今日已更新 166 条资讯 | 累计 20138 条内容
关于我们

标签:#AWS

找到 156 篇相关文章

AI 资讯

What Beginners Get Wrong About IT Certifications

Certifications help when they match a role and are backed by proof — not as a scoreboard. The problem Beginners are told certifications are the key to IT, so they buy the most popular one, pass it, and are surprised when interviews still go badly. A certificate proves you can pass an exam; it does not, on its own, prove you can do the job. Why this matters now Certifications remain useful signals, and official providers like CompTIA, Microsoft, AWS, Cisco and Google keep their exam objectives public and current. But as AI makes it easier to grind practice questions, employers lean harder on whether you can actually apply the knowledge. The value of a certificate is increasingly in what you can demonstrate alongside it. There is also a cost reality. Exams, courses and retakes add up in money and time, and career changers usually have limited amounts of both. Spending three months and a chunk of savings on a certificate that no target role actually asks for is one of the most common and most avoidable mistakes in an IT transition — which is exactly why the order you choose them in matters. The practical framework Use certifications as targeted evidence, not as a scoreboard. Three rules: Match objectives to a job. Open the certification's published objectives next to a real job description. Overlap means it is relevant; no overlap means it is a hobby. Prove the same skills in practice. For each major objective, build one small artefact that shows you can do it, not just recall it. Stop at enough. One well-chosen, well-demonstrated certification beats three unrelated ones. Sequence them to roles, not to availability. Which one first? Let the target role decide, not the brand with the loudest marketing. As a rough guide: a vendor-neutral foundation (such as CompTIA A+ for general IT support, or Network+/Security+ as you specialise) suits broad support roles; a cloud-fundamentals exam (Microsoft Azure or AWS) suits cloud-leaning roles; Cisco-flavoured paths suit networkin

2026-06-18 原文 →
AI 资讯

Opentofu vs pulumi, which one survives a 200-account landing zone

IaC tools built for single-team deployments fail structurally at 200 accounts because the failure modes are architectural, not configurational. Why 200 Accounts Is Where IaC Tools Break IaC tools built for single-team deployments fail structurally at 200 accounts because the failure modes are architectural, not configurational. Scale Threshold State Management Provider Auth Overhead Execution Time Impact ~10 accounts One backend bucket, one workspace; quirks are routable Not a meaningful bottleneck Sequential plan/apply is manageable ~50 accounts Sequential execution still viable; blast radius contained Per-account latency exists but tolerable Below threshold where parallelism is required 200+ accounts 200 separate plan operations per shared-module refactor 3-sec per-account auth × 200 = 10 min added per plan cycle Sequential Terraform applies measured at 4.1 hours end-to-end A 10-account environment forgives sloppy state management. One backend bucket, one workspace convention, one pipeline. Engineers learn the tool's quirks and route around them. At 200 accounts, those same quirks compound. Why the threshold is 200 State lock contention, cross-account provider authentication chains, and module resolution latency stack on top of each other. The result is not slower deploys. It is non-deterministic deploys, which is operationally worse. The specific threshold matters. Below roughly 50 accounts, most teams run plan and apply sequentially without parallelism because the blast radius of a runaway apply is contained. Above 200 accounts, sequential execution becomes untenable. We measured a 200-account org where sequential Terraform applies across all accounts took 4.1 hours end-to-end. That latency made emergency remediation impossible inside a standard incident window. Three compounding failure modes State file proliferation. Each account carries its own state file, and each state file is a consistency boundary. At 200 accounts, a single refactor touching a shared modu

2026-06-17 原文 →
AI 资讯

AI Use by the US Government

On 14 April, the Trump administration quietly acknowledged the widespread use of AI to automate government processes. The office of management and budget (OMB) disclosed a staggering 3,611 active or planned use cases for AI across the federal government. The list has ballooned by 70% from the one published in the final year of the Biden administration, and includes many disturbing-seeming plans to hand over sensitive governmental functions to AI. Scanning this list, many readers may find many causes for alarm. It represents a transfer of decision processes from human to machine on a massive scale over matters of individual freedom, public health and well-being, nuclear reactor safety and more...

