Sam is available for hire
Hire SamSam Bashton
Verified Expert in Engineering
DevOps Engineer and Developer
Sydney, Australia
Toptal member since September 5, 2022
Bio
Sam has more than 15 years of cloud computing experience across a wide range of verticals, from high-growth startups to established enterprises. He excels at building a cloud infrastructure that empowers developers and increases their efficiency while ensuring secure environments. Automation is at the core of everything Sam does, as he always tries to build reliable, repeatable solutions that enhance organizational productivity and minimize or eliminate drudgery.
Portfolio
IAG
Akamai, Cloud Development Kit for Terraform (CDKTF), Terraform...
Qantas
Amazon Web Services (AWS), AWS Transit Gateway, Amazon Aurora, Amazon DynamoDB...
Bashton Ltd
Amazon Web Services (AWS), Google Cloud, Puppet, Amazon Aurora, Amazon DynamoDB...
Experience
- CI/CD Pipelines - 20 years
- Amazon Web Services (AWS) - 16 years
- AWS CloudFormation - 12 years
- Google Cloud - 8 years
- Terraform - 6 years
- Serverless - 6 years
- AWS Cloud Architecture - 2 years
- Cloud Development Kit for Terraform (CDKTF) - 1 year
Availability
Part-time
Preferred Environment
Amazon Web Services (AWS), Google Cloud
The most amazing...
...thing I've built was a development lifecycle platform for a major international airline with radical improvements in developer productivity.
Work Experience
Principal Consultant
2022 - 2022
IAG
- Collaborated on a three-month engagement to build automation for Akamai.
- Migrated Akamai environment from 'clickops' web UI management to full infrastructure-as-code.
- Utilized Terraform CDKTF built using TypeScript, and the deployments were managed via GitHub Actions.
Technologies: Akamai, Cloud Development Kit for Terraform (CDKTF), Terraform, System Administration, AWS Cloud Computing Services
Cloud Lead
2018 - 2022
Qantas
- Built a complete cloud-native development lifecycle platform that allowed developers to leverage the power of AWS while ensuring security.
- Designed and led the implementation of a petabyte-scale data lake solution.
- Re-engineered AWS networking from a virtual private cloud (VPC) peering connection to utilize AWS Transit Gateway, removing hard limits on AWS growth and simplifying connectivity.
Technologies: Amazon Web Services (AWS), AWS Transit Gateway, Amazon Aurora, Amazon DynamoDB, Data Lake Design, AWS Lake Formation, MySQL, Serverless, Python, Go, CI/CD Pipelines, AWS CloudFormation, Development, DevOps, Cloud, Networking, AWS IAM, Docker, APIs, Amazon S3 (AWS S3), Amazon CloudWatch, JavaScript, Node.js, Amazon EC2, AWS Lambda, Amazon Virtual Private Cloud (VPC), Load Balancers, Architecture, Cloud Computing, Infrastructure as Code (IaC), ETL, Linux, High-availability Systems, AWS CodePipeline, Git, Security, DevSecOps, Identity & Access Management (IAM), Containerization, Scripting, Automated Testing, Amazon RDS, Team Leadership, Autoscaling, Cost Reduction & Optimization (Cost-down), Amazon Simple Queue Service (SQS), Amazon Elastic Block Store (EBS), High Availability Disaster Recovery (HADR), Automation, Bash, GitHub, Jira, HashiCorp, Cloud Security, Amazon Route 53, TCP/IP, Agile DevOps, System Administration, AWS Cloud Computing Services
Founder
2004 - 2018
Bashton Ltd
- Built a consultancy firm from zero employees to over one hundred. It initially started as a company focused on open-source software, but I pivoted it to focus on cloud computing from 2010 onwards.
- Provided consultancy and managed support for cloud computing environments across AWS and Google Cloud.
- Led the company to a successful exit via acquisition by Claranet Group, an internationally-managed service provider.
