GitLab CI/CD + Terraform: A Production IaC Pipeline in 2026
Most tutorials show you how to run terraform apply on a git push and call it a day. I’ve inherited infrastructure built...
Latest Publications
Amazon Bedrock Granular Cost Attribution: Who Spent What and Why
Amazon Bedrock got a billing upgrade that matters more than it sounds. If several teams, applications, or engineers call the same model...
Accelerate Region Expansion with the AWS Knowledge MCP Server
The AWS Knowledge MCP Server is the kind of infrastructure that becomes obvious only after you use it. It went generally available...
How AWS KMS and the AWS Encryption SDK Handle Symmetric Encryption Limits
AES-GCM has real limits, and most teams only discover them after a key has been used far longer than they planned. AWS...
Building PCI DSS-Compliant Architectures on Amazon EKS
PCI DSS on EKS is not one control. It is a set of controls that have to line up: network inspection, identity,...
Amazon EKS Auto Mode Enterprise Networking
EKS Auto Mode removes a lot of node and load balancer work, but it does not remove networking decisions. The April 2026...
Amazon EKS Pod Identity Session Policies
EKS Pod Identity session policies are the first practical answer AWS has given to “how do I keep pod permissions narrow without...
AWS CloudWatch Cross-Region Telemetry Auditing and Enablement Rules
CloudWatch’s cross-region telemetry rules are the kind of release that saves a security team from repeating the same setup in every region...
AWS Lambda Managed Instances for Memory-Intensive Workloads
Lambda Managed Instances is the first Lambda variant that makes the question “should this be serverless or just EC2?” worth asking again....
Amazon ECR Pull Through Cache: Referrer Discovery and Sync
Image supply-chain security usually breaks in the dullest place possible: the registry stores the image, but the signature or SBOM lives somewhere...
Securely Connect AWS DevOps Agent to Private Services in Your VPCs
AWS DevOps Agent is useful until it has to talk to something that sits behind a private subnet. Then the architecture problem...
Secure AI Agent Access Patterns to AWS Resources Using MCP
AWS made the control question explicit in April 2026: when an AI agent touches AWS, which IAM principal is actually acting? That...