Writing on cloud engineering and SRE — things that took iterations to get right, and a few that just worked.
Replace long-lived AWS credentials in GitHub secrets with short-lived tokens using OIDC federation. Covers trust policy setup, per-branch and per-environment scoping, multi-environment role design, and...
Operators extend Kubernetes' reconciliation model beyond pods and services to anything - DNS records, database users, cloud resources. Here's the mental model, the mechanics, and...
A fully serverless live streaming platform built on AWS IVS, CloudFront, and Lambda — with a built-in 4-hour DVR window, no recording bucket, and a...
