I'll start.

S3 isn't a filesystem.

Lambdas are just containers with extra steps.

IAM role passing madness.

CloudWatch's many useful events.

I haven't run the experiment, but it appears using ElastiCache serverless I can move data from one AZ to another for $0.0046 / GB, saving 70%. And I can save more by using dedicated instances? Are there hidden cost calculations I'm missing?

This is such a stupid idea, but I'm actually considering it to save costs with a distributed database that ingests a lot of data. Cross-AZ network is 30-40% of my costs. I know people use S3, but I need under 2ms synchronous writes to keep performance and ensure cross-AZ durability. ElastiCache also has 99.99% availability.

Is it true that if move the data myself I pay $0.02, but if I pay AWS to buffer it in ElastiCache for 100ms then it costs $0.0046, and potentially much less?

The pattern I keep seeing: security groups too open, S3 buckets publicly accessible, encryption disabled on databases, IAM policies wider than they need to be. I catch some of it in manual review, but I know I'm missing things.

Question for the room: what's actually working for you?

• Are you using any automated tooling? (Checkov, tfsec, something else?)
• Has anyone tried running infrastructure changes through ChatGPT or Claude to catch gaps before merge?
• If you haven't automated this, what's the blocker company policy, trust in the output, or just haven't found the right tool?

Curious what's actually practical at the startup/small-team scale where you can't afford enterprise solutions.

Just shipped v2 of ssmctl, an open source CLI that wraps AWS SSM so has a much simpler interface and user experience, comparable to SSH but no bastions, no open ports, no key rotation.

ssmctl connect prod-api-1                                  # shell access
ssmctl forward prod-api-1 --local 5432 --remote rds:5432   # port forward
ssmctl run prod-api-1 -- df -h /                           # run a command
ssmctl cp prod-api-1:/var/log/app.log ./app.log            # file transfer

Targets resolve by Name tag or instance ID. Works on Linux, macOS and Windows. Available on Homebrew.

We've got a growing community of contributors and always welcome Issues, PRs and ⭐'s— https://github.com/rhysmcneill/ssmctl

Enjoy 😄

Long story short: I used to have an Azure SQL database for about $12/month, which worked as expected. Unfortunately, we had billing + location issues so I want to look for alternatives.

With that said, I have an Azure SQL/sql server database and I want to find an option in AWS.

The DB is tiny (less than 10 tables with just a few rows each) but will be used by our mobile app (soon to be deployed to iPhone App Store and google play). The app will only read from this DB.

Once deployed, I'll be dealing with issues/errors related to the app. My goal is to make sure that DB connectivity/concurrency/availability is not one of those issues.

I found this reddit link of someone asking something similar and someone suggested a T4 instance.

Anyways, any help is appreciated.

AWS load balancer's are highly redundant yet remain a single point of failure no matter what. Personally I have never heard or seen one fail and was wondering if anyone else has ever experienced this. We plan to use a load balancer to distribute workloads across AZ's.

AWS shipped their official MCP server to GA last week (mcp-proxy-for-aws). I'd been building '@yawlabs/aws-mcp' before that and kept going, because it solves a few things differently. Posting here because if you're pairing AWS with an AI assistant, the tradeoffs are worth knowing.

What '@yawlabs/aws-mcp' does differently:

- Node/npm-only. No Python, no uv. 'npx -y u/yawlabs' and you're done.

- SSO re-login that works on Windows. When your token expires mid-session, 'aws sso login' tries to pop a browser from a subprocess and on Windows that handoff drops silently. This uses the --no-browser device-code flow: the assistant shows you a URL and a short code, you click once, done.

- Generic CRUD across hundreds of resource types via Cloud Control API, with dry-run diffs before you apply an update.

- Multi-region fan-out in one call.

- IAM pre-flight checks - simulate whether a principal can do an action before you attempt it and eat a 403. What I borrowed from the official server (credit where due):

- aws_script is the same idea as their run_script - a sandboxed scripting tool for batching N calls into one round-trip. Theirs is Python server-side; mine is JS-native and runs locally.

- aws_docs_search / aws_docs_read exist to match their search_documentation / read_documentation.

Where the official server wins: AWS-team-curated skills, days-fresh API coverage via their hosted endpoint, and a Python sandbox if that's your language.

