditional Owner organisation gets a private instance with their data sovereign to them. Making that promise architecturally watertight, rather than relying on application-layer conventions, was essential before onboarding the next wave of clients.
The brief was clear: Culturemap needed a cloud foundation that matched the integrity of the product itself — secure by design, automated end-to-end, and ready to onboard new Traditional Owner groups without bespoke infrastructure work each time.
Rather than retrofit the existing environment, we rebuilt the foundation properly — a greenfield AWS landing zone designed around modern DevSecOps practices, with Culturemap migrated onto it through a controlled cutover.
The Approach
Right Place Geo — Right Place being a bush term for something “bang on,” “perfect,” or “schmick” — is an Australian geospatial consultancy delivering “Tech Solutions for People in the Bush.” Led by Stafford Smith, the business brings over a decade of on-Country experience across cultural mapping, drone programs, GIS strategy, field data collection, and custom geospatial software development. They’re an official Fulcrum Partner and CesiumJS Certified — the kind of technical credentials backed by real time spent working alongside Traditional Owners, Rangers, and land management groups across Australia.
Their flagship software product, Culturemap, is a 3D cultural database co-designed with Traditional Owners and Rangers — a private Google Earth and YouTube combined, purpose-built for Native Title organisations to record, protect, and share cultural knowledge on Country. What began as a build with four people has grown into a platform shaped by codesign sessions with 40+ Traditional Owners, Rangers, and board members, with each client organisation getting its own private instance.
The promise that runs through everything Right Place Geo does — your data, your Country, your control — is non-negotiable. That promise had to be matched in the infrastructure underneath it.
As Culturemap moved from passionate prototype toward a production platform serving multiple Native Title organisations, the underlying AWS environment needed to evolve with it. Right Place Geo had built the application itself with care and conviction, but cloud infrastructure is its own discipline — and the existing setup had grown organically alongside the product rather than being designed for the scale and assurance it was now heading toward.
Three broad themes emerged:
A foundation built for prototyping, not for scale. The environment had served well during early co-design and pilot deployments, but stretching it across multiple client organisations, multiple environments, and a growing roadmap meant the architecture needed a step change rather than another iteration.
Manual where automation was needed. Infrastructure changes, application deployments, and certificate management were largely hands-on processes. That was workable for a small team shipping carefully, but it was becoming a bottleneck — and every manual step is a step where something subtle can drift.
The Outcome
- A clearer story on multi-client separation. Culturemap’s core promise is that each Traditional Owner organisation gets a private instance with their data sovereign to them. Making that promise architecturally watertight, rather than relying on application-layer conventions, was essential before onboarding the next wave of clients.
- The brief was clear: Culturemap needed a cloud foundation that matched the integrity of the product itself — secure by design, automated end-to-end, and ready to onboard new Traditional Owner groups without bespoke infrastructure work each time.
- Rather than retrofit the existing environment, we rebuilt the foundation properly — a greenfield AWS landing zone designed around modern DevSecOps practices, with Culturemap migrated onto it through a controlled cutover.
- A proper landing zone, built with AWS Control Tower and AWS Organisations. We stood up a multi-account architecture with security guardrails enforced at the organisation level — Service Control Policies, region restrictions, and account-level controls that make insecure configurations difficult to create in the first place. Centralised audit logging was established with appropriate separation from workload accounts, following AWS best practice for landing zone design.
- VPCs rebuilt to a three-tier private architecture. Backend infrastructure moved into private subnets with appropriate network isolation. Administrative access was modernised to use AWS-native, identity-based mechanisms rather than legacy approaches. Sensitive configuration values moved out of code and into managed secret storage.
Why It Mattered
Everything as code, deployed through GitHub Actions. We restructured the Terraform codebase to remove per-environment duplication, locked toolchain versions, added state management appropriate for team-based collaboration, and moved all deployments behind a CI/CD pipeline. Policy-as-code scanning now gates every change — catching misconfigurations before they reach an environment rather than after. DNS and TLS certificate management were brought into the same automated workflow.
Frontend decoupled from backend. The React frontend now ships as static assets to S3, served globally through CloudFront — faster for users wherever they are, scaling independently from the API. The load balancer was reconfigured for API-only traffic, and Lambda deployment was streamlined into a maintainable pattern.
Per-client data and network isolation. Multi-tenant data architecture was re-designed so that each client organisation has its own dedicated storage, subdomain, and content delivery distribution — separation enforced at the infrastructure layer rather than relying on application logic alone. Existing data was migrated cleanly into the new structure.
Application deployment automated end-to-end. Repository structures were rationalised, branching strategy aligned to environment promotion, and application builds now run automatically through the pipeline rather than as manual steps on the server.
A modern, well-architected AWS foundation. Culturemap now runs on a landing zone aligned with AWS Well-Architected best practices — multi-account, properly segmented, with security and governance enforced at the organisation level rather than per-resource.
Getting the foundation right meant Right Place Geo could keep their promise to Traditional Owners with technical conviction behind it: each organisation properly isolated, access controlled by least privilege, encryption enforced throughout, and the option for clients to fully self-host on their own cloud account whenever they choose.
That’s the kind of foundation that lets a small, principled team scale without compromising what made them worth scaling in the first place.