Secure infrastructure Β· Zero-downtime deployments Β· Full observability
I design and operate production-grade AWS infrastructure β multi-AZ, zero-trust, fully automated. Every system I build is observable from day one, hardened by default, and deployable with a single command.
95%+ uptime on multi-AZ setups Β Β·Β 70% faster incident detection Β Β·Β 0 seconds downtime on live Kubernetes migrations Β Β·Β Zero SSH across all environments
| Cloud | AWS β EC2, VPC, IAM, ALB, S3, EKS, Lambda, CloudFormation, SSM, Secrets Manager, KMS, CloudTrail, SNS, Auto Scaling |
| IaC | Terraform (modules, remote state), CloudFormation (7-stack dependency chains) |
| Config mgmt | Ansible β dynamic aws_ec2 inventory, playbooks over SSM, OS hardening |
| Containers | Docker, Kubernetes EKS β Rolling Update, RBAC, ClusterRole, RoleBinding |
| CI/CD | GitHub Actions β Trivy scan, ECR push, OIDC/IRSA auth (zero stored credentials) |
| Observability | Prometheus, Grafana, CloudWatch Alarms, Log Insights, custom /metrics endpoint |
| Security | Least-privilege IAM, RBAC, KMS encryption, private subnets, SSM Patch Manager, UFW |
| Scripting | Python (Flask), Bash β automation scripts, health checks, cron jobs |
| OS & tools | Linux (Ubuntu 22.04), Git, Minikube, VS Code |
CloudFormationSSMAnsibleSecrets ManagerKMSCloudWatchSNSIAM
Full operations lifecycle β provisioning, security, config management, monitoring, DR, and incident response in one platform. 7 CloudFormation stacks in strict dependency order. Zero SSH β SSM only, every session logged to S3 and CloudTrail. Incidents simulated, RTO documented.
π View project
Terraform (Modular)EKSKubernetes RBACVPCIAM
Teams self-provision AWS environments by editing one config file β no tickets, no waiting. Separate ClusterRoles per environment (dev / staging / prod), composable Terraform modules, secure by default.
π View project
DockerEKSTerraformGitHub ActionsPrometheusGrafanaECROIDC
Live v1 β v2 migration with zero service interruption β Prometheus flat line is the proof. 5-stage CI/CD pipeline, maxUnavailable: 0 rolling update, OIDC auth β no AWS keys stored anywhere.
π View project
TerraformVPCEC2ALBIAMNAT GatewayBastion Host
95%+ uptime across 2 Availability Zones. Zero public EC2 exposure β private subnets, Bastion Host only. Full environment up or destroyed with one Terraform command in under 5 minutes.
π View project
CloudWatchPrometheusGrafanaPython FlaskSNS
70% faster problem detection β replaced manual log reading with automated CloudWatch alarms and Grafana dashboards. Custom Flask /metrics endpoint, Log Insights for root cause in seconds.
π View project
Helm Β Β·Β AWS SAA-C03 Β Β·Β GitOps / ArgoCD