Technologies: Amazon Web Services (AWS), Google Cloud, Puppet, Amazon Aurora, Amazon DynamoDB, MySQL, Serverless, Python, Go, CI/CD Pipelines, AWS CloudFormation, Development, DevOps, Cloud, Networking, AWS IAM, Ansible, Docker, SDKs, APIs, Amazon S3 (AWS S3), Amazon CloudWatch, Apache Kafka, IT Support, JavaScript, Node.js, Kibana, Vagrant, Zabbix, GitLab CI/CD, Kubernetes, Amazon EKS, Amazon EC2, AWS Lambda, Amazon Virtual Private Cloud (VPC), Load Balancers, VPN, Site Reliability Engineering (SRE), Architecture, Cloud Computing, Linux Administration, Google Cloud Platform (GCP), Infrastructure as Code (IaC), SQL, Linux, High-availability Systems, AWS CodePipeline, Git, Security, Cloud Migration, DevSecOps, Identity & Access Management (IAM), Helm, Containerization, Scripting, Azure, Automated Testing, Amazon RDS, PostgreSQL, GitLab, Team Leadership, Training, Autoscaling, Cost Reduction & Optimization (Cost-down), Amazon Simple Queue Service (SQS), Amazon Elastic Block Store (EBS), High Availability Disaster Recovery (HADR), Automation, Mentorship, Technical Writing, Consulting, Amazon Elastic Container Service (ECS), Amazon API Gateway, Bash, AWS Fargate, CircleCI, GitHub, Management, Jira, Cloud Security, Amazon Route 53, Web Application Firewall (WAF), TCP/IP, OpenVPN, Linux Network Stack, Point-to-Point Tunneling Protocol (PPTP), Agile DevOps, MongoDB, Cluster Management, System Administration, AWS Cloud Computing Services
Consultant
2014 - 2015
ITV
- Designed and built the common platform, a method for ITV to utilize AWS in a standardized way across the enterprise.
- Built infrastructure for the first common platform customer, ITV Hub, a TV streaming platform with millions of users in the UK.
- Developed infrastructure for partner media sharing using serverless technologies, introducing significant cost savings and reducing onboarding time for partners from months to minutes.
Technologies: AWS CloudFormation, MySQL, Serverless, Python, CI/CD Pipelines, Puppet, Development, DevOps, Cloud, AWS IAM, Amazon Web Services (AWS), Jenkins, APIs, Amazon S3 (AWS S3), Amazon CloudWatch, Kibana, AWS Lambda, Amazon Virtual Private Cloud (VPC), Load Balancers, Architecture, Cloud Computing, Infrastructure as Code (IaC), Linux, High-availability Systems, Git, Security, Identity & Access Management (IAM), Scripting, Automated Testing, Amazon RDS, Autoscaling, Amazon Simple Queue Service (SQS), Amazon Elastic Block Store (EBS), High Availability Disaster Recovery (HADR), Automation, GitHub, Cloud Security, Amazon Route 53, TCP/IP, Agile DevOps, System Administration, AWS Cloud Computing Services
Experience
Akamai Automation with CDK for Terraform
Leading a team of three, I built all necessary code to allow the customer, a large insurance company, to manage their Akamai CDN via CDK for Terraform.
This involved writing CDKTF constructs to make managing Akamai via Terraform simpler and a full CI/CD pipeline for automated testing and deployment of changes through relevant environments (dev, test, production).
The CI/CD pipeline was built using GitHub actions.
In addition, I wrote code that utilized the Akamai API to convert existing 'clickops' created properties to the newly built infrastructure-as-code platform.
This involved writing CDKTF constructs to make managing Akamai via Terraform simpler and a full CI/CD pipeline for automated testing and deployment of changes through relevant environments (dev, test, production).
The CI/CD pipeline was built using GitHub actions.
In addition, I wrote code that utilized the Akamai API to convert existing 'clickops' created properties to the newly built infrastructure-as-code platform.
