What I offer
Senior AWS DevOps — on demand
Production-grade infrastructure without the full-time hire. I help startups and scale-ups ship faster, safer, and cheaper on AWS.
Core Services
Hands-on consulting across the full DevOps stack — from containers to cost optimization.
Cluster setup, autoscaling with Karpenter and KEDA, Helm chart management, network policies, and GitOps pipelines on AWS EKS.
Modular, DRY Terraform with Terragrunt for AWS — VPC, RDS, EKS, S3, IAM, CloudFront and more. Version-controlled, reviewable infrastructure.
GitHub Actions, ArgoCD, Bitbucket Pipelines, AWS CodePipeline — fast, reliable delivery pipelines with GitOps principles baked in.
Rightsizing, Spot strategy, Reserved Instances, S3 lifecycle policies, Karpenter consolidation — real savings without cutting reliability.
Prometheus, Grafana, Elasticsearch, Kibana, CloudWatch — full-stack observability with dashboards and alerts that fire before your users notice.
IAM least-privilege, KMS encryption, SSM secrets management, VPN access, VPC design — secure-by-default infrastructure from day one.
Tools & Technologies
The stack I work with every day — battle-tested in production.
Kubernetes & EKS
Production-ready container orchestration on AWS
Cluster setup & networking
EKS clusters with VPC CNI, Ingress controllers, and network policies configured for production workloads.
Intelligent autoscaling
Karpenter for node provisioning and KEDA for event-driven pod scaling — your cluster scales exactly what it needs, when it needs it.
GitOps with ArgoCD
Declarative, Git-driven deployments. Every change is auditable, rollbacks are instant, and drift is automatically corrected.
Helm chart management
Custom Helm charts for your services and managed third-party charts for the rest — consistent, repeatable deployments.
CI/CD & Automation
From commit to production — automatically
GitHub Actions pipelines
Build, test, scan, and deploy on every push. Parallel jobs, caching, and environment gates for safe progressive delivery.
Code quality gates
SonarCloud integration blocks merges on quality or security regressions — tech debt stays manageable from day one.
Docker image management
Multi-stage builds, image scanning, and ECR lifecycle policies — lean, secure images in production.
Blue/green & rolling deployments
Zero-downtime deployment strategies with automated rollback — ship confidently any time of day.
Terraform & IaC
Infrastructure you can read, review, and trust
Modular Terraform with Terragrunt
DRY, reusable modules for every AWS resource — VPC, EKS, RDS, S3, IAM, CloudFront. No copy-paste drift between environments.
Multi-environment consistency
Dev, staging, and production share the same module code with environment-specific overrides — no surprises when you promote to prod.
State management & locking
Remote state in S3 with DynamoDB locking, encrypted and version-controlled — safe for teams, safe for CI.
PR-driven infrastructure changes
Terraform plan output in every pull request. Changes are reviewed before they are applied — no surprises in production.
Cloud Cost Optimization
Cut the waste, keep the reliability
Rightsizing & instance selection
Analyse actual CPU and memory usage to right-size EC2, RDS, and EKS node groups — often the single biggest quick win.
Spot & Savings Plan strategy
Karpenter-managed Spot nodes for interruptible workloads combined with Compute Savings Plans for baseline — significant savings without reliability risk.
Storage & data transfer
S3 Intelligent-Tiering, lifecycle policies, CloudFront for egress reduction — storage costs that shrink over time rather than grow.
Cost visibility & tagging
AWS Cost Explorer dashboards, resource tagging strategy, and per-team cost allocation — you always know where the money is going.
Monitoring & Observability
Know what is happening before your users do
Metrics with Prometheus & Grafana
Cluster, application, and business metrics collected with Prometheus and visualised in Grafana dashboards — built for your team, not a generic template.
Log aggregation
Centralised logging with Elasticsearch and Kibana or CloudWatch Logs Insights — structured logs, saved queries, and retention policies.
Alerting that matters
Alerts routed to Slack or PagerDuty with clear runbooks attached. Low noise, high signal — on-call stays manageable.
Distributed tracing
OpenTelemetry instrumentation and trace collection so you can follow a request across every service and find the bottleneck fast.
Security & Compliance
Secure by default, not bolted on afterwards
IAM least-privilege
Every service, role, and developer gets exactly the permissions they need — nothing more. IRSA for Kubernetes workloads, SCPs for AWS Organizations.
Secrets & encryption
KMS-encrypted secrets managed via AWS SSM Parameter Store or Secrets Manager, injected into workloads without ever touching source code.
Network hardening
Private subnets, security groups, VPC endpoints, and optional Client VPN — your infrastructure is not reachable unless it needs to be.
Vulnerability scanning
Container image scanning in ECR, dependency scanning in CI, and AWS Inspector for runtime findings — issues caught before they reach production.
Disaster Recovery & High Availability
Stay up when things go wrong — because they will
RTO & RPO planning
Define recovery time and recovery point objectives per workload, then build infrastructure that actually meets them — not just on paper.
Multi-AZ & multi-region architecture
Active-active or active-passive setups across availability zones and regions. Route 53 health checks and failover routing keep traffic flowing.
Automated backups & restore testing
RDS automated snapshots, S3 versioning, EBS backups with AWS Backup — and regular restore drills so you know they actually work.
Runbooks & incident playbooks
Documented, tested runbooks for common failure scenarios. Your on-call engineer knows exactly what to do at 3am.
Frequently asked questions
Common questions before we get started.
Do you work with existing teams?
Yes — most engagements involve embedding alongside your existing engineers. I review PRs, join standups, and transfer knowledge as we go. The goal is always to leave your team stronger.
Do you need AWS root access?
No. I work with a least-privilege IAM role scoped to what the engagement requires. I never need — or ask for — root credentials.
What if we are not on AWS yet?
I can help with cloud migrations to AWS from on-premise or other providers. The free audit is a good starting point to map out the path.
Do you only work with large companies?
No — I work with early-stage startups through to scale-ups. The engagement model and scope adapt to where you are. Many clients start with a small project or the free audit.
How quickly can you start?
Typically within one to two weeks of scoping. Book the free audit and we can discuss timeline during that call.
What happens after the project ends?
Everything is handed over with documentation and a knowledge-transfer session. I am available for follow-up questions and many clients move to a light retainer for ongoing support.
Engagement Models
Pick the model that fits your team and stage.
Free AWS Audit
A 60-minute review of your AWS architecture, CI/CD setup, costs, and security posture. You get a written report with prioritised findings — no commitment required.
Project-Based
Fixed scope, fixed timeline. Ideal for a specific deliverable — EKS migration, Terraform refactor, CI/CD build-out, or observability stack.
Monthly Retainer
Ongoing DevOps support for your team. I handle infrastructure changes, incident support, reviews, and architecture decisions on a recurring basis.
DevOps Embedding
I join your team as a fractional Senior DevOps — attending standups, reviewing PRs, pairing with engineers. All the value of a senior hire without the overhead.
What to expect
A transparent, low-friction process from first contact to production.
Free AWS Audit
I review your current setup — AWS costs, architecture, CI/CD, and security. You get a concrete report with findings and prioritised recommendations.
Proposal & Scope
Clear deliverables, timeline, and pricing. No vague retainers or open-ended commitments unless that's what you need.
Hands-On Implementation
I work directly in your codebase and AWS account — writing Terraform, wiring pipelines, tuning clusters. I collaborate async-first via GitHub, Slack, or your existing tools.
Handover & Support
Everything is documented and reviewed with your team. I stay available for questions and can continue as an ongoing partner if needed.
Ready to fix your infrastructure?
Start with a free AWS review — honest findings, zero pressure.