Cost-savings notes from the field
Hands-on writeups on AWS & Azure pricing quirks, the cost levers most teams miss, and the small annoyances that turn into big bills.
IAM least privilege in practice
Past do-not-use-root: how AWS policy evaluation really resolves, the confused deputy, permission boundaries and SCPs, PassRole escalation, and short-lived OIDC credentials.
Using AI agents to inspect and harden your cloud environment
A sober blueprint for pointing an LLM agent at your AWS account: read-only by construction, isolated, and allowed to explain and prioritize but never to change anything unattended.
The 20 worst AWS annoyances and misdesigns
A list of the twenty worst AWS annoyances. Some are mis-designs, some are poorly-documented limitations. All are gotchas that might cost developers hours if not days of headaches.
The 20 worst Azure misdesigns and limitations
Twenty unexpected difficulties and limitations in Microsoft Azure. Who said the cloud was easy?
PROMPT_WRITE_ADDITIONAL_BLOG_ARTICLES
LLM-as-judge and the eval problem
How to actually evaluate an AI system: golden datasets, offline versus online evals, the LLM-as-judge pattern and its biases, pairwise versus pointwise scoring, and keeping eval cost sane.
Step Functions: Standard vs Express, and the cost cliff
Standard bills per state transition, Express bills per request and duration — the same workflow can be 100x cheaper as one or the other depending on volume.
What a vector database actually costs on AWS
pgvector on RDS versus OpenSearch k-NN versus a dedicated vector DB, the memory math behind flat, IVF and HNSW indexes, and when plain Postgres is plenty.
Graviton and the honest arm64 migration: where the 20-40% is real and where it is not
Why AWS Graviton wins on price/performance, what actually differs at the ISA and memory level, the migration friction nobody warns you about, and the workloads where ARM quietly does nothing.
Hardening the edge with Cloudflare
How a reverse proxy in front of your origin rewrites your threat model: WAF rulesets, rate-limit tuning, Turnstile, keeping your origin IP secret, and Zero Trust replacing the VPN.
The anatomy of a rightsizing decision
How to right-size a workload instead of guessing: where Compute Optimizer is blind, the p99-vs-average trap, burst credits, and a repeatable mental model.
The AWS data-transfer bill nobody reads
Egress, cross-AZ, and the NAT Gateway double-charge are the least-understood lines on an AWS invoice — here's the mechanics of each and a worked example of a bill they quietly dominate.
Recent security scares every Next.js and React team should have patched
A technical retrospective of the Next.js middleware bypass, cache-key confusion, the 2025 npm worms, and RSC server-side risks, plus the defenses that actually hold.
Ten ways to do RAG
Ten genuinely distinct retrieval-augmented generation architectures, how each one works, when it wins, and what it costs you in latency and tokens.
Karpenter versus Cluster Autoscaler: why per-pod provisioning cuts EKS node cost
How Karpenter replaces node-group round-up with per-pod instance selection, bin-packing, and continuous consolidation to reliably shave 30-60% off EKS compute.
When a serverless database saves money and when it burns it
Aurora Serverless v2 ACU economics, the utilization threshold where it flips more expensive than a reserved r-class, plus RDS Proxy and stop/start for real savings.
Lambda cost and performance, in depth
How Lambda actually bills you, why raising memory can make a function cheaper, and how to find the cost/latency sweet spot with power tuning.
Cloudflare for the AWS-native engineer
Past the "CDN vs CDN" framing: Cloudflare's anycast network, Workers versus Lambda@Edge, and why R2's zero-egress pricing quietly changes the math on bandwidth-heavy bills.
The economics of LLM inference
Token cost from first principles: prefill versus decode, why output tokens cost more, the KV cache tax on long context, prompt caching discounts, and the self-hosting break-even.
EBS gp3 vs gp2, and why you should have migrated already
gp3 decouples IOPS and throughput from capacity and costs ~20% less than gp2, plus the snapshot and delete-on-termination mechanics that quietly inflate EBS bills.
Embeddings, concretely
What a text embedding actually is as a point in R^n, why cosine similarity works, how the models are trained, and the vector-footprint math that decides your storage bill.
Savings Plans versus Reserved Instances: the actual hour-by-hour math
How commitment discounts are applied to your highest-rate usage each hour, how the four instruments really differ, and why you layer commitment under a Spot/On-Demand baseline instead of committing to peak.
FinOps is a practice, not a dashboard
Cost dashboards are the easy part — the real discipline is unit economics, tag governance, showback, and engineers who can see what their code costs.
The CloudWatch Logs bill that ate a startup
Ingestion is what you pay for, not storage — how one debug line in a hot path becomes a five-figure monthly bill, and the double-billed data-event trap.
