AI 资讯
Launching a Website on AWS in 2026: The Complete Guide for All Skill Levels
Launching a fast, secure, and scalable website no longer requires thousands in upfront server costs or dedicated DevOps teams. As of 2026, AWS powers 32% of the global public cloud market, offering flexible hosting options for every use case: from a 1-page personal portfolio to a high-traffic enterprise e-commerce platform. Whether you’re a beginner building your first site or a senior developer launching a production SaaS app, AWS lets you pay only for resources you use, with built-in tools for global performance, security, and automated deployments. This guide breaks down every AWS website hosting option, walks you through step-by-step setup for the most cost-effective popular stack, shares security best practices, and includes a transparent cost breakdown to help you avoid unexpected bills. Table of Contents How to Choose the Right AWS Website Hosting Option for Your Use Case Step-by-Step Guide: Launch a Static Website on AWS (S3 + CloudFront + Route 53) Deploy Modern Web Apps Faster with AWS Amplify Hosting Dynamic Website Hosting Options on AWS Critical Security Best Practices for AWS-Hosted Websites AWS Website Hosting Cost Breakdown (2026) Common Mistakes to Avoid When Launching a Website on AWS Conclusion References How to Choose the Right AWS Website Hosting Option for Your Use Case First, classify your website to pick the most cost-effective, low-overhead stack: Static vs Dynamic Websites Static websites : Made of pre-built HTML, CSS, JS, and media files with no server-side processing. Ideal for portfolios, landing pages, blogs, documentation, and marketing sites. Dynamic websites : Process user input, serve personalized content, or connect to databases. Ideal for WordPress, e-commerce, SaaS apps, social platforms, and membership sites. Quick Use Case Mapping Website Type Recommended AWS Stack Small static site / portfolio S3 + CloudFront + Route 53 Modern React/Next.js/Vue app with CI/CD AWS Amplify Small WordPress / LAMP stack site Amazon Lightsail Custo
AI 资讯
Amazon S3 Doesn't Hope Hardware Won't Fail. It Assumes It Already Has.
Most engineers build distributed systems hoping nothing breaks. Amazon S3 was engineered under the opposite assumption: that something is already broken, right now, and the system needs to be fine with that. That one mindset shift explains almost everything about how S3 works — and why it's one of the most reliable pieces of infrastructure on the planet. I went through a deep-dive conversation with Mai-Lan Tomsen Bukovec, VP of Data and Analytics at AWS, and extracted the engineering philosophy underneath the product. Not the marketing version. The real one. Here's what actually matters. 1. Hardware failure is not an emergency. It's Tuesday. S3 manages hundreds of exabytes of data across tens of millions of hard drives, spread across 120 Availability Zones in 38 AWS Regions. It currently stores over 500 trillion objects. At that scale, something is always failing. A disk here. A rack there. An availability zone every now and then. The math is unforgiving. So the S3 team made a deliberate architectural decision early: stop treating failure as an exception. Design it into the system as the baseline state. This means dedicated auditor and repair microservices run continuously in the background — not when something goes wrong, but always. They scan the entire fleet, inspect every byte of data, detect discrepancies, and trigger repairs automatically. No human in the loop. No incident ticket. No war room. There's also a specific property they engineer for called crash consistency — the system is designed so that after any fail-stop event, it automatically returns to a valid state without manual intervention. The failure happens. The system continues. Those two things are not in conflict. The system heals itself because it was designed to assume it's already sick. If you're building distributed systems and your failure handling is reactive — you only respond after something breaks — you've already lost. Design the repair loop as a first-class citizen, not an afterthought.
