Tobias Schmidt
@tpschmidt.com
Helping aspiring engineers master the cloud
👨💻 Freelance Software Engineer
✍️ Book #1: http://awsfundamentals.com
📕 Book #2: http://cloudwatchbook.com
Learn AWS for Free: https://awsfundamentals.com/newsletter
👨💻 Freelance Software Engineer
✍️ Book #1: http://awsfundamentals.com
📕 Book #2: http://cloudwatchbook.com
Learn AWS for Free: https://awsfundamentals.com/newsletter
Your Lambda functions are logging data you (likely) never look at.
And you're paying for every single byte 💸
Doesn't sound like much, but let's take a look at a simple calculation:
These logs created by a single Lambda execution generate 262 bytes.
And you're paying for every single byte 💸
Doesn't sound like much, but let's take a look at a simple calculation:
These logs created by a single Lambda execution generate 262 bytes.
February 11, 2026 at 3:00 PM
Your Lambda functions are logging data you (likely) never look at.
And you're paying for every single byte 💸
Doesn't sound like much, but let's take a look at a simple calculation:
These logs created by a single Lambda execution generate 262 bytes.
And you're paying for every single byte 💸
Doesn't sound like much, but let's take a look at a simple calculation:
These logs created by a single Lambda execution generate 262 bytes.
I waste so much time "debugging" SST & Pulumi components that don't actually exist. Claude keeps suggesting them with full confidence 😅
Short introduction: I love SST - since basically ever.
Short introduction: I love SST - since basically ever.
February 11, 2026 at 8:01 AM
I waste so much time "debugging" SST & Pulumi components that don't actually exist. Claude keeps suggesting them with full confidence 😅
Short introduction: I love SST - since basically ever.
Short introduction: I love SST - since basically ever.
Stop signing out and back into AWS accounts 50 times a day.
There's a better way that most engineers don't know exists.
AWS introduced this at the beginning of last year.
It's just hidden in the dropdown, so you might not know about it.
There's a better way that most engineers don't know exists.
AWS introduced this at the beginning of last year.
It's just hidden in the dropdown, so you might not know about it.
February 10, 2026 at 3:00 PM
Stop signing out and back into AWS accounts 50 times a day.
There's a better way that most engineers don't know exists.
AWS introduced this at the beginning of last year.
It's just hidden in the dropdown, so you might not know about it.
There's a better way that most engineers don't know exists.
AWS introduced this at the beginning of last year.
It's just hidden in the dropdown, so you might not know about it.
AWS has 200+ services.
But you only need 30 to build almost anything.
I just recorded a breakdown of those 30 services organized into 6 categories.
It covers everything from VPC and Lambda to Kinesis and CloudWatch.
Each service explained in one sentence (as far as this is possible 😅)
But you only need 30 to build almost anything.
I just recorded a breakdown of those 30 services organized into 6 categories.
It covers everything from VPC and Lambda to Kinesis and CloudWatch.
Each service explained in one sentence (as far as this is possible 😅)
February 10, 2026 at 8:00 AM
AWS has 200+ services.
But you only need 30 to build almost anything.
I just recorded a breakdown of those 30 services organized into 6 categories.
It covers everything from VPC and Lambda to Kinesis and CloudWatch.
Each service explained in one sentence (as far as this is possible 😅)
But you only need 30 to build almost anything.
I just recorded a breakdown of those 30 services organized into 6 categories.
It covers everything from VPC and Lambda to Kinesis and CloudWatch.
Each service explained in one sentence (as far as this is possible 😅)
AWS networking requires a PhD by design.
(Almost) Every byte you move gets charged.
Every learning mistake costs real money.
Cross-AZ traffic → $0.01/GB
NAT Gateway processing → $0.045/GB
Transit Gateway data → $0.02/GB
A few examples:
(Almost) Every byte you move gets charged.
Every learning mistake costs real money.
Cross-AZ traffic → $0.01/GB
NAT Gateway processing → $0.045/GB
Transit Gateway data → $0.02/GB
A few examples:
February 9, 2026 at 2:57 PM
AWS networking requires a PhD by design.
(Almost) Every byte you move gets charged.
Every learning mistake costs real money.
