The moment two engineers run terraform apply at the same time without state locking, you have a race condition that can corrupt your entire infrastructure state. Both processes read the...
The first time someone accidentally created a p4d.24xlarge instance in production, we started taking policy-as-code seriously. No one meant to. The Terraform code was correct, the pipeline ran fine, the...
I shipped Terraform code without tests for years. Then a terraform apply deleted a production database because a conditional flipped. The resource had a lifecycle { prevent_destroy = true }...
I’ve been using Terraform MCP for three months now, and it’s the most significant shift in how I interact with infrastructure since Terraform itself. That’s not hyperbole. I can ask...
Pulumi vs Terraform is usually framed as “real programming languages versus HCL.” That framing is useful for about five minutes, then it starts hiding the real decision.
I’ve made the mistake of using count where I should have used for_each. Most people have. You end up with a Terraform state that looks reasonable until you need to...
Cloudflare released cf-terraforming tf-migrate on April 24, 2026, and the target audience is every team that looked at the Cloudflare Terraform provider v4 to v5 migration and quietly postponed it....
Terraform 1.15 is the kind of release that can break a quiet CI lane before anyone notices the changelog. The headline features are useful: Windows ARM64 builds, deprecated variables and...
I’ve spent the last three months using both GitHub Copilot and Kiro on actual DevOps work. Not toy examples. Not “write a hello world Lambda.” Real infrastructure code: Terraform modules...
Terraform 1.10 introduced ephemeral resources, and the feature matters for one reason above all others: it gives Terraform a way to work with temporary or sensitive data without persisting that...
If you are still reaching for null_resource every time Terraform needs a lifecycle container for a command, you are carrying an older habit into a newer Terraform world. HashiCorp introduced...
Most tutorials show you how to run terraform apply on a git push and call it a day. I’ve inherited infrastructure built that way. It’s chaos. Drift accumulates silently. Rollbacks...
When HashiCorp changed Terraform’s license in August 2023, it forced a reckoning across the infrastructure-as-code community. The shift to the Business Source License (BSL) sent shockwaves through organizations that had...
Terraform workspaces seemed like the solution to multi-environment management — one configuration, many states. Then teams discovered the problems: workspace sprawl, no isolation between environments at the module level, and...
LocalStack built something genuinely useful. A local emulator for AWS services that let you test Lambdas, S3 buckets, SQS queues, and DynamoDB tables without touching a real AWS account. For...
The manual Terraform workflow — terraform plan on your laptop, peer-review the output in Slack, terraform apply if it looks right — breaks down around the time your team hits...
HashiCorp switched Terraform to the Business Source License in August 2023. Within weeks, the OpenTofu fork was announced under the Linux Foundation, accepted as a CNCF project, and had a...
The infrastructure-as-code tooling market looks different in 2026 than it did three years ago. HashiCorp’s 2023 license change from MPL to BSL fractured the Terraform community, triggered the OpenTofu fork...
Every infrastructure team hits this wall eventually. The AWS account already has hundreds of resources — VPCs, security groups, RDS clusters, S3 buckets — that predate any Terraform adoption. Someone...
In this tutorial, we’ll walk through a real project that needs a GitLab CI/CD pipeline. We’ll look at actual working examples and explain why gitlab ci yml examples matter in...
A DevOps team at a growing company needed to handle automation and event-driven responses across multiple applications. Managing numerous Lambda functions individually became unwieldy. Terraform provided a way to solve...
Terraform lets you manage cloud infrastructure through code instead of clicking around in web consoles. Define what you want, apply it, and Terraform figures out how to make it happen....
As a devops engineer, managing infrastructure eats up a lot of my time. Keeping track of dozens of components, making sure everything talks to each other correctly - it adds...
The lookup function in Terraform is one of those tools that seems trivial until you’re staring at an error at 11pm and realizing you’ve been using it wrong for six...
If you’ve worked with Terraform for a while, you’ve probably hit situations where you need to run something that doesn’t fit neatly into a cloud resource. Maybe you need to...
I’ve gotten quite a few requests to write about Terraform Modules. The topic comes up a lot because people get confused about where modules end and resources begin. Let me...
AWS tags let you attach custom key-value pairs to just about any resource in your account. If you’ve ever tried managing tags manually across dozens of resources, you know it...
When you start learning Terraform, the first thing you’ll run is terraform plan. It sounds simple, but understanding what it does will save you from costly mistakes later.
Here’s the setup: you need to provision infrastructure and then configure it. Terraform does the first part beautifully. Ansible does the second part beautifully. The moment you try to make...
If you are moving to the cloud, infrastructure as code (IaC) should be part of your toolkit. It helps teams ship faster and keeps environments consistent. But you need the...
I want to walk you through a real project I worked on. The ask was straightforward: go through all our applications and yank out any passwords that were hardcoded in...
Here’s a quick way to generate random passwords with Terraform. This comes in handy when you’re setting up RDS, AWS Secret Manager, MSK, or anything else that needs authentication. The...
When you run terraform apply without any flags, Terraform applies all the changes in your plan at once. If you’ve ever worked on a large Terraform project, you know how...
Terraform lets you manage a lot of infrastructure declaratively, but sometimes you need to repeat the same nested block configuration multiple times – with slight variations. That’s where dynamic blocks...
Terraform is a declarative language. That means you describe the desired state, and Terraform figures out how to get there. Unlike procedural languages, you don’t write step-by-step instructions.
If you have been working with Terraform for a while, you probably already know that environment variables can make your life easier, especially when running Terraform in CI/CD pipelines. You...
When Terraform does not do what you expect, you need to figure out why. This post covers the debugging tools Terraform gives you and how I use them in practice....
I want to walk you through Terraform variable types. If you’ve worked with other programming languages, you’ll find Terraform’s approach familiar. Variables hold your data, and you need to know...
If you’ve used Terraform for any serious infrastructure work, you’ve probably felt the pain of managing separate state files for dev, staging, and production. That’s exactly what workspaces solve.
Terraform needs to track state about your infrastructure. This state tells Terraform how your configuration maps to real resources already running in the cloud, stores metadata about those resources, and...
Sometimes a resource goes sideways and Terraform loses track. Maybe an application inside a VM crashed while the VM itself keeps running. Or someone manually patched a database server outside...
Terraform is a solid tool for describing your infrastructure as code. But if you need to create multiple resources that are nearly identical, copying and pasting the same block gets...
Terraform outputs are how you get data out of your infrastructure. If you have ever run terraform apply and seen those printed values at the end, those are outputs. They...
Terraform manages cloud infrastructure as code. You describe what you want, and it figures out how to make it happen. Like any programming language, Terraform has features that aren’t obvious...
If you have spent any time writing Terraform, you know that your configurations can get messy fast. You end up repeating the same expressions, hard-coding the same values, and before...
Terraform has a handy way to render configuration files dynamically by injecting variables into templates. If you have ever needed to generate a user-data script, a config file, or a...
Teams sometimes assume their infrastructure-as-code templates are the final word on what’s running. That’s rarely true for long. Configuration drift — the gap between what your code says and what’s...
Managing changes is a key part of using Git. This tutorial walks through how to undo git staged changes step by step. All examples work with GitLab as well.
I’ve been using this trick for a few months now. Every morning I need my AWS MFA code. Open phone, find authenticator app, squint at 6 digits, type them in...
If you work with GitLab, you probably type your username and password every time you push code. It gets old fast. SSH keys fix that: once set up, GitLab authenticates...
Here is the thing about deleting files on Linux: the commands are simple, but the consequences are permanent. The rm, unlink, and rmdir commands delete files and directories, and they...
Merging PDFs on Linux is one of those things that sounds harder than it is. Whether you’re combining signed contracts, stacking reports, or just cleaning up a folder full of...
If you work with Linux, you’ll run into tar.gz files constantly. Open-source projects love them. They’re like the zip format of the Unix world—everywhere you look.
Managing file permissions is one of those Linux skills you need early. Get it wrong and you’re either locked out of your own files or, worse, you’ve created a security...
Renaming folders on Linux is straightforward once you know a few commands. I’ll cover the tools I use daily: mv for simple renames and rename for batch operations.
In this post, I’ll show you how to zip folders in Linux with practical examples. I’ve been using zip for years to organize files, save disk space, and move data...
Copying files and directories is one of those things I do every day on Linux. Whether I’m backing up config files, moving photos around, or deploying code to servers, knowing...
I’ve been managing Linux servers for over a decade, and DNS issues still catch me off guard sometimes. You type in a domain, hit Enter, and… nothing. Or worse, you’re...
I’ve tested seven “AI-powered productivity” tools over the past two years. Three were genuinely useful. Four were polished demos that didn’t survive contact with a real calendar. This post is...
So you’re trying to decide between DevOps and Software Engineering. I get it—these roles blur together more than most job postings let on, and the advice out there is usually...
I’ve been using this trick for a few months now. Every morning I need my AWS MFA code. Open phone, find authenticator app, squint at 6 digits, type them in...
Merging PDFs on Linux is one of those things that sounds harder than it is. Whether you’re combining signed contracts, stacking reports, or just cleaning up a folder full of...
Here is the thing about deleting files on Linux: the commands are simple, but the consequences are permanent. The rm, unlink, and rmdir commands delete files and directories, and they...
I’ve made the mistake of using count where I should have used for_each. Most people have. You end up with a Terraform state that looks reasonable until you need to...
The AWS Solutions Architect Professional (SAP-C02) is one of the harder certifications in the cloud space — not because of trick questions, but because the exam tests whether you can...
EC2 has been the core compute service at AWS since 2006 and in 2026 it still is. Containers, Lambda, and managed services have taken over a lot of workloads —...
Every few months someone on my team asks whether we should migrate from GitLab to GitHub, or vice versa. In 2026 that question is harder to answer than it was...
GitLab Runner is one of those tools that sits at the heart of GitLab CI/CD. It picks up the jobs you define in your pipeline and runs them, reporting results...
Containers are not new anymore. Docker turned twelve this year, and the developers who once called it revolutionary now just call it Tuesday. Yet the fundamentals behind containers are more...
Every team building on AWS eventually asks the same question: how much availability is enough? “Five nines” (99.999%) sounds impressive — that’s only 5.26 minutes of downtime per year —...
Can traditional systems handle the expectations we have now for instant responses and real-time engagement? Imagine a system that reacts immediately to what users do, and can handle thousands or...
Think of it this way: what if the servers running your app could scale up automatically when traffic spikes, and scale down when it’s quiet, without you touching anything? That’s...
Cloud services run fast, and when they don’t, customers leave. That’s the reality of running anything online today. Downtime costs money. Latency costs customers. If you’ve ever watched your error...
This article compares GitLab and Jenkins, two popular DevOps tools. We’ll explore their strengths and weaknesses to help you decide which fits your needs.
If you’ve been watching software teams for any length of time, you know the old way of doing things: developers finish their code, hand it off to testers, who then...
Every Power BI tutorial shows you the happy path. Click here, drag there, your chart appears. That works fine until you’re staring at a 50-million-row dataset at 2am, your refresh...
Unreal Engine has changed how games get made. The engine gives developers the tools to build realistic worlds, and it’s now a standard choice for studios of all sizes. This...
I worked with a growing e-commerce company that needed to handle communication between different parts of their application. They ended up looking at two AWS services: Simple Notification Service (SNS)...
A DevOps team at a growing company needed to handle automation and event-driven responses across multiple applications. Managing numerous Lambda functions individually became unwieldy. Terraform provided a way to solve...
If you run an e-commerce site, you know the pain: vendors upload images in every size and format imaginable, and someone has to resize them all to something consistent. You...
If you’re preparing for an AWS exam, reading AWS whitepapers can help you build knowledge. This article covers five whitepapers worth reading before your exam.
AWS Application Load Balancer (ALB) sits at the front of your application and spreads incoming traffic across your backend resources. If you’ve been running a single server and hitting capacity...
Amazon Web Services (AWS) has a range of load balancing options, and the Network Load Balancer (NLB) fills a specific niche. It handles TCP and UDP traffic at the connection...
AWS Global Accelerator is a networking service that lives in the AWS ecosystem, designed to make your applications faster and more reliable. It sits in front of your application endpoints...
If you’re running anything on AWS, you’ve probably dealt with VPCs. Virtual Private Clouds let you create isolated network environments, which is kind of the whole point of cloud networking....
If you need to store data that nobody can tamper with later, Amazon QLDB is worth knowing about. It’s a database service from AWS that keeps an immutable, verifiable record...
DynamoDB is a NoSQL database from Amazon that handles scale without breaking a sweat. If you need a database that grows with your app and never makes you fiddle with...
Amazon EBS (Elastic Block Store) is a block storage service from AWS. You can attach these volumes to your EC2 instances and use them for databases, file systems, or anything...
Amazon Elastic File System (EFS) is a managed file storage service that scales automatically as you add or remove files. It works with EC2 instances and lets multiple machines access...
If you’re juggling data across multiple S3 buckets and looking for a better way to manage who can access what, S3 Access Points might be what you need. They let...
S3 can trigger automated actions when things happen in a bucket. Upload a file, delete one, restore from glacier - you can hook into all of that and kick off...
Monitor your S3 bucket access and actions with CloudTrail, Amazon S3 server access logs, and CloudWatch Logs. Get visibility into potential security risks and keep your S3 usage secure. #CloudSecurity...
If you are using Amazon S3, server-side encryption is worth understanding. It adds a layer of protection for your data at rest, and AWS makes it relatively painless to set...
If you’re running any kind of business, you probably already know that backups matter. Critical files, customer records, financial documents - losing access to these even for a day could...
If you’re running workloads on AWS, you’ve probably thought about backup strategy at some point. AWS Backup lets you centralize your backup plans across regions and automate recovery without cobbling...
If you’ve been working with S3 for a while, you’ve probably hit a point where you need to audit what’s actually in your buckets. Maybe you’re dealing with compliance requirements,...
If you’ve worked with S3, you know the drill: your app requests an object, S3 returns it, end of story. But what if you need the same data in different...
There’s a point when your business outgrows what you can manage solo. That’s when you start looking at business process management tools to keep everything running in sync. And if...
If you’ve ever needed to access AWS services from your VPC without going through the public internet, VPC Endpoints are what you’re looking for. They let your instances reach AWS...
So you’re trying to decide between DevOps and Software Engineering. I get it—these roles blur together more than most job postings let on, and the advice out there is usually...
I ran into an interesting architecture problem recently. We had multiple Web Applications running on EC2 instances behind AWS API Gateway, and we needed to add a WAF without breaking...
JavaScript is one of the three core technologies of the web, alongside HTML and CSS. It lets you add animation, react to user actions, and update content without page reloads....
If you’re working with AWS at all, you’ll eventually run into NAT Gateway. It’s one of those fundamental pieces that shows up in almost every basic VPC setup, so it...
If you’re working with GitLab, you’ve probably noticed that managing who can do what gets complicated fast. This post walks through the built-in roles GitLab gives you, what each one...
I’ve gotten quite a few requests to write about Terraform Modules. The topic comes up a lot because people get confused about where modules end and resources begin. Let me...
I want to walk you through a real project I worked on. The ask was straightforward: go through all our applications and yank out any passwords that were hardcoded in...
AWS created Secrets Manager after hearing from customers that managing secrets was critical but difficult. IAM Roles help because they provide temporary credentials automatically. Attach a role to an EC2...
If you have been working with Terraform for a while, you probably already know that environment variables can make your life easier, especially when running Terraform in CI/CD pipelines. You...
When Terraform does not do what you expect, you need to figure out why. This post covers the debugging tools Terraform gives you and how I use them in practice....
I want to walk you through Terraform variable types. If you’ve worked with other programming languages, you’ll find Terraform’s approach familiar. Variables hold your data, and you need to know...
Sometimes a resource goes sideways and Terraform loses track. Maybe an application inside a VM crashed while the VM itself keeps running. Or someone manually patched a database server outside...
I’ve been using this trick for a few months now. Every morning I need my AWS MFA code. Open phone, find authenticator app, squint at 6 digits, type them in...
GitLab’s rules keyword gives you control over whether a job runs or gets skipped. You build these rules from conditions that check variables and events.
A database stores and organizes information so you can retrieve it later. If you have worked with dynamic websites – online stores, portals, anything running on a CMS like WordPress...
S3 is fast out of the box, but there’s a difference between “works fine” and “handles serious traffic.” This post covers how to push S3 harder without resorting to Transfer...
Terraform is a solid tool for describing your infrastructure as code. But if you need to create multiple resources that are nearly identical, copying and pasting the same block gets...
Terraform has a handy way to render configuration files dynamically by injecting variables into templates. If you have ever needed to generate a user-data script, a config file, or a...
If you work on a Java team that also builds a frontend, you have probably run into this problem: your backend uses Maven, your frontend uses Node.js, and getting them...
I work with AWS KMS regularly, and in this post I want to share what I’ve learned about the key management service and how to use it from the command...
If you are building Java applications, you need Gitlab Runner and Maven in your CI/CD pipeline. This post walks through everything required to get your Java project building on Gitlab,...
If you want to analyze a JavaScript project with SonarQube but don’t want to install Java, Node.js, and a bunch of other tools on your machine, Docker is the way...
Here is the thing about deleting files on Linux: the commands are simple, but the consequences are permanent. The rm, unlink, and rmdir commands delete files and directories, and they...
I’ve been using this trick for a few months now. Every morning I need my AWS MFA code. Open phone, find authenticator app, squint at 6 digits, type them in...
Here is the thing about deleting files on Linux: the commands are simple, but the consequences are permanent. The rm, unlink, and rmdir commands delete files and directories, and they...
If you work on a Java team that also builds a frontend, you have probably run into this problem: your backend uses Maven, your frontend uses Node.js, and getting them...
I’ve been using SonarQube with Docker and Maven for years, and it’s still my go-to setup for local development. Let me walk you through how I run it without spending...
Review apps changed how my team does code review. Instead of reading diffs, reviewers click a link and see the actual change running. The designer can verify spacing on the...
Our monorepo pipeline used to take 15 minutes. Every commit ran tests for the API, the background worker, and the frontend — in sequence, regardless of what changed. A one-line...
Two years ago, SBOMs were a checkbox on a compliance spreadsheet. In 2026, they’re a hard requirement. The US Executive Order 14028 mandated that any software sold to federal agencies...
The first time I tried running integration tests in GitLab CI, I hardcoded a database connection to localhost and wondered why nothing worked. The job would spin up, find no...
GitLab Runner is one of those tools that sits at the heart of GitLab CI/CD. It picks up the jobs you define in your pipeline and runs them, reporting results...
I’ve been deploying to AWS from GitLab CI for years. The patterns have shifted. In 2021 the answer was almost always Elastic Beanstalk — it was the lowest-friction path from...
In this tutorial, we’ll walk through a real project that needs a GitLab CI/CD pipeline. We’ll look at actual working examples and explain why gitlab ci yml examples matter in...
I want to walk you through a real project I worked on. The ask was straightforward: go through all our applications and yank out any passwords that were hardcoded in...
GitLab’s rules keyword gives you control over whether a job runs or gets skipped. You build these rules from conditions that check variables and events.
If you work on a Java team that also builds a frontend, you have probably run into this problem: your backend uses Maven, your frontend uses Node.js, and getting them...
GitLab is more than a code repo. You can build, test, and deploy straight from it. If you are already working with Infrastructure as Code, you probably use Terraform locally....
GitLab CI is a solid choice for building and deploying applications. You get automation, full change tracking, and a pipeline system that handles the heavy lifting.
I wanted to share how I set up CloudFormation templates to run through GitLab CI/CD. If you’ve been writing templates and running them manually from your terminal, moving the whole...
I have been running GitLab CI at scale for a while now, and one thing I keep running into is the need for more hardware as applications get more complex....
Building a Docker image on GitLab sounds simple, and it usually is – until you hit caching problems or try to push to a remote registry. I ran into these...
If you are building Java applications, you need Gitlab Runner and Maven in your CI/CD pipeline. This post walks through everything required to get your Java project building on Gitlab,...
If you want to analyze a JavaScript project with SonarQube but don’t want to install Java, Node.js, and a bunch of other tools on your machine, Docker is the way...
I’ve been using SonarQube with Docker and Maven for years, and it’s still my go-to setup for local development. Let me walk you through how I run it without spending...
If you want to analyze a JavaScript project with SonarQube but don’t want to install Java, Node.js, and a bunch of other tools on your machine, Docker is the way...
I’ve been using SonarQube with Docker and Maven for years, and it’s still my go-to setup for local development. Let me walk you through how I run it without spending...
CVE-2026-31431 is not the kind of Linux bug you leave for the next maintenance window. CERT-EU says Copy Fail was publicly disclosed on April 29, 2026, has a CVSS 3.1...
Merging PDFs on Linux is one of those things that sounds harder than it is. Whether you’re combining signed contracts, stacking reports, or just cleaning up a folder full of...
I’ve broken a production server twice by creating users wrong. Once by assigning the wrong UID. Once by not understanding how the primary group assignment works. Neither time was obvious...
I’ve broken a production server twice by creating users wrong. Once by assigning the wrong UID. Once by not understanding how the primary group assignment works. Neither time was obvious...
I’ve broken a production server twice by creating users wrong. Once by assigning the wrong UID. Once by not understanding how the primary group assignment works. Neither time was obvious...
I spent three years at a company that spent $4 million on “DevOps transformation.” New tools, new cloud infrastructure, training budgets, the works. The velocity of the platform stayed flat....
Pulumi vs Terraform is usually framed as “real programming languages versus HCL.” That framing is useful for about five minutes, then it starts hiding the real decision.
Kafka vs Apache Pulsar is no longer a simple “streaming log versus cloud-native queue” debate. That shortcut used to be useful, but it is now too shallow for real platform...
On February 4, 2026, Amazon ECS added native support for linear and canary deployment strategies for services using Network Load Balancers. That is a small announcement with a large operational...
On March 22, 2026, the AWS Compute Blog published a practical guide for the enhanced Step Functions TestState API. The important part is not the API name. The important part...
On April 28, 2026, AWS announced something that changes the enterprise AI architecture conversation: OpenAI models, Codex on Amazon Bedrock, and Amazon Bedrock Managed Agents powered by OpenAI are coming...
Cloudflare released cf-terraforming tf-migrate on April 24, 2026, and the target audience is every team that looked at the Cloudflare Terraform provider v4 to v5 migration and quietly postponed it....
Terraform 1.15 is the kind of release that can break a quiet CI lane before anyone notices the changelog. The headline features are useful: Windows ARM64 builds, deprecated variables and...
GitHub Copilot changes its billing model on June 1, 2026. Premium request units go away, GitHub AI Credits become the unit of usage, and the expensive part is no longer...
I spent my first year as a DevOps engineer doing the same thing every Friday: logging into the AWS console, finding EC2 instances that needed backups, creating snapshots manually, tagging...
I’ve spent the last three months using both GitHub Copilot and Kiro on actual DevOps work. Not toy examples. Not “write a hello world Lambda.” Real infrastructure code: Terraform modules...
The first time I tried managing 40 EC2 instances with a bash script and a for loop, I ended up with 12 servers running Nginx 1.18 and 28 running Nginx...
On April 22, 2026, AWS added a set of Amazon Bedrock AgentCore features that changes the early developer workflow more than the runtime architecture. The update is not just “more...
AWS CLI v1 enters maintenance mode on July 15, 2026 and reaches end of support on July 15, 2027. AWS said scripts and workflows made for CLI v1 should continue...
You do not know your system’s limits until you hit them in production. That sentence costs companies real money every quarter. I have seen teams ship to production with nothing...
Production systems fail. Not “if” but “when.” Your database primary crashes at 3 AM, an Availability Zone goes dark right in the middle of peak traffic, or a misconfigured IAM...
AWS DevOps Agent is useful until it has to talk to something that sits behind a private subnet. Then the architecture problem is no longer about prompts or models. It...
When HashiCorp changed Terraform’s license in August 2023, it forced a reckoning across the infrastructure-as-code community. The shift to the Business Source License (BSL) sent shockwaves through organizations that had...
GitLab’s monorepo docs are blunt about it: long pipelines are expensive, and the cure is to stop running work you do not need. That sounds obvious until you look at...
Amazon Bedrock AgentCore got two features in March 2026 that matter far more than the marketing language around them. On March 17, 2026, AWS launched shell command execution in AgentCore...
Terraform workspaces seemed like the solution to multi-environment management — one configuration, many states. Then teams discovered the problems: workspace sprawl, no isolation between environments at the module level, and...
The problem: your application team needs to create IAM roles for their Lambda functions and ECS tasks. You can give them iam:CreateRole and related permissions, but then they can create...
The standard AWS multi-account setup has a tools account for CI/CD, separate accounts for dev/staging/prod, a security audit account, and maybe a shared services account for internal tooling. Getting code...
Helm is the package manager for Kubernetes. Raw YAML manifests work fine for a single deployment in one environment. Once you need the same application in staging, production, and three...
At some point in every GitLab CI/CD setup, the single shared runner stops being enough. Backend tests queue behind someone’s slow frontend build. GPU jobs wait on the same runner...
Both platforms started at essentially the same place and have converged to a point where the pipeline YAML looks almost identical. The real differences are in pricing model, ecosystem integration,...
The manual Terraform workflow — terraform plan on your laptop, peer-review the output in Slack, terraform apply if it looks right — breaks down around the time your team hits...
In 2021, GitHub released OIDC support for Actions — and quietly made static AWS access keys in CI/CD pipelines obsolete. The old approach required storing AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY as GitHub...
AWS re:Invent 2023 had a stat that keeps coming up in job postings: EKS adoption grew 88% year-over-year among enterprise AWS customers. That number isn’t surprising if you’ve been watching...
AWS EKS standard support ends 14 months after a Kubernetes version’s upstream release. Extended support adds another 12 months but costs $0.60 per cluster per hour on top of normal...
EC2 Auto Scaling has been around since 2009, but teams still misconfigure it in ways that cost them money or reliability. The most common mistake: using simple scaling policies instead...
A Node.js application shipped as a Docker image with all development dependencies included: node_modules with Jest, ESLint, TypeScript compiler, and hundreds of transitive dev dependencies baked in. The image weighs...
X-Ray answers the question that CloudWatch logs and metrics can’t: why is this specific request slow? Logs tell you something happened. Metrics tell you how often. X-Ray tells you exactly...
At five VPCs, full-mesh VPC peering starts to feel manageable. At ten it’s annoying. At twenty, you have 190 peering connections to maintain, each with its own route table entries,...
Every bastion host in your architecture is a maintenance burden and an attack surface. You need to keep the AMI patched, manage SSH keys across the team, control security group...
The average AWS account running production workloads generates findings from at least four different security services: GuardDuty for threat detection, Inspector for vulnerability scanning, Config for compliance drift, and IAM...
Most engineers use Route 53 for one thing: create an A record pointing to a load balancer and move on. But Route 53 has seven routing policies, each solving a...
Amazon MSK (Managed Streaming for Apache Kafka) runs Apache Kafka on AWS without you managing ZooKeeper, broker upgrades, or disk provisioning. You get standard Kafka — same protocol, same client...
A Lambda cold start is a tax you pay every time AWS needs to create a new execution environment for your function. For a Python function with minimal dependencies, that...
Kinesis is four distinct services that AWS bundles under one name, which creates genuine confusion. Kinesis Data Streams is a durable ordered log — producers write records, multiple consumers read...
A tweet with 52,894 impressions last September put it plainly: “master IAM roles and policies” was the single skill that separated AWS beginners from people who could actually build in...
In 2022, a researcher at Lacework published an analysis of 500 AWS accounts across their customer base. The most common finding was cryptocurrency mining workloads running on EC2 instances that...
