AI 资讯
Presentation: The Infrastructure Challenge Behind Production AI
The panelists explain the realities of running AI systems reliably at scale. While building models is solved, maintaining production databases under constant pressure is not. They discuss the emerging architectural decisions separating teams that scale gracefully from those facing catastrophic outages, and what engineering leaders must rethink today. By Simerus Mahesh, Alex Infanzon, Meryem Arik, Luca Bianchi, Renato Losio
AI 资讯
Splitting a Terraform Monolith into Smaller States
If your Terraform plans are slow, your blast radius is too wide, or multiple teams are stepping on each other's changes, it's time to split your monolith. See The Problem with Large Terraform States for how to diagnose whether you've reached that point. This guide walks through the process of breaking a monolithic Terraform state into smaller, focused states — and how Snap CD can manage the dependencies between them so you don't have to. The approach 1. Identify natural boundaries Look at your resources and group them by lifecycle and ownership. Common boundaries: Networking — VPCs, subnets, route tables, NAT gateways. Changes rarely, underpins everything. DNS — Zones, records. Usually owned by a platform team. Compute — Kubernetes clusters, VM scale sets, container services. Changes more often, depends on networking. Application infrastructure — Databases, caches, queues, storage accounts. Owned by application teams. Monitoring — Dashboards, alerts, log sinks. Changes frequently, depends on everything but nothing depends on it. A useful test: if two resources would never be changed in the same PR by the same person, they probably belong in different states. 2. Map the dependencies Before you move anything, draw the dependency graph. Which groups produce values that other groups consume? networking dns │ ▲ ▼ │ compute ──────────►─┘ │ ▼ application │ ▼ monitoring The outputs that cross these boundaries are what you'll need to wire up after the split. Typical examples: Networking → Compute: vpc_id , private_subnet_ids Compute → DNS: load_balancer_ip Compute → Application: cluster_endpoint , cluster_ca_certificate Application → Monitoring: database_id , cache_name 3. Use terraform state mv to migrate resources Terraform's state mv command lets you move resources from one state to another without destroying and recreating them. # Initialize the destination state cd modules/networking terraform init # Move resources from the monolith to the new state terraform state mv \
AI 资讯
The Problem with Large Terraform States
At some point every growing Terraform project hits a wall. Plans that used to finish in seconds now take minutes. Applies feel risky because hundreds of resources share a single blast radius. Colleagues avoid running terraform plan because it hammers cloud APIs hard enough to trigger throttling. The state file itself becomes a liability — large, slow to lock, and one bad write away from corruption. This guide covers the symptoms of an oversized state, the band-aids teams reach for, and the structural fix that actually works. How Terraform state works under the hood Every terraform plan does two things: Refresh — for every resource in state, Terraform calls the provider's API to read the current real-world status. A state with 500 resources means 500+ API calls, often more when resources have nested data sources. Diff — compare the refreshed state against the desired configuration and produce a change set. The refresh phase is the bottleneck. It's sequential per provider (parallelism helps across providers, not within one), and every resource pays the cost whether you changed it or not. Adding ten resources to a 500-resource state doesn't make plans 2% slower — it makes the refresh 2% slower on every single plan, for every engineer, forever. Symptoms of a state that's too large Slow plans The most visible symptom. Plan time scales with resource count because every resource is refreshed on every plan, regardless of whether its configuration changed. The exact speed depends on provider — AWS resources with complex nested structures (IAM policies, security group rules) are slower to refresh than simple ones, and Azure resources that require multiple API calls per refresh are worse still. These aren't edge cases — users regularly report 2,900-resource states taking 20–25 minutes to plan and 1,600-resource states taking 8+ minutes . Even starting Terraform with a large state can take minutes before a single API call is made . There's a long-standing proposal for terraform
AI 资讯
GML5 IndexCache
