Building reliable, automated cloud infrastructure on AWS.

Designed a pipeline to ingest raw CSV data, automatically discover schemas, and make curated datasets queryable with low operational overhead.

• S3 (raw, processed, Athena results)
• AWS Glue crawlers, database, ETL job (PySpark)
• Amazon Athena for interactive queries
• IAM roles and policies
• AWS CDK (Python) for IaC
• GitHub Actions for CI (lint, tests, cdk synth)

I built the ETL job to cast types, compute derived metrics (e.g., total price), and write partitioned Parquet by order date, then codified the Glue resources with CDK and added CI checks to catch issues before deployment.

Deployed a cloud-native application to demonstrate production patterns for stateful workloads on Kubernetes.

• Amazon EKS cluster
• NGINX static frontend
• FastAPI backend (Docker)
• MySQL 8 StatefulSet with EBS gp3 StorageClass
• Amazon ECR for container images
• Kubernetes Secrets & Services

I built and pushed Docker images to ECR, configured StatefulSets with per-pod PersistentVolumeClaims, and secured database credentials with Kubernetes Secrets wired via internal service DNS.

Built a VPC foundation that can be reused across dev, staging, and production with safe collaboration via remote state.

• VPC /16 CIDR with public & private subnets across AZs
• Internet Gateway, NAT Gateway, route tables
• EC2 Amazon Linux instance
• Security groups with restricted SSH
• S3 remote state backend
• DynamoDB or lockfile-based state locking

I designed VPC and EC2 modules with parametrized variables (region, CIDRs, instance type, key pair) and configured secure security groups plus remote state with locking to prevent concurrent changes.

Implemented a low-ops, pay-per-use backend with strong authentication and authorization for a simple to‑do application.

• Amazon Cognito user pool for auth
• API Gateway (REST) with JWT authorizers
• AWS Lambda functions (CRUD)
• DynamoDB table for tasks
• S3 static frontend behind CloudFront with OAC
• Least-privilege IAM policies

I built the Lambda functions, wired them to API Gateway with CORS and Cognito JWT validation, locked down S3 via Origin Access Control, and documented common serverless pitfalls and resolutions.

Created a disaster recovery pattern that automatically protects tagged workloads and validates backup health on a schedule.

• AWS Backup plans and vaults
• Tag-based resource selections (Backup=Yes)
• Lambda (dr-verify-backup, dr-backup-trigger)
• EventBridge scheduled rules
• IAM roles and policies
• Terraform for IaC

I provisioned backup plans and vaults via Terraform, built Lambda functions to check recent backup jobs via APIs, and logged pass/fail health metrics to CloudWatch for operational visibility.

Texas Shiners needed a clean, mobile‑friendly site to showcase and sell handcrafted soft plastics worldwide while keeping infrastructure low-cost and production-grade.

• React (Vite) single-page app frontend
• Amazon S3 for static asset hosting
• Amazon CloudFront for HTTPS, caching, and global delivery
• Amazon Route 53 DNS for texas-shiners.com and www.texas-shiners.com
• AWS Certificate Manager (us-east-1) for TLS
• Terraform for all AWS infrastructure (S3, CloudFront, Route 53, ACM, IAM)

I structured the repo into separate infrastructure/ and frontend/ folders, built a reusable static_site Terraform module, configured an S3 backend for state with encryption and locking, and implemented the React SPA with sections for hero, products, reviews, and contact.

The design is extensible to add serverless backends (Lambda + API Gateway) and DynamoDB for payments, reviews, and future Stripe integration, turning it into a full e‑commerce stack.