Kamran Biglari
KamranOnline
Chief Cloud Engineer · London, UK

Cloud, DevOps, and on-prem. Engineered properly, the first time.

I design, deploy, and operate cloud infrastructure for teams that need it to actually work — all managed as code, all documented, all yours at the end.

Start a projectExplore the platform
20+ years in cloud & datacenter Available for engagements Replies within 48h
01 / 06
Edge & CDN

Traffic, handled before it's a problem

It starts at the edge: Route 53 steers users to the closest healthy region, CloudFront caches and terminates TLS, and AWS WAF + Shield absorb bots and DDoS before anything reaches your origin. I design the routing, cache strategy and rule sets — and tune them against real traffic.

Route 53CloudFrontWAFShield
Network & VPC

A network you can actually reason about

A multi-AZ VPC with clean public / private / data subnet tiers, Internet & NAT gateways, and least-privilege security groups and NACLs. Segmented, observable and hybrid-ready from day one — not an accidental flat network you're scared to touch.

VPCMulti-AZSubnetsNACL
Ingress & Load Balancing

Zero-downtime as the default

ALB / NLB with health checks and TLS, fronting Kubernetes ingress controllers. Blue/green and canary releases, connection draining and graceful rollouts — deploys that don't drop requests, even at peak.

ALBNLBIngressTLS
Kubernetes · EKS

EKS, run properly

Managed node groups or Karpenter, IRSA for pod-level IAM, GitOps with ArgoCD, autoscaling and rehearsed upgrade paths across AZs. A platform your team operates with confidence — not one that pages them at 3am.

EKSKarpenterArgoCDIRSA
Data

Databases that stay up

RDS Multi-AZ / Aurora with a synchronous standby, ElastiCache for hot paths, connection pooling, point-in-time recovery and restores I actually rehearse — plus S3 with VPC gateway endpoints. Performance tuned with evidence, not guesses.

RDS Multi-AZAuroraElastiCacheS3
Hybrid & On-prem

Cloud and datacenter, one estate

Transit / VPN Gateway with Site-to-Site IPSec or Direct Connect into on-prem Kubernetes, Hetzner and Proxmox — one operating model across AWS and bare metal. Everything reproducible, documented and handed over to your team.

Transit GWSite-to-Site VPNOn-prem K8s
How it works

Four steps. No surprises.

Fixed-scope engagements with clear deliverables. You always know what's coming, what it costs, and when.

01

Discovery

60-minute call. I review your stack, current pain, and goals. No deck.

02

Scope & estimate

Fixed-scope proposal: outcomes, deliverables, timeline, price. You decide.

03

Build

I build it — usually with Terraform — in a fork of your repo. PRs reviewed by your team.

04

Handover

Docs, runbooks, recorded walkthrough. Optional retainer for ongoing ops.

See full engagement details
Writing

Latest from the blog.

All posts

Hands-on writeups from real production — Terraform, AWS, Kubernetes, networking.