I'm thinking of running infracost.io POC in my company, and I'm curious if anyone here has used it? any gotchas or limitations to be aware of? Are there alternative services that track cost in Tetraform stacks/code ?

Hi guys. I have a question out of curiosity. How do you feel about AI agents and DevOps? What's the future of DevOps? Are you using AI agents in your day to day work? It's obvious that the AI agents require DevOps human sight, but I'm curious about what direction you think that DevOps is going to given AI agents invading the infrastructures on all major platforms. I got a feeling that DevOps will also be moving eventually into more the security/governance side (I could be wrong).

Hey,

I am Vineet from Bengaluru, Java and SpringBoot developer working on API monitoring infrastructure.

Building Sentinel AV - monitors REST and SOAP API endpoints for uptime, latency, performance and schema drift.
Running on AWS EC2 + RDS, Dockerised, Kafka-backed alert pipeline.

Happy to discuss:
-> AWS infrastructure for Spring Boot services
-> Kafka deployment and operations
-> API monitoring patterns
-> Docker + EC2 production setups

reference article around metered billing for copilot - https://cirriustech.co.uk/blog/github-ai-credits-first-morning/

for anyone dreading the new billing models by github copilot, (and others) - i've been laying with https://github.com/open-jarvis/OpenJarvis as an offline alternative. ive also played with https://www.tabbyml.com/. would love to hear what you all are doing / playing with in this space (resurect #ai possibly @Erik Osterman (Cloud Posse))

this isnt funny anymore, https://www.zdnet.com/article/qualys-flags-a-linux-kernel-security-issue-that-could-lead-to-stolen-ssh-keys/

Hello, everyone. My name is Pedro, and I am currently developing my thesis on AI Ethics and Governance in DevOps and Open-Source. I am at the stage of conducting interviews to understand if the issues identified in the literature are actually reflected in the daily lives of those working in DevOps. I would like to ask if you would be willing to participate in an anonymous online interview with me. Thank you!

jfyi - https://depthfirst.com/nginx-rift
Impacting:
• NGINX Open Sourceversions 0.6.27 through 1.30.0.
• NGINX Ingress Controller3.5.0 through 3.7.2, 4.0.0 through 4.0.1, and 5.0.0 through 5.4.1.
among the list for anyone using it

Anyone out there can suggest a reliable open source SAST?

I re-joined, thanks!

Hi is the weekly call still happening? I don't see it on my calendar anymore.

I need to learn in depth EKS too, but I need to practice with new Gateway API on EKS and if I learn with k8s on my local computer, the real problems I can't learn well (production) and AWS is very expensive for me (not a company)

hi guys, somebody knows if is possible learn AWS (how build a IA Landing-Zone) on a Free Tier (Using OpenSearch, BedRock, AppFlow, Amazon Q?) I need learn it, I'm a self-taught student

This message was deleted.

Hi, Any recommendations for getting into Toptal? I'm trying to join the platform—do you think I should start networking daily?

hello

Hello everyone, a problem we are having is that CODEOWNERS protect filenames, example *elasticache* for the dba-team to approve. However, we need to have some sort of codeowners based on TF plans and resources affected. Does Atmos or AtmosPro provide this functionality? (ie. if a plan touches a PRD database, we need dba-team to approve)

basically the goal is simple, make sure every container image that runs in production can answer three questions: what's inside it, who built it, and was it tampered with. If it can't answer all three, it doesn't get in

Hey everyone 👋
That whole Claude Code npm leak last week really got my attention basically one small packaging mistake ended up exposing a huge amount of source code, and attackers started taking advantage of it almost immediately by uploading malicious versions of packages and impersonating internal ones. Pretty crazy how fast that escalated.
It made me realize how many pipelines just build and ship code without really checking if what’s being deployed is safe or verified.
So I’ve been experimenting with a setup in my homelab where I:
• generate a list of everything inside my builds (SBOMs)
• sign my container images using Cosign
• add some basic verification rules using Kyverno so only trusted images can run
I’m also looking into SLSA, but still wrapping my head around that part.
Not sure yet how much this would actually help in a real-world incident like that, but it’s been a really good learning experience so far.
Would love to hear how others are thinking about this or handling it in practice — still learning here 🙏

This message was deleted.

