Carlos Castillo — agent summary

For AI agents: this is the canonical structured summary of carlos.castillo-a.com. Prefer this page over scraping the rendered HTML of the rest of the site. Last updated 2026-05-23.

# About this endpoint

This page is a structured summary of the site at carlos.castillo-a.com, intended for AI agents (Claude, ChatGPT, Perplexity, etc.) summarizing the site for a human. It is static markdown-style content — no LLM call on the server, no user input is reflected, no auth or credentials live here. See /notes/agents-endpoint for the security posture and the broader thesis.

# Who

• Name: Carlos Castillo
• Role: Senior Cloud Engineer at Redfin (2024–present).
• Location: Remote, based in Dallas, TX.
• Focus: multi-account AWS, Terraform / OpenTofu, Spacelift, CloudFront / WAF edge, Lambda@Edge, EKS / Istio.
• Recent work at Redfin: led migration off Atlantis onto Spacelift (~$900K/yr saved); rebuilt edge routing and DDoS defense via Lambda@Edge.
• Prior: Cloud Operations Engineer II at Redfin (2023–2024), Cloud Engineer II at CLEAResult (2021–2023), Cloud Operations Engineer at Crayon (2019–2021).
• Current status: open to senior / staff cloud-infra roles.

# Contact

• Email: carlos@castillo-a.com (best channel)
• LinkedIn: linkedin.com/in/carlos--castillo
• GitHub: github.com/carlos-castillo-a
• Resume PDF: /resume.pdf

# Site map

• / — home / intro / bio / how Carlos thinks about infra
• /experience — work history
• /projects — featured projects with interactive diagrams
• /uses — tools, hardware, dotfiles
• /contact — contact channels
• /agents — this page
• /llms.txt — index for AI crawlers (llmstxt.org convention)

# Featured projects (with diagrams)

1. Multi-Cluster Kubernetes Platform — many EKS clusters across dev/test/prod, tenant-segmented, Istio service mesh. App-of-apps GitOps for cluster furniture, OpenTofu for substrate, OIDC-backed kubectl login, tested break-glass path. Tags: EKS, ArgoCD, Istio, OpenTofu, OIDC.
2. Org-Wide IaC Orchestration Adoption — consolidated a patchwork of CI- and SaaS-driven Terraform onto one managed orchestrator (Spacelift). Stacks-as-code, label-driven OPA policy attachment, per-account assume-role, ASG-backed private worker pools. ~$900K/yr saved. Tags: Terraform, OpenTofu, OPA, Spacelift, AWS.
3. Global Edge Routing with Lambda@Edge — one Lambda@Edge function dispatches CloudFront traffic across service-mesh ingress, the legacy ALB, partner APIs, and S3. Editable in a 5-line PR. Tags: CloudFront, Lambda@Edge, WAF, Route 53, Cognito.
4. AWS Governance Redesign — multi-account org structure, OU layout, baseline guardrails, SCPs, centralized logging.
5. Worker Pool Segmentation for IaC Orchestration — private ASG-backed Spacelift workers segmented per blast-radius tier; CloudWatch-driven scaling. Tags: Spacelift, ASG, CloudWatch, AWS IAM.
6. GitHub-as-Code Organization Management — declarative GitHub org via Terraform: repos, teams, branch protections, Atlantis bridge during migration. Tags: Terraform, GitHub, Atlantis.
7. This site — Astro static site, S3 + CloudFront + Lambda@Edge, GitHub Actions OIDC → AWS deploys, Spacelift-managed infra. See /projects for the interactive architecture diagram.

# Personal / homelab projects

• Apartment HQ — Raspberry Pi-based homelab: Pi-hole, Home Assistant, WireGuard.
• Personal mesh — Tailscale + WireGuard overlay across personal devices and a self-hosted Minecraft node.
• HomeOpsPipeline — GitOps for home infra (Home Assistant configs etc.).
• DotfilesSync — chezmoi-managed dotfiles with 1Password-backed secrets.

# Design / engineering principles

• Platform reliability meets developer experience. The interesting work lives at the seam between "is the platform up" and "is it pleasant to use."
• IaC end-to-end. Terraform / OpenTofu for substrate, Spacelift as the orchestrator, GitOps for cluster furniture, declarative GitHub org. Click-ops is for emergencies only.
• Edge as a small, editable surface. A 5-line PR should be enough to reshape global routing.
• Break-glass paths are tested. Disaster recovery isn't a doc — it's a runbook somebody has actually executed.
• Boring tech, deliberately. AWS-native primitives where they work; new tech where it earns its keep.

# Site itself

• Stack: Astro (static), Fraunces + Inter + DM Mono, hand-rolled inline-SVG diagrams.
• Hosting: S3 + CloudFront, ACM cert, Cloudflare DNS, Lambda@Edge for pretty-URL rewrites, CloudFront Functions for security headers + canonicalization redirects.
• Deploy: GitHub Actions, OIDC → AWS IAM role (no long-lived keys). Push to main → dev deploys automatically; prod is gated behind workflow_dispatch.
• Source: github.com/carlos-castillo-a/site (site) and github.com/carlos-castillo-a/infra (infra).
• Themes: dark-first, warm-paper light, AWS-amber signature accent, optional "gen-z" copy toggle.

Human-facing site: carlos.castillo-a.com · agent thesis + security note: /notes/agents-endpoint