The Well-Architected Framework is one of the more useful things to have internalised for serious AWS work. It comes up in architecture trade-off discussions, CDK design decisions, cost justifications, security reviews - not as a formal checklist but as a consistent vocabulary for reasoning through decisions. I started writing notes to keep the structure clear and they grew into this series. The framework is AWS鈥檚 documented approach to evaluating cloud workloads against a set of architectural best practices. It is structured around six pillars, supported by a tool for running formal reviews against your own workloads, and extended by Lenses that apply the same thinking to specific domains like serverless or SaaS. This series works through each component. ...
AWS CDK lets you define cloud infrastructure in familiar programming languages - Python, TypeScript, Java - and synthesise it into CloudFormation. Compared to writing raw CloudFormation or Terraform HCL, CDK gives you loops, conditionals, type safety, and reusable constructs. This series covers practical CDK patterns using Python, with a consistent use case across all parts so the trade-offs are easy to compare. Why CDK over CloudFormation for AWS-native workloads? CloudFormation is YAML or JSON - no loops, no conditionals, no abstraction. Any shared pattern gets copy-pasted. CDK uses a real programming language - loops, functions, classes, and type checks all apply to infrastructure the same way they apply to application code. L2 constructs handle boilerplate. bucket.grant_read(fn) generates the IAM policy, role attachment, and resource reference in one call. The CloudFormation equivalent is four resources wired together manually. The compiler catches mistakes before CloudFormation ever sees the template. CDK still synthesises to CloudFormation under the hood - rollbacks, drift detection, and stack history are unchanged. Why CDK over Terraform for AWS-native workloads? Terraform鈥檚 strength is multi-cloud. For AWS-only workloads, that comes with overhead that doesn鈥檛 pay off - a state backend, a provider version to pin, and HCL alongside the application code. CDK uses CloudFormation as the deployment engine - AWS manages state natively. No S3 bucket for state, no DynamoDB table for locking, no terraform init in the pipeline. New AWS services appear in CDK constructs faster. IAM is easier. Terraform requires writing policy JSON by hand and threading ARNs between resources. CDK鈥檚 grant_* methods generate least-privilege policies from the resource graph. Terraform is the right call when infrastructure spans multiple cloud providers, or when the team already has a mature Terraform codebase. Use case Deploy an AWS Lambda function that processes files uploaded to an S3 bucket. Configuration - bucket name, log level, Lambda timeout - varies per environment (dev, staging, prod). Simple infrastructure by design - the CDK patterns are the point, not the resources. ...
I sat the AWS Certified AI Practitioner (AIF-C01) and passed. This is the retrospective I wish I had read before starting - what the exam actually tests, the services and concepts to know well, and which prep resources earned their place. AIF-C01 covers more ground than the name suggests: classical ML, generative AI, foundation models, and responsible AI. Domains 2 and 3 carry the most weight and the vocabulary is denser than it looks. Your starting point will shape where you need to spend time, so calibrate accordingly. ...
Kiro CLI is an AI-assisted terminal tool for AWS, rebranded from Amazon Q Developer CLI in November 2025. It sits on top of your existing AWS credentials and tooling. The q and q chat shortcuts from Q CLI still work but kiro-cli is the current entry point. Install macOS brew install --cask kiro-cli Or via script: curl -fsSL https://cli.kiro.dev/install | bash Windows (PowerShell) irm 'https://cli.kiro.dev/install.ps1' | iex Linux / WSL2 (Ubuntu / Debian) - .deb ...
I sat the AWS Certified Developer Associate (DVA-C02) recently and passed. This is the retrospective I wish I had read before starting - what the exam actually tests, the services you need to know well, the concepts that trip people up, and which resources earned their place. I came in comfortable across most of the exam鈥檚 services from day-to-day work, so for me this was more about confirming and formalising what I already knew than learning it fresh. Your starting point will shape where you spend time, so calibrate the advice accordingly. ...
Problem GitHub branch protection requires all commits to have verified GPG signatures. Two commits at the base of the branch (made before GPG signing was configured) were unsigned, blocking the merge. Root cause Commits made before commit.gpgsign=true was configured in git have no GPG signature. GitHub requires all commits in a PR to be verified - one unsigned commit blocks the merge regardless of approvals. Steps to fix 1. Identify unsigned commits git log --format="%G? %ad %s" --date=short origin/main..HEAD Look for lines starting with N (no signature). Note the hash of the oldest unsigned commit鈥檚 parent on main. ...
I sat the Kubernetes and Cloud Native Associate (KCNA) and passed. KCNA is the entry-level CNCF certification - it covers Kubernetes fundamentals and the wider cloud native landscape at a conceptual level, and it is the natural first step before the hands-on CKA, CKAD, and CKS exams. It is a multiple-choice exam, so it rewards knowing what the pieces are and how they relate, not hands-on kubectl skill. If you already work with Kubernetes, a lot of this will be familiar, so calibrate the prep to what you already know. ...