AI 资讯
AWS Types of Databases: The Complete 2026 Guide for Developers
If you’re building a generative AI chatbot, global e-commerce platform, or industrial IoT solution in 2026, picking the wrong database can sink performance, blow your budget, or delay your launch. For years, teams relied on one-size-fits-all relational databases for every workload, but modern applications demand specialized tools for specific use cases. AWS solves this challenge with 15+ purpose-built database engines across 8 distinct categories, optimized for performance, scalability, and cost efficiency for every imaginable workload. This guide breaks down every AWS database type, its core features, real-world use cases, and 2026 best practices to help you choose the right tool for your next project. Table of Contents Why Purpose-Built Databases Are the Standard in 2026 AWS Database Categories: A Deep Dive 2.1 Relational Databases 2.2 Key-Value Databases 2.3 In-Memory Databases 2.4 Document Databases 2.5 Graph Databases 2.6 Wide Column Databases 2.7 Time-Series Databases 2.8 Data Warehouse 2026 AWS Database Best Practices Common Mistakes to Avoid When Choosing AWS Databases Conclusion References Why Purpose-Built Databases Are the Standard in 2026 Modern workloads have vastly different requirements: a generative AI RAG system needs fast vector search, an IoT fleet needs high-throughput time-series data ingestion, and a global SaaS platform needs multi-region consistency with zero downtime. A single relational database cannot meet all these needs without tradeoffs. AWS purpose-built databases eliminate these tradeoffs by: Supporting open standard APIs to avoid vendor lock-in Offering serverless deployment options for all major engines Including built-in AI/ML and vector search capabilities Delivering up to 99.999% availability for mission-critical workloads Reducing TCO by 25-48% compared to self-managed or generic alternatives (per IDC) AWS Database Categories: A Deep Dive Relational Databases Relational databases store data in structured tables with fixed schema
AI 资讯
Week 2
Hello everyone! It has been a busy week, but I've made some exciting progress on my machine learning journey. Here is what I've been up to: Kaggle Orbit Wars & AWS I completed the baseline implementation for the Kaggle Orbit Wars competition and initially hit a score of around 1030. My score has dipped slightly over the past few days, so I am currently brainstorming ways to improve it. This week also marked my very first time using AWS! I used it to extract data for reinforcement learning. Transparency check: I spent exactly $7.58 USD on AWS resources during the process. Paper Reading & RL Insights I spent a lot of time reading research papers this week. AlphaZero: I was initially excited about using the self-play mechanism from AlphaZero. However, because this specific game has rock-paper-scissors dynamics, standard self-play might not work effectively. AlphaStar: This led me to the AlphaStar paper, which uses self-play combined with League Training . The engineering behind AlphaStar is incredible. Two specific concepts really stood out to me: Pointer Networks and V-trace off-policy correction . I was also impressed by their use of an LSTM core to handle long-term memory. Next Steps Moving forward, I plan to leverage Kaggle, AWS, and GCP credits to train different components of my model. I am giving myself total freedom to experiment, imagine, and test unconventional solutions. Random life update to close out the week: I used to have long hair because I was insecure about my forehead, but I finally decided to shave it all off at home by myself. It honestly feels really weird right now, but it's a fresh start!
