jpcloudengineering.com

jpcloudengineering.com

AWS Cloud & Infrastructure Engineer automating production cloud at scale.

5 years designing, deploying, and managing multi-account AWS and Microsoft 365 environments — provisioning infrastructure as code with Terraform, building CI/CD pipelines, and architecting cost-optimized, SOC 2-compliant systems. I also build full-stack serverless apps on AWS with Next.js when the project calls for it.

Get in TouchView Projects
Profile

About

AWS cloud and infrastructure engineering, end-to-end

Designing, deploying, and operating production cloud — multi-account AWS and Microsoft 365 environments provisioned as code with Terraform, automated with CI/CD, and hardened for SOC 2 compliance.

Profile Links

Check out my LinkedIn profile and GitHub.

I'm an AWS cloud and infrastructure engineer with 5 years designing, deploying, and managing production environments. I provision multi-account AWS infrastructure as code with Terraform — VPCs, EC2, IAM, Lambda, and security groups — and have run a SOC 2-compliant environment of 30+ servers on a $200K–$250K annual cloud budget.

Day to day I build and maintain CI/CD pipelines (GitLab CI/CD and GitHub Actions), architect disaster-recovery and site-to-site VPN topologies, and monitor fleets with CloudWatch and DattoRMM — across both AWS and Microsoft 365 / Active Directory environments. I started on the frontline support desk and grew into owning cloud infrastructure end-to-end.

I also build full-stack serverless applications on AWS — Next.js and TypeScript frontends wired to Lambda-backed APIs with SST — when a project calls for it, so I can take a system from infrastructure all the way to a shipped product.

Skills

Skills & Strengths

Visual proficiency bars inspired by service-status gauge styling, categorized by platform, tools, languages, operations, and communication.

Entry Level: 0% - 49%
Intermediary: 50% - 89%
Senior: 90% - 100%

Cloud Platforms

Amazon Web Services (AWS)

%

EC2 / VPC / IAM

%

Lambda / API Gateway

%

S3 / CloudFront / Route 53

%

ALB / CloudWatch

%

Aurora / RDS / DynamoDB

%

SQS / EventBridge

%

Cognito

%

Amazon Bedrock

%

Parameter Store

%

Cloudflare DNS

%

CI/CD, IaC & Containers

Terraform

%

GitLab CI/CD

%

GitHub Actions

%

Git

%

Docker

%

ECS Fargate / ECR

%

SST v4

%

Pulumi

%

Monitoring & Observability

CloudWatch

%

DattoRMM

%

Grafana

%

Nagios

%

SNMP Monitoring

%

Scripting & Languages

PowerShell

%

Bash

%

Python

%

Java (Spring Boot)

%

JavaScript / TypeScript

%

Next.js / React

%

C++

%

REST / WebSocket APIs

%

Networking & Email

VPC Design / NAT Gateways & Instances

%

Site-to-Site / Client VPN

%

SonicWall Firewalls

%

DNS / DHCP

%

VLANs / WAPs

%

MX / SPF / DKIM / DMARC

%

Email Filtering & Security

%

Microsoft Infrastructure

Active Directory (ADUC / ADCS)

%

Microsoft 365 / Entra ID

%

Remote Desktop Services

%

FSLogix

%

Group Policy / DNS / DHCP

%

Operating Systems & Platforms

Windows Server

%

Debian / Ubuntu Linux

%

Proxmox

%

VMware ESXi

%

Security

SOC 2 Compliance

%

CIS Baselines

%

IAM Policies

%

Firewall Management

%

LDAP / RADIUS

%

Nessus

%

Kali Linux

%

Tools

AI-Assisted Development (Claude Code)

%

Veeam Backup & Replication

%

Postman

%

Experience

Work Experience

5 years progressing from frontline support into cloud and infrastructure engineering across AWS and Microsoft 365.

