AWS

Home /
Tags /
AWS

Your AWS Certificates Just Got Shorter: What the 198-Day Validity Change Actually Means

On 18 February 2026, AWS quietly updated ACM to reduce the default validity of public certificates from 395 days to 198 days. If you’re running anything on AWS that terminates TLS — CloudFront distributions, Application Load Balancers, API Gateway endpoints, Elastic Beanstalk — this affects you.

Is Infrastructure as Code the Next Abstraction to Fall?

I’ve been staring at a Terraform module for the last ten minutes, and I can’t stop thinking about a question that would have been absurd two years ago: why am I writing this?

AWS Finally Launches Nested Virtualisation on EC2: Better Late Than Never

If you’ve ever needed to run a hypervisor inside an EC2 instance, you know the pain. For years, the answer from AWS was simple: buy a bare metal instance. That meant paying for an i3.metal or m5.metal just to get access to hardware virtualisation extensions. Need to test a Firecracker microVM setup? Bare metal. Want to run KVM for a security sandbox? Bare metal. Running nested Hyper-V for a Windows lab? You guessed it.

Building Your Own AI Agent Stack. What I Learned From 10 Open Source Projects

I spent the last week falling down a rabbit hole. Not the productive kind where you emerge with a working solution and a sense of accomplishment. The kind where you save ten GitHub repos in a single week and then sit back and realise they’re all telling you the same thing.

Open-Weight Models Just Landed in Sydney: What This Means for Australian AI Sovereignty

If you’ve been building AI workloads in Australia, you’ve felt the frustration. The models you want to use are sitting in US regions. Your compliance team is asking where inference data is being processed. And every API call is adding 180-200ms of network latency before the model even starts thinking. Run a five-step agentic workflow and you’re adding a full second of pure network overhead before any model computation happens.

Build vs. Buy Just Flipped. Most Teams Haven't Noticed Yet.

The Decision You’ve Been Making on Autopilot Every AWS practitioner has a version of this conversation at least once a quarter. Someone on the team suggests building something custom. Someone else points out there’s a managed service or SaaS product that does it already. The room does the mental maths: engineering time, ongoing maintenance, opportunity cost. Nine times out of ten, you buy.

Your Inference Bill Is Going Up. Even as Costs Go Down.

The Number That Should Worry You AWS raised GPU Capacity Block prices by 15% on a Saturday in January. No blog post. No announcement. Just a quiet update to the pricing page that said prices were “scheduled to be updated” without mentioning which direction.

The Real Skill Isn't Coding Anymore. It's Describing What You Want.

You’ve Got the Tools. So Why Are You Still Slow? If you’re building on AWS right now, you have access to more managed services, more abstraction layers, and more AI-assisted tooling than at any point in computing history. CDK, SAM, Amplify, Bedrock, Kiro, Claude Code. The list keeps growing.

AWS STS Finally Lets You Write Trust Policies That Actually Mean Something

If you’ve ever written an IAM trust policy for GitHub Actions OIDC federation, you’ve probably done the thing we all did. You set the sub condition to repo:my-org/my-repo:*, told yourself “that’s scoped enough,” and moved on with your day.

From Network Plumbing to Application Intent: What AWS Networking Reveals About Infrastructure's New Role

Rob Kennedy, AWS Vice President of Network Services, opened his re:Invent 2025 keynote with a simple metaphor: atoms bond into molecules, molecules combine into structures, and those structures become complex organisms. The implication was clear, networking is no longer about connectivity. It’s about intent.

The AI Agent Governance Gap: Why Policy and Evaluations Matter More Than the Model

Many organisations are rushing into deploying AI agents with the same enthusiasm they had for serverless in 2016, great technology, terrible operational discipline. The pattern is predictable: build a proof-of-concept that works brilliantly in a demo, deploy it cautiously to production, then discover you have no idea how to govern what it’s actually doing once users interact with it at scale.

Beyond Vibe Coding: The Renaissance Developer Framework for Infrastructure Leaders

I watched Werner Vogels deliver what he’s calling his final AWS re:Invent keynote, and it struck me that he wasn’t talking about new services or feature announcements. Instead, he spent an hour articulating why the tools matter less than the person holding them. After 14 years of keynotes, Amazon’s CTO decided to hand the microphone to younger voices—but not before leaving infrastructure leaders and architects with something more valuable than a roadmap: a framework for how to think about engineering in the AI era.

Finally! AWS Transit Gateway Gets Flexible Cost Allocation

If you’ve been managing AWS Transit Gateway costs in a multi-account environment, you’ve probably felt the pain of sender-pay billing. Well, I’ve got great news, AWS just launched Flexible Cost Allocation for Transit Gateway and your FinOps team is going to love this!

