Live Terminal

A real shell into my resume. Try help to explore.

hiren@hkpanchani.dev ~ %

Theme

Font

Size

Glow

$ neofetch

hiren@hkpanchani.dev

─────────────────────────────

OS: AWS us-west-2 (primary) + DR

Uptime:

Shell: bash + terraform + helm

WM: Kubernetes (EKS 1.27→1.36)

Packages: 44 terraform modules

CPU: 5 EKS clusters · 60+ microservices

Memory: 8 Aurora clusters · 3 Kafka

Disk: 73 S3 buckets · 160 ECR repos

Network: 5 VPCs · hub-and-spoke

Throughput: 6B+ emails/year

Type help to see available commands.

Hey, I'm Hiren Panchani

Solutions Architect — Cloud & Platform Engineering

I live in terminals and think in YAML. I architect multi-region AWS platforms, wrangle Kubernetes clusters at 3 AM, build observability stacks from scratch, and find inner peace optimizing cloud bills. My homelab has more compute than some startups. If it runs on a server, I've probably broken it and fixed it twice.

View Projects Explore Homelab Skills & Stack

0+ Years Experience

0+ Microservices

0K $/yr Saved

0+ Prod Tickets

Technical Arsenal

The tools and technologies I've battle-tested in production — not just "familiar with", but actually deployed, debugged, and scaled.

☁️

AWS Cloud

Multi-Region (Primary+DR)EKSECS FargateEC2LambdaALB/NLBAuto ScalingSpot FleetsGraviton (Arm64)Aurora GlobalMSK KafkaOpenSearchBedrockSageMakerIAMKMSSecrets ManagerSystems ManagerOrganizationsCloudFrontWAFRoute 53ACMCloudWatchCloudTrailReserved InstancesSavings Plans

⎈

Containers & Kubernetes

Kubernetes (EKS 1.27→1.36)Helm 4ArgoCD 3 (App-of-Apps)ApplicationSetsSync WavesKarpenterHPA/VPAPod Security StandardsIRSANetworkPolicyPDBsCustom Helm LibraryMulti-Tenant IsolationBlue/Green & CanaryECR Lifecycle (160+ repos)Docker BuildKitMulti-Arch (amd64+arm64)

🔧

Infrastructure as Code

Terraform (44+ modules)Remote State (S3+DynamoDB)Multi-Account WorkflowsCloudFormationHelmKustomizeSealed SecretsExternal Secrets

🔄

CI/CD & GitOps

ArgoCD 3 (App-of-Apps)GitHub ActionsSelf-Hosted Runners (Spot EKS)GitLab CI/CDGitLab CE (Self-Hosted)Helm Chart-per-ServiceDocker BuildKitMulti-Arch Images

🗄️

Databases & Data

Aurora MySQL 8.0Aurora PostgreSQL 16Blue/Green DeploymentsMajor Version UpgradesRI PlanningMongoDB Atlas (VPC-Peered)ClickHouse (Analytics+OTel)OpenSearch (k-NN, Semantic)Redis (ElastiCache)MSK Kafka (3 clusters)Metabase

📊

Observability

PrometheusGrafana (8 datasources)Loki (S3+DynamoDB)Tempo (vParquet4)OpenTelemetry SDKB3/W3C PropagationLog↔Trace CorrelationSentryJaeger Thrift40+ DashboardsClickHouse OTel SchemaAlertmanagerBlackbox ExporterPromtail

🌐

Networking & Edge

VPC Architecture (5 VPCs)Hub-and-Spoke PeeringTransit GatewayNAT Gateway TieringMulti-AZ (4 AZs)Cloudflare (DNS/WAF/Pages/Workers)OpenResty/NginxTailscale/HeadscaleAWS PrivateLinkVPC Endpoints

🛡️

Security & Compliance

SOC 2 Type I & IIISO 27001ISO 27701GDPRSprintoVantaOWASP Top 10OWASP LLM Top 10SonarQubeOWASP ZAPVaultWardenSSOReady (SAML/OIDC)IRSA Least-PrivilegeCVE Patch ManagementCert Rotation (ACM/LE/acme.sh)

🤖

AI/ML & Agentic

Amazon BedrockTitan Embed v2Claude Sonnet/Opus 4.xVector Search (OpenSearch k-NN)HNSW/FAISS (1024-dim)MCP Servers (Grafana/Jira/Odoo)AI Incident Agent (LLM+RAG)Ollama (Self-Hosted)MLOps Roadmap (MLflow/KServe)

💻

Programming & Scripting

TypeScript / Node.jsPython (Automation/SDK)BashHCLSQL (MySQL/PG/ClickHouse)YAML / Helm Templating

💰

Operations & FinOps

Cost ExplorerCompute OptimizerTrusted AdvisorRI/SP Portfolio (6-figure)Graviton MigrationSpot StrategiesCapacity PlanningRunbook AuthoringIncident Management

Impact by Numbers

Quantified outcomes from designing, building, and operating production-grade platforms.

