Infrastructure and security reference implementations — annotated architecture diagrams, IaC patterns, and DevSecOps tooling from real-world deployments.
Multi-region, low-latency serverless logic with access to the same dataset, also at low latency. Stateful data is replicated cross-region using ElastiCache replica sets. Highly secure and DDoS-resiliant solution.
View project →Multi-AZ, auto-scaling application infrastructure with hardened EC2 instances, managed PostgreSQL with Multi-AZ failover, private S3 access via VPC Endpoint, and a WAF-protected ALB. Zero public ingress except through the load balancer.
View project →Three-layer Terraform scanning pipeline: tfsec for fast feedback, Checkov for CIS benchmark coverage, and custom OPA policies for organisation-specific rules. Findings annotated inline on pull requests via SARIF upload.
Coming SoonHigh-signal CloudTrail alerting using Athena for log analysis and SNS for delivery. Covers privilege escalation paths, credential exfiltration indicators, and anomalous API call patterns — each with a runbook.
Coming SoonAutomated IAM policy audit pipeline using IAM Access Analyzer, Parliament, and custom Python to surface wildcard actions, missing conditions, and PassRole overreach across all roles in an organisation.
Coming SoonOpinionated EKS hardening reference: network policies, pod security standards, IRSA for workload identity, Falco for runtime detection, and OPA Gatekeeper admission policies — all expressed as Terraform + Helm.
Coming Soon