DevOps Blog

Thoughts on cloud infrastructure, automation, and building resilient systems

Get In Touch
Back to Home

Building a Production Ready Disaster Recovery Platform on AWS

November 6, 2025 • 5 min read

When I set out to build a disaster recovery solution, I knew I wanted something beyond the traditional backup and restore approach. My goal was to create a platform that could automatically fail over between AWS regions within 15 minutes or less a significant improvement over the hours or days typically required for manual disaster recovery processes.

The architecture centers around Terraform for infrastructure as code, allowing me to provision identical environments in both us-east-1 and us-west-2 regions. This consistency is crucial for eliminating configuration drift and ensuring that applications behave identically in both locations. I implemented cross-region replication for databases using RDS read replicas and for object storage with S3 Cross-Region Replication, achieving a Recovery Point Objective (RPO) of less than 5 minutes for critical data.

Technical Implementation Highlights:

  • Python orchestration using Boto3 to automate the entire failover sequence
  • Kubernetes state backup with Velero for containerized applications
  • Automated DNS switching via Route53 with health checks
  • Regular testing using AWS Fault Injection Simulator (FIS)

The most valuable lesson from this project was the importance of automated testing. Without regular validation, DR plans quickly become outdated. By implementing automated tests with AWS FIS, I could regularly validate the entire recovery process without manual intervention, giving me confidence that the system would work when needed most. This project reduced potential recovery time by 90% and demonstrated how proper automation can transform a critical but rarely used process into a reliable, maintainable system.

Modernizing Legacy Applications: A Hybrid Cloud Migration Journey

October 10, 2025 • 6 min read

Migrating legacy applications to the cloud presents unique challenges especially when dealing with monolithic architectures and tight downtime requirements. For my hybrid cloud migration project, I needed to move a three tier application to AWS while maintaining 99.5% uptime during the cutover window. The key was implementing a phased approach that balanced risk with progress.

I began by containerizing the application components using Docker, which allowed me to decouple the application from the underlying infrastructure. This modernization step alone reduced operational overhead by 60% by moving from manual server management to container orchestration. The database migration was handled using AWS Database Migration Service (DMS) with continuous replication, ensuring near-zero data loss during the transition.

Migration Strategy Components:

  • Infrastructure as Code for both source and target environments using Terraform
  • Application refactoring for cloud native patterns (stateless design, external configuration)
  • Comprehensive validation suite comparing pre and post migration performance
  • Automated rollback procedures for each migration phase

One of the most insightful aspects of this project was developing the validation framework. By comparing application performance, data integrity, and cost metrics before and after migration, I could demonstrate clear ROI to stakeholders. The migration, originally estimated at 3 months, was completed in just 2 weeks thanks to automation. Post migration, operational costs decreased by 40% through right-sizing and leveraging managed services like RDS and EKS. This experience reinforced that successful cloud migrations aren't just about moving infrastructure they're about transforming how applications are built, deployed, and maintained.

Security & Self-Hosting: Building a Private Password Manager with Vaultwarden

September 5, 2025 • 4 min read

In an era of increasing data breaches and privacy concerns, I decided to take control of my password management by self-hosting Vaultwarden, an open source, Bitwarden compatible password manager. The project gave me hands-on experience with security hardening, certificate management, and automated backups all while solving a real-world need.

I deployed Vaultwarden on an AWS EC2 instance using Docker Compose, which simplified dependency management and made the setup reproducible. Security was paramount: I configured automated SSL certificates with Let's Encrypt, implemented database encryption at rest, and set up strict firewall rules limiting access to only necessary ports. The database (SQLite for simplicity) was configured with full-disk encryption, and I implemented automated daily backups to an encrypted S3 bucket with versioning enabled.

Security & Operations Features:

  • Automated SSL certificate renewal with Certbot and cron jobs
  • Database encryption and regular integrity checks
  • Scheduled backups with retention policies (30-day retention)
  • Monitoring with CloudWatch for availability and disk usage
  • Multi-factor authentication (MFA) enforcement for all users

What started as a personal convenience project turned into a valuable learning experience in security operations. Managing my own password server taught me about certificate lifecycle management, backup strategies, and monitoring for security critical services. The total monthly cost is under $2 (for the EC2 instance), which is comparable to commercial services but with full control over data sovereignty and security policies. This project demonstrates that with the right tools and practices, individuals and small teams can maintain enterprise grade security for critical services without massive infrastructure investments.

Get In Touch

I'm currently open to new opportunities in DevOps, SRE, and Cloud Engineering

bass@baasilmirza.com
/in/baasilmirza
/baasilmirza