Before EventBridge Pipes launched in December 2022, connecting an SQS queue to a Step Functions state machine meant writing a Lambda function that polled the queue, parsed the payload, and...
On March 31, 2026, AWS made the DevOps Agent generally available. The announcement tweet from @awscloud got 3.3 million views in a week. The reaction from the DevOps community ranged...
AWS CodePipeline and CodeBuild give you a CI/CD stack that stays entirely within AWS — no Jenkins to maintain, no GitHub Actions runner infrastructure, no CircleCI seat costs. CodeBuild runs...
A tweet that reached 17,105 people last January listed the seven AWS services you need to know to get hired. CloudWatch was on it alongside EC2, S3, IAM, Lambda, RDS,...
HashiCorp’s Business Source License change in August 2023 sent a lot of teams back to evaluating their IaC options. AWS CDK picked up meaningful adoption during that period — not...
I built three DevOps agents on Bedrock last quarter. One was genuinely useful, one was okay, and one I threw away. That experience taught me more about what AI agents...
GitOps is the practice of using a Git repository as the single source of truth for what should run in your Kubernetes cluster. ArgoCD implements this by watching a Git...
Every few months someone on my team asks whether we should migrate from GitLab to GitHub, or vice versa. In 2026 that question is harder to answer than it was...
Containers are not new anymore. Docker turned twelve this year, and the developers who once called it revolutionary now just call it Tuesday. Yet the fundamentals behind containers are more...
Every team building on AWS eventually asks the same question: how much availability is enough? “Five nines” (99.999%) sounds impressive — that’s only 5.26 minutes of downtime per year —...
Most teams do not have a testing problem. They have a feedback-latency problem. Code gets written, pushed, and the first signal that something is wrong arrives from a production alert...
I’ve watched three cloud migration projects fall apart. Not because the technology failed — the tech almost never fails. They failed because nobody planned for the human and process side...
I’ve broken a production server twice by creating users wrong. Once by assigning the wrong UID. Once by not understanding how the primary group assignment works. Neither time was obvious...
Two years ago, SBOMs were a checkbox on a compliance spreadsheet. In 2026, they’re a hard requirement. The US Executive Order 14028 mandated that any software sold to federal agencies...
The first time I tried running integration tests in GitLab CI, I hardcoded a database connection to localhost and wondered why nothing worked. The job would spin up, find no...
On April 23, 2026, Docker published details on two Docker Hub supply-chain compromises that hit common security scanners: Trivy first, then Checkmarx KICS. The KICS incident was especially uncomfortable for...
Docker’s April 14, 2026 update on Hardened Images included a few numbers that are hard to ignore: more than 500,000 daily pulls, more than 25,000 continuously patched OS-level artifacts, and...
Image supply-chain security usually breaks in the dullest place possible: the registry stores the image, but the signature or SBOM lives somewhere else. Amazon ECR fixed that split in April...
Docker’s March 2026 security push is not subtle. The company said over a quarter of production code is now AI-authored, and that developers using agents are merging roughly 60% more...
LocalStack built something genuinely useful. A local emulator for AWS services that let you test Lambdas, S3 buckets, SQS queues, and DynamoDB tables without touching a real AWS account. For...
A Node.js application shipped as a Docker image with all development dependencies included: node_modules with Jest, ESLint, TypeScript compiler, and hundreds of transitive dev dependencies baked in. The image weighs...
Containers are not new anymore. Docker turned twelve this year, and the developers who once called it revolutionary now just call it Tuesday. Yet the fundamentals behind containers are more...
I’ve been deploying to AWS from GitLab CI for years. The patterns have shifted. In 2021 the answer was almost always Elastic Beanstalk — it was the lowest-friction path from...
Let’s talk about running multiple Docker containers together. Specifically, I’ll show you how to spin up a WordPress site with a database backing it, using Docker Compose.
I want to walk you through a real project I worked on. The ask was straightforward: go through all our applications and yank out any passwords that were hardcoded in...
I like keeping my system clean. Too many installed packages, too many dependencies I’ll never use again – that kind of thing bugs me. So when I realized I could...
Building a Docker image on GitLab sounds simple, and it usually is – until you hit caching problems or try to push to a remote registry. I ran into these...
If you are building Java applications, you need Gitlab Runner and Maven in your CI/CD pipeline. This post walks through everything required to get your Java project building on Gitlab,...
Review apps changed how my team does code review. Instead of reading diffs, reviewers click a link and see the actual change running. The designer can verify spacing on the...
Our monorepo pipeline used to take 15 minutes. Every commit ran tests for the API, the background worker, and the frontend — in sequence, regardless of what changed. A one-line...
Two years ago, SBOMs were a checkbox on a compliance spreadsheet. In 2026, they’re a hard requirement. The US Executive Order 14028 mandated that any software sold to federal agencies...
The first time I tried running integration tests in GitLab CI, I hardcoded a database connection to localhost and wondered why nothing worked. The job would spin up, find no...
Every few months someone on my team asks whether we should migrate from GitLab to GitHub, or vice versa. In 2026 that question is harder to answer than it was...
GitLab Runner is one of those tools that sits at the heart of GitLab CI/CD. It picks up the jobs you define in your pipeline and runs them, reporting results...
I’ve been deploying to AWS from GitLab CI for years. The patterns have shifted. In 2021 the answer was almost always Elastic Beanstalk — it was the lowest-friction path from...
In software development, security and efficiency matter. DevOps has changed how teams build, test, and deploy software, enabling faster delivery and collaboration between development and operations. However, with evolving security...
Managing changes is a key part of using Git. This tutorial walks through how to undo git staged changes step by step. All examples work with GitLab as well.
In this tutorial, we’ll walk through a real project that needs a GitLab CI/CD pipeline. We’ll look at actual working examples and explain why gitlab ci yml examples matter in...
If you’re working with GitLab, you’ve probably noticed that managing who can do what gets complicated fast. This post walks through the built-in roles GitLab gives you, what each one...
Webhooks let GitLab push HTTP requests to your app when something happens. You can use this to get notified or trigger automation without polling an API.
If you run the same pipeline over and over, waiting for npm install or bundle install every time, you start wondering if there’s a better way. There is. GitLab CI...
Artifacts let you persist files between CI/CD jobs. If your pipeline produces build outputs, test reports, or any other files you need later, GitLab stores them as artifacts. You can...
GitLab’s rules keyword gives you control over whether a job runs or gets skipped. You build these rules from conditions that check variables and events.
I had to clean up a bunch of old projects on GitLab recently, and figured I’d write this down while it’s fresh. If your GitLab instance has too many abandoned...
If you work with GitLab, you probably type your username and password every time you push code. It gets old fast. SSH keys fix that: once set up, GitLab authenticates...
GitLab is more than a code repo. You can build, test, and deploy straight from it. If you are already working with Infrastructure as Code, you probably use Terraform locally....
GitLab CI is a solid choice for building and deploying applications. You get automation, full change tracking, and a pipeline system that handles the heavy lifting.
I wanted to share how I set up CloudFormation templates to run through GitLab CI/CD. If you’ve been writing templates and running them manually from your terminal, moving the whole...
I have been running GitLab CI at scale for a while now, and one thing I keep running into is the need for more hardware as applications get more complex....
Building a Docker image on GitLab sounds simple, and it usually is – until you hit caching problems or try to push to a remote registry. I ran into these...
If you are building Java applications, you need Gitlab Runner and Maven in your CI/CD pipeline. This post walks through everything required to get your Java project building on Gitlab,...
I connected Bedrock to our Aurora cluster last month. The first thing I asked it was “show me all customers who churned in Q1 but came back in Q2” —...
The moment two engineers run terraform apply at the same time without state locking, you have a race condition that can corrupt your entire infrastructure state. Both processes read the...
The VPC decisions you make on day one will follow you for years. I’ve lived through the consequences—redesigning a network that was built without proper CIDR planning, watching a simple...
I migrated our production cluster from Graviton3 to Graviton5 last month. Three services, two weekends, zero downtime. The numbers justified it in the first billing cycle. Here’s what actually happened...
I watched a backend engineer spend two hours yesterday trying to figure out which CloudFormation template to use for their new service. They had three options in a Confluence page....
JWT authorizers replaced about 80% of the Lambda authorizers I used to write. Not because they’re always the right tool — they’re not — but because most of the time...
I’ve deployed hundreds of Lambda functions across dozens of AWS accounts. The most common pain I see — even from experienced teams — is the dependency packaging problem. Someone adds...
On February 4, 2026, Amazon ECS added native support for linear and canary deployment strategies for services using Network Load Balancers. That is a small announcement with a large operational...
On January 29, 2026, AWS raised one of the quiet limits that shaped serverless architecture for years: asynchronous Lambda invocations, Amazon SQS messages, and Amazon EventBridge events can now carry...
AWS Lambda Durable Functions change a decision that used to be almost automatic. For years, if a serverless workflow needed to wait, retry, branch, call several services, or survive failure,...
On April 28, 2026, AWS announced something that changes the enterprise AI architecture conversation: OpenAI models, Codex on Amazon Bedrock, and Amazon Bedrock Managed Agents powered by OpenAI are coming...
I used to instrument AWS services the hard way. AWS X-Ray SDK here, CloudWatch Logs there, custom metrics scattered across a dozen boto3 calls. Each service had its own observability...
AWS published a practical IAM Identity Center session-tags walkthrough on April 28, 2026, and the pattern is worth copying: take attributes from Microsoft Entra ID, pass them through IAM Identity...
Terraform 1.15 is the kind of release that can break a quiet CI lane before anyone notices the changelog. The headline features are useful: Windows ARM64 builds, deprecated variables and...
AWS Client VPN can now attach natively to AWS Transit Gateway. AWS announced the integration on April 23, 2026, and the practical impact is straightforward: remote users can reach multiple...
On April 29, 2026, CloudFront got a feature I have wanted for years: native cache invalidation by tag. AWS says tag invalidations become effective in under 5 seconds at P95...
I spent most of last year watching teams try to build AI agents from scratch. The common thread: they underestimated the infrastructure. Everyone focuses on the model choice, spends a...
Three years ago I watched a company spend $2.4 million and eleven months building a “cloud-agnostic” platform that ran equally on AWS, Azure, and GCP. The CTO sold the board...
I still remember the day our monitoring dashboard went red. We had a critical batch processing system running on EKS, and the SQS queue was backing up fast—messages were accumulating...
I spent my first year as a DevOps engineer doing the same thing every Friday: logging into the AWS console, finding EC2 instances that needed backups, creating snapshots manually, tagging...
I once watched a team rotate a database password by editing a YAML file, pushing it to a private Git repo, and manually restarting three services. That worked right up...
On April 21, 2026, AWS Lambda removed one of the dumbest pieces of plumbing in a lot of serverless code: the “download from S3, write to /tmp, process, upload to...
The first time I tried managing 40 EC2 instances with a bash script and a for loop, I ended up with 12 servers running Nginx 1.18 and 28 running Nginx...
AWS has set the same April 30, 2026 new-customer cutoff for two Amazon Rekognition capabilities: Streaming Video Analysis and Batch Image Content Moderation. Existing accounts that used the affected features...
AWS has set an important cutoff for Amazon Comprehend users: topic modeling, event detection, and prompt safety classification stop being available to new customers on April 30, 2026. Existing AWS...
Amazon SNS message data protection has a hard availability change on April 30, 2026. AWS says the feature will no longer be available to new customers after that date. Existing...
AWS published the Security Hub Extended technical walkthrough on April 22, 2026, after announcing the multicloud expansion on March 10, 2026. The short version: Security Hub is becoming more than...
On April 2, 2026, AWS expanded Amazon CloudWatch auto-enablement so teams can automatically configure telemetry for Amazon CloudFront Standard access logs, AWS Security Hub CSPM finding logs, and Amazon Bedrock...
On April 22, 2026, AWS added a set of Amazon Bedrock AgentCore features that changes the early developer workflow more than the runtime architecture. The update is not just “more...
On April 20, 2026, AWS added seven Amazon EKS IAM condition keys that finally make several cluster standards enforceable before the cluster is created or changed. That date matters because...
AWS CLI v1 enters maintenance mode on July 15, 2026 and reaches end of support on July 15, 2027. AWS said scripts and workflows made for CLI v1 should continue...
AWS added CloudTrail Lake to its March 31, 2026 service availability update and said CloudTrail Lake will stop accepting new customers on May 31, 2026. Existing customers can continue to...
Amazon EKS Hybrid Nodes has been generally available since December 1, 2024, but the February 24, 2026 AWS containers post made the feature a lot more practical by showing a...
Amazon ECS launched managed daemons for ECS Managed Instances on April 1, 2026. The headline sounds small. The operational impact is not. AWS now gives platform teams a way to...
AWS published its official MCP-on-ECS walkthrough on April 14, 2026. That matters because the runtime question is now the real question. Most teams no longer struggle with the idea of...
Amazon ECS Express Mode launched on November 21, 2025. At first it looked like just another convenience layer on top of ECS. Five months later, it looks like something more...
On March 31, 2026, AWS said App Runner will stop accepting new customers on April 30, 2026. Existing App Runner customers can keep using the service, create new App Runner...
AWS shipped Bedrock Guardrails cross-account enforcement on April 3, 2026, and this is exactly the kind of feature security teams ask for after the first wave of internal AI pilots...
AWS put a date on Copilot’s decline on March 6, 2026: support ends June 12, 2026. That gives teams barely a quarter to stop treating Copilot as a safe default....
I have lost count of how many times someone told me voice was “finally here.” Siri let us down. Alexa hit a wall. Google Assistant got folded into something else...
The cloud AI platform landscape in 2026 looks nothing like it did even twelve months ago. Amazon Bedrock, Azure AI Foundry, and Google Vertex AI have each matured from “model...
Every ML team I talk to faces the same question in 2026: should you train your models on AWS’s custom Trainium3 silicon or stick with NVIDIA’s H100 GPUs? The answer...
If your application serves users around the world, running everything in a single AWS region just doesn’t cut it anymore. Users in Tokyo shouldn’t have to wait 300 milliseconds for...
You do not know your system’s limits until you hit them in production. That sentence costs companies real money every quarter. I have seen teams ship to production with nothing...
Production systems fail. Not “if” but “when.” Your database primary crashes at 3 AM, an Availability Zone goes dark right in the middle of peak traffic, or a misconfigured IAM...
Most tutorials show you how to run terraform apply on a git push and call it a day. I’ve inherited infrastructure built that way. It’s chaos. Drift accumulates silently. Rollbacks...
Amazon Bedrock got a billing upgrade that matters more than it sounds. If several teams, applications, or engineers call the same model endpoints, the monthly bill used to tell you...
The AWS Knowledge MCP Server is the kind of infrastructure that becomes obvious only after you use it. It went generally available on October 1, 2025, and the pitch is...
AES-GCM has real limits, and most teams only discover them after a key has been used far longer than they planned. AWS KMS and the AWS Encryption SDK exist partly...
PCI DSS on EKS is not one control. It is a set of controls that have to line up: network inspection, identity, logging, and evidence retention. AWS’s April 2026 guidance...
EKS Auto Mode removes a lot of node and load balancer work, but it does not remove networking decisions. The April 2026 networking post makes that clear: Auto Mode automatically...
EKS Pod Identity session policies are the first practical answer AWS has given to “how do I keep pod permissions narrow without creating a dozen roles?” The answer is simple:...
CloudWatch’s cross-region telemetry rules are the kind of release that saves a security team from repeating the same setup in every region by hand. On April 16, 2026, AWS added...
Lambda Managed Instances is the first Lambda variant that makes the question “should this be serverless or just EC2?” worth asking again. AWS now runs the function on current-generation EC2...
Image supply-chain security usually breaks in the dullest place possible: the registry stores the image, but the signature or SBOM lives somewhere else. Amazon ECR fixed that split in April...
AWS DevOps Agent is useful until it has to talk to something that sits behind a private subnet. Then the architecture problem is no longer about prompts or models. It...
AWS made the control question explicit in April 2026: when an AI agent touches AWS, which IAM principal is actually acting? That is the part people skip, and it is...
When HashiCorp changed Terraform’s license in August 2023, it forced a reckoning across the infrastructure-as-code community. The shift to the Business Source License (BSL) sent shockwaves through organizations that had...
AWS finally moved Lambda into territory that used to force an ECS or EC2 conversation. The new Lambda Managed Instances compute type lets you run functions on current-generation EC2 capacity...
The simplest way to ruin network security is to let every VPC invent its own firewall story. The cleaner pattern is still centralized inspection: one inspection VPC, one firewall policy...
AWS keeps pushing Amazon EKS deeper into AI infrastructure for a reason: it scales, it is familiar, and it already sits in a lot of enterprise networking and identity stacks....
Security Hub changed twice in quick succession. On February 26, 2026, AWS launched Security Hub Extended as a pay-as-you-go plan for partner solutions. On March 31, 2026, CloudWatch started ingesting...
AWS did not make Cloud WAN interesting by adding another dashboard. It made Cloud WAN interesting by letting you control the routes themselves. On November 20, 2025, AWS launched Cloud...
On April 14, 2026, AWS took a part of network architecture that usually lives in email threads, partner tickets, and hand-built BGP configs and turned it into a product in...
AWS launched Amazon Bio Discovery on April 14, 2026. What stood out to me was simple: AWS did not ship a generic model endpoint for biotech teams. It shipped a...
Java teams already have enough framework churn. Most of them are not looking for a new agent platform. They want to keep Spring Boot, add model access, expose a few...
AWS rolled out S3 Vectors in preview on July 15, 2025. Google put Gemini File Search into public preview on November 6, 2025. That changed the retrieval conversation. A year...
On March 10, 2026, AWS added stateful MCP server features to Amazon Bedrock AgentCore Runtime. If you only read the headline, it sounds like a protocol update. It is more...
On April 9, 2026, AWS launched AWS Agent Registry in preview inside Amazon Bedrock AgentCore. That launch matters because most teams are no longer struggling with a single agent demo....
AWS announced Amazon EKS Auto Mode on December 1, 2024. The deeper “under the hood” explanation followed on March 31, 2025. On February 10, 2026, AWS added CloudWatch Vended Logs...
On March 1, 2024, AWS added hybrid search to Knowledge Bases for Amazon Bedrock for Amazon OpenSearch Serverless. On March 27, 2025, AWS added Amazon OpenSearch Managed Cluster as a...
AWS made Amazon Bedrock AgentCore Evaluations generally available on March 31, 2026. That launch matters because it answers the first serious production question every agent team eventually hits: how do...
Amazon Bedrock AgentCore got two features in March 2026 that matter far more than the marketing language around them. On March 17, 2026, AWS launched shell command execution in AgentCore...
Amazon ECS Service Connect and Amazon VPC Lattice both improve service-to-service connectivity on AWS, but they do not solve the same boundary. Amazon ECS Service Connect launched on November 27,...
Every serverless architecture eventually runs into the same problem: you have messages in SQS and you need Lambda to process them reliably. Not just the happy path — reliably. Meaning...
The kube-prometheus-stack Helm chart installs Prometheus, Alertmanager, Grafana, and a collection of default Kubernetes dashboards in about five minutes. That’s the fastest path to useful EKS monitoring. The harder part...
LocalStack built something genuinely useful. A local emulator for AWS services that let you test Lambdas, S3 buckets, SQS queues, and DynamoDB tables without touching a real AWS account. For...
AWS launched Kiro on July 14, 2025. It’s an agentic IDE built on Code OSS (the open-source foundation of VS Code) and it makes a specific bet: the biggest problem...
The problem: your application team needs to create IAM roles for their Lambda functions and ECS tasks. You can give them iam:CreateRole and related permissions, but then they can create...
The standard AWS multi-account setup has a tools account for CI/CD, separate accounts for dev/staging/prod, a security audit account, and maybe a shared services account for internal tooling. Getting code...
Helm is the package manager for Kubernetes. Raw YAML manifests work fine for a single deployment in one environment. Once you need the same application in staging, production, and three...
The manual Terraform workflow — terraform plan on your laptop, peer-review the output in Slack, terraform apply if it looks right — breaks down around the time your team hits...
In 2021, GitHub released OIDC support for Actions — and quietly made static AWS access keys in CI/CD pipelines obsolete. The old approach required storing AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY as GitHub...
The aws-auth ConfigMap was never a good idea. It’s a plain Kubernetes ConfigMap in the kube-system namespace — editable by anyone with cluster-admin, no audit trail, no AWS-native access controls,...
Running out of IP addresses in production at 2 AM is a specific kind of bad. It happens in EKS clusters when the VPC CNI plugin has allocated every available...
Karpenter hit v1.0 in late 2024, and for most EKS clusters it’s now the better choice over Cluster Autoscaler. The performance difference alone is enough to justify the switch: Cluster...
AWS re:Invent 2023 had a stat that keeps coming up in job postings: EKS adoption grew 88% year-over-year among enterprise AWS customers. That number isn’t surprising if you’ve been watching...
A batch job that runs for eight minutes, three times a day. A CI pipeline that spins up test pods on every commit. An API that handles zero traffic on...
EC2 Auto Scaling has been around since 2009, but teams still misconfigure it in ways that cost them money or reliability. The most common mistake: using simple scaling policies instead...
DynamoDB Streams is the feature that turns DynamoDB from a storage layer into an event source. Every write to a table — every put, update, and delete — produces a...
Rick Houlihan built the methodology for DynamoDB at Amazon before turning it into what the community calls single-table design. The idea is genuinely odd if you’re coming from SQL: put...
Running Kubernetes on EKS without Container Insights is like flying without instruments. You can see your pods are running, but when a node is memory-pressured and pods start getting OOMKilled,...
Training a custom Nova model on Bedrock costs less than you probably expect. A supervised fine-tuning job on roughly 5,000 conversation examples — enough data to meaningfully shift model behavior...
On April 28, 2026, Claude 3.7 Sonnet reached end-of-life on Amazon Bedrock. Calls to anthropic.claude-3-7-sonnet-20250219-v1:0 returned a ValidationException with the message “The provided model identifier is invalid.” No warning in...
When three teams share a single AWS account and all call Bedrock, figuring out who spent what requires more than just looking at the monthly bill. The “Amazon Bedrock” line...
At 1,000 multi-step requests per day, Bedrock Agents costs roughly $864/month. Running the same workload against Nova Pro directly with a custom orchestration layer costs about $137/month. That gap —...
On February 24, 2026, AWS announced server-side tool execution for Amazon Bedrock through Amazon Bedrock AgentCore Gateway integration with the Responses API. That launch changes a stubborn problem in agent...
On March 13, 2026, AWS announced that Amazon Bedrock AgentCore Runtime now supports the Agent-User Interaction protocol, better known as AG-UI. That is more important than it sounds. Most agent...
X-Ray answers the question that CloudWatch logs and metrics can’t: why is this specific request slow? Logs tell you something happened. Metrics tell you how often. X-Ray tells you exactly...
AWS WAF v2 launched in 2019 and the original WAF Classic is end-of-life — migration ended November 2024. If you’re still on Classic, those web ACLs are frozen. This guide...
At five VPCs, full-mesh VPC peering starts to feel manageable. At ten it’s annoying. At twenty, you have 190 peering connections to maintain, each with its own route table entries,...
Step Functions launched in 2016 as a way to sequence Lambda functions without writing glue code. Seven years later, it has grown into something considerably more powerful: 220+ AWS service...
Every bastion host in your architecture is a maintenance burden and an attack surface. You need to keep the AMI patched, manage SSH keys across the team, control security group...
The average AWS account running production workloads generates findings from at least four different security services: GuardDuty for threat detection, Inspector for vulnerability scanning, Config for compliance drift, and IAM...
I learned the hard way that static credentials are ticking time bombs. A contractor leaves, a key leaks through a misconfigured S3 bucket policy, a developer accidentally commits a .env...
The biggest bill shock teams get on AWS isn’t from accidental services left running or an exposed S3 bucket. It’s from paying On-Demand rates for workloads that run 24/7. A...
Most engineers use Route 53 for one thing: create an A record pointing to a load balancer and move on. But Route 53 has seven routing policies, each solving a...
The problem RDS Proxy solves is simple to describe and expensive to ignore: Lambda functions don’t maintain persistent connections. Every cold start opens a new database connection. At moderate scale...
The default path for a private EC2 instance to reach an AWS service like S3, Secrets Manager, or SSM is through a NAT gateway — $0.045/hour plus $0.045 per GB...
Most AWS teams start with one account. They create IAM users, attach policies, and eventually have a mess of permissions nobody fully understands. Then they start a second account for...
Amazon MSK (Managed Streaming for Apache Kafka) runs Apache Kafka on AWS without you managing ZooKeeper, broker upgrades, or disk provisioning. You get standard Kafka — same protocol, same client...
When a fintech company discovered in late 2023 that 14 months of customer transaction exports — including names, account numbers, and partial SSNs — had been sitting in a public...
A Lambda cold start is a tax you pay every time AWS needs to create a new execution environment for your function. For a Python function with minimal dependencies, that...
Kinesis is four distinct services that AWS bundles under one name, which creates genuine confusion. Kinesis Data Streams is a durable ordered log — producers write records, multiple consumers read...
Inspector Classic (v1) required you to schedule scans, install an agent manually, and remember to run assessments after deployments. Inspector v2, launched in November 2021, works differently. Enable it once...
A tweet with 52,894 impressions last September put it plainly: “master IAM roles and policies” was the single skill that separated AWS beginners from people who could actually build in...
AWS renamed AWS Single Sign-On to IAM Identity Center in 2022, which confused a lot of people who were still searching for “AWS SSO” in the console. The name changed;...
In 2022, a researcher at Lacework published an analysis of 500 AWS accounts across their customer base. The most common finding was cryptocurrency mining workloads running on EC2 instances that...
AWS Glue is a managed ETL service built on Apache Spark, combined with a metadata catalog that integrates across Athena, EMR, Redshift Spectrum, and Lake Formation. The two parts are...
I’ve watched too many teams misunderstand FinOps. They think it means shutting down instances at night or buying bigger discounts. That’s not FinOps. That’s panic cost-cutting. Real FinOps is about...
Before EventBridge Pipes launched in December 2022, connecting an SQS queue to a Step Functions state machine meant writing a Lambda function that polled the queue, parsed the payload, and...
Three AWS storage services cover most production workloads, and the wrong choice is expensive. EBS costs $0.08/GB-month for gp3, EFS costs $0.30/GB-month in standard storage, and S3 costs $0.023/GB-month. Pick...
On March 31, 2026, AWS made the DevOps Agent generally available. The announcement tweet from @awscloud got 3.3 million views in a week. The reaction from the DevOps community ranged...
AWS bills monthly and surprises quarterly. A developer enables NAT Gateway logging in a test environment; nobody notices until the bill arrives with an extra $400 in data processing charges....
Most AWS accounts run EC2 instances that are the wrong size. Not dramatically wrong — nobody runs an m5.24xlarge for a blog — but quietly, consistently over-provisioned. An instance that...
AWS CodePipeline and CodeBuild give you a CI/CD stack that stays entirely within AWS — no Jenkins to maintain, no GitHub Actions runner infrastructure, no CircleCI seat costs. CodeBuild runs...
A tweet that reached 17,105 people last January listed the seven AWS services you need to know to get hired. CloudWatch was on it alongside EC2, S3, IAM, Lambda, RDS,...
Every API call made to AWS — from the console, CLI, SDK, or another service — generates a CloudTrail event. Who created that security group rule? When was that IAM...
HashiCorp’s Business Source License change in August 2023 sent a lot of teams back to evaluating their IaC options. AWS CDK picked up meaningful adoption during that period — not...
