Hands-on network automation and AWS cloud infrastructure projects
Multi-platform network orchestration using Cisco NSO
Built a production-grade orchestration framework leveraging Cisco NSO (Network Services Orchestrator) to manage multi-vendor network devices. The framework supports Cisco IOS-XE, IOS-XR, and NX-OS platforms, providing intent-based configuration and reconciliation capabilities.
This project deepened my understanding of network automation beyond simple scripting. Working with NSO taught me about intent-based networking, service modeling, and the importance of reconciliation in production environments. The RESTCONF API integration showed me how modern network management can follow DevOps principles.
Production-grade 9-layer orchestration framework for Nokia SROS routers
Production-grade Infrastructure as Code framework specifically for Nokia SROS routers with enterprise-level orchestration capabilities. The 9-layer architecture provides validation, templating, NETCONF communication, reconciliation, auditing, configuration management, error handling, change tracking, and compliance logging.
Nokia SROS-specific automation patterns, NETCONF protocol implementation, production-safe deployment strategies, reconciliation and drift detection, enterprise network orchestration. This project taught me how to build production-grade automation that's reliable enough for critical infrastructure managing large-scale router deployments.
Note: This project represents professional work and is not publicly available. Architecture overview and technical discussion available during interviews.
Production-style data center fabric with Python IaC automation on Cisco Nexus 9000
Full VxLAN EVPN spine-leaf fabric deployed and verified end-to-end in Cisco's DevNet Nexus Dashboard sandbox using Nexus 9000v hardware running NX-OS 10.6. Covers the complete stack: OSPF underlay, BGP EVPN overlay with spine route reflectors, multi-tenant VRFs, anycast distributed gateway, ARP suppression, and PIM sparse-mode multicast for BUM traffic. Includes a Python IaC framework that automates VRF and network deployment against the NDFC REST API with idempotent plan/apply and state tracking.
This project connected my SP networking background directly to data center fabric design. The VxLAN EVPN control plane maps directly to MP-BGP VPN concepts I knew from production — L3 VNIs are the VPN label, VTEP loopbacks are PE loopbacks, spines are P routers, and RT/RD mechanisms are identical. Building the IaC framework against a real vendor API taught me how controllers like NDFC abstract hardware configuration and how to reverse-engineer underdocumented API behavior through systematic debugging.
Enterprise automation suite covering disaster recovery, multi-site management, monitoring, and zero-trust security
Production-grade automation suite for Cisco Meraki infrastructure built on the Meraki Dashboard API and Python SDK. Covers the full operational lifecycle: automated configuration backup and disaster recovery, multi-site template deployment, continuous network health monitoring, zero-trust security segmentation, and switch port automation. Developed and tested against the Cisco DevNet Meraki sandbox.
Meraki's API-first design made it an ideal platform for learning enterprise network automation patterns. The Dashboard API exposes every configuration element as a REST resource, which reinforced the principle that modern network management is fundamentally software integration. Building the disaster recovery system taught me to think about operational resilience beyond just backups — intelligent filtering, restore validation, and change auditing are what make recovery actually work under pressure. The zero-trust group policy implementation showed how role-based network segmentation translates to concrete API calls.
Multi-VPC networking with centralized routing
Implemented hub-and-spoke architecture connecting multiple VPCs using AWS Transit Gateway. Demonstrates transitive routing, automatic route propagation, and multi-AZ high availability design. Reduces network complexity from O(N²) with VPC peering to O(N) with centralized routing.
This project showed me how enterprise cloud networking differs from VPC peering. Understanding transitive routing, automatic route propagation, and the scalability advantages of hub-and-spoke architecture gave me insight into how large organizations connect dozens of VPCs. The multi-AZ design taught me about cloud resilience patterns.
Hybrid cloud connectivity with IPSec and BGP
Built hybrid cloud VPN infrastructure connecting on-premises networks to AWS using VPN Gateway and strongSwan. Implements dual IPSec tunnels with BGP dynamic routing for high availability and automatic failover. Comprehensive documentation demonstrates understanding of hybrid cloud patterns.
