Amazon EKS Auto Mode Enterprise Networking
EKS Auto Mode removes a lot of node and load balancer work, but it does not remove networking decisions. The April 2026...
Latest Publications
Amazon EKS Pod Identity Session Policies
EKS Pod Identity session policies are the first practical answer AWS has given to “how do I keep pod permissions narrow without...
AWS CloudWatch Cross-Region Telemetry Auditing and Enablement Rules
CloudWatch’s cross-region telemetry rules are the kind of release that saves a security team from repeating the same setup in every region...
AWS Lambda Managed Instances for Memory-Intensive Workloads
Lambda Managed Instances is the first Lambda variant that makes the question “should this be serverless or just EC2?” worth asking again....
Amazon ECR Pull Through Cache: Referrer Discovery and Sync
Image supply-chain security usually breaks in the dullest place possible: the registry stores the image, but the signature or SBOM lives somewhere...
Securely Connect AWS DevOps Agent to Private Services in Your VPCs
AWS DevOps Agent is useful until it has to talk to something that sits behind a private subnet. Then the architecture problem...
Secure AI Agent Access Patterns to AWS Resources Using MCP
AWS made the control question explicit in April 2026: when an AI agent touches AWS, which IAM principal is actually acting? That...
Terraform vs OpenTofu 2026: Which One Should Your Team Use?
When HashiCorp changed Terraform’s license in August 2023, it forced a reckoning across the infrastructure-as-code community. The shift to the Business Source...
Cluster API v1.12 for Platform Teams: In-Place Updates, Chained Upgrades, and Day-2 Operations
Cluster lifecycle work is usually where platform engineering gets less glamorous and more expensive. Creating a cluster is the easy part. Upgrading...
Docker Sandboxes and MicroVMs: A Practical Security Model for Local AI and Untrusted Code
Docker’s March 2026 security push is not subtle. The company said over a quarter of production code is now AI-authored, and that...
Running AI Agents on Kubernetes: Agent Sandbox, AI Gateway, and the Platform Gaps They Fix
Kubernetes is finally getting serious about the parts of AI systems that do not fit a normal Deployment. On March 9, 2026,...
HashiCorp Vault + Workload Identity Federation: Secretless Access for Kubernetes and CI/CD
The worst secret in your platform is the one that exists only because the previous secret could not be trusted. That is...