I built three DevOps agents on Bedrock last quarter. One was genuinely useful, one was okay, and one I threw away. That experience taught me more about what AI agents...
Aurora Global Database replicates your MySQL or PostgreSQL data across up to five AWS regions with typical replication lag under one second. Writes happen in a single primary region; secondary...
GitOps is the practice of using a Git repository as the single source of truth for what should run in your Kubernetes cluster. ArgoCD implements this by watching a Git...
The announcement in April 2026 was surprisingly quiet for something that changes a real pain point. AWS shipped S3 Files — a feature that mounts an S3 bucket as a...
Amazon EKS Capabilities is one of the more consequential EKS launches for platform teams because it moves beyond “managed Kubernetes control plane” and starts managing common platform controllers around the...
AWS App Mesh is end-of-life as of September 30, 2026. If you run ECS services that communicate via App Mesh, migration is required. The AWS-recommended replacement for ECS workloads is...
Something I tell every new team I work with: stop assuming your internal network is safe. That assumption is how you end up with a bad time. In 2026, 8.4...
The AWS Solutions Architect Professional (SAP-C02) is one of the harder certifications in the cloud space — not because of trick questions, but because the exam tests whether you can...
Amazon Keyspaces is a serverless, fully managed database service that speaks Apache Cassandra’s query language. That description sounds cleaner than the reality: Keyspaces is not a drop-in Cassandra replacement. It’s...
Most “Redshift vs DynamoDB” comparisons are built on a false premise — that these two services are alternatives to each other. They are not. Amazon Redshift is an OLAP data...
Amazon ElastiCache has changed more in the past two years than in the previous five. The Redis licensing drama, a new open-source fork, a serverless tier that actually works, and...
DynamoDB has been my go-to for event-driven, high-throughput workloads for years. The core design hasn’t changed — you still need to think hard about partition keys and access patterns before...
The question of where to run your database on AWS has gotten more complicated, not less. In 2019, the answer was often “just use RDS.” In 2026, you have EC2...
EC2 has been the core compute service at AWS since 2006 and in 2026 it still is. Containers, Lambda, and managed services have taken over a lot of workloads —...
The infrastructure-as-code tooling market looks different in 2026 than it did three years ago. HashiCorp’s 2023 license change from MPL to BSL fractured the Terraform community, triggered the OpenTofu fork...
Getting data into AWS sounds straightforward until you’re actually doing it. The right approach for ingesting 50,000 IoT sensor events per second is completely different from the right approach for...
Every infrastructure team hits this wall eventually. The AWS account already has hundreds of resources — VPCs, security groups, RDS clusters, S3 buckets — that predate any Terraform adoption. Someone...
Every team building on AWS eventually asks the same question: how much availability is enough? “Five nines” (99.999%) sounds impressive — that’s only 5.26 minutes of downtime per year —...
I’ve been deploying to AWS from GitLab CI for years. The patterns have shifted. In 2021 the answer was almost always Elastic Beanstalk — it was the lowest-friction path from...
Dr. Werner Vogels is the Chief Technology Officer at Amazon.com. He gives keynotes on cloud computing, distributed systems, and Amazon’s technology strategy. As of November 2023, he continues to share...
Have you ever wondered how giant companies such as Netflix, LinkedIn, or Facebook manage their vast digital servers and applications? Or how startups rapidly transform their innovative ideas into reality...
Serverless computing and containers are changing how developers build applications. Tech giants like AWS, Google Cloud, and Azure offer serverless container platforms that let teams focus on code instead of...
Picking an architecture style matters. A lot. You either go with a monolith, which is basically one big codebase where everything lives together, or you split things into microservices, where...
Think of it this way: what if the servers running your app could scale up automatically when traffic spikes, and scale down when it’s quiet, without you touching anything? That’s...
In software development, security and efficiency matter. DevOps has changed how teams build, test, and deploy software, enabling faster delivery and collaboration between development and operations. However, with evolving security...
On August 30, 2023, AWS renamed Amazon Kinesis Data Analytics to Amazon Managed Service for Apache Flink. The new name better reflects that the service uses Apache Flink under the...
I’ve watched three cloud migration projects fall apart. Not because the technology failed — the tech almost never fails. They failed because nobody planned for the human and process side...
I worked with a growing e-commerce company that needed to handle communication between different parts of their application. They ended up looking at two AWS services: Simple Notification Service (SNS)...
In this tutorial, we’ll walk through a real project that needs a GitLab CI/CD pipeline. We’ll look at actual working examples and explain why gitlab ci yml examples matter in...
A DevOps team at a growing company needed to handle automation and event-driven responses across multiple applications. Managing numerous Lambda functions individually became unwieldy. Terraform provided a way to solve...
A growing e-commerce company needed to manage logs from its Docker containers on Amazon Linux 2. With thousands of orders processed daily, server logs grew quickly and became hard to...
If you run an e-commerce site, you know the pain: vendors upload images in every size and format imaginable, and someone has to resize them all to something consistent. You...
If you’re preparing for an AWS exam, reading AWS whitepapers can help you build knowledge. This article covers five whitepapers worth reading before your exam.
AWS Application Load Balancer (ALB) sits at the front of your application and spreads incoming traffic across your backend resources. If you’ve been running a single server and hitting capacity...
Amazon Web Services (AWS) has a range of load balancing options, and the Network Load Balancer (NLB) fills a specific niche. It handles TCP and UDP traffic at the connection...
AWS Global Accelerator is a networking service that lives in the AWS ecosystem, designed to make your applications faster and more reliable. It sits in front of your application endpoints...
Three years ago I architected a global API platform that had to handle latency-sensitive traffic from users in Southeast Asia, Europe, and North America. We started with CloudFront because it’s...
If you’re running anything on AWS, you’ve probably dealt with VPCs. Virtual Private Clouds let you create isolated network environments, which is kind of the whole point of cloud networking....
AWS Enhanced Networking improves how your EC2 instances talk to each other. It uses technologies like the Elastic Network Adapter (ENA) and Single Root I/O Virtualization (SR-IOV) to deliver faster,...
Here’s the thing about picking between Keyspaces and Timestream: the marketing pages make them look like they’re in the same category. They’re both “managed databases on AWS.” They both scale....
If you need a relational database that plays nice with MySQL and PostgreSQL but don’t want to deal with the operational headaches of running one yourself, Amazon Aurora is worth...
If you’ve worked with MongoDB and want something that just works without babysitting servers, Amazon DocumentDB deserves a look. It’s a fully managed document database that plays nice with MongoDB...
If you need to store data that nobody can tamper with later, Amazon QLDB is worth knowing about. It’s a database service from AWS that keeps an immutable, verifiable record...
Amazon Athena is one of those services that looks magical in demos and then hands you a surprise $3,000 bill on the first month you actually use it seriously.
If you’re working with data in Amazon S3 and need to run SQL queries, you’ve probably stumbled across Athena and Redshift Spectrum. Both let you query data directly in S3...
If you need to speed up a web app on AWS, you’ve probably bumped into Memcached and Redis. Both cache data in RAM so your database doesn’t have to work...
DynamoDB is a NoSQL database from Amazon that handles scale without breaking a sweat. If you need a database that grows with your app and never makes you fiddle with...
Data volumes have exploded in recent years, and managing interconnected information has become a real challenge for many teams. If you have ever dealt with highly connected data, you know...
Amazon Redshift is a cloud data warehouse service from AWS. It lets you store and analyze large datasets using standard SQL, and it’s built on PostgreSQL. AWS launched it in...
If you’ve ever wrestled with Java applications showing the wrong time on EC2, this one’s for you. I’ll walk through the whole process—the background, the tools, and the actual commands...
Cloud infrastructure work has changed a lot. These days, if you’re managing applications and networks, you’re also expected to think about scaling, security, and ongoing maintenance in the cloud. AWS...
John was working on a company project that used an RDS Postgres database. Things had been going smoothly until one day he got an email from AWS: the database server...
If you’ve ever wrestled with running databases on servers you own, you know it’s a lot of work. There’s hardware to buy, software to patch, backups to manage, and about...
Moving to the cloud sounds straightforward in theory. In practice, organizations running on-premise solutions face real challenges when the time comes to migrate. Data migration, business planning, and the long-term...
AWS gives you a few different ways to store files in the cloud. The three main options are Amazon Elastic File System (EFS), Amazon Elastic Block Store (EBS), and Amazon...
Amazon EBS (Elastic Block Store) is a block storage service from AWS. You can attach these volumes to your EC2 instances and use them for databases, file systems, or anything...
Amazon Elastic File System (EFS) is a managed file storage service that scales automatically as you add or remove files. It works with EC2 instances and lets multiple machines access...
Amazon S3 (Simple Storage Service) is a cloud storage service from Amazon Web Services (AWS). You can use it to store and retrieve any amount of data from anywhere on...
If you’ve got data in S3 and you’re tired of managing it manually, lifecycle rules are worth knowing about. They let you automate what happens to objects over time -...
If you’ve ever needed to keep files in sync between S3 buckets—whether that’s in the same region, across regions, or even across different AWS accounts—S3 Replication is the feature you...
Every year the “should I learn AWS” question gets asked by people who already know the answer. Yes. Obviously yes. But the question underneath the question is: how do you...
Amazon S3 Access Control Lists (ACLs) let you control who can access objects in your buckets. They’re one of several ways to manage permissions in S3, alongside bucket policies and...
If you’re juggling data across multiple S3 buckets and looking for a better way to manage who can access what, S3 Access Points might be what you need. They let...
If you want to host a static website but don’t know much about web development, Amazon S3 can handle the job. This guide walks through setting up a static website...
Amazon S3 Object Lock lets you prevent objects in an S3 bucket from being deleted or overwritten for a set period. Organizations use this to meet regulations like SEC Rule...
S3 can trigger automated actions when things happen in a bucket. Upload a file, delete one, restore from glacier - you can hook into all of that and kick off...
Monitor your S3 bucket access and actions with CloudTrail, Amazon S3 server access logs, and CloudWatch Logs. Get visibility into potential security risks and keep your S3 usage secure. #CloudSecurity...
If you are using Amazon S3, server-side encryption is worth understanding. It adds a layer of protection for your data at rest, and AWS makes it relatively painless to set...
If you’re running any kind of business, you probably already know that backups matter. Critical files, customer records, financial documents - losing access to these even for a day could...
If you’re running workloads on AWS, you’ve probably thought about backup strategy at some point. AWS Backup lets you centralize your backup plans across regions and automate recovery without cobbling...
If you’ve been working with S3 for a while, you’ve probably hit a point where you need to audit what’s actually in your buckets. Maybe you’re dealing with compliance requirements,...
If you’ve worked with S3, you know the drill: your app requests an object, S3 returns it, end of story. But what if you need the same data in different...
If you’ve ever needed to access AWS services from your VPC without going through the public internet, VPC Endpoints are what you’re looking for. They let your instances reach AWS...
If you’re new to cloud computing and want to understand how Amazon Web Services Virtual Private Cloud (AWS VPC) works, this post is for you. I’ll walk through the key...
So you’re trying to decide between DevOps and Software Engineering. I get it—these roles blur together more than most job postings let on, and the advice out there is usually...
I ran into an interesting architecture problem recently. We had multiple Web Applications running on EC2 instances behind AWS API Gateway, and we needed to add a WAF without breaking...
If you’re working with AWS at all, you’ll eventually run into NAT Gateway. It’s one of those fundamental pieces that shows up in almost every basic VPC setup, so it...
AWS STS is the Security Token Service - an API that gives you temporary access to your AWS resources. Think of it as a way to borrow credentials for a...
With the evolution of Cloud Computing, the way we access applications and databases has changed. We now access these things over the internet, which has pushed the Cloud Computing providers...
Here’s the setup: you need to provision infrastructure and then configure it. Terraform does the first part beautifully. Ansible does the second part beautifully. The moment you try to make...
I want to walk you through a real project I worked on. The ask was straightforward: go through all our applications and yank out any passwords that were hardcoded in...
AWS created Secrets Manager after hearing from customers that managing secrets was critical but difficult. IAM Roles help because they provide temporary credentials automatically. Attach a role to an EC2...
Let’s talk about how to decouple applications using poll-based messaging. I’ll walk you through what SQS does, the key settings you’ll touch in practice, and how visibility timeout keeps your...
If you haven’t read it yet, check out our post on horizontal vs vertical scaling. Now let’s talk about what decoupling your applications actually means and how to design a...
If you have launched EC2 instances through the wizard, you know it involves a fair amount of clicking. Image ID, instance type, network, security groups, storage – it adds up....
There are two ways to scale in AWS: vertical and horizontal. I want to start with vertical scaling because it’s the approach most of us learned first. Then we’ll get...
I have been running workloads on AWS for years, and one of the easiest ways to cut your EC2 bill is Spot Instances. In this post I will walk through...
S3 is fast out of the box, but there’s a difference between “works fine” and “handles serious traffic.” This post covers how to push S3 harder without resorting to Transfer...
If you have spent any time writing Terraform, you know that your configurations can get messy fast. You end up repeating the same expressions, hard-coding the same values, and before...
I work with AWS KMS regularly, and in this post I want to share what I’ve learned about the key management service and how to use it from the command...
Building a Docker image on GitLab sounds simple, and it usually is – until you hit caching problems or try to push to a remote registry. I ran into these...
I’ve watched teams build gorgeous Kubernetes clusters on EKS, then basically shrug at container security. The cluster runs great, pipelines are solid, autoscaling hums along – and then someone actually...
Image supply-chain security usually breaks in the dullest place possible: the registry stores the image, but the signature or SBOM lives somewhere else. Amazon ECR fixed that split in April...
Inspector Classic (v1) required you to schedule scans, install an agent manually, and remember to run assessments after deployments. Inspector v2, launched in November 2021, works differently. Enable it once...
Building a Docker image on GitLab sounds simple, and it usually is – until you hit caching problems or try to push to a remote registry. I ran into these...
I once watched a team rotate a database password by editing a YAML file, pushing it to a private Git repo, and manually restarting three services. That worked right up...
AES-GCM has real limits, and most teams only discover them after a key has been used far longer than they planned. AWS KMS and the AWS Encryption SDK exist partly...
S3 is fast out of the box, but there’s a difference between “works fine” and “handles serious traffic.” This post covers how to push S3 harder without resorting to Transfer...
I work with AWS KMS regularly, and in this post I want to share what I’ve learned about the key management service and how to use it from the command...
Java teams already have enough framework churn. Most of them are not looking for a new agent platform. They want to keep Spring Boot, add model access, expose a few...
If you’ve ever wrestled with Java applications showing the wrong time on EC2, this one’s for you. I’ll walk through the whole process—the background, the tools, and the actual commands...
The error message Could not find class 'com.xxxnx.adt.Find$PlaceUnitListener', referenced from method com.xxxnx.adt.Find.<init> is one of those Android development gotchas that can eat an afternoon if you don’t know what’s happening....
If you work on a Java team that also builds a frontend, you have probably run into this problem: your backend uses Maven, your frontend uses Node.js, and getting them...
I like keeping my system clean. Too many installed packages, too many dependencies I’ll never use again – that kind of thing bugs me. So when I realized I could...
I like keeping my system clean. Too many installed packages, too many dependencies I’ll never use again – that kind of thing bugs me. So when I realized I could...
On April 21, 2026, AWS Lambda removed one of the dumbest pieces of plumbing in a lot of serverless code: the “download from S3, write to /tmp, process, upload to...
When a fintech company discovered in late 2023 that 14 months of customer transaction exports — including names, account numbers, and partial SSNs — had been sitting in a public...
Three AWS storage services cover most production workloads, and the wrong choice is expensive. EBS costs $0.08/GB-month for gp3, EFS costs $0.30/GB-month in standard storage, and S3 costs $0.023/GB-month. Pick...
The announcement in April 2026 was surprisingly quiet for something that changes a real pain point. AWS shipped S3 Files — a feature that mounts an S3 bucket as a...
If you run an e-commerce site, you know the pain: vendors upload images in every size and format imaginable, and someone has to resize them all to something consistent. You...
Amazon Athena is one of those services that looks magical in demos and then hands you a surprise $3,000 bill on the first month you actually use it seriously.
Moving to the cloud sounds straightforward in theory. In practice, organizations running on-premise solutions face real challenges when the time comes to migrate. Data migration, business planning, and the long-term...
Amazon S3 (Simple Storage Service) is a cloud storage service from Amazon Web Services (AWS). You can use it to store and retrieve any amount of data from anywhere on...
If you’ve got data in S3 and you’re tired of managing it manually, lifecycle rules are worth knowing about. They let you automate what happens to objects over time -...
If you’ve ever needed to keep files in sync between S3 buckets—whether that’s in the same region, across regions, or even across different AWS accounts—S3 Replication is the feature you...
Amazon S3 Access Control Lists (ACLs) let you control who can access objects in your buckets. They’re one of several ways to manage permissions in S3, alongside bucket policies and...
If you’re juggling data across multiple S3 buckets and looking for a better way to manage who can access what, S3 Access Points might be what you need. They let...
If you want to host a static website but don’t know much about web development, Amazon S3 can handle the job. This guide walks through setting up a static website...
Amazon S3 Object Lock lets you prevent objects in an S3 bucket from being deleted or overwritten for a set period. Organizations use this to meet regulations like SEC Rule...
Monitor your S3 bucket access and actions with CloudTrail, Amazon S3 server access logs, and CloudWatch Logs. Get visibility into potential security risks and keep your S3 usage secure. #CloudSecurity...
If you are using Amazon S3, server-side encryption is worth understanding. It adds a layer of protection for your data at rest, and AWS makes it relatively painless to set...
If you’re running any kind of business, you probably already know that backups matter. Critical files, customer records, financial documents - losing access to these even for a day could...
If you’ve been working with S3 for a while, you’ve probably hit a point where you need to audit what’s actually in your buckets. Maybe you’re dealing with compliance requirements,...
If you’ve worked with S3, you know the drill: your app requests an object, S3 returns it, end of story. But what if you need the same data in different...
S3 is fast out of the box, but there’s a difference between “works fine” and “handles serious traffic.” This post covers how to push S3 harder without resorting to Transfer...
The cloud AI platform landscape in 2026 looks nothing like it did even twelve months ago. Amazon Bedrock, Azure AI Foundry, and Google Vertex AI have each matured from “model...
Every ML team I talk to faces the same question in 2026: should you train your models on AWS’s custom Trainium3 silicon or stick with NVIDIA’s H100 GPUs? The answer...
Security Hub changed twice in quick succession. On February 26, 2026, AWS launched Security Hub Extended as a pay-as-you-go plan for partner solutions. On March 31, 2026, CloudWatch started ingesting...
AWS did not make Cloud WAN interesting by adding another dashboard. It made Cloud WAN interesting by letting you control the routes themselves. On November 20, 2025, AWS launched Cloud...
The problem: your application team needs to create IAM roles for their Lambda functions and ECS tasks. You can give them iam:CreateRole and related permissions, but then they can create...
The standard AWS multi-account setup has a tools account for CI/CD, separate accounts for dev/staging/prod, a security audit account, and maybe a shared services account for internal tooling. Getting code...
A tweet with 52,894 impressions last September put it plainly: “master IAM roles and policies” was the single skill that separated AWS beginners from people who could actually build in...
The announcement in April 2026 was surprisingly quiet for something that changes a real pain point. AWS shipped S3 Files — a feature that mounts an S3 bucket as a...
Dr. Werner Vogels is the Chief Technology Officer at Amazon.com. He gives keynotes on cloud computing, distributed systems, and Amazon’s technology strategy. As of November 2023, he continues to share...
Have you ever wondered how giant companies such as Netflix, LinkedIn, or Facebook manage their vast digital servers and applications? Or how startups rapidly transform their innovative ideas into reality...
Serverless computing and containers are changing how developers build applications. Tech giants like AWS, Google Cloud, and Azure offer serverless container platforms that let teams focus on code instead of...
Picking an architecture style matters. A lot. You either go with a monolith, which is basically one big codebase where everything lives together, or you split things into microservices, where...
Can traditional systems handle the expectations we have now for instant responses and real-time engagement? Imagine a system that reacts immediately to what users do, and can handle thousands or...
Think of it this way: what if the servers running your app could scale up automatically when traffic spikes, and scale down when it’s quiet, without you touching anything? That’s...
Imagine this: you’re a developer tasked with releasing application updates, but the process is time-consuming, tedious, and riddled with errors. Sounds familiar? You’re not alone. This scenario describes two significant...
As cloud usage grows, data spreads across servers everywhere. This creates a real problem: traditional security tools cannot keep up with cybercriminals who move fast and adapt faster. AI and...
In software development, security and efficiency matter. DevOps has changed how teams build, test, and deploy software, enabling faster delivery and collaboration between development and operations. However, with evolving security...
Welcome to DevSecOps and Artificial Intelligence (AI) in software development. This post explores how AI fits into the DevSecOps landscape and how teams handle modern software development challenges.
Cloud services run fast, and when they don’t, customers leave. That’s the reality of running anything online today. Downtime costs money. Latency costs customers. If you’ve ever watched your error...
This article compares GitLab and Jenkins, two popular DevOps tools. We’ll explore their strengths and weaknesses to help you decide which fits your needs.
If you’ve been watching software teams for any length of time, you know the old way of doing things: developers finish their code, hand it off to testers, who then...
Web servers often need to handle traffic spikes and protect against abuse. Nginx Rate Limit lets you control how many requests the server processes within a given time frame. This...
When you start your business, there are several things to consider so you don’t run out of resources. One important aspect, no matter how big or small your business is,...
The popularity of cloud or cloud computing technology has been increasing in recent years. By using a cloud server, users can more quickly launch their applications to market. Cloud computing...
Competition has been on the rise in recent years. This trend is unlikely to change in the coming years. As competition grows, businesses struggle to distinguish their products, making it...
DevOps combines software development and IT operations, which shortens system development cycles and enables continuous delivery. Machine learning needs significant computational resources to process large amounts of data quickly. This...
Cloud computing changes how businesses work. But if you’re thinking about moving away from managing your own IT, you need to know what options are actually available.
I’ve watched three cloud migration projects fall apart. Not because the technology failed — the tech almost never fails. They failed because nobody planned for the human and process side...
I worked with a growing e-commerce company that needed to handle communication between different parts of their application. They ended up looking at two AWS services: Simple Notification Service (SNS)...
In this tutorial, we’ll walk through a real project that needs a GitLab CI/CD pipeline. We’ll look at actual working examples and explain why gitlab ci yml examples matter in...
A growing e-commerce company needed to manage logs from its Docker containers on Amazon Linux 2. With thousands of orders processed daily, server logs grew quickly and became hard to...
If you run an e-commerce site, you know the pain: vendors upload images in every size and format imaginable, and someone has to resize them all to something consistent. You...
When you want to use IP replication between the recovery site and the on-premises production site, you must configure a site-to-site VPN connection. Before establishing the connection, there are some...
As businesses grow, they have more data to process and analyze quickly. In the past, analytical departments handled this, but now data analysts do. Big data can optimize many aspects...
If you’re preparing for an AWS exam, reading AWS whitepapers can help you build knowledge. This article covers five whitepapers worth reading before your exam.
AWS Global Accelerator is a networking service that lives in the AWS ecosystem, designed to make your applications faster and more reliable. It sits in front of your application endpoints...
Three years ago I architected a global API platform that had to handle latency-sensitive traffic from users in Southeast Asia, Europe, and North America. We started with CloudFront because it’s...
Software development has evolved quickly over the years. Businesses now face pressure to deliver high-quality products faster due to increasing demand for software and apps. DevOps and Site Reliability Engineering...
If you need a relational database that plays nice with MySQL and PostgreSQL but don’t want to deal with the operational headaches of running one yourself, Amazon Aurora is worth...
If you need to store data that nobody can tamper with later, Amazon QLDB is worth knowing about. It’s a database service from AWS that keeps an immutable, verifiable record...
Terraform lets you manage cloud infrastructure through code instead of clicking around in web consoles. Define what you want, apply it, and Terraform figures out how to make it happen....
If you have spent any time in education over the past decade, you have probably noticed that the way people share files, collaborate on projects, and access course materials has...
Serverless sounds like a new thing, but it’s actually been brewing for decades. Back in the 1950s, computing cost an arm and a leg — we’re talking hundreds of dollars...
There are two ways to scale in AWS: vertical and horizontal. I want to start with vertical scaling because it’s the approach most of us learned first. Then we’ll get...
A database stores and organizes information so you can retrieve it later. If you have worked with dynamic websites – online stores, portals, anything running on a CMS like WordPress...
I migrated our production cluster from Graviton3 to Graviton5 last month. Three services, two weekends, zero downtime. The numbers justified it in the first billing cycle. Here’s what actually happened...
Lambda Managed Instances is the first Lambda variant that makes the question “should this be serverless or just EC2?” worth asking again. AWS now runs the function on current-generation EC2...
AWS finally moved Lambda into territory that used to force an ECS or EC2 conversation. The new Lambda Managed Instances compute type lets you run functions on current-generation EC2 capacity...
EC2 Auto Scaling has been around since 2009, but teams still misconfigure it in ways that cost them money or reliability. The most common mistake: using simple scaling policies instead...
Most AWS accounts run EC2 instances that are the wrong size. Not dramatically wrong — nobody runs an m5.24xlarge for a blog — but quietly, consistently over-provisioned. An instance that...
EC2 has been the core compute service at AWS since 2006 and in 2026 it still is. Containers, Lambda, and managed services have taken over a lot of workloads —...
If you’ve ever wrestled with Java applications showing the wrong time on EC2, this one’s for you. I’ll walk through the whole process—the background, the tools, and the actual commands...
If you have launched EC2 instances through the wizard, you know it involves a fair amount of clicking. Image ID, instance type, network, security groups, storage – it adds up....
I have been running workloads on AWS for years, and one of the easiest ways to cut your EC2 bill is Spot Instances. In this post I will walk through...
The AWS Solutions Architect Professional (SAP-C02) is one of the harder certifications in the cloud space — not because of trick questions, but because the exam tests whether you can...
On August 30, 2023, AWS renamed Amazon Kinesis Data Analytics to Amazon Managed Service for Apache Flink. The new name better reflects that the service uses Apache Flink under the...
I worked with a growing e-commerce company that needed to handle communication between different parts of their application. They ended up looking at two AWS services: Simple Notification Service (SNS)...
If you’re preparing for an AWS exam, reading AWS whitepapers can help you build knowledge. This article covers five whitepapers worth reading before your exam.
Data volumes have exploded in recent years, and managing interconnected information has become a real challenge for many teams. If you have ever dealt with highly connected data, you know...
Cloud infrastructure work has changed a lot. These days, if you’re managing applications and networks, you’re also expected to think about scaling, security, and ongoing maintenance in the cloud. AWS...
Amazon Elastic File System (EFS) is a managed file storage service that scales automatically as you add or remove files. It works with EC2 instances and lets multiple machines access...
Amazon S3 Access Control Lists (ACLs) let you control who can access objects in your buckets. They’re one of several ways to manage permissions in S3, alongside bucket policies and...
If you’re juggling data across multiple S3 buckets and looking for a better way to manage who can access what, S3 Access Points might be what you need. They let...
If you want to host a static website but don’t know much about web development, Amazon S3 can handle the job. This guide walks through setting up a static website...
Amazon S3 Object Lock lets you prevent objects in an S3 bucket from being deleted or overwritten for a set period. Organizations use this to meet regulations like SEC Rule...
S3 can trigger automated actions when things happen in a bucket. Upload a file, delete one, restore from glacier - you can hook into all of that and kick off...
