Hi, I'm Kevin!

I've worked with Amazon Web Services intensively between 2018 and 2021 and was a AWS Certified Developer from May 2019 to May 2022.

Between 2018 and 2021 I was involved in planning and provisioning infrastructure for a microservice-based product called Konekti. During this time I gained extensive knowledge of:

• Elastic Container Services (ECS)
• Elastic Compute Cloud (EC2)
• Auto-scaling Groups
• Intensive, automatic resource tagging to monitor budgets
• Security Groups and Ingress Control
• AWS Load Balancers and Traefik Edge Proxy
• VPC and subnet management

Proper monitoring is incredibly helpful in debugging. Seeing exactly what amount of RAM and CPU a docker container consumed when it got stuck 3 weeks ago? Neat.

Some monitoring tools I've maintained in production:

• Prometheus
• Alertmanager
• Grafana
• collectd
• node_exporter
• cadvisor
• AWS CloudWatch metrics
• AWS CloudWatch alarms

Before doing DevOps full-time at Synoa GmbH, I drove the initial adoption of Docker for local development in 2017.

At the time we used Docker for Magento 2 development as well as for running Logstash, Elasticsearch, and some Java Apps on local machines.

Some areas I've gained knowledge in over the years include:

• Running CI/CD in Docker containers
• Multi-stage docker builds
• Running Traefik in Production for 4 years
• Distributing CLI tools via Docker containers
• Deploying docker with Docker Remote API
• Monitoring with cAdvisor

Setting up infrastructure in the cloud is lot of work and the more manual steps are involved, the more likely errors will be introduced.

Over the past years I've gained a lot of experience building, managing, and upgrading infrastructure with terraform and Ansible. I've also build internal tooling to help Developers interact with the infrastructure we build.

• Terraform module creation and maintenance
• Ansible role creation and maintenance
• Terraform integration with CI/CD pipelines
• Handling of breaking infrastructure changes
• Integrating build tools with Docker Remote API
• Monitoring with cAdvisor

Security must be considered from the start. Period.

Don't give all-access to a entity because it's easy. Don't open all ports because it's easy. Don't run your code as root because it's easy.

Some rules I've established:

• HTTPS-only traffic between systems
• Restrictive AWS IAM users and roles
• Automatic generation of AWS IAM users and automated S3 access management via Terraform
• Auto-generated Passwords wherever possible
• Password management with self-hosted Password manager
• SSL certificate management with Let's Encrypt and AWS Certificate Manager