AWS CloudNotes: Full-Stack Serverless Project

Built an end-to-end EC2 Governance Engine on AWS using Python, Terraform, Lambda, EventBridge, SNS, Slack, and S3. This project scans EC2 instances across all states, applies governance rules, snapshots stopped instances, optionally terminates approved ones, generates CSV reports, stores them in S3, and sends notifications by email and Slack. What I liked most about this build was combining infrastructure automation with real operational governance, not just deployment. It was a great hands-on way to work with Lambda packaging, Terraform workflows, reporting, notifications, and cloud cost/control practices. Tech used: AWS Lambda EC2 EBS EventBridge SNS S3 Terraform Python GitHub Actions Slack API Always growing through building real-world cloud projects. Github Link : https://lnkd.in/grx7mGHQ #AWS #Terraform #Python #DevOps #CloudComputing #Lambda #InfrastructureAsCode #GitHubActions #EC2 #CloudEngineering

Platform engineering is genuinely one of the most interesting spaces in tech right now and I decided to stop just reading about it and actually build something. So I am building a production grade internal developer platform on AWS from scratch and documenting the whole journey publicly. Not a tutorial follow along. A real platform with real problems. And honestly the problems have been the best part. In just the first two phases I hit things like OIDC trust policies breaking every time I recreated the cluster, a missing EBS CSI driver keeping Prometheus stuck in Pending for an hour, and EC2 launch restrictions on a new AWS account that took a paid support plan to fix. None of that is in any tutorial. All of it is in the README. Here is where I am at: Phase 1: EKS + Terraform + IRSA + ALB Ingress - Done Phase 2: Prometheus + Grafana + AlertManager - Done Phase 3: GitOps with ArgoCD (coming soon) Phase 4: Reusable Terraform modules (coming soon) Stay tuned, more posts coming for each phase breaking down the architecture, the decisions, and the problems. If you are building something similar or have been down this road I would love to hear how you approached it. Repo: https://lnkd.in/e53BRp-6 #AWS #EKS #PlatformEngineering #Terraform #DevOps #Kubernetes

🚀 Project 3 done! Built a fully serverless HTTP API on AWS using: AWS Lambda (Python 3.12) no servers to manage API Gateway :live HTTP endpoint in seconds Terraform :entire infrastructure as code GitHub Actions : auto-deploy on every push to main Every push triggers a CI/CD pipeline that plans, reviews, and applies infrastructure changes automatically. Open to any feedback or suggestions 😊 always looking to improve! 🙌 The goal: zero manual work from code to cloud. 🔗 GitHub: https://lnkd.in/dkjn3AYu #AWS #Terraform #Serverless #DevOps #CloudComputing #Lambda #GitHubActions #IaC

Took a Node.js backend from local development to a scalable production deployment on AWS and owned every layer of it. Stack: Node.js (Express) + PostgreSQL (RDS) + Redis (ElastiCache) + AWS SES + JWT/OTP auth deployed via Elastic Beanstalk. But deployment wasn’t just “push and pray.” I made deliberate architectural choices: 🚦 Why Elastic Beanstalk? I wanted: Managed infrastructure Built-in load balancing Auto scaling Rolling deployments Minimal DevOps overhead EB gave me orchestration, while still running on EC2 so I maintain control over the runtime. 🔐 Authentication Design (Stateless & Scalable) Instead of traditional password-based auth: OTPs stored in Redis with TTL Sent via AWS SES On verification → issue JWT JWTs are stateless — which means when auto-scaling adds more EC2 instances, authentication still works seamlessly. Redis ensures temporary shared state (like OTPs) across instances. Designed for horizontal scaling from day one. ⚙️ Production Details That Matter Bound Express to "wildcard address" (required for ALB/Nginx routing) Implemented graceful shutdown using SIGTERM (important during deployments & scale-down events) Used SSL for RDS and TLS for Redis Managed DB connection pooling carefully These small decisions prevent real production issues. 🚀 Deployment Flow eb deploy → Code uploaded to S3 → Provisioned on EC2 → Nginx reverse proxy handles traffic → ALB distributes requests → Auto Scaling adjusts capacity Elastic Beanstalk abstracts infrastructure but understanding what’s happening underneath is what makes it production-ready. Building scalable systems isn’t just about writing APIs. It’s about designing how they behave under load, failure, and growth. Would you choose EB, ECS, or Kubernetes for a growing backend today? #CloudEngineer #BackendDeveloper #AWS #ElasticBeanstalk #ScalableSystems #DevOps