Hey there 👋 ,

I came across the Ref architecture diagrams on https://cloudposse.com/architecture ( which are awesome btw)

Two quick questions:
1. Are these available in any editable format (e.g., Miro, Lucidchart, or even just high-res images)?
2. Are we okay to use/adapt them in internal slides and docs for our team?
Thanks in advance!

👉️ This community is not a billboard.

If you join but do not contribute by answering questions before promoting your own materials (other than sharing opportunities in #jobs), your messages will be deleted and your account may be deactivated.

Hello folks, I saw an open platform called Releasea (https://releasea.io/) that looks like a Backstage/IDP style approach to organizing deployments, environments, and automations, and I’ve noticed some mid-sized companies starting to adopt tools like this. Has anyone here tried it or used something similar?

Hello all! Curious how folks here handle TLS certificate ownership across teams?
We recently had a renewal silently fail and the tricky part wasn’t expiry — it was figuring out who owned the endpoint and where else the same cert was reused.
Are you just relying on cert-manager/ACME + alerts, or do you track ownership/runbooks somewhere?

Hello all. I have a question that spans a few areas, so dropping it here. Please let me know if there's a channel that's better suited to the discussion. We have a project that uses Atmos to define the infrastructure and we have github actions applying the changes when merging into the main branch. Using the Cloud Posse actions to drive the process. Normally everything runs fantastic. But we do have issues with our rds components sometimes. They'll fail the plan diff check on latest_restorable_time. I know what the underlying issue is, that it's a computed value coming back on the terraform module. And I saw the recent skip plandiff change and I know that's an option. I was actually going to hack something together on my own to only skip plandiff in certain circumstances. It seems like a pretty general problem though, and I was surprised I didn't see people talking about it. Did I miss some obvious other way to deal with this?

Hrmmm these channel join notifications are new; not sure what changed. I think we should disable them.

hi

Hey Everyone, i'm Gboyega (G is silent) just curious how your teams handle IaC drift when auto-remediation kicks in. For example, AWS Config or Security Hub fixes a non-compliant resource (like enabling S3 encryption), but now your Terraform state is out of sync with reality. How do you deal with that? Manual terraform import and state surgery? Just ignore it until the next plan? Something else? Trying to understand how common this is and how painful it actually gets at scale. Would love to hear war stories.

Hi folks, I'm Luka, nice to e meet everyone. I work in the kubernetes field, especially on observability and management

Hey, I'm Geronimo and trying to get some pointers as I want to get to where you guys are at, I saw a lot of people (in other forums) mention NET+, CCNA, AWS and Azure certs, how much pull do these certifications really have, I'm just starting my university studies as a network and software technician which gives me a degree for my country, and I'm looking at some side things to catapult myself into the DevOps field, I'd really appreciate it if you guys give me some pointers on this as you guys are where I wanna be in 2-3 years!

hi guys, curious how folks have used ai at work? i'm building a root cause analysis tool but i was wondering if there's other use cases people would fine useful if you had an ai hooked up to your telemetry + code data.

I also use the modules alot would be nice to know where the chatter happens

what channel do you guys discuss cloudposse terraform modules ? i have a few a modified slightly (like just vars) and im curious if the org would want the changes in master

Hi everyone 👋
I’m fairly new to DevOps and starting to work more with CI/CD pipelines. I wanted to ask — what are some common mistakes beginners should avoid when setting up CI/CD for the first time?

Intros in general are fine, but let's keep promotions in #random or this becomes just one big billboard.

Hey folks — I’m Satish from PrArySoft, building IncidentIQ, a Slack-native incident capture + summary tool.
It does /incident start + /incident end, then posts a clean summary, key events, action items, and a markdown export.
I’m recruiting 3–5 early beta teams (Slack-first incident response) and looking for honest feedback.
If anyone wants to test it during real incidents, DM me and I’ll share the install link + 1-page quick start.

