Muhammad Umer Awais

Muhammad Umer Awais Cloud & DevOps Engineer Cloud & DevOps Engineer with expertise in AWS, Kubernetes, Docker, Terraform, and CI/CD automation. Experienced in cloud migrations, infrastructure as code, container orchestration, security best practices, and monitoring solutions. Passionate about building scalable, secure, and cost-efficient cloud architectures. Technical Skills: ●​ Cloud & Infrastructure: AWS (EC2, S3, RDS, VPC, IAM, Lambda, Control Tower) ●​ Infrastructure as Code: Terraform, CloudFormation ●​ Containers & Orchestration: Docker, Kubernetes (EKS), Helm, ArgoCD ●​ CI/CD & Automation: GitHub Actions, AWS CodePipeline, CodeDeploy ●​ Monitoring & Logging: Prometheus, Grafana, AWS CloudWatch ●​ Security & Compliance: AWS IAM, WAF, SCP Policies, AWS Well-Architected Reviews ●​ Scripting & Development: Bash, Python, YAML Certifications: ●​ AWS Cloud Practitioner, Solutions Architect Associate, SysOps Administrator Associate, Security Specialty, HashiCorp Terraform Associate ●​ Currently pursuing AWS Developer Associate, Networking Specialty & AWS DevOps Engineer Professional Professional Highlights: ●​ Led AWS cloud migrations, reducing costs and improving performance by 25% ●​ Deployed 12+ AWS Control Tower Landing Zones, improving security & cost efficiency ●​ Secured $60K+ in AWS credits for clients via AWS Well-Architected Reviews ●​ Built real-time monitoring dashboards with CloudWatch, Grafana, Prometheus ●​ Automated CI/CD pipelines using GitHub Actions, CodePipeline, CodeDeploy ●​ Speaker at AWS Community Day Lahore, presenting on AWS Control Tower Landing Zone Contents: 1.​ Professional Summary ●​ Overview of skills and expertise in Cloud & DevOps 2.​ AWS Well-Architected Framework Reviews (WAFR) ●​ Process, case studies, and outcomes 3.​ Control Tower Landing Zones ●​ Implementation, client challenges, and case studies 4.​ Certifications ●​ AWS, HashiCorp, IBM, and freeCodeCamp certifications 5.​ AWS Service Deliveries ●​ Control Tower, QuickSight, DMS, EC2, Systems Manager, Transfer Family, CloudFront 6.​ AWS Competencies & Partner Programs ●​ Well-Architected Partner Program involvement 7.​ Badges & Credentials ●​ Industry certifications and credentials 8.​ Speaking Engagements ●​ Event details and contributions Well-Architected Framework Reviews (WAFR) Have conducted 15+ WAFRs so far. Most of my client engagements began with AWS Well-Architected Framework Reviews (WAFR), typically conducted in two sessions of three hours each. Review Process: 1.​ Session 1 – Client Introduction & Assessment: ○​ We introduced WAFR to the client, explaining its purpose and what they should expect. ○​ The client walked us through their current architecture and infrastructure, giving us an initial understanding. ○​ We then went through the AWS Well-Architected Review questionnaire, explaining each question and response option. ○​ By the end of this session, we had covered most of the review.​ 2.​ Session 2 – Finalizing the Review & Identifying HRIs: ○​ Any remaining questions were completed. ○​ We generated the Well-Architected Review report and focused on High-Risk Issues (HRIs). ○​ Since many clients lacked basic best practices, we prioritized HRIs that could be remediated quickly without requiring major architectural changes. Remediation & Implementation: ●​ We prepared a high-risk remediation list and shared it with the client via Slack. ●​ A follow-up call was scheduled to discuss the list, where clients were often relieved to see clear steps for improving their infrastructure. ●​ Once approved, we implemented the remediations, starting with: ○​ Billing controls – Billing alarms, budgets ○​ Security best practices – MFA enforcement, IAM policy pruning, access restrictions ○​ Backup & data lifecycle – EC2 backup policies, RDS retention, S3 lifecycle rules. WAFR Case Study – Client 1 ●​ ●​ ●​ ●​ Industry: Customer Experience Analytics (UAE) WAFR Conducted: Early 2025 Initial HRIs: 38 → Reduced to 14 after remediation AWS Credits Secured: $5,000 Key Remediations Implemented: ●​ ●​ ●​ ●​ Billing controls: Billing alarms, budgets Security improvements: MFA enforcement, IAM policy pruning, access restrictions Backup & retention policies: EC2 backups, RDS retention, S3 lifecycle Governance and compliance using Control Tower Landing Zone WAFR Case Study – Client 