Blog Posts

Platform engineering isn't just for Kubernetes—serverless teams need it too. In this post, learn how applying platform engineering principles to AWS serverless can help you scale infrastructure, enforce security, improve observability, and boost developer productivity. From reusable CDK blueprints to automated governance and cost optimization, see how platform teams empower developers and accelerate delivery in a serverless world.

My session guide for AWS re:Invent: 2025 breakout sessions, workshops, and talks relevant to Serverless, SaaS, platform engineering, and security.

AWS re:Invent 2025 is massive, intense, and full of opportunities. In my latest guide, I share practical tips from three years of experience as both speaker and attendee. From arriving early to beat jet lag, packing the right tools (shoes, layers, battery pack), and navigating sessions efficiently, to leveraging community tracks, social events, and unique Vegas experiences—this post helps you plan smart, learn deeply, and connect with the AWS community like a pro.

Choosing between AWS Secrets Manager and SSM Parameter Store isn’t always straightforward. This guide breaks down the key differences in cost, secret rotation, versioning, encryption, IaC support, and more—helping you decide which service fits your use case. Whether you're managing sensitive credentials or sharing configuration across environments, you'll walk away with a clear, practical recommendation backed by real-world experience.

Building agentic AI requires more than prompts—it needs secure, structured access to your systems. This post explores three ways to deploy a production-grade MCP server on AWS: Lambda with Web Adapter, Pure Lambda, and AWS Fargate. Compare performance, cost, observability, and DevEx tradeoffs, and access ready-to-use CDK templates. Ideal for teams bringing agentic AI into real-world applications on AWS.

AWS Lambda makes it easy to build serverless apps—but security is often an afterthought. This post covers 14 real-world Lambda security best practices, from input validation, secret management, and least-privileged IAM to tenant isolation and safe logging. Backed by years of hands-on experience and aligned with OWASP Serverless Top 10, it includes a downloadable checklist to help you secure your functions from day one.

learn best practices for crafting effective prompts, integrating organizational context with MCP, avoiding common pitfalls, and scaling AI workflows across teams. Discover how to build faster, smarter, and safer with agentic AI—without losing your engineering edge.

learn how to build a secure, governed foundation for AI adoption using three key building blocks: a centralized prompt library and CLI, MCP server blueprints, and connectors to organizational data. Discover practical strategies to enable architecture reviews, code transformations, and design generation—all while aligning with security and platform engineering standards.

Maintaining production systems is hard—bugs happen, and reacting late can cost you. AWS CloudWatch Synthetics offers a proactive way to catch issues before your users do by simulating real user actions. In this post, guest author Tom Nachum from CyberArk shares how his team uses synthetic canaries to monitor critical business flows, detect failures early, and boost reliability. Learn how to implement, schedule, and debug canaries with ease using AWS tools.