I need to learn in depth EKS too, but I need to practice with new Gateway API on EKS and if I learn with k8s on my local computer, the real problems I can't learn well (production) and AWS is very expensive for me (not a company)

hi guys, somebody knows if is possible learn AWS (how build a IA Landing-Zone) on a Free Tier (Using OpenSearch, BedRock, AppFlow, Amazon Q?) I need learn it, I'm a self-taught student

This message was deleted.

Hi, Any recommendations for getting into Toptal? I'm trying to join the platform—do you think I should start networking daily?

hello

Hello everyone, a problem we are having is that CODEOWNERS protect filenames, example *elasticache* for the dba-team to approve. However, we need to have some sort of codeowners based on TF plans and resources affected. Does Atmos or AtmosPro provide this functionality? (ie. if a plan touches a PRD database, we need dba-team to approve)

basically the goal is simple, make sure every container image that runs in production can answer three questions: what's inside it, who built it, and was it tampered with. If it can't answer all three, it doesn't get in

Hey everyone 👋
That whole Claude Code npm leak last week really got my attention basically one small packaging mistake ended up exposing a huge amount of source code, and attackers started taking advantage of it almost immediately by uploading malicious versions of packages and impersonating internal ones. Pretty crazy how fast that escalated.
It made me realize how many pipelines just build and ship code without really checking if what’s being deployed is safe or verified.
So I’ve been experimenting with a setup in my homelab where I:
• generate a list of everything inside my builds (SBOMs)
• sign my container images using Cosign
• add some basic verification rules using Kyverno so only trusted images can run
I’m also looking into SLSA, but still wrapping my head around that part.
Not sure yet how much this would actually help in a real-world incident like that, but it’s been a really good learning experience so far.
Would love to hear how others are thinking about this or handling it in practice — still learning here 🙏

This message was deleted.

Hey there 👋 ,

I came across the Ref architecture diagrams on https://cloudposse.com/architecture ( which are awesome btw)

Two quick questions:
1. Are these available in any editable format (e.g., Miro, Lucidchart, or even just high-res images)?
2. Are we okay to use/adapt them in internal slides and docs for our team?
Thanks in advance!

👉️ This community is not a billboard.

If you join but do not contribute by answering questions before promoting your own materials (other than sharing opportunities in #jobs), your messages will be deleted and your account may be deactivated.

Hello folks, I saw an open platform called Releasea (https://releasea.io/) that looks like a Backstage/IDP style approach to organizing deployments, environments, and automations, and I’ve noticed some mid-sized companies starting to adopt tools like this. Has anyone here tried it or used something similar?

Hello all! Curious how folks here handle TLS certificate ownership across teams?
We recently had a renewal silently fail and the tricky part wasn’t expiry — it was figuring out who owned the endpoint and where else the same cert was reused.
Are you just relying on cert-manager/ACME + alerts, or do you track ownership/runbooks somewhere?

Hello all. I have a question that spans a few areas, so dropping it here. Please let me know if there's a channel that's better suited to the discussion. We have a project that uses Atmos to define the infrastructure and we have github actions applying the changes when merging into the main branch. Using the Cloud Posse actions to drive the process. Normally everything runs fantastic. But we do have issues with our rds components sometimes. They'll fail the plan diff check on latest_restorable_time. I know what the underlying issue is, that it's a computed value coming back on the terraform module. And I saw the recent skip plandiff change and I know that's an option. I was actually going to hack something together on my own to only skip plandiff in certain circumstances. It seems like a pretty general problem though, and I was surprised I didn't see people talking about it. Did I miss some obvious other way to deal with this?

Hrmmm these channel join notifications are new; not sure what changed. I think we should disable them.

hi

Hey Everyone, i'm Gboyega (G is silent) just curious how your teams handle IaC drift when auto-remediation kicks in. For example, AWS Config or Security Hub fixes a non-compliant resource (like enabling S3 encryption), but now your Terraform state is out of sync with reality. How do you deal with that? Manual terraform import and state surgery? Just ignore it until the next plan? Something else? Trying to understand how common this is and how painful it actually gets at scale. Would love to hear war stories.

