Work & Open Source

Contributions, projects, and community work.

Contributions

oci-prometheus-sd-proxy

Author & Maintainer

March 2026 Go

A lightweight Go service that bridges Oracle Cloud Infrastructure and Prometheus by dynamically discovering tagged compute instances across multiple tenancies via HTTP service discovery.

Fills a real gap in the OCI observability ecosystem. OCI has no native Prometheus HTTP SD support. The proxy polls the OCI Compute API across multiple tenancies, filters by instance tags, and exposes a valid Prometheus HTTP SD response. Deployed in production across a 9-tenancy OCI estate.

GoPrometheusOCIObservability

github.com/amaanx86/oci-prometheus-sd-proxy

OCI Native Ingress Controller

Upstream Contributor

PR #139 Go

Added proper HTTP liveness and readiness probes to the OCI Native Ingress Controller for Kubernetes, replacing TCP socket probes to satisfy CloudGuard CIS compliance requirements.

The review process forced the right answer

The initial fix was TCP socket probes on the webhook port, quick, compliant, done. But during review, Maintainer pushed back. TCP probes are blunt instruments; they tell you a port is open, not that a controller is actually healthy.

So the implementation was rebuilt properly: a dedicated HealthChecker that tracks informer cache sync state and controller readiness, /healthz/ready and /healthz/live HTTP endpoints on the metrics server, readiness gated on informer cache sync (the controller is actually warmed up, not just listening), and the Helm deployment updated to use HTTP GET probes on the correct port.

The probe tells the truth now. If the controller hasn't finished syncing, Kubernetes won't route traffic to it. The distinction between "something is running" and "something is ready" is what the review process forced getting right.

GoKubernetesOCIHelm

oracle/oci-native-ingress-controller #139

terraform-gitlab-groups

Author & Publisher

2025 Terraform

Terraform module for managing GitLab groups, subgroups, and RBAC at scale. Built from scratch and published to the public Terraform Registry. Used internally to manage 50+ GitLab groups and access policies via GitOps workflows.

TerraformGitLabIaCGitOps

sudo-terraform-modules/terraform-gitlab-groups

terraform-aws-ec2-instance

Author & Publisher

2025 Terraform

Terraform module for provisioning AWS EC2 instances. Built from scratch and published to the public Terraform Registry. Covers instance configuration, IAM instance profiles, security groups, EBS volumes, and tagging conventions.

TerraformAWSEC2IaC

sudo-terraform-aws-modules/terraform-aws-ec2-instance

terraform-aws-sudo-vpc

Contributor

PR #7, PR #8 Terraform

Contributed two PRs to the public SUDO VPC Terraform module, keeping it current and production-ready.

TerraformAWSVPCIaC

sudo-terraform-aws-modules/terraform-aws-sudo-vpc

Netflix Lemur Docker

Upstream Contributor

February 2026 · PR #74 Docker

Fixed a broken Docker build in the official lemur-docker repository, the containerized distribution of Netflix's TLS certificate management platform. The build was failing due to acme==3.3.0 no longer being available in package repositories.

Upgraded both builder and app stages from ubuntu:20.04 to ubuntu:22.04, switched Node.js installation to the official NodeSource 20.x LTS repository (with cryptographic signing) instead of Ubuntu's outdated default packages, and removed unnecessary dependencies to reduce image bloat. Reviewed and merged by maintainer jtschladen on February 2, 2026.

PythonDockerTLSPKI

Netflix/lemur-docker #74

Recognition

AWS Community Day Dubai

Speaker

October 2025 · Dubai Knowledge Park, UAE

Delivered technical sessions to 200+ cloud practitioners on building resilient architectures and securing CI/CD pipelines. Shared hands-on insights from architecting production infrastructure under 48-hour competition constraints.

HackOps 2025: 1st Place

1st Place

April 2025 · FAST NUCES, Karachi

Led team to victory in the state-level DevOps hackathon, architecting and deploying production-grade cloud infrastructure on AWS under time constraints.

₨65,000 prize · State-level competition

Production work

Cloud Infrastructure & MSP Operations

SUDO Consultants

Multi-cloud infrastructure across AWS and OCI for enterprise clients. Multi-account governance with AWS Control Tower, Account Factory, SCPs, Config rules, CloudTrail, and Security Hub. CIS-hardened AMI pipelines for RHEL (SELinux enforcing, CIS Level 2) and Ubuntu with automated vulnerability scanning via Trivy and AWS Inspector. DNS-as-code for Cloudflare zones using DNSControl with GitOps workflows. Server and workload migrations using AWS MGN and EDR onboarding. Hybrid connectivity over Site-to-Site VPN. ECS and EKS cluster management including in-place version upgrades. Enterprise SIEM on AWS using Wazuh with NLB agent ingestion and ALB-fronted dashboards, provisioned via Terraform and Ansible. CI/CD pipeline support across Azure DevOps, GitHub Actions, and GitLab CI.

Observability Stack

Designed and operate a full Prometheus / Thanos / Grafana Enterprise observability platform across multi-cloud and on-premises environments — covering Kubernetes clusters, virtual machines, managed databases, data centre firewalls and switches, load balancers, and CDN. Exporters in production: FortiGate exporter, Cloudflare exporter, CloudWatch exporter, SNMP (data centre switches and firewalls), and Blackbox exporter. Dynamic compute discovery using a custom-built oci-prometheus-sd-proxy. Thanos Query for cross-environment federation, configurable retention, and Prometheus deduplication. HA Prometheus with Alertmanager clustering, Slack-integrated alert correlation, 80+ custom dashboards, and synthetic monitoring. Reduced MTTR from 45 minutes to 8 minutes through intelligent alert grouping and correlation.

Migrations & Hybrid Architecture

Zero-downtime migration from Azure AKS to Oracle Kubernetes Engine using Velero with Kopia for application-aware persistent volume backups, cross-region replication, and DR drills. AWS DMS full-load and CDC migrations of 500GB+ production databases with sub-5-second replication lag. Hybrid DR using AWS DataSync over Site-to-Site VPN with VPC endpoints, syncing on-premises Windows File Server to S3, with on-prem Active Directory integrated into EC2 for domain authentication. Multi-region AWS deployments with Cognito-enforced MFA, ALB routing to private ECS services, and PCI-DSS/SOC2-aligned network segmentation.

AWSOCIAzureKubernetesTerraformAnsiblePrometheusThanosGrafanaAlertmanagerBlackbox ExporterCloudflareWazuhVeleroAWS DMSAWS MGNControl TowerDNSControlGitLab CIGitHub ActionsAzure DevOps