I Used Amazon Q CLI to Build a Feature for Amazon Q CLI (And It Was Mind-Bending)

Ever wondered what it’s like to use an AI tool to improve itself? I just spent 2 hours using Amazon Q CLI to build a new feature for Amazon Q CLI, and the experience was genuinely mind-bending.

AWS Lands in New Zealand: What the ap-southeast-6 Region Means for Kiwi Cloud Builders

Summary AWS just flipped the switch on their newest region: Asia Pacific (New Zealand) - ap-southeast-6. After years of routing traffic through Sydney, Kiwi organizations finally have a local AWS presence. This isn’t just about national pride — it’s about single-digit millisecond latency, data sovereignty, and unlocking cloud-native architectures that were previously cost-prohibitive.

AWS VPC Route Server: The Game-Changer for Dynamic Routing You've Been Waiting For

Summary AWS just dropped a networking feature that’s going to change how we think about VPC routing forever. VPC Route Server brings dynamic routing capabilities directly into your VPC, automatically handling failover scenarios that used to require complex scripting or third-party solutions. If you’ve ever wrestled with static routes and manual failover for network appliances, this one’s for you.

Building AI-Powered Life Management Systems: The AWS Infrastructure Approach

Daniel Miessler just dropped a fascinating deep-dive into building what he calls a “Personal AI Infrastructure” (PAI) - essentially an AI-powered life management system that handles everything from content creation to security assessments. While his approach uses Claude Code and local tooling, it got me thinking about how we could architect something similar using AWS services.

The Bedrock AgentCore Toolkit: A New "Easy Button" for AI Agents

Let’s be honest. The most exciting part of building an AI agent is the agent itself—the logic, the prompts, the creative problem-solving. The least exciting part? The ceremony. The boilerplate. The tedious dance of wrapping our code in an API, writing a Dockerfile, managing ECR repositories, and wrestling with deployment scripts to get our creation into the cloud.

🕹️ AWS-Powered Tetris: Building a Retro Game with Amazon Q and Amplify

There’s something magical about the games we grew up with. The simple mechanics, the blocky graphics, and the maddeningly catchy music are etched into our collective memory. So when AWS announced the Build Games Challenge, a global event to recreate these classics using modern AI tools, I knew I had to jump in.

Cost-Effective Workflow Automation: Deploying n8n on Amazon Lightsail

Recently I’ve been trying out n8n as a workflow automation tool and I’m really enjoying the flexibility it offers. Of course, being an AWS Community Builder I would naturally run this on AWS Fargate as the n8n software is available as a container, however to keep the costs down I ended up running it on Amazon Lightsail.

Unlocking Cloud Savings: Your Guide to fsx and s3 Intelligent-Tiering with Python Magic! 🚀

Hey there, tech enthusiasts! Ever stared at your AWS bill and wondered, “Where did that come from?” Yeah, me too. Especially when diving deep into services like fsx for NetApp ONTAP and considering the magic of s3 Intelligent-Tiering to keep those storage costs in check.

Streamline Your Cloud Compliance: Mastering Time-Based AMI Copies with AWS

Hey there, Tech Friends! 👋 Let’s talk about something that might not sound super exciting at first glance, but trust me, if you’re wrestling with cloud infrastructure, especially in regulated industries, this is pure gold. We’re diving deep into the newly announced Time-based Copy for Amazon Machine Images (AMIs).

Unleash the Power of EBSight for Optimal AWS Storage Management 🚀

Hey there, tech aficionados! 👋 Recently, AWS dropped a neat minor update – they started showing the full size of your EBS snapshots. Game changer! This isn’t just the incremental stuff; it’s the data footprint.

Mastering AWS Security: Why You Should Avoid Using the Root User for Everyday Tasks

Hey there, tech enthusiasts! Ever felt that little thrill of power when you get root access on a system? It’s like holding the keys to the kingdom, right?

A Reminder of the Power of AWS Config

Today, I was reminded of the rich content stored in AWS Config and how easily it can reveal so much about an AWS Organisation across one or many accounts.

Ensuring Seamless Connectivity - The Crucial Role of Failover testing in AWS Direct Connect

👋 Hey there! Setting up the Direct Connect service is reserved for a select few. Typically, the network dudes handle this intricate task. However, understanding this service is crucial, especially when establishing hybrid cloud connectivity.

github Self-Hosted Runners on AWS CodeBuild

👋 Hey there! I’ve written before about establishing Self-Hosted Runners within github.com here. However, this involves deploying API endpoints and integrating with github via a WebHook. It’s not hard to establish, but it’s extra work to look after, update, and manage.

