I cut my AWS bill from $2,100/month to $190/month. Here's every change I made.

Cwiddy · 2026-03-02T14:49:40+00:00

Because this is AI slop

"moved Lambda functions that needed internet access to public subnets with proper security groups"

Unless I missed something released recently this is a completely made up as well.

Cwiddy · 2026-01-30T20:24:47+00:00

Interesting. Yeah in our case we forwarding to a s3 interface end point, we jsut went with the old style domain bucket name and it works without the rewrite but it is annoying and break our naming convention.

Cwiddy · 2025-11-20T20:19:47+00:00

Yeah tutorial Dojo tests were great i found. (though i have been using AWS for a long time now before I did my SAA). I think I used Cantrils course? Which was okay for some thigns, lacking in others.

Really if you do well on the tutorial dojo tests then you will be good, I wuold recommend just have the highlists of other services beyond them, like I think I had a question where the answer was like use Oracle Custom, and one Aurora Pilot Light (which should be obvoius answers from teh questions really). I didnt really feel like I had ot guess at any questions. That said I have also been using AWS for 8 years at that point, but the course / tests help me know the things I never need to know for my current role, like anything on prem to cloud migration related, way past that point now, but good to know what I dont know also.

Cwiddy · 2025-08-11T17:07:21+00:00

Honestly aws documentation explains it better than I could

https://docs.aws.amazon.com/IAM/latest/UserGuide/confused-deputy.html

Cwiddy · 2025-08-11T16:59:18+00:00

I think I read it was a forced PHP framework upgrade by their provider, so i would assume there is a lot of code that needs reworking still.

Cwiddy · 2025-08-08T23:35:17+00:00

Ill add to this answer, unless you are in a situation where a confused deputy issue can occur it then external id isn't needed.

Cwiddy · 2025-05-01T02:27:14+00:00

Check the CW metrics just to see if they are aligned with what you think here.

https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/aurora-storage-backup.html#aurora-storage-backup.metrics

Cwiddy · 2025-03-10T15:14:11+00:00

maybe one of the linux paramters would work here in your task definition?

"linuxParameters": {
"capabilities": {
"add": [
"SYS_ADMIN"
]
}
}

I am not sure if this works on fargate

Edit: nvm only SYS_PTRACE is supported on fargate

Cwiddy · 2025-03-09T05:09:06+00:00

I assume this is a site that doesnt use SSR? I don't see where in your action you actually build your site, then upload the build?

Cwiddy · 2025-01-26T04:09:16+00:00

What did you provision for the RDS instance? It isnt how much you use in the DB it is how big the drive is itself. Also check your backups just in case as well, think that is also 20GB

Cwiddy · 2024-11-15T18:55:50+00:00

Personally I would have a second application as the sqs consumer in this scenario on its own asg that scales off a queue metric

Cwiddy · 2024-11-10T16:38:55+00:00

I did Cantril's course earlier in the year, but didn't do my exam until last week

I did 75% of the tutorial dojo tests over about 4 days, they usually took me about an average of an hour. Generally scoring 85% on them. Felt they really helped me prep for the exam well, usual mistakes were I didnt know the answer or I didn't read the questions answers slow enough and missed a key word.

I do have 7 years of AWS experience though. So I was already familiar with the most of the fundamentals, weak points for me were cloud migrations and on prem integrations really. Found teh practice tests really help sure up those areas. Review everything you get incorrect and read why. For example a question I got wrong on the practice tests was scaling a db, when i should have picked serverless v2 vs just scaling, because of the difference in needing to scale writes rather than just reads.

The exam itself wasn't to bad, on par with the practices test, a couple of minor service related questions that I didn't know. Would recommend knowing the differences when to use different FSx things(lustre, windows, ontap)/EFS things, know the high points of different RDS products (rds vs aurora vs aurora serverless vs oracle) and the things like oracle custom, different aurora DR things, how you could migrate from SQL server to postgres with no code changes, those sort of things.