Let’s talk about how to decouple applications using poll-based messaging. I’ll walk you through what SQS does, the key settings you’ll touch in practice, and how visibility timeout keeps your...
If you haven’t read it yet, check out our post on horizontal vs vertical scaling. Now let’s talk about what decoupling your applications actually means and how to design a...
If you have launched EC2 instances through the wizard, you know it involves a fair amount of clicking. Image ID, instance type, network, security groups, storage – it adds up....
I still remember the day our monitoring dashboard went red. We had a critical batch processing system running on EKS, and the SQS queue was backing up fast—messages were accumulating...
Every serverless architecture eventually runs into the same problem: you have messages in SQS and you need Lambda to process them reliably. Not just the happy path — reliably. Meaning...
Let’s talk about how to decouple applications using poll-based messaging. I’ll walk you through what SQS does, the key settings you’ll touch in practice, and how visibility timeout keeps your...
Amazon SNS message data protection has a hard availability change on April 30, 2026. AWS says the feature will no longer be available to new customers after that date. Existing...
I spent my first year as a DevOps engineer doing the same thing every Friday: logging into the AWS console, finding EC2 instances that needed backups, creating snapshots manually, tagging...
If you run an e-commerce site, you know the pain: vendors upload images in every size and format imaginable, and someone has to resize them all to something consistent. You...
DynamoDB is a NoSQL database from Amazon that handles scale without breaking a sweat. If you need a database that grows with your app and never makes you fiddle with...
Last year I spent two days debugging a build pipeline because our CI system was reading the wrong version from a Maven POM. The XPath query looked correct, but it...
Webhooks let GitLab push HTTP requests to your app when something happens. You can use this to get notified or trigger automation without polling an API.
When you start your business, there are several things to consider so you don’t run out of resources. One important aspect, no matter how big or small your business is,...
The popularity of cloud or cloud computing technology has been increasing in recent years. By using a cloud server, users can more quickly launch their applications to market. Cloud computing...
Blockchain has changed how we handle transactions. It is a decentralized network that lets people transact securely and transparently without a central authority. One part of the blockchain network is...
The success of any software project depends on how well team members communicate with each other. This becomes even more important when you work with distributed teams.
Unreal Engine has changed how games get made. The engine gives developers the tools to build realistic worlds, and it’s now a standard choice for studios of all sizes. This...
There’s a point when your business outgrows what you can manage solo. That’s when you start looking at business process management tools to keep everything running in sync. And if...
Websites need to work. That’s obvious, but getting them to actually work reliably across browsers, devices, and edge cases is harder than it looks. Functional testing is how we get...
Managing workload is one of those things that sounds simple until you’re three hours into a Tuesday and nothing on your list is checked off. I’ve been there. Over the...
AWS created Secrets Manager after hearing from customers that managing secrets was critical but difficult. IAM Roles help because they provide temporary credentials automatically. Attach a role to an EC2...
The first time I tried managing 40 EC2 instances with a bash script and a for loop, I ended up with 12 servers running Nginx 1.18 and 28 running Nginx...
Here’s the setup: you need to provision infrastructure and then configure it. Terraform does the first part beautifully. Ansible does the second part beautifully. The moment you try to make...
The moment two engineers run terraform apply at the same time without state locking, you have a race condition that can corrupt your entire infrastructure state. Both processes read the...
The first time someone accidentally created a p4d.24xlarge instance in production, we started taking policy-as-code seriously. No one meant to. The Terraform code was correct, the pipeline ran fine, the...
I shipped Terraform code without tests for years. Then a terraform apply deleted a production database because a conditional flipped. The resource had a lifecycle { prevent_destroy = true }...
I’ve been using Terraform MCP for three months now, and it’s the most significant shift in how I interact with infrastructure since Terraform itself. That’s not hyperbole. I can ask...
Pulumi vs Terraform is usually framed as “real programming languages versus HCL.” That framing is useful for about five minutes, then it starts hiding the real decision.
I’ve made the mistake of using count where I should have used for_each. Most people have. You end up with a Terraform state that looks reasonable until you need to...
If you are still reaching for null_resource every time Terraform needs a lifecycle container for a command, you are carrying an older habit into a newer Terraform world. HashiCorp introduced...
Most tutorials show you how to run terraform apply on a git push and call it a day. I’ve inherited infrastructure built that way. It’s chaos. Drift accumulates silently. Rollbacks...
When HashiCorp changed Terraform’s license in August 2023, it forced a reckoning across the infrastructure-as-code community. The shift to the Business Source License (BSL) sent shockwaves through organizations that had...
The manual Terraform workflow — terraform plan on your laptop, peer-review the output in Slack, terraform apply if it looks right — breaks down around the time your team hits...
HashiCorp’s Business Source License change in August 2023 sent a lot of teams back to evaluating their IaC options. AWS CDK picked up meaningful adoption during that period — not...
The lookup function in Terraform is one of those tools that seems trivial until you’re staring at an error at 11pm and realizing you’ve been using it wrong for six...
Here’s the setup: you need to provision infrastructure and then configure it. Terraform does the first part beautifully. Ansible does the second part beautifully. The moment you try to make...
Pulumi vs Terraform is usually framed as “real programming languages versus HCL.” That framing is useful for about five minutes, then it starts hiding the real decision.
Cloudflare released cf-terraforming tf-migrate on April 24, 2026, and the target audience is every team that looked at the Cloudflare Terraform provider v4 to v5 migration and quietly postponed it....
Terraform 1.15 is the kind of release that can break a quiet CI lane before anyone notices the changelog. The headline features are useful: Windows ARM64 builds, deprecated variables and...
Here’s the setup: you need to provision infrastructure and then configure it. Terraform does the first part beautifully. Ansible does the second part beautifully. The moment you try to make...
Last year I spent two days debugging a build pipeline because our CI system was reading the wrong version from a Maven POM. The XPath query looked correct, but it...
Last year I spent two days debugging a build pipeline because our CI system was reading the wrong version from a Maven POM. The XPath query looked correct, but it...
Last year I spent two days debugging a build pipeline because our CI system was reading the wrong version from a Maven POM. The XPath query looked correct, but it...
I spent my first year as a DevOps engineer doing the same thing every Friday: logging into the AWS console, finding EC2 instances that needed backups, creating snapshots manually, tagging...
The first time I tried managing 40 EC2 instances with a bash script and a for loop, I ended up with 12 servers running Nginx 1.18 and 28 running Nginx...
AWS CLI v1 enters maintenance mode on July 15, 2026 and reaches end of support on July 15, 2027. AWS said scripts and workflows made for CLI v1 should continue...
I’ve tested seven “AI-powered productivity” tools over the past two years. Three were genuinely useful. Four were polished demos that didn’t survive contact with a real calendar. This post is...
Last year I spent two days debugging a build pipeline because our CI system was reading the wrong version from a Maven POM. The XPath query looked correct, but it...
Last week I spent 4 hours debugging why a client’s site wasn’t showing up in Bing. The answer turned out to be embarrassingly simple: the site was blocking Bingbot in...
Last week I spent 4 hours debugging why a client’s site wasn’t showing up in Bing. The answer turned out to be embarrassingly simple: the site was blocking Bingbot in...
Last week I spent 4 hours debugging why a client’s site wasn’t showing up in Bing. The answer turned out to be embarrassingly simple: the site was blocking Bingbot in...
Last week I spent 4 hours debugging why a client’s site wasn’t showing up in Bing. The answer turned out to be embarrassingly simple: the site was blocking Bingbot in...
Let’s talk about running multiple Docker containers together. Specifically, I’ll show you how to spin up a WordPress site with a database backing it, using Docker Compose.
AWS STS is the Security Token Service - an API that gives you temporary access to your AWS resources. Think of it as a way to borrow credentials for a...
JavaScript is one of the three core technologies of the web, alongside HTML and CSS. It lets you add animation, react to user actions, and update content without page reloads....
The error message Could not find class 'com.xxxnx.adt.Find$PlaceUnitListener', referenced from method com.xxxnx.adt.Find.<init> is one of those Android development gotchas that can eat an afternoon if you don’t know what’s happening....
The error message Could not find class 'com.xxxnx.adt.Find$PlaceUnitListener', referenced from method com.xxxnx.adt.Find.<init> is one of those Android development gotchas that can eat an afternoon if you don’t know what’s happening....
The error message Could not find class 'com.xxxnx.adt.Find$PlaceUnitListener', referenced from method com.xxxnx.adt.Find.<init> is one of those Android development gotchas that can eat an afternoon if you don’t know what’s happening....
Something I tell every new team I work with: stop assuming your internal network is safe. That assumption is how you end up with a bad time. In 2026, 8.4...
Web servers often need to handle traffic spikes and protect against abuse. Nginx Rate Limit lets you control how many requests the server processes within a given time frame. This...
I ran into an interesting architecture problem recently. We had multiple Web Applications running on EC2 instances behind AWS API Gateway, and we needed to add a WAF without breaking...
The VPC decisions you make on day one will follow you for years. I’ve lived through the consequences—redesigning a network that was built without proper CIDR planning, watching a simple...
AWS DevOps Agent is useful until it has to talk to something that sits behind a private subnet. Then the architecture problem is no longer about prompts or models. It...
The simplest way to ruin network security is to let every VPC invent its own firewall story. The cleaner pattern is still centralized inspection: one inspection VPC, one firewall policy...
Running out of IP addresses in production at 2 AM is a specific kind of bad. It happens in EKS clusters when the VPC CNI plugin has allocated every available...
At five VPCs, full-mesh VPC peering starts to feel manageable. At ten it’s annoying. At twenty, you have 190 peering connections to maintain, each with its own route table entries,...
The default path for a private EC2 instance to reach an AWS service like S3, Secrets Manager, or SSM is through a NAT gateway — $0.045/hour plus $0.045 per GB...
If you’re running anything on AWS, you’ve probably dealt with VPCs. Virtual Private Clouds let you create isolated network environments, which is kind of the whole point of cloud networking....
If you’re new to cloud computing and want to understand how Amazon Web Services Virtual Private Cloud (AWS VPC) works, this post is for you. I’ll walk through the key...
The lookup function in Terraform is one of those tools that seems trivial until you’re staring at an error at 11pm and realizing you’ve been using it wrong for six...
I’ve deployed hundreds of Lambda functions across dozens of AWS accounts. The most common pain I see — even from experienced teams — is the dependency packaging problem. Someone adds...
I spent my first year as a DevOps engineer doing the same thing every Friday: logging into the AWS console, finding EC2 instances that needed backups, creating snapshots manually, tagging...
On April 21, 2026, AWS Lambda removed one of the dumbest pieces of plumbing in a lot of serverless code: the “download from S3, write to /tmp, process, upload to...
AWS has set the same April 30, 2026 new-customer cutoff for two Amazon Rekognition capabilities: Streaming Video Analysis and Batch Image Content Moderation. Existing accounts that used the affected features...
Amazon SNS message data protection has a hard availability change on April 30, 2026. AWS says the feature will no longer be available to new customers after that date. Existing...
We’ve all been there – someone on the team asks, “Should we use Kubernetes or serverless for this?” and the room splits into two camps. But here’s the thing: by...
Lambda Managed Instances is the first Lambda variant that makes the question “should this be serverless or just EC2?” worth asking again. AWS now runs the function on current-generation EC2...
AWS finally moved Lambda into territory that used to force an ECS or EC2 conversation. The new Lambda Managed Instances compute type lets you run functions on current-generation EC2 capacity...
Every serverless architecture eventually runs into the same problem: you have messages in SQS and you need Lambda to process them reliably. Not just the happy path — reliably. Meaning...
Step Functions launched in 2016 as a way to sequence Lambda functions without writing glue code. Seven years later, it has grown into something considerably more powerful: 220+ AWS service...
I learned the hard way that static credentials are ticking time bombs. A contractor leaves, a key leaks through a misconfigured S3 bucket policy, a developer accidentally commits a .env...
The problem RDS Proxy solves is simple to describe and expensive to ignore: Lambda functions don’t maintain persistent connections. Every cold start opens a new database connection. At moderate scale...
A Lambda cold start is a tax you pay every time AWS needs to create a new execution environment for your function. For a Python function with minimal dependencies, that...
Inspector Classic (v1) required you to schedule scans, install an agent manually, and remember to run assessments after deployments. Inspector v2, launched in November 2021, works differently. Enable it once...
Most AWS accounts run EC2 instances that are the wrong size. Not dramatically wrong — nobody runs an m5.24xlarge for a blog — but quietly, consistently over-provisioned. An instance that...
A DevOps team at a growing company needed to handle automation and event-driven responses across multiple applications. Managing numerous Lambda functions individually became unwieldy. Terraform provided a way to solve...
If you’ve worked with S3, you know the drill: your app requests an object, S3 returns it, end of story. But what if you need the same data in different...
Every year the “should I learn AWS” question gets asked by people who already know the answer. Yes. Obviously yes. But the question underneath the question is: how do you...
Every year the “should I learn AWS” question gets asked by people who already know the answer. Yes. Obviously yes. But the question underneath the question is: how do you...
Three AWS storage services cover most production workloads, and the wrong choice is expensive. EBS costs $0.08/GB-month for gp3, EFS costs $0.30/GB-month in standard storage, and S3 costs $0.023/GB-month. Pick...
The announcement in April 2026 was surprisingly quiet for something that changes a real pain point. AWS shipped S3 Files — a feature that mounts an S3 bucket as a...
AWS gives you a few different ways to store files in the cloud. The three main options are Amazon Elastic File System (EFS), Amazon Elastic Block Store (EBS), and Amazon...
Amazon Elastic File System (EFS) is a managed file storage service that scales automatically as you add or remove files. It works with EC2 instances and lets multiple machines access...
Three AWS storage services cover most production workloads, and the wrong choice is expensive. EBS costs $0.08/GB-month for gp3, EFS costs $0.30/GB-month in standard storage, and S3 costs $0.023/GB-month. Pick...
AWS gives you a few different ways to store files in the cloud. The three main options are Amazon Elastic File System (EFS), Amazon Elastic Block Store (EBS), and Amazon...
Amazon EBS (Elastic Block Store) is a block storage service from AWS. You can attach these volumes to your EC2 instances and use them for databases, file systems, or anything...
Moving to the cloud sounds straightforward in theory. In practice, organizations running on-premise solutions face real challenges when the time comes to migrate. Data migration, business planning, and the long-term...
Three AWS storage services cover most production workloads, and the wrong choice is expensive. EBS costs $0.08/GB-month for gp3, EFS costs $0.30/GB-month in standard storage, and S3 costs $0.023/GB-month. Pick...
The announcement in April 2026 was surprisingly quiet for something that changes a real pain point. AWS shipped S3 Files — a feature that mounts an S3 bucket as a...
Moving to the cloud sounds straightforward in theory. In practice, organizations running on-premise solutions face real challenges when the time comes to migrate. Data migration, business planning, and the long-term...
Moving to the cloud sounds straightforward in theory. In practice, organizations running on-premise solutions face real challenges when the time comes to migrate. Data migration, business planning, and the long-term...
Migrating a production database without taking the application offline is one of the most nerve-wracking challenges in modern engineering. The stakes are high: every minute of downtime costs revenue, erodes...
The problem RDS Proxy solves is simple to describe and expensive to ignore: Lambda functions don’t maintain persistent connections. Every cold start opens a new database connection. At moderate scale...
Aurora Global Database replicates your MySQL or PostgreSQL data across up to five AWS regions with typical replication lag under one second. Writes happen in a single primary region; secondary...
The question of where to run your database on AWS has gotten more complicated, not less. In 2019, the answer was often “just use RDS.” In 2026, you have EC2...
John was working on a company project that used an RDS Postgres database. Things had been going smoothly until one day he got an email from AWS: the database server...
If you’ve ever wrestled with running databases on servers you own, you know it’s a lot of work. There’s hardware to buy, software to patch, backups to manage, and about...
I connected Bedrock to our Aurora cluster last month. The first thing I asked it was “show me all customers who churned in Q1 but came back in Q2” —...
Migrating a production database without taking the application offline is one of the most nerve-wracking challenges in modern engineering. The stakes are high: every minute of downtime costs revenue, erodes...
Aurora Global Database replicates your MySQL or PostgreSQL data across up to five AWS regions with typical replication lag under one second. Writes happen in a single primary region; secondary...
If you need a relational database that plays nice with MySQL and PostgreSQL but don’t want to deal with the operational headaches of running one yourself, Amazon Aurora is worth...
Amazon Redshift is a cloud data warehouse service from AWS. It lets you store and analyze large datasets using standard SQL, and it’s built on PostgreSQL. AWS launched it in...
If you’re working with data in Amazon S3 and need to run SQL queries, you’ve probably stumbled across Athena and Redshift Spectrum. Both let you query data directly in S3...
Amazon Redshift is a cloud data warehouse service from AWS. It lets you store and analyze large datasets using standard SQL, and it’s built on PostgreSQL. AWS launched it in...
Data volumes have exploded in recent years, and managing interconnected information has become a real challenge for many teams. If you have ever dealt with highly connected data, you know...
DynamoDB Streams is the feature that turns DynamoDB from a storage layer into an event source. Every write to a table — every put, update, and delete — produces a...
Rick Houlihan built the methodology for DynamoDB at Amazon before turning it into what the community calls single-table design. The idea is genuinely odd if you’re coming from SQL: put...
Most “Redshift vs DynamoDB” comparisons are built on a false premise — that these two services are alternatives to each other. They are not. Amazon Redshift is an OLAP data...
DynamoDB has been my go-to for event-driven, high-throughput workloads for years. The core design hasn’t changed — you still need to think hard about partition keys and access patterns before...
DynamoDB is a NoSQL database from Amazon that handles scale without breaking a sweat. If you need a database that grows with your app and never makes you fiddle with...
If you need to speed up a web app on AWS, you’ve probably bumped into Memcached and Redis. Both cache data in RAM so your database doesn’t have to work...
If you need to speed up a web app on AWS, you’ve probably bumped into Memcached and Redis. Both cache data in RAM so your database doesn’t have to work...
Amazon ElastiCache has changed more in the past two years than in the previous five. The Redis licensing drama, a new open-source fork, a serverless tier that actually works, and...
If you need to speed up a web app on AWS, you’ve probably bumped into Memcached and Redis. Both cache data in RAM so your database doesn’t have to work...
Amazon Athena is one of those services that looks magical in demos and then hands you a surprise $3,000 bill on the first month you actually use it seriously.
If you’re working with data in Amazon S3 and need to run SQL queries, you’ve probably stumbled across Athena and Redshift Spectrum. Both let you query data directly in S3...
AWS Glue is a managed ETL service built on Apache Spark, combined with a metadata catalog that integrates across Athena, EMR, Redshift Spectrum, and Lake Formation. The two parts are...
Amazon Athena is one of those services that looks magical in demos and then hands you a surprise $3,000 bill on the first month you actually use it seriously.
Amazon Athena is one of those services that looks magical in demos and then hands you a surprise $3,000 bill on the first month you actually use it seriously.
Here’s the thing about picking between Keyspaces and Timestream: the marketing pages make them look like they’re in the same category. They’re both “managed databases on AWS.” They both scale....
Here’s the thing about picking between Keyspaces and Timestream: the marketing pages make them look like they’re in the same category. They’re both “managed databases on AWS.” They both scale....
Rick Houlihan built the methodology for DynamoDB at Amazon before turning it into what the community calls single-table design. The idea is genuinely odd if you’re coming from SQL: put...
Here’s the thing about picking between Keyspaces and Timestream: the marketing pages make them look like they’re in the same category. They’re both “managed databases on AWS.” They both scale....
Here’s the thing about picking between Keyspaces and Timestream: the marketing pages make them look like they’re in the same category. They’re both “managed databases on AWS.” They both scale....
On April 29, 2026, CloudFront got a feature I have wanted for years: native cache invalidation by tag. AWS says tag invalidations become effective in under 5 seconds at P95...
Three years ago I architected a global API platform that had to handle latency-sensitive traffic from users in Southeast Asia, Europe, and North America. We started with CloudFront because it’s...
On April 29, 2026, CloudFront got a feature I have wanted for years: native cache invalidation by tag. AWS says tag invalidations become effective in under 5 seconds at P95...
On April 2, 2026, AWS expanded Amazon CloudWatch auto-enablement so teams can automatically configure telemetry for Amazon CloudFront Standard access logs, AWS Security Hub CSPM finding logs, and Amazon Bedrock...
Three years ago I architected a global API platform that had to handle latency-sensitive traffic from users in Southeast Asia, Europe, and North America. We started with CloudFront because it’s...
Three years ago I architected a global API platform that had to handle latency-sensitive traffic from users in Southeast Asia, Europe, and North America. We started with CloudFront because it’s...
Lambda Managed Instances is the first Lambda variant that makes the question “should this be serverless or just EC2?” worth asking again. AWS now runs the function on current-generation EC2...
AWS finally moved Lambda into territory that used to force an ECS or EC2 conversation. The new Lambda Managed Instances compute type lets you run functions on current-generation EC2 capacity...
EC2 Auto Scaling has been around since 2009, but teams still misconfigure it in ways that cost them money or reliability. The most common mistake: using simple scaling policies instead...
A Lambda cold start is a tax you pay every time AWS needs to create a new execution environment for your function. For a Python function with minimal dependencies, that...
Three years ago I architected a global API platform that had to handle latency-sensitive traffic from users in Southeast Asia, Europe, and North America. We started with CloudFront because it’s...
AWS Application Load Balancer (ALB) sits at the front of your application and spreads incoming traffic across your backend resources. If you’ve been running a single server and hitting capacity...
Three years ago I watched a company spend $2.4 million and eleven months building a “cloud-agnostic” platform that ran equally on AWS, Azure, and GCP. The CTO sold the board...
The cloud AI platform landscape in 2026 looks nothing like it did even twelve months ago. Amazon Bedrock, Azure AI Foundry, and Google Vertex AI have each matured from “model...
Serverless computing and containers are changing how developers build applications. Tech giants like AWS, Google Cloud, and Azure offer serverless container platforms that let teams focus on code instead of...
When you want to use IP replication between the recovery site and the on-premises production site, you must configure a site-to-site VPN connection. Before establishing the connection, there are some...
Unreal Engine has changed how games get made. The engine gives developers the tools to build realistic worlds, and it’s now a standard choice for studios of all sizes. This...
I’ve watched three cloud migration projects fall apart. Not because the technology failed — the tech almost never fails. They failed because nobody planned for the human and process side...
I spent three months last year evaluating metaverse platforms for a client in the healthcare training space. We were deciding between building on Decentraland, rolling our own WebGL environment, or...
I spent three months last year evaluating metaverse platforms for a client in the healthcare training space. We were deciding between building on Decentraland, rolling our own WebGL environment, or...
I spent three months last year evaluating metaverse platforms for a client in the healthcare training space. We were deciding between building on Decentraland, rolling our own WebGL environment, or...
I spent three months last year evaluating metaverse platforms for a client in the healthcare training space. We were deciding between building on Decentraland, rolling our own WebGL environment, or...
I spent three months last year evaluating metaverse platforms for a client in the healthcare training space. We were deciding between building on Decentraland, rolling our own WebGL environment, or...
Blockchain has changed how we handle transactions. It is a decentralized network that lets people transact securely and transparently without a central authority. One part of the blockchain network is...
Kubernetes v1.36 makes fine-grained kubelet API authorization generally available. That sounds dry. It is not. It is the upstream answer to a nasty old habit: granting monitoring agents nodes/proxy because...
Kubernetes v1.36 promotes User Namespaces to GA, and the important field is only two words: hostUsers: false. That setting lets a pod run with user namespace isolation so UID 0...
CVE-2026-31431 is not the kind of Linux bug you leave for the next maintenance window. CERT-EU says Copy Fail was publicly disclosed on April 29, 2026, has a CVSS 3.1...
Our team spent three weeks in a conference room with bad coffee and two GitOps tools fighting for the same EKS cluster. We had ArgoCD running in staging already. It...
I spent two years babysitting a Jenkins cluster that ran 1,200 pipelines across three EKS environments. Every month, something broke. A plugin update broke the Git plugin. The build agent...
I still remember the day our monitoring dashboard went red. We had a critical batch processing system running on EKS, and the SQS queue was backing up fast—messages were accumulating...
On April 20, 2026, AWS added seven Amazon EKS IAM condition keys that finally make several cluster standards enforceable before the cluster is created or changed. That date matters because...
Amazon EKS Hybrid Nodes has been generally available since December 1, 2024, but the February 24, 2026 AWS containers post made the feature a lot more practical by showing a...
The Kubernetes project announced Gateway API v1.5 on April 21, 2026, after cutting the release on March 14. That timing matters because this one is not just another incremental networking...
We’ve all been there – someone on the team asks, “Should we use Kubernetes or serverless for this?” and the room splits into two camps. But here’s the thing: by...
AWS App Mesh officially reached its end of life on March 31, 2026. So if you’re still running microservices on EKS with App Mesh, you’re overdue for a migration plan....
I’ve watched teams build gorgeous Kubernetes clusters on EKS, then basically shrug at container security. The cluster runs great, pipelines are solid, autoscaling hums along – and then someone actually...
Cluster lifecycle work is usually where platform engineering gets less glamorous and more expensive. Creating a cluster is the easy part. Upgrading it across minor versions, changing rollout behavior without...
Kubernetes is finally getting serious about the parts of AI systems that do not fit a normal Deployment. On March 9, 2026, the Kubernetes community announced the AI Gateway Working...
The worst secret in your platform is the one that exists only because the previous secret could not be trusted. That is how teams end up with GitLab variables that...
AWS keeps pushing Amazon EKS deeper into AI infrastructure for a reason: it scales, it is familiar, and it already sits in a lot of enterprise networking and identity stacks....
AWS announced Amazon EKS Auto Mode on December 1, 2024. The deeper “under the hood” explanation followed on March 31, 2025. On February 10, 2026, AWS added CloudWatch Vended Logs...
The kube-prometheus-stack Helm chart installs Prometheus, Alertmanager, Grafana, and a collection of default Kubernetes dashboards in about five minutes. That’s the fastest path to useful EKS monitoring. The harder part...
Kubernetes RBAC controls who can do what, but it doesn’t control whether the things they do are safe. A developer with namespace-level deploy access can create a Pod without resource...
Kubernetes v1.36 shipped April 22, 2026, with 64 enhancements across the release: 17 graduating to stable, 18 moving to beta, and 24 entering alpha. The headline is sidecar containers reaching...
ingress-nginx is End of Life. CVE-2026-4342 — a configuration injection vulnerability enabling potential code execution — was disclosed in April 2026 against all versions below v1.13.9, v1.14.5, and v1.15.1. The...
Helm is the package manager for Kubernetes. Raw YAML manifests work fine for a single deployment in one environment. Once you need the same application in staging, production, and three...
At some point in every GitLab CI/CD setup, the single shared runner stops being enough. Backend tests queue behind someone’s slow frontend build. GPU jobs wait on the same runner...
I spent three years pushing changes to Kubernetes with kubectl apply inside CI/CD pipelines. Every deployment required cluster credentials in GitLab. Every pipeline failure left the cluster in an unknown...
The aws-auth ConfigMap was never a good idea. It’s a plain Kubernetes ConfigMap in the kube-system namespace — editable by anyone with cluster-admin, no audit trail, no AWS-native access controls,...
Running out of IP addresses in production at 2 AM is a specific kind of bad. It happens in EKS clusters when the VPC CNI plugin has allocated every available...
