[2026-02-20 08:14:01] ▶ terraform init -backend-config=prod.hcl
Initializing modules...
Downloading registry.terraform.io/gebalamariusz/vpc/aws 1.0.0...
Downloading registry.terraform.io/gebalamariusz/subnets/aws 1.1.0...
Initializing provider plugins...
- Finding hashicorp/aws versions matching "~> 5.0"...
- Installing hashicorp/aws v5.82.2...
Terraform has been successfully initialized!

[2026-02-20 08:14:18] ▶ terraform plan -out=tfplan
module.vpc.aws_vpc.this: Refreshing state... [id=vpc-0a3f8e2c1b4d5f6a7]
module.subnets.aws_subnet.this["10.0.1.0/24"]: Refreshing state...
module.subnets.aws_subnet.this["10.0.2.0/24"]: Refreshing state...
module.nat.aws_nat_gateway.this[0]: Refreshing state...
module.alb.aws_lb.this: Refreshing state...
module.ecs.aws_ecs_cluster.this: Refreshing state...

Plan: 3 to add, 1 to change, 0 to destroy.

[2026-02-20 08:15:02] ▶ terraform apply tfplan
module.security_group.aws_security_group.this: Creating...
module.security_group.aws_security_group.this: Creation complete [id=sg-0f4a8b2c3d5e6f7a8]
module.ecs.aws_ecs_service.this: Modifying... [id=arn:aws:ecs:eu-central-1:***:service/prod/api]
module.ecs.aws_ecs_service.this: Modifications complete

Apply complete! Resources: 3 added, 1 changed, 0 destroyed.

[2026-02-20 08:16:33] ▶ kubectl get pods -n production
NAME                          READY   STATUS    RESTARTS   AGE
api-gateway-7f8d4b6c9-x2k4p  1/1     Running   0          4h
auth-service-5c9a8e3f1-m7n2q 1/1     Running   0          4h
worker-pool-8b3e5d7a2-j9k1r  3/3     Running   0          2h
redis-master-0                1/1     Running   0          12h

[2026-02-20 08:16:41] ▶ kubectl apply -f deploy/production/
deployment.apps/api-gateway configured
service/api-gateway unchanged
horizontalpodautoscaler.autoscaling/api-gateway configured
ingress.networking.k8s.io/api-gateway unchanged

[2026-02-20 08:17:05] ▶ docker build -t hait/api:v2.4.1 --platform linux/amd64 .
[+] Building 42.3s (14/14) FINISHED
 => [internal] load build definition from Dockerfile
 => [internal] load .dockerignore
 => [stage-1 1/5] FROM node:20-alpine@sha256:a1b2c3d4...
 => [stage-1 2/5] WORKDIR /app
 => [stage-1 3/5] COPY package*.json ./
 => [stage-1 4/5] RUN npm ci --production
 => [stage-1 5/5] COPY dist/ ./dist/
 => exporting to image
 => => writing image sha256:9f8e7d6c5b4a3...
Successfully tagged hait/api:v2.4.1

[2026-02-20 08:18:22] ▶ aws ecs update-service --cluster prod --service api --force-new-deployment
{
    "service": {
        "serviceName": "api",
        "status": "ACTIVE",
        "desiredCount": 3,
        "runningCount": 3,
        "deployments": [{ "status": "PRIMARY", "rolloutState": "IN_PROGRESS" }]
    }
}

[2026-02-20 08:19:44] ▶ helm upgrade --install monitoring prometheus-community/kube-prometheus-stack -n monitoring
Release "monitoring" has been upgraded. Happy Helming!
NAME: monitoring
NAMESPACE: monitoring
STATUS: deployed
REVISION: 7

[2026-02-20 08:20:11] ▶ ansible-playbook -i inventory/prod site.yml --tags=deploy
PLAY [webservers] ****************************************************
TASK [Gathering Facts] ***********************************************
ok: [web-01.prod.internal]
ok: [web-02.prod.internal]
TASK [nginx : Deploy configuration] **********************************
changed: [web-01.prod.internal]
changed: [web-02.prod.internal]
PLAY RECAP ***********************************************************
web-01.prod.internal : ok=8  changed=2  unreachable=0  failed=0
web-02.prod.internal : ok=8  changed=2  unreachable=0  failed=0

[2026-02-20 08:21:38] ▶ git log --oneline -8
f4a8b2c feat(ecs): add circuit breaker deployment config
d3e5f7a fix(alb): health check grace period for slow starts
b2c4d6e refactor(vpc): simplify flow logs conditional
a1b3c5d ci: add tfsec scanning to pipeline
9e8d7c6 feat(nat): support single NAT gateway mode
8f7e6d5 docs: update module compatibility matrix
7a6b5c4 fix(subnets): route table association ordering
6d5e4f3 feat(security-group): add rule description support