AI 资讯
I Built a CLI Tool to Delete Default VPCs Across All AWS Regions
This article is a machine translation of the contents of the following URL, which I wrote in Japanese: AWS 全リージョンのデフォルト VPC を一括削除する CLI ツールを作った #Python - Qiita はじめに こんにちは、ほうき星 @H0ukiStar です。 AWS アカウントを作成すると、デフォルト VPC と呼ばれる VPC が各リージョンに 1 つずつ作成されます。 このデフォルト VPC はパブリックサブネットのみで構成されており、これらのサブネットでは E... qiita.com Introduction Hello, I’m @H0ukiStar . When you create an AWS account, a VPC called the default VPC is automatically created in each region. This default VPC consists only of public subnets, and the default subnets are configured to automatically assign public IP addresses when launching EC2 instances. When launching an EC2 instance from the AWS Management Console, this default VPC is also selected by default, which can lead to resources being created with unintended network configurations depending on your environment. For this reason, if the default VPC is not needed in your organization’s network design, some teams choose to delete it in advance as part of their operational baseline. In this article, I’ll introduce a CLI tool I created to delete default VPCs across all available regions in an AWS account. CLI Tool for Deleting Default VPCs: aws-default-vpc-cleaner The tool is available in the following repository: H0ukiStar / aws-default-vpc-cleaner A tool to delete default VPCs and related resources across all AWS regions. AWS Default VPC Cleaner A tool to delete default VPCs and related resources across all AWS regions. AWSアカウント上のすべてのリージョンに存在するデフォルトVPCと関連リソースを削除するツール。 Features / 機能 Multi-Region Support / 複数リージョン対応 : Delete default VPCs across all AWS regions or specific regions / すべてのAWSリージョンまたは特定のリージョンのデフォルトVPCを削除 Dry Run Mode / ドライランモード : List resources without deleting them / 削除せずにリソースをリスト表示 Safe Deletion / 安全な削除 : Deletes resources in the correct order to avoid dependency issues / 依存関係の問題を回避するために正しい順序でリソースを削除 Multi-Language / 多言語対応 : Supports English and Japanese output / 英語と日本語の出力をサポート Verbose Mode / 詳細モード : Detailed logging of operations / 操作の詳細なログ出力 De
AI 资讯
Serverless Framework Deployment: Unleash the Power of AWS Lambda
Let me tell you exactly what happened the first time I tried to set up Lambda manually. Four hours. IAM trust policies I didn't fully understand, ARNs copy-pasted into the wrong fields, an API Gateway that was technically configured but somehow not routing anything correctly, and a deploy that failed with an error message pointing me nowhere useful. I hadn't written a single line of actual business logic yet. That's when someone on my team mentioned the Serverless Framework. My first reaction was honestly skepticism — another abstraction layer sounded like another thing to learn and eventually fight with. I was wrong about that. This isn't a "look how clean this tool is" post. It's more like: here's what I actually did to get a Postgres-backed CRUD API running on Lambda, step by step, including the parts that tripped me up. What the Framework Is Actually Doing Under the Hood Worth knowing before you start: the Serverless Framework isn't magic. It's generating CloudFormation templates and submitting them to AWS on your behalf. Your Lambda functions, API Gateway routes, CloudWatch log groups — all of it gets provisioned from a single config file. It works with other providers too, but the AWS integration is where it really earns its keep. The console clicking and manual ARN-wiring that burns time at the start of every serverless project? Gone. Same deploy workflow whether you're building a REST API, an event processor, or a cron job. Once you've done it once, the second project takes a fraction of the time. What You're Building Four live endpoints backed by PostgreSQL. A Users table. Create, read, update, delete — nothing exotic, but a real enough foundation that you can extend it into something actual once this guide is done. You'll need an AWS account, the AWS CLI installed, and the Serverless Framework installed before starting. That's it. Step 1: Sort Out Your AWS Credentials Run this to create both config files in one go: bash cat << EOF > ~/.aws/credentials [def
产品设计
How I Bridged AWS Face Liveness to Expo with a Native Module
AWS Face Liveness has native SDKs for iOS and Android. That works well if you are building fully...