Karpenter hit v1.0 in late 2024, and for most EKS clusters it’s now the better choice over Cluster Autoscaler. The performance difference alone is enough to justify the switch: Cluster...
AWS re:Invent 2023 had a stat that keeps coming up in job postings: EKS adoption grew 88% year-over-year among enterprise AWS customers. That number isn’t surprising if you’ve been watching...
A batch job that runs for eight minutes, three times a day. A CI pipeline that spins up test pods on every commit. An API that handles zero traffic on...
AWS EKS standard support ends 14 months after a Kubernetes version’s upstream release. Extended support adds another 12 months but costs $0.60 per cluster per hour on top of normal...
Running Kubernetes on EKS without Container Insights is like flying without instruments. You can see your pods are running, but when a node is memory-pressured and pods start getting OOMKilled,...
GitOps is the practice of using a Git repository as the single source of truth for what should run in your Kubernetes cluster. ArgoCD implements this by watching a Git...
Amazon EKS Capabilities is one of the more consequential EKS launches for platform teams because it moves beyond “managed Kubernetes control plane” and starts managing common platform controllers around the...
DevOps combines software development and IT operations, which shortens system development cycles and enables continuous delivery. Machine learning needs significant computational resources to process large amounts of data quickly. This...
Training a custom Nova model on Bedrock costs less than you probably expect. A supervised fine-tuning job on roughly 5,000 conversation examples — enough data to meaningfully shift model behavior...
I’ve tested seven “AI-powered productivity” tools over the past two years. Three were genuinely useful. Four were polished demos that didn’t survive contact with a real calendar. This post is...
DevOps combines software development and IT operations, which shortens system development cycles and enables continuous delivery. Machine learning needs significant computational resources to process large amounts of data quickly. This...
Every Power BI tutorial shows you the happy path. Click here, drag there, your chart appears. That works fine until you’re staring at a 50-million-row dataset at 2am, your refresh...
Every Power BI tutorial shows you the happy path. Click here, drag there, your chart appears. That works fine until you’re staring at a 50-million-row dataset at 2am, your refresh...
Every Power BI tutorial shows you the happy path. Click here, drag there, your chart appears. That works fine until you’re staring at a 50-million-row dataset at 2am, your refresh...
The first time someone accidentally created a p4d.24xlarge instance in production, we started taking policy-as-code seriously. No one meant to. The Terraform code was correct, the pipeline ran fine, the...
The VPC decisions you make on day one will follow you for years. I’ve lived through the consequences—redesigning a network that was built without proper CIDR planning, watching a simple...
Two years ago, SBOMs were a checkbox on a compliance spreadsheet. In 2026, they’re a hard requirement. The US Executive Order 14028 mandated that any software sold to federal agencies...
JWT authorizers replaced about 80% of the Lambda authorizers I used to write. Not because they’re always the right tool — they’re not — but because most of the time...
AWS published Bedrock trust-and-safety guidance on April 29, 2026, and two numbers should catch every AI platform team’s attention: AWS cites an 82% improvement in employee trust when organizations communicate...
AWS published a practical IAM Identity Center session-tags walkthrough on April 28, 2026, and the pattern is worth copying: take attributes from Microsoft Entra ID, pass them through IAM Identity...
AWS Client VPN can now attach natively to AWS Transit Gateway. AWS announced the integration on April 23, 2026, and the practical impact is straightforward: remote users can reach multiple...
Kubernetes v1.36 makes fine-grained kubelet API authorization generally available. That sounds dry. It is not. It is the upstream answer to a nasty old habit: granting monitoring agents nodes/proxy because...
Kubernetes v1.36 promotes User Namespaces to GA, and the important field is only two words: hostUsers: false. That setting lets a pod run with user namespace isolation so UID 0...
CVE-2026-31431 is not the kind of Linux bug you leave for the next maintenance window. CERT-EU says Copy Fail was publicly disclosed on April 29, 2026, has a CVSS 3.1...
I once watched a team rotate a database password by editing a YAML file, pushing it to a private Git repo, and manually restarting three services. That worked right up...
Terraform 1.10 introduced ephemeral resources, and the feature matters for one reason above all others: it gives Terraform a way to work with temporary or sensitive data without persisting that...
Docker’s April 14, 2026 update on Hardened Images included a few numbers that are hard to ignore: more than 500,000 daily pulls, more than 25,000 continuously patched OS-level artifacts, and...
Amazon ECS launched managed daemons for ECS Managed Instances on April 1, 2026. The headline sounds small. The operational impact is not. AWS now gives platform teams a way to...
AES-GCM has real limits, and most teams only discover them after a key has been used far longer than they planned. AWS KMS and the AWS Encryption SDK exist partly...
PCI DSS on EKS is not one control. It is a set of controls that have to line up: network inspection, identity, logging, and evidence retention. AWS’s April 2026 guidance...
EKS Pod Identity session policies are the first practical answer AWS has given to “how do I keep pod permissions narrow without creating a dozen roles?” The answer is simple:...
CloudWatch’s cross-region telemetry rules are the kind of release that saves a security team from repeating the same setup in every region by hand. On April 16, 2026, AWS added...
AWS made the control question explicit in April 2026: when an AI agent touches AWS, which IAM principal is actually acting? That is the part people skip, and it is...
The worst secret in your platform is the one that exists only because the previous secret could not be trusted. That is how teams end up with GitLab variables that...
The simplest way to ruin network security is to let every VPC invent its own firewall story. The cleaner pattern is still centralized inspection: one inspection VPC, one firewall policy...
Kubernetes RBAC controls who can do what, but it doesn’t control whether the things they do are safe. A developer with namespace-level deploy access can create a Pod without resource...
The problem: your application team needs to create IAM roles for their Lambda functions and ECS tasks. You can give them iam:CreateRole and related permissions, but then they can create...
The standard AWS multi-account setup has a tools account for CI/CD, separate accounts for dev/staging/prod, a security audit account, and maybe a shared services account for internal tooling. Getting code...
The aws-auth ConfigMap was never a good idea. It’s a plain Kubernetes ConfigMap in the kube-system namespace — editable by anyone with cluster-admin, no audit trail, no AWS-native access controls,...
AWS WAF v2 launched in 2019 and the original WAF Classic is end-of-life — migration ended November 2024. If you’re still on Classic, those web ACLs are frozen. This guide...
Every bastion host in your architecture is a maintenance burden and an attack surface. You need to keep the AMI patched, manage SSH keys across the team, control security group...
The average AWS account running production workloads generates findings from at least four different security services: GuardDuty for threat detection, Inspector for vulnerability scanning, Config for compliance drift, and IAM...
I learned the hard way that static credentials are ticking time bombs. A contractor leaves, a key leaks through a misconfigured S3 bucket policy, a developer accidentally commits a .env...
The default path for a private EC2 instance to reach an AWS service like S3, Secrets Manager, or SSM is through a NAT gateway — $0.045/hour plus $0.045 per GB...
Most AWS teams start with one account. They create IAM users, attach policies, and eventually have a mess of permissions nobody fully understands. Then they start a second account for...
When a fintech company discovered in late 2023 that 14 months of customer transaction exports — including names, account numbers, and partial SSNs — had been sitting in a public...
Inspector Classic (v1) required you to schedule scans, install an agent manually, and remember to run assessments after deployments. Inspector v2, launched in November 2021, works differently. Enable it once...
A tweet with 52,894 impressions last September put it plainly: “master IAM roles and policies” was the single skill that separated AWS beginners from people who could actually build in...
AWS renamed AWS Single Sign-On to IAM Identity Center in 2022, which confused a lot of people who were still searching for “AWS SSO” in the console. The name changed;...
In 2022, a researcher at Lacework published an analysis of 500 AWS accounts across their customer base. The most common finding was cryptocurrency mining workloads running on EC2 instances that...
Every API call made to AWS — from the console, CLI, SDK, or another service — generates a CloudTrail event. Who created that security group rule? When was that IAM...
Web servers often need to handle traffic spikes and protect against abuse. Nginx Rate Limit lets you control how many requests the server processes within a given time frame. This...
Welcome to DevSecOps and Artificial Intelligence (AI) in software development. This post explores how AI fits into the DevSecOps landscape and how teams handle modern software development challenges.
I connected Bedrock to our Aurora cluster last month. The first thing I asked it was “show me all customers who churned in Q1 but came back in Q2” —...
I’ve been using Terraform MCP for three months now, and it’s the most significant shift in how I interact with infrastructure since Terraform itself. That’s not hyperbole. I can ask...
AWS published Bedrock trust-and-safety guidance on April 29, 2026, and two numbers should catch every AI platform team’s attention: AWS cites an 82% improvement in employee trust when organizations communicate...
GitHub Copilot changes its billing model on June 1, 2026. Premium request units go away, GitHub AI Credits become the unit of usage, and the expensive part is no longer...
I’ve spent the last three months using both GitHub Copilot and Kiro on actual DevOps work. Not toy examples. Not “write a hello world Lambda.” Real infrastructure code: Terraform modules...
I have lost count of how many times someone told me voice was “finally here.” Siri let us down. Alexa hit a wall. Google Assistant got folded into something else...
The cloud AI platform landscape in 2026 looks nothing like it did even twelve months ago. Amazon Bedrock, Azure AI Foundry, and Google Vertex AI have each matured from “model...
Every ML team I talk to faces the same question in 2026: should you train your models on AWS’s custom Trainium3 silicon or stick with NVIDIA’s H100 GPUs? The answer...
The AWS Knowledge MCP Server is the kind of infrastructure that becomes obvious only after you use it. It went generally available on October 1, 2025, and the pitch is...
AWS made the control question explicit in April 2026: when an AI agent touches AWS, which IAM principal is actually acting? That is the part people skip, and it is...
AWS keeps pushing Amazon EKS deeper into AI infrastructure for a reason: it scales, it is familiar, and it already sits in a lot of enterprise networking and identity stacks....
AWS launched Kiro on July 14, 2025. It’s an agentic IDE built on Code OSS (the open-source foundation of VS Code) and it makes a specific bet: the biggest problem...
On March 31, 2026, AWS made the DevOps Agent generally available. The announcement tweet from @awscloud got 3.3 million views in a week. The reaction from the DevOps community ranged...
I built three DevOps agents on Bedrock last quarter. One was genuinely useful, one was okay, and one I threw away. That experience taught me more about what AI agents...
I’ve tested seven “AI-powered productivity” tools over the past two years. Three were genuinely useful. Four were polished demos that didn’t survive contact with a real calendar. This post is...
I still remember the day our monitoring dashboard went red. We had a critical batch processing system running on EKS, and the SQS queue was backing up fast—messages were accumulating...
Before EventBridge Pipes launched in December 2022, connecting an SQS queue to a Step Functions state machine meant writing a Lambda function that polled the queue, parsed the payload, and...
Can traditional systems handle the expectations we have now for instant responses and real-time engagement? Imagine a system that reacts immediately to what users do, and can handle thousands or...
The cloud AI platform landscape in 2026 looks nothing like it did even twelve months ago. Amazon Bedrock, Azure AI Foundry, and Google Vertex AI have each matured from “model...
Serverless computing and containers are changing how developers build applications. Tech giants like AWS, Google Cloud, and Azure offer serverless container platforms that let teams focus on code instead of...
I shipped Terraform code without tests for years. Then a terraform apply deleted a production database because a conditional flipped. The resource had a lifecycle { prevent_destroy = true }...
The first time I tried running integration tests in GitLab CI, I hardcoded a database connection to localhost and wondered why nothing worked. The job would spin up, find no...
On March 22, 2026, the AWS Compute Blog published a practical guide for the enhanced Step Functions TestState API. The important part is not the API name. The important part...
AWS made Amazon Bedrock AgentCore Evaluations generally available on March 31, 2026. That launch matters because it answers the first serious production question every agent team eventually hits: how do...
LocalStack built something genuinely useful. A local emulator for AWS services that let you test Lambdas, S3 buckets, SQS queues, and DynamoDB tables without touching a real AWS account. For...
Most teams do not have a testing problem. They have a feedback-latency problem. Code gets written, pushed, and the first signal that something is wrong arrives from a production alert...
Think of security scanning that runs after deployment like an autopsy. You figure out what went wrong, but the damage is done. The vulnerabilities were already live in production. Somebody...
Most tutorials show you how to run terraform apply on a git push and call it a day. I’ve inherited infrastructure built that way. It’s chaos. Drift accumulates silently. Rollbacks...
The worst secret in your platform is the one that exists only because the previous secret could not be trusted. That is how teams end up with GitLab variables that...
GitLab’s monorepo docs are blunt about it: long pipelines are expensive, and the cure is to stop running work you do not need. That sounds obvious until you look at...
At some point in every GitLab CI/CD setup, the single shared runner stops being enough. Backend tests queue behind someone’s slow frontend build. GPU jobs wait on the same runner...
I spent three years pushing changes to Kubernetes with kubectl apply inside CI/CD pipelines. Every deployment required cluster credentials in GitLab. Every pipeline failure left the cluster in an unknown...
Most teams do not have a testing problem. They have a feedback-latency problem. Code gets written, pushed, and the first signal that something is wrong arrives from a production alert...
Amazon ECS launched managed daemons for ECS Managed Instances on April 1, 2026. The headline sounds small. The operational impact is not. AWS now gives platform teams a way to...
AWS published its official MCP-on-ECS walkthrough on April 14, 2026. That matters because the runtime question is now the real question. Most teams no longer struggle with the idea of...
Amazon ECS Express Mode launched on November 21, 2025. At first it looked like just another convenience layer on top of ECS. Five months later, it looks like something more...
On March 31, 2026, AWS said App Runner will stop accepting new customers on April 30, 2026. Existing App Runner customers can keep using the service, create new App Runner...
AWS put a date on Copilot’s decline on March 6, 2026: support ends June 12, 2026. That gives teams barely a quarter to stop treating Copilot as a safe default....
Amazon ECS Service Connect and Amazon VPC Lattice both improve service-to-service connectivity on AWS, but they do not solve the same boundary. Amazon ECS Service Connect launched on November 27,...
AWS App Mesh is end-of-life as of September 30, 2026. If you run ECS services that communicate via App Mesh, migration is required. The AWS-recommended replacement for ECS workloads is...
I’ve been deploying to AWS from GitLab CI for years. The patterns have shifted. In 2021 the answer was almost always Elastic Beanstalk — it was the lowest-friction path from...
Getting data into AWS sounds straightforward until you’re actually doing it. The right approach for ingesting 50,000 IoT sensor events per second is completely different from the right approach for...
Kinesis is four distinct services that AWS bundles under one name, which creates genuine confusion. Kinesis Data Streams is a durable ordered log — producers write records, multiple consumers read...
Getting data into AWS sounds straightforward until you’re actually doing it. The right approach for ingesting 50,000 IoT sensor events per second is completely different from the right approach for...
I connected Bedrock to our Aurora cluster last month. The first thing I asked it was “show me all customers who churned in Q1 but came back in Q2” —...
DynamoDB Streams is the feature that turns DynamoDB from a storage layer into an event source. Every write to a table — every put, update, and delete — produces a...
Rick Houlihan built the methodology for DynamoDB at Amazon before turning it into what the community calls single-table design. The idea is genuinely odd if you’re coming from SQL: put...
The problem RDS Proxy solves is simple to describe and expensive to ignore: Lambda functions don’t maintain persistent connections. Every cold start opens a new database connection. At moderate scale...
Aurora Global Database replicates your MySQL or PostgreSQL data across up to five AWS regions with typical replication lag under one second. Writes happen in a single primary region; secondary...
Amazon Keyspaces is a serverless, fully managed database service that speaks Apache Cassandra’s query language. That description sounds cleaner than the reality: Keyspaces is not a drop-in Cassandra replacement. It’s...
Most “Redshift vs DynamoDB” comparisons are built on a false premise — that these two services are alternatives to each other. They are not. Amazon Redshift is an OLAP data...
The question of where to run your database on AWS has gotten more complicated, not less. In 2019, the answer was often “just use RDS.” In 2026, you have EC2...
Amazon ElastiCache has changed more in the past two years than in the previous five. The Redis licensing drama, a new open-source fork, a serverless tier that actually works, and...
Amazon Keyspaces is a serverless, fully managed database service that speaks Apache Cassandra’s query language. That description sounds cleaner than the reality: Keyspaces is not a drop-in Cassandra replacement. It’s...
JWT authorizers replaced about 80% of the Lambda authorizers I used to write. Not because they’re always the right tool — they’re not — but because most of the time...
Something I tell every new team I work with: stop assuming your internal network is safe. That assumption is how you end up with a bad time. In 2026, 8.4...
AWS WAF v2 launched in 2019 and the original WAF Classic is end-of-life — migration ended November 2024. If you’re still on Classic, those web ACLs are frozen. This guide...
Something I tell every new team I work with: stop assuming your internal network is safe. That assumption is how you end up with a bad time. In 2026, 8.4...
Something I tell every new team I work with: stop assuming your internal network is safe. That assumption is how you end up with a bad time. In 2026, 8.4...
Amazon ECS Service Connect and Amazon VPC Lattice both improve service-to-service connectivity on AWS, but they do not solve the same boundary. Amazon ECS Service Connect launched on November 27,...
AWS App Mesh is end-of-life as of September 30, 2026. If you run ECS services that communicate via App Mesh, migration is required. The AWS-recommended replacement for ECS workloads is...
AWS App Mesh is end-of-life as of September 30, 2026. If you run ECS services that communicate via App Mesh, migration is required. The AWS-recommended replacement for ECS workloads is...
The VPC decisions you make on day one will follow you for years. I’ve lived through the consequences—redesigning a network that was built without proper CIDR planning, watching a simple...
AWS Client VPN can now attach natively to AWS Transit Gateway. AWS announced the integration on April 23, 2026, and the practical impact is straightforward: remote users can reach multiple...
The Kubernetes project announced Gateway API v1.5 on April 21, 2026, after cutting the release on March 14. That timing matters because this one is not just another incremental networking...
EKS Auto Mode removes a lot of node and load balancer work, but it does not remove networking decisions. The April 2026 networking post makes that clear: Auto Mode automatically...
The simplest way to ruin network security is to let every VPC invent its own firewall story. The cleaner pattern is still centralized inspection: one inspection VPC, one firewall policy...
AWS did not make Cloud WAN interesting by adding another dashboard. It made Cloud WAN interesting by letting you control the routes themselves. On November 20, 2025, AWS launched Cloud...
On April 14, 2026, AWS took a part of network architecture that usually lives in email threads, partner tickets, and hand-built BGP configs and turned it into a product in...
Amazon ECS Service Connect and Amazon VPC Lattice both improve service-to-service connectivity on AWS, but they do not solve the same boundary. Amazon ECS Service Connect launched on November 27,...
ingress-nginx is End of Life. CVE-2026-4342 — a configuration injection vulnerability enabling potential code execution — was disclosed in April 2026 against all versions below v1.13.9, v1.14.5, and v1.15.1. The...
Running out of IP addresses in production at 2 AM is a specific kind of bad. It happens in EKS clusters when the VPC CNI plugin has allocated every available...
At five VPCs, full-mesh VPC peering starts to feel manageable. At ten it’s annoying. At twenty, you have 190 peering connections to maintain, each with its own route table entries,...
Most engineers use Route 53 for one thing: create an A record pointing to a load balancer and move on. But Route 53 has seven routing policies, each solving a...
The default path for a private EC2 instance to reach an AWS service like S3, Secrets Manager, or SSM is through a NAT gateway — $0.045/hour plus $0.045 per GB...
AWS App Mesh is end-of-life as of September 30, 2026. If you run ECS services that communicate via App Mesh, migration is required. The AWS-recommended replacement for ECS workloads is...
Kubernetes v1.36 promotes User Namespaces to GA, and the important field is only two words: hostUsers: false. That setting lets a pod run with user namespace isolation so UID 0...
Our team spent three weeks in a conference room with bad coffee and two GitOps tools fighting for the same EKS cluster. We had ArgoCD running in staging already. It...
I spent two years babysitting a Jenkins cluster that ran 1,200 pipelines across three EKS environments. Every month, something broke. A plugin update broke the Git plugin. The build agent...
I still remember the day our monitoring dashboard went red. We had a critical batch processing system running on EKS, and the SQS queue was backing up fast—messages were accumulating...
I spent a full Saturday afternoon in 2023 trying to figure out why a production EKS cluster was dropping packets between two namespaces. The pod-to-pod traffic should have worked –...
On April 20, 2026, AWS added seven Amazon EKS IAM condition keys that finally make several cluster standards enforceable before the cluster is created or changed. That date matters because...
Amazon EKS Hybrid Nodes has been generally available since December 1, 2024, but the February 24, 2026 AWS containers post made the feature a lot more practical by showing a...
The Kubernetes project announced Gateway API v1.5 on April 21, 2026, after cutting the release on March 14. That timing matters because this one is not just another incremental networking...
We’ve all been there – someone on the team asks, “Should we use Kubernetes or serverless for this?” and the room splits into two camps. But here’s the thing: by...
AWS App Mesh officially reached its end of life on March 31, 2026. So if you’re still running microservices on EKS with App Mesh, you’re overdue for a migration plan....
I’ve watched teams build gorgeous Kubernetes clusters on EKS, then basically shrug at container security. The cluster runs great, pipelines are solid, autoscaling hums along – and then someone actually...
PCI DSS on EKS is not one control. It is a set of controls that have to line up: network inspection, identity, logging, and evidence retention. AWS’s April 2026 guidance...
EKS Auto Mode removes a lot of node and load balancer work, but it does not remove networking decisions. The April 2026 networking post makes that clear: Auto Mode automatically...
EKS Pod Identity session policies are the first practical answer AWS has given to “how do I keep pod permissions narrow without creating a dozen roles?” The answer is simple:...
Kubernetes is finally getting serious about the parts of AI systems that do not fit a normal Deployment. On March 9, 2026, the Kubernetes community announced the AI Gateway Working...
AWS keeps pushing Amazon EKS deeper into AI infrastructure for a reason: it scales, it is familiar, and it already sits in a lot of enterprise networking and identity stacks....
AWS announced Amazon EKS Auto Mode on December 1, 2024. The deeper “under the hood” explanation followed on March 31, 2025. On February 10, 2026, AWS added CloudWatch Vended Logs...
The kube-prometheus-stack Helm chart installs Prometheus, Alertmanager, Grafana, and a collection of default Kubernetes dashboards in about five minutes. That’s the fastest path to useful EKS monitoring. The harder part...
Kubernetes RBAC controls who can do what, but it doesn’t control whether the things they do are safe. A developer with namespace-level deploy access can create a Pod without resource...
Kubernetes v1.36 shipped April 22, 2026, with 64 enhancements across the release: 17 graduating to stable, 18 moving to beta, and 24 entering alpha. The headline is sidecar containers reaching...
ingress-nginx is End of Life. CVE-2026-4342 — a configuration injection vulnerability enabling potential code execution — was disclosed in April 2026 against all versions below v1.13.9, v1.14.5, and v1.15.1. The...
Helm is the package manager for Kubernetes. Raw YAML manifests work fine for a single deployment in one environment. Once you need the same application in staging, production, and three...
I spent three years pushing changes to Kubernetes with kubectl apply inside CI/CD pipelines. Every deployment required cluster credentials in GitLab. Every pipeline failure left the cluster in an unknown...
HashiCorp switched Terraform to the Business Source License in August 2023. Within weeks, the OpenTofu fork was announced under the Linux Foundation, accepted as a CNCF project, and had a...
The aws-auth ConfigMap was never a good idea. It’s a plain Kubernetes ConfigMap in the kube-system namespace — editable by anyone with cluster-admin, no audit trail, no AWS-native access controls,...
Running out of IP addresses in production at 2 AM is a specific kind of bad. It happens in EKS clusters when the VPC CNI plugin has allocated every available...
Karpenter hit v1.0 in late 2024, and for most EKS clusters it’s now the better choice over Cluster Autoscaler. The performance difference alone is enough to justify the switch: Cluster...
AWS re:Invent 2023 had a stat that keeps coming up in job postings: EKS adoption grew 88% year-over-year among enterprise AWS customers. That number isn’t surprising if you’ve been watching...
A batch job that runs for eight minutes, three times a day. A CI pipeline that spins up test pods on every commit. An API that handles zero traffic on...
AWS EKS standard support ends 14 months after a Kubernetes version’s upstream release. Extended support adds another 12 months but costs $0.60 per cluster per hour on top of normal...
Running Kubernetes on EKS without Container Insights is like flying without instruments. You can see your pods are running, but when a node is memory-pressured and pods start getting OOMKilled,...
GitOps is the practice of using a Git repository as the single source of truth for what should run in your Kubernetes cluster. ArgoCD implements this by watching a Git...
Amazon EKS Capabilities is one of the more consequential EKS launches for platform teams because it moves beyond “managed Kubernetes control plane” and starts managing common platform controllers around the...
Our team spent three weeks in a conference room with bad coffee and two GitOps tools fighting for the same EKS cluster. We had ArgoCD running in staging already. It...
I spent two years babysitting a Jenkins cluster that ran 1,200 pipelines across three EKS environments. Every month, something broke. A plugin update broke the Git plugin. The build agent...
Cluster lifecycle work is usually where platform engineering gets less glamorous and more expensive. Creating a cluster is the easy part. Upgrading it across minor versions, changing rollout behavior without...
Terraform workspaces seemed like the solution to multi-environment management — one configuration, many states. Then teams discovered the problems: workspace sprawl, no isolation between environments at the module level, and...
I spent three years pushing changes to Kubernetes with kubectl apply inside CI/CD pipelines. Every deployment required cluster credentials in GitLab. Every pipeline failure left the cluster in an unknown...
HashiCorp switched Terraform to the Business Source License in August 2023. Within weeks, the OpenTofu fork was announced under the Linux Foundation, accepted as a CNCF project, and had a...
GitOps is the practice of using a Git repository as the single source of truth for what should run in your Kubernetes cluster. ArgoCD implements this by watching a Git...
Amazon EKS Capabilities is one of the more consequential EKS launches for platform teams because it moves beyond “managed Kubernetes control plane” and starts managing common platform controllers around the...
I spent three years at a company that spent $4 million on “DevOps transformation.” New tools, new cloud infrastructure, training budgets, the works. The velocity of the platform stayed flat....
I watched a backend engineer spend two hours yesterday trying to figure out which CloudFormation template to use for their new service. They had three options in a Confluence page....
Pulumi vs Terraform is usually framed as “real programming languages versus HCL.” That framing is useful for about five minutes, then it starts hiding the real decision.
Amazon ECS launched managed daemons for ECS Managed Instances on April 1, 2026. The headline sounds small. The operational impact is not. AWS now gives platform teams a way to...
Cluster lifecycle work is usually where platform engineering gets less glamorous and more expensive. Creating a cluster is the easy part. Upgrading it across minor versions, changing rollout behavior without...
Kubernetes is finally getting serious about the parts of AI systems that do not fit a normal Deployment. On March 9, 2026, the Kubernetes community announced the AI Gateway Working...
AWS announced Amazon EKS Auto Mode on December 1, 2024. The deeper “under the hood” explanation followed on March 31, 2025. On February 10, 2026, AWS added CloudWatch Vended Logs...
Amazon EKS Capabilities is one of the more consequential EKS launches for platform teams because it moves beyond “managed Kubernetes control plane” and starts managing common platform controllers around the...
On April 28, 2026, AWS announced something that changes the enterprise AI architecture conversation: OpenAI models, Codex on Amazon Bedrock, and Amazon Bedrock Managed Agents powered by OpenAI are coming...
I spent most of last year watching teams try to build AI agents from scratch. The common thread: they underestimated the infrastructure. Everyone focuses on the model choice, spends a...