AWS IDS Implementation for an International Airline
The security team at an international airline was concerned that no intrusion detection system (IDS) was in place for network traffic within or exiting AWS.
They considered extremely expensive IDS 'devices' for capturing all VPC traffic.
I wrote reports and presented them to senior stakeholders to help them understand their requirements could be met and even exceeded by using AWS GuardDuty, a solution available at a fraction of the cost of the IDS solution they were considering.
I oversaw implementing GuardDuty across the estate of several hundred AWS accounts, creating automation to ensure that newly created accounts were automatically enrolled in GuardDuty. The automation I created also ensured that SoC and those in charge of the infrastructure findings were related to were altered.
Automation was performed via a combination of AWS CloudFormation StackSets and AWS Lambda, with functions written in Go.
They considered extremely expensive IDS 'devices' for capturing all VPC traffic.
I wrote reports and presented them to senior stakeholders to help them understand their requirements could be met and even exceeded by using AWS GuardDuty, a solution available at a fraction of the cost of the IDS solution they were considering.
I oversaw implementing GuardDuty across the estate of several hundred AWS accounts, creating automation to ensure that newly created accounts were automatically enrolled in GuardDuty. The automation I created also ensured that SoC and those in charge of the infrastructure findings were related to were altered.
Automation was performed via a combination of AWS CloudFormation StackSets and AWS Lambda, with functions written in Go.
Qantas AWS Network Refactoring
When I joined Qantas, they used a peering configuration to provide interconnectivity between their various VPCs. Also, they attached AWS Direct Connect to individual VPCs manually. This was error-prone because of the manual steps involved, and it restricted their AWS growth because of rigid limitations on AWS peering.
I designed and implemented a move to AWS Transit Gateway. This removed bottlenecks, relieving the immediate pain point. The implementation provided automation for newly created accounts, utilizing AWS Lambda and AWS CloudFormation to connect new accounts appropriately without requiring any human interaction.
Transit Gateway additionally provided a path for multi-cloud adoption, with Google Cloud and Azure peering providing significant extra flexibility for the organization.
I designed and implemented a move to AWS Transit Gateway. This removed bottlenecks, relieving the immediate pain point. The implementation provided automation for newly created accounts, utilizing AWS Lambda and AWS CloudFormation to connect new accounts appropriately without requiring any human interaction.
Transit Gateway additionally provided a path for multi-cloud adoption, with Google Cloud and Azure peering providing significant extra flexibility for the organization.
AWS Cost Optimization for International Airline
Qantas was hit particularly hard by COVID-19 because Australia imposed a strict quota on the number of international arrivals for almost two years.
Working with another team member in charge of shutting down unused and right-sizing AWS instances, I focused on less obvious methods for finding cost savings.
I was able to find several million dollars annually in additional savings, over and above those from more traditional cost optimization techniques.
I did this by utilizing Python and Boto3 to interrogate several hundred AWS accounts and devising innovative strategies to save costs.
These included:
• Finding and removing unused RDS and RDS Aurora instances.
• Aligning AWS RDS and RDS Aurora instance type used across accounts and teams, enabling significantly higher reserved instance coverage.
• Finding and removing unused EBS volumes.
• Converting provisioned IOPS EBS volumes to gp3 volumes, which provided the same performance at a much lower cost.
• Converting gp2 volumes to gp3 volumes
• Finding and removing unused ELBs.
All of these strategies were implemented in a fully automated manner, with no more than 60 seconds of downtime for any individual change.
Working with another team member in charge of shutting down unused and right-sizing AWS instances, I focused on less obvious methods for finding cost savings.
I was able to find several million dollars annually in additional savings, over and above those from more traditional cost optimization techniques.
I did this by utilizing Python and Boto3 to interrogate several hundred AWS accounts and devising innovative strategies to save costs.
These included:
• Finding and removing unused RDS and RDS Aurora instances.
• Aligning AWS RDS and RDS Aurora instance type used across accounts and teams, enabling significantly higher reserved instance coverage.
