Cloud Infrastructure

Production-Ready AWS Cloud Operations Environment

Designed a secure, compliance-ready AWS environment for aerospace CFD simulations, achieving 94% cost reduction and 8x faster runtime through optimized HPC instances and intelligent storage architecture.

View Code

Technologies

AWSCloudSecurityCompliance

Aerospace CFD simulations demand infrastructure that balances raw computational power with strict security requirements. This environment was designed for defense contractor workloads requiring ITAR and DFARS compliance.

The Challenge

Build a cloud environment that reduces CFD simulation runtime from 48+ hours to under 8 hours while maintaining FIPS 140-2 encryption, comprehensive audit trails, and fault tolerance limiting data loss to 30 minutes maximum.

Key Decisions

1

Operating System

Amazon Linux 2023

  • FIPS 140-2 validated cryptographic modules for ITAR compliance
  • AWS-optimized kernel with native CloudWatch and Systems Manager integration
  • Zero licensing costs with 5-year support lifecycle
2

Compute Instance

HPC7a.48xlarge

  • 96 vCPUs @ 3.7-4.0GHz optimized for tightly-coupled HPC workloads
  • CFD mesh decomposition across all cores reduces iteration time from 45s to 25s
  • $21 per simulation vs $384 on general-purpose instances (94% cost reduction)
3

Storage Architecture

Three-volume design: Root, Scratch, Checkpoint

  • Root (100 GiB): OS isolation with independent snapshots for disaster recovery
  • Scratch (1,000 GiB): Ephemeral solver data with 80% cost reduction vs persistent storage
  • Checkpoint (500 GiB): 30-minute snapshots limiting maximum data loss on failure
4

Encryption Strategy

AES-256-GCM with AWS KMS Customer Managed Keys

  • FIPS 140-2 Level 2 validated HSMs meet DFARS 252.204-7012 requirements
  • Complete CloudTrail audit logs for ITAR compliance investigations
  • Automatic annual key rotation per NIST SP 800-57 guidelines
5

Network Configuration

Hybrid IP: Dynamic internal, Elastic IP external

  • Dynamic DHCP simplifies management—security groups reference instance IDs
  • Elastic IP provides persistent SSH endpoint across instance restarts
  • Scalable pattern for HPC clusters with static infrastructure IPs
6

System Services

chronyd, sshd, SSM agent, auditd, CloudWatch agent

  • chronyd: Accurate timestamps for compliance logs and distributed operations
  • auditd: Security event logging for ITAR/DFARS audit trail
  • CloudWatch agent: CPU, memory, disk, and network metrics collection

Tech Stack

AWSCloudSecurityCompliance
Back to Projects