On April 21, 2026, AWS Lambda removed one of the dumbest pieces of plumbing in a lot of serverless code: the “download from S3, write to /tmp, process, upload to...
On April 22, 2026, AWS added a set of Amazon Bedrock AgentCore features that changes the early developer workflow more than the runtime architecture. The update is not just “more...
Docker’s March 2026 security push is not subtle. The company said over a quarter of production code is now AI-authored, and that developers using agents are merging roughly 60% more...
Kubernetes is finally getting serious about the parts of AI systems that do not fit a normal Deployment. On March 9, 2026, the Kubernetes community announced the AI Gateway Working...
AWS launched Amazon Bio Discovery on April 14, 2026. What stood out to me was simple: AWS did not ship a generic model endpoint for biotech teams. It shipped a...
Java teams already have enough framework churn. Most of them are not looking for a new agent platform. They want to keep Spring Boot, add model access, expose a few...
On March 10, 2026, AWS added stateful MCP server features to Amazon Bedrock AgentCore Runtime. If you only read the headline, it sounds like a protocol update. It is more...
On April 9, 2026, AWS launched AWS Agent Registry in preview inside Amazon Bedrock AgentCore. That launch matters because most teams are no longer struggling with a single agent demo....
On February 24, 2026, AWS announced server-side tool execution for Amazon Bedrock through Amazon Bedrock AgentCore Gateway integration with the Responses API. That launch changes a stubborn problem in agent...
On March 13, 2026, AWS announced that Amazon Bedrock AgentCore Runtime now supports the Agent-User Interaction protocol, better known as AG-UI. That is more important than it sounds. Most agent...
The announcement in April 2026 was surprisingly quiet for something that changes a real pain point. AWS shipped S3 Files — a feature that mounts an S3 bucket as a...
Our team spent three weeks in a conference room with bad coffee and two GitOps tools fighting for the same EKS cluster. We had ArgoCD running in staging already. It...
I spent two years babysitting a Jenkins cluster that ran 1,200 pipelines across three EKS environments. Every month, something broke. A plugin update broke the Git plugin. The build agent...
I spent three years pushing changes to Kubernetes with kubectl apply inside CI/CD pipelines. Every deployment required cluster credentials in GitLab. Every pipeline failure left the cluster in an unknown...
GitOps is the practice of using a Git repository as the single source of truth for what should run in your Kubernetes cluster. ArgoCD implements this by watching a Git...
If your application serves users around the world, running everything in a single AWS region just doesn’t cut it anymore. Users in Tokyo shouldn’t have to wait 300 milliseconds for...
Aurora Global Database replicates your MySQL or PostgreSQL data across up to five AWS regions with typical replication lag under one second. Writes happen in a single primary region; secondary...
AWS App Mesh officially reached its end of life on March 31, 2026. So if you’re still running microservices on EKS with App Mesh, you’re overdue for a migration plan....
AWS published its official MCP-on-ECS walkthrough on April 14, 2026. That matters because the runtime question is now the real question. Most teams no longer struggle with the idea of...
You do not know your system’s limits until you hit them in production. That sentence costs companies real money every quarter. I have seen teams ship to production with nothing...
We’ve all been there – someone on the team asks, “Should we use Kubernetes or serverless for this?” and the room splits into two camps. But here’s the thing: by...
AWS finally moved Lambda into territory that used to force an ECS or EC2 conversation. The new Lambda Managed Instances compute type lets you run functions on current-generation EC2 capacity...
A batch job that runs for eight minutes, three times a day. A CI pipeline that spins up test pods on every commit. An API that handles zero traffic on...
I migrated our production cluster from Graviton3 to Graviton5 last month. Three services, two weekends, zero downtime. The numbers justified it in the first billing cycle. Here’s what actually happened...
Cloudflare released cf-terraforming tf-migrate on April 24, 2026, and the target audience is every team that looked at the Cloudflare Terraform provider v4 to v5 migration and quietly postponed it....
AWS CLI v1 enters maintenance mode on July 15, 2026 and reaches end of support on July 15, 2027. AWS said scripts and workflows made for CLI v1 should continue...
AWS added CloudTrail Lake to its March 31, 2026 service availability update and said CloudTrail Lake will stop accepting new customers on May 31, 2026. Existing customers can continue to...
Amazon ECS Express Mode launched on November 21, 2025. At first it looked like just another convenience layer on top of ECS. Five months later, it looks like something more...
On March 31, 2026, AWS said App Runner will stop accepting new customers on April 30, 2026. Existing App Runner customers can keep using the service, create new App Runner...
On March 31, 2026, AWS said App Runner will stop accepting new customers on April 30, 2026. Existing App Runner customers can keep using the service, create new App Runner...
AWS put a date on Copilot’s decline on March 6, 2026: support ends June 12, 2026. That gives teams barely a quarter to stop treating Copilot as a safe default....
On February 4, 2026, Amazon ECS added native support for linear and canary deployment strategies for services using Network Load Balancers. That is a small announcement with a large operational...
Kubernetes v1.36 promotes User Namespaces to GA, and the important field is only two words: hostUsers: false. That setting lets a pod run with user namespace isolation so UID 0...
Docker’s April 14, 2026 update on Hardened Images included a few numbers that are hard to ignore: more than 500,000 daily pulls, more than 25,000 continuously patched OS-level artifacts, and...
Amazon ECS Express Mode launched on November 21, 2025. At first it looked like just another convenience layer on top of ECS. Five months later, it looks like something more...
AWS put a date on Copilot’s decline on March 6, 2026: support ends June 12, 2026. That gives teams barely a quarter to stop treating Copilot as a safe default....
Docker’s March 2026 security push is not subtle. The company said over a quarter of production code is now AI-authored, and that developers using agents are merging roughly 60% more...
Both platforms started at essentially the same place and have converged to a point where the pipeline YAML looks almost identical. The real differences are in pricing model, ecosystem integration,...
AWS re:Invent 2023 had a stat that keeps coming up in job postings: EKS adoption grew 88% year-over-year among enterprise AWS customers. That number isn’t surprising if you’ve been watching...
A batch job that runs for eight minutes, three times a day. A CI pipeline that spins up test pods on every commit. An API that handles zero traffic on...
A Node.js application shipped as a Docker image with all development dependencies included: node_modules with Jest, ESLint, TypeScript compiler, and hundreds of transitive dev dependencies baked in. The image weighs...
I’ve deployed hundreds of Lambda functions across dozens of AWS accounts. The most common pain I see — even from experienced teams — is the dependency packaging problem. Someone adds...
On March 22, 2026, the AWS Compute Blog published a practical guide for the enhanced Step Functions TestState API. The important part is not the API name. The important part...
On January 29, 2026, AWS raised one of the quiet limits that shaped serverless architecture for years: asynchronous Lambda invocations, Amazon SQS messages, and Amazon EventBridge events can now carry...
AWS Lambda Durable Functions change a decision that used to be almost automatic. For years, if a serverless workflow needed to wait, retry, branch, call several services, or survive failure,...
I spent most of last year watching teams try to build AI agents from scratch. The common thread: they underestimated the infrastructure. Everyone focuses on the model choice, spends a...
On April 21, 2026, AWS Lambda removed one of the dumbest pieces of plumbing in a lot of serverless code: the “download from S3, write to /tmp, process, upload to...
We’ve all been there – someone on the team asks, “Should we use Kubernetes or serverless for this?” and the room splits into two camps. But here’s the thing: by...
Lambda Managed Instances is the first Lambda variant that makes the question “should this be serverless or just EC2?” worth asking again. AWS now runs the function on current-generation EC2...
AWS finally moved Lambda into territory that used to force an ECS or EC2 conversation. The new Lambda Managed Instances compute type lets you run functions on current-generation EC2 capacity...
Every serverless architecture eventually runs into the same problem: you have messages in SQS and you need Lambda to process them reliably. Not just the happy path — reliably. Meaning...
DynamoDB Streams is the feature that turns DynamoDB from a storage layer into an event source. Every write to a table — every put, update, and delete — produces a...
Rick Houlihan built the methodology for DynamoDB at Amazon before turning it into what the community calls single-table design. The idea is genuinely odd if you’re coming from SQL: put...
Step Functions launched in 2016 as a way to sequence Lambda functions without writing glue code. Seven years later, it has grown into something considerably more powerful: 220+ AWS service...
The problem RDS Proxy solves is simple to describe and expensive to ignore: Lambda functions don’t maintain persistent connections. Every cold start opens a new database connection. At moderate scale...
A Lambda cold start is a tax you pay every time AWS needs to create a new execution environment for your function. For a Python function with minimal dependencies, that...
Before EventBridge Pipes launched in December 2022, connecting an SQS queue to a Step Functions state machine meant writing a Lambda function that polled the queue, parsed the payload, and...
I connected Bedrock to our Aurora cluster last month. The first thing I asked it was “show me all customers who churned in Q1 but came back in Q2” —...
I spent most of last year watching teams try to build AI agents from scratch. The common thread: they underestimated the infrastructure. Everyone focuses on the model choice, spends a...
AWS has set an important cutoff for Amazon Comprehend users: topic modeling, event detection, and prompt safety classification stop being available to new customers on April 30, 2026. Existing AWS...
On April 22, 2026, AWS added a set of Amazon Bedrock AgentCore features that changes the early developer workflow more than the runtime architecture. The update is not just “more...
AWS published its official MCP-on-ECS walkthrough on April 14, 2026. That matters because the runtime question is now the real question. Most teams no longer struggle with the idea of...
AWS shipped Bedrock Guardrails cross-account enforcement on April 3, 2026, and this is exactly the kind of feature security teams ask for after the first wave of internal AI pilots...
Amazon Bedrock got a billing upgrade that matters more than it sounds. If several teams, applications, or engineers call the same model endpoints, the monthly bill used to tell you...
AWS made the control question explicit in April 2026: when an AI agent touches AWS, which IAM principal is actually acting? That is the part people skip, and it is...
On March 10, 2026, AWS added stateful MCP server features to Amazon Bedrock AgentCore Runtime. If you only read the headline, it sounds like a protocol update. It is more...
On April 9, 2026, AWS launched AWS Agent Registry in preview inside Amazon Bedrock AgentCore. That launch matters because most teams are no longer struggling with a single agent demo....
On March 1, 2024, AWS added hybrid search to Knowledge Bases for Amazon Bedrock for Amazon OpenSearch Serverless. On March 27, 2025, AWS added Amazon OpenSearch Managed Cluster as a...
AWS made Amazon Bedrock AgentCore Evaluations generally available on March 31, 2026. That launch matters because it answers the first serious production question every agent team eventually hits: how do...
Amazon Bedrock AgentCore got two features in March 2026 that matter far more than the marketing language around them. On March 17, 2026, AWS launched shell command execution in AgentCore...
Training a custom Nova model on Bedrock costs less than you probably expect. A supervised fine-tuning job on roughly 5,000 conversation examples — enough data to meaningfully shift model behavior...
On April 28, 2026, Claude 3.7 Sonnet reached end-of-life on Amazon Bedrock. Calls to anthropic.claude-3-7-sonnet-20250219-v1:0 returned a ValidationException with the message “The provided model identifier is invalid.” No warning in...
When three teams share a single AWS account and all call Bedrock, figuring out who spent what requires more than just looking at the monthly bill. The “Amazon Bedrock” line...
At 1,000 multi-step requests per day, Bedrock Agents costs roughly $864/month. Running the same workload against Nova Pro directly with a custom orchestration layer costs about $137/month. That gap —...
On February 24, 2026, AWS announced server-side tool execution for Amazon Bedrock through Amazon Bedrock AgentCore Gateway integration with the Responses API. That launch changes a stubborn problem in agent...
On March 13, 2026, AWS announced that Amazon Bedrock AgentCore Runtime now supports the Agent-User Interaction protocol, better known as AG-UI. That is more important than it sounds. Most agent...
I built three DevOps agents on Bedrock last quarter. One was genuinely useful, one was okay, and one I threw away. That experience taught me more about what AI agents...
AWS put a date on Copilot’s decline on March 6, 2026: support ends June 12, 2026. That gives teams barely a quarter to stop treating Copilot as a safe default....
HashiCorp’s Business Source License change in August 2023 sent a lot of teams back to evaluating their IaC options. AWS CDK picked up meaningful adoption during that period — not...
HashiCorp’s Business Source License change in August 2023 sent a lot of teams back to evaluating their IaC options. AWS CDK picked up meaningful adoption during that period — not...
HashiCorp’s Business Source License change in August 2023 sent a lot of teams back to evaluating their IaC options. AWS CDK picked up meaningful adoption during that period — not...
AWS added CloudTrail Lake to its March 31, 2026 service availability update and said CloudTrail Lake will stop accepting new customers on May 31, 2026. Existing customers can continue to...
Every API call made to AWS — from the console, CLI, SDK, or another service — generates a CloudTrail event. Who created that security group rule? When was that IAM...
Most teams have a disaster recovery plan. Far fewer have actually tested theirs. The gap between writing a runbook and executing one under real pressure is exactly where production outages...
Every API call made to AWS — from the console, CLI, SDK, or another service — generates a CloudTrail event. Who created that security group rule? When was that IAM...
I used to instrument AWS services the hard way. AWS X-Ray SDK here, CloudWatch Logs there, custom metrics scattered across a dozen boto3 calls. Each service had its own observability...
I’ve run all three in production. Not in a lab, not in a POC that got abandoned after two weeks. Datadog on a fleet of 200 ECS services. CloudWatch on...
On April 2, 2026, AWS expanded Amazon CloudWatch auto-enablement so teams can automatically configure telemetry for Amazon CloudFront Standard access logs, AWS Security Hub CSPM finding logs, and Amazon Bedrock...
Amazon ECS launched managed daemons for ECS Managed Instances on April 1, 2026. The headline sounds small. The operational impact is not. AWS now gives platform teams a way to...
CloudWatch’s cross-region telemetry rules are the kind of release that saves a security team from repeating the same setup in every region by hand. On April 16, 2026, AWS added...
The kube-prometheus-stack Helm chart installs Prometheus, Alertmanager, Grafana, and a collection of default Kubernetes dashboards in about five minutes. That’s the fastest path to useful EKS monitoring. The harder part...
Running Kubernetes on EKS without Container Insights is like flying without instruments. You can see your pods are running, but when a node is memory-pressured and pods start getting OOMKilled,...
X-Ray answers the question that CloudWatch logs and metrics can’t: why is this specific request slow? Logs tell you something happened. Metrics tell you how often. X-Ray tells you exactly...
On March 31, 2026, AWS made the DevOps Agent generally available. The announcement tweet from @awscloud got 3.3 million views in a week. The reaction from the DevOps community ranged...
A tweet that reached 17,105 people last January listed the seven AWS services you need to know to get hired. CloudWatch was on it alongside EC2, S3, IAM, Lambda, RDS,...
Every API call made to AWS — from the console, CLI, SDK, or another service — generates a CloudTrail event. Who created that security group rule? When was that IAM...
I used to instrument AWS services the hard way. AWS X-Ray SDK here, CloudWatch Logs there, custom metrics scattered across a dozen boto3 calls. Each service had its own observability...
I’ve run all three in production. Not in a lab, not in a POC that got abandoned after two weeks. Datadog on a fleet of 200 ECS services. CloudWatch on...
On April 2, 2026, AWS expanded Amazon CloudWatch auto-enablement so teams can automatically configure telemetry for Amazon CloudFront Standard access logs, AWS Security Hub CSPM finding logs, and Amazon Bedrock...
AWS added CloudTrail Lake to its March 31, 2026 service availability update and said CloudTrail Lake will stop accepting new customers on May 31, 2026. Existing customers can continue to...
CloudWatch’s cross-region telemetry rules are the kind of release that saves a security team from repeating the same setup in every region by hand. On April 16, 2026, AWS added...
Security Hub changed twice in quick succession. On February 26, 2026, AWS launched Security Hub Extended as a pay-as-you-go plan for partner solutions. On March 31, 2026, CloudWatch started ingesting...
Running Kubernetes on EKS without Container Insights is like flying without instruments. You can see your pods are running, but when a node is memory-pressured and pods start getting OOMKilled,...
I’ve watched too many teams misunderstand FinOps. They think it means shutting down instances at night or buying bigger discounts. That’s not FinOps. That’s panic cost-cutting. Real FinOps is about...
A tweet that reached 17,105 people last January listed the seven AWS services you need to know to get hired. CloudWatch was on it alongside EC2, S3, IAM, Lambda, RDS,...
I’ve run all three in production. Not in a lab, not in a POC that got abandoned after two weeks. Datadog on a fleet of 200 ECS services. CloudWatch on...
A tweet that reached 17,105 people last January listed the seven AWS services you need to know to get hired. CloudWatch was on it alongside EC2, S3, IAM, Lambda, RDS,...
AWS CodePipeline and CodeBuild give you a CI/CD stack that stays entirely within AWS — no Jenkins to maintain, no GitHub Actions runner infrastructure, no CircleCI seat costs. CodeBuild runs...
AWS CodePipeline and CodeBuild give you a CI/CD stack that stays entirely within AWS — no Jenkins to maintain, no GitHub Actions runner infrastructure, no CircleCI seat costs. CodeBuild runs...
Our monorepo pipeline used to take 15 minutes. Every commit ran tests for the API, the background worker, and the frontend — in sequence, regardless of what changed. A one-line...
On March 22, 2026, the AWS Compute Blog published a practical guide for the enhanced Step Functions TestState API. The important part is not the API name. The important part...
Terraform 1.15 is the kind of release that can break a quiet CI lane before anyone notices the changelog. The headline features are useful: Windows ARM64 builds, deprecated variables and...
CVE-2026-31431 is not the kind of Linux bug you leave for the next maintenance window. CERT-EU says Copy Fail was publicly disclosed on April 29, 2026, has a CVSS 3.1...
I spent two years babysitting a Jenkins cluster that ran 1,200 pipelines across three EKS environments. Every month, something broke. A plugin update broke the Git plugin. The build agent...
On April 23, 2026, Docker published details on two Docker Hub supply-chain compromises that hit common security scanners: Trivy first, then Checkmarx KICS. The KICS incident was especially uncomfortable for...
Think of security scanning that runs after deployment like an autopsy. You figure out what went wrong, but the damage is done. The vulnerabilities were already live in production. Somebody...
Most tutorials show you how to run terraform apply on a git push and call it a day. I’ve inherited infrastructure built that way. It’s chaos. Drift accumulates silently. Rollbacks...
GitLab’s monorepo docs are blunt about it: long pipelines are expensive, and the cure is to stop running work you do not need. That sounds obvious until you look at...
AWS made Amazon Bedrock AgentCore Evaluations generally available on March 31, 2026. That launch matters because it answers the first serious production question every agent team eventually hits: how do...
At some point in every GitLab CI/CD setup, the single shared runner stops being enough. Backend tests queue behind someone’s slow frontend build. GPU jobs wait on the same runner...
Both platforms started at essentially the same place and have converged to a point where the pipeline YAML looks almost identical. The real differences are in pricing model, ecosystem integration,...
The manual Terraform workflow — terraform plan on your laptop, peer-review the output in Slack, terraform apply if it looks right — breaks down around the time your team hits...
In 2021, GitHub released OIDC support for Actions — and quietly made static AWS access keys in CI/CD pipelines obsolete. The old approach required storing AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY as GitHub...
A Node.js application shipped as a Docker image with all development dependencies included: node_modules with Jest, ESLint, TypeScript compiler, and hundreds of transitive dev dependencies baked in. The image weighs...
AWS CodePipeline and CodeBuild give you a CI/CD stack that stays entirely within AWS — no Jenkins to maintain, no GitHub Actions runner infrastructure, no CircleCI seat costs. CodeBuild runs...
Most AWS accounts run EC2 instances that are the wrong size. Not dramatically wrong — nobody runs an m5.24xlarge for a blog — but quietly, consistently over-provisioned. An instance that...
I got a $5,200 AWS bill once. For a staging environment. On a project that was supposed to cost $800/month. The culprit? A developer ran a load test script against...
The biggest bill shock teams get on AWS isn’t from accidental services left running or an exposed S3 bucket. It’s from paying On-Demand rates for workloads that run 24/7. A...
I’ve watched too many teams misunderstand FinOps. They think it means shutting down instances at night or buying bigger discounts. That’s not FinOps. That’s panic cost-cutting. Real FinOps is about...
AWS bills monthly and surprises quarterly. A developer enables NAT Gateway logging in a test environment; nobody notices until the bill arrives with an extra $400 in data processing charges....
Most AWS accounts run EC2 instances that are the wrong size. Not dramatically wrong — nobody runs an m5.24xlarge for a blog — but quietly, consistently over-provisioned. An instance that...
AWS bills monthly and surprises quarterly. A developer enables NAT Gateway logging in a test environment; nobody notices until the bill arrives with an extra $400 in data processing charges....
AWS bills monthly and surprises quarterly. A developer enables NAT Gateway logging in a test environment; nobody notices until the bill arrives with an extra $400 in data processing charges....
GitHub Copilot changes its billing model on June 1, 2026. Premium request units go away, GitHub AI Credits become the unit of usage, and the expensive part is no longer...
I got a $5,200 AWS bill once. For a staging environment. On a project that was supposed to cost $800/month. The culprit? A developer ran a load test script against...
Amazon Bedrock got a billing upgrade that matters more than it sounds. If several teams, applications, or engineers call the same model endpoints, the monthly bill used to tell you...
When three teams share a single AWS account and all call Bedrock, figuring out who spent what requires more than just looking at the monthly bill. The “Amazon Bedrock” line...
The biggest bill shock teams get on AWS isn’t from accidental services left running or an exposed S3 bucket. It’s from paying On-Demand rates for workloads that run 24/7. A...
I’ve watched too many teams misunderstand FinOps. They think it means shutting down instances at night or buying bigger discounts. That’s not FinOps. That’s panic cost-cutting. Real FinOps is about...
AWS bills monthly and surprises quarterly. A developer enables NAT Gateway logging in a test environment; nobody notices until the bill arrives with an extra $400 in data processing charges....
On March 31, 2026, AWS made the DevOps Agent generally available. The announcement tweet from @awscloud got 3.3 million views in a week. The reaction from the DevOps community ranged...
AWS has set the same April 30, 2026 new-customer cutoff for two Amazon Rekognition capabilities: Streaming Video Analysis and Batch Image Content Moderation. Existing accounts that used the affected features...
Before EventBridge Pipes launched in December 2022, connecting an SQS queue to a Step Functions state machine meant writing a Lambda function that polled the queue, parsed the payload, and...
I’ve watched too many teams misunderstand FinOps. They think it means shutting down instances at night or buying bigger discounts. That’s not FinOps. That’s panic cost-cutting. Real FinOps is about...
AWS Glue is a managed ETL service built on Apache Spark, combined with a metadata catalog that integrates across Athena, EMR, Redshift Spectrum, and Lake Formation. The two parts are...
Kinesis is four distinct services that AWS bundles under one name, which creates genuine confusion. Kinesis Data Streams is a durable ordered log — producers write records, multiple consumers read...
AWS Glue is a managed ETL service built on Apache Spark, combined with a metadata catalog that integrates across Athena, EMR, Redshift Spectrum, and Lake Formation. The two parts are...
AWS Glue is a managed ETL service built on Apache Spark, combined with a metadata catalog that integrates across Athena, EMR, Redshift Spectrum, and Lake Formation. The two parts are...
AWS published the Security Hub Extended technical walkthrough on April 22, 2026, after announcing the multicloud expansion on March 10, 2026. The short version: Security Hub is becoming more than...
PCI DSS on EKS is not one control. It is a set of controls that have to line up: network inspection, identity, logging, and evidence retention. AWS’s April 2026 guidance...
Security Hub changed twice in quick succession. On February 26, 2026, AWS launched Security Hub Extended as a pay-as-you-go plan for partner solutions. On March 31, 2026, CloudWatch started ingesting...
In 2022, a researcher at Lacework published an analysis of 500 AWS accounts across their customer base. The most common finding was cryptocurrency mining workloads running on EC2 instances that...
Security teams are basically drowning in logs at this point. CloudTrail events pouring in from 47 AWS accounts, VPC Flow Logs from hundreds of subnets, GuardDuty findings stacked up across...
In 2022, a researcher at Lacework published an analysis of 500 AWS accounts across their customer base. The most common finding was cryptocurrency mining workloads running on EC2 instances that...
On April 20, 2026, AWS added seven Amazon EKS IAM condition keys that finally make several cluster standards enforceable before the cluster is created or changed. That date matters because...
Amazon Bedrock got a billing upgrade that matters more than it sounds. If several teams, applications, or engineers call the same model endpoints, the monthly bill used to tell you...
EKS Pod Identity session policies are the first practical answer AWS has given to “how do I keep pod permissions narrow without creating a dozen roles?” The answer is simple:...
AWS made the control question explicit in April 2026: when an AI agent touches AWS, which IAM principal is actually acting? That is the part people skip, and it is...
The problem: your application team needs to create IAM roles for their Lambda functions and ECS tasks. You can give them iam:CreateRole and related permissions, but then they can create...
The standard AWS multi-account setup has a tools account for CI/CD, separate accounts for dev/staging/prod, a security audit account, and maybe a shared services account for internal tooling. Getting code...
In 2021, GitHub released OIDC support for Actions — and quietly made static AWS access keys in CI/CD pipelines obsolete. The old approach required storing AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY as GitHub...
When three teams share a single AWS account and all call Bedrock, figuring out who spent what requires more than just looking at the monthly bill. The “Amazon Bedrock” line...
A tweet with 52,894 impressions last September put it plainly: “master IAM roles and policies” was the single skill that separated AWS beginners from people who could actually build in...
AWS renamed AWS Single Sign-On to IAM Identity Center in 2022, which confused a lot of people who were still searching for “AWS SSO” in the console. The name changed;...
AWS renamed AWS Single Sign-On to IAM Identity Center in 2022, which confused a lot of people who were still searching for “AWS SSO” in the console. The name changed;...
AWS renamed AWS Single Sign-On to IAM Identity Center in 2022, which confused a lot of people who were still searching for “AWS SSO” in the console. The name changed;...
Most AWS teams start with one account. They create IAM users, attach policies, and eventually have a mess of permissions nobody fully understands. Then they start a second account for...
AWS renamed AWS Single Sign-On to IAM Identity Center in 2022, which confused a lot of people who were still searching for “AWS SSO” in the console. The name changed;...
AWS published the Security Hub Extended technical walkthrough on April 22, 2026, after announcing the multicloud expansion on March 10, 2026. The short version: Security Hub is becoming more than...
Inspector Classic (v1) required you to schedule scans, install an agent manually, and remember to run assessments after deployments. Inspector v2, launched in November 2021, works differently. Enable it once...
Inspector Classic (v1) required you to schedule scans, install an agent manually, and remember to run assessments after deployments. Inspector v2, launched in November 2021, works differently. Enable it once...
Amazon MSK (Managed Streaming for Apache Kafka) runs Apache Kafka on AWS without you managing ZooKeeper, broker upgrades, or disk provisioning. You get standard Kafka — same protocol, same client...
Kinesis is four distinct services that AWS bundles under one name, which creates genuine confusion. Kinesis Data Streams is a durable ordered log — producers write records, multiple consumers read...
When a fintech company discovered in late 2023 that 14 months of customer transaction exports — including names, account numbers, and partial SSNs — had been sitting in a public...
When a fintech company discovered in late 2023 that 14 months of customer transaction exports — including names, account numbers, and partial SSNs — had been sitting in a public...
