@tpschmidt.com
Helping aspiring engineers master the cloud ๐จโ๐ป Freelance Software Engineer โ๏ธ Book #1: http://awsfundamentals.com ๐ Book #2: http://cloudwatchbook.com Learn AWS for Free: https://awsfundamentals.com/newsletter
If you want practical, production-focused AWS hands-on - not just docs and marketing - these workshops are worth your time!
catalog.workshops.aws/workshops/e...
What stands out is the active-active architecture. You'll actually configure multi-region clusters, handle concurrent writes across regions, and see how strong consistency works at scale! ๐ช
It covers distributed SQL from the ground up: no server management, no sharding, just a serverless database that scales to millions of transactions.
AWS quietly released over 100 free workshops and almost nobody knows they exist ๐ ๏ธ I just finished the Aurora DSQL Immersion Day and it's better than most paid courses.
But yeah, AI installing AI is now a thing we need to worry about.
Full technical breakdown here ๐
grith.ai/blog/clinej...
Tool A gets compromised.
Tool A installs Tool B.
Tool B does whatever it wants.
If you're running AI bots in CI/CD that touch secrets and process untrusted input (issues, PRs), you're one prompt away from full pipeline access ๐
(Except if you've disabled post-install scripts for npm or just used pnpm ๐โโ๏ธ)
The package.json only changed by one line.
npm audit didn't catch it as the binary is basically the same.
This is the new supply chain / confused deputy problem with AI:
You trust Tool A.
That kicked off cache poisoning, credential theft, and a compromised package publish.
Pretty next-level engineering here on making this work, can't argue about that ๐
For 8 hours, everyone who ran npm install got Cline plus OpenClaw (another AI agent with full system access) installed globally.
Okay this is wild.
An AI tool just installed another AI tool on 4k developer machines without asking.
Someone put a prompt injection in a GitHub issue title.
Cline's AI triage bot read it and executed npm install from a malicious repo.
The whole setup took maybe 2 hours and has already saved me some time from context switching and missed information ๐
P.S.: We explain how to build and set up things like that on our new YouTube channel: youtube.com/@aws-fundam... ๐ฅ
The real win for me is the conditional checks. I only get notified when something is off. I'm really sensitive about communication, and generally, I want to have as few notifications as possible, and OpenClaw is very helpful in this!
โข Gmail spam check โ legit emails sometimes land there and get auto-deleted before I notice. This has saved me multiple times.
โข Evening timelog reminder โ did I fill out my Notion properly? If not, ping me.
โข Read-only access to Gmail and AWS Cost Explorer โ it keeps an eye on things I'd forget to check
Crons that actually matter โฐ
โข Weekly AWS cost reports โ catch unexpected charges/changes early
โข Daily Discord/Slack summary โ todos and important updates
โข Lightsail instance โ cheap, zero maintenance, just works
โข SSM access โ no SSH port shenanigans; both Claude Code and I can connect to adjust configs
โข Everything in git โ if we mess up, we revert. Simple.
It connects to Slack (for interactions) and Discord (read-only monitoring). Every morning I get a summary of what I missed in important channels. No more scrolling through hundreds of messages to find the one thing that actually matters.
The setup ๐๏ธ
Gave in to the hype and set up OpenClaw on AWS, and it's - against my expectations - already been surprisingly useful.
It feels less like a monitoring/observability solution and more like an escape room ๐ฅฒ Confusing as hell.
Don't get me wrong, Azure does a lot things right, but this is plain horrible.
Prepare for a world of 15 nested sidebars, KQL queries that feel like summoning an ancient monster, and a UI so fragmented you'll need four browser tabs just to find one exception.
Also, why is everything scattered around dozens of services? ๐
If you think CloudWatch has a bad UI/UX, Iโll gladly invite you to use Azure Log Analytics and App Insights. You'll be amazed!
PS: Deep dive into CloudWatch alarms and monitoring best practices โ awsfundamentals.com/infographic...
If the alarm is still firing when the mute ends, the notification triggers immediately.
Link to announcement ๐
aws.amazon.com/about-aws/w...
AWS finally added alarm muting to CloudWatch! ๐
Let's you temporarily silence notifications without touching the alarms themselves.
Not only for one-time but also recurring schedules.
=> perfect for deployments & maintenance windows
aws.amazon.com/about-aws/w...
๐ฃ๐ฆ: Want to understand EC2 instance types and when to use what? Check out awsfundamentals.com/infographic...
AWS just enabled nested virtualization on virtual EC2 instances.
Before this, you needed bare metal instances to run VMs inside VMs.
You can now test container orchestration setups, run mobile app emulators, or simulate hardware environments without paying for bare metal pricing ๐ฎ
docs.aws.amazon.com/lightsail/l...
โ One-click deployment on Lightsail
โ Works across messaging platforms
Setup takes just minutes!
Run a script, pair your browser, and you're done ๐ช
Nice coincidence with my recent video about the fact that Lightsail is a perfect fit for OpenClaw!
AWS Lightsail just launched an OpenClaw template ๐
Even comes pre-configured with Amazon Bedrock - Claude Sonnet 4.6 by default!
Basically a private AI assistant running in your own AWS account.
What I like about this:
โ No external APIs handling your data
www.youtube.com/watch?v=tn8...
Btw. first 90 days are free if you're new to Lightsail ๐ธ
Bonus: Claude Code connects via SSM when I need to write new skills. So OpenClaw runs a cheap model for my crons, and Opus runs locally when I'm actually building ๐ช
Moreover:
- No elastic IP charges
- no NAT gateway fees
Just $5 ๐คทโโ๏ธ
I recorded the whole walkthrough:
I wrote the whole setup in Terraform. Bootstrap script handles SSM registration, Node.js, AWS CLI, Go, and OpenClaw on first boot. It's all idempotent.
The agent's config lives in a GitHub repo.
Something breaks (and I/OpenClaw can't fix it)? I'll just revert it.