今日已更新 339 条资讯 | 累计 19899 条内容
关于我们

标签:#Cloud

找到 165 篇相关文章

AI 资讯

Airbnb Shares Architecture Behind Sitar-Agent Dynamic Configuration Sidecar for Kubernetes Services

Airbnb engineers detailed Sitar-agent, a Kubernetes sidecar for dynamic configuration delivery across tens of thousands of pods, processing updates several times per minute. The system was redesigned with Java, Amazon S3 snapshot bootstrapping, and a migration from Sparkey to SQLite to improve reliability, startup performance, and configuration availability at scale. By Leela Kumili

2026-07-08 原文 →
AI 资讯

Why Every Modern SaaS Needs a Billing Engine (Not Just a Payment Gateway)

Why Every Modern SaaS Needs a Billing Engine (Not Just a Payment Gateway) When building a SaaS product, API platform, AI application, or cloud service, most teams start by integrating a payment gateway like Stripe or Paystack. That solves one important problem: Collecting payments. But collecting payments and managing billing are two completely different challenges. As products grow, pricing becomes more sophisticated. Customers expect usage-based billing, flexible subscriptions, prepaid credits, seat-based pricing, tiered plans, and transparent invoices. Suddenly, the billing logic inside the application becomes one of the most complex parts of the entire system. This is why more engineering teams are separating payment processing from billing infrastructure . Payment Processing vs Billing Infrastructure A payment gateway is responsible for moving money. A billing platform is responsible for determining what should be charged, when it should be charged, and why it should be charged. Although these responsibilities often get grouped together, they solve very different problems. Payment providers typically handle: Payment authorization Card processing Refunds Payment retries Bank settlements Customer payment methods A billing engine manages: Usage metering Subscription billing Pricing rules Billing cycles Invoice generation Revenue analytics Customer usage tracking Payment orchestration Multi-gateway billing Proration Credits and quotas Keeping these responsibilities separate makes systems easier to maintain, easier to scale, and much more flexible when pricing changes. Why Billing Logic Doesn't Belong Inside Your Application Many engineering teams start with a simple subscription model. Then the business evolves. Suddenly the product needs to support: API usage billing AI token billing Storage billing Compute billing Per-seat pricing Hybrid subscriptions Enterprise contracts Prepaid credits The application slowly becomes filled with billing-specific code. Developers

2026-07-08 原文 →
AI 资讯

Deploy Code By Using AWS Continuous Integration And Continuous Delivery (CI/CD) Services | 🏗️ Build A Complete CI/CD Pipeline

Exam Guide: Developer - Associate 🏗️ Domain 3: Deployment 📘 Task 4: Deploy Code By Using AWS Continuous Integration And Continuous Delivery (CI/CD) Services This task tests your ability to build and manage CI/CD pipelines using AWS developer tools. You need to understand how CodeCommit, CodeBuild, CodeDeploy, and CodePipeline work together, how to write buildspec and appspec files, how deployment strategies differ, and how to configure automatic rollbacks. Deployment strategies for Lambda and EC2, SAM deployment preferences, and pipeline orchestration. 📘 Concepts AWS CI/CD Pipeline Overview The four AWS developer tools form a complete CI/CD pipeline: Service Role Input Output CodeCommit Source control Git push Source artifact CodeBuild Build and test Source artifact Build artifact CodeDeploy Deploy Build artifact Running application CodePipeline Orchestration Trigger (push, schedule) Coordinated pipeline execution How they connect: CodeCommit (source) → CodeBuild (build/test) → CodeDeploy (deploy) ↑ | └──────── CodePipeline (orchestrates all) ─────┘ 💡CodePipeline is the orchestrator. It doesn't build or deploy anything itself. It connects stages (source, build, test, deploy) and manages transitions between them. Each stage can use different providers (GitHub instead of CodeCommit, Jenkins instead of CodeBuild, etc.). CodeCommit Fundamentals Feature Details What It Is Managed Git repository hosted in AWS Authentication HTTPS (Git credentials or credential helper) or SSH (SSH keys) Encryption Encrypted at rest (AWS managed keys) and in transit (HTTPS/SSH) Triggers SNS notifications or Lambda functions on repository events Cross-account Use IAM roles with AssumeRole for cross-account access Branching Standard Git branching: main, develop, feature branches 💡CodeCommit supports triggers for push events that can invoke Lambda functions or send SNS notifications. This is different from CodePipeline's source stage: triggers are repository-level events, while CodePipeline po

2026-07-08 原文 →
AI 资讯

AWS Is Not Simpler. Agents Just Got Better at Reading It.