When a fintech company discovered in late 2023 that 14 months of customer transaction exports — including names, account numbers, and partial SSNs — had been sitting in a public...
Amazon MSK (Managed Streaming for Apache Kafka) runs Apache Kafka on AWS without you managing ZooKeeper, broker upgrades, or disk provisioning. You get standard Kafka — same protocol, same client...
Kafka vs Apache Pulsar is no longer a simple “streaming log versus cloud-native queue” debate. That shortcut used to be useful, but it is now too shallow for real platform...
Amazon MSK (Managed Streaming for Apache Kafka) runs Apache Kafka on AWS without you managing ZooKeeper, broker upgrades, or disk provisioning. You get standard Kafka — same protocol, same client...
Most AWS teams start with one account. They create IAM users, attach policies, and eventually have a mess of permissions nobody fully understands. Then they start a second account for...
Most AWS teams start with one account. They create IAM users, attach policies, and eventually have a mess of permissions nobody fully understands. Then they start a second account for...
AWS shipped Bedrock Guardrails cross-account enforcement on April 3, 2026, and this is exactly the kind of feature security teams ask for after the first wave of internal AI pilots...
On April 9, 2026, AWS launched AWS Agent Registry in preview inside Amazon Bedrock AgentCore. That launch matters because most teams are no longer struggling with a single agent demo....
Most AWS teams start with one account. They create IAM users, attach policies, and eventually have a mess of permissions nobody fully understands. Then they start a second account for...
AWS DevOps Agent is useful until it has to talk to something that sits behind a private subnet. Then the architecture problem is no longer about prompts or models. It...
The default path for a private EC2 instance to reach an AWS service like S3, Secrets Manager, or SSM is through a NAT gateway — $0.045/hour plus $0.045 per GB...
If your application serves users around the world, running everything in a single AWS region just doesn’t cut it anymore. Users in Tokyo shouldn’t have to wait 300 milliseconds for...
Most engineers use Route 53 for one thing: create an A record pointing to a load balancer and move on. But Route 53 has seven routing policies, each solving a...
Most engineers use Route 53 for one thing: create an A record pointing to a load balancer and move on. But Route 53 has seven routing policies, each solving a...
The biggest bill shock teams get on AWS isn’t from accidental services left running or an exposed S3 bucket. It’s from paying On-Demand rates for workloads that run 24/7. A...
The biggest bill shock teams get on AWS isn’t from accidental services left running or an exposed S3 bucket. It’s from paying On-Demand rates for workloads that run 24/7. A...
Terraform 1.10 introduced ephemeral resources, and the feature matters for one reason above all others: it gives Terraform a way to work with temporary or sensitive data without persisting that...
I learned the hard way that static credentials are ticking time bombs. A contractor leaves, a key leaks through a misconfigured S3 bucket policy, a developer accidentally commits a .env...
AWS published the Security Hub Extended technical walkthrough on April 22, 2026, after announcing the multicloud expansion on March 10, 2026. The short version: Security Hub is becoming more than...
PCI DSS on EKS is not one control. It is a set of controls that have to line up: network inspection, identity, logging, and evidence retention. AWS’s April 2026 guidance...
Security Hub changed twice in quick succession. On February 26, 2026, AWS launched Security Hub Extended as a pay-as-you-go plan for partner solutions. On March 31, 2026, CloudWatch started ingesting...
The average AWS account running production workloads generates findings from at least four different security services: GuardDuty for threat detection, Inspector for vulnerability scanning, Config for compliance drift, and IAM...
The average AWS account running production workloads generates findings from at least four different security services: GuardDuty for threat detection, Inspector for vulnerability scanning, Config for compliance drift, and IAM...
Every bastion host in your architecture is a maintenance burden and an attack surface. You need to keep the AMI patched, manage SSH keys across the team, control security group...
Every bastion host in your architecture is a maintenance burden and an attack surface. You need to keep the AMI patched, manage SSH keys across the team, control security group...
AWS Lambda Durable Functions change a decision that used to be almost automatic. For years, if a serverless workflow needed to wait, retry, branch, call several services, or survive failure,...
Step Functions launched in 2016 as a way to sequence Lambda functions without writing glue code. Seven years later, it has grown into something considerably more powerful: 220+ AWS service...
Step Functions launched in 2016 as a way to sequence Lambda functions without writing glue code. Seven years later, it has grown into something considerably more powerful: 220+ AWS service...
AWS Client VPN can now attach natively to AWS Transit Gateway. AWS announced the integration on April 23, 2026, and the practical impact is straightforward: remote users can reach multiple...
The simplest way to ruin network security is to let every VPC invent its own firewall story. The cleaner pattern is still centralized inspection: one inspection VPC, one firewall policy...
AWS did not make Cloud WAN interesting by adding another dashboard. It made Cloud WAN interesting by letting you control the routes themselves. On November 20, 2025, AWS launched Cloud...
At five VPCs, full-mesh VPC peering starts to feel manageable. At ten it’s annoying. At twenty, you have 190 peering connections to maintain, each with its own route table entries,...
AWS WAF v2 launched in 2019 and the original WAF Classic is end-of-life — migration ended November 2024. If you’re still on Classic, those web ACLs are frozen. This guide...
AWS WAF v2 launched in 2019 and the original WAF Classic is end-of-life — migration ended November 2024. If you’re still on Classic, those web ACLs are frozen. This guide...
X-Ray answers the question that CloudWatch logs and metrics can’t: why is this specific request slow? Logs tell you something happened. Metrics tell you how often. X-Ray tells you exactly...
X-Ray answers the question that CloudWatch logs and metrics can’t: why is this specific request slow? Logs tell you something happened. Metrics tell you how often. X-Ray tells you exactly...
On April 2, 2026, AWS expanded Amazon CloudWatch auto-enablement so teams can automatically configure telemetry for Amazon CloudFront Standard access logs, AWS Security Hub CSPM finding logs, and Amazon Bedrock...
On April 22, 2026, AWS added a set of Amazon Bedrock AgentCore features that changes the early developer workflow more than the runtime architecture. The update is not just “more...
On March 10, 2026, AWS added stateful MCP server features to Amazon Bedrock AgentCore Runtime. If you only read the headline, it sounds like a protocol update. It is more...
On April 9, 2026, AWS launched AWS Agent Registry in preview inside Amazon Bedrock AgentCore. That launch matters because most teams are no longer struggling with a single agent demo....
AWS made Amazon Bedrock AgentCore Evaluations generally available on March 31, 2026. That launch matters because it answers the first serious production question every agent team eventually hits: how do...
Amazon Bedrock AgentCore got two features in March 2026 that matter far more than the marketing language around them. On March 17, 2026, AWS launched shell command execution in AgentCore...
On February 24, 2026, AWS announced server-side tool execution for Amazon Bedrock through Amazon Bedrock AgentCore Gateway integration with the Responses API. That launch changes a stubborn problem in agent...
On March 13, 2026, AWS announced that Amazon Bedrock AgentCore Runtime now supports the Agent-User Interaction protocol, better known as AG-UI. That is more important than it sounds. Most agent...
On March 13, 2026, AWS announced that Amazon Bedrock AgentCore Runtime now supports the Agent-User Interaction protocol, better known as AG-UI. That is more important than it sounds. Most agent...
On March 13, 2026, AWS announced that Amazon Bedrock AgentCore Runtime now supports the Agent-User Interaction protocol, better known as AG-UI. That is more important than it sounds. Most agent...
On February 24, 2026, AWS announced server-side tool execution for Amazon Bedrock through Amazon Bedrock AgentCore Gateway integration with the Responses API. That launch changes a stubborn problem in agent...
I’ve been using Terraform MCP for three months now, and it’s the most significant shift in how I interact with infrastructure since Terraform itself. That’s not hyperbole. I can ask...
AWS published its official MCP-on-ECS walkthrough on April 14, 2026. That matters because the runtime question is now the real question. Most teams no longer struggle with the idea of...
The AWS Knowledge MCP Server is the kind of infrastructure that becomes obvious only after you use it. It went generally available on October 1, 2025, and the pitch is...
AWS DevOps Agent is useful until it has to talk to something that sits behind a private subnet. Then the architecture problem is no longer about prompts or models. It...
AWS made the control question explicit in April 2026: when an AI agent touches AWS, which IAM principal is actually acting? That is the part people skip, and it is...
Java teams already have enough framework churn. Most of them are not looking for a new agent platform. They want to keep Spring Boot, add model access, expose a few...
On March 10, 2026, AWS added stateful MCP server features to Amazon Bedrock AgentCore Runtime. If you only read the headline, it sounds like a protocol update. It is more...
On April 9, 2026, AWS launched AWS Agent Registry in preview inside Amazon Bedrock AgentCore. That launch matters because most teams are no longer struggling with a single agent demo....
On February 24, 2026, AWS announced server-side tool execution for Amazon Bedrock through Amazon Bedrock AgentCore Gateway integration with the Responses API. That launch changes a stubborn problem in agent...
Training a custom Nova model on Bedrock costs less than you probably expect. A supervised fine-tuning job on roughly 5,000 conversation examples — enough data to meaningfully shift model behavior...
On April 28, 2026, Claude 3.7 Sonnet reached end-of-life on Amazon Bedrock. Calls to anthropic.claude-3-7-sonnet-20250219-v1:0 returned a ValidationException with the message “The provided model identifier is invalid.” No warning in...
At 1,000 multi-step requests per day, Bedrock Agents costs roughly $864/month. Running the same workload against Nova Pro directly with a custom orchestration layer costs about $137/month. That gap —...
At 1,000 multi-step requests per day, Bedrock Agents costs roughly $864/month. Running the same workload against Nova Pro directly with a custom orchestration layer costs about $137/month. That gap —...
At 1,000 multi-step requests per day, Bedrock Agents costs roughly $864/month. Running the same workload against Nova Pro directly with a custom orchestration layer costs about $137/month. That gap —...
Amazon Bedrock got a billing upgrade that matters more than it sounds. If several teams, applications, or engineers call the same model endpoints, the monthly bill used to tell you...
When three teams share a single AWS account and all call Bedrock, figuring out who spent what requires more than just looking at the monthly bill. The “Amazon Bedrock” line...
On April 28, 2026, Claude 3.7 Sonnet reached end-of-life on Amazon Bedrock. Calls to anthropic.claude-3-7-sonnet-20250219-v1:0 returned a ValidationException with the message “The provided model identifier is invalid.” No warning in...
On April 28, 2026, Claude 3.7 Sonnet reached end-of-life on Amazon Bedrock. Calls to anthropic.claude-3-7-sonnet-20250219-v1:0 returned a ValidationException with the message “The provided model identifier is invalid.” No warning in...
Training a custom Nova model on Bedrock costs less than you probably expect. A supervised fine-tuning job on roughly 5,000 conversation examples — enough data to meaningfully shift model behavior...
A Node.js application shipped as a Docker image with all development dependencies included: node_modules with Jest, ESLint, TypeScript compiler, and hundreds of transitive dev dependencies baked in. The image weighs...
DynamoDB Streams is the feature that turns DynamoDB from a storage layer into an event source. Every write to a table — every put, update, and delete — produces a...
EC2 Auto Scaling has been around since 2009, but teams still misconfigure it in ways that cost them money or reliability. The most common mistake: using simple scaling policies instead...
AWS EKS standard support ends 14 months after a Kubernetes version’s upstream release. Extended support adds another 12 months but costs $0.60 per cluster per hour on top of normal...
AWS EKS standard support ends 14 months after a Kubernetes version’s upstream release. Extended support adds another 12 months but costs $0.60 per cluster per hour on top of normal...
Karpenter hit v1.0 in late 2024, and for most EKS clusters it’s now the better choice over Cluster Autoscaler. The performance difference alone is enough to justify the switch: Cluster...
I still remember the day our monitoring dashboard went red. We had a critical batch processing system running on EKS, and the SQS queue was backing up fast—messages were accumulating...
Karpenter hit v1.0 in late 2024, and for most EKS clusters it’s now the better choice over Cluster Autoscaler. The performance difference alone is enough to justify the switch: Cluster...
Kubernetes v1.36 makes fine-grained kubelet API authorization generally available. That sounds dry. It is not. It is the upstream answer to a nasty old habit: granting monitoring agents nodes/proxy because...
The aws-auth ConfigMap was never a good idea. It’s a plain Kubernetes ConfigMap in the kube-system namespace — editable by anyone with cluster-admin, no audit trail, no AWS-native access controls,...
Our team spent three weeks in a conference room with bad coffee and two GitOps tools fighting for the same EKS cluster. We had ArgoCD running in staging already. It...
HashiCorp switched Terraform to the Business Source License in August 2023. Within weeks, the OpenTofu fork was announced under the Linux Foundation, accepted as a CNCF project, and had a...
When HashiCorp changed Terraform’s license in August 2023, it forced a reckoning across the infrastructure-as-code community. The shift to the Business Source License (BSL) sent shockwaves through organizations that had...
HashiCorp switched Terraform to the Business Source License in August 2023. Within weeks, the OpenTofu fork was announced under the Linux Foundation, accepted as a CNCF project, and had a...
Both platforms started at essentially the same place and have converged to a point where the pipeline YAML looks almost identical. The real differences are in pricing model, ecosystem integration,...
The manual Terraform workflow — terraform plan on your laptop, peer-review the output in Slack, terraform apply if it looks right — breaks down around the time your team hits...
In 2021, GitHub released OIDC support for Actions — and quietly made static AWS access keys in CI/CD pipelines obsolete. The old approach required storing AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY as GitHub...
The worst secret in your platform is the one that exists only because the previous secret could not be trusted. That is how teams end up with GitLab variables that...
In 2021, GitHub released OIDC support for Actions — and quietly made static AWS access keys in CI/CD pipelines obsolete. The old approach required storing AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY as GitHub...
GitLab’s monorepo docs are blunt about it: long pipelines are expensive, and the cure is to stop running work you do not need. That sounds obvious until you look at...
Both platforms started at essentially the same place and have converged to a point where the pipeline YAML looks almost identical. The real differences are in pricing model, ecosystem integration,...
At some point in every GitLab CI/CD setup, the single shared runner stops being enough. Backend tests queue behind someone’s slow frontend build. GPU jobs wait on the same runner...
Helm is the package manager for Kubernetes. Raw YAML manifests work fine for a single deployment in one environment. Once you need the same application in staging, production, and three...
I’ve spent the last three months using both GitHub Copilot and Kiro on actual DevOps work. Not toy examples. Not “write a hello world Lambda.” Real infrastructure code: Terraform modules...
AWS launched Kiro on July 14, 2025. It’s an agentic IDE built on Code OSS (the open-source foundation of VS Code) and it makes a specific bet: the biggest problem...
I’ve spent the last three months using both GitHub Copilot and Kiro on actual DevOps work. Not toy examples. Not “write a hello world Lambda.” Real infrastructure code: Terraform modules...
AWS launched Kiro on July 14, 2025. It’s an agentic IDE built on Code OSS (the open-source foundation of VS Code) and it makes a specific bet: the biggest problem...
AWS launched Kiro on July 14, 2025. It’s an agentic IDE built on Code OSS (the open-source foundation of VS Code) and it makes a specific bet: the biggest problem...
The Kubernetes project announced Gateway API v1.5 on April 21, 2026, after cutting the release on March 14. That timing matters because this one is not just another incremental networking...
Kubernetes is finally getting serious about the parts of AI systems that do not fit a normal Deployment. On March 9, 2026, the Kubernetes community announced the AI Gateway Working...
ingress-nginx is End of Life. CVE-2026-4342 — a configuration injection vulnerability enabling potential code execution — was disclosed in April 2026 against all versions below v1.13.9, v1.14.5, and v1.15.1. The...
ingress-nginx is End of Life. CVE-2026-4342 — a configuration injection vulnerability enabling potential code execution — was disclosed in April 2026 against all versions below v1.13.9, v1.14.5, and v1.15.1. The...
Kubernetes v1.36 shipped April 22, 2026, with 64 enhancements across the release: 17 graduating to stable, 18 moving to beta, and 24 entering alpha. The headline is sidecar containers reaching...
Kubernetes v1.36 shipped April 22, 2026, with 64 enhancements across the release: 17 graduating to stable, 18 moving to beta, and 24 entering alpha. The headline is sidecar containers reaching...
Kubernetes v1.36 shipped April 22, 2026, with 64 enhancements across the release: 17 graduating to stable, 18 moving to beta, and 24 entering alpha. The headline is sidecar containers reaching...
Kubernetes RBAC controls who can do what, but it doesn’t control whether the things they do are safe. A developer with namespace-level deploy access can create a Pod without resource...
Kubernetes RBAC controls who can do what, but it doesn’t control whether the things they do are safe. A developer with namespace-level deploy access can create a Pod without resource...
LocalStack built something genuinely useful. A local emulator for AWS services that let you test Lambdas, S3 buckets, SQS queues, and DynamoDB tables without touching a real AWS account. For...
LocalStack built something genuinely useful. A local emulator for AWS services that let you test Lambdas, S3 buckets, SQS queues, and DynamoDB tables without touching a real AWS account. For...
LocalStack built something genuinely useful. A local emulator for AWS services that let you test Lambdas, S3 buckets, SQS queues, and DynamoDB tables without touching a real AWS account. For...
Kubernetes v1.36 makes fine-grained kubelet API authorization generally available. That sounds dry. It is not. It is the upstream answer to a nasty old habit: granting monitoring agents nodes/proxy because...
I’ve run all three in production. Not in a lab, not in a POC that got abandoned after two weeks. Datadog on a fleet of 200 ECS services. CloudWatch on...
The kube-prometheus-stack Helm chart installs Prometheus, Alertmanager, Grafana, and a collection of default Kubernetes dashboards in about five minutes. That’s the fastest path to useful EKS monitoring. The harder part...
I’ve run all three in production. Not in a lab, not in a POC that got abandoned after two weeks. Datadog on a fleet of 200 ECS services. CloudWatch on...
The kube-prometheus-stack Helm chart installs Prometheus, Alertmanager, Grafana, and a collection of default Kubernetes dashboards in about five minutes. That’s the fastest path to useful EKS monitoring. The harder part...
Terraform workspaces seemed like the solution to multi-environment management — one configuration, many states. Then teams discovered the problems: workspace sprawl, no isolation between environments at the module level, and...
Terraform workspaces seemed like the solution to multi-environment management — one configuration, many states. Then teams discovered the problems: workspace sprawl, no isolation between environments at the module level, and...
AWS DevOps Agent is useful until it has to talk to something that sits behind a private subnet. Then the architecture problem is no longer about prompts or models. It...
Amazon ECS Service Connect and Amazon VPC Lattice both improve service-to-service connectivity on AWS, but they do not solve the same boundary. Amazon ECS Service Connect launched on November 27,...
Amazon Bedrock AgentCore got two features in March 2026 that matter far more than the marketing language around them. On March 17, 2026, AWS launched shell command execution in AgentCore...
On March 1, 2024, AWS added hybrid search to Knowledge Bases for Amazon Bedrock for Amazon OpenSearch Serverless. On March 27, 2025, AWS added Amazon OpenSearch Managed Cluster as a...
AWS rolled out S3 Vectors in preview on July 15, 2025. Google put Gemini File Search into public preview on November 6, 2025. That changed the retrieval conversation. A year...
On March 1, 2024, AWS added hybrid search to Knowledge Bases for Amazon Bedrock for Amazon OpenSearch Serverless. On March 27, 2025, AWS added Amazon OpenSearch Managed Cluster as a...
AWS rolled out S3 Vectors in preview on July 15, 2025. Google put Gemini File Search into public preview on November 6, 2025. That changed the retrieval conversation. A year...
On March 1, 2024, AWS added hybrid search to Knowledge Bases for Amazon Bedrock for Amazon OpenSearch Serverless. On March 27, 2025, AWS added Amazon OpenSearch Managed Cluster as a...
EKS Auto Mode removes a lot of node and load balancer work, but it does not remove networking decisions. The April 2026 networking post makes that clear: Auto Mode automatically...
AWS announced Amazon EKS Auto Mode on December 1, 2024. The deeper “under the hood” explanation followed on March 31, 2025. On February 10, 2026, AWS added CloudWatch Vended Logs...
On March 10, 2026, AWS added stateful MCP server features to Amazon Bedrock AgentCore Runtime. If you only read the headline, it sounds like a protocol update. It is more...
AWS rolled out S3 Vectors in preview on July 15, 2025. Google put Gemini File Search into public preview on November 6, 2025. That changed the retrieval conversation. A year...
AWS rolled out S3 Vectors in preview on July 15, 2025. Google put Gemini File Search into public preview on November 6, 2025. That changed the retrieval conversation. A year...
AWS rolled out S3 Vectors in preview on July 15, 2025. Google put Gemini File Search into public preview on November 6, 2025. That changed the retrieval conversation. A year...
Java teams already have enough framework churn. Most of them are not looking for a new agent platform. They want to keep Spring Boot, add model access, expose a few...
On April 28, 2026, AWS announced something that changes the enterprise AI architecture conversation: OpenAI models, Codex on Amazon Bedrock, and Amazon Bedrock Managed Agents powered by OpenAI are coming...
AWS published Bedrock trust-and-safety guidance on April 29, 2026, and two numbers should catch every AI platform team’s attention: AWS cites an 82% improvement in employee trust when organizations communicate...
I have lost count of how many times someone told me voice was “finally here.” Siri let us down. Alexa hit a wall. Google Assistant got folded into something else...
Java teams already have enough framework churn. Most of them are not looking for a new agent platform. They want to keep Spring Boot, add model access, expose a few...
AWS launched Amazon Bio Discovery on April 14, 2026. What stood out to me was simple: AWS did not ship a generic model endpoint for biotech teams. It shipped a...
AWS launched Amazon Bio Discovery on April 14, 2026. What stood out to me was simple: AWS did not ship a generic model endpoint for biotech teams. It shipped a...
AWS launched Amazon Bio Discovery on April 14, 2026. What stood out to me was simple: AWS did not ship a generic model endpoint for biotech teams. It shipped a...
AWS launched Amazon Bio Discovery on April 14, 2026. What stood out to me was simple: AWS did not ship a generic model endpoint for biotech teams. It shipped a...
On April 14, 2026, AWS took a part of network architecture that usually lives in email threads, partner tickets, and hand-built BGP configs and turned it into a product in...
On April 14, 2026, AWS took a part of network architecture that usually lives in email threads, partner tickets, and hand-built BGP configs and turned it into a product in...
AWS published the Security Hub Extended technical walkthrough on April 22, 2026, after announcing the multicloud expansion on March 10, 2026. The short version: Security Hub is becoming more than...
On April 14, 2026, AWS took a part of network architecture that usually lives in email threads, partner tickets, and hand-built BGP configs and turned it into a product in...
On April 14, 2026, AWS took a part of network architecture that usually lives in email threads, partner tickets, and hand-built BGP configs and turned it into a product in...
EKS Auto Mode removes a lot of node and load balancer work, but it does not remove networking decisions. The April 2026 networking post makes that clear: Auto Mode automatically...
AWS did not make Cloud WAN interesting by adding another dashboard. It made Cloud WAN interesting by letting you control the routes themselves. On November 20, 2025, AWS launched Cloud...
AWS did not make Cloud WAN interesting by adding another dashboard. It made Cloud WAN interesting by letting you control the routes themselves. On November 20, 2025, AWS launched Cloud...
Security Hub changed twice in quick succession. On February 26, 2026, AWS launched Security Hub Extended as a pay-as-you-go plan for partner solutions. On March 31, 2026, CloudWatch started ingesting...
AWS keeps pushing Amazon EKS deeper into AI infrastructure for a reason: it scales, it is familiar, and it already sits in a lot of enterprise networking and identity stacks....
AWS keeps pushing Amazon EKS deeper into AI infrastructure for a reason: it scales, it is familiar, and it already sits in a lot of enterprise networking and identity stacks....
The simplest way to ruin network security is to let every VPC invent its own firewall story. The cleaner pattern is still centralized inspection: one inspection VPC, one firewall policy...
Our monorepo pipeline used to take 15 minutes. Every commit ran tests for the API, the background worker, and the frontend — in sequence, regardless of what changed. A one-line...
GitLab’s monorepo docs are blunt about it: long pipelines are expensive, and the cure is to stop running work you do not need. That sounds obvious until you look at...
GitLab’s monorepo docs are blunt about it: long pipelines are expensive, and the cure is to stop running work you do not need. That sounds obvious until you look at...
The worst secret in your platform is the one that exists only because the previous secret could not be trusted. That is how teams end up with GitLab variables that...
The worst secret in your platform is the one that exists only because the previous secret could not be trusted. That is how teams end up with GitLab variables that...
Kubernetes is finally getting serious about the parts of AI systems that do not fit a normal Deployment. On March 9, 2026, the Kubernetes community announced the AI Gateway Working...
Docker’s March 2026 security push is not subtle. The company said over a quarter of production code is now AI-authored, and that developers using agents are merging roughly 60% more...
Docker’s April 14, 2026 update on Hardened Images included a few numbers that are hard to ignore: more than 500,000 daily pulls, more than 25,000 continuously patched OS-level artifacts, and...
Think of security scanning that runs after deployment like an autopsy. You figure out what went wrong, but the damage is done. The vulnerabilities were already live in production. Somebody...
Docker’s March 2026 security push is not subtle. The company said over a quarter of production code is now AI-authored, and that developers using agents are merging roughly 60% more...
On April 23, 2026, Docker published details on two Docker Hub supply-chain compromises that hit common security scanners: Trivy first, then Checkmarx KICS. The KICS incident was especially uncomfortable for...
Docker’s March 2026 security push is not subtle. The company said over a quarter of production code is now AI-authored, and that developers using agents are merging roughly 60% more...
Cluster lifecycle work is usually where platform engineering gets less glamorous and more expensive. Creating a cluster is the easy part. Upgrading it across minor versions, changing rollout behavior without...
Cluster lifecycle work is usually where platform engineering gets less glamorous and more expensive. Creating a cluster is the easy part. Upgrading it across minor versions, changing rollout behavior without...
Cluster lifecycle work is usually where platform engineering gets less glamorous and more expensive. Creating a cluster is the easy part. Upgrading it across minor versions, changing rollout behavior without...
Docker’s April 14, 2026 update on Hardened Images included a few numbers that are hard to ignore: more than 500,000 daily pulls, more than 25,000 continuously patched OS-level artifacts, and...
Image supply-chain security usually breaks in the dullest place possible: the registry stores the image, but the signature or SBOM lives somewhere else. Amazon ECR fixed that split in April...
Image supply-chain security usually breaks in the dullest place possible: the registry stores the image, but the signature or SBOM lives somewhere else. Amazon ECR fixed that split in April...
Image supply-chain security usually breaks in the dullest place possible: the registry stores the image, but the signature or SBOM lives somewhere else. Amazon ECR fixed that split in April...
Lambda Managed Instances is the first Lambda variant that makes the question “should this be serverless or just EC2?” worth asking again. AWS now runs the function on current-generation EC2...
CloudWatch’s cross-region telemetry rules are the kind of release that saves a security team from repeating the same setup in every region by hand. On April 16, 2026, AWS added...
EKS Pod Identity session policies are the first practical answer AWS has given to “how do I keep pod permissions narrow without creating a dozen roles?” The answer is simple:...
EKS Auto Mode removes a lot of node and load balancer work, but it does not remove networking decisions. The April 2026 networking post makes that clear: Auto Mode automatically...
PCI DSS on EKS is not one control. It is a set of controls that have to line up: network inspection, identity, logging, and evidence retention. AWS’s April 2026 guidance...