2 ●​ ●​ ●​ ●​ Industry: Sports & Fitness Aggregator (Lebanon) WAFR Conducted: 2025 Initial HRIs: 37 → Reduced to 12 after remediation AWS Credits Secured: $5,000 Key Remediations Implemented: ●​ Billing controls: Identified and removed unused resources, optimized instance sizes ●​ Security improvements: IAM role restrictions, MFA enforcement ●​ Backup & retention policies: Implemented automated backups for user transactions & subscription data ●​ Governance and compliance using Control Tower Landing Zone AWS Credits Approved for my clients: ​ Control Tower Landing Zones As a Cloud Engineer, I led the implementation of AWS Control Tower landing zones for 12+ clients, ensuring secure, scalable, and centralized cloud governance. I also mentored new joiners, assisting them in their projects and guiding them through best practices for landing zone deployment. For new clients, I designed and deployed Control Tower landing zones from scratch, enabling seamless cloud adoption with centralized security, billing consolidation, and governance controls. For existing clients with fragmented environments, I migrated and enrolled accounts, establishing a well-structured AWS Organization. Key Steps & Approach: ●​ Landing Zone Design Workshop: I initiated this with every client to assess their isolation needs, compliance requirements, and security posture before implementation. ●​ Deployment & Customization: ○​ Implemented AWS SSO, CloudTrail, and AWS Config as default governance services. ○​ Designed custom Service Control Policies (SCPs) tailored to each client’s use case. ○​ Defined permission sets for Devs, Testers, and Admins based on least privilege principles.​ ●​ Addressing Client Challenges: ○​ Lack of account isolation: Helped clients separate environments (Dev, Staging, Prod) into distinct AWS accounts instead of relying on IAM users. ○​ No centralized management: Enabled governance via the Control Tower dashboard, AWS Organizations, and centralized billing visibility. ○​ Security risks & compliance gaps: Established secure logging mechanisms in the Security OU and enforced MFA, access controls, and audit trails.​ ●​ Cross-Account & Data Migrations: ○​ Used AWS DMS for database migrations. ○​ Utilized S3 replication for object transfers and AMIs for EC2 cross-account migration. ○​ Conducted Migration Workshops to define scope and set expectations for clients. Common Issues & Resolutions: ●​ EC2 subscription errors: Identified and resolved missing marketplace subscriptions affecting landing zone setup. ●​ IAM access issues: Ensured clients had necessary permissions to launch Control Tower. ●​ Migration complexity: Provided step-by-step guidance for enrolling existing accounts, ensuring minimal disruptions.​ Throughout these projects, I not only executed technical implementations but also pitched Control Tower’s value proposition to clients, helping them transition from unstructured AWS environments to governed, scalable architectures. Some general blueprints that we started with for almost all the clients:​ Single-Account Landing Zone Initiative While multi-account AWS Control Tower setups provide robust governance, some clients with minimal infrastructure found them to be overkill. To address this, we are currently working on a Single-Account Landing Zone that maintains key governance and security features while reducing complexity. Current Work & Implementation Approach ●​ Objective: Provide a streamlined, cost-effective alternative for clients with simple infrastructure needs. ●​ Key Features: IAM best practices, centralized logging, billing controls, security baselines, and compliance-ready configurations. ●​ Terraform Implementation: Leading the effort to codify this landing zone in Terraform, enabling automation and repeatability.