DevOps Engineer — AWS Certified · EKS in Production · GitOps · IaC at Scale · AIOps
name: Ahmed Tetteh
role: DevOps Engineer
focus: Cloud-native infrastructure · GitOps · Container orchestration · AIOps
cloud: AWS (EKS, CodePipeline, Lambda, CloudFormation, ECS, RDS, DynamoDB)
containers: Docker · Kubernetes (EKS production) · Helm · eksctl
gitops: ArgoCD · Kustomize · Sealed Secrets · Renovate Bot
iac: Terraform (modular, GitOps-managed) · CloudFormation · AWS CDK
cicd: GitHub Actions · AWS CodePipeline · Jenkins · ArgoCD
security: OIDC federation · IAM least-privilege · RBAC · Bitnami Sealed Secrets
monitoring: Prometheus · Grafana · Alertmanager · CloudWatch
certs: AWS Solutions Architect Associate · AWS Cloud Practitioner
building: Autonomous incident response pipelines · Production-grade GitOps systemsPython Kubernetes FastAPI Ollama (LLM) Redis Fluent Bit GitHub API
An autonomous SRE pipeline that ingests live Kubernetes error logs via Fluent Bit, runs local LLM root-cause diagnosis, and auto-files structured GitHub incident reports — end-to-end, without a human in the loop.
| Outcome | Detail |
|---|---|
| ⚡ Sub-10s MTTD | Reduced mean time to detect from minutes to under 10 seconds |
| 🧠 ~90% LLM cache hit | Redis MD5-based deduplication (10-min TTL) eliminates redundant inference |
| 🔕 Zero duplicate tickets | Signature-matched GitHub Issue dedup eliminates repeated incident reports |
| 🛡️ Rate-limited & resilient | Token-bucket limiter prevents runaway API calls under log storm conditions |
Kubernetes ArgoCD Kustomize Sealed Secrets GitHub Actions Renovate Bot
Production-grade GitOps system where the cluster is the single source of truth. ArgoCD continuously reconciles desired vs actual state; any unauthorized change is reversed before an engineer could manually notice.
| Outcome | Detail |
|---|---|
| 🔁 Sub-10s drift correction | Self-healing and pruning revert unauthorized cluster changes automatically |
| 🔒 100% plaintext secrets eliminated | Bitnami Sealed Secrets encrypts credentials with asymmetric RSA before they touch Git |
| 🤖 Zero manual deployment steps | GitHub Actions + Renovate Bot route all changes through auditable, automated PRs |
| 📣 Real-time deploy visibility | ArgoCD Notifications posts pending/success/failure statuses to GitHub across 3 sync phases |
| 🗄️ Safe DB migrations | PreSync hooks validate database migrations before any deployment proceeds |
Terraform GitHub Actions AWS OIDC TFLint Checkov
Modular IaC pipeline that provisions 30+ AWS resources across VPC, compute, storage, and IAM — governed by a full GitOps workflow where infrastructure changes go through the same review gates as application code.
| Outcome | Detail |
|---|---|
| 🏛️ 30+ resources, 5 modules | VPC, EC2, S3, IAM, RDS — each environment reproducible with a single command |
| 🚫 No long-lived credentials | OIDC federation between GitHub Actions and AWS; zero static secrets |
| 🔍 Shift-left security | Checkov scans every plan; TFLint enforces standards before merge |
| 🤝 Safe collaboration | S3 remote state + DynamoDB locking prevents concurrent state corruption |
Kubernetes Jenkins Helm Prometheus Grafana Alertmanager Docker
End-to-end pipeline from code commit to monitored production deployment. Jenkins handles the build and delivery; a Helm-managed observability stack surfaces the RED method metrics needed to know if the deployment is actually healthy.
| Outcome | Detail |
|---|---|
| 🚀 Zero manual build-push-deploy | Jenkins automates the full cycle; rolling deployments with no downtime |
| 📈 RED method dashboards | Grafana tracks request rate, error rate, and P99 latency per service |
| 🔔 Automated alerting | Custom PrometheusRules fire on 5xx error rate threshold breaches |
| 🔎 Zero-config scraping | ServiceMonitor-based auto-discovery picks up new services without manual config |
CodePipeline CodeBuild CodeDeploy CodeArtifact CloudFormation S3 EC2
Fully AWS-native delivery pipeline — commit to production without leaving the AWS ecosystem. Dependency management runs through CodeArtifact so no build ever touches a public package registry.
| Outcome | Detail |
|---|---|
| 📦 60% higher deployment frequency | Automated pipeline removes the friction of manual release coordination |
| 🔐 Supply chain secured | Private CodeArtifact mirror; no direct public registry access at build time |
| ♻️ One-command infra | Entire stack (pipeline + EC2 + networking) reproduced from a single CloudFormation template |
| ↩️ Rollback on failure | Versioned S3 artifacts and CodeDeploy rollback hooks for zero-downtime recovery |
GitHub Actions Python Gemini 2.5 API github-script
Automated code reviewer wired into the PR workflow. Every PR triggers a diff analysis via Gemini 2.5; the workflow parses structured output, labels by severity (Critical / Warning / Good), and posts the review as a PR comment — all before a human reviewer touches the code.
| Outcome | Detail |
|---|---|
| 🐛 Real vulnerability detection | Caught SQL injection and shell injection vulnerabilities in test diffs |
| 🏷️ Machine-readable triage | Structured Gemini output parsed to auto-label PRs by AI-assessed severity |
| 🔑 Zero credentials exposed | API key stored as a GitHub Secret; no secrets in workflow YAML or diff output |
Lambda API Gateway DynamoDB S3 CloudFront Route 53 SES ACM
End-to-end serverless platform live at a custom domain (kahmedt.com) with global CDN delivery. Visitor submits a form → Lambda fires SES email to the business owner, writes the lead to DynamoDB, and logs to CloudWatch — all within milliseconds, with no servers to manage.
| Outcome | Detail |
|---|---|
| 🌍 Production-deployed | Live on kahmedt.com with ACM TLS, CloudFront, and Route 53 DNS |
| 🔒 Least-privilege Lambda | Role scoped to exactly dynamodb:PutItem + ses:SendEmail — nothing more |
| 🛠️ Real debugging | Resolved production CORS misconfiguration, DNS propagation delays, and ACM us-east-1 region constraint |
Cloud & IaC
Containers, Orchestration & GitOps
CI/CD & Automation
Languages & Scripting
Monitoring & Observability
Security
| Certification | Issuer |
|---|---|
| ✅ AWS Certified Solutions Architect – Associate | Amazon Web Services |
| ✅ AWS Certified Cloud Practitioner (CLF-C02) | Amazon Web Services |
| ✅ Docker Training — Absolute Beginner | KodeKloud |
| ✅ KodeKloud Engineer — Docker Level 1 | KodeKloud |
| ✅ Introduction to DevOps | IBM |
| ✅ Hands-on Linux Commands & Shell Scripting | IBM |
Open to DevOps, SRE, and Cloud Infrastructure roles — South Korea and remote.
