Uses

My primary IaC stack. Terragrunt keeps configurations DRY at scale across multi-account AWS organizations using reusable module hierarchies.

EKS clusters managed solely via GitOps. Zero click-ops in staging or production — every environment change is a signed Git commit.

AWS node lifecycle manager. Handles bin-packing, spot interruption, and consolidation — cutting cluster scaling latency and costs by up to 60%.

For packaging Kubernetes manifests and layering environment-specific overrides across multi-cluster deployments.

Kubernetes-native infrastructure provisioning. Manage AWS resources as CRDs for fully declarative, reconciliation-driven cloud operations.

Syncs secrets from AWS Secrets Manager and Parameter Store into Kubernetes — no manual secret rotation.

Cluster backup and disaster recovery. Used for scheduled snapshots of persistent volumes and namespace-level point-in-time restores.

Automates TLS certificate issuance via Let's Encrypt and AWS ACM. Zero manual certificate rotation across any cluster.

Primary CI/CD engine for application builds, Docker image publishing, Terraform plan/apply, and automated security scans.

Kubernetes-native workflow engine for complex DAG-based pipelines — model-training jobs, data pipelines, and multi-step deployments.

Terraform automation server for pull-request-driven infrastructure changes. Runs plan on PR open, apply on merge. Enforces drift-free IaC.

Used on larger enterprise projects for parallelized, self-hosted CI agents running on EKS — fast and cost-efficient at scale.

Automated dependency updates across Helm charts, Terraform module versions, and Docker base images via scheduled PRs.

Enforces code quality at commit time: terraform fmt, tflint, trivy scans, shellcheck, and custom policy validators run before any push.

Highly customized shell with Oh My Zsh, Starship prompt, and custom AWS account context injectors for instant role switching.

My primary IDE. JetBrains Mono, Vim bindings, and extensive Terraform, Go, and Kubernetes extensions baked in.

Terminal UI for Kubernetes. Navigate clusters, tail pod logs, exec into containers, and manage resources — faster than any GUI.

Terminal multiplexer for persistent sessions across SSH connections. Custom key bindings and status bar with AWS account and cluster context.

Blazing fast terminal Git UI. Stage hunks, squash commits, manage stashes, and resolve conflicts without touching a mouse.

Fuzzy finder wired into shell history, file search, and kubectl resource selection. Dramatically accelerates every terminal interaction.

Essential JSON/YAML processors for parsing AWS CLI outputs, Kubernetes manifests, and Terraform state files from the command line.

For rapid Kubernetes development loops — Tilt for live reload, Telepresence for intercepting cluster traffic to local processes.

Lightweight container runtime for macOS. Replaced Docker Desktop entirely. Lower overhead, faster image builds, fully CLI-driven.

Securely stores AWS credentials in macOS Keychain. Wraps every CLI call with temporary STS tokens. Never store plain-text access keys.

For fast shell interactions and federated SSO authentication into enterprise AWS environments at scale using SAML identity providers.

Instantly assume cross-account IAM roles from the terminal with a single command — essential for multi-account AWS Organizations setups.

Offline AWS service emulation for running integration tests against S3, SQS, Lambda, and DynamoDB locally without incurring real costs.

SQL-powered cloud asset inventory. Query AWS resource configurations, IAM relationships, and compliance status using standard SQL.

Reverse-engineers existing AWS infrastructure into Terraform/CDK code. Invaluable when adopting IaC on brownfield accounts.

Used alongside Terraform for L3 construct abstractions on application-layer resources where programmatic generation beats raw HCL.

Generates interactive network topology maps of AWS VPCs. Used during architecture reviews and security audits to visualize blast radius.

Core monitoring stack for EKS clusters. Custom dashboards track node saturation, request latencies, and deployment rollout health.

Lightweight log aggregation — far leaner than ELK. Structured log shipping from all pods with multi-tenant label isolation.

Container and IaC vulnerability scanning integrated into pre-commit hooks and CI pipelines. Blocks builds on critical CVEs.

Vendor-agnostic distributed tracing and metrics across microservices. Exports to Jaeger, Grafana Tempo, or AWS X-Ray.

Runtime security monitoring for Kubernetes. Detects unexpected syscalls, privilege escalations, and container drift in real time.

Kubernetes-native policy engine for enforcing image registries, label requirements, resource limits, and pod security standards as CRDs.

