What I've Built

Everything here runs in production on AWS — deployed from a single CDK monorepo, secured with custom Checkov rules, and monitored with a self-hosted Prometheus/Grafana stack. Each project links to a detailed article explaining the architecture, trade-offs, and what I'd do differently.

  • Enterprise CI/CD Pipeline

    19 workflow files deploying 4 CDK projects across 3 AWS accounts with OIDC federation, SLSA provenance tagging, environment-scoped Checkov scanning, and auto-rollback — zero long-lived credentials.

    Read article

  • CDK Project Factory Pattern

    A construct-to-factory pipeline managing 4 projects and 11 stacks from a single 105-line entry point — with typed config modules, SSM-based cross-stack discovery, and a 31-file L3 construct library.

    Read article

  • DevSecOps Pipeline

    33 custom Checkov rules across 26 Python files, CDK-Nag with 4 compliance frameworks, SARIF integration with GitHub Security — catching IMDSv1 bugs before they reach CloudFormation.

    Read article

  • Direct DynamoDB X-Ray Tracing

    Eliminated a 5-hop API round-trip with sub-5ms VPC Gateway Endpoint reads, OpenTelemetry instrumentation, in-memory TTL cache, and file-based fallback — at $0/month incremental cost.

    Read article

  • Full-Stack Observability

    7 Docker containers on a single EC2 instance — Prometheus, Grafana, Loki, Tempo — with Cloud Map DNS service discovery, 9 dashboards from S3, and zero public ingress.

    Read article

  • Next.js ECS CloudFront Deployment

    A 6-stack CDK architecture deploying containerized Next.js across ECS on EC2, CloudFront with WAF, API Gateway with Lambda, DynamoDB, and S3 — with auto-deploy from ECR pushes and deployment circuit breakers.

    Read article

  • AWS DevOps Pro Certification

    From scoring 726 (24 points short) to passing — a refined exam strategy covering multi-service architectures, deployment decision trees, and the SPIDER elimination method.

    Read article