Gustavo Guerra

AWS Solutions Architect

Building scalable, secure, and cost-effective cloud solutions with hands-on AWS projects. Specializing in serverless, static hosting, and infrastructure automation.

Featured AWS Projects

Static Website Hosting (This Portfolio)

A fully static, serverless portfolio site demonstrating foundational web hosting best practices.

Technologies: Amazon S3, CloudFront, Route 53, ACM

Live Demo (You're here!)

WordPress Blog on AWS Lightsail

A fully managed, secure WordPress blog with automated backups, SSL, and firewall hardening.

Technologies: AWS Lightsail, Route 53, Let’s Encrypt (bncert-tool), UpdraftPlus, Wordfence

EC2-based Web Server

Custom Apache web server on EC2 with security hardening, monitoring, and persistent IP.

Technologies: EC2 (Amazon Linux 2023), Apache (httpd), IAM, Security Groups, CloudWatch, Elastic IP

  • t3.micro instance with manual Apache installation
  • IMDSv2 enabled, least-privilege Security Groups, and IAM instance profile
  • Let’s Encrypt SSL via Certbot
  • CloudWatch Agent for logs/metrics collection
  • Elastic IP for static public access (Live IP: 52.201.28.243)
  • GitHub Documentation →

Scalable Web App with ALB & Auto Scaling

Highly available web app with automatic scaling behind an Application Load Balancer.

Technologies: EC2, Auto Scaling Group, ALB, Launch Template, CloudWatch, Route 53

  • ASG (2–4 t3.micro instances) with user data for Apache setup and unique instance greetings
  • Internet-facing ALB with health checks
  • CPU-based scaling policies (50% threshold) and CloudWatch alarms
  • Route 53 alias to ALB DNS
  • Load tested with Apache Bench to verify scaling
  • GitHub Documentation →

Multi-Tier Web App with VPC & RDS (IaC with Terraform)

Secure, highly available multi-tier PHP application with private database tier, deployed reproducibly using Infrastructure as Code.

Technologies: VPC, ALB, EC2 Auto Scaling Group (Graviton), RDS MySQL, ACM, Security Groups, NAT Gateway, Terraform (IaC), CloudWatchh

  • Custom VPC with public/private subnets across 2 AZs and NAT Gateway for outbound access
  • Internet-facing ALB with ACM wildcard certificate, HTTPS termination, and HTTP redirect
  • ASG in private subnets running Graviton-based instances, connected to private RDS MySQL
  • Least-privilege Security Groups, CloudWatch monitoring, and automated infrastructure provisioning via Terraform
  • Live demo (PHP visit counter app): app.gmmguerra.com →
  • GitHub Documentation (Terraform Code) →

Serverless Static Website with CloudFront Functions

Advanced serverless static site with edge computing for enhanced security and interactivity.

Technologies: S3, CloudFront, OAC, ACM, CloudFront Functions, Route 53

  • Private bucket with OAC restriction
  • CloudFront Functions for edge logic (e.g., geo headers)
  • ACM wildcard cert with HTTP → HTTPS redirect
  • Route 53 alias for custom domain
  • Live demo (responsive portfolio): serverless.gmmguerra.com →
  • GitHub Documentation →

Progressive Web App Hosting with Amplify

Deployed a modern Progressive Web App (PWA) using serverless frontend hosting.

Technologies: AWS Amplify, Vite + React, CloudFront, ACM

  • Full CI/CD pipeline from GitHub with automatic builds
  • Global CDN distribution with HTTPS and custom domain
  • Offline support and "Add to Home Screen" capability
  • Zero server management – fully serverless
  • Live demo: pwa.gmmguerra.com →
  • GitHub Documentation →

Containerized Serverless API with AWS App Runner

A fully managed containerized Node.js/Express API, showcasing serverless containers with zero infrastructure management.

Technologies: AWS App Runner, Amazon ECR, Docker, Node.js/Express

  • Docker container built locally with lightweight node:20-slim base image
  • Pushed to private ECR repository for secure storage
  • App Runner service with automatic HTTPS, health checks, and auto-scaling
  • No EC2, VPC, or ALB required — pure serverless container hosting
  • Live Demo: Simple Hello API (When Running)→
  • GitHub Documentation →

Serverless Image Analyzer with Amazon Rekognition

An event-driven serverless web app for uploading images and analyzing them with AI-powered object/label detection.

Technologies: S3, Lambda (Python), Amazon Rekognition, API Gateway (REST), IAM, CloudWatch

  • Static frontend hosted on S3 for image upload to "uploads/" folder
  • S3 event trigger invokes Lambda for asynchronous processing
  • Rekognition DetectLabels (object/confidence scores) and DetectLabels
  • Secure permissions: Lambda role for Rekognition + S3 bucket policy allowing rekognition:DetectLabels
  • API Gateway exposes results endpoint; frontend polls for analysis completion
  • Handles real-world issues like URL-encoded filenames (spaces) and timing delays
  • GitHub Repo (Code & README) →

AI-Powered Chat Bot with Amazon Bedrock

A serverless generative AI chatbot leveraging Anthropic Claude models for intelligent, conversational responses.

Technologies: Amazon Bedrock (Claude model), AWS Lambda, Amazon API Gateway, IAM, CloudWatch

  • RESTful API endpoint via API Gateway proxying to Lambda
  • Lambda function invoking Bedrock Converse API for streaming or standard responses
  • Secure access with IAM roles (least-privilege for Bedrock invocation)
  • Monitoring with CloudWatch Logs/Metrics for invocations and errors
  • Cost-optimized with on-demand Lambda and pay-per-use Bedrock tokens
  • Live demo (if deployed): Chat Bot Endpoint →
  • GitHub Documentation →

Technical Skills

Credentials & Certifications

AWS Cloud Practitioner

AWS Certified Cloud Practitioner
(June 2025)

AWS AI Practitioner

AWS Certified AI Practitioner
(July 2025 – Early Adopter)

AWS Solutions Architect Associate

AWS Certified Solutions Architect – Associate
(November 2025)

Well-Architected Proficient

AWS Well-Architected Proficient
(September 2025)

Google AI Essentials

Google AI Essentials
(September 2025)