Lightnews — Scholar-powered news

Tobias Schmidt @tpschmidt.com · 1h

Afterward, you can try out Teleport for free for 14 days to get your own perspective and experience on their service:
fandf.co/4nJSbwR

Tobias Schmidt @tpschmidt.com · 1h

If you're just starting out or if you want to take your agent setup to a professional level in your company, have a read of Teleport's in-depth guide on MCP security. You'll definitely learn a lot:
fandf.co/3IFbAQF

1

Tobias Schmidt @tpschmidt.com · 1h

In a nutshell 🥜
Each LLM or service gets just the access it needs, only when it needs it. Fresh, short-lived credentials. All actions logged.

1

Tobias Schmidt @tpschmidt.com · 1h

Good news: you don't need to build this yourself.
Teleport.sh solves all of this for you!

Big thanks to them for partnering on this post and introducing me their platform! 🤝

1

Tobias Schmidt @tpschmidt.com · 1h

So what do we need to make this better?

1. Dedicated identities for the LLMs/MCP servers 👥
2. Tailored permissions, only for actions that are necessary 📝
3. Short-lived credentials 🔑
4. Auditing of actions taken ✏️

1

Tobias Schmidt @tpschmidt.com · 1h

When taking it further, thinking about multi-agent scenarios where agents are fanning out calls to other agents, this traceability issue becomes even worse.

1

Tobias Schmidt @tpschmidt.com · 1h

The problem: if you run them locally via your own assumed role, or even remotely in some instance or Lambda function, you always have the issue of sticky long-term credentials.

What's even worse is that there's zero traceability out of the box.

1

Tobias Schmidt @tpschmidt.com · 1h

Most people I know worry about their AWS accounts' security.
With no spending cap, this is a valid concern.
Today, with LLMs & MCP servers, security becomes even harder.

I love using MCP servers for AWS tasks, especially with the large set of official ones provided by AWS.

1

Tobias Schmidt @tpschmidt.com · 3h

Worth to check out the docs from time to time as they are crystal clear.
docs.aws.amazon.com/AmazonCloud...

Tobias Schmidt @tpschmidt.com · 3h

• ⚡️ 𝗟𝗮𝗺𝗯𝗱𝗮: just pull in the ADOT layer, set a few environment variables and you're good to go.
• 🤖 𝗘𝗖𝗦: either bundle the auto-instrumentation dependency into your app or use the pre-built docker layer as an init sidecar.

Yes, it's that simple.

1

Tobias Schmidt @tpschmidt.com · 3h

Did you know that AWS is going all-in on OpenTelemetry?
If not, you probably also don't know how easy it is to get started with OTEL on managed AWS services like Lambda or ECS.

Literally takes just minutes.
Bonus: Directly integrates with Application Signals! 🕵

2 2

Tobias Schmidt @tpschmidt.com · 11d

P.S. Costs appear as negative because I've requested the charge type credit, which displays applied credits 💸

Tobias Schmidt @tpschmidt.com · 11d

Definitely need to improve the prompt a little bit to show the account's name instead of the IDs 🙌

1

Tobias Schmidt @tpschmidt.com · 11d

Link to the MCP server at GitHub 🔗
github.com/awslabs/mcp...

mcp/src/cost-explorer-mcp-server at main · awslabs/mcp

AWS MCP Servers — helping you get the most out of AWS, wherever you use MCP. - awslabs/mcp

github.com

1

Tobias Schmidt @tpschmidt.com · 11d

Getting my AWS organization's monthly cost report by account directly in the terminal with the official MCP AWS Cost Server ✨

Big thanks to Warp and AWS for releasing so many excellent MCP Servers! 🤝

1

Tobias Schmidt @tpschmidt.com · 13d

Also, if you're interested in more, we run a bi-weekly free newsletter where we teach more real-world AWS things! Feel free to subscribe
awsfundamentals.com/newsletter

AWS Fundamentals Newsletter

Learn AWS skills that actually work in production. Join 10k+ engineers mastering real-world cloud architecture

awsfundamentals.com

Tobias Schmidt @tpschmidt.com · 13d

Official announcement article 🔗
aws.amazon.com/about-aws/w...

Anthropic’s Claude Sonnet 4.5 is now in Amazon Bedrock - AWS

Discover more about what's new at AWS with Anthropic’s Claude Sonnet 4.5 is now in Amazon Bedrock

aws.amazon.com

1

Tobias Schmidt @tpschmidt.com · 13d

Didn't do too much with 4.5 yet, but the new memory tool looks interesting. Storing and recalling info outside the context window means you can keep agents focused without burning context tokens on stale data and still don’t forget what happened an hour ago. 🧠

1

Tobias Schmidt @tpschmidt.com · 13d

Just saw that Claude Sonnet 4.5 already landed in Amazon Bedrock last week 🔥
AWS is definitely the best single access point for LLMs.

1

Tobias Schmidt @tpschmidt.com · 14d

Announcement article 🔗
aws.amazon.com/about-aws/w...

AWS API MCP Server v1.0.0 release - AWS

Discover more about what's new at AWS with AWS API MCP Server v1.0.0 release

aws.amazon.com

Tobias Schmidt @tpschmidt.com · 14d

GitHub Repository Link 🔗
github.com/awslabs/mcp...

mcp/src/aws-api-mcp-server at main · awslabs/mcp

AWS MCP Servers — helping you get the most out of AWS, wherever you use MCP. - awslabs/mcp

github.com

1

Tobias Schmidt @tpschmidt.com · 14d

Bonus: You can run it as a container from ECR or pull from the AWS Labs GitHub. As it’s obviously open source, so you can actually see what’s going on under the hood.

And it's not a third-party MCP server, but officially developed by AWS.

1

Tobias Schmidt @tpschmidt.com · 14d

AWS just shipped v1.0.0 of the AWS API MCP Server. ⚡️
I played around with the earlier versions and liked it a lot.

Much better than just working with plain models that directly interact with the CLI and hallucinate a lot with non-existing commands and/or parameters.

1

Tobias Schmidt @tpschmidt.com · 18d

Official AWS Blog post for this 🔗
aws.amazon.com/blogs/mt/si...

Simplifying Log Management using Amazon CloudWatch Logs Centralization | Amazon Web Services

Managing logs across multiple AWS accounts and regions has always been a complex challenge for organizations. As AWS infrastructure grows to include separate accounts for production, development, and staging environments, along with regions, the complexity of log management increases exponentially. During critical incidents, especially during off-hours, teams spend valuable time, searching through multiple accounts, correlating […]

aws.amazon.com

Tobias Schmidt @tpschmidt.com · 18d

Also, if you're interested in more, we run a bi-weekly free newsletter where we teach more real-world AWS things! Feel free to subscribe
awsfundamentals.com/newsletter

AWS Fundamentals Newsletter

Learn AWS skills that actually work in production. Join 10k+ engineers mastering real-world cloud architecture

awsfundamentals.com

1