AWS
EC2, Lambda, S3, API Gateway, and Cognito — wired into production workloads.
AWS is where most of my production workloads run. I am hands-on with EC2 (Linux + NGINX deployments), S3 (object storage and signed uploads), Lambda (event-driven and HTTP handlers), API Gateway (REST + HTTP APIs), and Cognito (managed auth for B2B portals). I provision sensibly, lock IAM down to least-privilege, and put cost monitoring in place from day one.
How I work with AWS
My AWS journey started with EC2 deployments behind NGINX for early projects. As the workload mix grew, I picked up Lambda for event-driven jobs, S3 for media and large uploads, API Gateway as a managed front door, and Cognito for B2B auth that I would rather not own.
I work pragmatically across the AWS console, CLI, and Infrastructure-as-Code where it makes sense. I default to managed services unless there is a real reason to self-host, and I size resources conservatively because cost discipline matters more than 'whatever the defaults are.'
Most of my AWS work pairs with Node.js, NestJS, or Spring Boot apps. I treat AWS as part of the application architecture — IAM roles, S3 lifecycle rules, Lambda concurrency, CloudWatch logs and alarms — not just an infra afterthought.
AWS across business domains
Hosted the API tier on EC2 + NGINX, used S3 for document storage with signed-URL uploads, and ran inference workers as Lambdas behind SQS for spiky workloads.
Stored listing media on S3 with CloudFront in front, ran the API on EC2 behind an ALB, and used Cognito for agent authentication.
Used EventBridge + Lambda for scheduled billing runs and S3 for invoice PDF archival.
Captured tap events through API Gateway → Lambda → DynamoDB/MongoDB, with downstream rollups for analytics dashboards.
Hosted dealer APIs on EC2 and used S3 for vehicle imagery + Lambda for image resizing on upload.
Real issues I resolved using AWS
Cut S3 + CloudFront bill by ~40% with lifecycle rules and smart caching
An image-heavy product had S3 storage growing linearly and CloudFront pulling old generations frequently — both costs climbing every month.
Added S3 lifecycle rules to transition cold media to Standard-IA and Glacier, enabled CloudFront long-TTL caching with versioned URLs, and pruned orphan media via a scheduled Lambda audit.
S3 + CloudFront combined bill dropped by ~40% in the next billing cycle while user-facing performance improved (more cache hits, fewer origin pulls).
Replaced an always-on worker with serverless Lambdas
A nightly batch worker was running on a 24/7 EC2 instance that sat idle 23 hours a day.
Refactored the job into Lambda functions invoked by EventBridge, with payload size and execution time well within free-tier limits.
EC2 cost for that workload went to ~0, jobs gained automatic retries on failure, and the operational surface area shrank.
Hardened S3 uploads with presigned URLs + virus scanning
A naive upload flow proxied files through the API server, eating bandwidth and trusting clients to be benign.
Switched to client-direct uploads via presigned S3 URLs scoped per-user, with a Lambda triggered on object create that scanned files and quarantined matches to a private bucket.
API egress dropped, upload speed improved for users on good connections, and a real malware-quarantine path was now in place.
Stood up Cognito for a B2B portal in under a week
A new B2B portal needed multi-tenant auth with SSO, password policies, and MFA — and the team did not want to own an identity service.
Configured a Cognito User Pool per environment with hosted UI, JWT-based access tokens, and an API Gateway authorizer; wired the backend to consume Cognito claims for tenant scoping.
Auth went from 'months of work to build' to 'days to configure'; security review passed cleanly because we leaned on the managed service.
Often used together
Have a AWS project in mind?
I am open to full-time and contract work where AWSis core to the stack. Let's talk about what you are building.