Developed and executed a comprehensive DevSecOps framework for a multi-microservice e-commerce application, automating processes from code to cloud on AWS.
Implemented a structured branching strategy featuring pull request-only merges, mandatory approval gates, and enforced pre-commit hooks to prevent insecure or faulty code from reaching main branches. Created secure Docker images utilizing multi-stage builds, least-privilege users, and distroless base images to minimize the attack surface and reduce image size.
Established continuous integration pipelines using GitHub Actions, incorporating automated code scanning via SonarQube, container vulnerability scanning with Trivy, unit tests, and quality gates to block vulnerable or failing builds. Configured GitOps-based continuous deployment with ArgoCD, enabling automated rollouts to development environments, manual approvals for production, health checks, and rollback strategies for zero-downtime releases.
Provisioned all AWS infrastructure using Terraform with a modular architecture, remote state management in S3, and OIDC-based authentication for keyless cloud access. Each infrastructure change undergoes tfsec security scanning and plan-based approvals to eliminate manual interventions. The entire system is fully parameterized, allowing for multi-environment creation from a single pipeline without hardcoded values.
Deployed microservices to Amazon EKS using Helm charts, with Amazon ECR serving as the container registry. Instrumented services with OpenTelemetry for distributed tracing, integrated Prometheus for metrics collection, and developed Grafana dashboards for real-time visibility. Established CloudWatch monitoring and budget alerts to track performance and costs.
The outcome is a fully automated, secure, and observable platform that ensures safe deployments, reproducible infrastructure, and enables teams to deliver with confidence.