IndexCache: Killing the Indexer's O(NL²) Bottleneck in DeepSeek Sparse Attention Notes from my notebook on GLM-5.2 / DeepSeek Sparse Attention (DSA), reconstructed from the IndexCache paper (Bai, Dong et al., Tsinghua + Z.ai, 2026) — the mechanism behind GLM-5.2's "IndexShare." 1. Why this exists — the bottleneck nobody talks about DSA's whole pitch is: don't do full O(L²) attention, instead let a cheap lightning indexer look at all preceding tokens and pick the top-k (k=2048) that actually matter, then do real attention only on those. That drops core attention from O(L²) → O(Lk). Great — except I missed this the first time I read DSA: the indexer itself is still O(L²) . It has to score every preceding token against the query to decide who's in the top-k. So across N layers you've traded one O(L²) cost for N separate O(L²) costs — total O(NL²). At long context this indexer becomes the dominant cost, not the attention it was supposed to fix. Adding the indexer is "DSA on steroids" because it kills DSA's one real bottleneck (full attention) — but in doing so, it grows its own. The indexer is cheap per-FLOP (few heads, low-rank, FP8) but it still runs at every single layer. The fix the paper proposes isn't a smarter indexer — it's don't run it every layer at all. 2. The core insight: adjacent layers pick almost the same tokens If you measure pairwise overlap between the top-k token sets selected by each layer's indexer, adjacent layers share 70–100% of their picks. The heatmap even shows block structure — clusters of layers (e.g. layers 3–5, 17–30, etc.) that all converge on roughly the same "important" tokens. So most of the O(NL²) indexer cost is redundant computation of the same answer. This motivates IndexCache : split the N layers into two roles — F (Full) layers — run their own indexer, compute fresh top-k, cache it. S (Shared) layers — skip the indexer entirely, just reuse the nearest preceding F layer's cached top-k. The first layer is always F (has to seed the
AI 资讯
My "serverless" database was billing me like it never slept.
My "serverless" database was billing me like it never slept. Neon has this great feature called scale-to-zero. Your Postgres compute suspends when it's idle, so you only pay for the queries you actually run. For a pre-revenue product, that should cost a few cents a month. Mine ran 24/7. The compute never once scaled to zero. The culprit wasn't my app logic. It was my database driver. I was using postgres-js, which holds a persistent connection open to the database. From Neon's side, an open connection looks like activity, so it never suspended. It just stayed awake and kept quietly billing me. The fix was basically one conceptual change: switch to @neondatabase/serverless, the HTTP driver. Instead of a long-lived connection, every query becomes a stateless one-shot HTTP request. The query fires, the connection closes, and the compute is free to suspend. Scale-to-zero finally worked. The lesson I keep relearning as a solo founder: "serverless" is a property of your whole stack, not a checkbox on one service. One persistent connection upstream and the whole cost model breaks.
AI 资讯
Why am I building a DevOps Infrastructure Lab?
I am committed to understand how systems actually work. I'm working on a multi-node lab to follow the complete path of a request from Python APIs to Linux processes, through Docker containers, networking and observability. The idea is simple: build a system that observes another system to understand the abstraction layers behind modern infrastructure. This project is about learning by building, experimenting and understanding what happens under the hood. Link: [ https://github.com/daniloprandi/devops-network-automation-lab ] DevOps #Linux #Python #Docker #Networking #Observability #Infrastructure
产品设计
Why Venezuela’s Second Earthquake Was So Damaging to Buildings
Factors like the short interval between the two powerful quakes and different types of soil led to some structures collapsing while others stayed standing.
开发者
5 Ways to Deploy Code (Without Making Your Users Mad)
Picture this: You just spent weeks building an awesome new feature. It's fully tested and ready to go. But when you hit "Deploy," your entire application goes down for 5 minutes, and your users are met with a blank loading screen. Not a good look. In the world of DevOps and Cloud Infrastructure, how you roll out updates matters just as much as the code itself. AWS Elastic Beanstalk gives us 5 distinct deployment policies to handle this smoothly. Let's break them down from simplest to most robust so you know exactly which one to pick for your next project. 1. All at Once (The Speed Demon) This is the simplest method. Elastic Beanstalk takes all your existing servers, shuts them down, deploys the new code, and boots them back up simultaneously. [ Old App ] ─> SHUTDOWN ALL ─> DEPLOY NEW ─> [ New App ] The Good : It’s incredibly fast. The Bad : Your app goes completely offline during the deploy. When to use it : Only in development environments where downtime doesn't matter. Never use this in production! 2. Rolling (The Line Worker) Instead of updating everything at once, Beanstalk splits your servers into batches (e.g., 2 at a time). It takes the first batch offline, updates them, brings them back online, and then moves to the next batch. Batch 1: [ Updating... ] Batch 2: [ Running Old App ] Batch 1: [ Running New App ] Batch 2: [ Updating... ] The Good : No total downtime! Your app stays online. The Bad : While a batch is updating, your overall server capacity drops. Plus, users might experience a "mixed state" where refreshing switches them between the old and new version. When to use it : Production environments that can handle a temporary dip in bandwidth. 3. Rolling with Additional Batch (The Safe Substitution) To fix the capacity problem of standard rolling, this policy launches a brand new batch of instances first. Once those new servers are healthy and running the updated code, Beanstalk starts rolling the update through the old servers. [Old Servers: 100% Capa
AI 资讯
My app didn't go "viral". My AWS bill did.
