HHardikShah
    Contact Me

    The toolchain.

    The exact hardware, tooling, and software I run daily to architect and operate production-grade cloud infrastructure.

    73Tools
    9Categories
    DevOps & Cloud Orchestration8
    • Terraform & Terragrunt
      My primary IaC stack. Terragrunt keeps configurations DRY at scale across multi-account AWS organizations using reusable module hierarchies.
    • Kubernetes & ArgoCD
      EKS clusters managed solely via GitOps. Zero click-ops in staging or production — every environment change is a signed Git commit.
    • Karpenter
      AWS node lifecycle manager. Handles bin-packing, spot interruption, and consolidation — cutting cluster scaling latency and costs by up to 60%.
    • Helm & Kustomize
      For packaging Kubernetes manifests and layering environment-specific overrides across multi-cluster deployments.
    • Crossplane
      Kubernetes-native infrastructure provisioning. Manage AWS resources as CRDs for fully declarative, reconciliation-driven cloud operations.
    • External Secrets Operator
      Syncs secrets from AWS Secrets Manager and Parameter Store into Kubernetes — no manual secret rotation.
    • Velero
      Cluster backup and disaster recovery. Used for scheduled snapshots of persistent volumes and namespace-level point-in-time restores.
    • cert-manager
      Automates TLS certificate issuance via Let's Encrypt and AWS ACM. Zero manual certificate rotation across any cluster.
    CI/CD & Automation6
    • GitHub Actions
      Primary CI/CD engine for application builds, Docker image publishing, Terraform plan/apply, and automated security scans.
    • Argo Workflows
      Kubernetes-native workflow engine for complex DAG-based pipelines — model-training jobs, data pipelines, and multi-step deployments.
    • Atlantis
      Terraform automation server for pull-request-driven infrastructure changes. Runs plan on PR open, apply on merge. Enforces drift-free IaC.
    • Buildkite
      Used on larger enterprise projects for parallelized, self-hosted CI agents running on EKS — fast and cost-efficient at scale.
    • Renovate Bot
      Automated dependency updates across Helm charts, Terraform module versions, and Docker base images via scheduled PRs.
    • Pre-commit Hooks
      Enforces code quality at commit time: terraform fmt, tflint, trivy scans, shellcheck, and custom policy validators run before any push.
    Local Development & Terminal9
    • iTerm2 + Zsh
      Highly customized shell with Oh My Zsh, Starship prompt, and custom AWS account context injectors for instant role switching.
    • Cursor / VS Code
      My primary IDE. JetBrains Mono, Vim bindings, and extensive Terraform, Go, and Kubernetes extensions baked in.
    • k9s
      Terminal UI for Kubernetes. Navigate clusters, tail pod logs, exec into containers, and manage resources — faster than any GUI.
    • tmux
      Terminal multiplexer for persistent sessions across SSH connections. Custom key bindings and status bar with AWS account and cluster context.
    • lazygit
      Blazing fast terminal Git UI. Stage hunks, squash commits, manage stashes, and resolve conflicts without touching a mouse.
    • fzf + ripgrep
      Fuzzy finder wired into shell history, file search, and kubectl resource selection. Dramatically accelerates every terminal interaction.
    • jq + yq
      Essential JSON/YAML processors for parsing AWS CLI outputs, Kubernetes manifests, and Terraform state files from the command line.
    • Tilt & Telepresence
      For rapid Kubernetes development loops — Tilt for live reload, Telepresence for intercepting cluster traffic to local processes.
    • Colima
      Lightweight container runtime for macOS. Replaced Docker Desktop entirely. Lower overhead, faster image builds, fully CLI-driven.
    AWS Power Utilities8
    • AWS Secrets Manager
      Securely stores AWS credentials in macOS Keychain. Wraps every CLI call with temporary STS tokens. Never store plain-text access keys.
    • aws-cli v2 + saml2aws
      For fast shell interactions and federated SSO authentication into enterprise AWS environments at scale using SAML identity providers.
    • awssume
      Instantly assume cross-account IAM roles from the terminal with a single command — essential for multi-account AWS Organizations setups.
    • LocalStack
      Offline AWS service emulation for running integration tests against S3, SQS, Lambda, and DynamoDB locally without incurring real costs.
    • Steampipe
      SQL-powered cloud asset inventory. Query AWS resource configurations, IAM relationships, and compliance status using standard SQL.
    • Former2
      Reverse-engineers existing AWS infrastructure into Terraform/CDK code. Invaluable when adopting IaC on brownfield accounts.
    • AWS CDK
      Used alongside Terraform for L3 construct abstractions on application-layer resources where programmatic generation beats raw HCL.
    • CloudMapper
      Generates interactive network topology maps of AWS VPCs. Used during architecture reviews and security audits to visualize blast radius.
    Observability & Security8
    • Prometheus & Grafana
      Core monitoring stack for EKS clusters. Custom dashboards track node saturation, request latencies, and deployment rollout health.
    • Loki & Promtail
      Lightweight log aggregation — far leaner than ELK. Structured log shipping from all pods with multi-tenant label isolation.
    • Trivy & Snyk
      Container and IaC vulnerability scanning integrated into pre-commit hooks and CI pipelines. Blocks builds on critical CVEs.
    • OpenTelemetry
      Vendor-agnostic distributed tracing and metrics across microservices. Exports to Jaeger, Grafana Tempo, or AWS X-Ray.
    • Falco
      Runtime security monitoring for Kubernetes. Detects unexpected syscalls, privilege escalations, and container drift in real time.
    • Kyverno
      Kubernetes-native policy engine for enforcing image registries, label requirements, resource limits, and pod security standards as CRDs.