Cross-AZ traffic → $0.01/GB
NAT Gateway processing → $0.045/GB
Transit Gateway data → $0.02/GB
A few examples:
(Almost) Every byte you move gets charged.
Every learning mistake costs real money.
Cross-AZ traffic → $0.01/GB
NAT Gateway processing → $0.045/GB
Transit Gateway data → $0.02/GB
A few examples:
I just went through AWS's guide on using the Kiro CLI for infrastructure optimization.
Really love the prebuilt commands!
You can ask Kiro directly from your terminal:
"Get me compute optimizer recommendations for my account"
Really love the prebuilt commands!
You can ask Kiro directly from your terminal:
"Get me compute optimizer recommendations for my account"
February 9, 2026 at 8:04 AM
I just went through AWS's guide on using the Kiro CLI for infrastructure optimization.
Really love the prebuilt commands!
You can ask Kiro directly from your terminal:
"Get me compute optimizer recommendations for my account"
Really love the prebuilt commands!
You can ask Kiro directly from your terminal:
"Get me compute optimizer recommendations for my account"
AWS just added policy ARNs to access denied errors and this might save me hours every month 🙌
Anyone who's debugged IAM permissions knows the pain.
You get a 403, the error says Access Denied, and then you're stuck guessing which policy is blocking you.
Anyone who's debugged IAM permissions knows the pain.
You get a 403, the error says Access Denied, and then you're stuck guessing which policy is blocking you.
February 8, 2026 at 3:01 PM
AWS just added policy ARNs to access denied errors and this might save me hours every month 🙌
Anyone who's debugged IAM permissions knows the pain.
You get a 403, the error says Access Denied, and then you're stuck guessing which policy is blocking you.
Anyone who's debugged IAM permissions knows the pain.
You get a 403, the error says Access Denied, and then you're stuck guessing which policy is blocking you.
One of my favorite AWS releases last year.
𝗔𝗣𝗜 𝗚𝗮𝘁𝗲𝘄𝗮𝘆 𝗣𝗼𝗿𝘁𝗮𝗹𝘀 went live and honestly it's something I've been waiting for!!
I'm a big API Gateway fan. Been using it for years across projects. But the developer experience was always "messy".
𝗔𝗣𝗜 𝗚𝗮𝘁𝗲𝘄𝗮𝘆 𝗣𝗼𝗿𝘁𝗮𝗹𝘀 went live and honestly it's something I've been waiting for!!
I'm a big API Gateway fan. Been using it for years across projects. But the developer experience was always "messy".
February 8, 2026 at 7:58 AM
One of my favorite AWS releases last year.
𝗔𝗣𝗜 𝗚𝗮𝘁𝗲𝘄𝗮𝘆 𝗣𝗼𝗿𝘁𝗮𝗹𝘀 went live and honestly it's something I've been waiting for!!
I'm a big API Gateway fan. Been using it for years across projects. But the developer experience was always "messy".
𝗔𝗣𝗜 𝗚𝗮𝘁𝗲𝘄𝗮𝘆 𝗣𝗼𝗿𝘁𝗮𝗹𝘀 went live and honestly it's something I've been waiting for!!
I'm a big API Gateway fan. Been using it for years across projects. But the developer experience was always "messy".
Last month, I deployed a change that added $300/month to our AWS bill without realizing it.
Great reminder to set up Infracost for PRs 😅
Yes, I could have also just been more careful and checked the pricing sections.
But it's much easier this way 😋
Great reminder to set up Infracost for PRs 😅
Yes, I could have also just been more careful and checked the pricing sections.
But it's much easier this way 😋
February 7, 2026 at 7:59 AM
Last month, I deployed a change that added $300/month to our AWS bill without realizing it.
Great reminder to set up Infracost for PRs 😅
Yes, I could have also just been more careful and checked the pricing sections.
But it's much easier this way 😋
Great reminder to set up Infracost for PRs 😅
Yes, I could have also just been more careful and checked the pricing sections.
But it's much easier this way 😋
The awesome-aws repository was a go-to for years.
Hundreds of tools, libraries & resources in one place.
I'd check it whenever I needed a new CLI tool or wanted to see what's trending in the AWS ecosystem.
