Open to Senior / Principal Cloud Architect roles

Ali Albaker
Cloud Architect
Healthcare

Building HIPAA-compliant AWS Landing Zones at scale.
13+ years securing, modernizing, and automating clinical infrastructure.

View Projects Get in Touch

13+

Years Exp

85+

Env Migrations

30%

Deploy Time ↓

Cloud Platforms

cloud-profile.tf

# Cloud Architect Profile

resource "aws_architect" "ali" {

name = "Ali Albaker"

role = "Cloud Architect – Healthcare"

employer = "Optimum Health IT"

location = "New York, NY"

cloud = ["AWS", "Azure", "OCI"]

iac = ["Terraform", "CDK", "CF"]

compliance = ["HIPAA", "SOC2", "DEA"]

speciality = "Healthcare LZ Migration"

}

# Status

output "availability" {

value = "Open to new challenges"

}

Years of Experience

Environments Migrated

Cloud Cost Savings

Deploy Time Reduction

Cloud Platforms

HIPAA Audit Success

Technical Expertise

Skills & Technologies

Multi-cloud architecture with deep specialization in healthcare compliance, IaC, and enterprise-scale migrations.

☁️

AWS Cloud

Landing Zones EC2S3RDS LambdaEKSBedrock RekognitionCognito API GatewayCloudFront

🏗️

Infrastructure as Code

TerraformModules CloudFormationCDK AnsibleGitHub Actions CI/CD Pipelines

🔐

Security & Compliance

HIPAASOC2 DEA/EPCSGuardDuty AWS ConfigSAML SSO IAMAuto-Remediation

🌐

Multi-Cloud

AzureOCI VMwareNutanix HCI KubernetesvCenter ESXi

🤖

AI / ML

AWS BedrockSageMaker RekognitionLLM Integration AI Workload Discovery

📊

Observability

CloudWatchSplunk Cost DashboardsRoute53 CloudflareVeeam AWS Backup

Portfolio

Featured Projects

Real-world infrastructure and AI solutions built across healthcare, cloud cost management, and serverless platforms.

Featured

AI Tennis Analyzer — SaaS Platform

Full-stack SaaS application using AWS Bedrock and Rekognition for real-time video analysis of tennis technique. Cognito authentication, React frontend, serverless backend — production-grade architecture built as a personal passion project.

AWS BedrockRekognition CognitoReact LambdaAPI Gateway

Private — Request Access

Healthcare

Enterprise Hospital LZA Migration

Led end-to-end AWS Landing Zone Accelerator (LZA) migration for an enterprise hospital — on-premises VMware workloads to fully compliant AWS cloud. Implemented HIPAA guardrails, blue/green deployments, and cost management from day one.

LZAHIPAA TerraformAWS Control Tower VMwareBlue/Green Deploy

Private — Request Access

AI + FinOps

SageMaker Cost Chatbot

Conversational AI chatbot powered by AWS SageMaker that answers natural-language questions about cloud spend. Integrates Cost Explorer APIs, giving engineers real-time cost intelligence without leaving their workflow.

SageMakerCost Explorer LambdaBedrock

Private — Request Access

FinOps

AWS ↔ Azure Cost Translator

Tool that maps equivalent services across AWS and Azure and generates side-by-side cost comparisons. Used during multi-cloud migration planning to justify cloud spend and validate architecture decisions.

AWSAzure Cost OptimizationTerraform

Private — Request Access

Serverless

FastAPI Lambda + API Gateway

Production-ready serverless REST API built with FastAPI on Lambda, fronted by API Gateway. Terraform-managed, with automated CI/CD deployment pipeline and WAF integration for security.

FastAPILambda API GatewayTerraform CI/CD

Private — Request Access

LLM Engineering

LLM Engineering Lab

Experimental workspace for LLM fine-tuning, prompt engineering, and RAG pipeline development. Includes evaluation harnesses, cost-aware inference patterns, and healthcare-domain prompt templates.

