s/ Sebastian G

Building Cloud,
hands on

IT Support engineer pivoting into Cloud & DevOps. I learn by deploying the real thing, including this site, which is served to you from an AWS edge right now.

Connect on LinkedIn View GitHub seba@02f.pw
Live edge → resolving… ttfb → … ms via CloudFront
01 · About

From the help desk to production.

I started in IT Support solving people's problems one ticket at a time. Now I want to solve them at the infrastructure layer, the layer that keeps tickets from being filed in the first place.

What I'm doing right now

Putting AWS Solutions Architect Associate into practice on small, production style projects. This portfolio is one of them: a private S3 bucket behind CloudFront, an ACM issued cert, OAC instead of a public bucket policy, DNS through Cloudflare. The whole stack is defined in Terraform and deployed by GitHub Actions over OIDC, no long lived AWS keys anywhere.

Next up: Linux on EC2 and CloudWatch observability so I can own the whole pipeline end to end.

The journey

Before IT
CompTIA A+
Formalised the fundamentals before stepping into the field. Picked up Linux on the side.
IT job
Started in IT Support
Help desk, hardware, Windows / macOS / network triage.
May 2026
AWS Solutions Architect Associate
VPC, IAM, S3, EC2, CloudFront, Route 53, DNS, top to bottom.
Now
Pivoting into Cloud / DevOps
Shipping this site end to end. Terraform infra, GitHub Actions OIDC deploy, bash + Python scripting.
02 · Work highlights

Automation I've shipped on the job.

Internal tooling and process automation I built in production, the kind of work that quietly removes manual steps and keeps systems consistent.

Microsoft Copilot Studio · Teams · PowerShell

Onboarding Automation

Led an onboarding automation initiative that extracts new hire data from submitted PDFs and standardizes it into PowerShell ready output for account provisioning. Authored normalization rules for department, allocation, primary email versus UPN, and access groups, then redesigned the intake template so the pipeline could scale, cutting manual interpretation and tightening the handoff between Talent Acquisition and IT provisioning. To put it in reach of the whole team, I packaged the automation as a Copilot agent that lives in Microsoft Teams, so anyone can run a submission straight from chat instead of touching the pipeline directly.

RingCentral · Active Directory · Excel

License Audit Framework

Built a reusable SaaS license audit framework that integrates three data sources (RingCentral Admin Portal, RC Analytics, and Active Directory) into a categorized Excel report, establishing a repeatable monthly workflow for license governance. By auditing RingCentral licenses against Active Directory account status, it sorts users into Reclaim, Review, Monitor, and Active tiers, giving leadership data driven allocation decisions backed by clear recommendations. The first run flagged 200+ accounts for reclamation across a 1000+ user environment.

Atera · PowerShell

ImageRight Repair Automation

Replaced a manual ImageRight repair process with an Atera delivered PowerShell uninstaller that strips every package component, resolves file lock conflicts, and clears a clean path for reinstall. The result is a faster, more reliable fix that cuts troubleshooting time for end users and removes the guesswork from a recurring support task.

PowerShell · RMM

Splashtop Reliability Tooling

Built a pair of PowerShell tools to harden Splashtop across managed Windows endpoints. The first standardizes audio behavior by adjusting registry keys and restarting services in a controlled sequence. The second is a health check that diagnoses remote access failures end to end, validating Atera Agent status, Splashtop service health, installation footprint, DNS resolution, and TCP 443 connectivity, with structured logging, defensive error handling, and meaningful exit codes so it plugs straight into RMM and automation workflows. Together they cut manual troubleshooting time and brought consistency to resolving "unable to connect" and remote session issues across the fleet.

03 · Lab notes

What I'm building & writing about next.

A live look at the bench. Some of these are notebooks I'm cleaning up into proper write ups. The rest are projects in flight.

● Live

Shipping a static site the AWS way

Walking through this very site: S3, CloudFront, OAC, ACM, Cloudflare DNS. Why each piece exists and the gotchas I hit.

Repo · sebrcg/Portfolio-site
● Live

Terraforming what I clicked together

Re-deploying this same stack as Terraform modules. Goal: nuke the AWS console and have one terraform apply rebuild it from zero.

Repo · sebrcg/Portfolio-tf Jun 1
● Live

GitHub Actions → S3, no long lived keys

Wiring a deploy pipeline that uses OIDC instead of an IAM access key. CI assumes a role, syncs the bucket, invalidates CloudFront.

Repo · sebrcg/Portfolio-site
● Live

The same server, built two ways

A containerized game server deployed to AWS ECS Fargate, defined entirely as code: private network, container registry, and serverless compute. I built the same architecture twice, once in Terraform and once in Pulumi/Python, to gain exposure to various tools. Rounded out with versioned remote state in S3 and a CI pipeline that previews every change before it ships.

Terraform + Pulumi
○ Queued

Reading CloudWatch like a sysadmin

What I'd actually look at when something breaks. Mapping the help desk troubleshooting muscle onto AWS observability.

● Drafting

IT Support → Cloud: what carried over

An honest list of the help desk skills that translate directly to infra work, and the gaps I had to fill. For other people making the same jump.

04 · How this site works

The page you're reading, traced live.

Click a node. Every box is something I configured by hand. The dotted arrows are the path your browser took to reach this paragraph.

You browser Cloudflare DNS seba.sh → A record AWS ACM TLS cert CloudFront edge cache Origin Access SigV4 → S3 S3 private bucket index.html HTTPS cache miss GET

CloudFront Edge

Global CDN sitting in front of S3. Caches the site at AWS edge locations, terminates TLS using the ACM cert, and enforces HTTPS only. Without this layer, S3 would be slower, costlier, and exposed.

aws cloudfront create-invalidation --distribution-id E... --paths "/*"
05 · Edge map

Where this page lives.

The site sits in S3 once and is replicated to ~600 CloudFront edges. The green dot is the one currently serving you.

Origin · S3 (us-east-1)
Edge · resolving…
Distance to origin · … mi
sebastian@seba ~ · permission granted