Designed containerized platforms on AWS ECS Fargate end to end, then led an SMS application migration onto Fargate with multi-provider integration and centralized logging.
AWS ECS FargateOpenTofuSpaceliftECRALBFireLensCloudWatch
- Auto-scaling Fargate services provisioned through IaC
- SMS app migrated with Sinch and OpenMarket integration
- NLog routed through FireLens to CloudWatch
- Zero-downtime cutover
0 hours downtime
IaC-driven delivery
auto scaling
Moved a console-managed estate to versioned, peer-reviewed Infrastructure as Code on Spacelift, eliminating configuration drift and enabling change control.
TerraformOpenTofuSpaceliftAWS
- 20 EC2, 13 Aurora RDS clusters, 4 ECS clusters, 3 Redis, Redshift
- Drift eliminated across the estate
- Peer-reviewed change control via pull requests
- Reusable module patterns
40+ resources
eliminated drift
peer-reviewed review
Built secure multi-VPC connectivity on AWS and federated identity between AWS and Azure Entra ID, provisioned as code.
Transit GatewaySite-to-Site VPNVPC Flow LogsIAM Identity CenterAzure Entra IDTerraform
- Hub-and-spoke connectivity via AWS Transit Gateway
- Site-to-Site VPN and VPC Flow Logs for secure, auditable traffic
- IAM Identity Center federated to Azure Entra ID for single sign-on
- Networking and identity provisioned through Terraform
multi-VPC topology
AWS + Entra ID identity
as code delivery
Built reliability signals across compute, storage and databases, feeding p99 CloudWatch alarms into BigPanda and Grafana Cloud for actionable alerting.
Grafana CloudGrafana AlloyCloudWatchBigPandaOpenTelemetry
- p99 alarms across ALB, NLB, EC2, RDS and FSx
- Alerts aggregated in BigPanda and visualized in Grafana Cloud
- Grafana Alloy and Fleet Manager rolled out across Windows fleets
- Actionable, symptom-based alerting
p99 signals
platform-wide coverage
actionable alerts
DBA-grade SQL Server work on AWS, from a storage-tier migration to root-cause analysis of critical production incidents.
SQL ServerAWS FSx for NetApp ONTAPEC2gp3 EBSGrafana
- RDS to EC2 + FSx for NetApp ONTAP migration
- gp3 volume expansion with MBR to GPT conversion and tempdb relocation
- Root-cause analysis of critical Error 823 incidents
- Monitoring extended with SQL exporters and Grafana
RDS -> EC2/FSx migration
Error 823 rca
0 hours downtime
Operated a mission-critical airline operations platform on OpenShift across three environments, with service mesh, IaC and on-call ownership.
OpenShiftAWS ROSAHelmIstioTerraformCloudFormationAnsibleAzure DevOps
- 5 core microservices with Helm and Istio service mesh
- IaC across on-premises, AWS EC2 and AWS ROSA
- CI/CD on Azure DevOps; configuration management with Ansible
- P0 / P1 on-call incident ownership and post-incident reviews
5 microservices
3 environments
P0/P1 oncall
Structured Bitbucket Pipelines with sequential staging, QA and main promotion to prevent out-of-order deployments.
Bitbucket PipelinesAWSTerraform
- Sequential staging to QA to main promotion
- Out-of-order deployments prevented
- Predictable, reviewable releases
staging -> QA -> main flow
predictable releases
Managed the Cloudflare edge through Terraform, keeping WAF rules, hostnames, certificates and DNS versioned and reviewable.
CloudflareTerraformRoute 53WAF
- WAF rules and custom hostnames as code
- Certificate management automated
- DNS integrated with Route 53
- Versioned, peer-reviewed edge changes
as code edge
Route 53 + Cloudflare dns
versioned waf