AWS Cloud Consulting Portfolio
Overview
A structured programme of AWS skill development combining formal certification, hands-on implementation, and practical architecture experience. The goal is to operate as an independent AWS cloud consultant targeting £400-500 daily rates in enterprise and regulated industry engagements.
This is not a theoretical portfolio. Every AWS skill listed here has been applied to a real project running in production.
Certification Pathway
| Certification | Status | Year |
|---|---|---|
| AWS Certified Cloud Practitioner | ✅ Complete | 2026 |
| AWS Certified Solutions Architect — Associate | 🔄 In progress | 2026 |
| AWS Certified Solutions Architect — Professional | Planned | 2027 |
The Cloud Practitioner certification establishes foundational knowledge across all AWS service categories — compute, storage, networking, databases, security, pricing, and support. It is the first step in the Solutions Architect pathway.
Practical AWS Experience
AWS Bedrock — AI Inference at Scale
Integrated AWS Bedrock into the Homelab AI Monitoring Agent as the AI inference layer. This involved:
- Model selection and evaluation — Compared Nova Micro, Nova Lite, and Nova Pro for cost vs analytical quality. Built a tiered routing system that selects the appropriate model based on analysis type.
- Prompt engineering — Designed prompts that consistently return structured JSON-compatible output from unstructured infrastructure metrics. Pre-summarisation reduces token consumption by ~94%.
- IAM configuration — Created least-privilege IAM policies scoped to specific Bedrock model ARNs. Configured AWS CLI credential chain for secure access from LXC containers.
- Cost management — Instrumented all Bedrock calls to track token usage and cost per analysis tier. Total monthly cost for a 25-container monitoring system: < $0.01.
# Tiered model routing — cost vs quality tradeoff
models = {
"routine": "us.amazon.nova-micro-v1:0", # 6-hourly checks — cheapest
"daily": "us.amazon.nova-lite-v1:0", # Daily reports — balanced
"alert": "us.amazon.nova-pro-v1:0" # Critical alerts — best reasoning
}
IAM — Least Privilege Design
Designed and implemented IAM configuration for the monitoring agent:
- Separate IAM user with programmatic access only (no console access)
- Custom policy scoped to specific Bedrock actions and model ARNs
- No wildcard permissions — every action explicitly allowed
- Credential rotation procedure documented
Architecture Patterns Applied
The homelab infrastructure implements several AWS-aligned architecture patterns at home-lab scale:
| Pattern | Implementation |
|---|---|
| Least privilege access | Proxmox API tokens scoped to minimum required permissions |
| Defence in depth | Cloudflare → WireGuard → host firewall → container isolation |
| Resilient access paths | Three independent routes to infrastructure (Cloudflare, WireGuard, Reticulum) |
| Audit trail | All actions, alerts, and analyses logged to immutable SQLite records |
| Cost optimisation | Pre-summarisation reduces AI token consumption by 94% |
These patterns transfer directly to AWS architecture — the principles are identical, the services differ.
Consulting Proposition
Target Clients
- Mid-market organisations beginning AWS cloud adoption
- Regulated industries (financial services, healthcare, public sector) with compliance requirements
- Organisations migrating from on-premises infrastructure to hybrid or cloud-native architectures
Value Proposition
25+ years of operations management experience means I understand how organisations actually work — the legacy systems, the compliance requirements, the change management challenges, the people who need to be convinced. Cloud consulting that ignores operational reality produces architectures that look good on paper and fail in practice.
Practical hands-on implementation rather than certification-only expertise. Every AWS service I recommend, I have used in a real deployment. The Bedrock integration, the IAM configuration, the cost instrumentation — these came from building something that actually runs.
Security clearance and regulated environment experience at the National Crime Agency provides direct understanding of the constraints that regulated industries face — dual-network environments, strict audit requirements, legacy system integration, compliance-aware automation design.
Rate Expectations
Targeting £400-500/day for associate-level consulting engagements, moving toward £600-800/day upon achieving Solutions Architect — Associate certification and completing initial client engagements.
Current Focus Areas
AWS Solutions Architect — Associate Preparation
Working through Stephane Maarek’s SAA-C03 course. Key domains:
- EC2 instance types and storage options
- VPC design — subnets, route tables, security groups, NACLs
- RDS and Aurora database architectures
- S3 storage classes and lifecycle policies
- IAM roles, policies, and cross-account access
- High availability and disaster recovery patterns
Architecture Study
Beyond certification, studying real-world AWS architecture through:
- AWS Well-Architected Framework (all six pillars)
- AWS reference architectures for regulated industries
- Case studies from AWS financial services and public sector customers
Why Cloud Consulting
Operations management at scale teaches you that systems — whether people, processes, or technology — have the same failure modes. They drift from their intended state. They accumulate technical debt. They become brittle under load. They fail quietly before they fail loudly.
Cloud architecture is operations management applied to infrastructure. The discipline of designing systems that are observable, recoverable, and cost-efficient is the same discipline I have applied to operational programmes for 25 years. The tools are different. The thinking is not.
The homelab is where that thinking gets tested against real constraints — real hardware, real costs, real consequences when something breaks at 2am.
AWS Cloud Practitioner certified 2026. Solutions Architect — Associate in progress. Available for consulting engagements from mid-2026.