And by viral I mean from $0 to $31. Umami told me Clew Directive got 14 visits last month. AWS told me I owed $31 for it. That works out to $2.21 a visitor, which would make it the most expensive free learning-path tool in California. Spoiler alert: 14 visitors, $31, and not a single one of them was the reason. Something was off. Here is how Amazon Q, Claude, and a few hours of reading my own code untangled it. The app turned out to be innocent. What Clew Directive is, quickly A free, stateless tool that builds you a personalized AI learning-path PDF. You take a 60-second Vibe Check, four questions about your goals and how you learn, and it maps you to free, verified resources and hands you a briefing. No accounts, no database, no paywall, nothing stored about you. It runs on Amazon Nova, which is why it costs close to nothing to operate, which is also why a $31 bill made no sense. The name is the Theseus kind of clew. A ball of thread to find your way out of the maze. Less hype, more direction. Live at clewdirective.com . The number that didn't add up Twelve visitors, 14 visits, 93% bounce, average session about a minute. Referrers from Bing, Google, Yahoo, GitHub. Visitors from the US, India, Netherlands, Egypt, Ethiopia, Singapore. Mostly crawlers stopping by to say hello. A few curious humans and a parade of bots is not a $31 month. So either every visit was doing something enormous, or the bill was never about visits at all. The dashboard lied, politely. An Amazon Q Story My cost tracker said Clew Directive was running on Claude Sonnet. Sonnet is the expensive one. Case closed, right? I opened the repo. Clew Directive does not run Sonnet. The Navigator agent runs Amazon Nova 2 Lite. Scout and Curator run Nova Micro. The IAM policy is scoped to Nova ARNs only, so a Sonnet call from these functions would come back AccessDenied. The app physically cannot bill Sonnet. The math agreed. A full learning-path generation on Nova costs about two-tenths of a cent. Fourtee
AI 资讯
CDK Update - April/May 2026
devtools #infrastructureascode #cdk #aws Index TL;DR Major Features Bedrock AgentCore — From Alpha to Stable Fn::GetStackOutput & Weak Cross-Stack References Validations Framework Performance Improvements CloudWatch PromQL Alarms CLI Improvements New L2 Constructs Service Enhancements Community Highlights Community Content & Resources How Can You Be Involved Hey CDK community! Here's an update covering everything that shipped in April and May 2026. TL;DR Bedrock AgentCore graduated to stable — production-ready AI agent infrastructure with semver guarantees. Cross-region references got a major upgrade with native Fn::GetStackOutput support and weak cross-stack references. The new Validations framework replaces policyValidationBeta1 with a richer plugin system. And file fingerprinting is ~33% faster with persistent asset caching. These features are available in aws-cdk-lib v2.247.0 through v2.257.0 and aws-cdk CLI v2.1116.0 through v2.1125.0. Full changelogs on GitHub Releases ( Library | CLI ). Major Features Bedrock AgentCore — From Alpha to Stable The @aws-cdk/aws-bedrock-agentcore-alpha module has graduated to aws-cdk-lib/aws-bedrockagentcore — stable APIs, semver guarantees, production-ready. If you've been building AI agents with Bedrock but held off on CDK because of the alpha label, it's time to upgrade. ( #37876 ) AgentCore provides the core infrastructure for building AI agents: runtimes, gateways, identity management, observability, and online evaluation. The Policy submodule remains in alpha as it continues to evolve rapidly. ┌─────────────────────────────────────────────────────┐ │ Bedrock AgentCore (Stable) │ ├─────────────────────────────────────────────────────┤ │ │ │ ┌──────────┐ ┌──────────┐ ┌──────────────────┐ │ │ │ Runtime │ │ Gateway │ │ Identity │ │ │ │ (L2) │ │ (L2) │ │ (L2) │ │ │ └────┬─────┘ └────┬─────┘ └────────┬─────────┘ │ │ │ │ │ │ │ ▼ ▼ ▼ │ │ ┌──────────┐ ┌──────────┐ ┌──────────────────┐ │ │ │Observa- │ │Online │ │ Policy Engine │ │ │
开发者
How I Automated DigitalOcean Infrastructure with SuperPlane
Our infrastructure "documentation" was a Google Sheet. Anyone on the team could edit it. Nobody...
