Tobias Schmidt
@tpschmidt.com
Helping aspiring engineers master the cloud
👨💻 Freelance Software Engineer
✍️ Book #1: http://awsfundamentals.com
📕 Book #2: http://cloudwatchbook.com
Learn AWS for Free: https://awsfundamentals.com/newsletter
👨💻 Freelance Software Engineer
✍️ Book #1: http://awsfundamentals.com
📕 Book #2: http://cloudwatchbook.com
Learn AWS for Free: https://awsfundamentals.com/newsletter
I've read a lot of scary stuff, but this is nightmare level:
Putting long-lived AWS keys into your JS 💥
You can never argue about this, not even in the tiniest, fastest-moving startup.
In this case, it was a multi-billion dollar company.
Putting long-lived AWS keys into your JS 💥
You can never argue about this, not even in the tiniest, fastest-moving startup.
In this case, it was a multi-billion dollar company.
November 16, 2025 at 8:01 AM
I've read a lot of scary stuff, but this is nightmare level:
Putting long-lived AWS keys into your JS 💥
You can never argue about this, not even in the tiniest, fastest-moving startup.
In this case, it was a multi-billion dollar company.
Putting long-lived AWS keys into your JS 💥
You can never argue about this, not even in the tiniest, fastest-moving startup.
In this case, it was a multi-billion dollar company.
Do you know every part of your distributed system and how they work together?
CloudWatch helps with this now, as it can auto-discover and map your whole application stack, even across accounts and regions.
(Almost) without any manual setup! 👀
CloudWatch helps with this now, as it can auto-discover and map your whole application stack, even across accounts and regions.
(Almost) without any manual setup! 👀
November 15, 2025 at 7:59 AM
Do you know every part of your distributed system and how they work together?
CloudWatch helps with this now, as it can auto-discover and map your whole application stack, even across accounts and regions.
(Almost) without any manual setup! 👀
CloudWatch helps with this now, as it can auto-discover and map your whole application stack, even across accounts and regions.
(Almost) without any manual setup! 👀
Took the time to start building a proper CloudWatch dashboard for AWS Fundamentals, just using out-of-the-box service metrics. More things to come, but already feels quite nice ✨
Dashboard was created via IaC with Pulumi.
Can't lie: experience isn't too good.
Dashboard was created via IaC with Pulumi.
Can't lie: experience isn't too good.
November 14, 2025 at 7:56 AM
Took the time to start building a proper CloudWatch dashboard for AWS Fundamentals, just using out-of-the-box service metrics. More things to come, but already feels quite nice ✨
Dashboard was created via IaC with Pulumi.
Can't lie: experience isn't too good.
Dashboard was created via IaC with Pulumi.
Can't lie: experience isn't too good.
Always loved this at the HTTP API Gateway, now it's also available at the ALB: JWT validation - including claims! 🔑
Excited to see what other pre:Invent releases we get! 💛
aws.amazon.com/about-aws/w...
Excited to see what other pre:Invent releases we get! 💛
aws.amazon.com/about-aws/w...
November 13, 2025 at 10:28 AM
Always loved this at the HTTP API Gateway, now it's also available at the ALB: JWT validation - including claims! 🔑
Excited to see what other pre:Invent releases we get! 💛
aws.amazon.com/about-aws/w...
Excited to see what other pre:Invent releases we get! 💛
aws.amazon.com/about-aws/w...
Can't lie: still struggling to create software that easily deals with huge traffic!
That's why I'm always mind-blown about Amazon's Prime Day numbers 🧠 💥
An outtake of the most thrilling ones:
That's why I'm always mind-blown about Amazon's Prime Day numbers 🧠 💥
An outtake of the most thrilling ones:
November 13, 2025 at 7:59 AM
Can't lie: still struggling to create software that easily deals with huge traffic!
That's why I'm always mind-blown about Amazon's Prime Day numbers 🧠 💥
An outtake of the most thrilling ones:
That's why I'm always mind-blown about Amazon's Prime Day numbers 🧠 💥
An outtake of the most thrilling ones:
If you still think CloudWatch is an expensive, outdated observability service with a sluggish UI, take a look at Joseph Alioto's recent talk. You'll be surprised! 🎁
November 12, 2025 at 7:57 AM
If you still think CloudWatch is an expensive, outdated observability service with a sluggish UI, take a look at Joseph Alioto's recent talk. You'll be surprised! 🎁
If you're not sure if some of your logs can go into the Infrequent Access storage class to save 50% of your costs, here's all you need to know.
