Aiden Rhaa

Product-Minded AWS Infrastructure Engineer

AWS Cloud Engineer · Infrastructure Automation · Platform Engineering

I build cloud systems for real business workflows.

I design secure AWS infrastructure, automation, and internal platforms that reduce manual work, improve reliability, and turn messy operational problems into production-style systems.

Public portfolio includes deployed systems across Terraform, ECS Fargate, EKS/GitOps, Lambda/serverless, CloudOps governance, and business workflow automation.

Review Proof Systems Download Resume

Best fit

AWS Cloud Engineer · Cloud Infrastructure · Platform · DevOps

Proof

Public repos · live demos · tests · ADRs · teardown docs

Operating edge

Business workflows translated into reviewable cloud systems

proof system map

AegisDesk

Proves: CloudOps governance, policy enforcement, auditability, and cost-review visibility.

TerraGate

Proves: Terraform change review, plan parsing, risk gates, and release discipline.

Pulpit

Proves: Serverless product ownership evolving into EKS/GitOps platform delivery.

Clearpath

Proves: ECS Fargate API design around real lead-intelligence workflow requirements.

Evidence standard: public repos, live demos, architecture docs, tests, ADRs, and teardown notes where applicable.

reviewable governed observable

AWS Solutions Architect Associate AWS Developer Associate Terraform Associate ECS Fargate EKS / GitOps Lambda / Serverless OPA/Rego CloudWatch

Operating Model

Infrastructure is valuable when it improves the operation.

Cloud systems should be judged by how well they reduce operational drag, make change safer, and give teams better control.

Owner's Lens

I design infrastructure from the workflow outward.

What needs to be requested, approved, released, observed, audited, recovered, or handed off determines the architecture.

Reliability Reviewability Cost control Auditability Workflow speed Maintainability

Messy workflow

Identify what is manual, risky, unclear, duplicated, slow, or dependent on tribal knowledge.

Operating constraints

Define what needs governance, rollback, observability, least-privilege access, cost controls, and auditability.

Production evidence

Leave behind infrastructure as code, policy checks, logs, runbooks, ADRs, teardown notes, and documented tradeoffs.

Result: systems that can be reviewed, operated, improved, and handed off without guesswork.

What This Produces

Cloud work tied to operating pressure.

Change control

Safer infrastructure changes

Terraform plan review, policy checks, blast-radius analysis, GitHub Actions, approval gates, and audit trails before apply.

Visibility

Clearer operational control

CloudOps control planes, observability, audit logging, request replay, answer provenance, dashboards, and cost review.

Platforms

Production-style AWS foundations

ECS Fargate, EKS/GitOps, Lambda/serverless, private networking, RDS, Cognito, WAF, CloudFront, and CloudWatch.

Workflow

Automation for business handoffs

Lead intake, public-record research, CRM/API workflows, document processing, AI-assisted workflows, and structured data handoff.

Proof Systems

The projects are evidence of the operating model.

Each project shows how messy workflow pressure becomes architecture, controls, and reviewable operating evidence.

01 / Governed CloudOps

AegisDesk

A self-hosted AWS CloudOps AI control plane for incident triage, access requests, ticket workflows, policy checks, and cost-review governance.

GitHub Live Demo

Operational Pressure

Cloud work gets fragmented across tickets, dashboards, cost tools, policies, and tribal knowledge.

System Built

Next.js, FastAPI, Cognito/JWKS, OPA/Rego, Bedrock routing, DynamoDB, Cost Explorer, CloudWatch, OpenTelemetry, MCP tools, and Terraform.

What It Proves

Governance, auditability, trusted-source grounding, policy enforcement, and operational visibility in one control-plane workflow.

02 / Terraform Risk Gate

TerraGate

A platform-style tool for safer infrastructure change review across Terraform PRs, risk, cost, security, and blast-radius context.

GitHub Live Demo

Operational Pressure

Infrastructure PRs are hard to review manually when risk, cost, security, and blast radius are unclear.

System Built

FastAPI, Next.js, PostgreSQL, LangGraph, Terraform plan JSON parsing, deterministic policy checks, GitHub checks/comments, redaction, and audit persistence.

What It Proves

Release discipline, governance, approval-gated actions, and practical review controls before infrastructure changes are applied.

03 / Product to Platform

Pulpit

A serverless Bedrock RAG product evolved into a validated EKS/GitOps platform path with tenant separation, observability, and teardown discipline.

