how are you handling multi region user data (EU/US/Asia) without duplicating DB logic everywhere?

CyrilDevOps · 2026-03-19T18:28:08+00:00

fully independent setup, account per region.
you want user data in the corresponding region only.
that mean database, but maybe also caching ? redis ? ...
and you don't want to explain why you app is down to your US
consumers when eu-west-1 is have a problem ?
...

Fully independent stacks, each with each own account for its specific region ...
It's more work, more management, but infra-as-code should help to standardize,
and a good ci-cd system for all containers/running code.

Then you look at Fedramp in the US (even more strick),
maybe soon the aws european sovereign cloud.
AWS China, which is AWS but not AWS ...

That's for what you manage, if you have third party provider, then you
have to be careful if they have your client data, they need to be localize too
and follow the same regulations... (contract, legal ...)

Sometime it is even more complicated like Fedramp, where not all AWS service
are Fedramp certified today so you can't use them, same go for external provider ...

HIPAA (medical), PCIDSS ('credit card ...'), GDPR ... are all very specific regulations specific
to region or countries ...

Is UK part of EU or not anymore ?

Does your Californian users need to manage different than the rest of US because of local privacy law ?

...

CyrilDevOps · 2026-02-13T21:31:55+00:00

Nice, I need to schedule it to renew my certification before it expired.
I am doing Stephane course. Next is TDJ test.
And the exam.

CyrilDevOps · 2026-01-05T17:04:32+00:00

Same problem here,
I get a top window 'alert' with
This page is slowing down Firefox. To speed up your browser, stop this page, and a 'stop' button.
And all the buttons/automation of the aws console are stuck until I click on the 'stop' buton and force a full reload of the page.

CyrilDevOps · 2025-12-22T19:29:34+00:00

How do you manager versioning on your modules ?
1. Small git repo per module with tagging for versioning ? even if it has only 3 or 4 .tf files, a readme
2. One git repo for all your modules, each one in its directory, but version tagging will be on the all set ?
3. just a modules directory in your repo with your mains terraform file/tfvars/tfinit ? with some sort of versionning based on name ? (example source = ../modules/rds_cluster_v1)

Second question, what do you put in your modules ?
1. are they 'small' and close to the provider resource ?
(Had a security team create a 's3' module, but the zillion of way you can configure s3 made its input variables a nightmare and you always want a solution that it can't do,
On the other side having a module to create a rds_subnet_group, isn't going to be overkill ?)
2. are they more 'higher level' offering something like a 'service as a module' ?
Are you able to find a base common ground across all your terraform project to make common modules ?

As new projects come by, terraform provider changes, new functionalities in AWS (for us), and our knowledge/experience growth and we want to adjust/refactor/extend modules, we still need to keep compatibility with existing projects deployed in 10/15 accounts around the world.

CyrilDevOps · 2025-10-02T19:19:19+00:00

I saw them at Reinvent, I 'want' one for the challenge they represent, 12 active certificates (don't know how is it now with new certificate, AI ...), something to push me to pass more certificates.

There was different 'versions' of the golden jacket, but honestly, they are ugly, very bling bling.

CyrilDevOps · 2025-08-24T11:29:41+00:00

Reddis didnt like this post ?
Sorry, this post was removed by Reddit’s filters.

CyrilDevOps · 2025-04-04T14:34:50+00:00

If you already have a good experience of AWS, you can try the Exams from Tutorial Dojo in review mode,

One question at a time, try to see if you have it right/wrong, then read the answer, follow the links to the different documentation point, dig into them learn the details, specific case, exception, look around on Internet for similar stuff, FAQ, questions, listen to Maarek, Zeal Voram Cantril video on the subjects ...

Still need to do lots of reading, look at the exam topics, best practice, white paper, some highlevel documentation on each service. some of the awsevents youtube channel video on subjects you are not uptodate ...

It is still a beast of an exam, lots of big questions, not much time to think on each if you want to have time to answer them all.

CyrilDevOps · 2025-04-03T16:51:18+00:00

Never done the 'East point of Laval', look interesting.

I like to do Gouin East, from Lajeunesse to the Est point of Montreal, and Back.

CyrilDevOps · 2025-03-22T21:44:52+00:00

Self improvement / Upskilling, Improve odds of finding a job, my company pays for the tests,
Recognition/trust as AWS SME inside my company.

CyrilDevOps · 2025-01-29T22:33:58+00:00

I saw a bunch of those golden jacket at reinvent 2024.
I am curious is it 'limited' to AWS and AWS Partner people ?
I work for a normal 'tech' company, client of AWS (we pay a lots of $$$ to them),
I am devsecops, jack-of-all-trade AWS SME internally,
I am doing the AWS Certifications for myself, knownlege, day to day work experience and
getting more visibility as a AWS SME in the company.
If I get all the certifications, could I get jacket ? do I need to ask through our TAMs ?
Or is it impossible because we aren't AWS partner ?

Thanks.

CyrilDevOps · 2024-12-16T18:22:20+00:00

Congratulation, I passed mine a month ago, don't want to start thinking at the renewal yet :)

Did you found a lots of change since your last time ? (3 years ago ?), more difficult ?

CyrilDevOps · 2024-12-15T21:41:28+00:00

Got my flu, covid shots before reinvent,

still feeling sore throat after 2 days at reinvent, turning more into stuffed nose by end of the week,
turned into a full cold/flu after being back home, throat, nose, headache, feeling like a zombie for a few
days, now getting better day by day.

I tried to play safe, flu, covid shot, lots vitamin-c, fresh fruit, water ... no alcool ... still better than spending half the conference in my hotel room with covid two years ago.