​ The following attached architecture from a German AWS Partner represents the infrastructure we are working towards. ​ ​ Control Tower Landing Zone – Case Study 1: Client in Customer Experience Analytics Industry: Customer Experience Analytics​ Status Before Engagement: The client had a loosely structured AWS setup with two independent environments (staging and production). These accounts were part of AWS Organizations but had: ●​ No centralized IAM ●​ No consolidated billing ●​ No observability or logging ●​ No governance or access control mechanisms Key Pain Points: ●​ ●​ ●​ ●​ No centralized access or identity management Billing confusion due to unlinked environments Password fatigue and no SSO enforcement Lack of logging, monitoring, and account-level control What We Did: ●​ Conducted a Landing Zone Design Workshop to align on separation needs and future compliance goals ●​ Deployed AWS Control Tower in a newly created Management Account ●​ Enrolled existing staging and production accounts into the new landing zone ●​ Created custom OUs and implemented Service Control Policies (SCPs) ●​ Enabled centralized governance features: ○​ AWS Config with default baselines ○​ Centralized CloudTrail logging replicated to a secure log archive account (1-year retention) ○​ AWS SSO for access management ○​ Permission sets for: ■​ Developers/Testers (restricted access) ■​ Admins (full access) Optimization & Migration: ●​ RDS databases migrated cross-region using AWS DMS with near real-time replication ●​ EC2 instances (some dating back to 2018) were updated with new AMIs, reconfigured, and linked to AWS Patch Manager ●​ S3 buckets were copied cross-region using custom scripts, preserving policies Outcome: ●​ Reduced latency and inter-region data transfer costs ●​ Single set of credentials for accessing all environments via SSO ●​ Clear billing separation and enhanced security ●​ Smooth experience for both dev/testers and admins​ Client Feedback:​ Client was highly satisfied and initiated a follow-up engagement to move towards ISO compliance using this landing zone as the foundation. Control Tower Landing Zone – Case Study 1: Solution Architecture: Control Tower Landing Zone – Case Study 1 : Account Enrollment: Control Tower Landing Zone – Case Study 1 : Solution Architecture: Control Tower Landing Zone – Case Study 2: Client in Healthcare / Fitness Industry: Healthcare / Fitness (Lebanon)​ Status Before Engagement: Client was fully on GCP, facing billing/credit-related challenges and lacked support. They decided to migrate to AWS for better governance and visibility. Key Pain Points: ●​ GCP billing and credit support issues ●​ No governance or account separation ●​ Required better visibility, access control, and future scalability What We Did: ●​ Conducted a Landing Zone Design Workshop and proposed architecture (attached separately) ●​ Deployed AWS Control Tower in a new Management Account ●​ Created separate accounts for: ○​ Dev ○​ Staging ○​ Prod ○​ Log Archive ○​ Audit ●​ Created custom OUs and applied SCPs ●​ Enabled centralized governance features: ○​ Centralized CloudTrail with replication to log archive account ○​ AWS Config with default rules ○​ AWS SSO integrated with MFA ○​ Permission sets for: ■​ Developers (restricted) ■​ Testers (restricted) ■​ Admins (full access) Infra Deployment: ●​ Built full infrastructure using Terraform: ○​ EKS clusters ○​ RDS databases ○​ Networking components ●​ Client handled their own data migration ●​ CI/CD pipeline created using: ○​ AWS CodeBuild + ECR + ArgoCD for GitOps-style deployment into EKS Outcome: ●​ ●​ ●​ ●​ Fully governed, scalable, and production-ready landing zone Developers onboarded with secure and role-based SSO access CI/CD pipeline enabled efficient app deployment Foundation laid for long-term compliance and scaling Control Tower Landing Zone – Case Study 2 : Control Tower Landing Zone Architecture: Control Tower Landing Zone – Case Study 2 : Solution Architecture: Control Tower Landing Zone – Case Study 2 : Terraform Directory Structure: Control Tower Landing Zone – Case Study 2 : CI/CD - ArgoCD Deployments: AWS Service Deliveries As part of our journey toward AWS Partner growth, I have actively contributed to multiple AWS Service Delivery Programs by leveraging real-world client projects, preparing use case documentation, and ensuring alignment with AWS validation criteria. Below is a breakdown of the services I’ve worked on: ✅ AWS Control Tower Delivery (Achieved) Led the documentation efforts using multiple Control Tower landing zone implementations (including customer experience analytics and fitness industry clients). Created technical artifacts, reference architectures, and permission models based on actual deployments. Worked closely with the partner team to prepare for the validation process. ✅ Amazon QuickSight Delivery (Achieved) Helped secure QuickSight Delivery by showcasing reporting and dashboarding use cases built for internal business teams and client-facing solutions. Compiled detailed documentation covering setup, user roles, dataset preparation, and embedded analytics where applicable. ✅ AWS Database Migration Service (DMS) Delivery (Achieved) Used successful DMS implementations as case studies, particularly where near real-time replication was enabled for client RDS migration. Owned the creation of architecture diagrams, configuration steps, and post-migration validation reports. 