Syed Waqar Ali Shah
Design
Sindh, Pakistan
Skills
Cloud Computing
About
The candidate's skills align with Consultants and Specialists (Information and Communication Technology). The candidate also has skills associated with System Developers and Analysts (Information and Communication Technology). The candidate has 8 years of work experience, with 3 years of management experience, including a mid-level position.
View more
Work Experience
Cloud Platform Engineer
Telenor Microfinance Bank
March 2024 - Present
- Telenor Microfinance Bank Mar 2024 - Present (4 months) Cloud Platform Engineer Islamabad, Pakistan 1. Enhance our cloud capability by creating and implementing cloud application patterns. 2. Develop and implement ways to move apps and workloads to the cloud. 3. Work closely with business leads and product owners to understand solution requirements and identify architectural patterns. 4. Write and develop cloud automation playbooks for managing and scaling containers, hosts, cloud services, and applications. 5. Monitor compliance of cloud resources to see if they fit industry guardrails and best practices. 6. Help other development and engineering teams resolve application to platform integration issues for Platform as a Service (PaaS) and Infrastructure as a Service (IaaS) services. 7. Research and propose solutions for AWS data transformation, data connections, operational frameworks, and application integration. 8. Work closely with lead architects and engineers to create and maintain architectural templates and build/operational documents. 9. Work with DevOps and engineering teams to develop service catalogs. 10. Installation, configuration and administration of Kubernetes platform. 11. Ensure Production Uptime 12. Troubleshoot issues & outages. 13. Participation in 24*7 on-call support. 14. Ensure deployment, monitoring & patching on public and private clouds workload. 15. Support Infrastructure deployment models including Public & Private Cloud 16. Management of Converged Infrastructure 17. Managing Workloads 18. Providing Level-2 & level-3 support 19. Ensure provisioning of workloads as per business needs 20. Follow change and configuration management process. 21. Manage Wintel & Linux Platforms over public and private cloud. 22. Facilitate in establishing public and private Cloud for Organization 23. Administration & Troubleshooting for Operating System & Hypervisor 24. Interdepartmental coordination to ensure IT Governance & IS Policies 25. Incumbent shall be responsible to adhere by Telenor Microfinance Bank Behaviours (Be Respectful, Keep Promises, Always Explore and Create Together) in all aspects of his/her work conduct. 26. Manage AWS cloud security.
AWS & GCP Solution Architect / DevOps Engineer
Sherdil Cloud
January 2022 - February 2024
- Sherdil Cloud Jan 2022 - Feb 2024 (2.1 years) AWS & GCP Solution Architect / DevOps Engineer Karachi, Pakistan I have been working here since 2022 and working on a lot of projects on-site and freelance which I have done as a cloud engineer Solution architect. and I am looking for a better opportunity to move on in my future career.
Jenkins Pipeline
July 2023 - August 2023
- Company: Client Tools: Jenkins Creating Compute Engine Machine and install Jenkins init creating Pipeline for testing environment.
Ypay
April 2023 - July 2023
- Company: Ypay Tools: GCP Compute Engine, GCP App Engine, GCP VPC, GCP SQL, GCP Cloud operations/Stack Driver Migration AWS to GCP Creating GCP Compute Engine machine of Dev, Prod, and Pre-prod environment. Creating GCP VPC and defining different subnets of different regions Public and Private. Creating GCP SQL database of Dev, Pre-prod, and Prod environment. Checking GCP Cloud operations/Stack Driver for monitoring the machine. Creating a Pipeline of All three environments using Jenkins and connecting it to Github.