    • Checkov & tfsec
      Static analysis for Terraform and Kubernetes manifests. Catches misconfigurations like open S3 buckets or unencrypted EBS volumes pre-apply.
    • PagerDuty
      On-call incident management integrated with Grafana alerts and Kubernetes events. Escalation policies ensure no critical alarm is missed.
    Networking & DNS6
    • AWS Transit Gateway
      Centralizes VPC interconnectivity across accounts and regions. Eliminates peering mesh complexity in large AWS Organizations.
    • ExternalDNS
      Automates Route 53 record management based on Kubernetes Service and Ingress annotations. DNS-as-code without manual console changes.
    • Cilium
      eBPF-powered CNI for EKS. Provides L7 network policies, deep packet inspection, and Hubble for real-time flow observability.
    • Cloudflare
      DNS, WAF, and DDoS protection for public-facing endpoints. Zero-Trust tunnels for secure internal service exposure without VPN.
    • Tailscale
      Mesh VPN for secure developer access to private EKS clusters and AWS resources without bastion hosts or complex security group rules.
    • AWS PrivateLink
      Exposes internal services across VPCs without traffic traversing the public internet. Critical for multi-tenant SaaS isolation patterns.
    Kubernetes & Container Platform10
    • Amazon EKS
      Managed Kubernetes on AWS. Primary platform for all production workloads — combined with Karpenter, IRSA, and EKS Blueprints for full automation.
    • vCluster
      Virtual Kubernetes clusters inside a host EKS cluster. Used for tenant isolation, ephemeral dev environments, and CI preview namespaces.
    • Istio / AWS App Mesh
      Service mesh for mTLS between microservices, traffic shifting, circuit breaking, and deep L7 observability across the cluster.
    • KEDA
      Kubernetes Event-Driven Autoscaler. Scales workloads based on SQS depth, Kafka lag, or custom CloudWatch metrics beyond basic HPA.
    • Argo Rollouts
      Progressive delivery controller for canary and blue-green deployments with automatic metric-based promotion or rollback gates.
    • Cluster API (CAPI)
      Declarative Kubernetes cluster lifecycle management. Provision, upgrade, and scale clusters using the same GitOps workflows as application code.
    • OPA / Gatekeeper
      Policy-as-code enforcement at the admission controller level. Blocks non-compliant workloads before they ever reach the scheduler.
    • Flux CD
      Lightweight GitOps operator used alongside ArgoCD on multi-cluster setups where a pull-based agent with minimal footprint is preferred.
    • Knative
      Serverless workloads on Kubernetes. Scale-to-zero event-driven functions without leaving the cluster — used for bursty batch processing.
    • Vertical Pod Autoscaler
      Automatically right-sizes container CPU and memory requests based on real usage history, reducing waste across long-running services.
    ML Platform & AI Infrastructure12
    • AWS SageMaker
      End-to-end ML platform for training, tuning, and deploying models at scale. Used for custom model hosting behind real-time inference endpoints.
    • AWS Bedrock
      Managed foundation model API. Deploy Claude, Llama, and Titan models with VPC isolation, guardrails, and fine-tuning without managing GPUs.
    • MLflow
      Experiment tracking, model registry, and artifact storage for ML pipelines. Deployed on EKS with S3 backend for team-wide visibility.
    • Kubeflow Pipelines
      Orchestrates multi-step ML workflows on Kubernetes — data ingestion, preprocessing, training, evaluation, and deployment as DAGs.
    • Ray on EKS
      Distributed ML compute framework for hyperparameter sweeps and large-scale batch inference jobs across heterogeneous GPU node groups.
    • Argo Workflows (ML)
      Used as a leaner alternative to Kubeflow for scheduled retraining pipelines and feature engineering DAGs with native S3 artifact passing.
    • AWS Lambda Powertools
      Structured logging, tracing, and metrics for serverless ML inference wrappers — essential for observing model latency in production.
    • pgvector on RDS
      Vector similarity search directly inside PostgreSQL. Used for RAG pipelines and semantic search without operating a standalone vector database.
    • NVIDIA GPU Operator
      Automates GPU driver and runtime installation on EKS GPU node groups. Enables cuda workloads without manual AMI configuration.
    • Weights & Biases
      Experiment tracking and model lineage for larger ML projects. Dashboard gives non-technical stakeholders visibility into training runs.
    • Amazon Q / Bedrock Agents
      Agentic AI workflows with tool use and knowledge bases backed by OpenSearch. Used for internal enterprise copilots and automated ops assistants.
    • Feast (Feature Store)
      Open-source feature store deployed on EKS. Centralises feature computation and serving to prevent training-serving skew across teams.
    AI & Productivity6
    • Claude (Anthropic)
      Primary AI assistant for architecture design, IaC module generation, incident runbook drafting, and complex AWS cost analysis.
    • GitHub Copilot
      In-editor AI for accelerating Terraform module authoring, Python scripting, and boilerplate Kubernetes manifest generation.
    • Raycast
      macOS launcher and productivity hub. Custom scripts for AWS SSO switching, clipboard history, and instant documentation search.
    • Notion
      Architecture decision records (ADRs), runbooks, on-call playbooks, and client project documentation all live here.
    • Excalidraw
      Fast, hand-drawn-style architecture diagrams for whiteboarding sessions and technical proposals before committing to formal diagrams.
    • draw.io
      Formal architecture diagrams with official AWS icon sets. Used for deliverables, compliance documentation, and client presentations.

    This list is updated periodically. All tools reflect my current production stack — not aspirational software. Last updated · 2026