Just saw this nice table in Joseph Alioto's presentation "I didn't know Amazon CloudWatch could do that!" 🕵️♂️
Just saw this nice table in Joseph Alioto's presentation "I didn't know Amazon CloudWatch could do that!" 🕵️♂️
November 11, 2025 at 8:04 AM
If you're not sure if some of your logs can go into the Infrequent Access storage class to save 50% of your costs, here's all you need to know.
Just saw this nice table in Joseph Alioto's presentation "I didn't know Amazon CloudWatch could do that!" 🕵️♂️
Just saw this nice table in Joseph Alioto's presentation "I didn't know Amazon CloudWatch could do that!" 🕵️♂️
If you're using VPCs, Lambda & IPv6, you can finally skip the NAT gateway for outbound internet access! 💸
aws.amazon.com/blogs/compu...
aws.amazon.com/blogs/compu...
November 10, 2025 at 2:29 PM
If you're using VPCs, Lambda & IPv6, you can finally skip the NAT gateway for outbound internet access! 💸
aws.amazon.com/blogs/compu...
aws.amazon.com/blogs/compu...
𝗧𝗜𝗟: there are two "Secret Cloud" regions at AWS 🥷
There's no public access; it's only available via contacting sales.
aws.amazon.com/federal/sec...
There's no public access; it's only available via contacting sales.
aws.amazon.com/federal/sec...
November 10, 2025 at 8:00 AM
𝗧𝗜𝗟: there are two "Secret Cloud" regions at AWS 🥷
There's no public access; it's only available via contacting sales.
aws.amazon.com/federal/sec...
There's no public access; it's only available via contacting sales.
aws.amazon.com/federal/sec...
The AWS Fundamentals community just crossed 11k subscribers! ✨
To help us keep creating valuable content and take things even further, we're officially looking for long-term sponsors! ✨
To help us keep creating valuable content and take things even further, we're officially looking for long-term sponsors! ✨
November 9, 2025 at 8:01 AM
The AWS Fundamentals community just crossed 11k subscribers! ✨
To help us keep creating valuable content and take things even further, we're officially looking for long-term sponsors! ✨
To help us keep creating valuable content and take things even further, we're officially looking for long-term sponsors! ✨
Did you know that you can generate AWS architecture diagrams with Q?
Without hallucinations, as there are MCP servers for the diagrams and the AWS documentation.
No more fiddling around with whatever manual tool you hate least.
Without hallucinations, as there are MCP servers for the diagrams and the AWS documentation.
No more fiddling around with whatever manual tool you hate least.
November 7, 2025 at 8:00 AM
Did you know that you can generate AWS architecture diagrams with Q?
Without hallucinations, as there are MCP servers for the diagrams and the AWS documentation.
No more fiddling around with whatever manual tool you hate least.
Without hallucinations, as there are MCP servers for the diagrams and the AWS documentation.
No more fiddling around with whatever manual tool you hate least.
If you didn't know, AWS offers many official MCP servers 🪄
This includes AWS knowledge, infrastructure automation, database management, and cost insights.
github.com/awslabs/mcp
Here's a brief overview of what's already available:
This includes AWS knowledge, infrastructure automation, database management, and cost insights.
github.com/awslabs/mcp
Here's a brief overview of what's already available:
November 6, 2025 at 8:00 AM
If you didn't know, AWS offers many official MCP servers 🪄
This includes AWS knowledge, infrastructure automation, database management, and cost insights.
github.com/awslabs/mcp
Here's a brief overview of what's already available:
This includes AWS knowledge, infrastructure automation, database management, and cost insights.
github.com/awslabs/mcp
Here's a brief overview of what's already available:
If you're working a lot with LLMs and AWS, I highly recommend using the AWS Knowledge MCP Server.
Easy to plug into your favorite tool, regardless if it's Claude Code, Cursor, Warp or Raycast! ✨
awslabs.github.io/mcp/servers...
Easy to plug into your favorite tool, regardless if it's Claude Code, Cursor, Warp or Raycast! ✨
awslabs.github.io/mcp/servers...
November 5, 2025 at 7:57 AM
If you're working a lot with LLMs and AWS, I highly recommend using the AWS Knowledge MCP Server.