Cloud Architect
March 2018 - April 2023
- (5.1 years) I'm experienced in setting up and managing Cloud-based infrastructure along with implementing DevOps best practices for applications. At Etisalcom, my responsibilities are as mentioned below Configuration & troubleshooting of multiple AWS services Non-Cloud Projects Managing more than 1100 Machines on the AWS Platform. Working on AWS VPC, EC2, System manager, Workspaces, Cloud front, S3, Cloud formation. AWS SQSElastic Beanstalk, Route53, Workspaces, Storage Gateway, and Cloud watch for monitoring Working on Pivotal Cloud Foundry (PCF) based on AWS. Working on Splunk & Data-dog for metrics monitoring. Provide Security of SonicWALL NSA220, 240 & 250. Work on SIEM IDS & IPS. Perform penetration testing from inside & outside as per company requirements. Provide Audit & event logs to the audit dept. in case of disaster Manage Synology based NAS using DPM & NAS FS Manage Amazon based AWS IAAS, VPC, EC2, Cloud Formation & Workspaces, ELB, S3 Manage TP Link-based Load Balancing and all Intranet issues SonicWALL & Sonic points Ruckus Wireless Infrastructure Good Hands-on experience on Terraform for IAC (Infrastructure as Code) Basic hands-on experience with Ansible for Configuration management, Subline & Visual Studio Code. Multi-cloud Projects AWS Cloud security including VPC, SDN & SDDC, EC2. Good experience with AWS Cloud Formation & AWS CLI GCP Cloud shell, Cloud SDK, App engine & GKE Working on CICD using AWS Code star & code deploy. Cloud formation with nested stack deployment AWS Cloudwatch Tools: AWS Cloudwatch in this freelance project, I created a billing Alarm that should alert you over Email & SMS once the desired value is reached. And create a dashboard in it AWS S3 Tools: AWS S3 Create a bucket with default encryption, enable object-level versioning with public access, and upload 3 versions of the text file, version 1 should be on S3 standard, version 2 should exist on Standard-IA, and version 3 should exist on RRS. AWS Cloud front Tools: AWS Cloud front Deploy a static website using an S3 bucket and create a distribution using the cloud front. AWS VPC Tools: AWS VPC Create a high availability VPC with 2 AZs along with 4 subnets Create a multi-Az virtual private cloud using CLI. AWS EC2 Tools: AWS EC2 Launch a Bastion host and install IIS server in a private window VM. Create 1 EC2 Machine that can communicate directly to AWS S3 without going to the Internet. Create 1 EC2 Machine on 1 VPC and another Vm on another VPC and then access Vm2 from Vm1 AWS Load Balancer & AWS Auto Scaling Tools: AWS Load Balancer & AWS Auto Scaling Launch a website in such a manner that if we refresh a DNS, it shows the IIS server and WordPress server sequentially. Create 1 EC2 Machine and enable IIS server then create AMI of that VM then again launch VM but this time it will be configured through Autoscaling and will be in private VM then open it through ALB DNS Endpoint. AWS Route53 Tools: AWS Route53 Create DNS for the Above ALB Endpoint. AWS Lambda & Event Bridge Tools: AWS Lambda & Event Bridge Create a lambda function to start, restart, stop an ec2 instance. Schedule that event through Cron Job Expression. Create a lambda function that performs the following task: When we upload a file on s3 then its metadata should be stored in DynamoDB. Create a lambda function to create automated snapshot using existing volume via lambda function Existing role. Create an IAM role that will help to invoke Lambda Function. AWS SNS and SQS Tools: AWS SNS and SQS In this project, you have to create a CloudWatch alarm that publishes a message to an SNS topic when triggered. The alarm state is based on a custom metric filter generated from a CloudWatch log group. You also need to test the metric filter if it correctly filters the logs based on the criteria below: 1. Create an SNS topic and give the name td-instance-alarms. 2. Create an email subscription to the topic using your email address 3. Create a log group name its td-instance-logs and configure the log group to retain logs for 3 days. 4. Create a metric filter using the td-instance-logs log group and name it td-instance-HTTP-5xx-metric. Create a filter pattern that monitors all of the HTTP 500-level errors and names its td-instance-HTTP-5xx-filter. 