My Journey to Cloud & DevOps: Tackling the Cloud Resume Challenge

Introduction

My name is Merlin Saha, and I'm an experienced software developer into the exciting world of Cloud Architecture and DevOps Engineering. This blog post chronicles my journey, from my initial interest in Google Cloud to building a robust cloud resume showcasing my newfound skills and Multicloud Architect Certifed.

My journey has been anything but conventional

- I worked as a motorcycle taxi driver to found my IT course and Bachelor in Software Engineering.

These challenges instilled in me the perseverance and resourcefulness that now fuel my cloud journey.

The Spark: Discovering Cloud Architecture

Despide my first use of Google cloud in 2015 ant get my first MOOC Collections certificates on OnpenClassroom named Deploy your Java applications on the Google Cloud (Use Saha as name). While working as a Full-stack Software Engineer in 2021, I started develop great solutions with Google Cloud Platform(GCP). This experience ignited a desire to explore cloud architecture further. With limited knowledge, I embarked on a learning quest, starting with Coursera specializations "Architecting with Google Compute Engine" and "Developing Applications with Google Cloud."

Building a Strong Foundation

My learning extended to Google Cloud certifications, including the Cloud Engineer Professional Certificate, Cloud Architect Professional Certificate and Cloud DevOps Engineer Professional Certificate. I actively participated in Google Cloud Skills Boost to solidify my understanding of theoretical concepts and Practices. However, I yearned for practical experience with the real world project that i can share with the Cloud World.

Taking Initiative: Personal Projects and Real-World Challenges

To bridge the gap, I embarked on personal projects leveraging Google Cloud services. I built a 3-tier highly available application, further fueling my desire to showcase my skills to the world. This led me to Enter The Cloud Resume Challenge by Forrest Brazeal, an opportunity to demonstrate my capabilities as a certified GCP professional.

The Road is not Easy, with plenty of obstacles, but we must continue!

The Cloud Resume Challenge: A Proving Ground

The challenge resonated deeply. Here was a chance to showcase my expertise in cloud solutions and configurations, not just certifications. The challenge involved building a cloud-hosted resume utilizing serverless computing and DevOps practices.

The Challenge Breakdown:

• Building a Serverless Web App: The core challenge involves constructing a complete web application for your resume. Here, you'll leverage the power of serverless computing, eliminating the need to manage physical servers.

• Visitor Counter Integration: Spice things up by incorporating a visitor counter! This not only adds functionality but demonstrates your ability to integrate different components within the cloud environment.

• Cloud Certification Power Up: The challenge strongly recommends obtaining a cloud certification to solidify your foundational knowledge. This certification serves as a valuable credential for potential employers.

But Wait, There's More!

The Cloud Resume Challenge doesn't stop there. It offers a variety of "mod tracks" to expand your project and further hone your skills:

• Security Savvy: Delve into the world of cloud security practices, learning how to safeguard your application and data.

• DevOps Disciple: Embrace the DevOps philosophy by integrating continuous integration and continuous delivery (CI/CD) into your workflow, streamlining the development and deployment process.

Now that you're armed with this knowledge, it's time to move In the next part.

Cloud Resume Challenge: A Head Start with Certifications

But what if you already have a solid foundation in cloud technologies? Here's where your existing certifications can be a game-changer!

Fortunately, as we saw, before embarking on the challenge, I had already secured some key certifications:

• Google Cloud Certified Professional Cloud DevOps Engineer.

• Google Cloud Certified Professional Cloud Architect.

• Google Cloud Certified Associate Cloud Engineer

• Terraform Certified Associate 003.

These certifications not only bolstered my confidence for the challenge but to verify the necessary skills to excel in a Cloud Architecture and DevOps Engineering roles.

Let's Dive Deep: The Technical Backbone of Cloud Resume Challenge

We've talked about the challenge and my prep, but now it's time to unveil the real star of the show: the technical architecture behind my cloud resume! Buckle up, because we're about to get geeky.

Foundation: Multiple Projects for Multi-Stage Deployments with DevOps Practices

The Cloud Resume Challenge emphasizes best practices like utilizing separate environments for development, testing, and production. This perfectly aligns with the "DevOps Mod: All The World's A Stage" concept. However, I took the approach a step further by incorporating Workload Identity Federation for enhanced security.

Multi-Project Setup:

• Dedicated Project per Environment: Adhering to the Mod's recommendation, I created separate Google Cloud projects for each environment (Dev, QA, UAT, Prod) within our four-environment organization. This ensures isolated testing and resource management for each stage.

Workload Identity Federation Integration:

• Shared Workload Identity Project: Instead of a shared test project, I utilized a single Workload Identity Federation project. This project acts as a central hub, authenticating service accounts across all environment-specific projects.

