The Tale of Two Cities: Why your greenfield automation strategy will fail in a brownfield world
Every DevOps engineer dreams of the "Greenfield" project.
A blank slate. No legacy code, no angry customers, no precarious "pet" servers named after Lord of the Rings characters that haven't been rebooted since 2019. Just you, the latest version of Kubernetes, and a fresh AWS account.
But reality is rarely Greenfield. Most engineers spend their careers in the "Brownfield"—messy, existing environments kept alive by manual "ClickOps," undocumented shell scripts, and hope.
The biggest mistake competent engineers make is applying a Greenfield mindset to a Brownfield reality. They try to force-feed modern, pristine automation practices into a fragile legacy system, and they are shocked when the system—and the organization—rejects it.
Automation is not one-size-fits-all. Success requires a fundamental shift in approach depending on the environment.
If you want to succeed in both worlds, you need to understand the difference between the Top-Down approach and the Bottom-Up approach.
Greenfield: The top-down approach (Design first)
Greenfield is construction on an empty lot. Because nothing exists, you have the luxury—and the obligation—to start with the blueprint.
A Greenfield automation strategy must be Top-Down.
The Mindset:
You start with the high-level architecture and governance requirements before writing a single line of application deployment code. You define the "perfect state."
The Execution:
- The Foundation: You begin at the top layer. You define the networking topology (VPCs, subnets), the security boundaries (IAM organization policies), and the compliance guardrails.
- The Platform: Next, you build the shared services—the CI/CD platform, the centralized logging, the container orchestration layer (EKS/AKS).
- The Application: Only once the foundation and platform are solid do you write the pipelines for individual microservices.
Why Top-Down Works Here:
There is no friction. If you tried a bottom-up approach here—writing an Ansible playbook for an app before you’ve even decided on your cloud provider or network structure—you would be building castles on sand. You must architect before you build.
Brownfield: The bottom-up approach (pain first)
Brownfield is rewiring a 100-year-old house while the family is throwing a dinner party inside. You cannot shut off the power, and you definitely cannot tear down the load-bearing walls.
If you attempt a Top-Down approach here—trying to architect a pristine, overarching modern platform before addressing the daily fires—you will fail. You will spend two years in "analysis paralysis" meetings trying to reverse-engineer decade-old decisions, and you will deploy zero value.
A Brownfield automation strategy must be Bottom-Up.
The Mindset:
Stop trying to build the "perfect system" immediately. Instead, adopt a "Triage Mentality." Where is the bleeding neck? What manual task is causing the most pain today?
The Execution:
- Identify the Pain: You talk to the developers and operations team. You learn they spend 3 hours every Tuesday manually SSHing into servers to rotate logs.
- Automate the Sliver: You write a single, tactical script or create a small SSM document to automate just that one painful task.
- Build Trust & Repeat: You prove that automation makes their lives easier without breaking things. Then you find the next painful task—perhaps manual QA testing—and automate a small piece of that.
Why Bottom-Up Works Here:
It mitigates risk. You are changing the system incrementally. You are also building political capital; by solving immediate pain points, you earn the trust required to eventually tackle larger architectural changes later.
The critical mindset shift
The technical tools (Terraform, Python, Bash) are the same in both environments. The difference is the strategy. To move between these worlds, you must shift your mindset.
| Feature | Greenfield Mindset (Top-Down) | Brownfield Mindset (Bottom-Up) |
|---|---|---|
| Primary Goal | Speed to market, perfect architecture. | Stability, risk mitigation, pain relief. |
| Starting Point | The Blueprint (Architecture diagrams). | The Pain Point (What hurts today?). |
| State Management | You define the state. | You must discover/import existing state. |
| Key Skill | System Design & Architecture. | "Software Archaeology" & Empathy. |
| The Risk | Over-engineering. Building too much complexity too soon. | Breaking production. Disrupting existing revenue streams. |
Warning: The "Franken-mation" trap
While the Bottom-Up approach is necessary for Brownfield, it comes with a warning label.
If you only ever do bottom-up automation, you will end up with "Franken-mation"—a disjointed collection of bash scripts, random Cron jobs, and orphaned Jenkins pipelines that nobody understands.
The goal of Bottom-Up is to stabilize the patient so you can eventually perform surgery. Once you have automated enough of the low-level tasks and built trust, you must eventually introduce Top-Down governance to standardize those disparate scripts into a cohesive platform.
Wrapping up
The best DevOps engineers are chameleons. They don't just bring a bag of tools to a problem; they bring the right strategy.
Don't be the engineer trying to force a blueprint onto a burning building. Read the room, assess the environment, and choose the right approach.
- Greenfield? Put on your Architect hat and design from the Top-Down.
- Brownfield? Put on your Detective hat and solve pain from the Bottom-Up.