Muhammad Fahim Feroz
Cloud & DevOps Engineer
Building automated cloud infrastructure, CI/CD pipelines, and containerised deployments on Azure and AWS. Focused on turning manual processes into reproducible, documented workflows.
Building Cloud & DevOps Skills Through Hands-On Projects
I am Muhammad Fahim Feroz, a Cloud and DevOps focused engineer building hands-on experience with Azure, AWS, Linux, containerisation, infrastructure as code, and CI/CD automation. I enjoy turning manual deployment steps into automated, reproducible workflows and documenting what I build.
My projects span the full DevOps lifecycle: provisioning infrastructure with Terraform and Ansible, building secure Docker images with multi-stage builds, deploying workloads to Kubernetes (AKS), embedding security scanning (Trivy, Bandit) directly into GitHub Actions pipelines, and monitoring systems with Prometheus and Grafana.
I am working toward roles where I can apply and deepen these skills in a team environment — Cloud Engineer, DevOps Engineer, or Infrastructure Engineering positions.
Automation First
Replacing manual steps with IaC, Ansible playbooks, and scripted pipelines.
Security in the Pipeline
SAST, container CVE scanning, and secret hygiene built into every CI workflow.
Tools & Technologies
Cloud Platforms
DevOps & CI/CD
Containers & Orchestration
Infrastructure as Code
Security & Scanning
Observability & Systems
Hands-on cloud and DevOps engineering projects.
Azure AKS DevOps Pipeline
End-to-end DevOps platform on Azure. A single git push to main triggers a GitHub Actions pipeline that provisions Azure infrastructure with Terraform, builds and pushes Docker images to ACR, deploys FastAPI + Celery + PostgreSQL + Redis workloads to AKS via Ansible, installs the kube-prometheus-stack via Helm, and finishes with an automated smoke test of the public endpoint.
- › Terraform provisions AKS, ACR, VNet, subnets, and Azure Blob remote state — idempotent on repeated runs
- › Ansible playbook applies all Kubernetes manifests and installs Prometheus + Grafana monitoring via Helm on every deploy
- › GitHub Actions pipeline gates on Flake8 lint, Bandit SAST, and Pytest before any Docker build runs
- › Path-filtered Terraform jobs — infra only provisions when
infra/**changes, cutting run time on app-only pushes - › Full observability: Prometheus scrapes cluster metrics; Grafana dashboards cover pods, nodes, kubelet, and node exporter
Terraform AWS Infrastructure
Modular Terraform project provisioning a production-style AWS environment. Multi-AZ VPC with public and private subnets, ALB, EC2 in private subnets, RDS PostgreSQL, S3 remote state with DynamoDB locking. GitHub Actions pipeline separates plan from apply with a manual confirmation gate.
- › Zero-SSH design — EC2 instances managed via AWS Systems Manager, no public IPs
- › Each layer (VPC, EC2, ALB, IAM, RDS) is an independent reusable module with clear input/output contracts
- ›
terraform applyrequires typedAPPLYconfirmation — no accidental infrastructure changes - › Remote state stored in S3 with DynamoDB locking — prevents concurrent applies and state corruption
- › Infrastructure deployed and validated on real AWS, then destroyed to control ongoing costs
Kubernetes Application Deployment
Kubernetes deployment project for a Node.js microservice using both raw YAML manifests and a Helm chart in parallel. Demonstrates the full Kubernetes object model alongside a CI pipeline that validates manifests and injects Git SHA image tags at runtime.
- › Covers Deployments, Services, ConfigMaps, Secrets, Ingress, HPA, and NetworkPolicy
- › Helm chart parameterises the same app for multi-environment deployments
- › CI replaces
IMAGE_TAGin manifests with the Git commit SHA viased, preventing stale pulls - › Trivy container scan and kubeconform manifest validation run on every PR
FastAPI DevSecOps Pipeline
A FastAPI + Celery + PostgreSQL + Redis application with a full DevSecOps CI/CD pipeline. Multi-stage Docker builds produce a minimal non-root image. GitHub Actions runs lint, SAST, unit tests, and a Trivy CVE scan before any image is pushed to Docker Hub.
- › Flake8 lint → Bandit SAST → Pytest (against live PostgreSQL + Redis containers) → Trivy scan — all as CI gates
- › Docker image built with SHA tag for scanning on PRs; pushed to Docker Hub only on
mainmerge - › Docker Compose orchestrates the full stack locally with health checks and dependency ordering
- › Celery + Redis handles async background task processing, mirroring a production task queue setup
Let's Connect
Open to Cloud Engineer, DevOps Engineer, Junior DevOps, Cloud Support, and Infrastructure Engineering opportunities.