Cloud & Infrastructure Engineer

Direct IT

April 2023 – Present
  • Designed, deployed, and managed AWS and Microsoft 365 infrastructure for multiple clients, including a SOC 2-compliant environment running 30+ servers on a $200K–$250K annual cloud budget.
  • Provisioned production infrastructure as code with Terraform — VPCs, EC2, IAM roles/policies, Lambda functions, and security groups across multiple accounts.
  • Architected and deployed disaster recovery environments in AWS with Terraform, enabling routine DR testing and business continuity planning.
  • Deployed virtual SonicWall firewall appliances in AWS and built site-to-site VPN tunnels connecting on-premises networks to cloud environments.
  • Built and maintained CI/CD pipelines using GitLab CI/CD and GitHub Actions for repeatable, multi-environment deployments.
  • Monitored infrastructure health and performance across 30+ servers using CloudWatch and DattoRMM spanning multiple client environments.
  • Managed a hybrid fleet of 30+ Windows servers and multiple Linux instances — patching, monitoring, and access controls.

Support Engineer

Direct IT

July 2021 – April 2023
  • Resolved 15–20 support tickets daily across L1–L3 in cloud, networking, and on-premises environments, with weekly on-site client visits.
  • Administered Windows Server environments — Active Directory (ADUC, ADCS), Group Policy, DNS, and DHCP across multiple client domains.
  • Deployed on-premises SonicWall firewalls and configured NAT policies, access rules, client and site-to-site VPN, LDAP/RADIUS authentication, and VLAN segmentation.
  • Deployed and maintained Remote Desktop Services farms with FSLogix profile containers for optimized user session management.
  • Imaged and provisioned Debian-based Linux monitoring appliances tracking uptime, SNMP, storage, and HTTP/HTTPS availability across 1,000+ endpoints.
  • Wrote automation scripts in PowerShell, Bash, and Python to streamline repetitive infrastructure tasks.
  • Trained new engineers and collaborated cross-functionally to resolve complex escalations; coordinated with external vendors on hardware and software issues.

Projects

Web Applications and Cloud Engineering Work

Representative work focused on cost, reliability, deployment automation, and production observability.

TransformMyNotes screenshot

TransformMyNotes

Mobile-first web app that digitizes handwritten study notes with image capture, AI transcription, a Notion-style block editor, and a full-text searchable notebook.

2026
  • Mobile-first web app that digitizes handwritten study notes — image capture, transcription via Amazon Bedrock (Claude vision), a Notion-style block editor, and a full-text searchable notebook.
  • Fully serverless AWS stack defined as code with SST v4 (deployed via Pulumi) — Next.js App Router, Lambda, S3, DynamoDB, Cognito authentication, CloudFront, and Resend.
  • Invite/approval-gated access with an admin panel, plus groups, shared notes, and a spaced-repetition review deck.
Next.jsTypeScriptSST v4PulumiAWS LambdaDynamoDBAWS S3CognitoCloudFrontAmazon BedrockResendGitHub Actions
Open Live DemoOpen Repository
Token Buzz screenshot

Token Buzz

Real-time crypto signal-intelligence platform that ingests social chatter across X, Farcaster, Telegram, and Reddit to surface trending tokens with watchlists, alerts, and LLM-summarized context.

2026
  • Real-time crypto signal-intelligence platform ingesting social chatter from X, Farcaster, Telegram, and Reddit, surfacing trending tokens with watchlists, alerts, and LLM-summarized context via Amazon Bedrock.
  • Full serverless AWS stack defined as code with SST v4 (deployed via Pulumi) — CloudFront, Lambda, DynamoDB, SQS, EventBridge, and IAM — fronted by Cloudflare DNS/WAF with Clerk authentication and Resend email.
  • DynamoDB single-table data model with purpose-built GSIs and typed key-builders; per-user third-party API keys encrypted at rest using AES/KMS envelope encryption.
  • AWS account hardened to the CIS Foundations Benchmark v6.0 via a dedicated Terraform project (CloudTrail, IAM Access Analyzer, default-SG lockdown, scheduled Prowler evidence scans); CI/CD ships through GitHub Actions using short-lived OIDC credentials with ephemeral per-PR preview environments.
Next.jsTypeScriptSST v4PulumiAWS LambdaDynamoDBSQSEventBridgeCloudFrontCloudflareClerkResendAmazon BedrockTerraformGitHub Actions
Open Live DemoOpen Repository
Dorval Construction screenshot

Dorval Construction

Marketing site for a custom home remodeling contractor — multi-page Next.js build with image gallery, services pages, and a serverless contact form deployed on AWS.

