Patterns, services, and architectural decisions for building on AWS — including Bedrock, SageMaker, Transfer Family, and more.
49 articles in this seriesAmazon built two radically different approaches to predicting the future — a proprietary supply chain optimization pipeline (SCOT) and an open-source time series foundation model (Chronos). This post compares their architectures, trade-offs, and when each philosophy applies.
AWS KMS can technically sign with asymmetric keys, but it speaks REST — not PKCS#11. For PKI workloads that need HSM-backed signing, key export, and multi-tenant isolation, CloudHSM's Crypto User model gives you partition-equivalent isolation without legacy constraints.
Amazon Leo Ultra delivers 1 Gbps via satellite with private networking to AWS. Here is what it concretely changes for enterprise connectivity, how it integrates with Cloud WAN and Direct Connect, and when it beats MPLS, SD-WAN, or Starlink.
AWS DevOps Agent is GA and included with Support plans. But it doesn't replace your custom agents -- it complements them. Here's the hybrid pattern: what to buy, what to build, and how MCP bridges the gap.
Mem0, Letta, Zep, graph-RAG, Neptune Memory, HiveMemory, Obsidian steering files -- the agent memory space is fragmenting faster than it's converging. Here's a landscape analysis of why no single solution wins, the four types of memory agents actually need, and a decision framework for choosing your architecture.
Your AI agent has access to tools that perform real actions -- approving expenses, querying databases, modifying infrastructure. Prompt-based guardrails don't survive adversarial inputs. Here's how AgentCore Gateway + Cedar policies create a deterministic enforcement layer that operates independently of the agent's reasoning.
After a week with Amazon Quick -- a desktop AI work companion -- I'm convinced the developer workflow as we know it is dead. Here's what happened when I stopped switching between 15 tools and started orchestrating agents from a single chat.
AWS released the Agent Toolkit for AWS on May 6, 2026 -- a managed MCP server exposing the full AWS API surface to autonomous agents. I shipped an infrastructure agent the same week. Here's the two-phase safety pattern that lets you hand an agent the keys to your account without waking up to a $10K bill.
A decision framework for choosing between Amazon's Chronos-2 foundation model and custom XGBoost many-models pipelines for demand forecasting. Based on real patterns from SKU-level supply chain work.
I woke up to 204 pull requests from a single autonomous agent running overnight. 12 hours, ~$900 in Bedrock tokens, 509 failed builds, zero features shipped. Prompt-only safeguards all failed. Here's the 3-layer fix — hard kill switch, atomic circuit breakers, drift observability — that now prevents runaway agents.
You have RHEL 9 instances in AWS China regions managed via SSM. Installing PostgreSQL 17 or EPEL packages means opening dozens of dynamic URLs through China's restricted network. Here is what actually works in production.
Your data lives in AWS, Databricks, and Microsoft Fabric. Your business glossary is in Collibra. Users just want to find data and get access. Here is an agentic architecture that makes governance the default instead of the blocker.
Your RPA estate has 50 bots. Some should become AI agents, some should stay as bots, some need a hybrid pattern. Here is a repeatable, weighted scoring rubric — and the 5 migration patterns it maps to.
Boulder uses 9 Strands agents on Bedrock AgentCore to generate, deploy, and maintain full-stack apps on AWS Amplify — with self-healing builds and self-improving prompts.
Your DataZone environment works. AWS says SMUS is the future. Do you upgrade, go greenfield, or wait? Here is the coverage matrix, the 70–85 percent pipeline replacement reality, and the multi-account mesh architecture you actually need.
You are migrating microservices between Kubernetes clusters across AWS accounts, but the source uses /16 CIDRs that collide with corporate. The 2022 playbook (Private NAT Gateway + NLB per service) is obsolete. Here is what re:Invent 2024 gave us.
Cloud WAN promises centralized global networking. At a 30 percent premium over Transit Gateway, what do you actually get, and what are the common misconceptions? Here is the honest technical and financial analysis.
Weekly roundup of AWS announcements: AI Scholars program, Agent Plugin for serverless, Aurora Express setup, Lambda upgrades, Polly streaming, and more.
A discovery call with a global specialty chemicals company revealed that the real AI bottleneck isn't models — it's data. Here's what enterprise chemistry teams actually need versus what the hype promises.
Strands Agents plugins let you intercept every decision in the agentic loop. Steering hooks achieved 100% accuracy across 600 evaluation runs — where prompt engineering scored 82.5% and graph workflows 80.8%.
How to identify, clean, and monitor the hidden storage consumers that come with AI-assisted development tools like Claude Code and Kiro
AWS Verified Access is a strong ZTNA solution for internal users, but it breaks down for external contractors and partners on unmanaged devices. Here's a hybrid architecture that closes the gap with AppStream 2.0.