Anyone who has built an EKS cluster from scratch knows that Terraform gets the base up fast, but the real headache starts with security and permissions. These past few days I've been wrestling with an AWS architecture, and after hours of digging through logs and troubleshooting, I've got this up and running: 👉 OIDC authentication between GitHub Actions and AWS. Zero static access keys. 👉 IRSA (IAM Roles for Service Accounts) to keep hardcoded credentials out of the pods. 👉 AWS Secrets Manager CSI Driver mounting RDS secrets (had to dive deep into Kubernetes internal RBAC and IMDSv2 node networking to get the driver working properly). 👉 CI/CD pipeline dynamically updating images using Kustomize. It’s been an intense run, but seeing both the frontend and backend pods finally hit Running makes the keyboard-smashing worth it. #DevOps #AWS #EKS #Kubernetes #Terraform #Cloud

4 commands. That is all it takes to provision or destroy my entire Kubernetes cluster. terraform init → Downloads the AWS provider plugin into .terraform/ → Initialises the backend (where state is stored) → Run once per project terraform plan → Compares your .tf files against current state → Shows exactly what will be created, changed, or destroyed → Makes ZERO changes — purely a preview → Always run before apply terraform apply → Executes the plan — creates all resources → Prompts for confirmation → Prints outputs automatically:   master_public_ip = "13.233.x.x"   ssh_master = "ssh -i key.pem ubuntu@13.233.x.x" → No need to check the AWS Console terraform destroy → Terminates all resources Terraform created → Permanent — all EC2 data is lost Cost tip: Stop instances when not working — stopped EC2s do not incur compute charges. Run destroy only when done completely. #Terraform #IaC #AWS #DevOps #CloudEngineering

Last week: Docker & Kubernetes 🚀 This week: backend scalability from a technical lens. A few things that actually improved performance in my projects: • Reduced API latency using optimized REST design • Introduced async processing with queues (event-driven) • Fixed slow queries → biggest real-world impact • Added monitoring to catch bottlenecks early Key takeaway: Scalability is mostly about removing bottlenecks, not just adding resources. #Backend #Microservices #Java #SystemDesign #Cloud

🚀 From Microservices to Cloud-Native Deployment on Azure My DevOps Journey I’m excited to share a project I’ve been working on as part of my journey to becoming a DevOps & Cloud Engineer ☁️🔧 Over the past few days, I designed and deployed a cloud-native microservices application using: 🔹 Node.js microservices 👉 API Gateway (aggregation layer) 👉 User Service (PostgreSQL) 👉 Order Service (MongoDB) 🔹 Cloud & DevOps stack 👉 Docker (containerization) 👉 Azure Container Apps (deployment) 👉 Azure Container Registry (image storage) 👉 Azure PostgreSQL (managed relational DB) 👉 MongoDB Atlas (NoSQL database) 💡 What I built A distributed system where: 👉 The API Gateway aggregates data from multiple services 👉 Each microservice manages its own database 👉 Services communicate using cloud-native service discovery ⚙️ Key challenges I solved ✔️ Fixed PostgreSQL connection timeout (Azure firewall issue) ✔️ Resolved MongoDB Atlas connectivity (IP whitelisting) ✔️ Debugged inter-service communication in Azure Container Apps ✔️ Tuned API timeouts and improved reliability 📈 What I learned 👉 How to design microservices with different data storage strategies 👉 The difference between relational vs NoSQL databases in real scenarios 👉 How to deploy and manage applications in a cloud-native environment 👉 Real-world debugging of networking, security, and connectivity issues 📂 GitHub Repository 👉 https://lnkd.in/ehS9HWtg Feel free to check it out, run it locally with Docker Compose, or deploy it yourself on Azure! 🔥 What’s next 👉 CI/CD with GitHub Actions 👉 Kubernetes (AKS) deployment 👉 Infrastructure as Code (Terraform) 👉 Observability (logs, metrics, tracing) This project really helped me understand how modern cloud systems are built and operated. If you’re also learning DevOps or Cloud, let’s connect and grow together 🤝 #DevOps #CloudComputing #Azure #Docker #Microservices #NodeJS #MongoDB #PostgreSQL #LearningJourney