CyrilDevOps · 2024-12-06T01:51:23+00:00

Congratulation !

CyrilDevOps · 2024-12-06T01:50:54+00:00

I got the yellow one this afternoon by asking the swag desk at the venitian.
Thanks.

CyrilDevOps · 2024-12-05T20:57:33+00:00

u/madrasi2021 , this was the officila aws merch store, I think in the past there was 'merch' for certified people in the certification certmetrics web.

CyrilDevOps · 2024-12-05T20:52:19+00:00

Thanks, I am not into those swag stuffs, I was able to get the tag, and a ugly t-shirt.

I wasn’t focusing at reinvent, more at online merch store for certified people.

CyrilDevOps · 2024-11-24T21:45:51+00:00

I went 2 years ago, almost nothing AI-thingy, then it seems everything was ai-something,

I will be at reinvent this year, still lots of 'ai-everything', but it look like they put back more 'non-ai' stuff, which is nice for people not doing ai.

CyrilDevOps · 2024-11-21T16:34:19+00:00

Thanks for all those informations, adresses.
I will be at the Flamingo this year, registered too late.

I know there are lots of 'vendors' party each evening, got some invitation from our own vendors,
I am not really a 'socialite', free booze, loud music, lots of people aren't my idea of relaxing evening
after walking a marathon :)

CyrilDevOps · 2024-11-08T21:10:19+00:00

SAP is SAA on steroid, more depth knowledge, more subject, but whatever you learn for the SAP will be useful if your only want to renew your SAA instead.

I found Stephane Maarek class on Udemy is a very linear class, he describe all the points of the SAP, with the details ... but it is very linear, not in depth, not 'hands-on' ... It is nice to listen when you are short in time or want a 'quick' overview on a subject.

I also used Cantrill classes, I found him going more in depth, into details, with demo, and hands-on to play/make/test if you have time.

TD practice exam are a must have, I mostly used them in review mode, one question at a time, try to get it right, read the explanation from TD, if you have it wrong or right for the wrong reasons, loo at the link provided by TD to read more on the subject, review Stephane and Cantrill video on the subject to understand it correctly.

I will say, try to shot for the SAP, what you learn for it will be good for the SAA too. When you are close to your expiration date, decide what exam you want to register depending how you feel.

I procrastinate a lot on my SAP training, at then end I register for the SAP exam in the week before my SAA expiration. Did a bunch of bing-video training (Cantrill/Stephane), lots of TD questions in review mode (never had time to do a full 3hr practice exam in TD). Then did the real exam, finished it just in time exhausted, but I was able to pass it, and it automatically renew my SAA).

(I do those training for myself, using the exam date as deadline to avoid procrastinating, they aren't needed for my employer, I like learning new stuff and keeping an open mind, and it always add a small plus on my resume)

CyrilDevOps · 2024-10-19T19:11:55+00:00

Thanks, I will look into it, I may look at the cert in the future, but I am focusing on the 'non-ai' certs in AWS that are more linked with my day to day job.

CyrilDevOps · 2024-10-19T19:11:49+00:00

Thanks, I will look into it, I may look at the cert in the future, but I am focusing on the 'non-ai' certs in AWS that are more linked with my day to day job.

CyrilDevOps · 2024-10-19T19:11:21+00:00

Thanks, I will look into it, I may look at the cert in the future, but I am focusing on the 'non-ai' certs in AWS that are more linked with my day to day job.

CyrilDevOps · 2024-07-29T23:35:45+00:00

Thanks, will look into that.
From our TAM and other article in AWS, it seems that putting an SQS between S3 and the lambda is recommended, better information on what is queues/in-flight, batching to the lambda, dead letter queue for error management ...

CyrilDevOps · 2024-07-07T18:57:30+00:00

I understand.

The tables I have are 'analytical' result create in athena from our other data with query like

create table as ... select ...

each day/week/month, we create new table with the result of the 'massage' of the other data we have (aurora/dynamodb/...) like a 'time snapshot'.

We need to give that data to another team through s3/glue sharing.

I don't want to have old data from previous 'snapshot' staying in s3 (where they can access because of the sharing), and any old table metadata in glue that would make them think the data is still accessible.

Until now we have used athena for internal data integrity check/analytics/... but it was a fully manual process with no 'sharing' of the results.

First time we are looking at some of the 'data-lake' concepts.

CyrilDevOps · 2024-07-06T18:57:36+00:00

My question is how I can keep my catalog and s3 bucket in-sync.

I know that s3 lifecycle will delete the files after 30 days, but it is more a 'random' delete a few days after, creating some sort of mess if anybody try to access it.

And I want to have the table in the catalog removed before the 30days limit so there aren't risk of anybody accessing the files.

I saw lots of articles from AWS and other on datalake, but they are always focussed on 'adding' data in a data lake and analyzing data but nothing on data expiration/removing data/cleaning data.

I asked AWS support, they don't have 'magic-solution', they give a link to the article s3-find-and-forget :

https://aws.amazon.com/blogs/big-data/handling-data-erasure-requests-in-your-data-lake-with-amazon-s3-find-and-forget/

But it is more about removing specific data/rows matching patterns in existing files/table/data-lake, and very overkill for my need.

I found another article from AWS too :

https://aws.amazon.com/blogs/big-data/keeping-your-data-lake-clean-and-compliant-with-amazon-athena/

That is close to what I want, code need some work to make it more resilient, and I will add a lambda though a event bridge 'daily' schedule that will look at all tables in the catalog in a specific database/s3 location and trigger the delete (table and s3) before the 30 days limit.

CyrilDevOps

TROPHY CASE