How Amazon Connect's native AI stack replaces fragmented CCaaS platforms with a unified, pay-per-use contact center backbone for global enterprises.
Enterprise teams invest in best-of-breed CSPM tools and still face critical IAM incidents. The gap isn't tooling — it's security governance. Here's how native AWS services fill it.
How to map the ANSSI AD tiering model onto AWS, why Managed AD may not be enough for Tier 0, and which AWS security services close the compliance gaps.
Most RAG tutorials stop at 'put vectors in a database.' This post covers what actually determines quality: how you chunk documents, which vector search engine to pick, and how to measure and iterate on retrieval performance using Bedrock Knowledge Bases and LLM-as-judge evaluation.
Vector search, semantic search, keyword search, hybrid search — these terms get used interchangeably but they mean different things. This post breaks down what each actually does, when each matters, and why hybrid search wins for RAG.
Step-by-step guide to configuring a custom subdomain with Route 53 and securing an AWS Lightsail instance with a free TLS certificate using Let's Encrypt and Certbot.
A practical guide to replacing a third-party CA with ACM exportable public certificates — covering pricing, automation patterns, industry validity changes, and the gotchas nobody mentions.
AWS KMS doesn't allow key material export by design. When an external PKI partner generates keys but doesn't retain them, you're stuck. Here are the four AWS alternatives — CloudHSM, XKS, Private CA, and fixing the process — with a decision framework to pick the right one.
A deep architectural comparison of four open-source frameworks that turn messaging apps into AI assistant interfaces — from a 349-file TypeScript monolith to a 10MB Go binary that runs on a $10 board.
A deep dive into the multi-agent architecture behind AWS Security Agent's automated penetration testing — from specialized agent swarms to assertion-based validation.
A 5-component framework for writing effective system prompts for any AI agent — Bedrock Agents, Claude Code, LangChain, Strands, or custom builds. With a practical Claude Code implementation.
A beginner-friendly walkthrough of how an LLM actually works end-to-end: from typing a prompt to receiving a response — covering tokenization, embeddings, Transformer layers, KV cache, the training loop, embeddings for search, and why decoder-only models won.
A visual, jargon-free guide comparing MPLS, SD-WAN, and AWS CloudWAN for enterprise networking — with analogies, comparison tables, and an architecture diagram showing how the three layers connect.
Everything a cloud/AWS engineer needs to know about Python, the Hugging Face Transformers framework, SageMaker integration, quantization, CUDA, and AWS Inferentia — without being a data scientist.
A deep dive into the Transformer architecture — how attention connects tokens and why the Feed-Forward Network is the real brain of the model. Plus the key to understanding Mixture of Experts (MoE).
A curated summary of the most important AWS announcements from February 2026 — from Bedrock AgentCore deep dives to new EC2 instances and the European Sovereign Cloud.
A hands-on walkthrough of deploying OpenClaw on AWS using AgentCore Runtime for serverless agent execution, Graviton ARM instances, and multi-model Bedrock access — from CloudFormation template to customizing the agent's personality.
End-to-end guide: fine-tune Mistral models with LoRA using Hugging Face Transformers, then deploy at scale with vLLM on AWS — from training to production serving on SageMaker, ECS, or Bedrock.
How to architect a secure, multi-tenant SFTP service across AWS accounts using Transfer Family, NLB, Transit Gateway, and per-partner S3 isolation.
AWS now offers 9 different ways to store and search vectors for RAG workloads. This guide compares every option through the Well-Architected Framework to help you pick the right one.
AI platform teams need governance before scaling. Learn how to use Amazon Bedrock inference profiles, AWS Budgets, and a proactive cost control pattern to track, allocate, and cap AI spending per team.
How we combined a Reachy humanoid robot with Amazon Bedrock Nova Sonic to create an AI-powered Solutions Architect for AWS Summits
EBS snapshot costs were growing month-over-month with no clear explanation or optimization strategy.
Discover AI-DLC (AI Development Lifecycle), a structured framework for AI-assisted software development. Learn how I used it to build this blog from scratch and how it enables continuous iteration.
A practical guide to building generative AI applications with Amazon Bedrock
Enterprise workflows often require interacting with web applications that lack APIs. Traditional automation scripts are brittle and break when UIs change.
Building a production forecasting application without the complexity of traditional ML model training and feature engineering.
Deep dives into artificial intelligence, large language models, transformers, embeddings, and the core concepts powering modern AI systems.
25 articlesBest practices and deep dives into cloud security — from zero trust architectures to WAF configurations and penetration testing.
18 articlesExploring the frontier of autonomous AI agents — multi-agent systems, RAG pipelines, and agentic frameworks like Strands.
13 articles