I optimized my architecture for the wrong model. I used to think black-box infrastructure was the right abstraction for AI-driven development. Vercel, Supabase, Cloudflare Workers — a sharp contract in front, a managed backend behind — felt like the obvious fit. The less an agent had to reason about, the fewer places it could get lost. Give it a clean interface, hide the messy backend, move fast. I still think that was right for the agents we had last year. I don't think it's right for the agents we're starting to use now. The shift is not that AWS got simpler. It didn't. Setup still takes longer, CI/CD takes more work to wire, and cost control has real limits. The shift is that agents got better at reading complexity — and once an agent can actually use a large structured context, the things I treated as overhead (resources, provider schemas, IAM policies, explicit queues, explicit alarms, explicit networks) become the highest-signal context I can hand it. To keep this concrete, I'm holding the tool constant. This is HCL/Terraform on AWS vs HCL/Terraform on Cloudflare — same language, same workflow, two providers. The inversion Agents are… Best served by… Context-poor (last year's loops) Black boxes — shrink the surface, hide the backend Context-rich (now) Inspectable systems — describe everything as code The one-line version: The better agents get at reading, the more valuable explicit infrastructure becomes. I didn't become more pro-AWS because AWS got easier. I became more pro-AWS because agents got better at reading it. Same Terraform, two providers The interesting comparison isn't AWS-elegance vs Cloudflare-elegance. It's how much of the infrastructure topology and operational contract an agent can reconstruct from the HCL plus the provider schema alone. Terraform × AWS Terraform × Cloudflare Provider maturity AWS provider is about as battle-tested as IaC gets; enormous public corpus of modules/examples v5 is a ground-up, OpenAPI-generated rewrite — improving

2026-07-07 原文 →
AI 资讯

Your AI Workloads Are the New Cloud Sprawl — And Nobody Is Watching

AI is coming for your cloud budget before it comes for your job. Everyone is talking about what AI will do to engineers. Nobody is talking about what AI services are doing to cloud bills right now. Every team is spinning up AI workloads. LLM endpoints; vector databases; GPU instances; embedding pipelines. All of them expensive. Most of them ungoverned. I have seen environments where AI service costs doubled in 30 days because nobody set a budget limit. No alerts. No guardrails. Just an invoice that surprised everyone at month end. This is the new cloud sprawl. But instead of forgotten EC2 instances it is uncontrolled AI API calls and model inference costs running 24/7. The same discipline that applies to cloud infrastructure applies here. Who is allowed to spin up AI services. What models are approved for use. How are API keys being managed. Are there rate limits in place. Is anyone reviewing the cost daily. AI governance in the cloud is not an AI problem. It is a cloud security and FinOps problem wearing an AI hat. The teams that win with AI are not the ones moving fastest. They are the ones who built guardrails before the bill arrived. Govern your AI workloads the same way you govern everything else in your cloud. Before the invoice does it for you.