I’ve been focusing on building out my DevOps portfolio lately, and last month, I completed a project that I want to showcase: a fully serverless Task Manager API with authentication. While the backend logic is important, my main goal was to create a secure, automated environment that is production-ready. Here is the DevOps breakdown of how I built it: - 𝗜𝗻𝗳𝗿𝗮𝘀𝘁𝗿𝘂𝗰𝘁𝘂𝗿𝗲 𝗮𝘀 𝗖𝗼𝗱𝗲 (𝗜𝗮𝗖): I avoided manual "click-ops" in the AWS console. Instead, I used the Serverless Framework to define the entire stack—API Gateway, Cognito User Pools, DynamoDB, and Lambda—in a single serverless.yml file. This approach makes the environment version-controlled and repeatable. - 𝗖𝗼𝘀𝘁 𝗢𝗽𝘁𝗶𝗺𝗶𝘇𝗮𝘁𝗶𝗼𝗻 𝘃𝗶𝗮 𝗘𝗱𝗴𝗲 𝗔𝘂𝘁𝗵: I configured API Gateway with a Cognito JWT Authorizer. This setup is beneficial for cost control because unauthorized requests are rejected at the edge before they trigger a Lambda function, preventing wasted compute time or database capacity on unauthenticated traffic. - 𝗟𝗲𝗮𝘀𝘁 𝗣𝗿𝗶𝘃𝗶𝗹𝗲𝗴𝗲 𝗜𝗔𝗠 𝗣𝗼𝗹𝗶𝗰𝗶𝗲𝘀: I adhered to strict security best practices by scoping down the Lambda execution roles. The function doesn't have broad admin access; I wrote specific IAM policies that grant it permission to perform actions only on the exact TasksTable it needs. - 𝗥𝗲𝗴𝗶𝗼𝗻-𝗟𝗼𝗰𝗸𝗲𝗱 𝗗𝗲𝗽𝗹𝗼𝘆𝗺𝗲𝗻𝘁: Specified the ap-south-1 region to ensure low latency for the target user base and consistent deployment across environments. - 𝗣𝗲𝗿𝗳𝗼𝗿𝗺𝗮𝗻𝗰𝗲 𝗧𝘂𝗻𝗶𝗻𝗴: To minimize Lambda cold starts, I utilized the modular AWS SDK v3 and kept the deployment package lean by using Node’s native crypto module for UUID generation instead of adding extra dependencies. This project was an excellent opportunity to practice building infrastructure that is secure, automated, and cost-effective. You can check out the configuration and the code here: https://lnkd.in/dXxX3NTr #DevOps #AWS #CloudComputing #InfrastructureAsCode #BuildInPublic #Serverless #Automation

Alhamdulillah, my first AWS project is now live. I built a fully serverless form application from scratch, utilizing the following components: - S3 to host the frontend - API Gateway to handle requests - Lambda (Python) to process form data - DynamoDB to store every submission This setup means no servers and no maintenance, just the cloud. Honestly, I felt stuck on tutorials for weeks, thinking I wasn't making progress. However, building this project helped clarify many concepts that hours of watching videos couldn't. The most time-consuming part? Getting CORS configured correctly between API Gateway and Lambda. It may seem straightforward on paper, but it can be quite frustrating in practice. You can find the full project along with the architecture diagram on GitHub → https://lnkd.in/d43yGeny #AWS #DevOps #CloudComputing #Serverless #LearningInPublic