Creating shared github-actions

Table of contents Workflow Before Workflow After The Workflow Creating a shared (reusable) workflow Workflow Repository Adapt the workflow for reuse Calling the shared workflow Summary 👋 Hey there!

AWS Windows SSM Port Forwarding, too easy

👋 Hey there! Recently, I had to configure some Windows boxes for a project and was reminded of how simple it was to access them without needing a Bastion host by using SSM port forwarding. 🙌

Supercharge Your AWS CloudWatch Metrics with Lambda Powertools

In this post, I’ll show you how easy it is to publish custom metrics into AWS CloudWatch using AWS Lambda Powertools and the Cloudwatch EMU Specification

How to sync containers from github Container Registry to AWS ECS

Back in June last year I wrote about syncing containers from DockerHub to AWS ECS.

github-actions in CodeBuild

This month AWS released support for github-actions in CodeBuild. https://aws.amazon.com/about-aws/whats-new/2023/07/aws-codebuild-github-actions

Route 53 Resolver Magic

This post covers some core concepts of Route 53 Resolvers and how they can help establish inbound and outbound name resoltion with your on-premise and AWS resources.

Unlock the Hidden Power of VPC Sharing in AWS

As rightly stated here by Aidan Steele (AWS Hero), VPC Sharing appears to be the forgotten superpower.

AWS Config Rules Blessed with Cloudformation cfn-guard Support!

They said it was coming, and here it is! Support for defining custom cfn-guard rules for AWS Config via Cloudformation.

AWS GP3 Volumes

AWS GP3 Volumes AWS made the following announcement at Reinvent2020

AWS Managed Prefix Lists

AWS Managed Prefix Lists Some time ago AWS released a new feature called Customer Managed Prefix Lists.

Bootstrap Terraform on AWS

The Challenge Terraform is a great product for managing infrastructure on AWS however many people start by creating an iam user and sharing access keys into configuration files. This is really bad from a security aspect as these often get checked into version control and even worse in a public repo.

Cloudformation FirewallPolicy UPDATE_FAILED

While I have a fond love for Cloudformation, sometimes I find myself banging my head against a wall when trying to get past an error.

Config Conundrum

AWS Config At our organisation we use custom config rules to help us achieve near real-time compliance and remediation.

Getting started with cfn-guard

Update Link to official AWS blog post here A fair few policy-as-code tools are popping up these days. This post looks at getting started with cfn-guard to parse AWS Config Resource JSON outputs.

Github Runner ECS Authentication

Using this fantastic open-source project, we have enabled github-actions using ephemeral self-managed runners on AWS SPOT.

github-actions - How did I not see that

This post is about a mistake I made that wasted a fair bit of time on my side until the folks over in Support set me straight :)

github-actions AWS Authentication with OIDC for github Enterprise

There are many blog posts about how to use github-actions OIDC with AWS; however, they all refer to using Github.com and don’t provide some easy steps if you are running your own github Enterprise instance.

How to sync containers to AWS ECS the easy way

Back in November 2021 AWS announced that you can cache containers from DockerHub through to ECS.

How to use cfn-guard with AWS Config

I’m not sure when but AWS Config now supports using Guard rules to determine the compliance of resources. This is a pretty neat integration and one of the first I’ve seen from AWS on a side Open Source Project they have created.

Prowler on AWS

Prowler is an awesome open source tool for auditing AWS settings within an account or many accounts across an organisation.

Security Hub now supports Custom AWS Config Rules

AWS recently announced an integration that I’m a little excited about!

Terraform, github-actions & OIDC on AWS

I’ve posted here how to configure the OIDC AWS Provider & github Enterprise integration; however, nothing is better than an example of it working, and this post covers just that!

Up and running with AWS Network Firewall - Part 1

This post is the first in a series to share my learnings as I get to grips with AWS Network Firewall.

Up and running with AWS Network Firewall - Part 2

The second post in my series as I share my learnings with AWS Network Firewall.

Up and running with AWS Network Firewall - Part 3

The third post in my series as I share my learnings with AWS Network Firewall.

When Enterprise IT systems migrate to AWS

So we’ve all seen the marketing slides…. Company x saved 40% in infrastructure costs Company y collapsed their monolith into 40 Lambdas But what happens when an on-prem system that has hummed its tune in the local Data Centre for years and the vendor has never even thought of a cloud migration or even contemplated what capabilities exist in Public Cloud?