I work on cloud platforms — mostly on Azure — where things need to actually run, scale, and stay manageable over time.

Over the last 10+ years, I’ve moved from backend engineering into architecture, and these days I spend most of my time designing systems, making trade-offs, and helping teams build things that don’t fall apart in production.

I am based in Canada(🇨🇦)

Open to Senior / Principal Solutions Architect roles

A lot of my work is around Azure-based platform architecture — especially for systems that need:

• clear separation between environments (dev / prod)
• strong identity and security boundaries
• predictable cost
• and infrastructure that teams can actually work with

In practice, that means:

• designing landing zones and platform foundations
• deciding between options like hub-spoke vs Virtual WAN, or simple vs “enterprise” setups
• building reusable Terraform modules so teams don’t reinvent everything
• helping teams move from legacy setups to something more cloud-native (without breaking everything)

I care quite a bit about keeping things simple where possible, and only adding complexity when there’s a real reason.

A full Azure landing zone built with Terraform and deployed end-to-end.

This isn’t just a diagram — it’s something I’ve actually run and validated.

Includes:

• Management groups and multi-subscription setup (platform, connectivity, shared, dev, prod)
• Hub-spoke networking with centralized DNS
• Shared services (ACR, Key Vault, Storage, Log Analytics)
• AKS behind Application Gateway (WAF + AGIC)
• GitHub Actions with OIDC (no stored credentials)
• Workload identity on AKS (no secrets in pods)

I’ve also documented the reasoning behind the setup — things like why I chose hub-spoke over Virtual WAN, why I didn’t include Azure Firewall, and how state is structured in Terraform.

A set of reusable Terraform modules for Azure.

Built this mainly to avoid copying the same infrastructure code across environments and projects.

Modules include:

• hub and spoke VNets
• private DNS
• ACR, Key Vault, Log Analytics

Design choices are opinionated:

• private endpoints by default
• RBAC instead of access policies
• consistent inputs/outputs

A backend microservices project using:

• Spring Boot
• Kafka
• PostgreSQL
• Kubernetes

Includes Terraform and CI/CD as well — mainly something I built to experiment with event-driven patterns and deployment setups.

• Azure Solutions Architect Expert (AZ-305)
• Azure Administrator (AZ-104)

11+ years in software engineering and cloud, mostly in backend and distributed systems.

Recently worked on a large-scale platform modernization in Canada — moving a legacy system to Azure (AKS, Kafka, Terraform, Cosmos DB), where the focus was less on “greenfield perfection” and more on making things work under real constraints.

Cloud & Architecture Azure · Landing Zones · System Design · Distributed Systems

Infrastructure Terraform · Kubernetes · AKS · Helm · GitHub Actions · OIDC

Application Java · Spring Boot · Kafka · PostgreSQL · Cosmos DB · REST APIs · OAuth2

LinkedIn: https://linkedin.com/in/sudheer44 GitHub: https://github.com/devsocket

Canada PR holder