No-fluff posts on AWS architecture, DevOps, and cloud operations.
The Jupyter notebook ran. The demo landed. Now someone said "put it in production" and the room went quiet. The gap is wider than most teams expect.
Administrator access on every principal. Long-lived keys in CI/CD. Secrets in environment variables. Most AWS accounts are one leaked credential away from a full breach.
Dev, staging, and prod in one account. IAM as a flat list of users. One misconfigured security group away from a bad day. Here is what the right structure actually looks like.
ECS is fine for straightforward workloads. The problems show up at scale: no GitOps, task definition sprawl, and a plugin ecosystem that does not exist.
EC2-Other. DataTransfer-Out-Bytes. Your AWS bill is almost designed to obscure where money goes. Here is how to actually find it.