Sadly, not maintained anymore since 3 years 😢
Hundreds of tools, libraries & resources in one place.
I'd check it whenever I needed a new CLI tool or wanted to see what's trending in the AWS ecosystem.
Sadly, not maintained anymore since 3 years 😢
February 6, 2026 at 8:00 AM
The awesome-aws repository was a go-to for years.
Hundreds of tools, libraries & resources in one place.
I'd check it whenever I needed a new CLI tool or wanted to see what's trending in the AWS ecosystem.
Sadly, not maintained anymore since 3 years 😢
Hundreds of tools, libraries & resources in one place.
I'd check it whenever I needed a new CLI tool or wanted to see what's trending in the AWS ecosystem.
Sadly, not maintained anymore since 3 years 😢
Most people still don't know about Database Savings Plans.
AWS added them in December 2025.
Up to 35% savings on database costs!
What makes them great is the flexibility.
You commit to a $/hour spend for one year
(no upfront payment needed though)
Then you can:
AWS added them in December 2025.
Up to 35% savings on database costs!
What makes them great is the flexibility.
You commit to a $/hour spend for one year
(no upfront payment needed though)
Then you can:
February 5, 2026 at 3:00 PM
Most people still don't know about Database Savings Plans.
AWS added them in December 2025.
Up to 35% savings on database costs!
What makes them great is the flexibility.
You commit to a $/hour spend for one year
(no upfront payment needed though)
Then you can:
AWS added them in December 2025.
Up to 35% savings on database costs!
What makes them great is the flexibility.
You commit to a $/hour spend for one year
(no upfront payment needed though)
Then you can:
Since November 2025, ALB can now verify JWTs natively! 🔑
Less code, fewer bugs 💪
Before this, you had to handle OAuth 2.0 token validation in your application code (or add a Lambda authorizer in front of your services).
Now ALB does it for you:
• Verifies token signatures
Less code, fewer bugs 💪
Before this, you had to handle OAuth 2.0 token validation in your application code (or add a Lambda authorizer in front of your services).
Now ALB does it for you:
• Verifies token signatures
February 5, 2026 at 8:04 AM
Since November 2025, ALB can now verify JWTs natively! 🔑
Less code, fewer bugs 💪
Before this, you had to handle OAuth 2.0 token validation in your application code (or add a Lambda authorizer in front of your services).
Now ALB does it for you:
• Verifies token signatures
Less code, fewer bugs 💪
Before this, you had to handle OAuth 2.0 token validation in your application code (or add a Lambda authorizer in front of your services).
Now ALB does it for you:
• Verifies token signatures
We've already crossed 1,000 subscribers on YouTube 🥹
And we've just started posting videos right before Christmas!
Honestly didn't expect this to happen so quickly.
Creating video content is completely new territory for us and the learning curve has been steep.
And we've just started posting videos right before Christmas!
Honestly didn't expect this to happen so quickly.
Creating video content is completely new territory for us and the learning curve has been steep.
February 4, 2026 at 3:02 PM
We've already crossed 1,000 subscribers on YouTube 🥹
And we've just started posting videos right before Christmas!
Honestly didn't expect this to happen so quickly.
Creating video content is completely new territory for us and the learning curve has been steep.
And we've just started posting videos right before Christmas!
Honestly didn't expect this to happen so quickly.
Creating video content is completely new territory for us and the learning curve has been steep.
Long-time fan of Steampipe.
Query AWS, Azure & GCP APIs directly with SQL!
Just install the CLI, pick a plugin, and start querying.
Want to check all your public S3 buckets across regions?
=> select name, region from aws_s3_bucket where bucket_policy_is_public = true
Query AWS, Azure & GCP APIs directly with SQL!
Just install the CLI, pick a plugin, and start querying.
Want to check all your public S3 buckets across regions?
=> select name, region from aws_s3_bucket where bucket_policy_is_public = true
February 4, 2026 at 7:56 AM
Long-time fan of Steampipe.
Query AWS, Azure & GCP APIs directly with SQL!
Just install the CLI, pick a plugin, and start querying.
Want to check all your public S3 buckets across regions?
=> select name, region from aws_s3_bucket where bucket_policy_is_public = true
Query AWS, Azure & GCP APIs directly with SQL!