2026-06-17 原文 →
AI 资讯

How My First Claude Code on AWS Bedrock Experiment Cost Me $8.43 in Just One Day

My AWS Bedrock Experiment Cost Me $8.43 in Just One Day What I learned about AWS Bedrock pricing the hard way, and why budget alerts saved me Why I Even Tried Claude Code on Bedrock I have been using Claude Code for a while now, connected to Anthropic directly. It works well. But two things were bothering me. First, the usage limits. Claude Code on Anthropic's native setup has 5hours session limit and a weekly usage cap. Once you hit it, you have to wait. If you are in the middle of something or just want to experiment freely, that gets frustrating fast. Second, billing. I already manage everything on AWS. I'm very familiar with it, the invoices go to one place, and I understand how to track and control costs there. Adding a separate Anthropic subscription meant one more billing account, one more credit card charge, one more thing to track. I just wanted everything under one roof. So I thought, why not try Claude Code connected to Amazon Bedrock? Same tool, runs on AWS, billed through AWS. Seemed like a clean solution to both problems. What happened next is why I am writing this post. The Two Ways to Run Claude Code Most people do not realise Claude Code can be configured to run in two different ways. Option 1: Claude Code via Anthropic directly You connect Claude Code to Anthropic's API or use it under your Claude subscription. Billing goes through Anthropic. If you are on a subscription plan, you pay a flat monthly fee and the usage limits apply to how much you can do within that. Option 2: Claude Code via Amazon Bedrock You connect Claude Code to AWS Bedrock as the backend. Same Claude models, but now AWS is your provider. Billing goes through your AWS account. No Anthropic subscription needed. From the outside, it looks and feels the same. But the billing model underneath is completely different, and that is where things get interesting. What Happened When I Tried It I set up Claude Code to use Bedrock and gave it a prompt. A fairly detailed one, nothing unusual

2026-06-16 原文 →
AI 资讯

I built a Terraform security scanner that lives inside GitHub PRs

The problem IAM wildcards and public S3 buckets keep slipping through Terraform code review. Tools like Checkov and tfsec exist but they live in CI, require config files, and developers ignore the output because it's not where they're working. What I built TerraWatch is a GitHub App that scans every pull request that touches .tf files automatically. If it finds a security issue it blocks the merge and posts the exact code fix as a PR comment. The developer sees something like this in their PR: ⚠️ PUBLIC_S3_BUCKET - main.tf (Line 6) Severity: HIGH Risk: S3 bucket allows public read access. Fix: acl = "public-read" acl = "private" block_public_acls = true restrict_public_buckets = true They copy the fix, push, and the merge unblocks automatically. How it's different No YAML, no CI config - installs in 2 minutes via GitHub App Fixes are hardcoded diffs, not AI generated Nothing auto-applied - you review every fix No Checkov dependency - own lightweight rules engine Only reads changed .tf files in the PR, never your full codebase 29 rules covering S3 public access, IAM wildcards, open ports (SSH/RDP/MySQL/Postgres), unencrypted EBS/RDS, public databases, hardcoded secrets, EKS public endpoints, CloudTrail disabled, IMDSv1, and more. Try it Free during beta - terrawatch.dev Also launching on Product Hunt today if you want to show some support!

2026-06-16 原文 →
AI 资讯

Building a Low-Latency Polymarket Bot for Earnings Markets: A Real-World Attempt (Lessons & Technical Breakdown)

A bot on Polymarket quietly extracted $32k in near risk-free profits by sniping “Will Company XYZ Beat Earnings?” markets. It waits for the official release, then instantly buys the winning side. Many limit orders from retail traders remain uncancelled, creating a post-announcement arbitrage window. Two developers decided to challenge it. Here’s what they learned while trying to build a faster version. Infrastructure Choices Location : Polymarket’s CLOB runs in AWS eu-west-2 (London). They deployed from Ireland (eu-west-1, Dublin) — the closest realistic option without IP tricks. UK IPs are blocked. Language : Rust for type safety and speed. The author notes you can achieve competitive latency in Python if you strip unnecessary network calls. Key Warning : Avoid the official Polymarket SDKs for ultra-low latency. They include helpful but slow pre-trade checks. Build lean custom clients. The Data Feed Challenge (The Real Bottleneck) The critical edge is getting earnings announcements faster than competitors. Source Performance Verdict Scraping Newswires Too slow Failed Benzinga Low-Latency Slower than manual clicking Failed Paid ultrafast feed ~500ms after release Still too slow EDGAR Consistently slower than newswires Backup only Even at 500ms, the order book was already swept by faster bots. The top players are likely using extremely expensive dedicated feeds or custom setups. Technical Lessons Learned Network > Code Most latency lives in the network round-trip, not in language choice. Optimize transport first. Custom Execution Layer Skip heavy SDK abstractions. Direct signed orders with minimal validation. Post-Event Sniping Logic Monitor newswire feeds aggressively Parse EPS vs. estimate instantly Place aggressive limit/market orders on the winning side Handle cases with ambiguity (multiple interpretations of “beat”) Reality Check They made some wins during EPS ambiguity or when faster bots hit size limits, but never won on pure speed against the leader. Why This