• Secure Access for Workloads: Workload Identity Federation grants service accounts within each environment project the necessary permissions to access resources in that specific projects.

By embracing multi-environment deployments, I not only enhanced the robustness of my Cloud Resume but also improved my understanding of DevOps best practices as highlighted in the "DevOps Mod."

Embracing Automation: Cloud Resume Goes All In with DevOps Practices

The Cloud Resume Challenge doesn't stop at building a cool web application; it's also about showcasing your expertise in DevOps practices. Here's how I incorporated automation into my Cloud Resume project, exceeding the basic challenge requirements and aligning with the "DevOps Mod: Automation Nation."

Infrastructure as Code (IaC) CI/CD:

1. IaC GCP Foundation Provisioning: This dedicated pipeline utilizes GitHub Actions, Terraform Cloud, and Workload Identity to automate the provisioning of core GCP Folders, Projects and a shared Workload Identity project.

   

2. IaC GCP Projects Provisioning: Separate dedicated GitHub and Terraform for Dev, QA, UAT, and Prod workspaces, handle the creation and configuration of environment-specific projects using Terraform Cloud Workspaces. This ensures isolated environments while enabling controlled cross-environment access.

   

Backend and Frontend Deployment CI/CD:

1. Frontend Project (Cloud Storage Deployment): A separate GitHub project holds the HTML/CSS/JS code for my resume website. This pipeline, powered by GitHub Actions and Workload Identity, automates the deployment of website files to Cloud Storage, along with clearing the CDN cache.

   

2. Backend Project (Python Cloud Function API): A dedicated GitHub project houses the Python code for my backend API. This pipeline leverages GitHub Actions and Workload Identity to automate the CI/CD process for the API.

By embracing automation and exceeding the challenge requirements, This, align with the "DevOps Mod: Automation Nation."

Solutions Approach and Project Resource Breakdown

This breakdown organizes the resources used in our Cloud Resume project by component and its role:

1. Frontend:

   • HTML5, CSS3: Write a simple HTML code with CSS and add a popup Modal to give more details in project Design section.

   • Cloud Storage: Hosting Static Website content on Google Cloud Storage (Multi-region bucket), managing bucket creation, versioning, and public access configs.

   • Content Delivery Network (CDN):

     • Primary CDN: Cloudflare (Provides rate limiting for Cloud Storage)

     • Secondary CDN: Google Cloud CDN Interconnect (Optimizes connectivity with Cloudflare)

   • Domain Name System (DNS):

     • DNS Provider: Cloud DNS

     • Security: DNSSEC

   • Cloud External HTTPS Load Balancer

Resume url : https://sm-resume.microworka.com/

2. Backend Technologies:

   • Firestore Datastore Mode: Database to stores visitor count

   • Cloud Function (2nd Generation): Python 3.12 function to save visitor cloud to Database

   • Google Cloud API Gateway: Used to save visitor count and restricts access)

   • Google API Service API Keys Credentials: Restrict access to resume API Gateway URL

3. Bridging the Gap: Frontend and Backend Integration in Your Cloud Resume

   Your Cloud Resume project seamlessly connects the frontend and backend, demonstrating your grasp of web development concepts.

   • Javascript: leveraging communication witn frontend and backend

   • Cypress: Tool for running smoke tests

This combined approach, leveraging Javascript for communication witn frontend and backend and Cypress for testing, establishes a robust and well-tested connection between your Cloud Resume's frontend and backend, ensuring a flawless user experience.

4. Security: Essential Services and Best Practices used

   In today's digital landscape, securing your cloud environment is paramount. For our Cloud Resume, we take security very seriously. This dives into the essential services and best practices we leverage to build a robust and secure it.

   Core Security Services:

   • Guarding Against Misconfigurations: Checkov, a policy-as-code tool, continuously scans our infrastructure configurations for security vulnerabilities. By proactively identifying misconfigurations, we prevent security weaknesses before deployment.

   • Proactive Web App Security: Google Cloud Web Security Scanner plays a vital role in safeguarding our web applications. It actively hunts for security vulnerabilities, allowing us to address them before malicious actors can exploit them.

   • Centralized Security Command Center: Maintaining a holistic view of our GCP security posture is crucial. Google Cloud Command Security Center offers a unified platform that aggregates findings from various security tools. This centralized view empowers us to prioritize and efficiently remediate security threats.

   • Granular Access Control with IAM: Identity and Access Management (IAM) is the cornerstone of access control in GCP. IAM allows us to define user groups, service accounts, and their specific permissions for various GCP resources. This ensures only authorized entities can access resources, and only with the necessary permissions (read, write, etc.).