• Finding and removing unused EBS volumes.
• Converting provisioned IOPS EBS volumes to gp3 volumes, which provided the same performance at a much lower cost.
• Converting gp2 volumes to gp3 volumes
• Finding and removing unused ELBs.
All of these strategies were implemented in a fully automated manner, with no more than 60 seconds of downtime for any individual change.
LUSH Google Cloud Migration
https://cloud.google.com/customers/lushA UK cosmetics producer and retailer, LUSH, needed to migrate away from their AWS eCommerce environment, which had significant availability problems.
We were given an insanely short timescale of 30 days, so I led a team of ten who managed to refactor and migrate the environment in just 22 days. The efforts were worthwhile as LUSH had their largest ever daily sale just one month later, with the new infrastructure providing 100% uptime throughout this period.
We were given an insanely short timescale of 30 days, so I led a team of ten who managed to refactor and migrate the environment in just 22 days. The efforts were worthwhile as LUSH had their largest ever daily sale just one month later, with the new infrastructure providing 100% uptime throughout this period.
ITV Hub
https://youtu.be/HaZbA3uN3Zc?t=1650A TV streaming service for ITV plc, the largest independent TV broadcaster in the UK. I architected and led the implementation of the AWS environment. This included a highly-available CI/CD solution that handles millions of concurrent viewers. The solution was featured in the opening keynote for the AWS Summit UK.
Migration to Kubernetes
I led a team that successfully migrated Oddschecker from a traditional on-premise server environment to a fully containerized environment running on Google Kubernetes Engine (GKE) and using Google Cloud SQL.
As well as doing design and hands-on work, I also provided training to upskill the in-house team to support the environment.
As well as doing design and hands-on work, I also provided training to upskill the in-house team to support the environment.
Conference Talk: Infrastructure as Code Using Terraform
https://www.slideshare.net/SamBashton/infrastructure-as-code-with-terraformThese are the slides from a conference talk given in 2015 that demonstrate my lengthy experience with Terraform.
The talk introduced infrastructure as code more generally and talked about the specifics of managing AWS via Terraform.
The talk introduced infrastructure as code more generally and talked about the specifics of managing AWS via Terraform.
Fintech AWS Migration
https://aws.amazon.com/solutions/case-studies/currencycloud/I led a team migrating a major London fintech company from co-located data center hardware into AWS.
I refactored their environment into highly available autoscaling infrastructure and migrated from an active and passive MySQL configuration to Amazon Aurora.
The customer enjoyed significantly better uptime and 30% lower costs. Please see the AWS case study in the project URL for full details.
I refactored their environment into highly available autoscaling infrastructure and migrated from an active and passive MySQL configuration to Amazon Aurora.
The customer enjoyed significantly better uptime and 30% lower costs. Please see the AWS case study in the project URL for full details.
Kubernetes Platform as a Service Build for a Major Insurance Group
I architected and led the build of a Kubernetes platform for a major insurance group in Australia. This platform is now used by almost 1,000 internal and third-party developers across the group.
The primary goals for the project were:
• Maintainable by a small core team (five members).
• Enforces company compliance and security requirements.
• Accelerates development by allowing developers to self-serve as much as possible while adhering to compliance and security requirements.
AWS EKS was selected primarily because of the company's general direction of moving to AWS. A combination of Kubernetes admission controllers, RBAC, AWS IAM, and AWS Config was used to ensure compliance and security not just across Kubernetes but also across associated resources in AWS.
The primary goals for the project were:
• Maintainable by a small core team (five members).
• Enforces company compliance and security requirements.
• Accelerates development by allowing developers to self-serve as much as possible while adhering to compliance and security requirements.
AWS EKS was selected primarily because of the company's general direction of moving to AWS. A combination of Kubernetes admission controllers, RBAC, AWS IAM, and AWS Config was used to ensure compliance and security not just across Kubernetes but also across associated resources in AWS.