5. Create an alarm using the custom metric filter you just created. Set the metric name to td-instance-HTTP-5xx-sum. 6. Configure the alarm to evaluate every minute and set the total threshold to greater than 5. Then, set the alarm threshold to 3 units. 7. Publish a message to the td-instance-alarms topic when the ALARM state is triggered. Set the alarm name to td-instance-5xx-alarm. AWS Dynamo DB Tools: AWS Dynamo DB In this project, you need to create a DynamoDB table along with the mentioned steps: Create a Primary key (String) & Sort keys (Number) Set Write & Read Capacity unit to 6 Create a local secondary index Create a backup of the entire table AWS RDS Tools: AWS RDS We have to create a Private relational database and connect it using Any DB Client. AWS Elastic Beanstalk Tools: AWS Elastic Beanstalk Deploy the PHP application in Elastic Beanstalk then update its code from the Application Folder for my freelance client. AWS LightSail Tools: AWS LightSail Make a custom IAM Policy for AWS LightSail that a client can only access to their own instances & make some changes in it (i.e., Add rules). But make sure that clients do not make any changes to port or delete other LightSail instances. AWS Workspace and AD Tools: AWS Workspace and AD We need to create & configure Windows 10 & CentOS Linux-based AWS workspaces with AWS-managed Active directory. Once AD is configured, link it with AWS workspace & log in using web UI & workspace Client. You have to install the AWS workspace client using this link. AWS SES Tools: AWS SES Create a simple email service with your mail, set the bounce and limit and configure it with a simple notification service. Workmail and Workdocs Tools: Workmail and Workdocs In this scenario, create Aws work mail and integrate it with Gmail/outlook and migrate from Gmail/outlook to Aws Work Mail. Integrate Work Mail with work doc. Dockers Tools: Dockers In this project First, create a Linux instance, install docker in it, create a docker container with a Linux standard image, change content in ngix.html, and push it on the docker hub. Jenkins Tools: Jenkins Create a Linux instance, install docker, create a docker container, and install Jenkins in it. In this project pull the nginx image in a docker container, build a docker image using the Jenkins pipeline, and push it to Aws ECR. Integrate Jenkins with email Zabbix Tools: Zabbix Creating Zabbix Dashboard using linux. Prometheus and Grafana Tools: Prometheus and Grafana Install monitoring Tool of Grafana and Prometheus, and create their dashboard.
Architect with Github
GCP
January 2023 - March 2023
- Creating GCP VPC of 2 public subnets and 2 private subnets with different regions. Creating GCP Compute Engine Machine of 2 environments and configuring it. Creating GCP SQL database separate database of each machine and make private and restricted it of specific IPs. Creating Logging Operations for monitoring the machine's CPU utilization and performance. Creating Github Piline for pushing code from Github.
Github Pipeline for AWS
November 2022 - December 2022
- Tools: Github Pipeline Creating Github pipeline of existing GCP architecture of 2 machines and code push from GitHub to GCP Compute engine. Creating workflow file for pushing the code Git Hub to GCP Compute Engine. Set the file and script. AWS Workspaces Deployment & migration May 2022 - Jun 2022 (1 month) Tools: AWS Workspaces, VPC, AD Client issue We use Amazon Workspaces for a number of our employees. We need to access a system that requires our IP address to be whitelisted. However, all our Workspaces are getting different public IP addresses. We need all Workspaces to share a single public IP address. I have already set up a NAT Gateway and assigned an elastic IP, but I have not been able to successfully replace the Internet Gateway (default) with the NAT Gateway. I changed the routes manually, but all Workspaces lost internet connectivity. This should be a quick and easy job for anyone familiar with AWS networking and VPCs How we resolved We created & reconfigured multiple AWS resources under 4 services as mentioned below; Created a Private route table in existing VPC Created & configured 2 x Private subnets under VPC Attached existing NAT gateway with a private route table Added a NAt GW route in the newly created private route