   • DNSSEC: Tamper-Proof DNS: Domain Name System Security Extensions (DNSSEC) adds a crucial layer of security to our DNS infrastructure. By cryptographically authenticating DNS records, DNSSEC safeguards against DNS spoofing attempts.

   • Seamless SSL/TLS Management: For secure communication between web applications and users, we rely on Certificate Manager. This service simplifies the process of issuing and managing SSL/TLS certificates for our GCP resources.

   • Simplified Workload Identity Management: The Centralized Workload Identity Federation Project streamlines how workloads running on GCP authenticate to external services. This eliminates the need to manage individual credentials for each workload, enhancing security and manageability.

   • Cloud Storage with Granular Access: Cloud Storage bucket policies provide granular control over access to data stored in Google Cloud Storage. These policies define who can access a bucket and what actions they can perform, ensuring sensitive data remains protected.

     

Least Privilege:

A fundamental security principle we adhere to is the principle of least privilege. This means all service accounts used by our services are granted only the minimum set of permissions required to fulfill their designated tasks. This minimizes the potential attack surface and reduces the risk of unauthorized access in case of a compromised service account.

5. Automating Cloud Resume: CI/CD and IaC

   • Continuous Integration/Continuous Deployment (CI/CD): Implemented GitHub Actions for automated testing (Cypress), build, and deployment processes across multiple environments (dev, QA, UAT, prod).

   • Infrastructure as Code (IaC): Utilized Terraform and Terraform Cloud for provisioning and managing GCP resources ans state, including projects, networking, security, and IAM configurations, with separate workspaces for each environment.

Taking Cloud Resume project and treating it as an enterprise-level project to improve skills and experience can be Good to prepare your selve to potential challenge!

6. Keeping an Eye on Your Cloud Resume: Monitoring and Alerting

   A crucial aspect of any well-managed cloud application is monitoring. Your Cloud Resume project demonstrates an understanding of this concept by incorporating three key tools:

   • Cloud Monitoring: Acts as a vigilant guardian, providing real-time insights into the health and performance of your Cloud Resume infrastructure, defining Health Checks, SLOs tracked API Gateway, Cloud Storage network latencies, and uptime, allowing to identify areas for cost optimization.

   • Cloud Logging: Acts as the digital diary, recording all events and logs generated by your application.

   • PagerDuty: Serves as the alarm system. It integrates with Cloud Monitoring and triggers alerts when predefined thresholds are breached.

7. Bonus: Generative AI and Appointement

   By incorporating a conversational AI chatbot and appointment scheduling, my Cloud Resume goes beyond the traditional format, offering a more engaging and interactive experience for potential employers. This demonstrates willingness to embrace cutting-edge technologies and ability to leverage them to create a truly unique and effective resume.

   • Conversational AI with Dialogflow CX: Users can interact with the chatbot by asking questions about experience, skills, or certifications listed on your resume.

   • Appointment Scheduling with Google Calendar: Eliminates the need for back-and-forth emails or phone calls to schedule interviews, making the process more convenient for both me and the employer.

8. High Availability: Multi-region Cloud Storage buckets, Cloud CDN, HTTPS, and an external load balancer ensured resilience.

9. Security: Cloud Armor was initially considered, but Cloudflare was ultimately chosen for its rate limiting capabilities on Cloud Storage. Workload Identity Federation and IAM with least privilege access controls further bolstered security.

Aligning with the Google Cloud Architecture Framework

The Google Cloud Architecture Framework provides recommendations and best practices to help architects, developers, administrators, and other cloud professionals design and operate a secure, efficient, resilient, high-performance, and cost-effective cloud topology.

• System Design: Implemented a secure and highly available architecture with a clear separation of concerns (database, backend, frontend, security).

• Operational Excellence: Automated deployments using CI/CD pipelines ensure efficient management of workloads.

• Security and Compliance: Utilized IAM, DNSSEC, Certificate Manager, Web Security Scanner, Security Command Center and Cloud Storage bucket policies for robust security.

• Reliability: Employed Cloud Storage Multi-region, Firestore, Cloud Load Balancing, and Cloud DNS for a resilient and available application.

• Cost Optimization: Leveraged serverless provisioning with Terraform to minimize costs, along with budget alerts and SLOs.

• Performance Efficiency: Optimized content delivery with Cloud CDN and fine-tuned cloud resources for optimal performance.

This experience showcased my ability to not only grasp complex cloud concepts but also translate them into a secure, scalable, and feature-rich cloud solution.

The Cloud Resume Challenge: Mission Accomplished, This project pushed me to confront challenges, learn from mistakes !

