Live GCP backend is on hold — Google’s free tier isn’t yet available in the Saudi region. Enjoy the static oasis while we wait for the clouds to roll in!

Nawaf Alshehri

Cloud & DevOps Engineer (GCP Edition)

Static Mode

Cloud Transformation with Google

Embracing the GCP ecosystem, I've transitioned my cloud engineering journey to include Google Cloud Platform to further expand my multi-cloud fluency. Combining GCP’s powerful managed services with my DevOps background, I’ve reimagined this portfolio using Cloud Storage, Cloud Functions, Cloud Run, and Cloud Build — unified under secure, scalable infrastructure-as-code principles.

Learning Plan Progress

Project 1 – Terraform Everything + Secure CI/CD completed IaC for GCP + security scanners + OIDC auth in GitHub Actions.
Project 2 – Helm-Packaged App on GKE in progress Terraform for GKE, Helm chart for app, HPA, secrets & pipeline release.

GCP-Powered Projects

Project 1 – Terraform Everything + Secure CI/CD Done

End-to-end Terraform for core GCP resources with a hardened GitHub Actions pipeline (tflint, tfsec, Checkov) and OIDC-based deployment — no long-lived keys.

IaC: Cloud Storage bucket, Service Account, Firestore, Cloud Run/Functions, IAM bindings.
CI: terraform fmt/validate/plan on PRs; scanners block insecure configs.
Auth: Workload Identity Federation (OIDC) between GitHub Actions & GCP.
Deliverables: infra/main.tf, variables.tf, .github/workflows/terraform-ci.yml.

Cloud Resume Challenge (GCP Edition)

Rebuilt this resume website using GCP’s modern serverless stack and CI/CD workflows for a complete multi-cloud portfolio. [View on GitHub]

Infrastructure as Code: Cloud Storage, HTTPS Load Balancer, Cloud Functions via Terraform.
Serverless & CI/CD: Cloud Build and GitHub Actions automate testing & deployment.
Security: Workload Identity Federation authenticates GitHub without secrets.
Observability: Cloud Logging & Cloud Monitoring capture metrics & traces.

Project 2 – Helm-Packaged App on GKE In Progress

Terraform provisions GKE; Helm drives the app lifecycle. Pipeline promotes images and performs helm upgrade --install after infra apply.

Terraform: GKE cluster, node pool, networking, IAM.
Helm Chart: Deployment, Service, ConfigMap, Secret (sealed/external), HPA.
Pipeline: Separate Terraform and Helm jobs; image tag passed via values file.
Deliverables (planned): helm/resume-app/Chart.yaml, values.yaml, GitHub Action for Helm release.

AI Knowledge Agent (Multi-Cloud)

Semantic search agent that runs on AWS or GCP, answering questions over markdown knowledge bases.

LangChain & FAISS: local vector database.
LLM Runtime: Vertex AI or Groq API.

Core Identity

Desert-born, cloud-native. I bridge the vastness of resilient tradition with the flexibility of modern cloud.

Technical Stack

Cloud: GCP (Cloud Run, Cloud Build, Cloud Storage, IAM, Load Balancer)
IaC: Terraform
CI/CD: Cloud Build, GitHub Actions
AI/ML: Vertex AI, LangChain, Hugging Face
Scripting: Python, Bash
Security: Workload Identity Federation, IAM, DLP API
Networking: VPCs, DNS, HTTP Load Balancing