2026-07-07 原文 →
AI 资讯

Scaling Terraform Infrastructure Beyond a Single Team

When a single engineer manages all the Terraform in an organisation, everything is simple. One repo, one state, one pipeline, one set of credentials. There's no coordination overhead because there's no one to coordinate with. That stops working the moment a second team needs to deploy infrastructure. And by the time you have three or four teams — networking, platform, application, security — the single-team model is actively slowing everyone down. This guide covers what breaks, how teams typically work around it, and how to set up a structure where each team owns their slice of infrastructure independently. What breaks State lock contention Terraform's state locking is per-state. When the networking team is running terraform plan , the application team's pipeline is blocked — even though they're changing completely unrelated resources. The more teams share a state, the more time everyone spends waiting. Blast radius A junior engineer deploying a new application service shouldn't be able to accidentally destroy the VPC. But if application resources and networking resources share a state, a single misconfigured terraform apply can touch anything. Code review catches some of this. Not all of it. Credential sprawl A shared pipeline needs credentials for everything — the networking team's Azure subscription, the application team's AWS account, the security team's DNS provider. Every team's secrets end up in one CI environment, accessible to anyone who can trigger a run. This fails most compliance audits. Approval bottlenecks In many organisations, one person or a small group gatekeeps all infrastructure changes. Every PR needs their review. Every apply needs their approval. The gatekeeper becomes a bottleneck not because they're slow, but because they're a single point of serialisation for all infrastructure work. Backend access as implicit access control Terraform has no built-in concept of per-team or per-workspace permissions. All workspaces in a backend share the sam

2026-07-06 原文 →
AI 资讯

Managing Terraform Across Multiple Cloud Providers

Most organisations don't live in a single cloud. You might run compute in AWS, DNS in Cloudflare, identity in Azure AD, and logging in GCP. Terraform handles each provider fine on its own, but the moment you need to coordinate across providers the tooling fights you. This guide walks through the common pain points of multi-cloud Terraform setups and the approaches teams use to cope — then shows how Snap CD makes cross-cloud dependency management a solved problem. Where it gets difficult Credential sprawl Each cloud provider has its own authentication mechanism. AWS uses IAM roles and access keys. Azure uses service principals and managed identities. GCP uses service accounts and workload identity federation. A single Terraform state that spans providers needs credentials for all of them — which means your CI runner or developer workstation holds keys to everything. That's a security problem. A compromised CI pipeline with AWS and Azure credentials exposes both clouds simultaneously. And it's an operational problem — rotating credentials means updating every pipeline that touches that state. This problem compounds at scale: Terraform couples provider processes tightly to credentials , so managing hundreds of accounts across clouds means spawning thousands of provider processes, which quickly becomes unmanageable. Provider version conflicts Terraform providers are versioned independently. Upgrading the AWS provider to fix a bug in aws_eks_cluster shouldn't require you to also test a new version of the Azure provider. But when they share a state, a terraform init -upgrade pulls new versions for everything, and a regression in one provider blocks all deployments. Terraform also lacks built-in support for instantiating multiple providers with a loop and passing providers to modules in for_each , making multi-cloud configurations especially verbose and repetitive. Blast radius across clouds A misconfigured terraform apply in a single-cloud state damages resources in one c

2026-07-06 原文 →
AI 资讯

Cloudflare and AWS Embed x402 Agent Payments at the Edge

Cloudflare and AWS both implemented x402 stablecoin micropayments at their edge networks within two weeks. The open protocol under the Linux Foundation revives HTTP 402 for agent-to-service payments with sub-cent transaction costs. Coinbase reports 169 million transactions in year one. Enterprise tax and invoicing gaps remain unresolved. By Steef-Jan Wiggers

2026-07-06 原文 →
AI 资讯

Calculating On-Premises vs. Cloud Cost Break-Even for Small Businesses with Stable Workloads (5–7 Years)