Certifications
OCTOBER 2022 - OCTOBER 2025
AWS Certified Security – Specialty
Amazon Web Services
NOVEMBER 2017 - NOVEMBER 2026
AWS Certified DevOps Engineer Professional
AWS
MAY 2017 - NOVEMBER 2026
AWS Certified Developer Associate
AWS
MAY 2017 - NOVEMBER 2026
AWS Certified SysOps Administrator Associate
AWS
NOVEMBER 2016 - NOVEMBER 2026
AWS Certified Advanced Networking – Specialty
Amazon Web Services
JUNE 2015 - MARCH 2026
AWS Solutions Architect – Professional
Amazon Web Services
JANUARY 2015 - MARCH 2026
AWS Solutions Architect – Associate
Amazon Web Services
Skills
Libraries/APIs
Node.js
Tools
AWS CloudFormation, Puppet, Terraform, Cloud Development Kit for Terraform (CDKTF), AWS IAM, Jenkins, Amazon CloudWatch, Vagrant, GitLab CI/CD, Amazon EKS, Amazon Virtual Private Cloud (VPC), Git, Boto 3, AWS ELB, Amazon Elastic Block Store (EBS), GitLab, Google Kubernetes Engine (GKE), Amazon Simple Notification Service (SNS), Amazon Simple Queue Service (SQS), Amazon Elastic Container Service (ECS), AWS Fargate, GitHub, AWS Key Management Service (KMS), HashiCorp, OpenVPN, Ansible, Kibana, VPN, Helm, Jira, Zabbix, CircleCI
Languages
Go, Python, Bash, JavaScript, SQL, TypeScript
Paradigms
DevOps, Automation, DevSecOps, Automated Testing, Management, Serverless Architecture, Deep Packet Inspection (DPI), Continuous Integration (CI), ETL
Platforms
Amazon Web Services (AWS), Docker, Kubernetes, Amazon EC2, AWS Lambda, Google Cloud Platform (GCP), Linux, AWS IoT, AWS Cloud Computing Services, Cilium, Apache Kafka, Azure
Storage
Google Cloud, Data Lake Design, Amazon DynamoDB, Amazon Aurora, Google Cloud SQL, Amazon S3 (AWS S3), AWS Snowball, MongoDB, MySQL, Redshift, PostgreSQL
Other
Networking, Cloud, AWS DevOps, AWS Cloud Architecture, CI/CD Pipelines, Serverless, AWS Lake Formation, AWS Transit Gateway, High Availability Disaster Recovery (HADR), SDKs, APIs, IT Support, Load Balancers, Site Reliability Engineering (SRE), Architecture, Cloud Computing, Linux Administration, Infrastructure as Code (IaC), High-availability Systems, AWS CodePipeline, Security, Cloud Migration, Identity & Access Management (IAM), GitHub Actions, Containerization, Scripting, Amazon RDS, Containers, Container Orchestration, Team Leadership, Training, Consul, Autoscaling, Amazon GuardDuty, AWS Certified Solution Architect, Mentorship, Technical Writing, Consulting, Amazon API Gateway, Cloud Security, Amazon Route 53, Web Application Firewall (WAF), TCP/IP, Linux Network Stack, Transport Layer Security (TLS), Agile DevOps, AWS Certified DevOps Engineer, AWS Certified Developer, Cost Reduction & Optimization (Cost-down), Cluster Management, System Administration, Systems Monitoring, Log Management, IT Security, Development, Akamai, Point-to-Point Tunneling Protocol (PPTP), Karpenter
Collaboration That Works
How to Work with Toptal
Toptal matches you directly with global industry experts from our network in hours—not weeks or months.
1
Share your needs
Discuss your requirements and refine your scope in a call with a Toptal domain expert.
2
Choose your talent
Get a short list of expertly matched talent within 24 hours to review, interview, and choose from.
3
Start your risk-free talent trial
Work with your chosen talent on a trial basis for up to two weeks. Pay only if you decide to hire them.
Top talent is in high demand.
Start hiring