Static analysis for Terraform and Kubernetes manifests. Catches misconfigurations like open S3 buckets or unencrypted EBS volumes pre-apply.

On-call incident management integrated with Grafana alerts and Kubernetes events. Escalation policies ensure no critical alarm is missed.

Centralizes VPC interconnectivity across accounts and regions. Eliminates peering mesh complexity in large AWS Organizations.

Automates Route 53 record management based on Kubernetes Service and Ingress annotations. DNS-as-code without manual console changes.

eBPF-powered CNI for EKS. Provides L7 network policies, deep packet inspection, and Hubble for real-time flow observability.

DNS, WAF, and DDoS protection for public-facing endpoints. Zero-Trust tunnels for secure internal service exposure without VPN.

Mesh VPN for secure developer access to private EKS clusters and AWS resources without bastion hosts or complex security group rules.

Exposes internal services across VPCs without traffic traversing the public internet. Critical for multi-tenant SaaS isolation patterns.

Managed Kubernetes on AWS. Primary platform for all production workloads — combined with Karpenter, IRSA, and EKS Blueprints for full automation.

Virtual Kubernetes clusters inside a host EKS cluster. Used for tenant isolation, ephemeral dev environments, and CI preview namespaces.

Service mesh for mTLS between microservices, traffic shifting, circuit breaking, and deep L7 observability across the cluster.

Kubernetes Event-Driven Autoscaler. Scales workloads based on SQS depth, Kafka lag, or custom CloudWatch metrics beyond basic HPA.

Progressive delivery controller for canary and blue-green deployments with automatic metric-based promotion or rollback gates.

Declarative Kubernetes cluster lifecycle management. Provision, upgrade, and scale clusters using the same GitOps workflows as application code.

Policy-as-code enforcement at the admission controller level. Blocks non-compliant workloads before they ever reach the scheduler.

Lightweight GitOps operator used alongside ArgoCD on multi-cluster setups where a pull-based agent with minimal footprint is preferred.

Serverless workloads on Kubernetes. Scale-to-zero event-driven functions without leaving the cluster — used for bursty batch processing.

Automatically right-sizes container CPU and memory requests based on real usage history, reducing waste across long-running services.

End-to-end ML platform for training, tuning, and deploying models at scale. Used for custom model hosting behind real-time inference endpoints.

Managed foundation model API. Deploy Claude, Llama, and Titan models with VPC isolation, guardrails, and fine-tuning without managing GPUs.

Experiment tracking, model registry, and artifact storage for ML pipelines. Deployed on EKS with S3 backend for team-wide visibility.

Orchestrates multi-step ML workflows on Kubernetes — data ingestion, preprocessing, training, evaluation, and deployment as DAGs.

Distributed ML compute framework for hyperparameter sweeps and large-scale batch inference jobs across heterogeneous GPU node groups.

Used as a leaner alternative to Kubeflow for scheduled retraining pipelines and feature engineering DAGs with native S3 artifact passing.

Structured logging, tracing, and metrics for serverless ML inference wrappers — essential for observing model latency in production.

Vector similarity search directly inside PostgreSQL. Used for RAG pipelines and semantic search without operating a standalone vector database.

Automates GPU driver and runtime installation on EKS GPU node groups. Enables cuda workloads without manual AMI configuration.

Experiment tracking and model lineage for larger ML projects. Dashboard gives non-technical stakeholders visibility into training runs.

Agentic AI workflows with tool use and knowledge bases backed by OpenSearch. Used for internal enterprise copilots and automated ops assistants.

Open-source feature store deployed on EKS. Centralises feature computation and serving to prevent training-serving skew across teams.

Primary AI assistant for architecture design, IaC module generation, incident runbook drafting, and complex AWS cost analysis.

In-editor AI for accelerating Terraform module authoring, Python scripting, and boilerplate Kubernetes manifest generation.

macOS launcher and productivity hub. Custom scripts for AWS SSO switching, clipboard history, and instant documentation search.

Architecture decision records (ADRs), runbooks, on-call playbooks, and client project documentation all live here.

Fast, hand-drawn-style architecture diagrams for whiteboarding sessions and technical proposals before committing to formal diagrams.

Formal architecture diagrams with official AWS icon sets. Used for deliverables, compliance documentation, and client presentations.