cloud platform engineer
I build the platforms
other teams build on.
AWS at organisation scale, infrastructure as code, and CI/CD that teams actually want to use. I treat reliability, access, and developer experience as one problem.
resource engineer "luke" { role = "Cloud Platform Engineer" location = "East Sussex, UK" focus = ["aws", "iac", "ci/cd", "platform"] status = "open to senior / lead roles" # homelab-driven; platform-thinking by default}Multi-account AWS Organisations with AFT, golden paths, and guardrails that scale across teams.
Shared GitLab CI/CD templates and IaC pipelines that make the safe path the easy path.
Privileged access tooling and migrations done without downtime or surprises.
selected work
all case studies →Replacing enterprise PAM across the whole engineering org
Led the end-to-end replacement of an enterprise privileged-access tool with StrongDM for the entire engineering workforce — owning both the architecture and the delivery, and turning access provisioning into a self-service, GitOps-driven workflow.
Shared CI/CD templates used by 50+ repositories
Built the team's shared GitLab CI templates and CI images — now consumed by 50+ repos — eliminating pipeline duplication, including a Terraform version-agnostic image that lets every repo pin its own version from one shared tag.
A secure AWS platform for a greenfield public-sector programme
Led a team of 8 building a large-scale, secure multi-tenant AWS platform from scratch — the network foundation, an inspected perimeter, and the Kubernetes clusters application teams deployed onto.
the brewerton platform
A homelab run like production.
A modular, IaC-first platform at home — the proving ground for ideas before they touch work. Proxmox, containers, GitOps DNS, and an Entra identity layer, all documented and version-controlled.
Hosted on Cloudflare, written up here, kept honest by running it 24/7.
- Compute — Proxmox cluster migrated from ESXi/vCenter live
- Networking — VLANs, public /29 WireGuard VPN to edge live
- DNS — PowerDNS, git-backed GitOps zone management live
- Identity — M365 Entra ID SSO into various systems live
- Observability in progress building