s/ Sebastian G

Building Cloud,
hands on

IT Support engineer pivoting into Cloud & DevOps. I learn by deploying the real thing, including this site, which is served to you from an AWS edge right now.

Connect on LinkedIn View GitHub seba@02f.pw
Live edge → resolving… ttfb → … ms via CloudFront
01 · About

From the help desk to production.

I started in IT Support solving people's problems one ticket at a time. Now I want to solve them at the infrastructure layer, the layer that keeps tickets from being filed in the first place.

What I'm doing right now

Putting AWS Solutions Architect Associate into practice on small, production style projects. This portfolio is one of them: a private S3 bucket behind CloudFront, an ACM issued cert, OAC instead of a public bucket policy, DNS through Cloudflare. The whole stack is defined in Terraform and deployed by GitHub Actions over OIDC, no long lived AWS keys anywhere.

Next up: Linux on EC2 and CloudWatch observability so I can own the whole pipeline end to end.

The journey

Before IT
CompTIA A+
Formalised the fundamentals before stepping into the field. Picked up Linux on the side.
IT job
Started in IT Support
Help desk, hardware, Windows / macOS / network triage.
May 2026
AWS Solutions Architect Associate
VPC, IAM, S3, EC2, CloudFront, Route 53, DNS, top to bottom.
Now
Pivoting into Cloud / DevOps
Shipping this site end to end. Terraform infra, GitHub Actions OIDC deploy, bash + Python scripting.
02 · How this site works

The page you're reading, traced live.

Click a node. Every box is something I configured by hand. The dotted arrows are the path your browser took to reach this paragraph.

You browser Cloudflare DNS seba.sh → A record AWS ACM TLS cert CloudFront edge cache Origin Access SigV4 → S3 S3 private bucket index.html HTTPS cache miss GET

CloudFront Edge

Global CDN sitting in front of S3. Caches the site at AWS edge locations, terminates TLS using the ACM cert, and enforces HTTPS only. Without this layer, S3 would be slower, costlier, and exposed.

aws cloudfront create-invalidation --distribution-id E... --paths "/*"
03 · Lab notes

What I'm building & writing about next.

A live look at the bench. Some of these are notebooks I'm cleaning up into proper write ups. The rest are projects in flight.

● Live

Shipping a static site the AWS way

Walking through this very site: S3, CloudFront, OAC, ACM, Cloudflare DNS. Why each piece exists and the gotchas I hit.

Repo · sebrcg/Portfolio-site
● Live

Terraforming what I clicked together

Re-deploying this same stack as Terraform modules. Goal: nuke the AWS console and have one terraform apply rebuild it from zero.

Repo · sebrcg/Portfolio-tf Jun 1
● Live

GitHub Actions → S3, no long lived keys

Wiring a deploy pipeline that uses OIDC instead of an IAM access key. CI assumes a role, syncs the bucket, invalidates CloudFront.

Repo · sebrcg/Portfolio-site
● Live

The same server, built two ways

A containerized game server deployed to AWS ECS Fargate, defined entirely as code: private network, container registry, and serverless compute. I built the same architecture twice, once in Terraform and once in Pulumi/Python, to gain exposure to various tools. Rounded out with versioned remote state in S3 and a CI pipeline that previews every change before it ships.

Terraform + Pulumi
○ Queued

Reading CloudWatch like a sysadmin

What I'd actually look at when something breaks. Mapping the help desk troubleshooting muscle onto AWS observability.

● Drafting

IT Support → Cloud: what carried over

An honest list of the help desk skills that translate directly to infra work, and the gaps I had to fill. For other people making the same jump.

04 · Edge map

Where this page lives.

The site sits in S3 once and is replicated to ~600 CloudFront edges. The green dot is the one currently serving you.

Origin · S3 (us-east-1)
Edge · resolving…
Distance to origin · … mi
sebastian@seba ~ · permission granted