Proving dual-cloud capability. Built specifically because Perth’s mining and resources sector runs heavily on Azure.
Why Azure
I’ve spent 6+ years deep in AWS. Perth’s mining sector — Fortescue, BHP, Woodside, Rio Tinto — runs heavily on Azure. This project is my way of proving I can think in both clouds. Not just translate services one-to-one, but understand Azure-native patterns like Managed Identity, Key Vault integration, and AKS-specific networking.
The interesting part is seeing where the clouds diverge. Azure’s identity model is fundamentally different from AWS IAM, and that changes how you architect everything downstream.
What I’m Building
Azure Enterprise Infrastructure Platform using Terraform IaC:
- Networking: Azure Virtual Network (hub-and-spoke)
- Compute: Azure Kubernetes Service (AKS)
- Registry: Azure Container Registry (ACR)
- Secrets: Azure Key Vault with Managed Identity (zero-credential auth)
- Observability: Azure Monitor + Log Analytics
- Database: Azure SQL
- Ingress: Azure Application Gateway
- CI/CD: GitHub Actions with Terraform plan/apply
- State: Azure Storage backend
- Environments: Dev/prod separation with same Terraform code
Architecture
GitHub Actions CI → Terraform Plan/Apply
↓
Azure VNet (Hub-and-Spoke)
└── AKS Cluster
├── App Services → Azure SQL
├── Key Vault (Managed Identity)
└── ACR (container images)
Observability:
Azure Monitor → Log Analytics → Dashboards
Auth: Managed Identity (zero credentials)
State: Azure Storage backend
Cross-Cloud Thinking
| Concept | AWS | Azure |
|---|---|---|
| Identity | IAM Roles / Pod Identity | Managed Identity / Workload Identity |
| Secrets | Secrets Manager | Key Vault |
| K8s | EKS | AKS |
| Registry | ECR | ACR |
| IaC State | S3 + DynamoDB | Azure Storage |
| Observability | CloudWatch + X-Ray | Azure Monitor + Log Analytics |
Same architectural patterns. Different native implementations.
Status
In progress. Architecture designed, Terraform modules being built.