Ali – AWS, Kubernetes, Terraform

This project focused on running and optimizing high-performance computing (HPC) workloads. It involved designing scalable infrastructure, handling large-scale data processing, and enabling efficient resource utilization for computationally intensive tasks such as simulations, modeling, and advanced analytics.

Ali was responsible for the following:

• deployed and automated HPC clusters for CryoSPARC and Posit Workbench;
• integrated S3 with FSx Lustre for high-performance storage;
• leveraged RDS for backend databases and event-driven Lambda functions for operational automation (e.g., auto-expanding EBS volumes);
• supported large-scale scientific workloads with secure, cost-optimized cloud storage and compute strategies.

The main goal of this project was building a secure, compliant, and well-governed AWS environment. It involved defining cloud security policies, implementing identity and access management controls, ensuring compliance with industry standards, and automating governance practices to safeguard sensitive data and resources.

The main scope included, but was not limited to the following:

• collaborated with enterprise IT governance teams to establish multi-account AWS structures across dev/QA/prod;
• implemented Service Control Policies (SCPs), encryption standards with AWS KMS, and centralized logging/monitoring for audit compliance;
• enabled secure workload deployment while aligning with CIS benchmarks and industry regulatory requirements;
• built hardened AMIs with Packer;
• reduced environment build times from weeks to hours, enabling consistent, reproducible infrastructure deployments across global regions.

The Secure and Scalable AWS EKS Platform project focused on designing and implementing a Kubernetes-based container orchestration platform on AWS. It emphasized scalability, resilience, and security by integrating best practices in IAM, networking, monitoring, and automation, enabling teams to efficiently deploy, manage, and scale containerized applications.

Among others, the contributions included:

• designed and automated a private-only EKS cluster with Cilium for pod networking and fine-grained network policy enforcement;
• implemented monitoring and alerting for EKS clusters;
• worked on the setup of Jenkins CI and other release management tooling on the EKS cluster;
• worked on the setup of Azure Entra ID SSO and OIDC app registrations for SSO capability for CI and release management tooling;
• worked on set up of secure ECR repositories with enhanced scanning using AWS Inspector for real-time vulnerability assessment for all container images being used throughout the EKS cluster components and tooling.