My Projects

Client PHP Laravel Web App — AWS Elastic Beanstalk & MySQL

Goal: Give a client a scalable, managed environment to demo and test their PHP Laravel web application before committing to production infrastructure.

What I did: Deployed the Laravel application using AWS Elastic Beanstalk, which handled provisioning, load balancing, and auto-scaling configuration behind the scenes. Connected the app to a managed MySQL database (Amazon RDS) for persistent data storage, and configured environment variables and application settings to match the client's requirements.

Outcome: The client was able to test their application in a live, production-like environment without managing any underlying servers, giving them confidence in the app's behavior before a full production rollout.

Tech stack: AWS Elastic Beanstalk, Amazon RDS (MySQL), PHP, Laravel

Serverlesspresso — Event-Driven Order Management System

Goal: Build a fully serverless backend capable of managing real-time order workflows for a pop-up coffee shop, coordinating state across multiple front-end apps (customer ordering, barista display, order pickup).

What I did: Designed an event-driven architecture using AWS Step Functions to orchestrate the order lifecycle as a state machine (ordered → in progress → ready → picked up). Used DynamoDB to persist order and queue state, Lambda functions to handle business logic at each stage, EventBridge to route events between decoupled components, API Gateway to expose REST endpoints to the front-end apps, Cognito to handle anonymous/guest authentication for ordering, and IoT Core to push real-time order status updates to connected displays.

Outcome: A working, fully serverless order system with no servers to patch or scale manually — the architecture scales automatically with order volume and demonstrates production-grade event-driven design patterns.

Tech stack: Step Functions, DynamoDB, Lambda, EventBridge, API Gateway, Cognito, IoT Core

AWS WAF — Web Application Firewall Protection

Goal: Protect a web application against common attack patterns (bots, OWASP Top 10 threats, automated form abuse) using a managed, cloud-native firewall layer.

What I did: Deployed a CloudFormation stack to stand up a repeatable test environment, then configured AWS WAF with Bot Control to detect and block automated traffic, layered in AWS Managed Rule Groups alongside custom rules tailored to the application's traffic patterns, and added CAPTCHA challenges on sensitive web forms to stop scripted submissions. Set up monitoring using CloudWatch metrics and dashboards, and used Athena to run SQL queries directly against WAF logs in S3 for deeper traffic analysis.

Outcome: A layered, monitored defense-in-depth setup — combining managed rules, custom rules, bot detection, and human-verification challenges — fully deployed and reproducible as infrastructure as code.

Tech stack: AWS WAF, CloudFormation, CloudWatch, Amazon Athena, S3

Secure Remote Access — AWS Verified Access

Goal: Provide secure, identity-based access to private VPC resources without relying on a traditional VPN or exposed bastion host.

What I did: Deployed AWS Verified Access to enforce per-request access policies based on user identity and device context, using Cognito as the identity provider for authentication. Used an EC2 Instance Connect Endpoint to allow secure SSH access into private instances without public IPs, and packaged the entire setup as a CloudFormation stack so the architecture could be deployed and torn down consistently.

Outcome: A zero-trust style access model — every request is evaluated against identity and policy rather than relying on network location alone, eliminating the need for a traditional always-on VPN.

Tech stack: AWS Verified Access, Cognito, EC2 Instance Connect Endpoint, CloudFormation

Amazon Bedrock Exploration — Foundation Models & RAG

Goal: Get hands-on with generative AI on AWS — understanding how to invoke foundation models programmatically and where their limitations actually show up in practice.

What I did: Set up a SageMaker domain with JupyterLab as the development environment, then invoked Bedrock foundation models directly using both invokeModel() for single responses and invoke_model_with_response_stream() for streamed output. Compared response quality, latency, and behavior across different models, tested Amazon Nova for multimodal tasks (text + image input), and ran structured experiments to surface where models hallucinate, where factual accuracy breaks down, and where Retrieval-Augmented Generation (RAG) helps — and where it doesn't fully solve the problem.

Outcome: Practical, first-hand understanding of foundation model behavior and limitations beyond what's covered in documentation — directly applicable to evaluating AI tooling for security and operational use cases.

Tech stack: Amazon Bedrock, SageMaker, JupyterLab, Amazon Nova, Python

AWS Serverless Patterns — SAM & Terraform

Goal: Build and deploy a serverless REST API end-to-end using two different infrastructure-as-code approaches to compare workflows.

