Built with Claude Code · Agentic AI DevOps · AWS S3 + CloudFront + Terraform
AI Lab
Built. Not just talked about.

Hands-on projects demonstrating applied AI security and agentic DevOps. Every project here is real, deployed, and publicly available on GitHub.

01 / Active · Deployed
View on GitHub →
This website — Agentic DevOps with Claude Code
Designed and deployed entirely using Claude Code — Anthropic's agentic coding tool. Built with CLAUDE.md context engineering to teach Claude the project architecture, slash commands for reusable DevOps workflows, and a 3-layer safety model for infrastructure guardrails. Infrastructure provisioned with Terraform. Deployed automatically via GitHub Actions using OIDC authentication — no long-lived AWS credentials anywhere in the pipeline.
Deployment Architecture
GitHub repo → Actions (OIDC) → S3 → CloudFront CDN → amitwebsite.online
Terraform: S3 · CloudFront · ACM · Route 53 · OAC (Origin Access Control)
Security: HTTPS enforced · Security headers · No public S3 access · OIDC auth
Claude Code Agentic DevOps Terraform S3 + CloudFront GitHub Actions OIDC ACM SSL Route 53
02 / Active · Deployed
Try Live Demo →
Zero Trust Network Access Lab (ZTNA)
A production-grade ZTNA platform on AWS aligned with NIST SP 800-207. Demonstrates Just-In-Time identity provisioning via Okta and Cloudflare Access — ephemeral credentials provisioned in real time, auto-revoked after 3 minutes via EventBridge and Lambda. Two demo paths: anonymous JIT and Cognito-federated (Google OAuth). Zero persistent accounts, zero inbound ports, serverless architecture running 24/7 at near-zero cost.
Architecture
Cloudflare Access + Okta OIDC → JIT Lambda → EventBridge Scheduler → Auto-revoke (3 min)
API Gateway (3 routes) · Cognito + Google OAuth · SSM SecureString · AWS Config compliance
IaC: Terraform + GitHub Actions OIDC · Zero long-lived credentials · S3 native state locking
Cloudflare Access Okta OIDC JIT Provisioning AWS Lambda API Gateway EventBridge Cognito NIST SP 800-207 Terraform GitHub Actions OIDC
03 / Coming soon
LLM Threat Model Template
STRIDE-based threat model template for LLM deployments in regulated industries. Will cover prompt injection, data poisoning, model extraction, and agentic AI attack vectors aligned with MITRE ATLAS and OWASP LLM Top 10. Based on real threat modeling work at Lloyds Banking Group.
STRIDE MITRE ATLAS OWASP LLM Top 10 Regulated industries
04 / Coming soon
Secure AWS Landing Zone — Terraform
Production-grade multi-account AWS Landing Zone with Zero Trust Kubernetes, IAM governance, SCPs, and security guardrails embedded in CI/CD pipelines. Based on real implementations at Standard Chartered Bank Singapore.
Terraform EKS Zero Trust AWS SCPs Kyverno