Easy to plug into your favorite tool, regardless if it's Claude Code, Cursor, Warp or Raycast! ✨
awslabs.github.io/mcp/servers...
Easy to plug into your favorite tool, regardless if it's Claude Code, Cursor, Warp or Raycast! ✨
awslabs.github.io/mcp/servers...
Centralized logging across AWS accounts used to be somewhat complicated, even with OAM.
Seems like this is solved now - free of charge!
Seems like this is solved now - free of charge!
November 3, 2025 at 8:00 AM
Centralized logging across AWS accounts used to be somewhat complicated, even with OAM.
Seems like this is solved now - free of charge!
Seems like this is solved now - free of charge!
While everyone rages about the recent AWS outage:
There were two major Azure Front Door incidents last month at Azure.
Latest one was on Oct 29th and still not 100% resolved 💥
Thanks, Microsoft.
There were two major Azure Front Door incidents last month at Azure.
Latest one was on Oct 29th and still not 100% resolved 💥
Thanks, Microsoft.
November 3, 2025 at 7:14 AM
While everyone rages about the recent AWS outage:
There were two major Azure Front Door incidents last month at Azure.
Latest one was on Oct 29th and still not 100% resolved 💥
Thanks, Microsoft.
There were two major Azure Front Door incidents last month at Azure.
Latest one was on Oct 29th and still not 100% resolved 💥
Thanks, Microsoft.
Already afraid that it's too late to ask: what's the hype about ECS Managed Instances?
Where's the difference to ECS on Fargate, or just ECS on "normal" EC2?
Reads like we can finally get the full EC2 capabilities, but without babysitting the fleet?
Where's the difference to ECS on Fargate, or just ECS on "normal" EC2?
Reads like we can finally get the full EC2 capabilities, but without babysitting the fleet?
November 2, 2025 at 8:03 AM
Already afraid that it's too late to ask: what's the hype about ECS Managed Instances?
Where's the difference to ECS on Fargate, or just ECS on "normal" EC2?
Reads like we can finally get the full EC2 capabilities, but without babysitting the fleet?
Where's the difference to ECS on Fargate, or just ECS on "normal" EC2?
Reads like we can finally get the full EC2 capabilities, but without babysitting the fleet?
Fargate with ECS is boring. And that's why I love it. It just works!
Now it got even better with built-in Canary deployments! ⚡️
The days with custom-built rollout shenanigans, featuring multiple clusters and handmade traffic shifting with Route 53 records, are over!
Now it got even better with built-in Canary deployments! ⚡️
The days with custom-built rollout shenanigans, featuring multiple clusters and handmade traffic shifting with Route 53 records, are over!
October 31, 2025 at 7:56 AM
Fargate with ECS is boring. And that's why I love it. It just works!
Now it got even better with built-in Canary deployments! ⚡️
The days with custom-built rollout shenanigans, featuring multiple clusters and handmade traffic shifting with Route 53 records, are over!
Now it got even better with built-in Canary deployments! ⚡️
The days with custom-built rollout shenanigans, featuring multiple clusters and handmade traffic shifting with Route 53 records, are over!
You can almost forget about retention policies.
CloudWatch Logs costs are mostly about the ingest.
Seen a lot of teams that don't know this about their CloudWatch bill, or how much noise is getting ingested for no reason. The new automatic dashboard in CloudWatch changes that!
CloudWatch Logs costs are mostly about the ingest.
Seen a lot of teams that don't know this about their CloudWatch bill, or how much noise is getting ingested for no reason. The new automatic dashboard in CloudWatch changes that!
October 30, 2025 at 8:00 AM
You can almost forget about retention policies.
CloudWatch Logs costs are mostly about the ingest.
Seen a lot of teams that don't know this about their CloudWatch bill, or how much noise is getting ingested for no reason. The new automatic dashboard in CloudWatch changes that!
CloudWatch Logs costs are mostly about the ingest.
Seen a lot of teams that don't know this about their CloudWatch bill, or how much noise is getting ingested for no reason. The new automatic dashboard in CloudWatch changes that!
AWS Proton has been deprecated.
Liked the vision, but I guess it didn't stick or just never worked out.
If you've never heard of Proton: AWS tried to give teams a simple way to deploy container apps with built-in templates and CI/CD.
Liked the vision, but I guess it didn't stick or just never worked out.
