Choosing a vector store on AWS for generative AI (GenAI) workloads used to be a one-line decision: pick Amazon OpenSearch Service or its serverless variant (AOSS) and move on. That changed when Amazon S3 Vectors went GA in 2025. By storing vector data directly in S3 and pricing it on a fully consumption-based model, S3 …
Read More about S3 Vectors vs OpenSearch: Decision Tree from 30+ Projects
Autonomous AI dev teams move the bottleneck. When a dispatcher fans out work to dev and review agents every 5 minutes, the constraint is no longer human attention — it is the CI/CD pipeline that gates every PR. Each agent push triggers builds, tests, E2E verification, and bot reviews. With even a small team of agents …
Read More about Self-Hosted GitHub Runners on AWS Spot for AI Dev Teams
Managing AWS credentials securely is a fundamental challenge for developers. Storing plain text access keys in ~/.aws/credentials creates significant security risks, especially when backing up dotfiles to version control systems. This post introduces credential_process, a powerful AWS CLI feature that allows you to …
Read More about Secure AWS Credentials with credential_process
AWS IAM Identity Center (formerly AWS SSO) provides centralized access management for AWS accounts and applications. While it natively supports SAML 2.0 for external identity providers, many organizations prefer OIDC-based authentication through providers like Amazon Cognito. This post demonstrates how to use …
Read More about OIDC External Identity Source for AWS IAM Identity Center
Serverless computing is all the rage, promising pay-as-you-go magic and freedom from infrastructure woes. But what about serverless for data warehouses? Let's delve into the fascinating (and sometimes confusing) world of Redshift Serverless: its cost structure, ideal use cases, and situations where it might not be the …
Read More about Redshift Serverless: Cost Deep Dive and Use Cases
As a builder in cloud, you might feel confused about which resources cost mostly in your account. In AWS, you can quickly find out which services even functionality cost a lot via AWS Billing or AWS Cost Explorer. However sometimes it sucks on finding out which functions cost mostly if you have hundreds of Lambda …
Read More about Find out the most costly resources in your AWS account
近期在一个 Webinar 分享了如何在 AWS 上服务去中心化研发团队构建共享服务平台,核心观点总结如下, 这里的去中心化团队是同理想的完全化的 DevOps 团队(负责设计、开发、测试、运维以及运营等所有环节)相对立的。 在较大型的组织中,账户管理、网络规划、服务审计等模块会由平台,基础设施或安全团队所负责, 多个研发团队会负责各个业务系统的开发、测试、运维等。 如今组织的健康运营对安全性合规性要求越来越高,通常基础设施团队外加安全团队负责承担安全、合规需求的整体策略规划及实施。 但是满足安全、合规需求通常是同业务交付速度期望是相悖的。一方面,平台、安全团队要为应用上线或变更进行安全性与合规性审查, 而研发团队需要投入更多的资源 …
Read More about AWS上构建共享自服务平台服务去中心化研发团队
本方案的起因是,一个源代码托管在Github上的项目fix一个重要的bug后,在AWS上的持续部署流水线一直失败。分析日志后,发现流水线中的数个步骤需要克隆源代码,但是访问Github的网络非常不稳定,这数个流水线任务持续因连接超时,连接拒绝等网络错误而失败。而流水线任务大量使用了CodeBuild, Lambda等AWS托管服务,无法为执行环境配置可靠的网络连接。 本方案思路如下, 在 VPC public subnets 中创建 NAT instance 即 EC2 虚拟机, 配置 NAT instance,使用 tunnel 网络访问 github, 修改 private subnets 的路由表,添加 github …
Read More about 在AWS上快速部署专用的NAT实例
基于Java的Spring Cloud是由Java最大开源生态Spring社区推出的Out-of-Box分布式微服务解决方案,自2016年发布起就被众多开发者看好。Java作为广为流行的服务端编程语言,Spring Cloud也就越来越多的被用于微服务开发。 Spring Cloud集成了Netflix OSS开源项目实现了很多功能(或作为实现之一),包括服务治理、网关路由、客户端负载均衡、服务间调用、断路器等。Spring Cloud Netflix将很多生产级别微服务能力开箱即用的带到了Spring Cloud架构下的微服务中,帮助开发者快速的构建满足12要素的应用。 在去年底发布的Spring Cloud Greenwich版 …
Read More about Spring Cloud or Cloud Native
本文是为Kubernetes中任意应用添加基于oauth2的认证保护的下篇,将图文详解如何使用基于钉钉认证的oauth2 proxy为自身本没有认证授权功能的Web站点实现认证及授权。 示例是使用的AWS EKS服务作为K8S环境。鉴于K8S的应用运行时属性,该示例也可以部署在其他云厂商托管的K8S。 示例模块简介 Nginx Ingress Controller为K8S集群内Web应用提供反向代理,以及支持外部认证。 简单的Web站点,基于Nginx docker容器。该站点默认没有认证及授权功能,使用外部钉钉应用作为认证及授权。 OAuth2 Proxy on Dingtalk提供基于钉钉应用的扫码认证及授权,只有认证且授权的用 …
Read More about 为Kubernetes中任意应用添加基于oauth2的认证保护 (下)