Spot instances, honestly: the real risk model behind the 90% discount
Spot is spare capacity you rent between other people needing it back — here is how the pools, the two-minute notice, and diversification actually work, and which jobs must never touch it.
The DynamoDB cost model, demystified
How RCU/WCU rounding, consistency, transactions, and GSI write amplification interact — and why a naive table design can 10x your bill before a single row is written.
S3 storage classes, the parts that bite
The real economics of S3 tiers: minimum durations, the 128KB minimum billable object, retrieval fees, and when Standard-IA actually beats Standard.
The Elusive Holy Grail of Infrastructure as Code: Why AI Might Be the Answer
Infrastructure as Code (IaC) has revolutionized how we deploy and manage cloud resources, but it remains a challenge. Can AI solve this challenge?
What are some options for implementing server downtime alerts?
What are some options for implementing a downtime alert for an on-premise server?
Ten important security aspects when using container based hosting
Ten important security aspects when using container based hosting
Why is my AWS-hosted website not loading?
Why is my AWS-hosted website not loading?
Architecting AWS cloud apps for traffic spikes
Need to scale instantly? How to design web apps for sudden spikes in traffic
Real-life examples for using AWS CloudWatch Alarms
Real-life examples for using AWS CloudWatch Alarms
AWS CloudTrail, explained (with examples)
AWS CloudTrail, explained (with examples)
Ten great uses for AWS Config
Ten great uses for AWS Config
Effective strategies for architecting multi-container apps deployed on AWS ECS Fargate
Effective strategies for architecting multi-container apps deployed on AWS ECS Fargate
Things an Azure network engineer should know
Things an Azure network engineer should know
How to decrease startup lead times for AWS-hosted container-based apps
How to decrease startup lead times for AWS-hosted container-based apps
Pros and cons of using AWS private endpoints
Pros and cons of using AWS private endpoints
Effective strategies, tips and tricks to save on AWS ECS Fargate costs
Effective strategies, tips and tricks to save on AWS ECS Fargate costs
Differences between Cloudflare and AWS CloudFront
Differences between Cloudflare and AWS CloudFront
What is Google Cloud BigQuery, and how does it differ from some other data analytics platforms?
What is Google Cloud BigQuery, and how does it differ from some other data analytics platforms?
Effective strategies, tips and tricks to save on AWS S3 costs
Effective strategies, tips and tricks to save on AWS S3 costs
Neat features of AWS Route 53
Neat features of AWS Route 53
Ways to reduce Azure SQL Server costs
Ways to reduce Azure SQL Server costs
How do I download a whole S3 bucket from AWS to my local machine?
How do I download a whole S3 bucket from AWS to my local machine?
Principles for good AWS IAM permission management
Principles for good AWS IAM permission management
AWS cloud services that are suitable for NextJs web applications
AWS cloud services that are suitable for NextJs web applications
How to save money on AWS OpenSearch
How to save money on AWS OpenSearch
Funny pitfalls and misunderstandings when using AWS CloudWatch
Funny pitfalls and misunderstandings when using AWS CloudWatch
Why is my Azure-hosted website not loading?
Why is my Azure-hosted website not loading?
Tracking down errors in Azure-hosted applications
Tracking down errors in Azure-hosted applications
Failure reasons when using Amazon Redshift
Failure reasons when using Amazon Redshift
Why did my AWS RDS costs suddenly double?
Why did my AWS RDS costs suddenly double?
How do I set comprehensive monitoring and logging using Prometheus and Grafana for my IT environment?
How do I set comprehensive monitoring and logging using Prometheus and Grafana for my IT environment?
Effective strategies, tips and tricks to save on AWS EBS (Elastic Block Storage)
Effective strategies, tips and tricks to save on AWS EBS (Elastic Block Storage)
Options for deploying a NextJs app on AWS
Options for deploying a NextJs app on AWS
Faulty production app configs: fix these *now*!
Faulty production app configs: fix these *now*!
Ten advantages of container based hosting
Ten advantages of container based hosting
Ten drawbacks of using AWS Amplify (humorous)
Ten drawbacks of using AWS Amplify (humorous)
Things an AWS network engineer should know
Things an AWS network engineer should know
Great tools for tracking down errors in AWS-hosted applications
Great tools for tracking down errors in AWS-hosted applications
Ten high-level ways to reduce MongoDB costs in the cloud
Ten high-level ways to reduce MongoDB costs in the cloud
Security Best Practices for your Infrastructure-as-Code templates
The cloud allows (even demands) defining your infrastructure as code. Did you know there are many options to ensure from the get-go that your IaC incorporates up-to-date security Best Practices?