Ryan Paredes

DevOps & SRE Engineer specializing in cloud infrastructure, CI/CD automation, and infrastructure as code. Building reliable systems on AWS.

LinkedIn GitHub Resume PDF

Skills & Tools

Core technologies I work with daily

☁️ AWS

🏗️ Terraform

🐳 Docker

⎈ Kubernetes

⚙️ GitHub Actions

🐍 Python

🐧 Linux

📊 Monitoring

🔄 CI/CD

📝 IaC

🌐 Networking

🔒 Security

Projects

Infrastructure and automation work

PersonalSite

Live

This site — a fully automated portfolio deployed to AWS via GitHub Actions. Infrastructure managed with Terraform, security scanning with Trivy, and built with Astro + Tailwind CSS.

AWSTerraformGitHub ActionsAstroS3CloudFront

View on GitHub →

More projects coming soon

CI/CD Pipeline

How this site gets built and deployed — fully automated with GitHub Actions

🔍 Lint Terraform fmt + Astro check

→

🛡️ Scan Trivy IaC & dependency scan

→

🔨 Build Astro static site build

→

🚀 Deploy Dev S3 sync to dev bucket

→

✅ Deploy Prod Approval gate + S3 sync

Pipeline Details

✓ Lint: Terraform files validated with terraform fmt -check and site checked with astro check
✓ Security Scan: Trivy scans IaC for misconfigurations and dependencies for known CVEs (pinned version to avoid supply-chain risk)
✓ Build: Astro generates optimized static HTML/CSS/JS with zero JavaScript shipped to the client by default
✓ Deploy Dev: Built artifacts synced to S3 dev bucket automatically on push to main
✓ Deploy Prod: GitHub Environment protection rules require manual approval before syncing to the production S3 bucket behind CloudFront
✓ Secrets: gitleaks pre-commit hooks + CI scanning prevent accidental credential leaks

Architecture

AWS infrastructure powering this site

┌────────────┐     ┌──────────────┐     ┌────────────┐
│            │     │              │     │            │
│  Route 53  │────▶│  CloudFront  │────▶│  S3 Bucket │
│  (DNS)     │     │  (CDN+TLS)   │     │  (Static)  │
│            │     │              │     │            │
└────────────┘     └──────────────┘     └────────────┘
       │                  │
       │           ┌──────────────┐
       │           │     ACM      │
       └──────────▶│ (TLS Cert)   │
                   └──────────────┘

All infrastructure defined as Terraform modules — see the repo for full source.

Built with AI

How AI-assisted development shaped this project

🤖

Planning & Architecture

AI pair programming was used to evaluate technology choices, create architecture decision records, and develop the security playbook for going public.

💻

Code Generation

Frontend components, Terraform modules, and GitHub Actions workflows were scaffolded with AI assistance using GitHub Copilot, then reviewed and customized.

🔒

Security Review

AI-assisted auditing identified exposed secrets in the legacy codebase and recommended OIDC federation, pre-commit hooks, and pinned dependency versions.

Full details in the project's AI_DEVELOPMENT.md

Ongoing Security & Maintenance

How this project stays secure and up to date — DevSecOps practices baked in

🔄

Automated Updates

Dependabot monitors three ecosystems weekly: npm packages, Terraform providers, and GitHub Actions versions. PRs are auto-created and must pass CI before merge.

🛡️

Continuous Scanning

Every push runs Trivy for IaC misconfigurations and dependency CVEs, plus gitleaks for secrets detection. Critical and high findings block deployment.

📌

Supply Chain Integrity

All GitHub Actions are pinned to full SHA (not tags). npm uses lockfiles with npm ci for reproducible builds. Trivy is version-pinned to prevent auto-update supply chain attacks.

📋

Review Cadence

Weekly: review Dependabot PRs and security alerts. Quarterly: full manual audit, credential rotation, and tooling version review. All documented in the repo's MAINTENANCE.md.

Resume

Download PDF