Why I'm Ditching My Home Lab to Build a Serverless AI Proxy (and Tackle the AWS Security Specialty)
Trading local VMs and hypervisors for Terraform, least-privilege IAM, and a multi-model AI architecture.
As a Site Reliability Engineer (SRE) with over a decade of experience in the Fortune 500 trenches, I love building infrastructure. My home office looks exactly how you'd expect: a Synology NAS, Ubiquiti networking gear, and a Proxmox server humming in the corner.
But recently, I realized something critical: managing local infrastructure is undifferentiated heavy lifting. When you want to rapidly prototype new cloud architectures and upskill, every hour spent patching a local hypervisor or tweaking a VM is an hour you aren't actually coding or learning. So, I am powering down the Proxmox server and pivoting my personal lab entirely to the public cloud.
This blog will document my personal learning journey and dual-mission for the upcoming months:
Building a Cloud-Native Sandbox: A secure, multi-model AI chatbot proxy (optimized for the Vietnamese language) utilizing models like Google Gemini and Meta's Llama 3 as a proof-of-concept (PoC).
Mastering Cloud Security: Studying for and passing the notorious AWS Certified Security - Specialty (SCS-C03) exam by using this personal project as the ultimate hands-on laboratory.
The "Security-First" Architecture
I won't be building a quick-and-dirty prototype using standard backend-as-a-service platforms. To truly prepare for the AWS Security exam, I am building an enterprise-grade, serverless architecture from scratch using Terraform.
Here is a sneak peek at the stack I’ll be breaking down in future posts:
Edge & Authentication: Amazon Cognito (with JWT validation) and API Gateway.
Compute Routing: AWS Lambda (enforcing strict, least-privilege IAM execution roles).
The Secret Vault: AWS Systems Manager (SSM) Parameter Store combined with AWS KMS (Customer Managed Keys) to securely encrypt external AI API keys.
Audit & Forensics: AWS CloudTrail and centralized logging.
The FinOps & Multi-Device Workflow
As an SRE, efficiency is everything. I am building this across a Mac Mini and a Windows 11 laptop. To ensure zero friction and no corrupted state files, I am strictly segregating my environments:
Code Sync: Exclusively via GitHub (No cloud-drive syncing for
.gitor.terraformfolders).State Management: AWS S3 and DynamoDB for remote Terraform state locking.
Local AI Testing: Utilizing spare SSDs to run local LLMs (via Ollama) for zero-cost prompt engineering before routing anything to my AWS sandbox.
What to Expect
I will be building in public. Expect highly technical deep dives, complete Terraform code snippets, Mermaid.js architecture diagrams, and honest reviews of the AWS Security Specialty study process (shoutout to Adrian Cantrill's deep-dive courses).
If you are an infrastructure engineer looking to pivot into Cloud Security, or a builder interested in serverless AI architecture, follow along. Let's build something secure.