Open to Cloud & DevOps Roles

Muhammad Fahim Feroz

Cloud & DevOps Engineer

Building automated cloud infrastructure, CI/CD pipelines, and containerised deployments on Azure and AWS. Focused on turning manual processes into reproducible, documented workflows.

Muhammad Fahim Feroz
Muhammad Fahim Feroz — About
About Me

Building Cloud & DevOps Skills Through Hands-On Projects

I am Muhammad Fahim Feroz, a Cloud and DevOps focused engineer building hands-on experience with Azure, AWS, Linux, containerisation, infrastructure as code, and CI/CD automation. I enjoy turning manual deployment steps into automated, reproducible workflows and documenting what I build.

My projects span the full DevOps lifecycle: provisioning infrastructure with Terraform and Ansible, building secure Docker images with multi-stage builds, deploying workloads to Kubernetes (AKS), embedding security scanning (Trivy, Bandit) directly into GitHub Actions pipelines, and monitoring systems with Prometheus and Grafana.

I am working toward roles where I can apply and deepen these skills in a team environment — Cloud Engineer, DevOps Engineer, or Infrastructure Engineering positions.

terminal

Automation First

Replacing manual steps with IaC, Ansible playbooks, and scripted pipelines.

shield

Security in the Pipeline

SAST, container CVE scanning, and secret hygiene built into every CI workflow.

Technical Skills

Tools & Technologies

cloud

Cloud Platforms

AWS Azure AKS ACR EC2 RDS VPC / VNet
sync_alt

DevOps & CI/CD

GitHub Actions Ansible Docker Compose Git Bash scripting
view_in_ar

Containers & Orchestration

Docker Kubernetes Helm kubectl
architecture

Infrastructure as Code

Terraform Remote State (S3 / Blob) Modules DynamoDB Locking
shield

Security & Scanning

Trivy Bandit (SAST) CodeQL Dependabot Flake8
monitoring

Observability & Systems

Prometheus Grafana FastAPI PostgreSQL Redis Celery Linux
Featured Projects

Hands-on cloud and DevOps engineering projects.

Flagship Project

Azure AKS DevOps Pipeline

End-to-end DevOps platform on Azure. A single git push to main triggers a GitHub Actions pipeline that provisions Azure infrastructure with Terraform, builds and pushes Docker images to ACR, deploys FastAPI + Celery + PostgreSQL + Redis workloads to AKS via Ansible, installs the kube-prometheus-stack via Helm, and finishes with an automated smoke test of the public endpoint.

  • Terraform provisions AKS, ACR, VNet, subnets, and Azure Blob remote state — idempotent on repeated runs
  • Ansible playbook applies all Kubernetes manifests and installs Prometheus + Grafana monitoring via Helm on every deploy
  • GitHub Actions pipeline gates on Flake8 lint, Bandit SAST, and Pytest before any Docker build runs
  • Path-filtered Terraform jobs — infra only provisions when infra/** changes, cutting run time on app-only pushes
  • Full observability: Prometheus scrapes cluster metrics; Grafana dashboards cover pods, nodes, kubelet, and node exporter
Azure AKS Terraform Ansible Docker GitHub Actions Prometheus Grafana FastAPI PostgreSQL Redis Helm
View on GitHub
Infrastructure as Code

Terraform AWS Infrastructure

Modular Terraform project provisioning a production-style AWS environment. Multi-AZ VPC with public and private subnets, ALB, EC2 in private subnets, RDS PostgreSQL, S3 remote state with DynamoDB locking. GitHub Actions pipeline separates plan from apply with a manual confirmation gate.

  • Zero-SSH design — EC2 instances managed via AWS Systems Manager, no public IPs
  • Each layer (VPC, EC2, ALB, IAM, RDS) is an independent reusable module with clear input/output contracts
  • terraform apply requires typed APPLY confirmation — no accidental infrastructure changes
  • Remote state stored in S3 with DynamoDB locking — prevents concurrent applies and state corruption
  • Infrastructure deployed and validated on real AWS, then destroyed to control ongoing costs
AWS Terraform VPC EC2 RDS ALB S3 Remote State GitHub Actions
View on GitHub

Kubernetes Application Deployment

Kubernetes deployment project for a Node.js microservice using both raw YAML manifests and a Helm chart in parallel. Demonstrates the full Kubernetes object model alongside a CI pipeline that validates manifests and injects Git SHA image tags at runtime.

  • Covers Deployments, Services, ConfigMaps, Secrets, Ingress, HPA, and NetworkPolicy
  • Helm chart parameterises the same app for multi-environment deployments
  • CI replaces IMAGE_TAG in manifests with the Git commit SHA via sed, preventing stale pulls
  • Trivy container scan and kubeconform manifest validation run on every PR
Kubernetes Helm Docker Trivy GitHub Actions HPA NetworkPolicy
View on GitHub

FastAPI DevSecOps Pipeline

A FastAPI + Celery + PostgreSQL + Redis application with a full DevSecOps CI/CD pipeline. Multi-stage Docker builds produce a minimal non-root image. GitHub Actions runs lint, SAST, unit tests, and a Trivy CVE scan before any image is pushed to Docker Hub.

  • Flake8 lint → Bandit SAST → Pytest (against live PostgreSQL + Redis containers) → Trivy scan — all as CI gates
  • Docker image built with SHA tag for scanning on PRs; pushed to Docker Hub only on main merge
  • Docker Compose orchestrates the full stack locally with health checks and dependency ordering
  • Celery + Redis handles async background task processing, mirroring a production task queue setup
FastAPI Docker Celery PostgreSQL Redis Trivy Bandit GitHub Actions
View on GitHub
Contact

Let's Connect

Open to Cloud Engineer, DevOps Engineer, Junior DevOps, Cloud Support, and Infrastructure Engineering opportunities.