Skip to content
View thebrianlopez's full-sized avatar

Organizations

@hersolutionsllc

Block or report thebrianlopez

Block user

Prevent this user from interacting with your repositories and sending you notifications. Learn more about blocking users.

You must be logged in to block users.

Maximum 250 characters. Please don’t include any personal information such as legal names or email addresses. Markdown is supported. This note will only be visible to you.
Report abuse

Contact GitHub support about this user’s behavior. Learn more about reporting abuse.

Report abuse
thebrianlopez/README.md

Hi, I'm Brian

Staff Platform Engineer at Grindr (NYSE: GRND) and founding engineer at Farewell John. I build cloud infrastructure, identity systems, and the automation that removes manual work from the loop.

Scale: 15M monthly active users, 190 countries, 8 AWS accounts, 5+ EKS clusters, $1.4M/year in cloud cost eliminated.


What I Do

Infrastructure as code - Every system I own is Terraform-managed, PR-reviewed, and deployed without manual steps. If it isn't declarative, it isn't done.

Identity and access - Multi-account IAM federation, IRSA per-service scoping, OIDC-based CI/CD with zero static credentials. I've migrated orgs from legacy SSO to federated identity end-to-end.

Automation pipelines - Event-driven backends that propagate state changes across systems automatically. When something changes in one place, everything downstream reacts without a human in the loop.

Developer experience - CLIs, MCP servers, and environments that make engineers faster. If a person does the same thing twice, it gets automated.


Projects

Go devtools monorepo: thirteen CLI tools for shell optimization, structured telemetry, and AI-augmented workflows. Every tool emits to a unified JSONL event bus — usage-driven decisions about what to build, optimize, or deprecate. Includes mdq (markdown query engine), ts-go (tree-sitter Go analysis), perfgate, workctl, and more.

Statistical performance gating for CI. Define a benchmark, set a regression threshold, fail the build. Simple contract, serious signal.

JSONL event bus for AI-augmented engineering. Non-deterministic systems need observability that accounts for probabilistic outputs, not just pass/fail.

Terraform modules for GitHub + AWS + GCP identity federation from scratch. Zero static credentials from day one. Designed to be the first thing you run in a new org.

Declarative Terraform patterns for least-privilege IAM: role trust policies, boundary conditions, cross-account trust setups, and the guardrails that catch mistakes before production.

MCP server that surfaces AWS IAM and S3 introspection directly into AI coding assistants. Security context in the tool that is already open.


Farewell John (hersolutionsllc)

The PRD identified a consumer problem: families navigating a death shouldn't have to call a dozen funeral homes to compare prices. The FDD answered it with a clean separation principle — ingest data continuously in the background, serve it instantly from a read-only API — so the product could scale without coupling the user experience to crawl latency. The TDD made it operational: PostGIS for spatial search, Airflow DAGs for multi-source ingestion, CloudFront edge functions for zero-downtime maintenance, and a one-command local production clone so nothing ships untested. I owned the full chain from product spec to running infrastructure at farewelljohn.com.

System What it does
Read-only API + Airflow pipeline Express/Node.js serves PostgreSQL reads only. All ingestion (Google Places, Playwright crawler, OpenAI/Claude PDF parser) runs in Airflow DAGs. Hard service boundary between read and write paths.
PostGIS spatial cache Airflow populates zipcodes at 50-mile radius. API filters to any smaller radius from the same cache row using ST_DWithin. Zero redundant external API calls.
OrbStack VM make orbstack-up boots a local production clone via cloud-init, GHCR image pull, and S3 secrets bootstrap. Engineers test against the real stack before every deploy.
CloudFront edge functions KVS-backed CF Functions return 503 at the edge without touching EC2. /demo/* always available. Zero-downtime maintenance window.
GitHub Actions + IAM OIDC-based role assumption for all CI/CD. No static credentials anywhere in the pipeline. nginx configs published to S3 on push; EC2 hot-reloads on demand.
Secrets Manager lifecycle Secrets pulled at container startup via make secrets-pull. Compose overlay layering enforces correct values per environment with startup guardrails.
Cost tracking Every OpenAI/Claude/DeepSeek call logs provider, operation, token counts, and USD cost to PostgreSQL. Full cost visibility per DAG run.
Google Workspace admin Domain verification, mail routing, service account delegation, OAuth consent screen configuration.

Stack

Go Python TypeScript HCL / Terraform AWS EKS ArgoCD Datadog PostgreSQL Airflow GitHub Actions


brianlopez.us · Chicago, IL

Pinned Loading

  1. perfgate perfgate Public

    Statistical performance gating CLI: benchmark commands and enforce regression thresholds in CI

    Go 1

  2. closed-loop-telemetry closed-loop-telemetry Public

    JSONL event bus schema and observability patterns for AI-augmented engineering: non-deterministic systems need more than pass/fail

    1

  3. aws-iam-patterns aws-iam-patterns Public

    Declarative Terraform patterns for least-privilege IAM: role trust policies, boundary conditions, and service-linked role examples.

    HCL 1

  4. mcp-aws-inspector mcp-aws-inspector Public

    Python MCP server exposing read-only AWS IAM and S3 introspection tools for Claude Desktop and Claude Code

    Python 1

  5. org-identity-bootstrap org-identity-bootstrap Public

    Terraform modules for bootstrapping GitHub + AWS + GCP identity federation. No static credentials.

    HCL 1

  6. runabout runabout Public

    Go devtools monorepo: thirteen CLI tools for shell optimization, structured telemetry, and AI-augmented workflows

    Go