Projects & Case Studies

A collection of my infrastructure automation and AI engineering work.

Personal Cloud Portfolio

Live & On-Going

This Website: A modern, responsive personal portfolio built entirely on AWS serverless infrastructure.

  • Infrastructure: Automated provisioning via Terraform (S3 & CloudFront) with custom modules.
  • Secure Authentication: Eliminated long-lived Access Keys (AK/SK) by implementing GitHub OIDC to assume AWS roles with short-lived credentials for Terraform runs.
🛡️ Repository Security & Governance:
  • Branch Protection: "Main" branch locked. No direct pushes or force pushes allowed.
  • Quality Gates: PRs require approval and passing status checks (Terraform Plan) before merge.
  • Secret Safety: Strict .gitignore policy ensuring no state files (*.tfstate) or variable files (*.tfvars) are committed.
📂 View Source Code
Terraform GitHub Actions AWS OIDC S3/CloudFront

Cloud-Native AI Doc Analyzer

Live

Event-Driven AI: An automated pipeline using Amazon Bedrock (Claude 3 Haiku) to summarize and extract insights from PDF documents uploaded to S3.

  • AI Orchestration: Lambda-based workflow using urllib.parse to handle URL-encoded S3 events.
  • Data Persistence: Extracts structured JSON from unstructured text and stores results in DynamoDB.
🛡️ Advanced Governance & Guardrails:
  • Permissions Boundaries: Implemented a "Maximum Permission Ceiling" to prevent privilege escalation within CI/CD.
  • Forced Inheritance: Automation role is restricted from creating any IAM roles that do not inherit existing security boundaries.
  • Anti-Tampering: Explicit Deny policies prevent the GitHub OIDC role from modifying its own security constraints.
📄 View Project Documentation
Amazon Bedrock AWS Lambda DynamoDB S3 Terraform Python

Local Secure Doc Analyst 🔒

Completed

Private RAG Tool: A 100% offline tool that allows secure chat with sensitive PDF/Excel documents using local LLMs, ensuring zero data leakage to the cloud.

  • Tech Stack: Built with Python, Streamlit, LangChain, and Ollama.
  • Benchmarks: Tested against Llama 3 (8B) and Mistral-Nemo (12B). Mistral-Nemo proved more accurate in extracting entities from Spanish legal docs.
  • Privacy: Uses ephemeral in-memory vector storage (ChromaDB) to ensure data is wiped instantly after analysis.
📂 View Source Code
GenAI Ollama Python Streamlit LangChain ChromaDB

Serverless Dynamic Backend

Upcoming

Roadmap: Enhancing the static portfolio with dynamic capabilities using a Serverless architecture.

  • Implementing API Gateway as the REST entry point.
  • Developing AWS Lambda functions (Python) to process contact forms and dynamic content.
  • Integration with DynamoDB for data persistence.
API Gateway Lambda (Python) Serverless DynamoDB

AWS Static Site Terraform Module

Completed

Infrastructure as Code: Built a reusable Terraform module to automate the deployment of secure, high-performance static websites.

  • Provisions ACM Certificates for SSL/TLS.
  • Configures CloudFront Distribution with default cache behaviors.
  • Secures S3 Buckets with OAI/OAC policies.
Terraform AWS CloudFront AWS ACM S3 Route53