Introduction: When Does On-Premises Outpace the Cloud? For small businesses like ComputeLabs , the decision between on-premises servers and cloud services isn’t just about cost—it’s about predictable stability versus elastic flexibility. With stable workloads (websites, email, file storage, backups, internal apps), the question narrows: Does a one-time server purchase amortized over 5–7 years beat monthly cloud bills? The answer hinges on a total cost of ownership (TCO) analysis , where upfront CAPEX collides with recurring OPEX , and hidden costs lurk in both models. The CAPEX vs. OPEX Tug-of-War On-premises servers demand a high initial investment —hardware, software licenses, setup. For a small business, this could mean $5,000–$15,000 upfront , depending on specs. Cloud services, in contrast, operate on a pay-as-you-go model , with monthly costs averaging $100–$500 for similar workloads. But here’s the catch: Cloud costs compound. Over 5 years, that’s $6,000–$30,000 —potentially double the on-premises CAPEX. The break-even point? When the cumulative cloud spend exceeds the depreciated server cost , typically 3–4 years in , assuming no major upgrades. Hidden Costs: The Silent Budget Killers On-premises servers aren’t just a one-time buy. Electricity (a 2U server consumes ~ 500W/hour , costing ~ $400/year ), cooling (fans degrade, heat expands components, shortening lifespan), and maintenance (disk failures, OS patches) add $500–$1,000/year. Cloud services mask these costs but introduce their own: data egress fees (AWS charges $0.09/GB for outbound transfers), premium support ( $100+/month ), and vendor lock-in (migrating data is costly). The edge case? Regulatory compliance —if data must stay on-premises, cloud costs become irrelevant, but self-managed security (firewalls, patches) becomes a non-negotiable expense. Scalability vs. Stability: The Workload Paradox Cloud’s elasticity is its strength—but for stable workloads, it’s overkill. An on-premises server sized

2026-07-06 原文 →
AI 资讯

AWS Introduces Amazon S3 Annotations

AWS recently announced Amazon S3 Annotations, a feature that lets teams attach rich, searchable context such as summaries, classifications, compliance data, or AI-generated insights directly to S3 objects. Annotations can be updated independently of the object and queried across datasets, reducing the need for separate metadata systems. By Renato Losio

2026-07-05 原文 →
AI 资讯

Identity Is the New Perimeter: Why AI Agents Break Zero Trust

For years, Zero Trust architectures were designed around one assumption: Humans make the decisions. That assumption is breaking apart. Autonomous AI agents can now query databases, trigger workflows, call APIs, and interact with other systems without direct human involvement. Modern AI systems no longer just generate text. They execute actions inside enterprise environments. When an AI agent can operate on behalf of a user inside your cloud infrastructure, its identity becomes just as critical as any human identity. And that fundamentally changes the security model. The Rise of Tool Calling Platforms like Amazon Bedrock Agents have changed the architecture of enterprise AI. These systems can now interpret a user request, decide which tools are required, and autonomously execute backend operations through Lambda functions, APIs, databases, and external services. A simple prompt can trigger an entire chain of actions. Example Workflow User Prompt: "Summarize customer complaints from the last 30 days." Agent Actions: Query the CRM database Call the analytics API Pull support ticket data Generate a report Powerful for productivity. Extremely dangerous if not properly secured. The New Attack Surface A single successful prompt injection can completely hijack an agent’s behavior. With overly broad permissions, an attacker can force it to: Access sensitive customer data Execute unauthorized API calls Modify records Trigger privileged backend workflows The risk becomes even worse in multi-agent systems. A compromised customer-facing agent can pass malicious instructions to a highly privileged backend agent. Traditional network perimeters and security tools often miss this entirely because the traffic comes from a trusted internal service. Why Traditional Zero Trust Falls Short Classic Zero Trust was designed for human behavior and relatively predictable access patterns. AI agents operate differently: They act autonomously and at machine speed They make decisions without real

2026-07-05 原文 →
AI 资讯

Peak Load Is the Steady State

The product drop had been planned for months. The direct-to-consumer subscription business had run three separate load tests, provisioned extra capacity for the launch window, and staffed a warroom across two time zones. The drop itself went cleanly. Two hours in, an unrelated video from a creator with a large following mentioned the product without warning, and the sign-up flow collapsed under a rush of new members for twenty-eight minutes. Customers were told the site was busy and to try again later. Some did. Most did not. The refund exposure was manageable. The customer acquisition exposure was not. What went wrong is not the interesting question. The system was under-provisioned for a specific traffic shape it had not seen before, and the team fixed it. The interesting question is what happened seven weeks later. A weather event redirected a wave of app traffic in an entirely different sector, at midnight on a Tuesday, without any warning. That system held, because a small group of engineers had spent those seven weeks quietly rebuilding assumptions about when peak load happens and what it looks like. The lesson from the product drop was not "provision more capacity for product drops." The lesson was that the mental model of peak load as a scheduled event had stopped being useful. This is another post in our series on the engineering layer underneath enterprise strategy. The previous post ( Sovereignty Versus Efficiency ) argued that sovereignty has become an architectural property that procurement cannot solve on its own. This post makes an analogous argument about load. Across banking, media, retail, travel, restaurant chains, and sport, the architectures built to survive named events are increasingly the wrong architectures for the traffic these businesses now routinely encounter. The discipline required has moved closer to what telecommunications engineers have always done, while the cost models have not caught up. What peak load used to mean For most of th