V1 GitHub V1 Demo V2 GitHub V2 Demo

Operational Pressure

A platform migration needs to preserve product behavior, access control, retrieval quality, auditability, and cost boundaries.

System Built

V1 with Cognito, Lambda, DynamoDB, S3 indexes, Bedrock, Terraform; V2 with EKS, Helm, ArgoCD, External Secrets, Prometheus, and Grafana.

What It Proves

Product ownership first, platform migration second: the Kubernetes work is anchored to a real operating system, not abstract cluster practice.

04 / Fargate Workflow API

Clearpath

A production-style ECS Fargate lead-intelligence API built around lead intake, source quality, county resolution, and acquisition workflows.

GitHub

Operational Pressure

Real estate acquisition workflows need reliable APIs, structured data, private data paths, and source-aware handoff.

System Built

FastAPI on ECS Fargate with Docker, ALB, CloudFront/WAF, private RDS PostgreSQL through RDS Proxy, Secrets Manager, CloudWatch, Terraform, tests, and Checkov.

What It Proves

Business workflow translation into secure, reviewable AWS infrastructure with operating notes, cost profile, and teardown documentation.

GrantStack

Event-driven incentive screening workflow with API Gateway, Lambda, SQS/DLQ, DynamoDB, S3 source catalog, scheduled refresh, CloudWatch/X-Ray, and Terraform.

GitHub

PursuitDesk

GovCon capture workspace with SAM.gov opportunity scoring, async Bedrock proposal drafting, RDS/pgvector, and Terraform-backed workflow infrastructure.

GitHub

BrokerOps + InvoiceBridge

Operational systems across ECS/RDS reconciliation, e-invoicing validation, audit paths, and structured handoff.

GitHub profile

PhotoScribe, Super Transcriber, DocuFlow

Serverless media search, transcription workflows, OCR/document processing, and AI-assisted structured data workflows.

GitHub profile

Operator Lens

Before the cloud system, there is a messy workflow.

My engineering path started by building systems I needed to run real businesses: lead intake, public-record research, CRM/API workflows, client-facing websites, automation, and structured data handoff. That experience now informs how I design cloud systems: practical, reliable, cost-aware, and built around actual workflows.

Founder / Automation & Systems Lead at Clearpath Property Group / Boston Probate Solutions.

Owned web properties, DNS, SSL/TLS, Cloudflare, hosting, GitHub-based deployments, Supabase/Netlify, and WordPress administration.

Built Python ingestion workflows, CRM/API automation, AI prompt orchestration, and structured handoff paths for real operations.

Capabilities Underneath

The stack supports the operating model.

Tools and certifications matter here as validation, not as the brand. They are the materials used to build safer workflows and production-style systems.

Cloud and AWS

VPC, IAM, ECS Fargate, EKS, Lambda, API Gateway, Step Functions, S3, DynamoDB, RDS PostgreSQL, RDS Proxy, Bedrock, Textract, Cognito, CloudFront, WAF, ALB, ECR, SQS, EventBridge, CloudWatch, CloudTrail, Secrets Manager, SSM, Cost Explorer.

Infrastructure

Terraform, modular IaC, Terraform plan review, GitHub Actions, OIDC role assumption, Docker, Docker Compose, Cloudflare Pages, Checkov, TFLint, runbooks, ADRs.

Platform

Kubernetes, Amazon EKS, Helm, ArgoCD, IRSA, External Secrets, Prometheus, Grafana, GitOps patterns, ALB ingress.

Programming

Python, TypeScript, JavaScript, React, Next.js, FastAPI, PostgreSQL, SQL, Bash, REST APIs, data pipelines.

Security and Ops

Least-privilege IAM, private subnets, security groups, OPA/Rego, JWT/Cognito auth, presigned S3 URLs, WAF/rate limiting, secrets management, audit logging, OpenTelemetry, approval gates, CloudWatch alarms, cost controls.

Certifications: AWS Certified Solutions Architect Associate, AWS Certified Developer Associate, HashiCorp Terraform Associate.

Next Step

Need an AWS engineer who connects infrastructure to operational value?

I am open to cloud infrastructure, platform engineering, DevOps, and AWS engineering roles where ownership, reliability, automation, and business context matter.

Download Resume View GitHub Contact Me LinkedIn