Available for cloud roles

Muralidharan M.N

AWS Cloud Engineer · AWS Certified Cloud Practitioner (CLF-C02) · AWS re/Start Graduate

AWS Certified Cloud Practitioner and re/Start Graduate. I build cloud infrastructure on AWS to production patterns — three-tier infrastructure as Terraform code, secured serverless APIs, and containerized microservices on ECS Fargate. Every project built from scratch, every error diagnosed and fixed independently.

5
AWS projects built from scratch
47
resources as Terraform code
15m36s
full infra rebuild, one command
0
open inbound ports on private EC2
01

Why hire me

01
Security-first mindset
WAF, Cognito JWT, IAM least privilege, 3-layer Security Group chains, 0 open inbound ports on private EC2. Security is the foundation every project is built on — not an afterthought.
02
Attention to detail
One misconfigured rule breaks everything or silently exposes a system. I do not move on until everything is right — that is not a claim, it is how I naturally approach every piece of work.
03
Real troubleshooting
Every project hit real errors — ALB health check failures, Cognito SECRET_HASH issues, Amazon Linux package bugs. I diagnosed and fixed all of them independently without tutorials.
02

About me

I worked in banking sales at ICICI Bank and HDFC Life, and that experience taught me discipline and how to work in a structured environment. But over time I realised sales was not the right direction for me. Every month starting from zero, chasing targets — I wanted something where the work itself meant something.

In cloud, the small things matter most. One missed configuration, one wrong permission — and the impact is real. I have always been someone who pays attention to the small things, and I wanted a career where that is not just useful but essential.

The AWS re/Start program gave me a solid foundation — covering networking, security, compute, storage and databases hands-on.

Earning the AWS Certified Cloud Practitioner certification was more than passing an exam — it validated that I understood what cloud is, why it exists, and how AWS services, security, and pricing work together. It proved I could take responsibility for what I build — knowing what AWS manages and what I am responsible for. That foundation is what gave me the confidence to go and build real infrastructure on my own.

I am now eager to start my career in cloud, where I can keep learning and contribute to secure, reliable and scalable cloud solutions.

5
AWS projects built from scratch, to production patterns
20+
AWS services used hands-on across projects
2
AWS certifications — CCP CLF-C02 + re/Start
0
Open inbound ports on private EC2 — Session Manager only
03