This project connected my networking background with cloud infrastructure. Understanding how IPSec tunnels work in AWS, configuring BGP for automatic failover, and troubleshooting VPN connectivity issues gave me practical experience with hybrid cloud patterns. The documentation process helped me understand the architecture deeply enough to explain it clearly.
IP address management with Lambda and DynamoDB
Built IP Address Management system using serverless architecture. Handles subnet planning, IP allocation, and conflict detection using Lambda, DynamoDB, and API Gateway. Includes automated CI/CD pipeline with GitHub Actions and comprehensive testing with LocalStack.
First serverless project taught me event-driven architecture and the Lambda programming model. Setting up CI/CD with GitHub Actions introduced me to automated testing and deployment. Working with DynamoDB showed me NoSQL design patterns. The LocalStack testing environment taught me how to develop AWS applications locally without incurring costs.
Static site hosting with S3 and CloudFront CDN
This website! Built as a static portfolio hosted on S3 with global CDN delivery through CloudFront. Deployed using Infrastructure as Code with Pulumi. Features dark/light theme toggle and HTTPS encryption. Demonstrates web development skills alongside infrastructure knowledge.
Building this portfolio taught me about CloudFront distribution, S3 static hosting, and Origin Access Control. The responsive CSS and theme toggle improved my frontend skills. Using Pulumi to deploy the infrastructure showed me how even simple websites benefit from Infrastructure as Code for repeatability and version control.
Serverless document summarization using OpenAI GPT-3.5-turbo
Serverless document summarization service using OpenAI GPT-3.5-turbo for AI-powered text analysis. Features user-configurable summary lengths (brief, standard, detailed, comprehensive) with dynamic prompt engineering. Implements comprehensive property-based testing using the Hypothesis framework with over 1,100 automatically generated test cases covering edge cases and boundary conditions.
This project taught me OpenAI API integration, prompt engineering for optimal AI responses, and the power of property-based testing. The Hypothesis framework automatically generated edge cases I hadn't considered, catching bugs before deployment. Implementing configurable summary lengths required dynamic prompt construction. The serverless architecture demonstrates cost-effective AI integration without infrastructure overhead.
Hybrid cloud architecture with Transit Gateway and Site-to-Site VPN
Architected comprehensive multi-site datacenter migration plan to AWS using Transit Gateway and Site-to-Site VPN. Designed phase-based deployment strategy with detailed planning for risk minimization and business continuity. Created hybrid cloud architecture blueprint connecting on-premises infrastructure to AWS VPCs with Infrastructure as Code templates for repeatable deployments.
Project Scope: Conceptual architecture and Phase 1 (infrastructure setup) completed. Subsequent migration phases (Phase 2-4: application migration, data transfer, cutover) not implemented due to lack of production infrastructure for realistic testing. Demonstrates migration planning, architecture design, and hybrid connectivity patterns applicable to real enterprise migrations.
Production-grade containerized application with security best practices
Security-hardened containerized application deployment using ECS Fargate with production-grade architecture. Implements private subnets with VPC endpoints (eliminating NAT Gateway costs), Secrets Manager for credential management, Multi-AZ RDS PostgreSQL, and auto-scaling. Demonstrates container orchestration with comprehensive security controls.
This project taught me containerized application deployment at scale with security as the primary focus. Using VPC endpoints instead of NAT Gateway demonstrated cost optimization while maintaining security. The separation of task execution roles (infrastructure permissions) from task roles (application permissions) showed proper IAM design. Multi-AZ RDS deployment with automated backups demonstrated high availability patterns. The project bridges traditional infrastructure knowledge with modern container orchestration.
Defense-in-depth security with Network ACLs, Security Groups, and IAM
Enterprise-grade AWS security architecture implementing defense-in-depth principles with multiple security layers. Demonstrates Network ACLs (stateless subnet-level firewall), Security Groups (stateful instance-level firewall), IAM least-privilege roles, VPC Flow Logs for traffic analysis, and CloudWatch monitoring. Follows AWS Well-Architected Framework security pillar best practices.