AI 资讯
AWS Launches Blocks, an Open-Source TypeScript Framework Designed for AI Agents to Build Backends
AWS released Blocks in public preview, an open-source TypeScript framework where each Block bundles application code, local mocks, and AWS infrastructure. Designed for AI agents to write correct backends from the start, it runs locally without an AWS account and deploys the same code to Lambda, DynamoDB, Aurora, and Bedrock with zero changes. By Steef-Jan Wiggers
AI 资讯
GitOps Policy Drift: Why Reconciliation Doesn't Stop Day-2 Failure
GitOps policy drift is what happens when a control plane keeps a policy perfectly reconciled long after the reason for that policy has stopped being true. Every commit is applied. Every pull request is merged cleanly. Every dashboard reads green. And the rule being enforced no longer reflects anything anyone would choose to enforce today — it just hasn't been told to stop. That gap is the subject of this post. Not configuration drift — the thing GitOps was built to kill — but a second, quieter failure mode that lives one layer above it: the policy is right by every technical measure and wrong by every practical one, and nothing in the reconciliation loop is capable of telling the difference. The Promise GitOps Actually Kept GitOps earned its place in the infrastructure as code architecture stack by solving a real and expensive problem: state drift. Before declarative reconciliation, infrastructure diverged from its source of truth constantly — a console change here, an emergency hotfix there, a manual override nobody logged. The git repository said one thing. Production said another. Reconciling the two was a forensic exercise. GitOps closed that gap with a simple, durable mechanism: a controller that continuously compares declared state to actual state and corrects the difference without waiting for a human to notice. That's not a small win. It's the reason platform teams can run infrastructure at a scale that would have been operationally unmanageable a decade ago, and it's why GitOps controllers sit at the center of nearly every modern infrastructure as code architecture built since. This post isn't an argument against that mechanism. It's an argument that the mechanism's success created a blind spot nobody designed for. What GitOps Never Promised to Solve Here's the boundary GitOps was never built to cross: reconciliation proves that declared state and actual state match. It says nothing about whether the declared state should still exist in its current form. A
AI 资讯
Playwright Monitoring: Turn E2E Tests Into Production Monitors
You already have Playwright tests. They run in CI on every pull request, they assert that login works and checkout completes, and then they stop — because CI only runs them against a branch, at merge time. The moment the code is in production, those tests go silent. A third-party script breaks checkout at 3 AM and your perfectly good test suite says nothing, because nothing triggered it. Playwright monitoring closes that gap: you take the same browser tests and run them on a schedule against production, turning your end-to-end suite into a synthetic monitoring system that watches real user journeys continuously. Prerequisites Node.js 18+ and an existing project ( npm install -D @playwright/test , then npx playwright install chromium ). A deployed production (or staging) URL to run checks against. A dedicated synthetic test account — never a real customer's credentials. A secret store for that account's credentials (GitHub Actions secrets, or your platform's equivalent). Never hard-code them. Step 1 — Write a check that asserts on what the user sees A monitor-grade check is not "did the page load." It is "could a user complete the thing they came to do." Assert on the outcome, with a generous timeout for real-world latency: import { test , expect } from " @playwright/test " ; test ( " checkout reaches confirmation " , async ({ page }) => { await page . goto ( " https://shop.example.com " ); await page . getByRole ( " button " , { name : " Add to cart " }). click (); await page . getByRole ( " link " , { name : " Checkout " }). click (); await page . getByLabel ( " Email " ). fill ( process . env . SYNTHETIC_EMAIL ! ); await page . getByLabel ( " Card number " ). fill ( " 4242424242424242 " ); await page . getByRole ( " button " , { name : " Pay now " }). click (); // The assertion a 200 OK can never make for you: await expect ( page . getByText ( " Order confirmed " )). toBeVisible ({ timeout : 15000 , }); }); Credentials come from process.env , not the source. The t
AI 资讯
HLD Fundamentals #4: How Systems Scale: From 0 to 100 Million Users
