Teams are adopting Bedrock and AI based workloads faster than organizations can set up the security around it. Development teams building customer-facing interfaces on top of Bedrock don’t always have the context or the time to configure guardrails properly. Someone builds an internal chatbot that leaks PII in responses. Another team’s agent gets jailbroken into ignoring its system prompt. A third has a model generating content that violates company policy. Each team is responsible for their own guardrails, and some haven’t set any up at all.

Read More

You join a team or engagement and inherit the codebase. The task is simple - make things right, fix the pipelines, the usual. Except much of this infrastructure is already in production. The documentation is non-existent, multiple consultants and teams have taken turns on it, and what you’re looking at is a monster of GitLab repos provisioning AWS infrastructure via CDK. You start questioning every life choice that led you here.

Read More

Terraform version 1.15.0-alpha20260304 is released and with it comes another feature which I have been keeping an eye out for. I will be honest that I skipped past the original PR for const being added to variable blocks a few times before realizing what feature it would come under ;). Modules have become the standard to create the golden pathways to provision infrastruture in most organizations in the way they desire ; according to their naming conventions, security standards and so on.

Read More

I work with the AWSCC provider a lot. What does that really mean ? I am either testing new versions, or testing inflight schemas before a release is published or in some cases testing my own fixes to the provider before pushing to the upstream repositories. Now, the first example doesn’t really require much than upgrading your provider version to the latest one or leaving the version constraint out completely. In cases where you are in a directory with an existing .

Read More

Failures are a given and everything will eventually fail over time- Werner Vogels, CTO, Amazon.com. And when an application goes down or an infrastructure change goes wrong, the first question is always What changed and who changed it ? . On a very high level, CloudTrail as a service gives you the view into the API calls which could have lead to that issue you are investigating. But, connecting that back to a specific deployment, commit , user person requires more context.

Read More

Terraform has been iterating a lot more in the past few months introducing features or updates to the core binary which were always desired. Looking at the release notes of v1.15.0-alpha20260204 version , you see a few gems. You can set a deprecated attribute on variable and output blocks to indicate that they are deprecated. This will produce warnings when passing in a value for a deprecated variable or when referencing a deprecated output.

Read More

MCP exploded. There is no better way to say that. Every developer I knew had at least a handful of those MCP servers running with their coding agents. But the context overload with all those was massive and I found myself seeing messages around context overflow a fair few times. I know for a fact that most of the MCP servers I have enabled and the tool definitions they have were not needed to be read by the agent all the time.

Read More

Update 02/02: Added clarification on license key environment variable configuration If you’re following the Infrastructure as Code space, Josh Pollara is a name you’ve likely encountered. While I haven’t personally tried terrateam, I’ve been following what he and his co-founders have been building. One of the most common questions I get from customers using Terraform is around state management. Most AWS deployments default to S3 as a backend (with DynamoDB for locking in pre-1.

Read More

Supporting the Terraform AWSCC provider as a triager with access to the service teams as I mentioned in CFn Schema versioning post, I do end up in situations where I need to ( or rather a Friday chore) review the new open issues against the provider. As with the previous post, the themes I see come up again and again are : Some input parameter being set as required/optional based on conditionals which a JSON schema cannot specify with the right urgency.

Read More

The Terraform ecosystem continues to evolve with tools and mechanisms that make infrastructure modelling , provisioning and management more consistent and maintainable. I like to announce that Terratags has just released version 0.8.0, bringing expanded support for additional providers. What’s New with v0.7.0 and v0.8.0 The latest releases continue to expand the support for additional providers: Google Cloud Beta Provider Support Terratags now supports the google-beta provider, which mirrors the implementation of the standard Google Cloud provider for labels.

Read More