Hi folks, I'm Luka, nice to e meet everyone. I work in the kubernetes field, especially on observability and management

Hey, I'm Geronimo and trying to get some pointers as I want to get to where you guys are at, I saw a lot of people (in other forums) mention NET+, CCNA, AWS and Azure certs, how much pull do these certifications really have, I'm just starting my university studies as a network and software technician which gives me a degree for my country, and I'm looking at some side things to catapult myself into the DevOps field, I'd really appreciate it if you guys give me some pointers on this as you guys are where I wanna be in 2-3 years!

hi guys, curious how folks have used ai at work? i'm building a root cause analysis tool but i was wondering if there's other use cases people would fine useful if you had an ai hooked up to your telemetry + code data.

I also use the modules alot would be nice to know where the chatter happens

what channel do you guys discuss cloudposse terraform modules ? i have a few a modified slightly (like just vars) and im curious if the org would want the changes in master

Hi everyone 👋
I’m fairly new to DevOps and starting to work more with CI/CD pipelines. I wanted to ask — what are some common mistakes beginners should avoid when setting up CI/CD for the first time?

Intros in general are fine, but let's keep promotions in #random or this becomes just one big billboard.

Hey folks — I’m Satish from PrArySoft, building IncidentIQ, a Slack-native incident capture + summary tool.
It does /incident start + /incident end, then posts a clean summary, key events, action items, and a markdown export.
I’m recruiting 3–5 early beta teams (Slack-first incident response) and looking for honest feedback.
If anyone wants to test it during real incidents, DM me and I’ll share the install link + 1-page quick start.

Hey everyone, I’m working on a tool to help freelancers and small agencies respond to RFPs quickly instead of manual copy pasting and coordinating with different SMEs for review.

The specific problem I’m trying to solve is, first, helping teams quickly decide if the RFP is worth pursuing before actually working on it. Second, to reduce users’ time on manually finding questions and copy-pasting answers from previous RFPs and then getting those reviewed by SMEs in multiple email threads.

It’s still pretty early and I’m still figuring out what’s the best way possible to reduce time and effort.

If anyone has dealt with RFPs before, I’d really appreciate any inputs like what part of the RFP response process is most painful and consumes most time.
Thank you

Has anyone used "AI SRE" products like Resolve.ai or Traversal at work?
what was your experience like?

PSA: Lots of New Scam DMs — Stay Alert

We’ve had to block multiple accounts this week for running employment and investment scams.

👉️ If you get a DM from someone you don’t know, assume it’s a scam — unless you’ve already been talking with them openly in a channel.

Common scam patterns:

• Fake “professors” or “mentors” offering free courses
• Invitations to WhatsApp/Telegram groups
• Requests to apply for jobs on their behalf
• Offers to “split” a salary
• Asking for remote access tools (Anydesk, KVM, etc.)
If this happens:

➡️ Do not click links
➡️ Do not install anything
➡️ Do not share personal info
➡️ Report the account immediately

Yes — the AI compares your design creativity against the AWS Well-Architected Framework by scanning your entire buildout.

It beats reading the PDF

# AI-Powered AWS Well-Architected Framework Scanner

## TL;DR
Built an open-source tool that combines *Claude AI with AWS infrastructure scanning to provide natural language cloud architecture reviews. Ask questions like "What security issues need immediate attention?"* instead of parsing through endless
CLI output.