One of the most common system design interview questions is: "How would you scale a web application from 100 users to 100 million users?" The answer is rarely a single technology. Instead, systems evolve through multiple stages, with each stage solving a specific bottleneck. This article walks through the typical evolution of a scalable system and explains why , how , and when each component is introduced. 1. Single Server Why Start Here? Every application starts simple. In the beginning: Traffic is low Development speed matters more than scalability Infrastructure costs should be minimal What Is It? A single machine handles everything: Frontend Backend Database Users | v Single Server ├── Application └── Database How Does It Work? User sends request. Application processes request. Database stores and retrieves data. Response is returned. Everything happens on one machine. Problem As traffic grows: CPU becomes overloaded Memory becomes insufficient Database competes with application for resources A single server becomes a bottleneck. Interview One-Liner A single server architecture is simple and cost-effective but becomes a bottleneck as traffic and resource usage increase. 2. Application and Database Separation Why Do We Need It? The application and database have different workloads. Application Server: Uses CPU Handles business logic Database Server: Uses memory and storage Handles queries Keeping them together causes resource contention. How Does It Work? Move the database to a separate machine. Users | v Application Server | v Database Server Benefits Independent scaling Better resource utilization Improved performance Example Suppose an e-commerce website receives thousands of requests. The application handles: Authentication Order processing API responses The database handles: Product data Orders User information Separating them prevents one workload from affecting the other. Interview One-Liner Separating the application and database allows each layer to scal
AI 资讯
Using LLM for Dialogue Management
Dialogue management is the process of tracking conversational state and deciding what an agent should say or do next. Classical systems split this into isolated modules: natural language understanding, dialogue state tracking, a policy engine, and response generation. Large language models can collapse these boundaries into a single inference step, but doing so reliably requires careful architecture choices. This article examines practical patterns for using LLMs as dialogue managers, with a focus on structured reasoning, tool use, and cost-efficient inference. What Is LLM Dialogue Management? An LLM-based dialogue manager treats conversation as a partially observable decision process where the model itself reasons over history, user intent, and available actions. Instead of hand-written rules or separate slot taggers, the model receives the full transcript, a system prompt defining the task, and optionally a schema of tools it can invoke. The model then emits either natural language or structured JSON representing the next system action. This approach excels in open-domain or rapidly changing domains where maintaining a rigid ontology is impractical. Architecture Patterns for LLM-Based Dialogue Most production implementations fall into one of four patterns. The right choice depends on how much control you need over state transitions and how willing you are to trade complexity for flexibility. End-to-end generation. The LLM receives the full chat history and outputs the next response. It works well for unstructured chit-chat but can hallucinate state or ignore business rules without additional guardrails. Structured state extraction. The LLM is prompted to output a JSON object representing dialogue state, such as slots, user intent, and confirmed facts. A lightweight policy layer reads this state to decide whether to ask a question, call an API, or close the task. This separates reasoning from control and makes debugging easier. Tool-augmented manager. The LLM uses
AI 资讯
Few-Shot Learning with LLM: A Deep Dive
Few-shot learning with large language models is one of the most practical ways to steer model behavior without updating weights. By embedding task-specific examples directly into the prompt, developers can turn a general-purpose foundation model into a domain-specific classifier, parser, or reasoning engine. The technique relies on in-context learning, where the model infers patterns from exemplars rather than from gradient updates. Because it requires no training pipeline, few-shot prompting is ideal for rapid prototyping and production tasks where data volumes are too small for fine-tuning or where model weights must remain frozen. The Mechanics of In-Context Learning In-context learning is an emergent capability of transformer-based language models. During inference, the model attends to the full context window, using the provided examples as a dynamic prior. Each example adjusts the hidden-state activations for subsequent tokens, effectively conditioning the output distribution without any parameter change. Research suggests that the model locates latent task representations within its pretrained weight space and uses the few-shot examples to activate the appropriate subspace. The result is a flexible interface: change the examples, and the model adapts its behavior immediately. Zero-Shot, One-Shot, and Few-Shot Prompting These three patterns describe how much guidance you provide before the actual task input. Zero-shot: You describe the task in natural language with no examples. This works best for simple, well-known tasks that the model has seen frequently during pretraining. One-shot: You prepend a single example. This is often enough to communicate output format or tone. Few-shot: You prepend three to ten examples, sometimes more for complex schema extraction or multi-label classification. The marginal gain from each additional example typically diminishes, but for tasks with rigid output schemas, a larger set of exemplars can substantially improve consisten