2026-06-15 原文 →
AI 资讯

Presentation: Practical Performance Tuning for Serverless Java on AWS

AWS Hero Vadym Kazulkin explains how to overcome Java’s enterprise hurdle on AWS Lambda: cold starts and memory footprints. He shares a technical deep dive into performance tuning, comparing fully managed AWS SnapStart (with pre-snapshot priming hooks) against GraalVM ahead-of-time compilation, while addressing the latest architectural implications of Project Leyden and Java 25. By Vadym Kazulkin

2026-06-15 原文 →
AI 资讯

Anthropic Releases and Temporarily Suspends Claude Fable 5

On June 9, 2026, Anthropic launched Claude Fable 5, a model designed for long-horizon tasks, but it was taken offline shortly after due to a U.S. government export directive. It shares architecture with Claude Mythos 5, supporting extensive token usage. The model includes mandatory data retention requirements, which have affected its deployment with partners like Microsoft. By Andrew Hoblitzell

2026-06-15 原文 →
开发者

Pooling contra una t3.micro, el día que se reventó...RDS Proxy es la salida?

Cómo un backend de FastAPI + asyncpg comparte un solo Postgres chiquito con sus propios trabajadores en segundo plano y un segundo servicio, por qué el techo de conexiones, no el CPU, es lo que de verdad le pone tope a nuestro autoescalado, la caída en el cambio de hora que nos enseñó la cuenta, y una mirada honesta a RDS Proxy como la válvula de escape (incluyendo la trampa de asyncpg que lo puede dejar sin hacer nada). TL;DR Ajuste Valor Por qué Driver postgresql+asyncpg asíncrono hasta el fondo pool_size / max_overflow 8 / 12 (20 por proceso) subido desde 3/5 después de una caída pool_pre_ping True mata los sockets muertos tras un reinicio de RDS / inactividad pool_recycle 1800 s techo duro que el pre-ping no puede cubrir Tope de conexiones de RDS ~87 (t3.micro, menos las reservadas) la verdadera restricción de todo Pruebas NullPool sin pooling entre event loops en pytest La lección que replanteó todo el problema: en un RDS chico, tu cuenta máxima de tareas la fija max_connections , no el CPU ni la memoria. Un autoescalado que ignora el presupuesto de conexiones va a escalar directito hacia QueuePool limit reached , o peor, FATAL: too many connections del mismo Postgres. El pool, y la cuenta escondida adentro de él engine = create_async_engine ( settings . DATABASE_URL , connect_args = { " ssl " : " prefer " }, # negocia TLS en RDS, texto plano en local pool_pre_ping = True , pool_size = 8 , max_overflow = 12 , # 8 + 12 = 20 conexiones por proceso pool_recycle = 1800 , ) Veinte conexiones por proceso se ven modestas hasta que las multiplicas por cada capa entre ellas y la base de datos: pool_size + max_overflow = 20 por proceso de Python × 2 trabajadores de uvicorn = 40 por tarea de Fargate × 2 durante un despliegue rolling = 80 (tarea vieja drenando + tarea nueva arrancando) + servicio de inteligencia (3 + 7) = 10 sobre la misma base de datos + alembic / ad-hoc / psql ≈ unas pocas ---------------------------------------- ≈ 87 ← el techo de la t3.micro, con ~0 de

2026-06-15 原文 →
AI 资讯

I built a region-survivable system by directing an AI agent. An append-only decision log kept it coherent.

