Cloud Provisioning Engineer

Cloud Provisioning Engineers build the systems that make cloud infrastructure repeatable. Their work product isn't a single VPC or a running cluster — it's the code, pipelines, and frameworks that can produce a VPC or a cluster reliably, consistently, and with the right governance controls applied every time.

The work is primarily infrastructure-as-code engineering. Writing Terraform modules that are reusable, well-tested, and documented. Building CI/CD pipelines that validate, plan, and apply infrastructure changes with the appropriate review gates. Implementing policy checks that enforce security and compliance requirements at provisioning time rather than through post-deployment audits. Testing modules against real cloud environments to ensure they work as specified.

Self-service provisioning is an increasingly important dimension. Organizations that require every infrastructure request to go through a central team create bottlenecks that slow delivery. Provisioning engineers build the platforms — Backstage-based service catalogs, API-driven provisioning backends, Slack-based provisioning bots — that allow engineering teams to provision pre-approved infrastructure configurations without requiring a ticket and a wait. Done well, this accelerates the entire organization. Done poorly, it creates inconsistency and security risk.

Drift detection and remediation is an often-overlooked responsibility. Cloud environments are living systems — console changes, emergency interventions, and incremental modifications create drift between what IaC says should exist and what actually exists. Provisioning engineers build the processes that detect and resolve this drift before it creates compliance or reliability problems.

Education:

• Bachelor's degree in computer science, information systems, or equivalent field
• The role is accessible from non-traditional backgrounds given a strong IaC portfolio demonstrating relevant work

Certifications:

• HashiCorp Terraform Associate or Professional
• AWS Solutions Architect Associate or DevOps Engineer
• Azure Administrator Associate (AZ-104) or DevOps Engineer Expert (AZ-400)
• Certified Kubernetes Administrator (CKA) for organizations provisioning Kubernetes clusters

Core technical skills:

• Terraform: module development, remote state management, workspace patterns, provider version management, testing with Terratest or similar
• CI/CD integration: GitHub Actions, GitLab CI, or Jenkins for IaC pipelines — including plan/apply workflow, approvals, and automated testing
• Policy-as-code: Sentinel, OPA/Conftest, or cloud-native policy engines (AWS Config, Azure Policy)
• Cloud platform: intermediate proficiency in at least one major provider across compute, networking, storage, IAM
• Programming: HCL at an advanced level; Python for automation tasks and module testing; Go for custom providers or tooling
• Secret management: HashiCorp Vault, AWS Secrets Manager, or Azure Key Vault integration with provisioning pipelines

Experience benchmarks:

• Entry: 2–3 years of infrastructure or DevOps engineering with IaC exposure
• Mid-level: 4–6 years with owned IaC module libraries and self-service provisioning systems
• Senior: 7+ years with org-wide provisioning framework ownership and architectural influence

Cloud Provisioning Engineering is a specialized discipline with strong and growing demand. The underlying driver is simple: every organization that runs infrastructure in the cloud needs that infrastructure provisioned, and organizations with mature cloud programs insist that provisioning be automated, governed, and repeatable. That insistence creates a sustained need for engineers who can build and maintain provisioning systems at scale.

The shift toward infrastructure platform teams — where a small group of provisioning and platform engineers supports a large organization of application developers — has concentrated demand in this specialization. Organizations that previously spread IaC work across all their infrastructure engineers are consolidating it into dedicated provisioning and platform roles, creating more defined career paths within the specialty.

The policy-as-code dimension of the role is growing in importance as cloud security governance requirements increase. Regulatory pressure in financial services, healthcare, and government is pushing organizations toward automated, auditable governance controls that prove compliance without manual review. Provisioning engineers who understand how to implement these controls are more valuable in compliance-sensitive industries.

The IaC tooling landscape is evolving. The HashiCorp license change in 2023 accelerated OpenTofu adoption, and CDK and Pulumi continue growing in organizations that prefer native language IaC. Engineers who understand the underlying concepts — state management, idempotency, dependency graphs, drift detection — can adapt to tooling changes more readily than those who know only one tool.

Total compensation for senior Cloud Provisioning Engineers at large technology companies and financial institutions is competitive with software engineering at similar experience levels. The skills built in this specialization — automation, CI/CD, policy enforcement, platform design — are among the most transferable in cloud engineering.

Dear Hiring Manager,

I'm applying for the Cloud Provisioning Engineer role at [Company]. I've been a DevOps engineer at [Current Employer] for four years, with the last two focused almost entirely on IaC and provisioning automation for our multi-account AWS environment.

The project I'm most proud of is the Terraform module library I designed and built that's now used by 25 engineering teams to provision AWS infrastructure. Before the library existed, teams wrote ad-hoc Terraform that varied in quality and compliance — some teams had strong IaC practices, others were making console changes and writing Terraform as an afterthought. I designed a set of 18 modules covering VPCs, EC2 patterns, RDS clusters, S3 buckets, and IAM roles, built a CI pipeline that validates contributions and runs Terratest against real AWS accounts, and published it through our internal Confluence documentation. Adoption reached 90% of new infrastructure within six months.

I also built the policy-as-code layer using OPA. I wrote policies that enforce required tagging, prevent unencrypted storage provisioning, and block public S3 bucket creation — and integrated them into the Terraform pipeline as mandatory checks before any plan is applied. Security audit findings related to provisioning compliance dropped significantly in the two quarters after deployment.

I hold HashiCorp Terraform Associate and AWS Solutions Architect Associate certifications. I'm comfortable in Python for testing and automation work, and I have working knowledge of GitHub Actions for pipeline development. The scale of [Company]'s provisioning challenge and the multi-account environment are exactly what I'm looking to work on. I'd welcome the chance to discuss the role.

[Your Name]