Hey everyone, I’m working on a tool to help freelancers and small agencies respond to RFPs quickly instead of manual copy pasting and coordinating with different SMEs for review.

The specific problem I’m trying to solve is, first, helping teams quickly decide if the RFP is worth pursuing before actually working on it. Second, to reduce users’ time on manually finding questions and copy-pasting answers from previous RFPs and then getting those reviewed by SMEs in multiple email threads.

It’s still pretty early and I’m still figuring out what’s the best way possible to reduce time and effort.

If anyone has dealt with RFPs before, I’d really appreciate any inputs like what part of the RFP response process is most painful and consumes most time.
Thank you

Has anyone used "AI SRE" products like Resolve.ai or Traversal at work?
what was your experience like?

PSA: Lots of New Scam DMs — Stay Alert

We’ve had to block multiple accounts this week for running employment and investment scams.

👉️ If you get a DM from someone you don’t know, assume it’s a scam — unless you’ve already been talking with them openly in a channel.

Common scam patterns:

• Fake “professors” or “mentors” offering free courses
• Invitations to WhatsApp/Telegram groups
• Requests to apply for jobs on their behalf
• Offers to “split” a salary
• Asking for remote access tools (Anydesk, KVM, etc.)
If this happens:

➡️ Do not click links
➡️ Do not install anything
➡️ Do not share personal info
➡️ Report the account immediately

Yes — the AI compares your design creativity against the AWS Well-Architected Framework by scanning your entire buildout.

It beats reading the PDF

# AI-Powered AWS Well-Architected Framework Scanner

## TL;DR
Built an open-source tool that combines *Claude AI with AWS infrastructure scanning to provide natural language cloud architecture reviews. Ask questions like "What security issues need immediate attention?"* instead of parsing through endless
CLI output.

---

## The Problem

Every cloud architect knows the drill:
- Run 50+ AWS CLI commands
- Parse JSON output manually
- Cross-reference against Well-Architected best practices
- Repeat for every region, every account

*It's tedious. It's error-prone. It doesn't scale.*

---

## The Solution: LLM-Powered Infrastructure Analysis

I built a scanner that evaluates your AWS environment against all *6 Well-Architected Framework pillars*:

| Pillar | AI-Enhanced Analysis |
|--------|----------------------|
| *Security* | Intelligent threat prioritization, attack surface analysis |
| *Reliability* | Failure mode detection, resilience scoring |
| *Performance* | Bottleneck identification, optimization recommendations |
| *Cost* | Waste detection, right-sizing suggestions |
| *Operational Excellence* | Automation gap analysis, runbook recommendations |
| *Sustainability* | Carbon footprint estimation, Graviton migration paths |

AWS Well Architected Framework detailed analysis

Hello everyone — I am a 22-year Technical Operations executive who pivoted into AI in 2023. I have completely automated the SDLC chain; built and designed extensive NLQ AI AWS tooling, including a Well-Architected Framework vs. actual-analysis engine; designed cost-center analysis and cost-anomaly detection with RCA; full DevOps automation; IaC automation; and MCP design. I am an expert in Claude Code, Codex, OpenAI, Gemini, prompt engineering, and QE automation. Ping me if you want to talk AI DevOps automation.

Hey everyone
I was brown too.

is there an Q&A section?

Hello everyone,
I have a quick question. Our team is currently evaluating Terraform VS OpenTofu. At present, our entire infrastructure is managed using Terraform, but we are exploring whether OpenTofu may be a suitable option for the future.
In this context, I would like to understand Cloud Posse’s long-term roadmap. Specifically, will CloudPosse continue to support both Terraform and OpenTofu particularly with respect to module compatibility over the long term?
Thank you in advance for any insight you can provide.

What opinion do you have about having all public facing ingress components in a separate aws account?

hey 👋
I’m Awantika, working with a team building self-improving AI agents.

Also co-hosting a solo builders community focused on startup marketing and revenue strategies.

really excited to be here to learn, share, and meet other folks building cool stuff
https://discord.gg/mAGZAQwSxR