Most of the code in Quorum was written by directing Claude Code, an AI coding agent. That is not the interesting claim, and on its own it is not even a good one. An agent left to run unsupervised produces fast, plausible, locally-correct code that drifts into an incoherent system. The interesting part is the discipline that turned agent speed into a coherent, correct, multi-region database application. That discipline was an append-only architecture decision log. The failure mode of agent-built software An agent has no memory across sessions. It will happily contradict a decision it "made" yesterday, re-open a question that was settled last week, or quietly drift from the design because the local change in front of it looks fine. Each individual output is reasonable. The aggregate, without governance, is a system where the data model fights the access layer and the third change undoes the first. This is the part people underestimate when they talk about AI coding velocity. Speed without a source of truth does not get you to a good system faster. It gets you to entropy faster. A fast writer with no memory and no sense of consequence is a liability at scale unless something outside the agent supplies the continuity. The decision log Quorum carries a file of numbered architecture decisions, DEC-001 onward, now past two dozen. Each entry has the same shape: the context that forced the decision, the decision itself, references to the prior decisions it refines or interacts with, and a status. Three rules make it work: Append-only. Entries are never edited. A later decision can supersede an earlier one, but it does so as a new numbered entry that references the old one. The history of why the system is shaped the way it is stays intact and readable, including the choices that were later reversed and why. Committed separately from code. The decision and the code that implements it are different commits. The log reads as a clean narrative of intent, independent of the diffs

2026-06-15 原文 →
AI 资讯

Surviving the region you run in: failover on Aurora DSQL, and what the demo proves

The thesis Quorum is built on is uncomfortable and true: the tools a team uses to coordinate an incident often live in the same region as the thing that is failing. When the region goes, the incident response goes with it. You are now coordinating a region outage over a status page that the region outage took down. Quorum is an incident command plane designed to survive a region loss. This post is about how the failover works, what the live demo does and does not prove, and where the survival story currently ends, because a database audience will ask all three and they deserve a straight answer. What DSQL gives you A multi-region DSQL cluster in the US set is three regions: two full regions, which for Quorum are us-east-1 and us-east-2, and a log-only witness in us-west-2 that has no cluster endpoint of its own. Both full-region endpoints present a single logical database with strong consistency, and the architecture is designed for 99.999% multi-region availability with no single point of failure and automated failure recovery . The behavior that matters for an incident tool is stated plainly in the GA announcement : applications can keep reading and writing with strong consistency even when they are unable to connect to a region's cluster endpoint, and the third region acts as a log-only witness with no cluster resource or endpoint. The survivor keeps serving; the witness holds the log so the surviving region keeps commit quorum. Quorum is, in effect, a live demonstration of that reference behavior with an incident-command product wrapped around it. Quorum's failover layer AWS's guidance for multi-region DSQL is to put routing in front of the endpoints: either DNS-based routing with Route 53, or application-level routing logic, so traffic redirects automatically when an endpoint becomes unreachable. This is laid out in Implement multi-Region endpoint routing for Amazon Aurora DSQL . Quorum, a Next.js app on Vercel, does the application-level version: it detects an

2026-06-15 原文 →
AI 资讯

Optimistic concurrency is the whole design: event sourcing on Aurora DSQL

Quorum is an incident command plane built on Amazon Aurora DSQL. The failover story lives in another post. This one is about a narrower question that turned out to be the foundation: when several responders write to the same incident at the same moment, across regions, during the worst minutes of an outage, how do you guarantee the record never forks into two conflicting truths. The answer is two design choices that are really one choice seen from two angles: event sourcing, and DSQL's optimistic concurrency control. The data model is append-only Quorum is event-sourced across four tables. Every state change is an immutable event appended to a log, not an in-place update. The current state of an incident is a fold over its events. There is no UPDATE incidents SET status = ... ; there is an acknowledged event, a note event, a resolved event, and the status you render is computed from them. The event's UUID is its primary key and its idempotency key at the same time. A retried write carrying the same UUID cannot double-apply: the insert collides on the primary key and becomes a no-op. That property sounds minor until you remember what kind of system this is. A tool designed to survive network failure retries writes constantly, and "the responder tapped resolve twice because the first response was slow" must not produce two resolutions. Append-only also suits the domain directly. For an incident system the audit trail is the product, not a side effect. "Who acknowledged this, at what time, and what did the timeline look like at 02:14" is a first-class question for the post-incident review and a compliance requirement in regulated environments. Event sourcing gives you that for free. It also gives DSQL a write pattern it likes, which matters more than you would expect. The stack, briefly TypeScript end to end. Kysely as a typed query builder rather than an ORM, because I wanted type safety without surrendering control of the SQL: on a distributed database the exact shap