table Created a new created Simple Directory on Private Subnet Created an existing workspace snapshot Deploy that custom snapshot on private directory & subnet Created a custom image workspace on private subnet using PCOIP protocol AWS Infrastructure for Web Application Mar 2022 - Apr 2022 (1 month) Requirement: AWS Infrastructure for Four Machines - Production, UAT, Database, and Fileserver, with different instance types and OS High Availability for all the Machines Backups Setup Health Monitoring and Alarms on SMS and Email AWS Infrastructure Custom VPC with 1 Public Subnet as NAT and 2 Private Subnets in two AZs for VMs Four Instances on EC2 with given types - c5a.large, t2.small, t2.xlarge, and t2.2xlarge with associated EIP Classic Load Balancer on the two AZs and Auto-Scaling for all the instances Cloud Watch - CPU Utilization Metric > 70% to trigger SNS topic
Deploy Google VPC & GCE
January 2022 - March 2022
- Used Google Cloud Shell & cloud SDK to deploy multi-region VPC network with Google Compute Engine
TLS/SLL
October 2021 - November 2021
- certificate using ACM & ELB Oct 2021 - Nov 2021 (1 month) Amazon Certificate Manager is recommended to use with ELB & WAF. we created an SSL-based certificate along with a certificate chain & linked it with ACM that used with ELB for encryption. Configure AWS Cognito for SSO using Domain active directory federated Sep 2021 - Oct 2021 (1 month) services & IAM Role In this project, we deployed Active Federated Services (ADFS) with IAM & AWS Cognito for application-level SSO. Created claim rules in ADFS, groups in Domain controller & using scheme XML files, we configured AWS Cognito in order to authorize AD users in AWS using IAM roles. Roles were the same as AD groups. Deploy Whole AWS VPC using multiple Subnets in different availability zones Jun 2021 - Sep 2021 (3 months) In this project, we started with infrastructure requirements & capacity planning for 3 years of scalability. This VPC was created to handle more than 100+ EC2 Machines & 10 RDS. After that created & configured a Virtual private cloud which included; VPC with /16 CIDR block 4 Public & 4 private subnets in separate Availability zones in order to provide HA Main & custom route table with contiguous routes includes IGW & NATGW route Internet Gateway & NAT gateway configuration with appropriate route tables
Production Manager / Production Officer
Metro Milan Agarbatti
January 2017 - December 2019
- Projects AWS Failover Routing (Client) Load balancer, Autoscaling, Failover routing Jenkins Pipeline (Client) Jenkins AWS to GCP Migration (Ypay) GCP Compute Engine, GCP App Engine, GCP VPC, GCP SQL, GCP Cloud operations/Stack Driver GCP 3 tier Architect with Github pipeline Github Pipeline for AWS Github Pipeline AWS Workspaces Deployment & migration AWS Infrastructure for Web Application Deploy Google VPC & GCE using Cloud shell Working with TLS/SLL certificate using ACM & ELB Configure AWS Cognito for SSO using Domain active directory federated services & IAM Role Deploy Whole AWS VPC using multiple Subnets in different availability zones Cloud Architect AWS Cloudwatch AWS Cloudwatch AWS S3 AWS S3 AWS Cloud front AWS Cloud front AWS VPC AWS VPC AWS EC2 AWS EC2 AWS Load Balancer & AWS Auto Scaling AWS Load Balancer & AWS Auto Scaling AWS Route53 AWS Route53 AWS Lambda & Event Bridge AWS Lambda & Event Bridge AWS SNS and SQS AWS SNS and SQS AWS Dynamo DB AWS Dynamo DB AWS RDS AWS RDS AWS Elastic Beanstalk AWS Elastic Beanstalk AWS LightSail AWS LightSail AWS Workspace and AD AWS Workspace and AD AWS SES AWS SES Workmail and Workdocs Workmail and Workdocs Dockers Dockers Jenkins Jenkins Zabbix Zabbix Prometheus and Grafana Prometheus and Grafana Metro Milan Agarbatti Jan 2017 - Dec 2019 (2.9 years) Production Manager / Production Officer Karachi, Pakistan i am working here as a production manager. ? Projects AWS Failover Routing Dec 2023 - Jan 2024 (1 month) Company: Client Tools: Load balancer, Autoscaling, Failover routing Creating 2 different infrastructures with different applications in high-availability zones. Creating Failover routing Primary and Secondary. If the primary is down then Failover serves the traffic to the secondary and if the secondary is down then the primary serves the traffic. Both the domain records are working properly.