Experience
Enetro AI
Cloud Engineer
Key contributions
Cognito Auth Platform
Designed and operated a multi-environment authentication platform on AWS Cognito, with a pre-token-generation Lambda injecting custom claims (role, tenant id, employee id) into every JWT. Backend services verify RS256 tokens locally against cached JWKS — no per-request round-trip to Cognito while staying tamper-proof. Codified password policy, account recovery, and OAuth Authorization Code flow for the hosted UI.
Terraform Multi-Stack IaC
Authored a modular Terraform monorepo provisioning the AWS footprint across separate stacks — auth (Cognito), networking (VPC, subnets, NAT, API Gateway), compute (EC2, RDS, Valkey, DNS) and observability — with S3-backed remote state and DynamoDB state locking. One change to a shared locals file rolls out across all four environments; lifecycle rules handle Cognito's append-only schema constraints.
ECR / ECS Fargate CI/CD
Built a branch-gated container delivery pipeline: develop → dev, beta → beta, main → sandbox → manual gate → prod. The deploy script resolves environment-scoped secrets, validates required vars, builds linux/amd64 Docker images, pushes to ECR, then forces an ECS Fargate redeploy via boto3. Change-set filters keep unrelated services from rebuilding.