开发者
How we became the first Indian hosting company to deploy Cloudflare Magic Transit
I run a hosting company. I'm also a BCA student. These two things coexist somehow. GigaNodes started in 2022 as a game server hosting brand — Minecraft, FiveM, ARK, the usual. Over time it grew into a proper VPS and dedicated server operation under GigaNode Technologies Private Limited, with AMD EPYC 7C13 hardware co-located at Yotta DC Noida. Earlier this year we did something I haven't seen any other Indian hosting provider do: we deployed Cloudflare Magic Transit across our entire network. What that actually means Magic Transit is not Cloudflare CDN. It is not a proxy. It is Cloudflare's enterprise network product where your IP prefixes get announced via BGP into Cloudflare's global backbone. All traffic destined for your servers enters Cloudflare's network first, gets scrubbed for attack traffic, and clean packets get forwarded to your data center via GRE tunnel. To deploy it, your infrastructure partner needs to have BGP-level integration with Cloudflare. Individual companies can't just sign up for it. We made it work through our partnership with Advika Datacenters Private Limited (AS135682) at Yotta DC Noida. The result: DDoS traffic never reaches our hardware. Our servers don't see the attack at all. Why no other Indian provider had done this Most Indian hosting providers use blackholing. When an attack comes in, they null-route your IP. Server goes offline. Attack stops eventually. Server comes back. That is the standard. That is what "DDoS protection included" usually means in India. The difference with Magic Transit is that legitimate traffic keeps flowing while attack traffic gets dropped. Your server stays online. Players stay connected. Trades don't get interrupted. We found out pretty quickly this actually works. We took a 1.7 Tbps attack after deployment. The servers didn't notice. A 1.7 Tbps volumetric attack hit our network in May 2026. Cloudflare absorbed it at the edge. No downtime. No support tickets from customers. We found out from the Cloudfla
AI 资讯
Presentation: Automating the Web With MCP: Infra That Doesn’t Break
Paul Klein discusses the distributed systems challenges of scaling cloud-hosted browser infra for AI agents. He explains how to manage bursty, stateful multi-tenancy and secure Chromium environments against remote code execution using Firecracker. He also shares how to leverage the Model Context Protocol (MCP) to turn complex websites into accessible agentic tools. By Paul Klein
AI 资讯
Why Is Your Kubernetes Bill So Confusing? Here’s How to Fix It
Simple Intro Your company gets one big cloud bill. It says $30,000. But which team spent it? Which app? Nobody knows. Kubernetes makes this worse because 100 small apps share the same computers. It’s like 10 families sharing one electricity bill. Let’s fix this in 5 easy steps Step 1: Put Nametags on Everything In Kubernetes, you can add "labels" to your apps. Example: team=sales , app=website , owner=pooja If you don’t add name tags, you can never track who spent what. It’s the most important step. Step 2: Check the Big Cost - Computers 70% of your bill is for CPU and RAM. That’s the “brain” and “memory” your apps use. The problem: Most people book a big computer but only use 20% of it. You pay for 100%, use 20%. You waste 80% money. Easy fix: Every month, check “How much did I book vs How much did I use?” Then book smaller next time. Step 3: Don’t Forget Hidden Costs Two things people forget: Storage: Like a hard disk. You deleted the app but forgot to delete the disk. It still charges you every month. Network: Moving data between countries or zones costs money. Check for old disks and big data transfers once a month Step 4: Share the Common Bill Fairly Some costs are for everyone. Like the main Kubernetes system or empty computers waiting for work. How to split it? Easy. If Team A uses 60% of the total computer power, they pay 60% of the common bill. Fair for everyone. Step 5: Use a Tool, Not Excel Doing all this in Excel will make you cry. It’s too much data. Use a tool that does it automatically. It connects to your Kubernetes, reads all the name tags, and tells each team: “You spent $2,340 this week.” Final Tip You can’t save money if you don’t know where it’s going. First, make the costs clear to everyone. Then the savings happen automatically. FAQ - In Simple Words Q1. Why can’t I just see costs in AWS bill? Because AWS only tells you “EC2 cost $10k”. It doesn’t tell you which of your 50 apps used that EC2. Kubernetes hides the details. Q2. What is the first