Steve Fermat

Leading an expertise workshop around Amazon RDS (MySQL, PostgreSQL, Aurora), integrating related AWS services (VPC, KMS, CloudWatch, IAM, Secrets Manager, AWS Backup).

Audit and recommendations on instance sizing (db.r6g, db.m6i classes), activation of GP3 storage with IOPS/throughput tuning, configuration of Read Scaling via multi-region read replicas.

Implementation of RDS Proxy for connection pooling and reduction of application latency.

Optimization of parameter groups (innodb_buffer_pool, work_mem) and use of Performance Insights coupled with Enhanced Monitoring for analyzing wait events.

Configuration of encryption at-rest via AWS KMS (CMK), encryption in-transit (forced SSL/TLS), network isolation in a private VPC with restrictive Security Groups. Integration with AWS IAM for database authentication without static passwords, automatic secret rotation via AWS Secrets Manager. Access audit with CloudTrail and RDS Activity Streams.

Multi-AZ deployment (synchronous standby), configuration of maintenance windows and automated backup. PITR (Point-in-Time Recovery) strategy and centralized snapshots via AWS Backup. For critical workloads, migration to Aurora Global Database for an RTO < 1 min in case of regional failure.

Supporting a client in structuring their multi-account AWS environment: design of a Landing Zone aligned with the AWS Well-Architected Framework, with the objectives of large-scale governance, access segmentation, and continuous compliance.

Design of the OU hierarchy (Security, Infrastructure, Workloads/Prod, Sandbox…), strict segregation of the Management Account, implementation of an Account Vending Machine via Control Tower for automated onboarding of member accounts.

Federation with the enterprise IdP (SAML 2.0 / SCIM), design of Permission Sets by business role, MFA enforced, propagation of access via Account Assignments across the entire organization.

Library of SCPs covering: region restriction (aws:RequestedRegion), CloudTrail/GuardDuty/Config protection, blocking public S3 access, prevention of organization exit.

Deployment of Config Rules (CIS AWS Foundations Benchmark, FSBP), automatic remediation via SSM Automation, centralization of alerts in Security Hub with multi-account aggregation.

Reduced attack surface, continuous GDPR/CIS compliance, accelerated time-to-production for new teams.

Technical support for a team of developers in upskilling on AWS, with practical training sessions and architecture consulting focused on security, multi-account governance, and production best practices.

Design and delivery of hands-on tutoring sessions on AWS fundamentals and advanced uses. Approach focused on concrete cases with practical workshops in real environments.

Networking & network security: multi-tier VPC architecture (public/private/isolated subnets), security groups, NACLs, VPC peering, and Transit Gateway. Implementation of best practices for network isolation between dev, staging, and production environments.

Governance & identity management: AWS Organizations configuration with multi-account structure, implementation of AWS IAM Identity Center (SSO) for centralized access management. Definition of IAM policies according to the principle of least privilege, management of cross-account roles and SCPs at the Organization level.

Databases & compute: RDS best practices (Multi-AZ, snapshots, parameter groups, credential management via Secrets Manager), EC2 sizing and optimization (instance types, reserved vs. on-demand, Auto Scaling Groups).

Architecture review and audit of existing infrastructures with documented recommendations aligned with the AWS Well-Architected Framework.

4 developers autonomous on AWS in 3 months

40% reduction in infrastructure costs following optimization recommendations

100% elimination of root access and long-lived IAM keys in production

Multi-account architecture implemented with complete environment segregation

AWS (VPC, IAM, Identity Center, Organizations, RDS, EC2, Secrets Manager, CloudTrail, Config), Terraform, AWS Well-Architected Framework