Blog Posts

Platform engineering isn't just for Kubernetes—serverless teams need it too. In this post, learn how applying platform engineering principles to AWS serverless can help you scale infrastructure, enforce security, improve observability, and boost developer productivity. From reusable CDK blueprints to automated governance and cost optimization, see how platform teams empower developers and accelerate delivery in a serverless world.

My session guide for AWS re:Invent: 2025 breakout sessions, workshops, and talks relevant to Serverless, SaaS, platform engineering, and security.

AWS re:Invent 2025 is massive, intense, and full of opportunities. In my latest guide, I share practical tips from three years of experience as both speaker and attendee. From arriving early to beat jet lag, packing the right tools (shoes, layers, battery pack), and navigating sessions efficiently, to leveraging community tracks, social events, and unique Vegas experiences—this post helps you plan smart, learn deeply, and connect with the AWS community like a pro.

Choosing between AWS Secrets Manager and SSM Parameter Store isn’t always straightforward. This guide breaks down the key differences in cost, secret rotation, versioning, encryption, IaC support, and more—helping you decide which service fits your use case. Whether you're managing sensitive credentials or sharing configuration across environments, you'll walk away with a clear, practical recommendation backed by real-world experience.

Building agentic AI requires more than prompts—it needs secure, structured access to your systems. This post explores three ways to deploy a production-grade MCP server on AWS: Lambda with Web Adapter, Pure Lambda, and AWS Fargate. Compare performance, cost, observability, and DevEx tradeoffs, and access ready-to-use CDK templates. Ideal for teams bringing agentic AI into real-world applications on AWS.

AWS Lambda makes it easy to build serverless apps—but security is often an afterthought. This post covers 14 real-world Lambda security best practices, from input validation, secret management, and least-privileged IAM to tenant isolation and safe logging. Backed by years of hands-on experience and aligned with OWASP Serverless Top 10, it includes a downloadable checklist to help you secure your functions from day one.

learn best practices for crafting effective prompts, integrating organizational context with MCP, avoiding common pitfalls, and scaling AI workflows across teams. Discover how to build faster, smarter, and safer with agentic AI—without losing your engineering edge.

learn how to build a secure, governed foundation for AI adoption using three key building blocks: a centralized prompt library and CLI, MCP server blueprints, and connectors to organizational data. Discover practical strategies to enable architecture reviews, code transformations, and design generation—all while aligning with security and platform engineering standards.

Maintaining production systems is hard—bugs happen, and reacting late can cost you. AWS CloudWatch Synthetics offers a proactive way to catch issues before your users do by simulating real user actions. In this post, guest author Tom Nachum from CyberArk shares how his team uses synthetic canaries to monitor critical business flows, detect failures early, and boost reliability. Learn how to implement, schedule, and debug canaries with ease using AWS tools.

I attempted to run an MCP server serverlessly on AWS Lambda using FastAPI, FastMCP, and the Lambda Web Adapter. While it technically worked, the developer experience was rough—cold starts were slow, observability was limited, and testing was clunky. Compared to my experience building with Bedrock agents, this felt like a step backward. MCP is promising, but today, running it on Lambda isn’t production-ready. Here’s my full breakdown and thoughts.

In this post, you'll learn how to use AWS Lambda functions as both data sources and event handlers for publish and subscribe actions in AWS AppSync Events. We’ll walk through setting up a namespace, wiring direct Lambda integrations using CDK, and handling real-time events with Powertools for AWS Lambda. This approach gives you full control, observability, and flexibility—all while keeping your WebSocket architecture serverless and scalable.

This post walks through building a stateless Model Context Protocol (MCP) server on AWS Lambda using Streamable HTTP—no custom bridges or transports. It explores MCP internals, tool/resource definitions, deployment with API Gateway, and local testing with stdio. Learn how Agentic AI Assistants leverage MCP to execute actions with real-time context, and how this protocol simplifies integration across diverse systems.

Stop building internal tools nobody wants. Platform engineering tips to boost adoption, DevX, feedback, and internal open-source mindset

Discover how AWS Service Catalog helps Platform Engineers balance flexibility, security, and governance—transforming delivery at scale

Avoid common AWS Serverless architecture pitfalls! Learn 5 outdated patterns & the best practices to replace them for better services

Fell for a phishing attack using social engineering? I did—almost. Here’s how it worked, the tech behind it, and tips to stay safe.

Learn how to simplify AWS security, manage WAF rules, and enforce policies across accounts with AWS Firewall Manager, with AWS CDK code

Review the year 2024 from my personal perspective and how to become a guest writer on my website

learn about AWS Web Application Firewall (WAF) and use CDK code to protect an REST API served by an API Gateway and enable metrics and logs

AWS re:Invent 2024 exciting new services and features launched from a Serverless developer perspective.

AWS AppSync Events lets you broadcast realtime data with Serverless WebSockets. Learn how it works, use cases and diff from API GW Websocket

Learn about the AWS Web Application Firewall (WAF), what it is for, tips, and insights for visibility, ownership, governance and more

learn about AWS availability zones, what they are, why they are essential for SaaS Resilience and uptime

In this post, you will find my opinionated list of AWS re:Invent sessions that I found relevant to Serverless or highly interesting