This project deepened my understanding of AWS security beyond basic configurations. Implementing both Network ACLs (stateless) and Security Groups (stateful) showed the importance of defense-in-depth—multiple security layers providing redundancy if one fails. The distinction between subnet-level and instance-level firewalls became clear through practical implementation. IAM role design for each tier (bastion, web, app, database) demonstrated least-privilege access patterns. VPC Flow Logs analysis revealed network traffic patterns useful for troubleshooting and security auditing. This architecture aligns with AWS Well-Architected Framework and enterprise security requirements.
This project taught me enterprise migration planning, phase-based deployment strategies, and the complexities of hybrid cloud architecture. Designing connectivity between on-premises and AWS requires understanding both traditional networking (BGP, IPSec) and cloud networking (Transit Gateway, route propagation). The planning process highlighted risk management, business continuity, and cost modeling essential for real-world migrations.
All AWS projects in this portfolio are deployed using Pulumi with Python. While Terraform is the industry standard and widely adopted, Pulumi offers several advantages that made it my choice for learning and personal projects. That said, I'm tool-agnostic and ready to use Terraform if that's what the team or organization prefers.
Use Real Programming Languages: Pulumi uses Python, TypeScript, Go, or C# instead of HCL. This means I can use familiar programming constructs (loops, conditionals, functions), leverage existing libraries, and apply software engineering best practices. For network engineers learning DevOps, using Python for both automation scripts and infrastructure deployment creates consistency and reduces the learning curve.
Real Programming Power: Need to process a list of subnets dynamically? In Pulumi, I use Python's list comprehensions and standard library. Need to make an API call during deployment? Import the requests library. Terraform requires custom providers or complex workarounds for similar tasks. Pulumi feels natural to developers and scripters.
Better Developer Experience: Because Pulumi uses real programming languages, I get full IDE support: autocomplete, type checking, inline documentation, and immediate error detection. Writing infrastructure code feels like writing any other Python application, with IntelliSense helping discover available resources and their properties.
Unit and Integration Testing: Pulumi integrates with standard testing frameworks (pytest, unittest). I can test infrastructure logic before deployment, mock resources, and validate configurations. This project's Hypothesis testing (1,100+ test cases) demonstrates the testing capabilities available when using real programming languages.
| Feature | Pulumi | Terraform |
|---|---|---|
| Language | Python, TypeScript, Go, C# | HCL (HashiCorp Configuration Language) |
| Learning Curve | Lower (if you know Python) | Learn new syntax (HCL) |
| IDE Support | Full IntelliSense, autocomplete | Basic (HCL language server) |
| Testing | pytest, unittest, standard frameworks | Terratest, custom testing |
| Maturity | Newer (2018) | Established (2014) |
| Adoption | Growing | Industry Standard |
| Provider Ecosystem | Good (100+ providers) | Excellent (1000+ providers) |
The Bottom Line: Pulumi was the right choice for my learning journey because it leverages Python skills I already have and aligns with network automation patterns (Python scripts, NETCONF, API integration). The programming-language approach made Infrastructure as Code feel familiar rather than learning yet another DSL.
In a Professional Setting: If a team or company is already using Terraform, I'm absolutely comfortable using it. The concepts (state management, providers, resources, modules) are identical—only the syntax differs. Learning Terraform's HCL is straightforward when you understand IaC principles. The tool matters less than the methodology, and I'm tool-agnostic in professional environments.
My Approach: Use the best tool for the job and the team. Pulumi for personal projects where Python integration adds value. Terraform where it's the standard. Both are excellent tools, and proficiency with either demonstrates understanding of modern infrastructure practices.
All projects are designed with cost optimization in mind. Using LocalStack for testing, AWS Free Tier services, and serverless architectures keeps monthly costs minimal while providing real-world experience.
$0.60/month
Lambda + DynamoDB (within free tier)
$0.50/month
S3 + CloudFront
$0.00
LocalStack testing (destroyed after demos)
~$1.10
Running production projects