Jack Salamone

Network Engineer  ·  Cloud Architect

CCNP and AWS SAA certified IT professional specializing in hybrid cloud connectivity for healthcare environments. BGP route policy, IPSec tunnels, and Terraform-provisioned infrastructure across AWS and Azure.

Jack Salamone

About

I design and operate hybrid cloud infrastructure at the layer where enterprise networking meets AWS. That means BGP route policy, IPSec tunnels, VPC architecture, and the segmentation decisions that determine whether on-premises systems can reach cloud resources safely.

For the past several years I have been doing this work in healthcare environments where the connectivity I maintain is part of clinical infrastructure. My CCNP background gives me a foundation in routing and switching that shapes how I approach cloud networking problems, and my AWS Solutions Architect certification formalizes the cloud side of that same work.

Everything below runs on real AWS infrastructure, provisioned entirely with Terraform. The flagship is Packetfall, a production SaaS serving users right now. The labs are deliberately torn down between demos, because idle infrastructure is wasted money, and each one redeploys from state in minutes.

5+ Years cloud
networking
CCNP Enterprise
certified
AWS Solutions Architect
certified
IaC All labs in
Terraform

Skills

☁️

Cloud Networking

  • AWS VPC, Transit Gateway
  • Site-to-Site VPN, Direct Connect
  • Azure VNet, ExpressRoute
  • Security Groups, NACLs
  • VPC Flow Logs, CloudWatch
🔀

Enterprise Networking

  • BGP, OSPF, EIGRP
  • HSRP, VLAN, STP
  • SD-WAN, QoS
  • MPLS, WAN connectivity
  • Network segmentation
🔒

Security

  • FortiGate NGFW
  • IPSec / SSL VPN
  • RADIUS, 802.1X
  • Conditional Access, MFA
  • Zero Trust architecture
⚙️

Infrastructure as Code

  • Terraform (modules, state)
  • CloudFormation
  • AWS CLI, boto3
  • GitOps / CI/CD pipelines
  • Linux scripting
🖥️

Platforms

  • Cisco IOS / IOS-XE
  • FortiOS
  • Cisco Meraki
  • AWS, Azure
  • Linux (Ubuntu, RHEL)

Projects

One production SaaS and six reproducible labs. Every AWS resource provisioned with Terraform.

Browser Client TypeScript + Three.js · local-first CloudFront + S3 Route53 · packetfall.io API Gateway HTTP APIs · WebSocket subs Lambda · Node 20 presence Lambda · Node 20 names Lambda · Node 20 analytics Lambda · Node 20 DynamoDB saves · subs · teams Cognito auth + SES Stripe billing All infrastructure in Terraform · GitOps deploys via GitHub OIDC operated end to end by one person for ~$10/month
Live Product

Packetfall

A production SaaS that teaches the CCNA and Network+ as a full 3D RPG in the browser. Two complete certification tracks, 53 dungeons, CLI lab boss fights, and a ranked PvP arena, with subscriptions handled through Stripe.

Serverless end to end: S3 and CloudFront at the edge, Cognito authentication, Stripe billing, DynamoDB, and Lambda microservices behind HTTP and WebSocket APIs. Every resource is Terraform-managed and ships through a GitOps pipeline with no long-lived AWS keys.

100% serverless · IaC end to end · ~$10/mo
TypeScript Three.js Lambda DynamoDB Cognito Stripe Terraform
Play it live at packetfall.io →
router-cloud (AS 65001) — eBGP over IPSec → AS 65002 SNAPSHOT
router-cloud# show ip bgp summary

                

BGP Dynamic Routing Lab

On-demand infrastructure

Two FRR routers peered over an IPSec tunnel in AWS. This is the exact protocol stack behind AWS Direct Connect: eBGP over encrypted transport, route advertisements flowing between autonomous systems. The terminal shows a captured snapshot from a real session that stayed established for over five weeks.

Spun down to keep cloud cost at zero between demos. The full stack (VPCs, EC2, FRR, IPSec, IAM, Lambda) redeploys from Terraform in a few minutes.

AS 65001 ←── eBGP / TCP 179 / IPSec ──→ AS 65002
BGP / FRR IPSec AWS Terraform Lambda SSM
View on GitHub →
Shared Services VPC Hub Prod VPC Spoke Dev VPC Spoke no direct peering

Multi-VPC Hub-and-Spoke

Hub-and-spoke topology across three VPCs: Shared Services at the center, Prod and Dev as isolated spokes. Each spoke reaches shared resources. They cannot reach each other. This is the standard segmentation pattern for enterprise-scale AWS environments.

AWSTerraformVPC PeeringNetwork Design
View on GitHub →
Application Load Balancer AZ-a AZ-b EC2 (Auto Scaling) EC2 (Auto Scaling) RDS Multi-AZ (private subnets)

Highly Available Web Application

Production-grade fault tolerance: ALB distributing traffic across an Auto Scaling Group in two Availability Zones, with Multi-AZ RDS in private subnets. Failover tested by terminating instances and verifying automatic recovery.

AWSTerraformALBAuto ScalingRDS
View on GitHub →
module "vpc" { } env = var.env cidr = var.cidr azs = var.azs Prod VPC 10.0.0.0/16 Dev VPC 10.1.0.0/16

Reusable Terraform VPC Module

A parameterized Terraform module that provisions a complete VPC from a single definition. Instantiated with different inputs for prod and dev, eliminating configuration drift between environments. This is the pattern used in production IaC at scale.

TerraformAWSIaC Modulefor_each
View on GitHub →
VPC Flow Logs S3 / CW CloudWatch Logs Insights Alarms + Dashboard

Cloud Network Monitoring

VPC Flow Logs piped to CloudWatch with custom Logs Insights queries for detecting rejected connections, unusual traffic patterns, and lateral movement. Rejection alarms and a live dashboard built for real incident investigation, not just log storage.

AWSTerraformCloudWatchFlow Logs
View on GitHub →

Blog

Writing on cloud networking, infrastructure, and the work behind the portfolio.

Get In Touch

Have a question or want to connect? Let's talk.