产品设计
AWS Replaces Fat-Tree Data Center Networks with Random Graph Theory, Cutting Routers by 69%
AWS disclosed that Resilient Network Graphs, a flat network architecture based on quasi-random graph theory, is now the default for most new data center builds. The design replaces fat-tree hierarchies with direct ToR-to-ToR mesh connections using passive optical ShuffleBoxes, cutting routers by 69%, boosting throughput by 33%, and reducing network power consumption by 40%. By Steef-Jan Wiggers
AI 资讯
How we architected a FedRAMP Moderate boundary on AWS GovCloud for an AI SaaS
Draw the boundary first. Then write Terraform. A federal customer was ready to procure. The architecture was not. This is a redacted write-up of a real engagement: a FedRAMP Moderate authorization boundary built on AWS GovCloud for an AI SaaS vendor selling into federal buyers, against a customer-driven timeline tied to a fiscal year. The context The client ran production on commercial AWS with a strong engineering culture, modern Terraform practice, and zero prior federal experience. A federal customer had committed to procurement contingent on a FedRAMP Moderate path, with an aggressive deadline. The internal team understood the application deeply and had read enough FedRAMP material to know they were in trouble. The architecture decisions that worked beautifully for commercial customers each failed boundary review: shared accounts with the commercial environment a hosted vector store outside the cloud OpenAI behind the application an observability stack running outside the cloud account The remediation list grew faster than the team could keep up with, and the timeline did not move. They reached out for boundary architecture help. Not policy writing, not 3PAO selection. Engineering work to redesign the cloud footprint so the boundary could be drawn cleanly and the assessment could proceed. The approach: boundary before Terraform The most common FedRAMP failure pattern is to start with the existing environment and try to bend it to fit the boundary. We do not do that. The first deliverable was a boundary diagram drawn from scratch, before any IaC was touched, identifying every service inside, outside, and at the edge of the authorization boundary. From the boundary, every other architectural decision derived. The Terraform module library was written against the boundary, not the existing accounts. Identity federation, network architecture, KMS topology, and logging all followed. ┌─────────────────────────── FedRAMP Moderate Boundary (AWS GovCloud) ────────────────
AI 资讯
Cross Cloud A2A Agent Benchmarking
Building a Benchmarking Agent with A2A and MCP This tutorial aims to build and test benchmarking Agents using the A2A protocol across several mainstream Cloud providers. A Master Orchestrator Agent is exposed via MCP to allow Antigravity CLI to be used as a MCP client to co-ordinate the benchmarks. Deja Vu — What is Old is New! This paper is a re-visiting of the original benchmark series with Gemini CLI over Node, GO, and Python: Cross Language A2A Agent Benchmarking with Gemini 3 and Gemini CLI In this updated version, the Antigravity CLI is used to push Rust Agents cross-cloud and co-ordinate Mersenne Prime Calculations. Why would I need Multi-Cloud Support? And Rust? Can’t I just use Python? Most mature Agent development tools and libraries are Python based. Python allows for rapid prototyping and evaluation of approaches. Python is also an interpreted language- which has trade-offs in memory safety, and performance. Other languages like GO and Rust offer high performance and memory safe operations. With a language neutral communication protocol — the actual Agent implementation of each Agent can be coded in the most appropriate language. What is this Approach actually Benchmarking? The high level goal was to measure the actual time spent running an algorithm in the native language code inside the A2A agent. Each language had a slightly different implementation due to the language syntax. After running the algorithm- each Agent was instructed to calculate and return the elapsed time for cross cloud comparison. What is the A2A protocol? The Agent2Agent (A2A) protocol, an open communication standard for AI agents, was initially introduced by Google in April 2025. It is specifically engineered to facilitate seamless interoperability within multi-agent systems, enabling AI agents developed by diverse providers or built upon disparate AI agent frameworks to communicate and collaborate effectively. A good overview of the A2A protocol can be found here: A2A Protocol Lan
AI 资讯
Getting Started with Vector Databases Using Amazon Aurora PostgreSQL + pgvector