Projects

Project 01
AWS Three-Tier Infrastructure with Terraform
Infrastructure as Code
Problem: I built this same three-tier stack by hand in the console and it broke twice — an ALB 502 from the wrong security group, and a MySQL client that wouldn't install on AL2023. How do you make sure a bug you fixed once can never come back?
Architecture — 3-tier VPC, 2 AZs
Traffic enters through a load balancer, which spreads it across auto-scaling web servers in private subnets, backed by a Multi-AZ MySQL database. The whole stack is defined in Terraform — one command builds or destroys all 47 resources.
AWS Three-Tier Infrastructure with Terraform — architecture
What I built
  • 47 AWS resources as code — full teardown and rebuild in 15m36s, one command, zero console clicks
  • VPC, 6 subnets, ALB, ASG, RDS MySQL 8.4 Multi-AZ — all from variables via count = length(var...)
  • RDS password generated by Terraform, stored in Secrets Manager, never in code
  • VPC Flow Logs, CloudTrail, and Apache logs shipped to CloudWatch
  • S3 remote state — encrypted, versioned, native locking
Problems I solved
  • SSM agent missing — a wildcard AMI filter matched the minimal image; diagnosed by the absence of ssm log lines
  • Launch-template change didn't reach running instances — fixed with an ASG instance_refresh block
  • Orphaned DB subnet group — learned terraform import is the right fix for undeletable resources
  • ALB 502 and mariadb105 from the manual build — now structurally impossible in code
Project 02
AWS Serverless Tasks API
Secure REST API
Problem: How do you build a REST API where unauthenticated requests never reach the backend, malicious traffic is blocked before any code runs, and the system costs $0 when idle?
Request flow — WAF to Cognito to Lambda
Every request passes a web firewall, then a login check, before any code runs. Only authenticated, clean traffic reaches the functions and database — and it costs nothing when no one is using it.
AWS Serverless Tasks API — architecture
What I built
  • 4 CRUD endpoints — Lambda + API Gateway + DynamoDB, $0 idle cost
  • Cognito JWT authorizer — requests rejected at gateway before Lambda
  • WAF with 3 Managed Rule Groups — SQL injection, XSS blocked at edge
  • 100% pass rate across all 4 endpoints via Postman
Errors I fixed
  • Cognito SECRET_HASH error — HMAC-SHA256 hash generation added
  • FORCE_CHANGE_PASSWORD — resolved via AWS CLI in CloudShell
  • Token expiry — built getAuthToken Lambda to automate refresh
Project 03
Containerized Microservices on ECS Fargate
Docker • Microservices
Problem: How do you run two independent backend services so that if one fails, the other keeps running — with no servers to manage, each service owning its own database and scaling independently?
Path-based routing — 2 microservices, 1 ALB
One load balancer sends /products and /cart to two independent services, each with its own database. If one service goes down, the other keeps running — and there are no servers to manage.
Containerized Microservices on ECS Fargate — architecture
What I built
  • 2 containerized microservices (Product + Cart) on ECS Fargate across 2 AZs
  • Docker images pushed to private Amazon ECR repositories
  • Single ALB with path-based routing — /products and /cart to separate services
  • Auto Scaling (min 1, max 4) — CPU target 50%, scale-in cooldown 120s
  • CloudWatch dashboard + SNS alerts at 70% CPU / 80% memory
  • 8/8 test cases passed — rolling deploy with zero downtime confirmed
Security measures
  • 2 separate IAM roles per task — ecsTaskExecutionRole (ECR + logs) and ecsTaskRole (DynamoDB only)
  • Containers in private subnets — ALB is the only internet-facing entry point
  • Database-per-service — Cart failure had zero impact on Product Service
  • Diagnosed missing port 5001 SG rule — containers healthy within 1 minute of fix
Project 04
AWS Event-Driven Order Processing
Serverless Architecture
Problem: How do you build a system where the customer gets an instant response without waiting for processing — and if processing fails, the order is never lost?
Event flow — decoupled with SQS + DLQ
The customer gets an instant confirmation while the order is processed in the background through a queue. If processing fails after retries, the order lands in a dead-letter queue instead of being lost.
AWS Event-Driven Order Processing — architecture
What I built
  • API Gateway POST /orders — confirmation in under 1 second (937ms)
  • SQS decouples acceptance from fulfillment — client never waits
  • Dead-Letter Queue — 0 message loss after 3 retries on failure
  • End-to-end: API call to email in under 30 seconds
Security measures
  • Per-Lambda IAM — order-handler SQS write only, fulfiller SQS read + SNS only
  • SQS visibility timeout 30 seconds — no duplicate processing
  • DLQ verified by intentionally crashing the fulfiller Lambda
Project 05
This Portfolio — S3 + CloudFront
Live Site
Problem: How do you host a static site so the S3 bucket is never publicly accessible — all traffic must route through CloudFront with HTTPS enforced at the edge?
Private bucket — CDN-only access
The storage bucket is completely private — no one can reach it directly. All traffic is served over HTTPS through CloudFront's global network, which is the only thing allowed to read from the bucket.
Static Website Hosting on AWS — architecture
What I built
  • S3 bucket — public access blocked entirely
  • CloudFront — HTTPS enforced at the CDN edge globally
  • GitHub-based version control for all deployments
Security measures
  • OAC — bucket policy allows only this CloudFront distribution ARN
  • Direct S3 URL returns 403 Forbidden — confirmed and verified
  • IAM scoped to specific distribution only
04

Skills

AWS Services
EC2S3IAMVPCRDSLambdaAPI GatewayDynamoDBCloudFrontRoute 53Auto ScalingALBCloudWatchSNSSQSCognitoWAFSystems ManagerNAT Gateway
Security & IAM
IAM PoliciesSecurity GroupsLeast PrivilegeJWT AuthWAF RulesOACGuardDutyAWS KMSMFANetwork ACLsShared Responsibility
Networking
VPC DesignSubnetsRoute TablesIGWNAT GatewayCloudFront CDNDNS (Route 53)
DevOps & Tools
TerraformInfrastructure as CodeS3 Remote StateSecrets ManagerGitGitHubLinuxBash CLIPythonDockerAmazon ECRECS FargateCI/CDPostman
05

Certifications

Oct 2025
AWS Certified Cloud Practitioner (CLF-C02)
Amazon Web Services
Sep 2025
AWS re/Start Graduate
Amazon Web Services
2025
AWS Educate Badges
Storage · Serverless · Security · Networking · Databases · Compute · Cloud Operations · ML Foundations
06

Get in touch

Open to entry-level Cloud Engineer, Junior DevOps, and Cloud Support roles. Feel free to reach out.

Email
muralidharan366636@gmail.com
Phone
+91 90923 66636
LinkedIn
muralidharan-m-n-78a2522b8
GitHub
muralidharan666666-dev