Aws

• I answered 114 AWS Well-Architected Review questions from my terminal 2026-04-03
• I replaced the AWS CLI completer with a datalake 2026-04-02
• FinOps portfolio: 71 tickets over 5 years 2026-04-01
• Three holes in the partition wall 2026-03-31
• One module block per service per tenant 2026-03-27
• Every tool I've ever used is a CloudFormation frontend 2026-03-26
• from feature_flags import * 2026-03-25
• The Allow SCP that worked until it didn't 2026-03-24
• The $233 Day, Part 2: The Inference Iceberg 2026-03-20
• The $173 Training Run 2026-03-20
• Your employees are tenants and you should bill them like it 2026-03-16
• I assumed GovCloud was AWS with a different region code. It took two weeks to prove me wrong. 2026-03-11
• I debugged a Lambda timeout for 6 hours. The fix was 4 CLI commands. 2026-03-11
• Zero-touch multi-tenant deploys: removing myself from the critical path 2026-03-02
• Per-Tenant CloudWatch Log Isolation on EKS, or: Why I Stopped Using aws-for-fluent-bit 2026-03-02
• Why we removed aws-for-fluent-bit from EKS 2026-03-02
• Stop copying AWS managed policies — deny what you don't want instead 2026-02-27
• The IAM policy controls access — the document controls how people feel about it 2026-02-27
• IAM trust policies silently accept wildcards in principals — and silently deny everything 2026-02-26
• IAM eventual consistency is 4 seconds — if your policy still doesn't work, you have a bug 2026-02-26
• The Over-Mighty Subject: why your site repos have too much power 2026-02-26
• I replaced $489/mo in AWS Client VPN with a $3 t4g.nano running Headscale 2026-02-21
• Cross-repo auto-deploy with GitHub Actions: the orchestrator pattern 2026-02-20
• Your CI/CD dispatch token can rewrite your infrastructure code 2026-02-20
• Your terraform apply is silently rolling back your container images 2026-02-17
• Terraform module for multi-provider DNS: define once, deploy to Route53 + Cloudflare 2026-02-16
• ElastiCache auth-token to RBAC migration has a Terraform provider bug 2026-02-13
• Amazon WorkSpaces are invisible to SSM and CloudWatch (and how to fix it) 2026-02-12
• SimpleAD is Samba 4 — you can create users with ldapadd instead of ClickOps 2026-02-12
• What building infrastructure for a startup actually looks like 2026-02-11
• 90 AWS resources in 5 minutes — automating multi-tenant SaaS tenant lifecycle 2026-02-10
• Your ACM certificate request is a beacon — scanners are watching Certificate Transparency logs 2026-02-09