Hello! I'm Satoshi Kaneyasu, DevOps engineer at Serverworks. In this article, I'll introduce the basic concepts and terminology of vector databases for those who are just starting to learn about them. Target Audience This article is aimed at beginners to vector databases. You may have heard that vector databases are related to LLMs and RAG, but aren't quite sure what they actually are. Think of this as written with that kind of reader in mind. What Is a Vector Database? A vector database is a database that stores data as vectors (arrays of numbers) and searches for data using "distance" or "similarity" between vectors. Traditional relational databases search for data using "exact match" or "partial match" (LIKE queries), but vector databases can search for things that are semantically similar . For example, searching for "weather in Tokyo" might return results like "temperature in Tokyo" or "weather conditions in Kanto" — data that differs as a string but is semantically related. Visualizing Vector Space In a vector database, all data is represented as points in a multidimensional space. When searching, the query is also converted into a vector, and data that is "close in distance" within that space is retrieved. This diagram represents it in two dimensions, but in a real vector database, proximity and distance are defined across many dimensions. Use Cases for Vector Databases Vector databases are used across a wide range of applications: Use Case Description RAG (Retrieval-Augmented Generation) Knowledge base search to provide external knowledge to LLMs. Allows internal documents and up-to-date information to be reflected in LLM responses Semantic Search Searching internal documents or FAQs by meaning rather than keywords. Handles spelling variations and synonyms Recommendation Recommending products and content whose vectors are close to a user's preference vector. Used as an alternative or complement to collaborative filtering Image Search Searching for similar im
AI 资讯
Implement Encryption By Using AWS Services | 🏗️ Create A KMS Customer Managed Key
Exam Guide: Developer - Associate 🏗️ Domain 2: Security 📘 Task 2: Implement Encryption By Using AWS Services. Encryption shows up everywhere, especially on this exam. S3, DynamoDB, SQS, Lambda environment variables, RDS, and more. You need to know the difference between client-side and server-side encryption, how KMS works, and when to use each approach. 📘Concepts Encryption at Rest vs Encryption In Transit Encryption At Rest Data stored on disk: S3 Objects, DynamoDB tables, EBS volumes, RDS databases. Encryption In Transit Data moving between services or between client and server: HTTPS, TLS, VPN. Where At Rest In Transit S3 SSE-S3, SSE-KMS, SSE-C HTTPS (enforced via bucket policy) DynamoDB Encrypted by default (AWS owned or KMS) HTTPS (always) RDS KMS encryption SSL/TLS connections SQS SSE-KMS HTTPS Lambda env vars KMS (default + optional CMK) HTTPS KMS Key Types Type Managed By Cost Use Case AWS owned keys AWS Free Default encryption (DynamoDB, S3 SSE-S3 ) AWS managed keys AWS (in your account) Free (per-use charges) aws/s3 , aws/dynamodb (you can't manage them) Customer managed keys (CMK) You Monthly + per-use Full control: rotation, policies, cross-account Envelope Encryption KMS can only directly encrypt up to 4 KB . For larger data, it uses envelope encryption: 1. KMS generates a data key (plaintext + encrypted copy) 2. You encrypt your data with the plaintext data key 3. You store the encrypted data key alongside the encrypted data 4. You discard the plaintext data key from memory 5. To decrypt: KMS decrypts the data key → you decrypt the data The AWS Encryption SDK handles this automatically. Server-Side Encryption Options for S3 Option Key Management Use Case SSE-S3 AWS manages everything Simplest, no KMS costs SSE-KMS You control the KMS key Audit trail via CloudTrail, key policies SSE-C You provide the key with every request Full key control, AWS doesn't store the key Client-Side vs Server-Side Encryption Aspect Server-Side Client-Side Who encrypts AWS (
AI 资讯
Deploying a Next.js App to AWS with CI/CD Pipelines (Step-by-Step)
