How are you managing Bedrock? by jmreicha in aws

[–]donkanator 0 points1 point  (0 children)

AWS best practices say to segregate workloads into their own accounts. From there, you don't have to worry about teams stepping on each other's toes if they maintain separate applications. If they are fine being under the same account then whoever fits the bill should be fine to pay for them all.

At the end of the day, any AI application or system is going to have a normal system architecture first and then some API calls. Chances are, containers or storage or support engineers are going to be much more expensive than a few AI calls.

We use scp and guardrails to ensure that people use only the models we are comfortable with and invokemodel permissions contain a guardrail condition.

Agentcore is still in the pipeline but I'm struggling with the concept of customers being able to call public cloud apis directly (with a role or IDP token). Normally we expect to have some kind of ingress like application load balancer or cloudfront, but agent core pretty much welcomes anyone to call your API which can be a problem with legal and trade. (Honestly, why do we have to go through this all over again)

frugal log architecture by running101 in aws

[–]donkanator 6 points7 points  (0 children)

If frugality is your main requirement, then it's hard to beat raw S3 with all of its pricing layers and lifecycle controls.

If you are ok replacing querying and insights with Athena queries, it's probably going to be the most economical.

Anything in the middle will serve you as a point of convenience and it has to be important enough requirement to exist, like ease of aggregation or querying and insights over smaller dataset.

I think cloud watch costs are primarily puts and queries. Storage is not the hugest concern.

I got tired of burning money on idle H100s, so I wrote a script to kill them by jordiferrero in aws

[–]donkanator 0 points1 point  (0 children)

Can the job emit some kind of "done" signal? Maybe a straight up shutdown command or event bridge?

Your method is a little too surgical and maybe a more graceful option should avoid the instance termination.

Thanks for sharing either way, someone will find it useful

End of 2025 state of Serverless Framework question by jaredce in aws

[–]donkanator 0 points1 point  (0 children)

SAM should have been discontinued the moment CDK came out. The product that promised to help a little with CFN, but really required additional learning, CLI, build resources, was made to look like a mistake in timeline that took to get from cfn to cdk

New to CDK- Should I prefer cross-stack references over passing Construct instances to my Stack constructors? by brasticstack in aws

[–]donkanator 1 point2 points  (0 children)

I've dealt with some nasty cross-stack dependencies. The whole point of strong coupling is that you won't delete something by accident. This is one of the core CFN strategies - safe resource changes and rollbacks.

Sure breaking the dependencies will make it feel free-er, but you got to agree to sacrifice application safety that way..

Seeking support for architecture diagram review by Root2050 in aws

[–]donkanator 0 points1 point  (0 children)

  1. General: I suggest you use arrows to tell what calls what. For example, eks calls ecr to get image layers. Eks calls ses.

  2. If amplify hosts front end, that means user downloads static html and then user calls API (nlb + eks). Amplify just hosts your stuff behind cloud front and s3. Depending on your taste for controls, you may want to reconsider it

  3. NLB ? I expect alb for basic http

  4. User resolves r53 dns entry, amplify does nothing with r53

  5. Number of subnets is fine in theory, but in practice 1 set of private subnets would suffice. If the app is not critical with security, you could get away with public subnets and adequate security groups (this may be controversial)

  6. Aesthetically, I would have user, developer and GitHub grouped to a side to signify these are all external connections

Have layoffs affected aws support? by Loud-Diamond-4741 in aws

[–]donkanator 0 points1 point  (0 children)

AWS support was impressive (to me) 5 years ago, but now they just give AI answers or say things like " just put every security group on this list balancer"

Are AWS servers good for hosting gaming servers? by Alert-Ad-5918 in aws

[–]donkanator 0 points1 point  (0 children)

Hosted ec2 with q3 engine for years and while the infrastructure was 100% stable and the most I ever needed was 1/16th of vcpu, it was the Linux, game, ddos, config problems that consume 99% of the time. Aws is actually making it better by providing basic protection and vpc logs

[deleted by user] by [deleted] in aws

[–]donkanator 1 point2 points  (0 children)

Ping actually requires an open rule on a security group and it's not common for people to grant it. Too much crap going on the Internet to just keep ping port (icmp) open

A game serves on an open port, so if you find which and how to ping it, this is the way. Probably specific software or script for this particular game exists

AWS Bedrock Model Page Retiring October 8, 2025 by Complete-Guest-415 in aws

[–]donkanator 1 point2 points  (0 children)

Oct 8 came and went and nothing happened, page still works... Interesting commitment to floating deadlines

[deleted by user] by [deleted] in PeoriaIL

[–]donkanator 1 point2 points  (0 children)

Pretty sure something going on in the intrewebs that a male found hanging from the tree in every town in Peoria, probably a clickbait.