Just install the CLI, pick a plugin, and start querying.
Want to check all your public S3 buckets across regions?
=> select name, region from aws_s3_bucket where bucket_policy_is_public = true
I've been using Superwhisper for the past few weeks and honestly can't believe I typed prompts manually for this long 🤦♂️
Yes, a little bit late to the "whispering hype train," but I refused to take this seriously for a long time. Finally, I gave in!
Yes, a little bit late to the "whispering hype train," but I refused to take this seriously for a long time. Finally, I gave in!
February 3, 2026 at 3:03 PM
I've been using Superwhisper for the past few weeks and honestly can't believe I typed prompts manually for this long 🤦♂️
Yes, a little bit late to the "whispering hype train," but I refused to take this seriously for a long time. Finally, I gave in!
Yes, a little bit late to the "whispering hype train," but I refused to take this seriously for a long time. Finally, I gave in!
Little bit late to the party: just discovered Prowler 🔑
It's an open-source cloud security scanner with 584 (🤯) AWS checks out of the box.
It scans across IAM, VPC, S3, Lambda, RDS, and 80+ other services.
=> Instant visibility into misconfigurations.
It's an open-source cloud security scanner with 584 (🤯) AWS checks out of the box.
It scans across IAM, VPC, S3, Lambda, RDS, and 80+ other services.
=> Instant visibility into misconfigurations.
February 3, 2026 at 7:56 AM
Little bit late to the party: just discovered Prowler 🔑
It's an open-source cloud security scanner with 584 (🤯) AWS checks out of the box.
It scans across IAM, VPC, S3, Lambda, RDS, and 80+ other services.
=> Instant visibility into misconfigurations.
It's an open-source cloud security scanner with 584 (🤯) AWS checks out of the box.
It scans across IAM, VPC, S3, Lambda, RDS, and 80+ other services.
=> Instant visibility into misconfigurations.
AWS increased the payload limit from 256 KB to 1 MB for Lambda async invocations, SQS, and EventBridge! 🎉
This is a bigger deal than it sounds!
Dumping payloads to S3 and passing references can be a hastle, even with helpers that support that ootb.
This is a bigger deal than it sounds!
Dumping payloads to S3 and passing references can be a hastle, even with helpers that support that ootb.
February 2, 2026 at 2:57 PM
AWS increased the payload limit from 256 KB to 1 MB for Lambda async invocations, SQS, and EventBridge! 🎉
This is a bigger deal than it sounds!
Dumping payloads to S3 and passing references can be a hastle, even with helpers that support that ootb.
This is a bigger deal than it sounds!
Dumping payloads to S3 and passing references can be a hastle, even with helpers that support that ootb.
Vantage built an EC2 instance comparison tool that's actually useful.
It's at instances.vantage.sh and beats the AWS console by a mile.
You can filter by region, compare pricing (on-demand, reserved, spot), and sort by actual performance benchmarks scores (and even FFmpeg FPS).
It's at instances.vantage.sh and beats the AWS console by a mile.
You can filter by region, compare pricing (on-demand, reserved, spot), and sort by actual performance benchmarks scores (and even FFmpeg FPS).
February 2, 2026 at 8:00 AM
Vantage built an EC2 instance comparison tool that's actually useful.
It's at instances.vantage.sh and beats the AWS console by a mile.
You can filter by region, compare pricing (on-demand, reserved, spot), and sort by actual performance benchmarks scores (and even FFmpeg FPS).
It's at instances.vantage.sh and beats the AWS console by a mile.
You can filter by region, compare pricing (on-demand, reserved, spot), and sort by actual performance benchmarks scores (and even FFmpeg FPS).
I've been using LocalStack for a while now and honestly wish I'd started sooner 🛠️
It's a fully functional AWS cloud stack that runs entirely on your machine.
It's a fully functional AWS cloud stack that runs entirely on your machine.
February 1, 2026 at 2:59 PM
I've been using LocalStack for a while now and honestly wish I'd started sooner 🛠️
It's a fully functional AWS cloud stack that runs entirely on your machine.
It's a fully functional AWS cloud stack that runs entirely on your machine.