Challenges and Overcoming Them

Setting up a GCP Foundation Organization and a robust deployment strategy proved to be hurdles. Additionally, integrating Cloud Armor for DDoS protection required alternative solutions like Cloudflare with Cloud DNS. The backend initially lacked a separate endpoint for uptime checks. To address this, I plan to migrate to Cloud Run for improved deployment strategies.

Resume url : https://sm-resume.microworka.com/

Lessons and Challenges Learned

This project proved to be an invaluable learning experience, highlighting several key insights and challenges:

1. Strong Foundation: A solid understanding of cloud architecture principles is paramount. This project reinforced the importance of having a comprehensive grasp of GCP services and how they interact(Optimize GCP Landing Zone to meet my need with cost optimization by removing unecessarice service like VPC Sharing…).

2. Hands-on Practice: While certifications provided a theoretical base, this practical application was crucial for truly internalizing cloud concepts. The challenge of building a real-world application bridged the gap between theory and practice.

3. Automation is Key: Implementing DevOps practices, particularly CI/CD pipelines, significantly streamlined deployments and maintenance. This experience emphasized the efficiency gains from automation in cloud environments.

4. Security as a Priority: The project underscored the critical nature of implementing security measures. From IAM policies to HTTPS implementation, each security decision proved vital in creating a production-ready application.

5. Environment-Specific Deployments: Utilizing separate environments (Dev, QA, UAT, Prod) and leveraging Git's Fast-Forward Merge principle for deployments was enlightening. This approach ensured controlled, systematic rollouts and easier troubleshooting.

6. Adapting to Limitations: The challenge with implementing Cloud Armor for Cloud Storage as a backend service was a valuable lesson in flexibility. Pivoting to Cloudflare as an alternative solution because of issue with rate-limit with cloud armor, demonstrated the importance of being adaptable and finding creative workarounds in cloud architecture.

7. Cost Management: Balancing performance with cost-efficiency was an ongoing challenge. It highlighted the importance of continuous monitoring and optimization of cloud resources.

8. Documentation is Crucial: Maintaining clear, up-to-date documentation throughout the project proved essential, especially when troubleshooting issues or onboarding new features.

9. Community Support: Engaging with the cloud community, through forums and social media, provided invaluable insights and solutions to challenges encountered during the project.

Overcoming Specific Challenges:

1. Multi-Environment Setup: Initially, configuring distinct environments posed a challenge. I overcame this by thoroughly studying GCP's resource hierarchy and implementing a clear naming convention and access policies for each environment.

2. CI/CD Pipeline Complexity: Setting up a robust CI/CD pipeline that worked across all environments was initially daunting. I tackled this by starting with a basic pipeline and incrementally adding complexity, thoroughly testing at each stage.

Resume are in the Cloud Now, Looking Ahead: The Next Steps

My cloud resume is a stepping stone, not a destination. I plan to continuously improve it while optimizing costs. This blog post serves as just one way I'm sharing my knowledge. I intend to conttinous posting on this blogs and share knowledge with this Youtube channel Youtube Channel to empower others on the cloud journeys, including cost-effective practices.

Resume url : https://sm-resume.microworka.com/

Conclusion

My transformation from software developer to aspiring Multi-cloud architect is a testament to continuous learning and a passion for technology. The Cloud Resume Challenge provided a project to challenge my skills, and I'm confident it will be a valuable asset in my next step.

Are you seeking a seasoned professional for roles such as:

• Cloud & DevOps Engineer

• Cloud Platform Engineer

• Cloud Solutions Architect

• Cloud Architect

• Cloud Technology Evangelist

• Multi-Cloud & DevOps Engineer

• Multi-Cloud Technology Evangelist

• Cloud Automation Engineer

I offer a combination of skills and experiences:

• 9+ years in software development with extensive cloud expertise across GCP and Azure with knowlege on OCI, and AWS

• 15+ cloud certifications, including Google Cloud, Azure, Databricks, Aviatrix, and Oracle Cloud

• Proven track record of architecting and implementing secure, scalable cloud solutions

• Strong background in DevSecOps, infrastructure automation, and Generative AI integration

• Experience in optimizing cloud costs and improving operational efficiency

• Passion for innovative business solutions and continuous learning in cloud technologies

My goal is to leverage this diverse skill set to drive organization's cloud transformation, enhance security posture, and accelerate time-to-market. I'm particularly adept at:

• Designing and implementing multi-cloud architectures

• Optimizing DevOps processes and CI/CD pipelines

• Integrating cutting-edge technologies like Kubernetes and Generative AI

• Ensuring robust cloud security and compliance

Let's connect and explore how my expertise in cloud architecture, DevOps, and emerging technologies can add significant value to your team and drive your cloud initiatives forward https://www.linkedin.com/in/merlin-saha/