🟡 Amazon EC2 for Windows Server Delivery (Application Submitted) Our application is already submitted, and I’ve been involved in preparing workload documentation around Windows licensing, patching automation (via Systems Manager), and operational best practices. A few final items are being addressed as requested by AWS, and we’re confident the badge will be received shortly. 🟡 AWS Systems Manager Delivery (Finalizing Submission) All documentation has been completed and reviewed. Showcased use of Systems Manager for patch management, automation workflows, parameter storage, and operational insights. We are preparing to submit the application very soon. 🟡 AWS Transfer Family Delivery (Finalizing Submission) Led the implementation and documentation around SFTP-based file transfers with secure authentication, logging, and downstream processing into S3 and Lambda. With everything finalized from our side, the application submission is imminent. 🟡 AWS CloudFront Delivery (In Progress) Actively working on delivery use cases around global content distribution and edge security. Preparing configuration-level documentation including distribution settings, origin behaviors, custom error handling, and performance optimization. ​ ​ ​ ​ ​ ​ ​ AWS Competencies & Partner Programs AWS Well-Architected Partner Program I played a key role in helping my company achieve the AWS Well-Architected Partner Program status. This involved conducting Well-Architected Reviews, gathering relevant use cases from active client engagements, and creating all necessary documentation as part of the submission process. I also contributed to the delivery of internal workshops and knowledge-sharing sessions to align our technical teams with AWS best practices. This achievement not only enhanced our credibility as an AWS Partner but also deepened our client engagements with a stronger focus on architecture optimization, reliability, and cost efficiency . Badges & Credentials I’ve earned multiple industry-recognized certifications across cloud, infrastructure, DevOps, and web development. These credentials reflect my hands-on knowledge and passion for continuous learning. Amazon Web Services (AWS) ●​ 🛡️ AWS Certified Security – Specialty​ Issued: Dec 2023 · Expires: Dec 2026​ Skills: AWS, IAM​ ●​ 🧠 AWS Certified SysOps Administrator – Associate​ Issued: Feb 2025 · Expires: Feb 2028​ Skills: IaC, Automation, Shell Scripting, DR, Monitoring​ ●​ 🏗️ AWS Certified Solutions Architect – Associate​ Issued: Mar 2023 · Expires: Mar 2026​ ●​ 🌐 AWS Certified Cloud Practitioner​ Issued: Dec 2022 · Expires: Dec 2025​ ●​ 🧩 AWS Partner: Accreditation (Technical)​ Issued: Dec 2022​ ●​ 📊 AWS Partner: Cloud Economics Accreditation​ Issued: Dec 2022​ IBM ●​ 🐳 Docker Essentials: A Developer Introduction​ Issued: Mar 2025​ Skills: Docker, Swarm, Container Orchestration​ ●​ 📦 Containers & Kubernetes Essentials​ Issued: Mar 2025​ Skills: Kubernetes, OpenShift, Istio, Containerization​ HashiCorp ●​ 🔧 HashiCorp Certified: Terraform Associate (003)​ Issued: Sep 2023 · Expires: Sep 2025​ EF SET ●​ 🎓 EF SET English Certificate (C2 Proficient)​ Issued: Nov 2024​ freeCodeCamp ●​ 💻 Responsive Web Design​ Issued: Nov 2022​ Speaking Engagements 1. AWS Control Tower: Governance and Compliance ●​ Event: AWS Community Day 2024 ●​ Date: February 25, 2024 ●​ Role: Co-leader & Speaker ●​ Description:​ I co-led a session on AWS Control Tower, where we focused on its role in enabling centralized governance and compliance for multi-account AWS environments. My colleague and I shared best practices and real-world use cases for managing complex AWS setups. The talk lasted for 45 minutes, followed by a dynamic Q&A session where I addressed questions from over 500 attendees. The session exceeded one hour, allowing for in-depth discussions.