One of the scariest things in AWS is a developer "accidentally" spinning up a 𝗽𝟰𝗱.𝟮𝟰𝘅𝗹𝗮𝗿𝗴𝗲 instance.
That's $22/h ($16k/m) gone if you forget about it 💸
You can try to catch this with budget alerts, but by the time you get the email, the money is already spent.
The better way?
That's $22/h ($16k/m) gone if you forget about it 💸
You can try to catch this with budget alerts, but by the time you get the email, the money is already spent.
The better way?
February 1, 2026 at 8:00 AM
One of the scariest things in AWS is a developer "accidentally" spinning up a 𝗽𝟰𝗱.𝟮𝟰𝘅𝗹𝗮𝗿𝗴𝗲 instance.
That's $22/h ($16k/m) gone if you forget about it 💸
You can try to catch this with budget alerts, but by the time you get the email, the money is already spent.
The better way?
That's $22/h ($16k/m) gone if you forget about it 💸
You can try to catch this with budget alerts, but by the time you get the email, the money is already spent.
The better way?
I've been routing API traffic through CloudFront just to do A/B tests for years. Turns out AWS quietly shipped a feature that makes this whole setup unnecessary.
January 31, 2026 at 8:01 AM
I've been routing API traffic through CloudFront just to do A/B tests for years. Turns out AWS quietly shipped a feature that makes this whole setup unnecessary.
Most Lambda functions I audit are burning 20-30% more than they should.
Not because of complex architecture.
Just basic config mistakes that never get fixed 🤷♂️
The quick wins:
Not because of complex architecture.
Just basic config mistakes that never get fixed 🤷♂️
The quick wins:
January 30, 2026 at 7:56 AM
Most Lambda functions I audit are burning 20-30% more than they should.
Not because of complex architecture.
Just basic config mistakes that never get fixed 🤷♂️
The quick wins:
Not because of complex architecture.
Just basic config mistakes that never get fixed 🤷♂️
The quick wins:
You likely know that EventBridge exists.
But do you know it's perfect for centralizing alerts across multiple accounts?
Here's the pattern we keep coming back to 👇
The problem with AWS alerts is they come from everywhere, so different services, accounts & regions.
But do you know it's perfect for centralizing alerts across multiple accounts?
Here's the pattern we keep coming back to 👇
The problem with AWS alerts is they come from everywhere, so different services, accounts & regions.
January 29, 2026 at 3:03 PM
You likely know that EventBridge exists.
But do you know it's perfect for centralizing alerts across multiple accounts?
Here's the pattern we keep coming back to 👇
The problem with AWS alerts is they come from everywhere, so different services, accounts & regions.
But do you know it's perfect for centralizing alerts across multiple accounts?
Here's the pattern we keep coming back to 👇
The problem with AWS alerts is they come from everywhere, so different services, accounts & regions.
Anton Babenko's Terraform Claude skill completely changed how I write infrastructure code. And no, it's not just "another AI" that knows Terraform syntax.
This thing actually follows battle-tested workflows and best practices.
If you missed the release, here's a small wrap up:
This thing actually follows battle-tested workflows and best practices.
If you missed the release, here's a small wrap up:
January 29, 2026 at 8:03 AM
Anton Babenko's Terraform Claude skill completely changed how I write infrastructure code. And no, it's not just "another AI" that knows Terraform syntax.
This thing actually follows battle-tested workflows and best practices.
If you missed the release, here's a small wrap up:
This thing actually follows battle-tested workflows and best practices.
If you missed the release, here's a small wrap up:
With Kiro & a few MCP servers, you can visualize your architecture in a pretty usable way. And if something changes, you can just regenerate it!
The workflow is simple.
You either:
1. let the LLM check your IaC
2. or use an MCP server to query the resources in your AWS account.
The workflow is simple.
You either:
1. let the LLM check your IaC
2. or use an MCP server to query the resources in your AWS account.
January 28, 2026 at 2:59 PM
With Kiro & a few MCP servers, you can visualize your architecture in a pretty usable way. And if something changes, you can just regenerate it!
The workflow is simple.
You either:
1. let the LLM check your IaC
2. or use an MCP server to query the resources in your AWS account.
The workflow is simple.
You either:
1. let the LLM check your IaC
2. or use an MCP server to query the resources in your AWS account.