Experience

Case Studies

• Kuvio | (kuvio.io): Case study
• Allure TestOps Cloud | (qameta.io): Case study

Experience

Allure TestOps Cloud (Lead Consultant)

via FivexL · May 2025 – Present

• Architected a dedicated single-tenant AWS environment for an enterprise client by migrating the platform from EKS/ArgoCD/Vault to ECS/Terraform/Secrets Manager in a separate AWS account, with isolated VPC resources, PrivateLink-based connectivity, and tenant-id cost-allocation tagging to improve security, operational independence, and cost attribution.
• Standardized infrastructure management across a multi-account AWS organization by bringing every account under Terraform and CI/CD, enabling automated rollout of SOC 2 / Vanta controls, including password policies, monitoring, DynamoDB point-in-time recovery, and Lambda and queue alerting.
• Led migration of the company’s AWS infrastructure from GitLab to GitHub, redesigning Terraform state management around S3 and DynamoDB, implementing OIDC-based GitHub Actions, reconciling manual drift, and leaving production fully codified in Terraform.

Kuvio

Senior Platform / DevOps Engineer via FivexL · Jul 2023 – Mar 2026 · Part-time · Retainer agreement · 1 day/week

Case study: Kuvio Retainer Case Study

• Cut analytics and observability spend by disabling low-value Glue job metrics, surfacing ExportFromDDBToS3 and OptimizationJobRun as major cost drivers, and tuning CDC compaction; reduced CloudWatch custom-metric spend by ~$390/month, and Glue spend fell by ~$1.6K/month after ExportFromDDBToS3 was retired.
• Improved release safety and developer velocity by protecting the main branch in the API repo, requiring maintainer approval for merges, and creating an api-dev environment for branch-based deployments.
• Traced 99% of 11.5M weekly KMS Decrypt events to a full-scan Athena pattern in a data-ingestion batch job and drove the fix, reducing combined KMS + S3 spend from ~$1,620/month to near zero.
• Stabilized database-backed ECS and Lambda workloads by instrumenting PGAPPNAME, tracing connection spikes to Knex pool behavior, applying pool-level mitigations, and rolling out RDS Proxy plus a read replica; recurring connection-spike incidents stopped after the fix sequence.
• Diagnosed intermittent missing-order and 502 incidents by tracing requests end-to-end across ALB, Envoy, ECS, and data-stream conversion logs; isolated routing gaps and schema-conversion failures that informed production fixes and cutover decisions.
• Evaluated a PostgreSQL-to-DynamoDB migration by analyzing schema, access patterns, and cost tradeoffs, and used Contributor Insights plus throttling metrics to identify hot partitions behind intermittent ~1-second reads.
• Planned rollback-safe cutover from legacy to new AWS infrastructure, validated API traffic switching, and decommissioned old RDS, NAT/ALB/EC2 resources, snapshots, backups, and CI pipelines; reduced AWS spend from ~$9.5K/month to ~$7.7K/month.
• Reduced AWS governance, logging, and backup spend by tuning AWS Config, S3 access-log retention, and backup strategy; cut AWS Config from ~$157/month to ~$10/month, S3 access-log cost from ~$510/month to ~$112/month, and backup spend from ~$5.2K/month to ~$3.9K/month.
• Modernized AWS infrastructure and delivery pipelines by standardizing Terraform and shared modules, importing unmanaged resources into state, upgrading deprecated providers and modules, and migrating GitLab CI from legacy JWT to OIDC.
• Strengthened multi-account AWS governance by enabling GuardDuty runtime monitoring, IAM Access Analyzer, SCP guardrails, updated TLS policies, and cost-aware AWS Config controls in newer accounts.
• Redesigned Athena/S3 analytics around Iceberg, better partitioning, and file compaction; cut S3 spend by ~$2.0K/month, lowered a core dataset from ~$1.8K/month to ~$60/month, and improved a representative query from 18.4s to 1.6s.
• Built custom observability for Athena/S3 workloads by collecting query-execution metadata and access-log analysis into usable cost diagnostics, exposing the scan patterns driving spend and creating the measurement layer for later Iceberg optimizations.
• Established baseline AWS cost governance by implementing cost-allocation tags, resource-level cost visibility, S3 Storage Lens, and budget/anomaly alerts, giving the business clear visibility into cloud spend and where to prioritize savings efforts.

industrialmatrix.com

Cloud Engineering Specialist via FivexL · Jun 2025 – Aug 2025 · Support through Nov 2025

• Delivered FivexL’s Blueprint for AWS ECS for industrialmatrix.com by containerizing 3 services, setting up ECR and ECS deployment pipelines, provisioning required S3, SQS, and DynamoDB resources, and documenting AWS access and service-health workflows for the client team.
• Built multi-environment delivery for the application stack by fixing the frontend, hosting it on S3 and CloudFront, configuring CI/CD for dev, stage, and prod with environment-specific settings, and adapting the PHP/Nginx runtime for ECS.
• Improved security and operability by guiding the move from static AWS credentials to IAM-based authentication, configuring VPN-backed database access and cross-account security group sharing, enabling ECS Exec, provisioning ElastiCache, and supporting developers with debugging and deployment workflows.