If you've never heard of Proton: AWS tried to give teams a simple way to deploy container apps with built-in templates and CI/CD.
October 29, 2025 at 8:02 AM
AWS Proton has been deprecated.
Liked the vision, but I guess it didn't stick or just never worked out.
If you've never heard of Proton: AWS tried to give teams a simple way to deploy container apps with built-in templates and CI/CD.
Liked the vision, but I guess it didn't stick or just never worked out.
If you've never heard of Proton: AWS tried to give teams a simple way to deploy container apps with built-in templates and CI/CD.
CloudWatch bills for high-traffic Lambda functions can get out of hand fast.
Most people focus on Lambda duration and invocations, but log ingestion is definitely the silent budget killer.
One verbose log line, multiplied by millions of requests = 🔥 💸
Most people focus on Lambda duration and invocations, but log ingestion is definitely the silent budget killer.
One verbose log line, multiplied by millions of requests = 🔥 💸
October 28, 2025 at 7:57 AM
CloudWatch bills for high-traffic Lambda functions can get out of hand fast.
Most people focus on Lambda duration and invocations, but log ingestion is definitely the silent budget killer.
One verbose log line, multiplied by millions of requests = 🔥 💸
Most people focus on Lambda duration and invocations, but log ingestion is definitely the silent budget killer.
One verbose log line, multiplied by millions of requests = 🔥 💸
Each Lambda invocation generates a CloudWatch report (duration, billed duration, memory, start/end times) - even if your code logs nothing.
And you’ll be charged for it!
Doesn't sound like much, but let's take a look at a simple calculation:
And you’ll be charged for it!
Doesn't sound like much, but let's take a look at a simple calculation:
October 27, 2025 at 8:02 AM
Each Lambda invocation generates a CloudWatch report (duration, billed duration, memory, start/end times) - even if your code logs nothing.
And you’ll be charged for it!
Doesn't sound like much, but let's take a look at a simple calculation:
And you’ll be charged for it!
Doesn't sound like much, but let's take a look at a simple calculation:
Lambda has tons of use cases, but one I've missed: using it as some kind of sandbox for running AI-generated code.
Lambda's isolation and scaling are a solid fit for this problem.
Lambda's isolation and scaling are a solid fit for this problem.
October 24, 2025 at 6:58 AM
Lambda has tons of use cases, but one I've missed: using it as some kind of sandbox for running AI-generated code.
Lambda's isolation and scaling are a solid fit for this problem.
Lambda's isolation and scaling are a solid fit for this problem.
Setting up an OpenTelemetry & CloudWatch-based observability solution with Fargate and Lambda is quite simple.
It also automatically integrates with Application Signals!
Played around with it a lot in the past few days and I like it.
It also automatically integrates with Application Signals!
Played around with it a lot in the past few days and I like it.
October 23, 2025 at 7:01 AM
Setting up an OpenTelemetry & CloudWatch-based observability solution with Fargate and Lambda is quite simple.
It also automatically integrates with Application Signals!
Played around with it a lot in the past few days and I like it.
It also automatically integrates with Application Signals!
Played around with it a lot in the past few days and I like it.
Setting up an exposed Fargate task with ECS is still not a simple task. With sst.dev, this is enough to bootstrap and wire everything 🪄
What's behind these few lines?
What's behind these few lines?
October 21, 2025 at 7:03 AM
Setting up an exposed Fargate task with ECS is still not a simple task. With sst.dev, this is enough to bootstrap and wire everything 🪄
What's behind these few lines?
What's behind these few lines?
Most people I know worry about their AWS accounts' security.
With no spending cap, this is a valid concern.
Today, with LLMs & MCP servers, security becomes even harder.
I love using MCP servers for AWS tasks, especially with the large set of official ones provided by AWS.
With no spending cap, this is a valid concern.
Today, with LLMs & MCP servers, security becomes even harder.
I love using MCP servers for AWS tasks, especially with the large set of official ones provided by AWS.
October 20, 2025 at 8:57 AM
Most people I know worry about their AWS accounts' security.
With no spending cap, this is a valid concern.
Today, with LLMs & MCP servers, security becomes even harder.
I love using MCP servers for AWS tasks, especially with the large set of official ones provided by AWS.
With no spending cap, this is a valid concern.
Today, with LLMs & MCP servers, security becomes even harder.
I love using MCP servers for AWS tasks, especially with the large set of official ones provided by AWS.