AES-GCM has real limits, and most teams only discover them after a key has been used far longer than they planned. AWS KMS and the AWS Encryption SDK exist partly...
AES-GCM has real limits, and most teams only discover them after a key has been used far longer than they planned. AWS KMS and the AWS Encryption SDK exist partly...
The AWS Knowledge MCP Server is the kind of infrastructure that becomes obvious only after you use it. It went generally available on October 1, 2025, and the pitch is...
The AWS Knowledge MCP Server is the kind of infrastructure that becomes obvious only after you use it. It went generally available on October 1, 2025, and the pitch is...
Security teams are basically drowning in logs at this point. CloudTrail events pouring in from 47 AWS accounts, VPC Flow Logs from hundreds of subnets, GuardDuty findings stacked up across...
Security teams are basically drowning in logs at this point. CloudTrail events pouring in from 47 AWS accounts, VPC Flow Logs from hundreds of subnets, GuardDuty findings stacked up across...
Security teams are basically drowning in logs at this point. CloudTrail events pouring in from 47 AWS accounts, VPC Flow Logs from hundreds of subnets, GuardDuty findings stacked up across...
Security teams are basically drowning in logs at this point. CloudTrail events pouring in from 47 AWS accounts, VPC Flow Logs from hundreds of subnets, GuardDuty findings stacked up across...
Security teams are basically drowning in logs at this point. CloudTrail events pouring in from 47 AWS accounts, VPC Flow Logs from hundreds of subnets, GuardDuty findings stacked up across...
Migrating a production database without taking the application offline is one of the most nerve-wracking challenges in modern engineering. The stakes are high: every minute of downtime costs revenue, erodes...
Migrating a production database without taking the application offline is one of the most nerve-wracking challenges in modern engineering. The stakes are high: every minute of downtime costs revenue, erodes...
Migrating a production database without taking the application offline is one of the most nerve-wracking challenges in modern engineering. The stakes are high: every minute of downtime costs revenue, erodes...
Migrating a production database without taking the application offline is one of the most nerve-wracking challenges in modern engineering. The stakes are high: every minute of downtime costs revenue, erodes...
Migrating a production database without taking the application offline is one of the most nerve-wracking challenges in modern engineering. The stakes are high: every minute of downtime costs revenue, erodes...
Production systems fail. Not “if” but “when.” Your database primary crashes at 3 AM, an Availability Zone goes dark right in the middle of peak traffic, or a misconfigured IAM...
Production systems fail. Not “if” but “when.” Your database primary crashes at 3 AM, an Availability Zone goes dark right in the middle of peak traffic, or a misconfigured IAM...
On April 29, 2026, CloudFront got a feature I have wanted for years: native cache invalidation by tag. AWS says tag invalidations become effective in under 5 seconds at P95...
Production systems fail. Not “if” but “when.” Your database primary crashes at 3 AM, an Availability Zone goes dark right in the middle of peak traffic, or a misconfigured IAM...
April 30, 2026 is the date that matters if your AWS account has not already adopted Amazon Application Recovery Controller readiness checks. AWS says the readiness check feature will no...
Production systems fail. Not “if” but “when.” Your database primary crashes at 3 AM, an Availability Zone goes dark right in the middle of peak traffic, or a misconfigured IAM...
Most teams have a disaster recovery plan. Far fewer have actually tested theirs. The gap between writing a runbook and executing one under real pressure is exactly where production outages...
Most teams have a disaster recovery plan. Far fewer have actually tested theirs. The gap between writing a runbook and executing one under real pressure is exactly where production outages...
Most teams have a disaster recovery plan. Far fewer have actually tested theirs. The gap between writing a runbook and executing one under real pressure is exactly where production outages...
Most teams have a disaster recovery plan. Far fewer have actually tested theirs. The gap between writing a runbook and executing one under real pressure is exactly where production outages...
Most teams have a disaster recovery plan. Far fewer have actually tested theirs. The gap between writing a runbook and executing one under real pressure is exactly where production outages...
Most teams have a disaster recovery plan. Far fewer have actually tested theirs. The gap between writing a runbook and executing one under real pressure is exactly where production outages...
I’ve watched teams build gorgeous Kubernetes clusters on EKS, then basically shrug at container security. The cluster runs great, pipelines are solid, autoscaling hums along – and then someone actually...
On April 23, 2026, Docker published details on two Docker Hub supply-chain compromises that hit common security scanners: Trivy first, then Checkmarx KICS. The KICS incident was especially uncomfortable for...
I’ve watched teams build gorgeous Kubernetes clusters on EKS, then basically shrug at container security. The cluster runs great, pipelines are solid, autoscaling hums along – and then someone actually...
I’ve watched teams build gorgeous Kubernetes clusters on EKS, then basically shrug at container security. The cluster runs great, pipelines are solid, autoscaling hums along – and then someone actually...
I’ve watched teams build gorgeous Kubernetes clusters on EKS, then basically shrug at container security. The cluster runs great, pipelines are solid, autoscaling hums along – and then someone actually...
Think of security scanning that runs after deployment like an autopsy. You figure out what went wrong, but the damage is done. The vulnerabilities were already live in production. Somebody...
Think of security scanning that runs after deployment like an autopsy. You figure out what went wrong, but the damage is done. The vulnerabilities were already live in production. Somebody...
Think of security scanning that runs after deployment like an autopsy. You figure out what went wrong, but the damage is done. The vulnerabilities were already live in production. Somebody...
Think of security scanning that runs after deployment like an autopsy. You figure out what went wrong, but the damage is done. The vulnerabilities were already live in production. Somebody...
AWS App Mesh officially reached its end of life on March 31, 2026. So if you’re still running microservices on EKS with App Mesh, you’re overdue for a migration plan....
The Kubernetes project announced Gateway API v1.5 on April 21, 2026, after cutting the release on March 14. That timing matters because this one is not just another incremental networking...
AWS App Mesh officially reached its end of life on March 31, 2026. So if you’re still running microservices on EKS with App Mesh, you’re overdue for a migration plan....
AWS App Mesh officially reached its end of life on March 31, 2026. So if you’re still running microservices on EKS with App Mesh, you’re overdue for a migration plan....
AWS App Mesh officially reached its end of life on March 31, 2026. So if you’re still running microservices on EKS with App Mesh, you’re overdue for a migration plan....
We’ve all been there – someone on the team asks, “Should we use Kubernetes or serverless for this?” and the room splits into two camps. But here’s the thing: by...
Three years ago I watched a company spend $2.4 million and eleven months building a “cloud-agnostic” platform that ran equally on AWS, Azure, and GCP. The CTO sold the board...
We’ve all been there – someone on the team asks, “Should we use Kubernetes or serverless for this?” and the room splits into two camps. But here’s the thing: by...
You do not know your system’s limits until you hit them in production. That sentence costs companies real money every quarter. I have seen teams ship to production with nothing...
You do not know your system’s limits until you hit them in production. That sentence costs companies real money every quarter. I have seen teams ship to production with nothing...
You do not know your system’s limits until you hit them in production. That sentence costs companies real money every quarter. I have seen teams ship to production with nothing...
You do not know your system’s limits until you hit them in production. That sentence costs companies real money every quarter. I have seen teams ship to production with nothing...
If your application serves users around the world, running everything in a single AWS region just doesn’t cut it anymore. Users in Tokyo shouldn’t have to wait 300 milliseconds for...
If your application serves users around the world, running everything in a single AWS region just doesn’t cut it anymore. Users in Tokyo shouldn’t have to wait 300 milliseconds for...
If your application serves users around the world, running everything in a single AWS region just doesn’t cut it anymore. Users in Tokyo shouldn’t have to wait 300 milliseconds for...
If your application serves users around the world, running everything in a single AWS region just doesn’t cut it anymore. Users in Tokyo shouldn’t have to wait 300 milliseconds for...
Every ML team I talk to faces the same question in 2026: should you train your models on AWS’s custom Trainium3 silicon or stick with NVIDIA’s H100 GPUs? The answer...
Every ML team I talk to faces the same question in 2026: should you train your models on AWS’s custom Trainium3 silicon or stick with NVIDIA’s H100 GPUs? The answer...
I have lost count of how many times someone told me voice was “finally here.” Siri let us down. Alexa hit a wall. Google Assistant got folded into something else...
I have lost count of how many times someone told me voice was “finally here.” Siri let us down. Alexa hit a wall. Google Assistant got folded into something else...
AWS put a date on Copilot’s decline on March 6, 2026: support ends June 12, 2026. That gives teams barely a quarter to stop treating Copilot as a safe default....
AWS published Bedrock trust-and-safety guidance on April 29, 2026, and two numbers should catch every AI platform team’s attention: AWS cites an 82% improvement in employee trust when organizations communicate...
AWS has set an important cutoff for Amazon Comprehend users: topic modeling, event detection, and prompt safety classification stop being available to new customers on April 30, 2026. Existing AWS...
AWS shipped Bedrock Guardrails cross-account enforcement on April 3, 2026, and this is exactly the kind of feature security teams ask for after the first wave of internal AI pilots...
AWS shipped Bedrock Guardrails cross-account enforcement on April 3, 2026, and this is exactly the kind of feature security teams ask for after the first wave of internal AI pilots...
AWS shipped Bedrock Guardrails cross-account enforcement on April 3, 2026, and this is exactly the kind of feature security teams ask for after the first wave of internal AI pilots...
The Kubernetes project announced Gateway API v1.5 on April 21, 2026, after cutting the release on March 14. That timing matters because this one is not just another incremental networking...
Amazon ECS Express Mode launched on November 21, 2025. At first it looked like just another convenience layer on top of ECS. Five months later, it looks like something more...
On March 31, 2026, AWS said App Runner will stop accepting new customers on April 30, 2026. Existing App Runner customers can keep using the service, create new App Runner...
Amazon EKS Hybrid Nodes has been generally available since December 1, 2024, but the February 24, 2026 AWS containers post made the feature a lot more practical by showing a...
Amazon EKS Hybrid Nodes has been generally available since December 1, 2024, but the February 24, 2026 AWS containers post made the feature a lot more practical by showing a...
AWS added CloudTrail Lake to its March 31, 2026 service availability update and said CloudTrail Lake will stop accepting new customers on May 31, 2026. Existing customers can continue to...
If you are still reaching for null_resource every time Terraform needs a lifecycle container for a command, you are carrying an older habit into a newer Terraform world. HashiCorp introduced...
If you are still reaching for null_resource every time Terraform needs a lifecycle container for a command, you are carrying an older habit into a newer Terraform world. HashiCorp introduced...
If you are still reaching for null_resource every time Terraform needs a lifecycle container for a command, you are carrying an older habit into a newer Terraform world. HashiCorp introduced...
Terraform 1.10 introduced ephemeral resources, and the feature matters for one reason above all others: it gives Terraform a way to work with temporary or sensitive data without persisting that...
Terraform 1.10 introduced ephemeral resources, and the feature matters for one reason above all others: it gives Terraform a way to work with temporary or sensitive data without persisting that...
AWS CLI v1 enters maintenance mode on July 15, 2026 and reaches end of support on July 15, 2027. AWS said scripts and workflows made for CLI v1 should continue...
On April 23, 2026, Docker published details on two Docker Hub supply-chain compromises that hit common security scanners: Trivy first, then Checkmarx KICS. The KICS incident was especially uncomfortable for...
On April 20, 2026, AWS added seven Amazon EKS IAM condition keys that finally make several cluster standards enforceable before the cluster is created or changed. That date matters because...
Amazon SNS message data protection has a hard availability change on April 30, 2026. AWS says the feature will no longer be available to new customers after that date. Existing...
Amazon SNS message data protection has a hard availability change on April 30, 2026. AWS says the feature will no longer be available to new customers after that date. Existing...
AWS has set an important cutoff for Amazon Comprehend users: topic modeling, event detection, and prompt safety classification stop being available to new customers on April 30, 2026. Existing AWS...
AWS has set an important cutoff for Amazon Comprehend users: topic modeling, event detection, and prompt safety classification stop being available to new customers on April 30, 2026. Existing AWS...
AWS has set the same April 30, 2026 new-customer cutoff for two Amazon Rekognition capabilities: Streaming Video Analysis and Batch Image Content Moderation. Existing accounts that used the affected features...
AWS has set the same April 30, 2026 new-customer cutoff for two Amazon Rekognition capabilities: Streaming Video Analysis and Batch Image Content Moderation. Existing accounts that used the affected features...
Amazon EKS 1.30 reaches the end of extended support on July 23, 2026. If you still have production clusters on 1.30, the upgrade is no longer a “later this quarter”...
April 30, 2026 is the date that matters if your AWS account has not already adopted Amazon Application Recovery Controller readiness checks. AWS says the readiness check feature will no...
April 30, 2026 is the date that matters if your AWS account has not already adopted Amazon Application Recovery Controller readiness checks. AWS says the readiness check feature will no...
April 30, 2026 is the date that matters if your AWS account has not already adopted Amazon Application Recovery Controller readiness checks. AWS says the readiness check feature will no...
April 30, 2026 is the date that matters if your AWS account has not already adopted Amazon Application Recovery Controller readiness checks. AWS says the readiness check feature will no...
April 30, 2026 is the date that matters if your AWS account has not already adopted Amazon Application Recovery Controller readiness checks. AWS says the readiness check feature will no...
April 30, 2026 is the date that matters if your AWS account has not already adopted Amazon Application Recovery Controller readiness checks. AWS says the readiness check feature will no...
April 30, 2026 is the date that matters if your AWS account has not already adopted Amazon Application Recovery Controller readiness checks. AWS says the readiness check feature will no...
Amazon EKS 1.30 reaches the end of extended support on July 23, 2026. If you still have production clusters on 1.30, the upgrade is no longer a “later this quarter”...
Amazon EKS 1.30 reaches the end of extended support on July 23, 2026. If you still have production clusters on 1.30, the upgrade is no longer a “later this quarter”...
Amazon EKS 1.30 reaches the end of extended support on July 23, 2026. If you still have production clusters on 1.30, the upgrade is no longer a “later this quarter”...
Amazon EKS 1.30 reaches the end of extended support on July 23, 2026. If you still have production clusters on 1.30, the upgrade is no longer a “later this quarter”...
Amazon EKS 1.30 reaches the end of extended support on July 23, 2026. If you still have production clusters on 1.30, the upgrade is no longer a “later this quarter”...
The first time I tried managing 40 EC2 instances with a bash script and a for loop, I ended up with 12 servers running Nginx 1.18 and 28 running Nginx...
AWS Lambda Durable Functions change a decision that used to be almost automatic. For years, if a serverless workflow needed to wait, retry, branch, call several services, or survive failure,...
On April 21, 2026, AWS Lambda removed one of the dumbest pieces of plumbing in a lot of serverless code: the “download from S3, write to /tmp, process, upload to...
I once watched a team rotate a database password by editing a YAML file, pushing it to a private Git repo, and manually restarting three services. That worked right up...
I once watched a team rotate a database password by editing a YAML file, pushing it to a private Git repo, and manually restarting three services. That worked right up...
I spent a full Saturday afternoon in 2023 trying to figure out why a production EKS cluster was dropping packets between two namespaces. The pod-to-pod traffic should have worked –...
I spent a full Saturday afternoon in 2023 trying to figure out why a production EKS cluster was dropping packets between two namespaces. The pod-to-pod traffic should have worked –...
I spent a full Saturday afternoon in 2023 trying to figure out why a production EKS cluster was dropping packets between two namespaces. The pod-to-pod traffic should have worked –...
I spent a full Saturday afternoon in 2023 trying to figure out why a production EKS cluster was dropping packets between two namespaces. The pod-to-pod traffic should have worked –...
I spent a full Saturday afternoon in 2023 trying to figure out why a production EKS cluster was dropping packets between two namespaces. The pod-to-pod traffic should have worked –...
GitHub Copilot changes its billing model on June 1, 2026. Premium request units go away, GitHub AI Credits become the unit of usage, and the expensive part is no longer...
I’ve spent the last three months using both GitHub Copilot and Kiro on actual DevOps work. Not toy examples. Not “write a hello world Lambda.” Real infrastructure code: Terraform modules...
I spent my first year as a DevOps engineer doing the same thing every Friday: logging into the AWS console, finding EC2 instances that needed backups, creating snapshots manually, tagging...
I still remember the day our monitoring dashboard went red. We had a critical batch processing system running on EKS, and the SQS queue was backing up fast—messages were accumulating...
I’ve run all three in production. Not in a lab, not in a POC that got abandoned after two weeks. Datadog on a fleet of 200 ECS services. CloudWatch on...
I spent two years babysitting a Jenkins cluster that ran 1,200 pipelines across three EKS environments. Every month, something broke. A plugin update broke the Git plugin. The build agent...
Three years ago I watched a company spend $2.4 million and eleven months building a “cloud-agnostic” platform that ran equally on AWS, Azure, and GCP. The CTO sold the board...
Three years ago I watched a company spend $2.4 million and eleven months building a “cloud-agnostic” platform that ran equally on AWS, Azure, and GCP. The CTO sold the board...
Three years ago I watched a company spend $2.4 million and eleven months building a “cloud-agnostic” platform that ran equally on AWS, Azure, and GCP. The CTO sold the board...
I got a $5,200 AWS bill once. For a staging environment. On a project that was supposed to cost $800/month. The culprit? A developer ran a load test script against...
I got a $5,200 AWS bill once. For a staging environment. On a project that was supposed to cost $800/month. The culprit? A developer ran a load test script against...
I got a $5,200 AWS bill once. For a staging environment. On a project that was supposed to cost $800/month. The culprit? A developer ran a load test script against...
I got a $5,200 AWS bill once. For a staging environment. On a project that was supposed to cost $800/month. The culprit? A developer ran a load test script against...
Our team spent three weeks in a conference room with bad coffee and two GitOps tools fighting for the same EKS cluster. We had ArgoCD running in staging already. It...
I spent most of last year watching teams try to build AI agents from scratch. The common thread: they underestimated the infrastructure. Everyone focuses on the model choice, spends a...
CVE-2026-31431 is not the kind of Linux bug you leave for the next maintenance window. CERT-EU says Copy Fail was publicly disclosed on April 29, 2026, has a CVSS 3.1...
On April 29, 2026, CloudFront got a feature I have wanted for years: native cache invalidation by tag. AWS says tag invalidations become effective in under 5 seconds at P95...
GitHub Copilot changes its billing model on June 1, 2026. Premium request units go away, GitHub AI Credits become the unit of usage, and the expensive part is no longer...
Kubernetes v1.36 promotes User Namespaces to GA, and the important field is only two words: hostUsers: false. That setting lets a pod run with user namespace isolation so UID 0...
Kubernetes v1.36 makes fine-grained kubelet API authorization generally available. That sounds dry. It is not. It is the upstream answer to a nasty old habit: granting monitoring agents nodes/proxy because...
AWS Client VPN can now attach natively to AWS Transit Gateway. AWS announced the integration on April 23, 2026, and the practical impact is straightforward: remote users can reach multiple...
AWS published a practical IAM Identity Center session-tags walkthrough on April 28, 2026, and the pattern is worth copying: take attributes from Microsoft Entra ID, pass them through IAM Identity...
AWS published a practical IAM Identity Center session-tags walkthrough on April 28, 2026, and the pattern is worth copying: take attributes from Microsoft Entra ID, pass them through IAM Identity...
AWS published a practical IAM Identity Center session-tags walkthrough on April 28, 2026, and the pattern is worth copying: take attributes from Microsoft Entra ID, pass them through IAM Identity...
AWS published Bedrock trust-and-safety guidance on April 29, 2026, and two numbers should catch every AI platform team’s attention: AWS cites an 82% improvement in employee trust when organizations communicate...
Cloudflare released cf-terraforming tf-migrate on April 24, 2026, and the target audience is every team that looked at the Cloudflare Terraform provider v4 to v5 migration and quietly postponed it....
I used to instrument AWS services the hard way. AWS X-Ray SDK here, CloudWatch Logs there, custom metrics scattered across a dozen boto3 calls. Each service had its own observability...
I used to instrument AWS services the hard way. AWS X-Ray SDK here, CloudWatch Logs there, custom metrics scattered across a dozen boto3 calls. Each service had its own observability...
On April 28, 2026, AWS announced something that changes the enterprise AI architecture conversation: OpenAI models, Codex on Amazon Bedrock, and Amazon Bedrock Managed Agents powered by OpenAI are coming...
On April 28, 2026, AWS announced something that changes the enterprise AI architecture conversation: OpenAI models, Codex on Amazon Bedrock, and Amazon Bedrock Managed Agents powered by OpenAI are coming...
On January 29, 2026, AWS raised one of the quiet limits that shaped serverless architecture for years: asynchronous Lambda invocations, Amazon SQS messages, and Amazon EventBridge events can now carry...
AWS Lambda Durable Functions change a decision that used to be almost automatic. For years, if a serverless workflow needed to wait, retry, branch, call several services, or survive failure,...
AWS Lambda Durable Functions change a decision that used to be almost automatic. For years, if a serverless workflow needed to wait, retry, branch, call several services, or survive failure,...
On January 29, 2026, AWS raised one of the quiet limits that shaped serverless architecture for years: asynchronous Lambda invocations, Amazon SQS messages, and Amazon EventBridge events can now carry...
On January 29, 2026, AWS raised one of the quiet limits that shaped serverless architecture for years: asynchronous Lambda invocations, Amazon SQS messages, and Amazon EventBridge events can now carry...
On January 29, 2026, AWS raised one of the quiet limits that shaped serverless architecture for years: asynchronous Lambda invocations, Amazon SQS messages, and Amazon EventBridge events can now carry...
On March 22, 2026, the AWS Compute Blog published a practical guide for the enhanced Step Functions TestState API. The important part is not the API name. The important part...
On March 22, 2026, the AWS Compute Blog published a practical guide for the enhanced Step Functions TestState API. The important part is not the API name. The important part...
On February 4, 2026, Amazon ECS added native support for linear and canary deployment strategies for services using Network Load Balancers. That is a small announcement with a large operational...
On February 4, 2026, Amazon ECS added native support for linear and canary deployment strategies for services using Network Load Balancers. That is a small announcement with a large operational...
On February 4, 2026, Amazon ECS added native support for linear and canary deployment strategies for services using Network Load Balancers. That is a small announcement with a large operational...
Kafka vs Apache Pulsar is no longer a simple “streaming log versus cloud-native queue” debate. That shortcut used to be useful, but it is now too shallow for real platform...
Kafka vs Apache Pulsar is no longer a simple “streaming log versus cloud-native queue” debate. That shortcut used to be useful, but it is now too shallow for real platform...
Kafka vs Apache Pulsar is no longer a simple “streaming log versus cloud-native queue” debate. That shortcut used to be useful, but it is now too shallow for real platform...
Kafka vs Apache Pulsar is no longer a simple “streaming log versus cloud-native queue” debate. That shortcut used to be useful, but it is now too shallow for real platform...
Pulumi vs Terraform is usually framed as “real programming languages versus HCL.” That framing is useful for about five minutes, then it starts hiding the real decision.
JWT authorizers replaced about 80% of the Lambda authorizers I used to write. Not because they’re always the right tool — they’re not — but because most of the time...
I watched a backend engineer spend two hours yesterday trying to figure out which CloudFormation template to use for their new service. They had three options in a Confluence page....
I watched a backend engineer spend two hours yesterday trying to figure out which CloudFormation template to use for their new service. They had three options in a Confluence page....
I watched a backend engineer spend two hours yesterday trying to figure out which CloudFormation template to use for their new service. They had three options in a Confluence page....
I migrated our production cluster from Graviton3 to Graviton5 last month. Three services, two weekends, zero downtime. The numbers justified it in the first billing cycle. Here’s what actually happened...
The VPC decisions you make on day one will follow you for years. I’ve lived through the consequences—redesigning a network that was built without proper CIDR planning, watching a simple...
The first time someone accidentally created a p4d.24xlarge instance in production, we started taking policy-as-code seriously. No one meant to. The Terraform code was correct, the pipeline ran fine, the...
I shipped Terraform code without tests for years. Then a terraform apply deleted a production database because a conditional flipped. The resource had a lifecycle { prevent_destroy = true }...
I spent three years at a company that spent $4 million on “DevOps transformation.” New tools, new cloud infrastructure, training budgets, the works. The velocity of the platform stayed flat....
I spent three years at a company that spent $4 million on “DevOps transformation.” New tools, new cloud infrastructure, training budgets, the works. The velocity of the platform stayed flat....
I spent three years at a company that spent $4 million on “DevOps transformation.” New tools, new cloud infrastructure, training budgets, the works. The velocity of the platform stayed flat....
Review apps changed how my team does code review. Instead of reading diffs, reviewers click a link and see the actual change running. The designer can verify spacing on the...
![Terraform Plan [Tricks] – What you should know about](/wp-content/uploads/sites/5/2022/06/terraform-plan-feature-small.webp)
![Protect Passwords in the Cloud [Full Project Review]](/wp-content/uploads/sites/5/2022/06/protect-passwords-in-cloud-small.webp)
![Terraform State [Complete Guide]](/wp-content/uploads/sites/5/2022/02/terraform-state-small.webp)
![Terraform Taint [Replace Resource]](/wp-content/uploads/sites/5/2022/02/terraform-taint-small.webp)
![Terraform Count [Save your time by using it]](/wp-content/uploads/sites/5/2022/04/terraform-count-e1645067624213-small.webp)
![Custom Keyboard Shortcut Linux [Example: Generate AWS MFA Tokens]](/wp-content/uploads/sites/5/2022/02/20220201_043310_0000-small.webp)
![Delete a File Linux - Secrets that you didn't know about it [Complete Guide]](/wp-content/uploads/sites/5/2021/08/20210805_065148_0011-1-small.webp)
![GitLab Runner Handbook [2026 Edition]](/wp-content/uploads/sites/5/2026/gitlab-runner-handbook-2026-featured-small.webp)
![Gitlab Runner and Maven – Guide [With the efficient cache method]](/wp-content/uploads/sites/5/2021/08/20210819_212215_0000-small.webp)
![Sonarqube with Docker and Javascript [Everything That You Need to Know]](/wp-content/uploads/sites/5/2021/08/Images-Feature-small.webp)
![Gitlab CI Variables [Complete Guide]](/wp-content/uploads/sites/5/2021/09/Gitlab-variable-Project-feature-image-small.webp)
![Build Docker Image on Gitlab [without dind and with AWS ECR]](/wp-content/uploads/sites/5/2021/09/20210915_071225_0000-small.webp)
![GitLab Webhooks [Python and Google Chat Example]](/wp-content/uploads/sites/5/2022/04/gitlab-webhooks-feature-small.webp)
![SQS FIFO [Everything that you should know]](/wp-content/uploads/sites/5/2022/01/aws-sqs-fifo-small.webp)
![SQS Dead Letter Queue [Complete Guide]](/wp-content/uploads/sites/5/2022/01/sqs-dead-letter-queue-feature-e1645067139414-small.webp)
![AWS SQS – All Topics that you need to know [Exam Tips]](/wp-content/uploads/sites/5/2021/12/amazon-sqs-feature-small.webp)
![Decoupled Architecture [Exam Tips]](/wp-content/uploads/sites/5/2021/12/decouple-architecture-e1645067426316-small.webp)
![Launch Template vs Launch Configuration [Exam Tips]](/wp-content/uploads/sites/5/2021/12/Launch-Template-vs-Launch-Configuration-FeatureImage-small.webp)
![Spot Instances in AWS [Complete Guide]](/wp-content/uploads/sites/5/2021/12/20211218_080245_0000-e1645067831720-small.webp)