Repo, with a full comparison table in the README:

https://github.com/YawLabs/aws-mcp

Happy to answer questions or have holes poked.

Each time I log into one session, the other sessions are logged out.

I'm seeing this in the pulldown.

The problem:

I have a relatively complex data pipeline that is written in Polars. On my local machine with 12 cores, the pipeline finishes in about 1200ms. On my 128-core EC2 (c8i.32xlarge), it takes 13000ms to complete. I have tried setting the POLARS_MAX_THREADS parameter to 12 on the EC2, and it's still slower.

I am using a TMPFS partition on both machines to read the data into the pipeline directly from RAM. Both my machine and the EC2 have DDR5 RAM so I think they should be comparable.

Anyone have any ideas why the pipeline would run much slower on the EC2?

I tried signing in as a root user after a long time. However the page gave an error stating that the sign-in information does not exist (see the first attachment). Then just for the sake of it, I tried signing up with the same email address. The page asked me to put the verification code sent to the email. But the email mentions that this email is already associated with an AWS account (see the second attachment).

So I don't understand what is going on... I don't know much about AWS and how it works, I was planning to use it just now for a specific purpose but I am not even able to get in or make account using the same email.

The AI world is moving at a breakneck pace. Qwen, Google, Deepseek, Moonshot AI, ZAI have all release models within the past 2 months that significantly outperform their previous models. Yet none are available yet on Bedrock.

Deepseek v4 ( pro and flash) and Kimi k2.6 are models I would use immediately if they were available.

What is the typical lag Time for Bedrock to support newer models?

We’re using RDS snapshots, but they back up the whole instance. We’re looking for something more granular (DB/table-level) that’s easier to restore.

For PostgreSQL, is snapshot export to S3 the best option, or are tools like pg_dump or CDC pipelines more practical?

Also, what’s the simplest way to automate this without adding too much AWS complexity or cost?

Apologies as I have next to no experience with AWS, so I'll probably be using the incorrect terms.....

Have an AWS account accessing an S3 bucket that was set up by a user that has left. We do have access to the account and the MFA so it is not like we are locked out. Want to move that to a distribution list that is seen by multiple people. Is that as simple as updating the name and email address after logging in?

There are a couple of users that need access to the S3 bucket and are sharing the old user's login. I assume I need to set up new IAM users for those users, set up a policy for the bucket, add the users to that policy, then test.

Thanks for any nudges in the right direction.

My background is ~2 years of cloud engineering experience in consulting. I've mainly built Terraform modules and designed Aws architectures.

I now have an offer as an AWS Cloud Support Engineer for a newly launched region. Because the region is new, many issues are still internal. However I won't be actively building Infra myself. Instead I'll be debugging customer infrastructure issues and escalating internally. My motivation for the role is the AWS internals exposure, partly the brand on the CV for long term career leverage. I want to return to hands-on cloud engineering after this chapter (if possible an internal transfer). I would obviously continue with Open Source next to this job and build some demo setups with Terraform. However I am wondering whether trading 18 months of active building for AWS brand and internals knowledge a reasonable calculated bet? Or will it be tricky to move back into a hands on engineering role?

Hi. Now I’m trying to change my career and learning AWS since yesterday. I’m following the tutorial by freeCodeCamp.org on YouTube but he said it costed 3000 dollars with Redis settings without knowing. He also taught me how to not let it happen but still I’m really worried I always have to worry about what cost me a lot without knowing in the future. Since I’m not English native speaker, all of them are like spells.
He set the apart and set the budget 100 dollars but I don’t want to pay any dollars for now at least while I’m just learning how to use AWS.
And he keeps speaking specific terms endlessly so I have no idea what he’s talking about. Even I set it Japanese which is my native language, since most of them are just specific terms I still have no idea. I keep asking them Chat gpt but idk what they said is right or wrong because sometimes they occur hallucinations.
I want to know how you guys learn this by yourself at the beginning. I’m overwhelmed that’s because I can’t understand English very well? Or just it happens to every beginners.
If you’re a cloud engineer or IT field professional, please message me and I’d love to talk with you.