---

## The Problem

Every cloud architect knows the drill:
- Run 50+ AWS CLI commands
- Parse JSON output manually
- Cross-reference against Well-Architected best practices
- Repeat for every region, every account

*It's tedious. It's error-prone. It doesn't scale.*

---

## The Solution: LLM-Powered Infrastructure Analysis

I built a scanner that evaluates your AWS environment against all *6 Well-Architected Framework pillars*:

| Pillar | AI-Enhanced Analysis |
|--------|----------------------|
| *Security* | Intelligent threat prioritization, attack surface analysis |
| *Reliability* | Failure mode detection, resilience scoring |
| *Performance* | Bottleneck identification, optimization recommendations |
| *Cost* | Waste detection, right-sizing suggestions |
| *Operational Excellence* | Automation gap analysis, runbook recommendations |
| *Sustainability* | Carbon footprint estimation, Graviton migration paths |

AWS Well Architected Framework detailed analysis

Hello everyone — I am a 22-year Technical Operations executive who pivoted into AI in 2023. I have completely automated the SDLC chain; built and designed extensive NLQ AI AWS tooling, including a Well-Architected Framework vs. actual-analysis engine; designed cost-center analysis and cost-anomaly detection with RCA; full DevOps automation; IaC automation; and MCP design. I am an expert in Claude Code, Codex, OpenAI, Gemini, prompt engineering, and QE automation. Ping me if you want to talk AI DevOps automation.

Hey everyone
I was brown too.

is there an Q&A section?

Hello everyone,
I have a quick question. Our team is currently evaluating Terraform VS OpenTofu. At present, our entire infrastructure is managed using Terraform, but we are exploring whether OpenTofu may be a suitable option for the future.
In this context, I would like to understand Cloud Posse’s long-term roadmap. Specifically, will CloudPosse continue to support both Terraform and OpenTofu particularly with respect to module compatibility over the long term?
Thank you in advance for any insight you can provide.

What opinion do you have about having all public facing ingress components in a separate aws account?

hey 👋
I’m Awantika, working with a team building self-improving AI agents.

Also co-hosting a solo builders community focused on startup marketing and revenue strategies.

really excited to be here to learn, share, and meet other folks building cool stuff
https://discord.gg/mAGZAQwSxR

Anyone here interested in having their infrastructure and SaaS dependencies mapped out in OSCAL? I've recently found myself working with multiple clients doing GRC automation work and I have a feeling there are definitely orgs here that have a sprawling mess of third party dependencies that would (or do) make their CISO have nightmares.

I've actually built my own special tooling stack for this, but if you want me to help you manage your third-party dependencies and map your infra, shoot me a DM and let's talk.

Hi everyone! should we start a "Dev Talk" or a knowledge-sharing session within the team? We can share interests, trending, a failure or a cool concept.

if you’re working on a new project or idea, let’s connect!
full stack web3 builder in EST timezone building defi and nft contracts, wallet-ready dapps, high performance apis, and solid infra across evm, sui, and solana. skilled in rust, solidity, python, react, and next.js.

👋 Hi everyone, I'm Leo Li from Shanghai .

I'm an AWS DevOps engineer focusing on EKS GitOps automation (ArgoCD + Helm), Terraform IaC, and cost optimization (Spot, NAT Gateway, Kubecost).
Currently preparing for the AWS DevOps Professional certification and building a public EKS + GitOps blueprint project.

Looking forward to learning from you all and sharing experience with Terraform & AWS users here! 🚀

Hey everyone I am Drew and looking to make some connections/help out if anyone needs help with cloud especially AWS. I would post my portfolio website but I don't know if that counts as advertisement so earing on the side of safety.

Please can some one help with DevOps job

I'm an app developer

Hi devs is there anyone in need of a job bidder who will assist him/her applying job applications and get interviews weekly, kindly dm me

Hi guys,

I'm not sure about CloudPosse pricing, are we expected to pay a recurring subscription if using the terraform modules under Atmos or is it a one time payment for getting the reference architecture spec?

Can you please share an explainer or a link to such.

Thank you

Hey everyone I am Brandon, I am a Devops Engineer with Full Stack experience. I know how to build from scratch as well as utilize Cursor and Windsurf etc

I have just over 6 years of experience, however, I am seeking a junior/entry level role. Does anyone have tips on getting a hiring manager to give me a chance on a role they feel I may be overqualified for? Any advice is appreciated.

Have you fixed this @will