Vithushanth Chandrakumar

Problem Solved

Many developers struggle with deploying beyond localhost. This project demonstrates production-ready cloud hosting with proper security (HTTPS) and custom domain management, proving I can deploy real-world infrastructure.

Architecture

• S3 bucket configured for static website hosting with versioning
• CloudFront distribution for global CDN and HTTPS enforcement
• Route 53 for DNS management with health checks
• ACM certificate for free SSL/TLS (auto-renewal)
• Bucket policies restricting access to CloudFront only

Key Learnings

• CloudFront cache behaviors and invalidation strategies
• Difference between S3 bucket policies and IAM policies
• SSL/TLS certificate validation using DNS (vs email)
• Cost optimization through caching and compression

Real-World Relevance

This exact architecture is used by companies for marketing sites, documentation, and SPA frontends. Understanding CloudFront caching and security policies is critical for any cloud engineer supporting web applications.

Problem Solved

Manual backups are error-prone and unsustainable at scale. This project automates EC2/EBS snapshots with intelligent retention policies, balancing data protection with storage costs—a critical requirement in production environments.

Architecture

• EventBridge cron rule triggers Lambda daily at 2 AM UTC
• Python function using boto3 SDK for snapshot operations
• Tag-based volume identification for selective backups
• 7-day retention policy to manage storage costs
• SNS notifications for success/failure alerts
• CloudWatch Logs for audit trail and debugging

Technical Implementation

# Lambda function logic (simplified)
import boto3
from datetime import datetime, timedelta

ec2 = boto3.client('ec2')
sns = boto3.client('sns')

def lambda_handler(event, context):
    # Create snapshots for tagged volumes
    volumes = ec2.describe_volumes(
        Filters=[{'Name': 'tag:Backup', 'Values': ['true']}]
    )
    
    # Delete snapshots older than 7 days
    retention_date = datetime.now() - timedelta(days=7)
    # ... cleanup logic
    
    # Send SNS notification
    sns.publish(TopicArn=TOPIC_ARN, Message=status)

Key Learnings

• Boto3 SDK for AWS service automation
• IAM role design with least-privilege permissions
• EventBridge cron expressions vs rate expressions
• Importance of tagging strategies for resource management
• Error handling and retry logic in serverless functions

Real-World Relevance

Backup automation is mandatory in production. This demonstrates understanding of disaster recovery, cost optimization, and serverless patterns used by DevOps teams daily. The retention policy shows awareness of balancing compliance with costs.

Problem Solved

Default VPCs lack proper network segmentation. This project implements production-grade network isolation, separating public-facing resources from sensitive backend systems— essential for security compliance and least-privilege access.

Architecture

• Custom VPC with 10.0.0.0/16 CIDR block
• Multi-AZ deployment for high availability
• Internet Gateway for public subnet internet access
• NAT Gateway for private subnet outbound traffic
• Route tables controlling traffic flow
• Security Groups and NACLs for defense-in-depth

Key Learnings

• CIDR block planning and subnet sizing calculations
• Difference between Internet Gateway and NAT Gateway
• Route table precedence and routing decisions
• Security Groups (stateful) vs NACLs (stateless)
• Multi-AZ architecture patterns for resilience
• Cost implications of NAT Gateways ($0.045/hour + data transfer)

Real-World Relevance

This is the foundation of ALL enterprise AWS architectures. Every production application uses this network pattern. Understanding VPC design is essential for supporting application deployments, troubleshooting connectivity, and implementing security controls.

Problem Solved

Traditional server-based APIs require constant maintenance, patching, and scaling management. This serverless API eliminates infrastructure overhead while providing automatic scaling, high availability, and pay-per-request pricing.

Architecture

• API Gateway RESTful endpoints with request validation
• 5 Lambda functions for CRUD operations (Create, Read, Update, Delete, List)
• DynamoDB table with on-demand billing for cost optimization
• CORS configuration for browser-based access
• IAM roles for secure Lambda-to-DynamoDB communication
• CloudWatch for API metrics and Lambda logs

API Endpoints

POST   /items          # Create new item
GET    /items          # List all items
GET    /items/{id}     # Get single item
PUT    /items/{id}     # Update item
DELETE /items/{id}     # Delete item

Key Learnings

• API Gateway request/response transformations
• Lambda function design patterns and error handling
• DynamoDB single-table design and partition key selection
• Cold start mitigation strategies
• CORS configuration for cross-origin requests

Real-World Relevance

Serverless APIs power modern microservices architectures. This demonstrates backend development skills, event-driven patterns, and cost-effective scaling— critical for cloud-native applications.

Problem Solved

Manual file processing is slow, error-prone, and doesn't scale. This event-driven architecture automatically processes files uploaded to S3, enabling scalable data pipelines without polling or manual intervention.

Architecture

• Source S3 bucket with event notifications enabled
• S3 PUT event triggers Lambda function automatically
• Processing logic (e.g., image resizing, format conversion)
• Output written to destination bucket
• Error handling for unsupported file types
• CloudWatch metrics for processing time and failures

Key Learnings

• S3 event notification configuration and filtering
• Binary file handling in Lambda (Pillow for images)
• S3 SDK operations: getObject, putObject with metadata
• Idempotency in event-driven systems
• Lambda environment variables for configuration

Real-World Relevance

Event-driven processing is fundamental to data pipelines, media workflows, and ETL operations. This pattern is used for log analysis, image/video processing, document conversion, and real-time data transformation across all industries.

Problem Solved

Without proper monitoring, issues go unnoticed until users report them—leading to longer downtime and poor user experience. This monitoring setup enables proactive incident management with automated alerts before problems impact users.

Architecture

• CloudWatch Dashboard with widgets for key metrics
• Alarms for EC2 CPU, Lambda errors, API latency
• SNS topic for email/SMS notifications
• Log Insights queries for troubleshooting
• Custom metrics from application code

Configured Alarms

• EC2 CPU utilization > 80% for 5 minutes
• Lambda error rate > 5% over 10 minutes
• API Gateway 5XX errors > 10 per minute
• DynamoDB read/write capacity threshold

Key Learnings

• CloudWatch metric namespaces and dimensions
• Alarm threshold tuning to avoid alert fatigue
• Dashboard design for quick incident triage
• Log aggregation, filtering, and pattern matching
• Cost optimization for metric storage and alarms

Real-World Relevance

Monitoring is critical for maintaining production systems. This demonstrates understanding of SRE principles, proactive operations, and the ability to maintain service reliability through observability—a core responsibility of cloud engineers.