Cloud Portfolio Project Ideas: 20+ Builds That Get You Hired

Before you pick a project

The best portfolio project is not the most technically impressive one. It is the one that demonstrates the skills most relevant to the role you are targeting, and that you can talk about confidently in an interview.

Every project should answer one question for a hiring manager: “Does this person think carefully about the systems they build?” That means your project needs to include real decisions — not just code that works.

Before choosing, ask yourself:

• What job title am I targeting right now?
• What does that role use most: Terraform, Kubernetes, CI/CD, security, data?
• Which of these skill areas do I have the least evidence for?

Match your project choice to the gap. If you already have two infrastructure projects, a monitoring or security project adds more than a third infrastructure build.

Infrastructure and IaC projects

Infrastructure projects show that you can design and provision cloud environments as code. These are high-signal for cloud engineer, DevOps, and SRE roles.

Three-tier web application on AWS or GCP

Provision a load balancer, auto-scaling group of web servers, private database tier, and a bastion host using Terraform. Demonstrates networking, compute, IAM, and state management in one project. The networking design — private subnets, security groups or firewall rules, controlled egress — is where the real decision-making shows.

Multi-environment Terraform setup

Build a Terraform codebase with shared modules, variable files, and separate workspaces or directories for dev, staging, and production. This is a pattern used at almost every serious company and signals you understand real-world IaC structure, not just “run terraform apply.”

Landing zone / organisation baseline

Provision a GCP folder structure with project-level IAM, budget alerts, and log exports, or an AWS organisation with SCPs and Control Tower. This is an advanced project that signals cloud governance thinking. More relevant for architect and senior engineer roles.

Self-healing infrastructure with Auto Scaling and health checks

Build a setup where instances automatically replace themselves when they fail health checks, with a load balancer redistributing traffic. Document the failure modes you designed for. This is a reliability project as much as an infrastructure one.

CI/CD and automation projects

Automation projects show that you can build repeatable, reliable delivery pipelines. These are core for DevOps roles and increasingly expected in cloud engineering too.

GitHub Actions pipeline for a containerised application

Build a pipeline that lints code, runs tests, builds a Docker image, pushes it to a container registry (ECR, GCR, or Docker Hub), and deploys it to a cloud service. Each stage should be meaningful. This is the single most commonly expected CI/CD project for junior cloud and DevOps roles.

Infrastructure pipeline with Terraform and drift detection

Run terraform plan on pull requests to preview changes before merge, and run a scheduled job to detect drift between the Terraform state and the real environment. Shows that you think about infrastructure CI/CD as a discipline, not just application CI/CD.

Blue/green or canary deployment pipeline

Implement a deployment strategy that allows incremental rollout or instant rollback without downtime. More complex than a simple deploy — worth building once you have a basic CI/CD project already done.

Kubernetes and container projects

Kubernetes projects are high-value for cloud engineer and DevOps roles. Even a project running on a local cluster (kind or minikube) can be impressive if the manifests and architecture are well thought out.

Multi-service application on Kubernetes

Deploy a small application with two or three services (a web frontend, an API backend, and a database) using Deployment manifests, Services, ConfigMaps, Secrets, and an Ingress controller. This covers most of what a junior Kubernetes role expects.

Kubernetes with Helm and environment-specific values

Package your Kubernetes application as a Helm chart with separate values files for different environments. Demonstrates that you understand real-world Kubernetes deployment patterns beyond raw manifests.

Horizontal Pod Autoscaler and resource limits

Add HPA, resource requests and limits, and a pod disruption budget to an existing Kubernetes project. Document why you chose the thresholds you did. This turns a basic deployment into one that demonstrates production-grade thinking.

Serverless projects

Serverless projects show you understand event-driven architecture and managed compute. They are also fast to build, which makes them good for early-career portfolios where time is limited.

Serverless API with authentication

Build an HTTP API using AWS Lambda + API Gateway, or GCP Cloud Functions + Cloud Endpoints, with a simple authentication layer (JWT validation or Cognito/Firebase Auth). Store data in DynamoDB or Firestore. Include IAM roles that follow least-privilege — this is where many beginners fall short.

Event-driven notification system

Trigger a Lambda or Cloud Function from an S3 or Cloud Storage event (file upload), process the file, and send a notification via SES, SNS, or Pub/Sub. This pattern appears constantly in real cloud architectures and is worth understanding well.

Scheduled automation task

Use EventBridge (AWS) or Cloud Scheduler (GCP) to trigger a serverless function on a schedule — for example, generating a daily cost report, archiving old records, or cleaning up stale resources. Simple but demonstrates real operational thinking.

Monitoring and observability projects

Observability projects are often missing from junior portfolios but are taken seriously by hiring managers for cloud and SRE roles. They show you think about what happens after deployment.

Prometheus and Grafana stack

Deploy Prometheus to scrape metrics from an application and system, and build a Grafana dashboard with at least two alerting rules. Even running this on a single VM or a local kind cluster is meaningful. Document the alert thresholds and why you chose them.

Centralised logging with CloudWatch or Cloud Logging

Set up structured log shipping from multiple sources into a central logging service, build a query that surfaces specific error patterns, and create an alert. Shows you understand log management as an operational concern.

Application performance monitoring (APM)

Instrument an application with distributed tracing using OpenTelemetry or a cloud-native tracing service. Trace a request across at least two services. This is an advanced observability project — more relevant after you have baseline monitoring experience.

Security projects

Security projects signal that you think about risk, not just functionality. Cloud security is a specialisation, but any engineer who can demonstrate basic security thinking stands out from those who cannot.

Secrets management implementation

Refactor an existing project to remove all hardcoded credentials and use AWS Secrets Manager, GCP Secret Manager, or HashiCorp Vault instead. Document the before state and the improvements. Simple but demonstrates a real security discipline.

IAM audit and least-privilege remediation

Start with a deliberately over-permissioned IAM setup, use access analysis tools (IAM Access Analyzer on AWS, or Policy Analyzer on GCP) to identify excess permissions, and reduce them to the minimum required. Document every decision.

Cloud security posture baseline

Enable Security Hub (AWS) or Security Command Center (GCP), document the findings from a fresh account, and remediate the most critical ones using infrastructure as code. Shows governance and policy thinking.

Data and analytics projects

Data pipeline projects are valuable if you are targeting data engineering, analytics engineering, or cloud platform roles at data-heavy companies.

Batch data pipeline with cloud storage and BigQuery or Redshift

Ingest a public dataset, transform it with a simple pipeline (Python or SQL), load it into a cloud data warehouse, and visualise one query result. Even a small dataset is fine — the architecture and code quality matter more than the data volume.

Streaming data pipeline with Pub/Sub or Kinesis

Produce events to a cloud message queue, consume them with a function or streaming service, and store the results. Document the delivery guarantees, ordering, and idempotency decisions.

What makes any project stand out

The project type matters less than the execution. Two things consistently separate weak portfolio projects from strong ones:

Real decisions are documented. Every architecture choice — why this service, why these IAM permissions, why this network design — should be explained somewhere. The README is the right place. A project with no documented decisions looks like a tutorial follow-along.

Security is not an afterthought. Projects where IAM roles use wildcard permissions, secrets are in environment variables without any mention of the trade-off, or nothing is private when it should be, send a clear signal. You do not need a security project to demonstrate security thinking — it should appear in every project.

For practical advice on turning these ideas into finished, well-presented projects, see the guides on beginner cloud projects and intermediate cloud projects. For advice on presenting finished work well, how to write a cloud portfolio case study covers what to include in your README and project write-up.