OneSourceIT / Cloud infrastructure

Your cloud should be boring.

It should cost what you expect, run without babysitting, and be written down so you're never hostage to whoever set it up. I run AWS infrastructure to financial-sector standards — and bring the same discipline to businesses that just need their cloud handled.

Get a fixed quote The technical detail
AWS Certified Solutions Architect – Associate 10+ account estate run daily, entirely as code Fixed price · no retainer
The problem

Cloud work is invisible — so you either overpay or get burned.

You can't see inside your own infrastructure, so you're left trusting whoever set it up. Three versions of how that goes wrong:

Door · 01

The bill nobody can explain

The monthly number grew quietly, line by line, and now no one in the building can say what half of it buys. So everyone keeps paying it.

The fixed-scope answer: your setup tuned against real usage — measured before and after, so the savings are a fact, not a promise.
Door · 02

The server closet on borrowed time

Aging hardware, backups nobody has tested, and one power outage between you and a very bad week. You know it's time; you don't know who to trust with the move.

The fixed-scope answer: your systems moved to the cloud with a clean, documented setup — backups and recovery tested, not assumed.
Door · 03

The first environment, done right once

New product, first real infrastructure. Set up casually now, it becomes expensive archaeology later — re-secured, re-documented, rebuilt under pressure.

The fixed-scope answer: a new environment built right the first time — secure, monitored, and owned entirely by you.

The common thread: you shouldn't have to trust anyone blindly — including me. Everything I build is written down, readable, and yours. That's the whole next section.

How I work

Everything is written down

My infrastructure is defined 100% as code. In plain terms, that means four promises:

Your cloud is a document, not a mystery

The entire setup exists as readable code — not undocumented clicks in a console. Any competent engineer can read it, audit it, and take it over.

Changes rehearse before they perform

Every change is tested against a copy of the environment before it touches the real thing. Production never gets surprises.

Reviewed going in, reversible coming out

Changes deploy through approval steps with a way back. No 11 PM hot-fixes to a system only one person understands.

You own all of it

The accounts, the code, the documentation — yours from day one. Walking away from me costs you nothing, which is exactly why you won't need to.

Proof, not promises

The standard this is held to

Case story · anonymized

A pension system's AWS estate, run entirely as code

My day-to-day engineering work is the AWS estate of a financial institution that safeguards retirements — the kind of environment where a careless change isn't an outage, it's a headline. More than ten accounts, each with a full mirror environment for testing, every resource defined in code and deployed through review and approval gates.

The discipline is the point: least-privilege access throughout, no shared credentials anywhere, secrets that rotate themselves, encryption as the default state of everything, and monitoring that reports problems before people do. When something does misbehave, diagnosis runs on evidence — network logs down to handshake internals — not guesswork and restarts.

Built to the standards a pension system demands. Brought to businesses that just need their cloud handled.

10+ accounts
One governed AWS organization
100% as code
No undocumented changes
Mirror first
Every change rehearsed before production
Zero
Shared credentials, anywhere
For your IT team

The technical detail, when you want it

Categories, not blueprints — enough for whoever vets this to know it's real.

Day-to-day practice on a 10+ account AWS Organization, 100% infrastructure-as-code. Specifics below stay deliberately categorical — it's a financial institution's infrastructure, and publishing its blueprint would say more about my judgment than my skills.

  • Multi-account organization design — workload isolation across production, shared services, development, backup and security accounts, each mirrored by a full test environment.
  • CloudFormation at depth — reusable modules, custom macros, StackSets, and approval-gated delivery pipelines; change sets reviewed before anything applies.
  • Identity engineering — least-privilege IAM, attribute-based access control, and policies generated from observed activity rather than written by hope.
  • No long-lived keys — OIDC federation for CI/CD, scoped to repository and branch; secrets in Secrets Manager with automated rotation designed in from day one.
  • Golden image pipelines — EC2 Image Builder producing hardened, versioned machine images on a schedule, with lifecycle policies retiring the old ones.
  • Serverless automation — Lambda, EventBridge and Systems Manager handling deployments, credential lifecycles and fleet operations without persistent servers to maintain.
  • Encrypted-everything baselines — KMS on storage, queues and logs; TLS minimums on anything web-facing; retention standards enforced in code.
  • Hybrid networking — Transit Gateway hub-and-spoke across accounts, private VPC endpoints for no-internet-egress workloads, dedicated connectivity to on-premises.
  • Windows and Active Directory on AWS — domain-joined fleets, group-policy management, and internal PKI run as first-class cloud workloads.
  • Evidence-driven troubleshooting — VPC flow logs to TLS handshake internals; root causes proven, not guessed at.
Credential · verified

AWS Certified Solutions Architect

Certified at the Associate tier — stated precisely, because precise claims are the house style. The certification is the floor; the estate described above is the actual evidence.

AWS Certified Solutions Architect – Associate
Fixed-scope offers

Ready-made ways to start

Each is a bounded project with one price, approved before work begins.

01

Cloud health review

A structured review of your existing setup against proven best practices — security, cost, backups, documentation — with fixes ranked by impact, each carrying its own fixed quote.

02

Move to the cloud

Your systems moved out of the server closet and onto AWS with a clean, well-documented setup — backups and a tested recovery plan included, downtime planned rather than discovered.

03

A new environment, done right

A brand-new AWS environment built from scratch — secure, monitored, written down, and owned entirely by you. The foundation that doesn't need rebuilding in two years.

04

Lower your cloud bill

An existing setup tuned for cost and performance against your real usage — measured before and after, so you can see exactly what changed and what it saves.

Tell me what your cloud costs — and what it's supposed to do. Get a fixed price back.

A short conversation is enough to scope most cloud work — and the quote costs nothing.

Get a fixed quote