The first time I deployed a Next.js app to production, it took me three days. Not because the app was complicated — it was a straightforward portfolio site. It took three days because I had no idea what I was doing with AWS, I'd never written a GitHub Actions workflow, and every tutorial I found either skipped the hard parts or assumed I already knew them. By the time I was done, I had a deployment pipeline I was genuinely proud of: push to main, GitHub Actions runs the build, tests pass, the app deploys to an EC2 instance behind CloudFront. Zero manual steps. Zero downtime deploys. Total cost: about $5/month. This guide is the one I wish had existed. We're going to deploy a Next.js app to AWS from scratch — EC2 for compute, CloudFront for CDN, GitHub Actions for CI/CD — with every step explained so you understand what you're building, not just copying commands. Why AWS Instead of Vercel? This is a fair question. Vercel is genuinely excellent for Next.js, and for most projects it's the right call. You push, it deploys. Done. AWS makes sense when: You need to control the infrastructure (compliance, data residency, custom VPC configuration) You're running other services (databases, queues, lambdas) in AWS and want everything in the same network You want to learn infrastructure skills that transfer to enterprise environments Your app has specific performance requirements that benefit from custom CloudFront configuration You're a freelancer or consultant who wants to bill separately for infrastructure If none of those apply to you, use Vercel. This guide is for when they do. The Architecture Here's what we're building: ┌────────────────────────────────────────────────────────┐ │ GITHUB ACTIONS CI/CD │ │ │ │ Push to main → Build → Test → Deploy to EC2 │ └──────────────────────┬─────────────────────────────────┘ │ SSH deploy ▼ ┌────────────────────────────────────────────────────────┐ │ AWS EC2 INSTANCE │ │ │ │ Ubuntu 22.04 LTS │ │ Node.js 20 + PM2 (process manager) │ │ N
AI 资讯
Automatizando a Migração de Usuários e o Gerenciamento de IAM na AWS
Migrar 100 usuários manualmente no console da AWS é lento, suscetível a erros e impossível de auditar com precisão. Neste artigo você vai ver como automatizar esse processo usando AWS CLI e Shell Script direto no AWS CloudShell — sem instalar nada localmente. O resultado final: usuários criados, alocados nos grupos corretos e com MFA obrigatório, tudo em minutos. O que é o IAM? O AWS Identity and Access Management (IAM) é o serviço que controla quem pode acessar os recursos da sua conta AWS e o que cada pessoa ou serviço pode fazer. Com o IAM você gerencia: Conceito Descrição Usuário Identidade individual com credenciais próprias Grupo Conjunto de usuários que compartilham as mesmas permissões Política Documento JSON que define o que é permitido ou negado Role Identidade temporária assumida por serviços ou usuários A boa prática é nunca conceder permissões diretamente a um usuário — sempre use grupos. Visão geral da solução O fluxo é simples: Criar os grupos IAM no console Montar um arquivo CSV com os dados dos usuários Rodar um shell script no CloudShell que lê o CSV e cria tudo automaticamente Aplicar a política de MFA obrigatório nos grupos Passo 1 — Criar os Grupos IAM Antes de importar os usuários, os grupos precisam existir. No AWS Console , acesse IAM → User groups → Create group e crie um grupo para cada perfil do seu ambiente. Neste exemplo usaremos: RedesAdmin — administradores de rede LinuxAdmin — administradores de servidores Linux DBA — administradores de banco de dados Estagiarios — acesso limitado para estagiários Nomes de grupos suportam até 128 caracteres (letras, números e + = , . @ _ - ), são únicos por conta e não diferenciam maiúsculas de minúsculas. Passo 2 — Montar o arquivo CSV Crie uma planilha com os dados dos usuários e salve como CSV separado por vírgula (UTF-8) . O arquivo deve ter exatamente três colunas: Username , Group e Password . Username , Group , Password joao . silva , LinuxAdmin , Senha @2024 ! maria . souza , DBA , Senha @2024
AI 资讯
Building and Operating a Production-Style Kubernetes Platform on AWS Using kubeadm
Introduction Managed Kubernetes platforms such as Amazon EKS, Google Kubernetes Engine (GKE), and Azure Kubernetes Service (AKS) abstract away much of the operational complexity involved in running Kubernetes clusters. While this significantly improves developer productivity, it also hides many of the internal systems responsible for cluster orchestration, networking, node registration, and workload scheduling. As a result, many engineers interact with Kubernetes daily without fully understanding the components that keep a cluster operational behind the scenes. To better understand Kubernetes from an operational perspective, I set out to build and operate a self-managed Kubernetes platform on AWS using kubeadm. Unlike lightweight local environments such as Minikube or kind, kubeadm bootstraps Kubernetes in a way that closely resembles how real-world self-managed clusters are provisioned and operated. The objective of this project was not simply to install Kubernetes, but to explore: How the control plane components interact. How worker nodes register with the cluster. How Kubernetes networking behaves. How cloud integrations work. How traffic reaches workloads running inside the cluster. How operational failures surface during