Practical experience over certifications. 16 years including AWS production work at GigEasy, Cuez, Imohub, bolttech. I can sit for certs if a specific client procurement process requires them.

Do you handle IAM policy authoring?

Yes. Least-privilege policies generated from actual API calls (CloudTrail replay), reviewed in PRs, rotated on schedule. No wildcard resource access in production roles.

Can you audit our existing CDK project?

Yes. CDK, Terraform, Pulumi, Serverless Framework — I audit whichever IaC you are using and either improve it in place or migrate to Pulumi if the team wants that.

I can set up the AWS-side controls that SOC 2 audits check (logging, IAM, backup, encryption, monitoring). Full SOC 2 audit prep is a larger scope that involves other vendors — I cover the AWS portion.

Yes when the business case is real (regulatory, latency, disaster recovery). Usually startups over-buy multi-region before they need it — the audit recommends single-region plus strong backups first, multi-region when traffic or compliance actually requires it.

Senior AWS engineer for hire

Hire an AWS engineer who owns infrastructure as code

Pulumi TypeScript. Reproducible environments, cost-aware, disaster-recovery plan tested. Fixed monthly price.

Available for new projects

See Custom Web Apps

Starting at $3,499/mo · monthly subscription

Who this is for

Founder whose team has no dedicated infrastructure owner and keeps breaking production on deploys.

The pain today

Tribal knowledge in SSH sessions — nobody can leave.
No disaster recovery plan; restore has never been drilled.
Prod and staging drifted months ago and nobody noticed.
Every deploy is a pager-duty event.

The outcome you get

A senior engineer who owns AWS as code, with Pulumi.
Staging that mirrors production, so staging bugs are real signal.
Disaster recovery plan drilled on staging, documented for the team.
CI/CD pipeline where a junior engineer can ship safely.

What AWS ownership means in practice

Senior AWS ownership is more than 'knows the console'. It is: infrastructure as code (Pulumi or Terraform, no manual clicks), GitOps discipline (every change in a PR, reviewed, merged, then applied), monitoring baseline (CloudWatch alarms on the usual suspects, not on every metric), cost tagging (every resource tagged to a project and an owner), IAM hygiene (no long-lived access keys, OIDC to GitHub, MFA on the root), and a tested disaster-recovery plan (not just backups — actual restore drills). That is the bar. Most teams are below it. The monthly engagement gets them above it.

GigEasy — Pulumi + AWS in 3 weeks

GigEasy shipped on Laravel plus React plus PostgreSQL plus Redis plus Docker plus Pulumi plus AWS in 3 weeks. The Pulumi stacks covered VPC, ECS Fargate with the Laravel service, RDS Postgres, Elasticache Redis, S3 plus Cloudfront for assets, Route 53, ACM certificates, Cloudwatch logs and alarms, and IAM OIDC to the GitHub Actions runner. Every environment (dev, staging, prod) came from the same Pulumi code. Reproducible from day one. Published as a LinkedIn article: 'Building a Complete Infrastructure in Days: How Pulumi and Strategic Design Powered GigEasy's Launch'.

Cost-aware from the first commit

Cost-aware AWS means: right-sized compute (T-class for burst, C or M for steady, R for memory-heavy), NAT-gateway-free dev environments when possible (VPC endpoints or smaller VPCs), Cloudwatch Logs retention explicit (1 to 14 days for dev, 30 to 90 for prod, never infinite), orphan-resource audit monthly (snapshots, AMIs, Elastic IPs, unused EBS volumes), and reserved instances or Savings Plans on steady-state workloads once traffic is predictable. A cost-aware engineer is worth their rate on the AWS bill savings alone.

Pricing and engagement

$3,499 per month flat. 2 to 4 day delivery cycles. Daily async updates. 14-day money-back inside the first two weeks. Cancel anytime. Work Made for Hire — every Pulumi stack, every Terraform module, every IAM policy is yours.

Recent proof

A comparable engagement, delivered and documented.

Startup MVP Development

Built and shipped an investor-ready MVP from scratch

Built the entire technological base and delivered MVP in just 3 weeks, enabling a successful rapid launch and investor demo.

FintechMVP in 3 weeksInvestor-ready demoSeed funding enabled

Read the case study

Frequently asked questions

The questions prospects ask before they book.

AWS certifications?: Practical experience over certifications. 16 years including AWS production work at GigEasy, Cuez, Imohub, bolttech. I can sit for certs if a specific client procurement process requires them.
Do you handle IAM policy authoring?: Yes. Least-privilege policies generated from actual API calls (CloudTrail replay), reviewed in PRs, rotated on schedule. No wildcard resource access in production roles.
Can you audit our existing CDK project?: Yes. CDK, Terraform, Pulumi, Serverless Framework — I audit whichever IaC you are using and either improve it in place or migrate to Pulumi if the team wants that.
SOC 2 readiness?: I can set up the AWS-side controls that SOC 2 audits check (logging, IAM, backup, encryption, monitoring). Full SOC 2 audit prep is a larger scope that involves other vendors — I cover the AWS portion.
Multi-region?: Yes when the business case is real (regulatory, latency, disaster recovery). Usually startups over-buy multi-region before they need it — the audit recommends single-region plus strong backups first, multi-region when traffic or compliance actually requires it.

Get started in 60 seconds

Ready to start?

Tell me what you need in 60 seconds. Tailored proposal in your inbox within 6 hours.

Available for new projects