Project 1: A Secure & Scalable Portfolio Website (AWS)

This project demonstrates a full-stack skillset, from front-end development to advanced cloud infrastructure management. It showcases my ability to build and deploy a secure, professional website using a variety of AWS services.

AWS Architecture Diagram

AWS Services Used

• Amazon EC2: Provisioned a Linux virtual machine to host the web server.
• Nginx: Configured an Nginx web server to serve the website content.
• Application Load Balancer (ALB): Created a scalable, high-availability entry point for the website.
• AWS Certificate Manager (ACM): Provisioned a public SSL/TLS certificate to secure the website with HTTPS.
• Amazon Route 53: Configured DNS records (A, Alias, and MX) to point the domain name and handle email routing.
• Amazon Simple Email Service (SES): Verified the domain and set up a system for receiving emails.
• AWS Lambda: Wrote and deployed a Python function to automatically forward incoming emails.
• Amazon S3: Used an S3 bucket to temporarily store incoming emails for the Lambda function.

Cloud & DevOps Skills Demonstrated

• Networking & Security: I configured security groups, Load Balancers, and DNS records to create a secure, publicly accessible web application. I identified and fixed a security vulnerability by correctly configuring my inbound rules.
• Server Administration: I provisioned and configured a Linux server with Nginx, demonstrating fundamental systems administration skills.
• Load Balancing & High Availability: I implemented a Load Balancer to ensure my website is resilient and can handle traffic efficiently.
• DNS Management: I gained hands-on experience managing DNS records for domain verification, website traffic, and email routing.
• Serverless Computing: I built and deployed a Lambda function, a key skill in modern cloud architecture.
• Troubleshooting: I methodically debugged complex issues with networking, permissions, and configuration, demonstrating persistence and a deep understanding of how these cloud services interact.

Project 2: Azure Hub-and-Spoke Network Design

This project involved designing and implementing a robust hub-and-spoke network topology in Microsoft Azure, focusing on secure segmentation and efficient inter-VNet communication for a corporate environment.

Azure Architecture Diagram

Project Overview

In a real-world corporate environment, I contributed to the design and implementation of an Azure hub-and-spoke network architecture. The hub VNet serves as a central point for connectivity to on-premises networks and shared services (e.g., firewalls, management tools), while spoke VNets host individual workloads (e.g., development, production environments).

This design ensures centralized control, simplified network management, and enhanced security through VNet peering and granular subnet segmentation. Each of the three main VNets (one hub, two spokes) was further divided into multiple subnets to logically isolate resources and apply specific Network Security Group (NSG) rules.

Azure Services Used

• Azure Virtual Network (VNet): Created and configured the primary network containers for the hub and spoke topologies.
• Subnets: Segmented VNets into smaller, isolated IP ranges for different application tiers (e.g., Web, Application, Database, Gateway).
• VNet Peering: Established secure, low-latency connections between the hub and spoke VNets, allowing resources in different VNets to communicate as if they were in the same network.
• Network Security Groups (NSGs): Applied NSGs to subnets and network interfaces to control inbound and outbound traffic, enforcing security policies.
• Azure Firewall / Network Virtual Appliance (Conceptual): The hub VNet was designed to integrate with central network appliances for enhanced security (though not directly implemented in this project's scope).

Cloud & DevOps Skills Demonstrated

• Cloud Networking Design: Ability to plan and implement complex network topologies in Azure.
• Network Segmentation: Expertise in dividing networks into secure, manageable segments using subnets and NSGs.
• Inter-VNet Connectivity: Proficient in configuring VNet peering for secure and efficient communication between virtual networks.
• Security Best Practices: Applied network security principles to isolate workloads and control traffic flow.
• Infrastructure as Code (IaC) (Conceptual): Understanding of how such a network would be defined and deployed using tools like Azure Resource Manager (ARM) templates or Terraform.
• Collaboration: Experience working within a team on a critical infrastructure project.

Project 3: AWS Landing Zone Foundation

This project involved building a secure, multi-account AWS environment that provides a scalable and governed foundation for deploying enterprise workloads. Using **Terraform** as the Infrastructure as Code (IaC) tool, I automated the setup of a core landing zone architecture, demonstrating advanced skills in cloud governance, automation, and security best practices.

Architecture Diagram

AWS Services Used

I utilized a number of core AWS services to establish the Landing Zone foundation, all defined and deployed via Terraform:

• AWS Organizations: To logically group and centrally manage multiple AWS accounts.
• AWS IAM Identity Center: Implemented for centralized user authentication and authorization across all accounts.
• Amazon S3: Configured secure, versioned buckets for centralized storage of audit logs.
• AWS CloudTrail: Enabled and configured to log and monitor all API activity across the entire organization.
• AWS Config: Deployed to continuously audit and evaluate the configurations of AWS resources for security and compliance.
• Service Control Policies (SCPs): Applied organizational guardrails to enforce a baseline level of security and compliance.
• AWS KMS: Managed encryption keys for sensitive data, ensuring logs and other data are encrypted at rest.
• Terraform: Used to define the entire landing zone as code, ensuring the environment is repeatable, version-controlled, and consistently deployed.

Cloud & DevOps Skills Demonstrated

This project showcases my ability to move beyond single-account deployments and apply enterprise-level cloud governance principles:

• Cloud Governance & Security: Proactive design and implementation of a secure foundation, including centralized logging and preventative controls.
• Infrastructure as Code (IaC): Proficient use of **Terraform** for automation, demonstrating best practices in modular and repeatable infrastructure deployments.
• Multi-Account Strategy: Architected a multi-account structure for improved security, compliance, and billing management.
• Security Best Practices: Implemented foundational security controls such as SCPs, centralized logging, and continuous compliance monitoring with AWS Config.
• Architectural Design: Ability to design a scalable and secure cloud foundation for future workloads.
• Enterprise Cloud Adoption: Understanding the challenges and solutions for large-scale cloud environments.

View on GitHub

Future Project: [My Next Project Title]

This section will contain detailed information about my future project, including:

Project Overview

A brief description of the problem I'm solving and the solution I implemented.

Architecture Diagram

AWS Services Used

• [List of AWS services]

Cloud & DevOps Skills Demonstrated

• [List of skills]