LLMRAG BedrockPrompt Engineering

Private — Request Access

Azure

Azure Landing Zone IaC

Enterprise Azure Landing Zone built entirely in Terraform modules — management groups, policies, networking hub-spoke, and identity configuration. Mirrors AWS LZ patterns for consistent multi-cloud governance.

AzureTerraform Hub-SpokePolicy as Code

Private — Request Access

IaC Module

CloudFront Automation Module

Reusable Terraform module for spinning up CloudFront distributions with S3 origins, WAF, custom headers, and cache behaviors. Used across multiple client deployments at Optimum Health IT.

CloudFrontS3 Terraform ModuleWAF

Private — Request Access

Serverless

AWS API Gateway Platform

Production API Gateway with custom domain, Lambda authorizers, usage plans, and WAF integration. Terraform-managed with blue/green deployment support and full observability via CloudWatch.

API GatewayLambda Custom DomainTerraform WAF

Private — Request Access

Azure

Azure Fabric Integration

Infrastructure-as-Code for Microsoft Fabric workspace provisioning — automating data lake, Lakehouse, and pipeline resources across healthcare analytics environments with governance controls.

AzureMS Fabric TerraformData Lake Analytics

Private — Request Access

Interactive Demo

Healthcare AWS Landing Zone

A live walkthrough of the multi-account architecture I architect for healthcare clients. Click any service to learn more.

AWS Organization — Healthcare Client

Management

Control Tower

SCPs

Security

GuardDuty

Config + HIPAA

CloudTrail

Security Hub

Network

Transit GW

Ingress + WAF

Egress Firewall

Healthcare Workload

ECS Fargate

RDS Aurora PHI

Backup Vault

KMS CMKs

✓ HIPAA ✓ SOC2 Terraform IaC

terraform apply

Career History

Work Experience

13+ years progressively owning larger-scale infrastructure — from hospital sysadmin to enterprise cloud architect.

Sept 2025 — Present

Optimum Health IT

Cloud Architect – Healthcare

Architecting and deploying AWS Landing Zones for healthcare clients. Implementing security and compliance guardrails following the AWS Well-Architected Framework.

Implemented blue/green deployment strategies, minimising downtime
Built AWS cost management dashboards, enhancing cost visibility
Led cost optimisation initiatives, reducing unnecessary expenses
Deployed AI solutions for workload discovery and migration planning

Nov 2023 — Sept 2025

Marathon Health

Senior Cloud Engineer

Designed and managed AWS infrastructure for healthcare platforms, ensuring HIPAA and SOC2 compliance. Automated provisioning with Terraform and CloudFormation.

Implemented AWS Config and GuardDuty for security and compliance
Managed AWS WorkSpaces with SAML SSO and lifecycle automation
Optimised containerized workloads to enhance scalability
Enhanced security posture with auto-remediation strategies

Oct 2021 — Nov 2023

Fivos Health

Senior Systems Administrator – IT & Security

Managed hybrid AWS and OCI environments for healthcare workloads. Drove infrastructure modernization with Terraform, GitHub Actions, and PowerShell.

Migrated 85+ customer environments across cloud platforms with minimal downtime
Orchestrated resilient DNS and networking with Route 53 and Cloudflare
Achieved consistent recovery success with Veeam and AWS Backup

Oct 2020 — Dec 2021

Ellis Medicine Hospital

IT Manager / Server Administrator Lead

Oversaw server and infrastructure operations for clinical environments. Managed VMware to Nutanix HCI and Kubernetes migration.

Streamlined automation with Terraform and Ansible, reducing deployment time by 30%
Instituted HIPAA-compliant security controls and access policies

Feb 2019 — Oct 2020

CMA Consulting

Senior Systems Administrator

Automated hybrid infrastructure across AWS and Azure using Terraform, Ansible, and SCCM. Implemented Splunk for centralized logging and SOC visibility.

Jan 2013 — Feb 2019

Albany Medical Center Hospital

System Network Administrator

Oversaw large-scale clinical infrastructure. Implemented EPCS with MFA/2FA for DEA compliance. Supported HIPAA audits, security reviews, and incident response.

Credentials