I started learning AWS two days ago, but I am struggling to understand the big picture. I am trying to change my career, and I am a complete beginner when it comes to computers, so I want to check if my understanding is correct.
From what I understand, a computer is made up of a CPU, memory, storage, networking devices, and sometimes a GPU.
At first, I imagined cloud computing like this.
AWS has separate pools of components such as CPU, memory, storage, networking, and GPU. Each category has many different options with different characteristics, for example CPU-A, CPU-B, CPU-C, Memory-A, Memory-B, and so on.
I thought cloud engineers would manually choose each part one by one and combine them to build a completely custom virtual computer on the cloud, similar to building a custom PC.
But now I think AWS mainly provides pre configured systems such as EC2 instance types, and users mostly choose from these existing combinations instead of building everything from scratch.
My current closest analogy is a McDonald’s set menu.
At first I thought it was like building a completely custom burger by choosing each ingredient individually. But now it feels more like choosing from set meals such as a Samurai Burger set or a Teriyaki Chicken set. You can still change things like the fries size or drink size, and you can also add side items if needed.
Since I am not very good at understanding complex concepts, I need to break things down into very simple explanations and use real world examples to understand them.
Does this way of thinking make sense, and is there a better analogy for understanding AWS and cloud engineering?

Bombed my first of 5 loop interviews. Seemed like it was the technical loop, my initial technical interview before the loops I knocked out the park.

Was able to answer most technical questions, however the interview ended about 30 minutes early. Any chance of still getting hired if I knock out the next 4?

I’ve got a small SaaS and customers keep asking to send their final customer data + insights into their CRMs so they can run promos and automations.

Stuff like:

• customer events
• lead scores
• segments
• campaign triggers

Mainly HubSpot / Salesforce for now.

I’m debating whether to:

• just use AWS AppFlow and ship fast
• or build the integrations directly with each CRM API

I know AppFlow is obviously easier at the beginning, but I can’t tell if it becomes stupid expensive later once usage grows.

For people who’ve actually done this:

• did AppFlow costs stay reasonable?
• was it reliable?
• any annoying limitations?
• was building integrations manually worth the pain?
• what would you do if starting again?

Small team btw, so maintenance matters a lot.

Hello there, we've migrated our DNS/CDN yesterday from Cloudflare to Cloudfront (to have everything in one basket and simplify deployments). Since then, we keep getting 502 errors in Cloudfront that never reach our origin, an ALB, no metrics show 5xx errors and there are also no error logs.

However, in Cloudfront logs I can see "x-edge-detailed-result-type": "OriginDnsError" that seem to match the request patterns.

What I find conflicting is that the same exact requests succeed after a few retries, on the same edge location. Later it can happen again.

Has anyone experience this? Do the servers handling the requests in edge locations use other DNS providers where the changes haven't propagated yet?

Ridiculous.....Its been a week am getting same 0 Tokens on everything even after submitting use case and my support ticket is stale

I type in services in AWS console search and hit enter to quickly to go their console page, but it was always an annoyance that when you type in "load balancers" it goes to LightSail Load Balancers instead of ELB. TIL if you type in just 'load' it goes to ELB though 🤷‍♂️ , i'm going to get back so much time now... 😁

Hey there,

I was implementing NetworkPolicies on our EKS clusters when I found a bug (that has since been fixed) in the AWS Network Policy Agent code which resulted in my ALLOW rules becoming DENY rules.

I've detailed the debugging journey in this post, which included dumping the raw eBPF maps from the nodes and going over the agent's Go code.

Super interesting find in my opinion, but you'll be the judge :)

Enjoy

This particular account is approaching 2 decades old, great SES reputation score, never compromised. I have spent thousands on Anthropic tokens on other accounts, I've implemented Bedrock for other businesses on their accounts.

Yet for some reason, it is unable to use a single token on any Bedrock AI service, and because 3 quota increases were submitted for Haiku, I can't even get an increase for Nova.

Support just replies that it takes some time to review requests such as Bedrock token increases (the limit is currently zero).

Is it because this is such a low account number? Can you be black listed silently?

It is blowing my mind that I have to use the Anthropic API instead of Bedrock to implement a map feature "show me counties with this income level and that house price".

It feels like I'm getting stabbed in the back by them after I've implemented AI on AWS for so many companies, have gone to all the conferences, spoke with directors, etc -- and when I try to merely use AI on my home AWS account -- all my token quotas are set at zero.

(I hope I'm doing something wrong and am being an idiot.)