[2026-02-20 08:22:05] ▶ gitlab-runner exec docker deploy-production
Using Docker executor with image alpine:latest...
Pulling docker image registry.gitlab.com/hait/infra:latest...
$ terraform workspace select prod
Switched to workspace "prod"
$ terraform apply -auto-approve
Apply complete! Resources: 0 added, 2 changed, 0 to destroy.
Job succeeded

[2026-02-20 08:23:17] ▶ aws cloudwatch get-metric-statistics --namespace AWS/ECS \
    --metric-name CPUUtilization --period 300 --statistics Average
{
    "Label": "CPUUtilization",
    "Datapoints": [
        { "Timestamp": "2026-02-20T08:15:00Z", "Average": 23.4, "Unit": "Percent" },
        { "Timestamp": "2026-02-20T08:20:00Z", "Average": 18.7, "Unit": "Percent" }
    ]
}

[2026-02-20 08:24:02] ▶ trivy image hait/api:v2.4.1
2026-02-20T08:24:02.891Z  INFO  Vulnerability scanning is enabled
Total: 0 (HIGH: 0, CRITICAL: 0)

[2026-02-20 08:24:30] ▶ curl -s https://api.haitmg.pl/health | jq .
{
  "status": "healthy",
  "version": "2.4.1",
  "uptime": "4d 12h 33m",
  "services": { "database": "ok", "cache": "ok", "queue": "ok" }
}

Available for projects

Your AWS account has blind spots. I find them.

I architect and harden AWS environments for companies that need security, compliance, and reliability.
Start with a free review to see where your setup stands.

Get my free security review View work

30 min of your time - report with exact fix commands in 48h

10+

Years in DevOps

AWS & Azure

Certified Architect

AWSAzureTerraformKubernetesDockerGitLab CIAI Integrations

01 – Services

How I can help

Your project as a pipeline – from first contact to production.

Contact Get in touch

Infrastructure Audit

running

Comprehensive review of your cloud setup – cost analysis, security assessment, and architecture review with actionable recommendations.

AWSAzureCost optimizationSecurity

CI/CD & Automation

running

Design and implementation of deployment pipelines. GitLab CI, GitHub Actions, Jenkins – full lifecycle automation with GitOps.

GitLab CIGitHub ActionsArgoCDIaC

Cloud Architecture

running

Architecture design from scratch or migration of existing systems. VPC networking, security baseline, multi-cloud strategy.

VPCTerraformMulti-cloudCompliance

Review Quality check

Deployed In production

02 – Stack

Technologies & certifications

Tools I use daily to build scalable, secure infrastructure.

namespace: cloud 3

AWS

Expert

Azure

Expert

GCP

Advanced

namespace: iac-config 2

Terraform

Expert

Ansible

Advanced

namespace: ci-cd 4

GitLab CI

Expert

Jenkins

Expert

GitHub Actions

Advanced

ArgoCD

Advanced

namespace: containers 3

Kubernetes

Advanced

Docker

Advanced

Helm

Advanced

namespace: other 4

Python

Advanced

Linux

Advanced

Palo Alto

Expert

AI Integrations

Expert

AWS Solutions Architect

Amazon Web Services

Azure Administrator

Microsoft

PCNSA

Palo Alto Networks

03 – Work

Selected projects

Anonymized examples across different industries and scales.

cloud-audit

Featured in Help Net Security MIT

cloud-audit

Open-source AWS security scanner with Terraform remediation

47 curated checks across 15 AWS services. Every finding includes copy-paste CLI commands and Terraform code to fix it. 16 MITRE ATT&CK attack chain rules correlate individual findings into exploitable attack paths. Built-in diff command tracks drift between scans - no other open-source CLI scanner has this.

security python aws terraform sarif mitre-attack

$ cloud-audit scan --format terminal

CRITICAL Root account has no MFA enabledIAM-001

HIGH S3 bucket lacks Public Access BlockS3-002

HIGH Security group allows 0.0.0.0/0 on port 22EC2-003

MEDIUM CloudTrail not enabled in all regionsCT-001

LOW EBS volume encryption not defaultEC2-005

⚠ Attack Chain: Public SG + IMDSv1 + Admin Role = Account Takeover

Scanned 63 resources in 28s Health Score: 34/100

▶

See cloud-audit in action - attack chains, remediation, and scan diff in 60 seconds

Merged

!14

Cloud Security Architecture for Enterprise

security awspalo-altoterraformvpc

Designed and implemented Security VPC architecture with Palo Alto NGFW for enterprise clients across automotive, government, and cultural sectors.