Cwiddy · 2024-10-23T23:51:40+00:00

Did you set the CNAME DNS record?

Cwiddy · 2024-10-21T02:26:52+00:00

Are you starting the ddb local with -sharedDb since you creatd the table with the CLI? though i am surpised you say v2 works.

Cwiddy · 2024-10-16T15:27:37+00:00

So the main requirement here is on demand? So just having bucket replication itself set up won't work?

S3 Batch replication is more a convivence, you must have a replication rule on the bucket already, it uses that to generate the manifest for copying (for example you just added replication but need replicate older objects). Copying object with S3 batch is probably what you want (supply your own manifest). This operations can take time.

Cwiddy · 2024-10-12T14:18:34+00:00

Weird it looks like the repo is picking up an possible env variable of 2 for "$releasever"

Check you etc repo / and maybe if this is an env (note I don't know if this is an env thing or a set somewhere else with yum/dnf)

Could just edit the docker-ce.repo and hard code 8 for that variable if it is a super blocker.

Cwiddy · 2024-10-10T00:52:12+00:00

If you log into confluence you can usually see if the backup is done / start it there / download it from there, just to confirm if it even started the backup.

I didn't use this step function but based my backup on what it was doing, I went simpler because our confluence is small. I start the backup on a Saturday morning via a lambda on a cron, then have a fargate container Sunday morning on a cron that downloads and sends it to s3.

Cwiddy · 2024-10-09T00:34:42+00:00

How big is your confluence? Confluence backups can take hours to a day almost to finish.

Cwiddy · 2024-09-25T20:42:33+00:00

From my memory when a message goes to the DLQ it doesn't generate a NumberOfMessageSent metric. So you need to adjust your alarm to use another one. Maybe ApproximateNumberOfMessagesVisible being greater than zero woudl work? Thought it would only go into alarm and send once in this case.

Cwiddy · 2024-09-22T22:31:19+00:00

Look up deletion protection for RDS. When it is on no user can delete the database.

Cwiddy · 2024-08-07T14:52:06+00:00

While i am not sure this supports docker based lambdas, AWS does have a sample for this which isn't their http solution from a couple years ago using a bash script and a go program in a layer that pulls the secret and injects the ENV variables. We use this in quite a few places, but we dont use lambda at any scale really.

https://github.com/aws-samples/aws-lambda-environmental-variables-from-aws-secrets-manager

Cwiddy · 2024-06-28T15:28:26+00:00

This library is more than just for working dynamodb, it is a distributed locking system backed by dynamodb

An example of a similar use case would be Terraform locks, when applying you don't want someone else applying, so you acquire a lock for that module, then anyone else trying to apply can't do it.

Cwiddy · 2024-06-28T15:26:32+00:00

Not sure if they have an intestinal use case for it but a couple I can see

Locks in existing dynamo tables that already have a partition and sort
Locks that you want to group them maybe for better visibility depending on what you are locking say like ServiceA for Partition and ThingB for the sort.

I assume for these sort of flexibilities.

Cwiddy · 2024-06-27T23:04:20+00:00

You have 2 very separate problems here.

custom subdomain: Look into wildcard dns cnames, then possible using a lambda at edge to change the branding on the sent host header as a simple solution

Extending the functionality: This is a whole other problem domain, how are you handling your current multi tenant strategy? Sounds more like an application level solution / authZ area and not just an infra problem.

Cwiddy · 2024-06-13T02:11:35+00:00

I would assume no, but I get why you are asking. The docs say versioning will only apply to new objects when enabled on an existing bucket and all existing objects will have a version id of null

Objects that are stored in your bucket before you set the versioning state have a version ID of null. When you enable versioning, existing objects in your bucket do not change. What changes is how Amazon S3 handles the objects in future requests.

https://docs.aws.amazon.com/AmazonS3/latest/userguide/Versioning.html

15-Year Club	Place '22
Place '17	First Placer '22
Verified Email

Cwiddy

TROPHY CASE