All work
Cloud Infrastructure & SRE

Enterprise Azure IaC Platform

A centralized, reusable Infrastructure-as-Code platform for shared Azure infrastructure — the common platform components every application team depends on, instead of each team reinventing them.

Bicep + Terraform

IaC ecosystems maintained

what-if check before every deploy

Deployment validation

Caught at compile time via typed params

Config errors

The Problem

Shared infrastructure (Front Door/CDN, virtual networks, SQL, dashboards, Key Vault, DNS, App Service integration) was at risk of being duplicated inconsistently across teams and environments. The goal was a single, well-conventioned repository that any engineer could deploy from safely, across multiple environments, without needing tribal knowledge.

My Approach

  • Organized the repository around infrastructure domains (Front Door, VNet, SQL, Grafana, Key Vault, DNS, App Service) rather than per-application folders, so shared components have one home and one source of truth.
  • Adopted strongly-typed User-Defined Type (UDT) object parameters in Bicep instead of long lists of loose scalar parameters — reducing configuration drift and making invalid input a compile-time error instead of a runtime surprise.
  • Standardized environment parameter files (dev/staging/prod, regional variants) with consistent, short naming conventions, so any engineer can find and reason about the right file for the right environment.
  • Enforced a what-if validation step before every deployment as a hard practice, not a suggestion — catching unintended resource changes before they happen.
  • Wrote and maintained conventions documentation (naming, layout, parameter patterns) so the repository stays consistent as more contributors add to it over time, and retrofitted legacy folders toward the new standard opportunistically.
  • In parallel, built and maintained separate hands-on Terraform modules (S3, remote state backends, reusable bucket modules) to stay fluent in a second major IaC ecosystem beyond Bicep/ARM.

Stack

IaC Languages/Tools

Azure Bicep (primary)Terraform (AWS provider)ARM templates

Azure Services Modeled

Azure Front DoorVirtual NetworksAzure SQLGrafanaKey VaultAzure DNSApp Service

Tooling

Azure CLIAzure PowerShellVS Code + Bicep extensionAzure DevOps Pipelines

Practices

Environment-based parameterizationwhat-if deployment validationTyped configuration objectsDeployment convention documentation

Skills Demonstrated

  • Platform engineering mindset: building infrastructure for other engineers, not just for one application
  • Strong IaC hygiene (typed parameters, environment isolation, pre-deployment validation)
  • Multi-tool IaC fluency (Bicep and Terraform)
  • Technical writing and convention-setting that scales across a growing codebase and team
  • Judgment about when to refactor legacy patterns vs. leave them alone to avoid unnecessary churn