deployment and runtime. How production-style systems behave beneath managed abstractions. This article documents the architecture, implementation process, engineering decisions, operational lessons, and troubleshooting insights encountered during the effort to bring the platform to a healthy operational state. Project Objectives The primary objectives of this project were to: Provision infrastructure on AWS using Terraform. Bootstrap a self-managed Kubernetes cluster using kubeadm. Configure Kubernetes networking using Calico. Integrate Gateway API with AWS Load Balancer Controller. Expose workloads externally using AWS Application Load Balancers. Validate cluster functionality through application deployment. Understand the operational mechani
AI 资讯
S3 zipper challenge: a parallel zip assembly that beats the single Lambda approach
I recently read Jérémie Rodon's excellent article On-Demand Archives on S3 , where he describes an elegant Rust solution for zipping 3,000 × 5MB files from S3 within a single Lambda function. His approach is impressive: streaming a ZIP archive through a custom Rotating Slab Buffer, saturating bandwidth with concurrent downloads, all within 512MB of RAM. The result: 3 minutes 35 seconds . I thought it was a good challenge to reach better performance. His article ends with an open invitation: "do you think you can do better with your favorite language?" Well, my favorite language is not Rust nor Go nor.. however, I'm fluent in serverless ;) so I took a different angle entirely. A Different Approach: Why Not Parallelize the Problem? Jérémie's constraint was a single Lambda. That's elegant, but it means you're bound by one machine's network bandwidth (~600 Mbps). No matter how perfect your streaming is, physics wins: 15GB at 600 Mbps ≈ 200 seconds minimum. My question was: what if we break that single-machine bottleneck? The key insight is that ZIP files in STORE mode (no compression) have deterministic byte offsets . Each entry is exactly 50 + len(filename) + filesize bytes (local header + ZIP64 extra field + data). If you know all filenames and sizes upfront, you can pre-calculate exactly where every file will land in the final archive, before downloading a single byte. This means independent workers can each build their portion of the zip in parallel, and S3's multipart upload lets them write their chunks independently (parts can be uploaded in any order by different processes sharing the same upload ID). Architecture Planner Lambda → Step Functions Distributed Map → N Worker Lambdas → Finalizer Lambda │ │ │ │ │ │ CreateMultipartUpload │ │ │ UploadPart (parallel) │ CompleteMultipartUpload ▼ ▼ ▼ ▼ ▼ S3 Output Bucket Planner : Lists all source files, computes zip byte offsets, initiates multipart upload, divides work into balanced batches (equal data volume per worker)
AI 资讯
A Trailing Slash Bypassed AWS API Gateway Authorization
A security researcher found that adding a trailing slash to AWS HTTP API paths bypassed Lambda authorizer authentication entirely, enabling unauthenticated wire transfers at a fintech. The root cause is a path normalization mismatch between HTTP API's greedy route matching and its authorization layer. The same vulnerability class appeared in gRPC-Go via CVE-2026-33186. By Steef-Jan Wiggers
AI 资讯
How I passed the AWS Security Specialty and how you can too
Introduction to AWS certifications First things first, lets understand what the AWS Security Specialty certification is and where it fits in the AWS certification ecosystem. AWS certifications are divided into levels, each one targeting a different stage of your journey: Practitioner Associate Professional Specialty The practitioner level is where most people start. It focuses on foundational cloud concepts and basic AWS knowledge. As of today, there are two certifications at this level: AWS Cloud Practitioner AWS AI Practitioner The Cloud Practitioner covers core concepts like IAM, security, availability, pricing, and general cloud architecture. The AI Practitioner follows a similar structure, but focused on AI concepts and AWS AI services. The associate level is where things start to get more practical. At this level, you are expected to understand how to design and build solutions using AWS services. Some well-known certifications here are: Solutions Architect Associate Developer Associate SysOps Administrator The professional level goes much deeper. Here, you are expected to design complex architectures, handle trade offs, and make decisions based on real world constraints. The main certifications are: Solutions Architect Professional DevOps Engineer Professional Finally, we have the specialty certifications. These are focused on specific domains and require deep knowledge in a particular area. Examples include: Security Specialty Machine Learning Specialty (Retired) Advanced Networking Specialty And this is exactly where things start to get serious. At this level, AWS is no longer testing if you understand the services. It's testing if you can actually apply them in complex, real world scenarios. What it is and who this certification is for The AWS Security Specialty is one of the most difficult certifications in your AWS journey. This exam expects that you already know the basics and are comfortable with complex and long detailed scenarios that you often come