What I did: Created a DynamoDB table as the data layer, then built Lambda functions to handle create/read/update operations against it. Deployed an API Gateway in front of the Lambda functions to expose a REST API, configured Cognito for user authentication, and implemented a custom Lambda authorizer to enforce fine-grained access policies on individual API routes. Set up CloudWatch alarms tied to SNS notifications so I'd be alerted automatically on errors or unusual activity. Deployed the whole stack using both AWS SAM and Terraform to compare the two IaC tools directly.

Outcome: A fully functional, authenticated, monitored serverless API — and practical experience contrasting AWS-native (SAM) versus cloud-agnostic (Terraform) infrastructure tooling.

Tech stack: AWS SAM, Terraform, Lambda, DynamoDB, API Gateway, Cognito, CloudWatch, SNS

EC2 Cost Optimization — Lambda & EventBridge Scheduling

Goal: Reduce unnecessary EC2 spend by ensuring instances only run during actual business hours instead of 24/7.

What I did: Wrote two Lambda functions — one to start EC2 instances, one to stop them — and triggered each on a schedule using Amazon EventBridge rules (cron-based scheduled events), so instances spin up automatically each morning and shut down each evening without any manual intervention.

Outcome: Automated, hands-off cost optimization — instances only incur compute charges during the hours they're actually needed, directly cutting cloud spend with zero ongoing manual effort.

Tech stack: AWS Lambda, Amazon EventBridge, EC2

Infrastructure as Code — EC2 Deployment via CloudFormation

Goal: Move away from manual, click-through EC2 provisioning toward a repeatable, version-controlled deployment process.

What I did: Authored a CloudFormation template to define EC2 instance configuration, networking, and security group rules as code, allowing the entire environment to be deployed, updated, or torn down consistently from a single source of truth.

Outcome: A reproducible, version-controlled deployment process — eliminating configuration drift and manual setup errors, and making environment scaling straightforward.

Tech stack: AWS CloudFormation, EC2

CloudWatch Events to CSV — Python Automation

Goal: Make CloudWatch event data easier to analyze and report on outside the AWS console.

What I did: Set up an IAM user with scoped permissions and configured the AWS CLI for local access, then wrote a Python script using Boto3 to pull CloudWatch events and transform them into structured CSV output suitable for reporting, spreadsheets, or further analysis.

Outcome: A reusable script that turns raw CloudWatch event data into a portable, analysis-ready format — useful for audits, reporting, and identifying patterns over time.

Tech stack: Python, Boto3, AWS CLI, IAM, CloudWatch

CI/CD Game Deployment — CodePipeline, S3 & CloudFront

Goal: Automate deployment of a browser-based HTML/CSS/JS game so new commits go live automatically, with fast global delivery.

What I did: Connected a GitHub repository to AWS CodePipeline so every push triggers an automatic deployment to an S3 bucket configured for static website hosting. Added CloudFront in front of the S3 bucket as a CDN to cache content at edge locations worldwide, reducing load times for users regardless of location.

Outcome: A fully automated CI/CD pipeline — push to GitHub, and the live game updates within minutes, with no manual deployment steps and fast load times globally.

Tech stack: AWS CodePipeline, S3, CloudFront, GitHub, HTML/CSS/JavaScript

React App Deployment — AWS Amplify

Goal: Deploy a React application quickly with authentication and API support, minimizing manual infrastructure setup.

What I did: Used AWS Amplify to handle the build, deployment, and hosting pipeline for a React application, leveraging Amplify's built-in support for authentication and API integration rather than wiring up each service manually.

Outcome: A production-ready React app deployed with authentication and API access configured in a fraction of the time a fully manual setup would take.

Tech stack: AWS Amplify, React

This Website — Hosted on S3 & CloudFront

Goal: Put cloud and security skills into practice by hosting this very portfolio on production-grade AWS infrastructure rather than a third-party site builder, with automated deployment on every update.

What I did: Configured an S3 bucket for static website hosting, then placed CloudFront in front of it as a CDN to serve content quickly to visitors anywhere in the world while reducing direct load on the origin bucket. Built a CI/CD pipeline that syncs this repo from GitHub straight to the S3 bucket on every push, then automatically triggers a CloudFront cache invalidation so changes go live immediately instead of being served stale from cached edge locations.

Outcome: My first production AWS deployment — proof that the skills on this page aren't just theoretical, they're what's actually running this site right now. Updating the site is now as simple as pushing to GitHub: the new files sync to S3 and the CloudFront cache clears automatically, with no manual upload or console work required.

Tech stack: Amazon S3, Amazon CloudFront, GitHub, CI/CD pipeline (repo sync + cache invalidation)