6B+

Emails / Year

500M+ monthly throughput

~$156K

Annual Cost Saved

3 optimization cycles

840+

Prod Tickets Shipped

50+ epics, solo

Zero-Downtime Upgrades

EKS 1.27 → 1.36

Terraform Modules

Reusable IaC library

60+

Microservices

Across 5 EKS clusters

160

ECR Repositories

Lifecycle-managed

S3 Buckets

Across all environments

159

IAM Roles

Least-privilege IRSA

ACM Certificates

Auto-renewed

40+

Grafana Dashboards

8 datasources

VPCs · 4 AZs

Hub-and-spoke topology

Key Achievements

Highlights from designing, building, and operating production infrastructure at scale.

🏗️

Greenfield Multi-Region AWS Platform

Architected and built a complete multi-region, multi-environment AWS+EKS platform from scratch — 4 isolated VPCs (prod/staging/warmup/shared), hub-and-spoke topology, 4 AZs, secondary DR region with cross-region S3/ECR replication, Aurora Global Database, and Route 53 health-checked failover.

AWSEKSMulti-RegionVPCAurora Global

⎈

Kubernetes at Scale

Migrated all workloads from ECS Fargate to 5 EKS clusters on Kubernetes 1.36, with IRSA, custom Helm chart library, ArgoCD GitOps for 42 production services. Executed 9 consecutive zero-downtime EKS upgrades from 1.27 through 1.36.

KubernetesArgoCDHelmZero-Downtime

🔧

44-Module Terraform Library

Built a reusable Terraform module library of 44 AWS modules used across 4 environments — new services ship in approximately 30 lines of HCL, dramatically accelerating infrastructure provisioning.

TerraformIaCModules

📊

Full-Stack Observability from Scratch

Designed and deployed a self-hosted observability stack: kube-prometheus-stack, Loki (S3-backed), Tempo (vParquet4), Grafana with 8 datasources and 40+ dashboards, in-house OTel SDK across Node.js services. Achieved ~20% lower 3-year TCO vs commercial APM.

PrometheusGrafanaOpenTelemetryLoki

💰

~$156K/Year Cost Reduction

Led 3 optimization cycles achieving ~30% savings each ($10K→$7K, $13K→$8K, $15K→$10K/mo) via RI/SP strategies, Graviton migration, Spot instances, Aurora I/O-Optimized with Blue/Green deployments, ElastiCache right-sizing, and S3 lifecycle policies — all with zero p99 latency regression.

FinOpsGravitonCost Optimization

🤖

AI/ML in Production

Built a semantic search POC using Bedrock Titan Embeddings v2 + OpenSearch k-NN (HNSW, 1024-dim, cosine similarity 0.65–0.88) and an AI Incident Investigation Agent that returns root-cause analysis across 5 datasources in under 30 seconds — replacing 30-min to 2-hour manual triage.

BedrockVector SearchMCPRAG

🛡️

Security & Compliance Ownership

Owned platform controls for SOC 2 Type I & II, ISO 27001/27701, and GDPR compliance on Sprinto + Vanta. Deployed VaultWarden, SSOReady (SAML/OIDC), and migrated 30+ engineers from OpenVPN to Tailscale+Headscale zero-trust mesh.

SOC 2ISO 27001Zero Trust

📧

High-Throughput Email Infrastructure

Designed the full Scheduler→Composer→Sender→MTA pipeline powering 6B+ emails/year with an in-house ESP — dedicated IPs, multi-node MTA, automated DKIM/SPF/DMARC, and ClickHouse analytics for deliverability tracking.

EmailClickHouseScale

🗄️

Database Modernization at Scale

Led a company-wide MySQL 5.7→8.0 Aurora upgrade with query compatibility verification, Blue/Green cutover, and read-replica validation. Migrated to Graviton (db.r6g) for ~20% better price-performance. Added Aurora PostgreSQL 16 clusters for new services — managing 8 Aurora clusters total.

AuroraBlue/GreenGravitonPostgreSQL

📦

Bulk Data Ingestion Pipeline

Designed S3→Python decompressor→MongoDB+OpenSearch ingestion for monthly bulk lead/company datasets. Containerized on EKS with IRSA-scoped secrets from S3, handling terabytes of data imports reliably.

S3MongoDBOpenSearchEKS

🔊

Lambda → EKS Worker Migration

Replaced an AWS Lambda + ffmpeg layer with an EKS-based S3→SQS→worker pattern (Node.js + ffmpeg in Docker), shipped via Helm with IRSA. Cut per-job cost while eliminating the 15-minute Lambda timeout ceiling.

LambdaSQSEKSffmpeg

🏛️

Cloud Transformation (5,000+ Users)

Led cloud/DevOps transformation for an institution supporting 5,000+ users — lift-and-shift from Proxmox VMs to AWS, built Jenkins+SonarQube developer platform, deployed Canvas LMS and GitLab CE, and implemented enterprise network security with pfSense/Sophos for the campus network.

AWS MigrationJenkinsDockerNetworking