AI 资讯
How I Use Kiro: A Teammate, Not an Autopilot
1. Why I use Kiro I've been using Kiro for almost 1 year now, I'm using it as a Cloud Architect and also to build side projects for fun. The main reason I use Kiro over other tools is how it works with you as an engineer. Over the months, I've noticed certain patterns in how I use Kiro. Let's go over them: Index 1. Why I use Kiro 2. Pair Programming with Kiro 3. Repeatable workflows as Skills 4. Using Plan, Specs and Agents 5. Council of agents 6. Documentation, Documentation, Documentation Final thoughts 2. Pair Programming with Kiro The most common way that I use Kiro is in Pair Programming. Pair Programming is when there are 2 developers working together on the same task, they can work in tandem or one of them can be the one guiding/planning while the other one does the code. In my case, with Kiro, I'm the one doing the guiding and planning while Kiro is the one executing and implementing the code. I'm also using Kiro as my rubber duck. If I have a new idea or I'm working on a blocking bug, I talk to Kiro so it can give me a different point of view, investigate and steer me into good practices. The main reason for me to do it this way is because once the session is over, I can run a prompt/skill to record everything from the session: Kiro, summarize this session and save it into a .memory folder with the format yyyymmdd and as a markdown So then everything that we've done is going to be recorded there. Do you remember everything that you've done yesterday? Maybe. But what about last week? And what about one month ago? I definitely don't remember it. In the classic Software Development Life Cycle, we have tickets, and we have a way that we can recall all this information, but the more detailed context of why you did it is going to be completely missed. Now, with tools like Kiro, this is possible to remember. You just have a .memory folder where you summarize all your sessions. So in the future, we could have a situation like this: Oh, I don't remember what changes
AI 资讯
Your RL Agent Failed a 12-Step Task. Which Step Was Wrong? (The Supervision Problem in Agentic RL)
About this series. I'm going to take a fresh paper - Self-Distilled Agentic Reinforcement Learning (SDAR, arXiv:2605.15155 ) - and architect it end to end on AWS: the system design, the actual gate code, the evaluation plan, and a brutally honest cost model. What I'm not going to do is wave a benchmark number around. Reproducing a paper like this costs thousands in GPU time, and I'd rather show you the machinery than a screenshot you can't audit. The design is the deliverable. This is Part 1. A small, infuriating problem Picture an LLM agent working a web-shopping task. It reads the goal, searches, clicks a category, filters, opens a product, compares, adds to cart - twelve steps in all. At the end, it bought the wrong thing. So you do what reinforcement learning tells you to do: you score the trajectory. Reward = 0. Bad agent. Now answer this: which of the twelve steps was actually wrong? Maybe step 3, the search query, was fine and step 9, a filter choice, doomed everything. Maybe steps 1–11 were brilliant and step 12 fat-fingered the wrong button. Your single scalar reward has no idea. It punishes all twelve equally, including the eight that were correct. That's the supervision problem in agentic RL, and it's the thing this whole series is about. Why "just use RL" isn't enough for agents RL has become the default way to post-train LLM agents. The catch is that the reward usually lands at the trajectory level - one number for the entire multi-step episode. For a single-turn task ("answer this question"), that's tolerable; the action and the outcome are close together. For a long-horizon agent - ten, twenty, fifty turns of searching, calling tools, and reacting to an environment - it's a disaster of credit assignment . The signal is too coarse to tell the model which decisions earned the reward and which torpedoed it. You can throw more episodes at it and let statistics sort the credit out eventually. But "eventually" on a 30-turn task burns a lot of expensive comp