Projects
These projects form a cohesive platform for AWS infrastructure — from account bootstrapping through application deployment. Every project is live, documented, and publicly available.
Enterprise Tools
Projects addressing problems at organizational scale: multi-account visibility, cost analysis, security findings, and operational workflows.
| Project | Description | Links |
|---|---|---|
| Technical Debt Tool Flagship | Programmatic analysis platform scanning AWS accounts for phantom resources, security misconfigurations, IAM overprovisioning, and cost waste. Deployed across 40+ accounts in an 800+ account org. Outcome: centralized visibility where none existed. | Case Study |
| Email Handler | AWS-native email pipeline: SES receipt, Lambda-based spam filtering, auto-acknowledgment, reply routing, and DynamoDB conversation tracking. Outcome: zero-maintenance contact management at pennies/month. | Details GitHub |
Foundation Infrastructure
Reusable infrastructure primitives that solve the bootstrap problem: how do you create Terraform state storage before Terraform exists, and how do you deploy securely without long-lived credentials?
| Project | Description | Links |
|---|---|---|
| Terraform Bootstrap | CloudFormation-managed S3 state bucket, DynamoDB lock table, and OIDC provider. Solves the circular dependency of managing Terraform's own backend with Terraform. Outcome: repeatable account bootstrapping in minutes. | Details GitHub |
| IAM Deploy Roles | Terraform-managed IAM roles for GitHub Actions OIDC authentication. Eliminates static credentials from CI/CD pipelines using short-lived tokens scoped per repository and environment. Outcome: zero stored secrets across all deploy pipelines. | Details GitHub |
Services & Tools
Specialized services and utilities: observability infrastructure, ephemeral compute, and Python tooling.
| Project | Description | Links |
|---|---|---|
| CloudTrail Observability | CloudFormation infrastructure for centralized AWS audit logging. Establishes account-level event visibility as a compliance and forensic baseline. Outcome: complete API audit trail for governance and incident response. | Details GitHub |
| Ephemeral Splunk | Automated infrastructure for deploying and destroying Splunk Enterprise instances on demand. Purpose-built for log analysis workflows that do not justify a persistent deployment. Outcome: zero idle costs for intermittent analysis needs. | Details GitHub |
| mypylogger | Zero-dependency Python logging library with clean JSON output and sensible defaults. Extracted from production Lambda code to be reusable across projects. Outcome: consistent structured logging across all Python services. | Details GitHub |
Website Platform
The infrastructure and application behind this site. Production hosting at ~$3/month using S3, CloudFront, and Route53.
| Project | Description | Links |
|---|---|---|
| Website Platform | Astro-based website with GitHub Actions CI/CD, OIDC deploy authentication, automated CloudFront invalidation, and full infrastructure as code. Outcome: push-to-deploy with zero manual steps. | Details GitHub |
| Website Infrastructure | Multi-domain static hosting infrastructure: S3 with versioning, CloudFront distribution, ACM certificate, and Route53 DNS. Terraform-managed with automated deploy pipeline. Outcome: production hosting at ~$3/month with global CDN. | Details GitHub |