Skip to content

AlexandrLopes/cloud-engineering-labs

Repository files navigation

Cloud Engineering Labs

DevSecOps Security Scan

Welcome to my practical Cloud Engineering portfolio. This repository documents my technical journey in solving real-world infrastructure, security, and cost problems using AWS, Python, Terraform, Docker, and DevSecOps practices.

Automation, Security, Infrastructure as Code, and Shift-Left Security.


DevSecOps & CI/CD Pipeline

Implementing Shift-Left Security to detect vulnerabilities before deployment.

Project Problem Solved Tech Stack
Automated Security Pipeline Continuous Security: A GitHub Actions workflow that automatically scans IaC (Terraform) for misconfigurations and Docker images for CVEs using Trivy. Blocks the build if Critical vulnerabilities are found. GitHub Actions, Trivy, CI/CD

Platform Engineering & Developer Enablement

Building internal developer platforms to reduce friction and accelerate delivery.

Project Problem Solved Tech Stack
Automated CI/CD Pipeline Builder Developer Experience (DevEx): A CloudFormation template that instantly provisions a secure Git repository (CodeCommit), a build server (CodeBuild), and an automated orchestrator (CodePipeline). Developers just need to push code, eliminating infrastructure overhead. CloudFormation, CodePipeline, CodeBuild, IAM

Cloud-Native Infrastructure (CloudFormation)

Event-driven, serverless architectures provisioned entirely with native AWS IaC.

Project Problem Solved Tech Stack
Serverless High-Volume eSIM Processor Scalability & Resiliency: A decoupled architecture using SQS to queue thousands of incoming eSIM orders, preventing database overload. Lambda processes the queue in batches and stores the active profiles in DynamoDB. CloudFormation, SQS, Lambda, DynamoDB
Serverless IAM Security Checker Compliance Automation: A CloudFormation template that provisions an EventBridge cron job, an SNS Topic, and a Python Lambda function to audit IAM users daily for missing MFA, enforcing CIS Benchmarks. CloudFormation, Lambda, EventBridge, SNS

Security Engineering & SOAR

Advanced projects focused on Automated Remediation and Active Defense.

Project Problem Solved Tech Stack
Security Auto-Remediation Bot SOAR / Active Defense: A Serverless bot that detects high-risk Security Group changes (e.g., Port 22 open to 0.0.0.0/0) via EventBridge and instantly revokes the rule using Lambda. Enforces Zero Trust policies automatically. Terraform, Python, EventBridge, IAM
S3 Data Integrity Pipeline Data Security: Event-driven pipeline that validates file integrity (Magic Bytes/Extensions), processes financial data, and creates audit logs in DynamoDB. Uses IAM Least Privilege and Server-Side Encryption. Terraform, Lambda, DynamoDB, S3 Events

Infrastructure as Code (Terraform)

Provisioning modern, versioned, and immutable infrastructure.

Project What it builds? Technical Highlights
AWS 3-Tier Infrastructure Production-style 3-tier architecture with Bastion Host, Backend EC2, PostgreSQL, and automated S3 backup. Fully provisioned with Terraform and configured via Linux CLI. Terraform, EC2, PostgreSQL, Bash, IAM Role, S3
Containerized 3-Tier Infrastructure Production-style 3-tier stack running entirely on local Docker containers. Nginx reverse proxy as single entry point, PostgreSQL for persistence, and full observability with Prometheus and Grafana — no cloud dependencies required. Terraform, Docker, Nginx, PostgreSQL, Prometheus, Grafana
AWS Production Environment A secure infrastructure stack with VPC, EC2, and S3. Hardening: IMDSv2, EBS Encryption, Restricted Security Groups

Architecture & Best Practices Implemented

Foundational infrastructure design focusing on scalability and team collaboration.

Component Problem Solved Tech Stack
Modular Networking Modular Architecture: Infrastructure is divided into reusable Terraform modules to keep the root code clean, maintainable, and scalable. Terraform, AWS VPC
Remote State Backend State Management & Locking: Terraform state (.tfstate) is securely stored in S3, with concurrency managed by DynamoDB to prevent split-brain issues. Terraform, S3, DynamoDB

Python Automation (Boto3)

Scripts focused on SecOps and FinOps interacting directly with the AWS SDK.

Project Problem Solved Tech Stack
S3 Cost Optimizer FinOps: Identifies and cleans up old/unused files in S3 Buckets based on age policies to reduce storage costs. boto3, datetime
EC2 Security Auditor Reporting: Proactively scans the network for risky open ports (22, 3389) exposed to the internet. boto3, json
IAM Security Auditor Identity: Audits IAM users to detect security gaps like missing MFA or unused credentials. boto3, csv

Containerization

Foundations of modern application deployment and isolation.

Project Problem Solved Tech Stack
Hardened Python Web App App Isolation & Security: Containerizing a Flask application ensuring environment consistency. Includes OS Patching and runs as a Non-Root User to mitigate container breakout risks. Docker, Python, Flask, Linux Hardening
Secure Multi-stage Build Image Optimization & Attack Surface Reduction: Implementing multi-stage builds to separate the build environment from the runtime. Reduces image size and eliminates system compilers from production, neutralizing secondary malware execution. Docker, Python, Multi-stage

About Me

Cloud & DevSecOps Engineer focused on automation, security and Infrastructure as Code.

  • Certifications: AWS Certified Cloud Practitioner (CLF-C02), Google Cloud Cybersecurity, Cisco Cybersecurity Defense Analyst.
  • Focus: AWS, Terraform, Docker, Python, SecOps, DevSecOps, CI/CD.
  • Languages: English (C2), Portuguese (Native), Spanish (B2).

This repository is maintained via local CI/CD, protected by Trivy scans, and versioned with Git.

About

Cloud Engineering & Security Portfolio: AWS, Terraform, Python, DevSecOps. Production-style projects with CI/CD security scanning.

Topics

Resources

Stars

Watchers

Forks

Releases

No releases published

Packages

 
 
 

Contributors