Skills

Cloud

Real-world cloud decisions across AWS, GCP, and Azure. HA architecture, security posture, and cost discipline at production scale.

What I work on

  • HA architecture: multi-AZ deployments, failover testing, and graceful degradation patterns.
  • Network design: VPCs, private endpoints, NACLs vs security groups, and cross-account peering.
  • IAM least-privilege: role boundaries, service account scoping, and credential rotation.
  • Cost optimization: spot/preemptible instances, right-sizing, reserved capacity planning, and tagging strategies.
  • Secrets management: Vault, AWS Secrets Manager, GCP Secret Manager — rotation and access patterns.

Per-cloud strengths

AWS
EKS, EC2, RDS, S3, IAM, VPC, Route53, CloudWatch, ALB/NLB. EKS with IRSA for pod-level IAM, multi-AZ RDS with read replicas, and cost controls via Savings Plans.
GCP
GKE, GCS, Cloud SQL, Pub/Sub, Cloud Monitoring. GKE Autopilot for managed clusters, Workload Identity for pod IAM, and BigQuery for cost analysis.
Azure
AKS, Azure Monitor, Key Vault, and Azure AD integration. Managed identities for pod-level access and Azure Policy for compliance guardrails.

Design decisions I think about

  • Multi-AZ vs single-AZ: cost vs resilience tradeoff depends on the SLO, not a blanket rule
  • Managed vs self-managed: managed services reduce ops burden but add vendor lock-in risk
  • Egress costs: often the hidden cost driver in multi-region architectures
  • Security groups vs NACLs: stateful vs stateless — both have a place in defence-in-depth
Skills map →Ask SRE Intel →Kubernetes on cloud →