Portfolio

Projects & Delivery

Selected work across secure content delivery, private ML, real-time data pipelines, cost optimization, and serverless modernization.

Email Me Back to Contact

Cloud

AWS

Focus

DevSecOps · SRE

Infra

Terraform · Serverless

CloudFront • Lambda • ECS/EKS • Bedrock • Observability

Impact

Full Project List

Serverless Email Ingestion & Relay Pipeline

SES Inbound/Outbound • S3 • SQS
Serverless email flow with SES inbound/outbound, S3, SQS, Lambda, and observability via CloudWatch and X-Ray.

End-to-end email flow with SES rulesets, S3 storage, Lambda processing, and reliable fan-out via SQS plus observability baked in.

  • SES inbound delivers to S3 prefix; S3 event triggers Lambda to parse metadata and push work messages onto SQS while fetching raw content for processing.
  • Lambda workers pull from SQS, perform enrichment/operations, and send SES outbound responses; OTEL collector layer streams traces to X-Ray and metrics/logs to CloudWatch.
  • CloudWatch alarms for delivery failures/DLQ depth; at-rest encryption and least-privilege IAM across buckets, queues, and functions.
SESS3 eventsLambdaOTEL/X-Ray

Multi-Tenant Content Delivery & AI-Powered Healthcare Platform

CloudFront OAC • Lambda • Bedrock

Built a secure, multi-tenant delivery layer with CloudFront OAC and signed URLs backed by API Gateway + Lambda (TypeScript), plus AI workflows for transcription and translation.

  • OAC-protected S3 origins, per-tenant routing via Route53, and signed cookies/URLs for uploads and downloads.
  • Bedrock + Transcribe + Comprehend + Translate pipelines for multilingual care-team communication.
  • End-to-end observability with CloudWatch dashboards/alarms, X-Ray tracing, and Lambda alert handlers.
  • Terraform/Serverless modules for repeatable deployments across environments.
VPC endpointsTerraformServerless designAI integration

Private Facial Age Verification Platform

ALB mTLS • PrivateLink • ML Inference

Zero-public-access ML platform with strict network boundaries and authenticated inference across accounts.

  • NLB → ALB mTLS with ACM PCA-issued certs; exposed privately via PrivateLink and Direct Connect.
  • Lambda layers for JWT/JWS validation, request transformation, and image preprocessing (distroless).
  • ADOT + CloudWatch logs/metrics/alarms and encrypted S3 audit trails for compliance.
TerraformLambdaECS/EC2 ASGOTEL

Real-Time Weather & Airport Ops Platform

Tomorrow.io → MSK → EKS

Real-time ingestion and decision support for airports, combining weather feeds with flight ops data.

  • Lambda/EventBridge ingests Tomorrow.io schedules and events into MSK.
  • EKS microservices merge weather, runway visibility, and flight schedules for alerting and dashboards.
  • Prometheus + CloudWatch + OTEL tracing for full path visibility.
MSK/KafkaTerraformArgoCDGitHub Actions

Cost Optimisation Framework

EC2 • RDS • EBS • CloudWatch

Python automation to reclaim waste and enforce retention while keeping compliance intact.

  • Cleanup for unused EBS volumes, stale AMIs/snapshots, and outdated RDS snapshots with guardrails.
  • Scheduled EC2 shutdowns for non-prod; enforced CloudWatch log retention policies.
  • Delivered recurring monthly savings across compute, storage, and logging.
Python (boto3)JenkinsCompliance

Serverless Migration (50% Faster Delivery)

Serverless Framework • Compose

Modernized brittle Bash+CloudFormation pipelines into Serverless Framework + Compose.

  • Service separation with declarative deploys; parallelized environments via Compose.
  • Removed “nuke and pray” rebuilds; improved dependency hygiene and rollback confidence.
  • Cut deployment times by ~50% and reduced operational overhead.
CI/CDIaCDeployment optimisation