2026-06-15 原文 →
AI 资讯

hosted coding agents make observability a product feature

The laptop was never the interesting part of coding agents. It was just the first convenient runtime. Your laptop has the repository, the shell, the secrets, the package cache, the local database, the half-working dev server, and whatever credentials you forgot were still loaded in the background. So the early version of agentic coding naturally ran there. It was close to the work. It had all the messy context. It was also a very strange place to run something that might edit code for an hour while calling tools, installing dependencies, and touching private systems. AWS published a Bedrock AgentCore post this month with a very good hook: you should be able to close your laptop while the coding agent keeps working. That is the demo-friendly version. The more important version is this: once the agent leaves the laptop, "what happened?" becomes a production question. And that is where observability stops being a nice enterprise add-on and becomes part of the product. remote is not the same as trustworthy Moving a coding agent to a hosted runtime solves some obvious problems. The agent can keep running after your machine sleeps. Multiple agents can run in parallel without fighting over the same local Postgres port. The filesystem can persist between sessions. The environment can be isolated in a microVM or container instead of sharing your real shell with everything else you do all day. Good. But remote execution also removes a useful kind of accidental visibility. When the agent is on your laptop, you can at least see the terminal, notice the fan spin up, watch the test output, and feel the blast radius because it is your machine. In a hosted runtime, that little bit of intuition disappears. The agent is now somewhere else, with its own filesystem, network path, credentials, tools, retry behavior, and bill. So the platform has to replace intuition with evidence. Not a transcript pasted into a PR. Actual operational evidence: traces, logs, metrics, command history, too

2026-06-15 原文 →
AI 资讯

3- AWS Serverless: REST API vs. HTTP API

There is common point of confusion. what's the different between REST API vs. HTTP API in AWS and what's the different between them and a traditional Rest API you write with e.g express in node in the broader software world, a "REST API" is just an architectural pattern built on top of HTTP requests. The confusion comes entirely from AWS-specific marketing terminology . When you are inside the AWS ecosystem, Amazon API Gateway is a specific managed service, and AWS chose to split that service into two different flavors (or software products): one called "REST API" and one called "HTTP API." Here is exactly how they work under the hood, how they differ internally, and how it compares to traditional servers. 1. How It Works: REST API vs. HTTP API (AWS Architecture) Think of Amazon API Gateway as a reverse proxy or a "front door" that sits in front of your Lambda functions. AWS REST API (The Heavyweight) When a request hits an AWS REST API, AWS passes that request through a massive feature pipeline before it ever touches your Lambda code. [Client Request] ──> [Authentication (Cognito/IAM)] ──> [Request Validation] ──> [Data Transformation (VTL)] ──> [Your Lambda] What happens: AWS decrypts the request, validates the JSON schema, checks API keys, runs any custom request transformations using a complex mapping language called VTL, and then invokes your Lambda function. Why it costs more: You are paying AWS for all that computing power happening inside the API Gateway layer itself. AWS HTTP API (The Express Lane) When a request hits an AWS HTTP API, AWS strips out almost the entire middle pipeline. [Client Request] ──> [JWT/OAuth2 Authorization Only] ──> [Your Lambda] What happens: The HTTP API acts as a lightning-fast router. It optionally checks a standard JWT token, converts the incoming HTTP request directly into a clean JSON object, and throws it straight into your Lambda function. Why it costs less: Because AWS is doing almost zero processing or data manipulation. Y

2026-06-15 原文 →
AI 资讯

AWS Introduces Durable Storage Option for ElastiCache for Valkey

AWS has recently introduced durability for Amazon ElastiCache for Valkey, enabling reliable data retention across failures and expanding support beyond caching to persistent workloads. The feature offers new options that prioritize either minimizing data loss or maintaining lower write latency, expanding the range of use cases supported by the Redis fork. By Renato Losio

2026-06-14 原文 →