Blueprint for AWS ECS development

Internal product development at FivexL · Mar 2025 – May 2025

• Built a Terraform-driven demo environment for the FivexL ECS baseline on AWS, standing up ECS/Fargate services, networking, service discovery, and ingress for a multi-service application.
• Implemented synthetic health checks and Better Stack monitoring for the demo application, including evaluation of Playwright-based browser checks to catch session-level failures that basic HTTP and keyword monitoring missed.
• Built observability for the demo stack with Amazon Managed Service for Prometheus (AMP) and AWS Distro for OpenTelemetry (ADOT), wiring ECS telemetry into a Prometheus-compatible pipeline for dashboards and operational visibility.

RightStart

Internal product development at FivexL · Feb 2024 – May 2024

Worked on FivexL’s RightStart, a productized AWS foundation for startups.

• Built and validated an automated account-baseline MVP for FivexL RightStart using AWS Control Tower Account Factory Customization, Service Catalog, and CloudFormation; evaluated Control Tower customization patterns and recommended AFT for repeatable multi-account delivery.
• Validated RightStart security and audit controls in a four-account demo environment by implementing SCPs that blocked organization exit and GuardDuty disablement and building a standardized Athena/Glue audit layer for S3 access logs with date-based partitioning.
• Automated cross-account networking and VPN setup by extending RightStart tooling to propagate VPC and subnet metadata to workload accounts, remove hardcoded VPC IDs, and eliminate manual certificate-validation and SAML metadata-sharing steps.

Allure TestOps Cloud (Consultant)

via FivexL · Jun 2021 – 2024

Case study: Allure TestOps Cloud Case Study

One of two FivexL consultants on the AWS rollout of Allure TestOps Cloud, the SaaS version of Qameta’s on-prem test management platform.

• Integrated monitoring and alerting across AWS Managed Grafana, BetterUptime, Prometheus, and CloudWatch during Stage 2 of the rollout, strengthening operational visibility and reducing incident risk as usage scaled.
• Built an improved API for managing client environments and operated the Argo/Crossplane control plane, including recovery from failure paths that left resources stuck in deletion.
• Diagnosed and mitigated reliability issues across EKS, Aurora, and observability components, tracing recurring incidents to node NotReady evictions, a faulty metrics collector behind Aurora spikes affecting 2-5 client environments, and a Datadog agent OOM.
• Defined an AWS infrastructure improvement roadmap spanning Terraform CI/CD, IAM and Secrets Manager access, Cloudflare as code, cross-AZ resilience, cost-allocation tagging, Reserved Instances / Savings Plans review, and S3 lifecycle cleanup.
• Transferred AWS infrastructure knowledge and operating practices to Qameta’s new infra lead, including permission-management guidance and recommendations around RightStart.

Georgievsk Social Service Center

System Administrator · Jul 2018 – Jul 2021 · Full-time

• Managed day-to-day system maintenance, software updates, and user support to keep operations running reliably.
• Helped roll out new technology systems and supported staff training while maintaining data security and compliance requirements.

Certifications

Open Source Contributions

• terraform-aws-sso-elevator - Terraform-based solution for just-in-time privilege escalation in AWS via SSO and Slack Bot, eliminating standing access by granting temporary permissions on demand and aligning with least-privilege security practices. (blog post).
• terraform-aws-s3-access-logs-athena-table - Terraform module that creates an AWS Glue table designed specifically for querying Amazon S3 server access logs in the date-based partitioning format (optimizes query price and performance) (blog post).
• terraform-aws-glue-catalog-table - Terraform module for creating an AWS Glue catalog table.
• aws-eni-tagger - Adds meaningful tags to your AWS Elastic Network Interfaces.
• aws-eni-identifier - Identifies which AWS service a network interface is associated with.
• terraform-aws-ecs-events-to-slack - Amazon EventBridge rules that fetch ECS events and send them to Slack.

Public Activity

AWS Community Day - Central Asia May 25, 2024

Title: Athena Best Practices and Beyond: The story of S3 bucket cost
Description: In this session, I will share best practices for using Athena and how we reduced our S3 costs by 96%.