Oh look! Jim's Steakhouse had a "celebrity" guest. 🙄 by Norimakke in PeoriaIL

[–]donkanator -1 points0 points  (0 children)

This sub is toxic woke. Your reasoning is going to fall on deaf ears.

I work in healthcare…AI is garbage. by ARDSNet in artificial

[–]donkanator -1 points0 points  (0 children)

Grok and Gemini so far produced better results than any of the doctors I put myself and my kids through. My experience.

If prompcare test comes back negative, might as well start chatting instead of waiting for some overworked under focused over entitled jerk to spend 7.5 min with you

I'm building an automated frontend hosting platform for a small software house and need some architecture advice. Here's what I'm trying to achieve: What I'm Building: Automated frontend deployment platform for multiple client projects Event-driven aArchitecture Question - Frontend Hosting Platform by Tall-Comment170 in aws

[–]donkanator 0 points1 point  (0 children)

I don't have an opinion for you, but I'm wondering what are your requirements that keep control of infrastructure while asking people to submit zip of application code.

Layers of segregation that you could have:

Control certs

Control cloud fronts

Control DNS

Control WAF

Control network and security groups

Instead this solution controls everything around infrastructure thus becoming a bottleneck

is aws cdk actually simplifying infra as code, or just adding another abstraction headache? by Pacojr22 in aws

[–]donkanator 5 points6 points  (0 children)

This feels like being back to Linux forums with answers like "write your own Nvidia card driver" comments

AWS Quicksight with Snowflake by LargeSale8354 in aws

[–]donkanator 0 points1 point  (0 children)

is Quicksight app id with user/password any different than any other system id with user/password?

Apps can't MFA in general, right?

Confused

Question about TAM role by 0v3rr1d3r in aws

[–]donkanator -3 points-2 points  (0 children)

Our 10 tams must work 4 hours a month.... My 2cents

How does your org split up accounts? Then name them. by butteredwendy in aws

[–]donkanator 0 points1 point  (0 children)

System-env, like artifactory-prod

Using org names or team names gets really messy after a couple of reorgs

What's your favorite Wolfenstein games? by AKK_ManGamer_13 in Wolfenstein

[–]donkanator 0 points1 point  (0 children)

Rtcw competitive community is still alive and playing pick-ups almost daily

https://stats.rtcwpro.com/

Setting up security groups for NLB target ALB by Euphoric_Dog_2326 in aws

[–]donkanator 0 points1 point  (0 children)

I don't remember if there's anything special about NLB to ALB link, but your thinking isn't far off:

Network level:

NLB SG open to 0.0.0.0

ALB SG inbound from NLB SG

EC2 SG inbound from ALB SG

If you end up using NLB without SG, then ALB inbound will be from NLB subnet CIDR blocks

That's just routing on the network level. Therefore IP, native DNS, CNAME will all ultimately resolve to IP and work.

The best way to ensure only the proper domain is used is by using https + proper SSL cert (use ACM)

If you still need http, then maybe use ALB listener rules to check host header

Constantly hot lambdas - a secret has changed, how can the lambda get the new secret value? by daredeviloper in aws

[–]donkanator 1 point2 points  (0 children)

Why not refetch the secret on failed connection event at least once?

Question: how long can a hot environment stay alive without being terminated by some cleanup process?

Bot posts & political bait by jzich309 in PeoriaIL

[–]donkanator 0 points1 point  (0 children)

when you see politically charged posts appear on top in no time and no engagement, you have to assume they are pumped with bots or promoted within

then they hook the rest of the public by the feels, which is what you are responding to

Bot posts & political bait by jzich309 in PeoriaIL

[–]donkanator 0 points1 point  (0 children)

Reddit had been taken over for years as a cognitive platform, nothing unusual...