2026
  • Multi-page Next.js 15 site with image gallery and services pages for a home remodeling contractor.
  • Serverless contact form using API Gateway HTTP API, Lambda, and SES with full domain verification.
  • Static site hosted on a private S3 bucket behind CloudFront with Origin Access Control and HTTPS-only enforcement.
  • Deployed via GitLab CI/CD with DNS managed through Cloudflare.
Next.js 15TypeScriptTailwind CSSshadcn/uiAWS S3CloudFrontLambdaAPI GatewaySESCloudflare DNS
Open Live Demo
Saudade Café screenshot

Saudade Café

Bilingual (Portuguese/English) café site with Sanity headless CMS for menu management and a coworking booking subdomain with multi-step calendar and payment flow.

2026
  • Bilingual (Portuguese/English) Next.js site with Sanity headless CMS powering menu and content management.
  • Coworking booking subdomain with a multi-step calendar, time-slot selection, and payment flow.
  • Static export hosted on AWS S3 + CloudFront with DNS on Cloudflare.
Next.js 15TypeScriptTailwind CSSSanity CMSAWS S3CloudFrontLambdaAPI GatewayCloudflare DNS
Open Live Demo
This Website screenshot

This Website

A statically exported Next.js portfolio deployed on AWS with fully automated Terraform infrastructure, serverless contact form, and daily cost monitoring.

2026
  • Static site served from a private S3 bucket through CloudFront with Origin Access Control, TLS 1.2, and HTTPS-only enforcement.
  • Serverless contact form using API Gateway HTTP API, an ARM64 Lambda function, and SES with full DKIM and domain verification.
  • Automated daily cost digest via EventBridge-triggered Lambda querying Cost Explorer, plus AWS Budgets with threshold alerts.
  • Four reusable Terraform modules (static-site, contact-api, cost-monitor, cloudflare-dns) managing the entire stack.
  • Tag-driven GitLab CI/CD pipeline using OIDC federation to deploy, sync to S3, and invalidate the CloudFront cache.
Next.jsTypeScriptTailwind CSSMotionshadcn/uiTerraformAWS S3CloudFrontLambdaAPI GatewaySESCloudflare DNSGitLab CI/CD
Open Live DemoOpen Repository

FintechMetrix

Cost-optimized, scale-to-zero AWS platform that provisions services on demand to reduce idle spend while preserving production-grade reliability. Later rebuilt and relaunched as Token Buzz.

2026
  • Cost-optimized, scale-to-zero AWS platform deployed with Terraform — 5 ECS Fargate services behind ALB/CloudFront/Route 53 with Aurora PostgreSQL auto-scale-down policies.
  • Full GitLab CI/CD pipeline for multi-environment deployments, managing secrets via GitLab variables and AWS Parameter Store.
  • Dual-mode networking with NAT gateways (production HA) and NAT instances (low-cost dev), plus Grafana observability dashboards.
  • Full-stack build in Java Spring Boot, Next.js/TypeScript, and PostgreSQL; later rebuilt from the ground up and relaunched as Token Buzz (no longer live).
AWSTerraformECS FargateAurora PostgreSQLALBCloudFrontRoute 53GitLab CI/CDGrafanaNext.jsTypeScriptJava Spring Boot
Open Repository

Credentials

Certifications & Education

Validated cloud, security, and infrastructure capabilities with hands-on delivery across client environments.

AWS Certified Solutions Architect – Associate
March 2024
eLearnSecurity Junior Penetration Tester (eJPT)
July 2023
CompTIA A+
April 2021
Bunker Hill Community College

Associate in Science, Computer Science Transfer

May 2025

Contact

Let's build something together

Send me a message and I'll get back to you.