πŸš€ Automating Infrastructure at Scale

Hi, I'm
Rohit Vishwakarma

I am a |

Building scalable infrastructure and automating deployments
LinkedIn
Profile
●Available for Freelance Work
β˜…1.6 Years Exp
πŸ’Ό
1.6
Years Experience
πŸš€
5+
Projects Completed
☁️
10+
Cloud Deployments
πŸ“œ
3+
Certifications

Recent Achievements

Recent problems solved, lessons learned, and features shipped.

πŸš€
ShippedJun 04 β€’ 4:22 PM
Implemented Secure IAM-Based Database Access for ECS Application Using Least Privilege

Designed and implemented a secure authentication mechanism for an application running on Amazon ECS to access a private Amazon RDS PostgreSQL database without using the default PostgreSQL administrator account.

Key implementations:

  • Created a dedicated app_user database user instead of using the default postgres superuser.
  • Granted only the minimum database permissions required by the application, following the Principle of Least Privilege.
  • Enabled IAM Database Authentication for the application user.
  • Created a dedicated IAM Role for the ECS Task.
  • Attached a custom IAM policy that only allows the application to perform rds-db:connect (generate an IAM authentication token) for the app_user.
  • Attached the IAM Role to the Amazon ECS Task Definition, allowing the application to authenticate securely without storing database credentials.
  • Eliminated hardcoded database passwords by using temporary IAM authentication tokens that automatically expire after 15 minutes.

Outcome

  • Built a secure, passwordless authentication workflow where the ECS application accesses Amazon RDS using IAM roles and short-lived authentication tokens, significantly reducing credential management overhead and improving the overall security posture.
AWSRDSECSIAMIAM Database AuthenticationPostgreSQL
βœ…
SolvedMay 10 β€’ 4:22 PM
Secure Private Amazon RDS Access using EC2 Bastion, AWS SSM & IAM Database Authentication

Designed and implemented a highly secure access mechanism for a private Amazon RDS database without exposing it to the public internet.

Key implementations:

  • Deployed an EC2 Bastion Host inside the VPC for controlled database access.
  • Eliminated SSH by using AWS Systems Manager (SSM) Session Manager for secure, audited access.
  • Applied IAM role-based access control (RBAC) so only authorized users can initiate SSM sessions.
  • Enabled IAM Database Authentication, removing the need for storing static database passwords.
  • Implemented temporary authentication tokens instead of passwords, with each token valid for 15 minutes, significantly reducing credential exposure.
  • Ensured the RDS instance remained in private subnets with no public accessibility.
  • Followed AWS security best practices including least-privilege IAM policies and secure network isolation.

Outcome: Built a passwordless, role-based, auditable, and highly secure solution for local developer access to a private Amazon RDS instance.

AWSRDSEC2Bastion HostAWS SSMIAM
πŸš€
ShippedApr 01 β€’ 12:42 PM
Implemented AWS WAF for Edge-Level Security Enforcement

Designed and implemented AWS WAF at the edge (CloudFront) to protect production infrastructure from malicious traffic.

  • Enabled managed rule sets (OWASP Top 10, IP reputation, bad inputs) to block attacks like SQLi, XSS, and malformed requests
  • Configured input validation rules to restrict abnormal query sizes and suspicious payload patterns
  • Implemented edge-level traffic filtering to prevent malicious requests from reaching backend services
  • Conducted security validation using payload injection and abnormal request testing to verify rule effectiveness

Result: Successfully enforced first-layer security at the edge, reducing exposure to common web attacks and improving overall application security posture

AWS WAF
πŸš€
ShippedMar 24 β€’ 4:04 PM
Automated TypeORM Migration Using ECR Image in CI/CD
  1. Created a dedicated CI/CD job to run TypeORM database migrations
  2. Pulled the latest backend Docker image from Amazon ECR
  3. Executed migrations inside AWS ECS using the existing container image
  4. Decoupled migration execution from build pipeline (no image rebuild)
  5. Ensured consistent schema updates across environments
  6. Reduced deployment time and eliminated manual DB migration steps
AWSCI/CDDockerTypeORMECRECS

Core Technologies

My preferred stack for building robust and scalable solutions

Kubernetes
Kubernetes
Jenkins
Jenkins
Terraform
Terraform
AWS
AWS
Docker
Docker
Bash
Bash
πŸ’Ό

Experience

Explore my professional journey, roles, and key achievements across different companies.

View Timeline
πŸŽ“

Education

Check out my academic background, degrees, and professional certifications.

View Credentials
⚑

Skills

Dive into my technical arsenal, tools, and proficiency levels.

View Arsenal
πŸš€

Projects

Browse through my portfolio of projects, applications, and solutions.

View Portfolio
πŸ“œ

Certifications

View my professional certifications, courses, and internships.

View Credentials