Merged

Self-Managing Jenkins Platform on AWS

ci/cd jenkinsaws-ecsjcascdocker

Fully automated Jenkins on AWS ECS with Configuration as Code. Dynamic agents, self-updating pipeline, zero-touch deployment.

Merged

Production Terraform Modules

infrastructure terraformawsopen-sourceiac

12 production-ready Terraform modules published to the Terraform Registry. Reusable networking, compute, and storage components.

Merged

GitOps Pipeline for Kubernetes

devops kubernetesargocdhelmeks

GitOps workflow with Amazon EKS, ArgoCD, and Helm. Continuous delivery for microservices with full audit trail.

Details available under NDA during consultation.

Interested in working together?

Start with a free security review of your AWS setup - report in 48h.

Get my free review

04 – Open Source

Terraform modules

Production-ready AWS modules designed to work together. Published to the Terraform Registry.

Terraform Registry

12 published modules

Complete set of AWS modules – from VPC networking to ECS container orchestration. Designed as composable building blocks.

View on Registry

Palo Alto Networks

Open-source contributor

Contributed to Palo Alto Networks Terraform modules for deploying Software Firewalls on AWS.

View on GitHub

terraform graph 12 modules · 11 dependencies

View on Registry →

Networking Compute Load Balancing Storage

VPC VPC, IGW, DHCP, Flow Logs Subnets Subnets, Route Tables, tiers Sec Group Flexible SG rules NAT GW NAT, single or multi-AZ EC2 EC2 with EBS, userdata ALB ALB with listeners & rules NLB NLB configuration Routes TGW, Peering, VPN routes EIP Elastic IPs management ECS ECS Fargate & EC2 EFS EFS with mount targets Secrets Secrets with rotation

05 – About

identity

Mariusz Gebala

Cloud & DevOps Engineer

Torun, Poland · 100% Remote

profile

10+ years in IT infrastructure – from server administration and industrial automation to modern cloud solutions.

Specializing in AWS & Azure architecture, Terraform, CI/CD pipelines, and enterprise network security with Palo Alto NGFW.

Contributor to Palo Alto Networks Terraform modules on GitHub.

Mariusz Gebala - Cloud & DevOps Engineer, AWS and Palo Alto consultant

stats

10+ Years in DevOps

3 Cloud Certifications

12 Terraform Modules

50+ Enterprise Deployments

links GitHub LinkedIn Terraform Registry

"Between searching through the legacy codebase jungle, heated brainstorm or precise feature deployment rollout, you're able to quickly catch up on a topic, or lead a given scope in autonomy. You were a great resource for the team, and I recommend you for your versatility."

Joey

Former teammate

06 – Blog

Latest posts

Practical articles on cloud infrastructure, security, and DevOps engineering.

Mar 18, 2026 · 14 min read

Prowler vs ScoutSuite vs cloud-audit [2026]

Prowler vs ScoutSuite vs cloud-audit: checks, remediation, attack chains, and CI/CD support compared. Find which free AWS security scanner fits your workflow.

awssecuritydevops

Mar 16, 2026 · 7 min read

I Audit AWS Accounts. 8 Out of 10 Have This GitHub Actions Backdoor.

Check if your GitHub Actions OIDC trust policy is secure. One missing IAM condition lets ANY repo assume your AWS role. 60-second CLI check + Terraform fix included.

awssecuritygithub-actions

Mar 14, 2026 · 11 min read

AWS Cost Waste: 5 Things I Find in Every Audit

AWS cost waste averages 27-35% of cloud spend. 5 patterns I find in every audit: orphaned EBS, infinite CloudWatch retention, idle NAT Gateways, gp2 volumes, oversized RDS. CLI commands and Terraform fixes included.

awscost-optimizationterraform

View all posts

07 – Free Quick Review

Find out what's exposed in your AWS account

A free 30-minute review of your AWS setup. I check the things that usually slip through the cracks – and send you a prioritized list of what to fix first.

IAM & identity review

Root MFA, stale access keys, overprivileged roles, missing permission boundaries

Network & firewall assessment

Open security groups, public RDS, VPC architecture, egress filtering gaps

Prioritized remediation plan

Ranked findings with fix commands, Terraform snippets, and estimated effort

Get my free security review

Terraform modules on the
public registry

Featured in HelpNetSecurity

Palo Alto Networks
certified practitioner

AWS Solutions Architect
Associate certified

08 – Contact