Business Strategy × Platform Engineering · Multi-cloud · Cloud Governance · Security by Design · FinOps
%2098801--0667-25D366?logo=whatsapp&labelColor=202020){kind=icon}
%2098456--1928-25D366?logo=whatsapp&labelColor=202020){kind=icon}
Principal Solutions Architect (Staff+) at the intersection of business strategy and Platform Engineering.
I design multi-account/region architectures across AWS, Azure, GCP, and OCI with Cloud Governance, Security by Design, and FinOps at the core.
I standardize the SDLC with IaC (Terraform/CDK/Ansible/CloudFormation), Kubernetes (EKS/AKS/GKE/OKE), and CI/CD — delivering scale, reliability, and cost optimization in complex multi-cloud environments.
- Modernization & Migrations: landing zones, Organizations, policy-as-code; networking (TGW/DX); containers (ECS/Fargate/EKS); API Gateway; event-driven integrations (EventBridge/SQS/Step Functions/Lambda); service mesh.
- Security & Compliance: Zero Trust, IAM/KMS, WAF/ALB, account segregation, DR/Backup with compliance — tying technical decisions to risk, cost, and time-to-market.
- DevEx & Platform: IDP/Backstage with service catalog & golden paths (opinionated templates in Terraform/CDK/K8s), reusable pipelines (GitHub Actions), PR previews, and self-service with guardrails.
- Observability & Reliability: Prometheus/Grafana/Loki/OpenTelemetry, SLOs from day one.
Tools and languages I use most often in platform & cloud architecture, delivery, and operations.
Java · C# · .NET · Node.js · TypeScript · JavaScript · PHP · Python · Go · Kotlin · Bash · PowerShell
Spring Boot · Quarkus · ASP.NET Core · Razor/Blazor · Express · NestJS · FastAPI · Laravel
React · Next.js · Vue · Angular · React Native
PostgreSQL · MySQL · SQL Server · MongoDB · Redis/Valkey · DynamoDB
SQS · SNS · EventBridge · Kafka/MSK · Kinesis · Step Functions · API Gateway · Apigee Edge · Camunda
AWS · Azure · GCP · Oracle Cloud (OCI)
Docker · Kubernetes (EKS, AKS, GKE, OKE) · Helm · Karpenter · HPA/PDB · Service Mesh
Terraform · AWS CDK · CloudFormation · Ansible · OPA/Conftest · Policy as Code
GitHub Actions · GitLab CI · Azure DevOps · Jenkins · Argo CD · Flux · Blue/Green & Canary
OpenTelemetry · Prometheus · Grafana · Loki · CloudWatch · Azure Monitor · GCP Monitoring · Dynatrace · New Relic · Zabbix · Elasticsearch/Kibana · PagerDuty · incident.io
Zero Trust · WAF/ALB · IAM · KMS · Secrets Manager/Parameter Store/Vault · TLS 1.2/1.3 · Supply-chain security (SBOM, image signing with cosign)
Platform Engineering · Platform Architect · SRE · System Design · Well-Architected · DORA · FinOps (CUR/Athena/Glue, tagging, rightsizing, Savings Plans) · LGPD · DevSecOps
FinOps Automation — CUR + Athena + Glue + PDF Insights
Automated cost ingestion (CUR), ETL with Glue, Athena queries, scheduled reports with serverless functions, and PDF/HTML insights for stakeholders.
Highlights: cost allocation by tag/account, rightsizing suggestions, Savings Plans/RIs coverage, monthly deltas and KPIs.
🔗 Repo: thiagorpantoja/finops-automation
Chatwoot on ECS Fargate — Multi-tenant + ALB + WAF
Production-grade deployment on ECS Fargate with RDS/Redis, ALB rules per host, WAF, TLS 1.2/1.3, and IaC modules.
Highlights: blue/green ready, autoscaling policies, least-privilege IAM, KMS, and observability pack.
🔗 Repo: thiagorpantoja/chatwoot-ecs
EKS Blueprints + Karpenter — SLO-first Platform
EKS with Karpenter, OTel, Prometheus, Grafana, Loki, and Golden Paths templates for app teams.
Highlights: IDP/Backstage onboarding, PR env previews, guardrails, SLOs from day one.
🔗 Repo: thiagorpantoja/eks-blueprints-slo
- 📬 Email: [email protected]
- 💼 LinkedIn: https://www.linkedin.com/in/thiagorpantoja
- 🟣 Teams: mailto:[email protected]
- 🟢 Google Chat: mailto:[email protected]
- 📱 WhatsApp SP: +55 (11) 98801-0667 · WhatsApp AM: +55 (92) 98456-1928
- 🧵 Instagram: https://www.instagram.com/euthiagorpantoja
- 📰 Substack: https://substack.com/@thiagorpantoja
“Platform done right multiplies value across every squad.”