NotAKaren — Infrastructure Architecture
AWS Multi-AZ Production Architecture
Cloud & DevOps.
Automating Infrastructure.
Building secure, scalable, and resilient cloud architectures through Infrastructure as Code and CI/CD.
I provision all my infrastructure as modular, versioned code (Terraform) with remote state backend (GitLab HTTP, S3) and branch-based environment isolation to enable collaborative work without conflict. System configuration is handled through dynamic inventory and templated playbooks (Ansible, aws_ec2, Jinja2) to eliminate any configuration drift between environments and guarantee deployment idempotency. Nothing is configured manually.
I build pipelines that handle the full cycle — linting, IaC security scanning (Checkov), rootless container builds (Buildah) and image scanning (Grype), and automated multi-environment deployment (GitLab CI/CD). I validate pipeline syntax before pushing (Plumber) and use branch-based isolation to spin up ephemeral staging environments on demand.
Goal: deliver verified, scanned, and deployable code without manual intervention.
I design multi-AZ architectures with managed services that handle failover automatically (RDS PostgreSQL Multi-AZ, ElastiCache Redis) and auto-scaling compute behind load balancers with health checks (ASG, ALB). The goal is always the same: services stay up when individual components go down.
I treat security as a design constraint, not an afterthought. Every architecture starts with attack surface reduction, least privilege enforcement, and defense in depth — web application firewall at the edge (WAFv2), supply chain scanning in the pipeline (Grype, Checkov), SSH hardening, and compliance-aligned practices throughout (OWASP, ANSSI).
I build container images in rootless mode — no daemon, no root privileges, reduced attack surface (Buildah, OCI). Images are scanned before deployment (Grype) and orchestrated for production (Docker Compose). I apply this approach to every application I deploy, from customer support platforms to fintech stacks.
I deploy dedicated monitoring with exporters across the stack — compute, database, cache (Prometheus, Grafana, node_exporter, postgres_exporter, redis_exporter). Logs are centralized and queryable (Loki, Promtail). On the cost side, I leverage spot instances when relevant, scheduled infrastructure teardowns, and storage lifecycle policies (S3) to keep cloud spending under control.
End-to-end automated deployment of a Chatwoot customer support platform on AWS. Full Infrastructure as Code approach with Terraform (13 modules), Ansible dynamic inventory, and a GitLab CI/CD pipeline with rootless builds and security scanning. Multi-AZ architecture with high availability, WAF protection, and Prometheus/Grafana monitoring.
Cloud deployment of a fintech application on AWS as part of the AWS Solutions Architect Associate (SAA-C03) certification preparation. Terraform-provisioned infrastructure with ALB, ASG, RDS PostgreSQL, CloudFront and Nginx reverse proxy. Golden AMIs built with Packer/Ansible for immutable deployments. Cost optimization with spot instances.
Cybersecurity lab on ARM64 machine. Windows log collection via Sysmon and Promtail, Loki storage, Grafana dashboards with 4 real-time monitoring panels.
Obtained
In preparation
Planned
27 years shaping precision-engineered products — from Ferrari bodywork in Maranello to Venturi concept cars in Monaco. Domains where function dictates form and imprecision doesn't exist.
The terrain changed, the standards didn't. Today I design cloud architectures on AWS, automate infrastructure with Terraform and Ansible, and build CI/CD pipelines that hold up in production. With a conviction that design taught me and security confirms: light is right — less surface, less exposure.
I am particularly focused on Cloud Infrastructure and DevOps engineering — designing, automating, and securing environments through Infrastructure as Code, with the same discipline I applied to industrial design for nearly three decades.