2026-07-03 原文 →
AI 资讯

Introducing Scale: SurrealDB Cloud, built for high availability and scale

Author: Tobie Morgan Hitchcock Today we're launching Scale, a new tier of SurrealDB Cloud built for the workloads you can't afford to have go down. Our first tier, Start, was designed for building and shipping fast. Scale is designed for what happens next: production traffic, uptime commitments, and the kind of resilience your users never notice because there are always available nodes. It's the tier for teams running SurrealDB as the scalable context layer behind real applications and AI agents in production. What you get with Scale Scale is about one thing: keeping your database available and consistent under real-world conditions. Highly-available, fault-tolerant clusters. Scale runs your database as a multi-node cluster designed to survive node and infrastructure failures without dropping writes or losing consistency. A single point of failure is no longer a single point of downtime. Multiple availability-zone deployment. Your cluster is distributed across multiple availability zones, so even the loss of an entire zone doesn't take your database with it. Traffic keeps flowing while the cluster recovers in the background. Horizontal scale. As demand grows, Scale grows with it. Add capacity by scaling out across nodes rather than being capped by the size of a single machine. Start with three nodes, and keep adding to scale your application or agent's needs. See more information about SurrealDB Cloud Scale architecture here . Built on SurrealDS Scale is powered by SurrealDS , SurrealDB's distributed storage engine and the foundation that makes all of this possible. SurrealDS is a new generation distributed storage architecture, rethought from first principles. Instead of coupling storage to compute on a single box or to a proprietary cloud tier, SurrealDS embeds consensus directly in SurrealDB nodes and separates the two layers cleanly. Here's what that architecture gives you. Architecture overview Compute and storage separation. Scale compute for QPS and storage f

2026-07-02 原文 →
AI 资讯

Autonomous Workspace Orchestration with Antigravity 2.0

Even the most advanced enterprise systems are tethered to a costly paradox: manual bottlenecks that introduce critical errors, security risks, and slow innovation. These hidden operational anchors are the friction preventing your organization from realizing its full potential. The Challenge: Manual Bottlenecks in Modern Enterprise Operations In an era defined by cloud-native architectures, microservices, and declarative infrastructure, a persistent and costly paradox remains at the heart of enterprise operations. We have built systems capable of immense scale and resilience, yet they are often tethered to manual, human-driven processes that act as operational anchors. These bottlenecks aren't just minor inefficiencies; they are critical points of failure, introducing latency, human error, and security vulnerabilities into our most important workflows. They represent the friction that slows down innovation, drains resources, and prevents organizations from realizing the full potential of their digital investments. Before we can orchestrate an autonomous workspace, we must first dissect the anatomy of these manual constraints. Identifying the High Cost of Manual Invoice Reconciliation To ground this challenge in reality, consider a ubiquitous and deceptively complex business process: accounts payable invoice reconciliation. On the surface, it seems simple. In practice, it's a classic example of a high-friction, manual workflow that silently bleeds enterprise resources. The typical process is a gauntlet of context-switching and swivel-chair integration: An invoice arrives, often as a PDF attached to an email, with no standardized format. A finance professional must manually open the document and visually identify key data points: invoice number, date, vendor, line items, and total amount. They then pivot to an ERP system like SAP or NetSuite to find the corresponding Purchase Order (PO). Next, they might need to access a separate logistics or warehouse management syste

2026-07-02 原文 →