Show HN: We moved from AWS to Hetzner, saved 90%, kept ISO 27001 with Ansible

European Cloud can makes ISO 27001 easier

Earlier this year, I faced a dilemma many tech leaders know well. Our entire infrastructure was built on AWS. We loved their powerful, ISO 27001-certified services. Yet, two critical issues kept me up at night:

1. The Compliance Black Hole: It was clear that American cloud providers couldn’t fully shield us from US government jurisdiction. Under the CLOUD Act and FISA, our European customer data was potentially exposed, regardless of the server’s physical location. This undermined our GDPR promises.
2. The $2,000/Month Question: While not a fortune for every company, our $24,000 annual bill felt disproportionate to our actual needs. I asked myself: how often does a well-maintained Linux server actually crash? Isn’t RDS just a managed Postgres instance with scripts I could write myself? That $2,000 a month could buy a phenomenal amount of resilient, dedicated hardware in Europe.

This wasn’t just about cost or compliance; it was a strategic risk. Was tying our company’s future to a single US-based provider a responsible choice?

We are a Danish workforce management company doing employee scheduling. Beyond our ISO 27001 certificate, we have a few legal requirements on our operation as well as we perform overtime compensation salary adjustments and are source of truth for time-and-attendance data. Maintaining the tech side of this, is just like maintaining a bank software: Things must be accounted for, always add up and never be lost.

Born and raised in AWS, many aspects of our legal requirement was architected as AWS native workflows and migrating that to independent alternatives always had to go along with legal requirements.

Let’s be honest: leaving AWS feels like walking away from a fortress of convenience. You lose the “magic” of deeply integrated services like Lambda, one-click RDS deployments, and the rich ecosystem of built-in compliance tooling that makes ISO 27001 audits smoother.

Giving this up is the primary source of fear and inaction for most teams. It means trading the comfort of managed services for a higher degree of control and responsibility.

By migrating to European providers like Hetzner and OVHcloud, the gains weren’t just theoretical. They were immediate and strategic.

• True Data Sovereignty: Hosting on European-owned infrastructure gave us undeniable proof of data residency — a game-changer for GDPR audits and ISO 27001 recertification. We could tell our customers exactly where their data was, with no ambiguity.
• Radical Cost Efficiency: Our cloud costs dropped by 90%. This wasn’t a typo. By replacing expensive managed services with our own automated, self-hosted solutions, our budget became predictable and transparent.
• Forced Innovation: The biggest surprise was how losing AWS’s pre-built tools forced us to get better. We built a powerful infrastructure-as-code setup using Ansible that gave us even tighter security controls and auditability than before.

The Blueprint: Key Lessons for Your Own Migration

This migration taught us invaluable lessons that can serve as a blueprint for others. Here’s the core of our strategy:

1. Ansible as Your Compliance Engine: Forget simple compliance checks. With properly structured Ansible playbooks, you can tie every line of your server configuration directly to a specific ISO 27001 Annex A control. Your infrastructure code becomes a self-documenting audit trail.
2. Monitoring That Rivals AWS: You don’t need CloudWatch to have enterprise-grade monitoring. A combination of Prometheus, Grafana, and Loki allowed us to replicate — and in some ways exceed — the visibility we had on AWS, ensuring faster incident response.
3. Security-by-Design Becomes Reality: When there isn’t a pre-made security solution to click on, you build it into the foundation. This “security-by-design” approach, automated with Ansible, makes your ISMS (Information Security Management System) incredibly robust and easy for developers to follow.

This wasn’t just a technical project; it was a business transformation.

• We minimized our compliance risk regarding US surveillance laws.
• We used our European hosting as a sales tool, strengthening brand trust.
• We returned 90% of our cloud spend to the business

If this story resonates with you, you’re likely asking: “Could we actually do this? What would it cost? What are the hidden risks?”

Our journey created a repeatable playbook for migrating from AWS to a sovereign, cost-effective European cloud while maintaining ISO 27001 certification. I offer Migration Sessions for CTOs and founders facing this exact challenge.

In a one-hour session, we can map out:

• A high-level cost analysis of your current AWS setup vs. a European alternative.
• The key compliance and ISO 27001 risks in your specific situation.
• A realistic timeline and the first 3 steps of a potential migration plan.

Interested in exploring this for your company?

Connect with me on LinkedIn and mention this article, or for a faster response, book a preliminary chat directly on my Calendly.

Jacob Knobel