I help organizations design and operate large-scale cloud
architectures on AWS, with a focus on resilience, performance, and
cost efficiency. My work spans distributed systems, multi-region
patterns, and applied AI/ML — from foundation models to retrieval
and agent workflows. I write and speak about what I learn so other
builders can move faster on the same problems.
Real-time aggregator for the AWS "What's New" feed. A Lambda polls the RSS every 30 minutes, auto-categorizes each update into 17+ service categories, and resolves official AWS service names. The React front end adds server-side search, multi-category filtering, trend charts, compact/normal views, and HTML/Markdown export. Fully serverless — CDK-deployed Lambda, DynamoDB, API Gateway, and CloudFront — for about $1.67/month.
j0e.us-Portfolio is an open-source, serverless personal portfolio template built with Next.js 15, React 19, and TypeScript, designed to be forked and redeployed under any custom domain and AWS account. The static site is served globally via CloudFront in front of private S3 buckets, while a small API Gateway + Lambda + DynamoDB backend powers an authenticated admin console.
Mobile-first web app for senior dog care, built for our 17-year-old hound Daisy when "how has she been?" kept coming up as a feeling instead of data. Multi-caregiver event logging (medications, mobility, accidents, behavior), trend charts and calendar heatmaps to surface patterns, and an Amazon Bedrock chat that answers questions grounded in the actual history. Fully serverless on AWS, single-command deploy, ~$1/month.
Architecting and building a multi-Region architecture comes with new challenges and best practices. In this session, learn the two critical areas you’ll need to consider. First, explore different failover strategies and the trade-offs between them. Then, learn how to make the decision to initiate a cross-Region failover as well as what goes into the process. Lastly, hear from Samsung Account about their multi-Region application and how they think about these two critical areas. Leave this session better prepared to approach these key challenges as they relate to your multi-Region application.
Architecting and building a multi-Region architectures can come with a new set of challenges. These challenges include how to manage dependencies, infrastructure deployments, data replication, consistency, observability, testing, and operations. Whether you’re needing to expand to multiple Regions to improve resilience, adhere to governmental data regulations, or improve end-user latency, this session highlights best practices, design principles, and sample architectures to help you meet your requirements.
In this blog, after a brief overview of managing Amazon S3 data permissions, we consider the case where you may need to update object ACLs across billions of objects. We’ll cover using the AWS Management Console, AWS Command Line Interface (CLI), AWS SDK, and S3 Batch Operations to accomplish this and gather insight into how each will perform while operating at scale across billions of objects so you can determine which method is best for your use case.
Modern DNS services, like Amazon Route 53, offer health checks and failover records that you can use to simplify and strengthen your DR plan. We’ll start by outlining how AWS services provide reliability using control planes and data planes, then share high-level design principles for creating a failover mechanism. Finally, we’ll explain the features of Route 53 that can make your DR approach more effective.
Data is at the center of many applications. In this post, Part 2, we will look at AWS data services that offer native features to help get your data where it needs to be.
Building a multi-Region application requires lots of preparation and work. Many AWS services have features to help you build and manage a multi-Region architecture, but identifying those capabilities across 200+ services can be overwhelming.
In this 3-part blog series, we’ll explore AWS services with features to assist you in building multi-Region applications. In Part 1, we’ll build a foundation with AWS security, networking, and compute services. In Part 2, we’ll add in data and replication strategies. Finally, in Part 3, we’ll look at the application and management layers.
There are many different ways to achieve disaster recovery objectives based on business requirements, but finding the best option for a particular situation can get overwhelming. The innovation and commercial-grade features that come with Amazon Aurora MySQL-Compatible Edition expands these options even further. This post outlines options available to customers running Aurora MySQL, and evaluates the pros and cons of the most common routes to take when developing the database portion of your disaster recovery (DR) plan.
Modern customer applications are requiring more out of their relational databases than ever before, making it essential to find solutions that can improve database scale, security, and reduce downtime. Amazon RDS Proxy is a new fully managed, highly available database proxy for Amazon RDS announced at re:Invent 2019. In this Tech Talk, we will dive into the core concepts of this exciting new service to show you how to implement and take advantage of these exciting new features. We'll also include a demo to show how easily you can integrate this into all of your applications - from containers and serverless to more traditional architectures.
One of the most important things you can do as a customer to ensure the security of your resources is to maintain careful control over who has access to them. This is especially true if any of your AWS users have programmatic access. Programmatic access allows you to invoke actions on your AWS resources either through an application that you write or through a third-party tool. You use an access key ID and a secret access key to sign your requests for authorization to AWS. Programmatic access can be quite powerful, so implementing best practices to protect access key IDs and secret access keys is important in order to prevent accidental or malicious account activity. In this post, I’ll highlight some general guidelines to help you protect your account, as well as some of the options you have when you need to provide programmatic access to your AWS resources.
