CloudFront Costs Tripled: Check Cache Hit Rate

Egress fees aren't a billing problem. They're an architecture problem. That line on your AWS bill that keeps growing? It's not random. It's a signal that your S3 data is leaving AWS the most expensive way possible. Here's what it costs if you miss it: serving 50TB of assets to users without CloudFront in front of S3 runs about $4,000/month in egress (for data you already paid to store). The three leaks worth auditing right now: 1. Direct internet egress: Public S3 buckets serving content without CloudFront pay full egress rates. Data moving from S3 to CloudFront within the same region is free. That's not a workaround; it's the AWS reference pattern. 2. NAT Gateway routing: EC2, Lambda, and ECS hitting S3 through a NAT Gateway gets double-billed: Gateway charges + S3 egress. A VPC Gateway Endpoint for S3 is free and eliminates both. 3. Cross-region transfers: Cross-region replication generates storage and egress fees in both directions. Worth a look at whether you actually need it. One startup dropped from $250/month in egress to near-zero overnight, just by putting CloudFront in front of their S3 buckets. No code changes. The problem is usually visibility. Most teams don't know which buckets are generating the outbound traffic until the bill arrives. #AWS #AmazonS3 #CloudCosts #FinOps #EgressFees #AWSCostOptimization

Your server is in Mumbai. A user in Brazil requests your homepage. That's 200ms of latency just from distance — before any processing happens. AWS CloudFront fixes this by serving your content from 450+ locations worldwide. When a user in São Paulo opens your site: → Request hits the nearest edge location (São Paulo) → Cache HIT → served in milliseconds → Cache MISS → fetches from origin once, caches it → Every user after that? Instant. Here's the combo most production teams use: S3 (stores the files) + CloudFront (delivers them globally) = fast, cheap, secure static hosting with free HTTPS. And the feature most people miss? Cache Behaviours — different URL paths can go to different origins with different TTLs: /images/* → S3, TTL 1 year (never changes) /api/* → API Gateway, TTL 0 (always fresh) *.html → ALB, TTL 5 minutes One domain. Multiple backends. All optimized. We just published a complete guide to AWS CloudFront covering edge locations, cache behaviours, security (WAF, Shield, OAC), signed URLs, Lambda@Edge, and pricing. Read the full guide: https://lnkd.in/gpnMBp8c --- Share this with someone building a global web app on AWS! #AWS #CloudFront #CDN #DevOps #WebPerformance #AWSCertification #persomentor

Last week we thought our product was finally “taking off”. Traffic on AWS Load Balancer was going up every hour. We didn’t run any big campaign… but still, numbers looked great. For a moment, we were happy. Then we checked actual users. Nothing changed. Something felt off. So we started digging. 1. First checked app logs → nothing useful 2. Then ingress logs → a bit weird 2. Then Load Balancer logs → yeah… something’s wrong It wasn’t users. It was bots. A lot of them. Same endpoints getting hit again and again Random user agents No real behavior — just hammering requests And the worst part? They were quietly increasing our AWS bill. -- Just fixed it step by step: 1/ Put AWS WAF in front and enabled basic bot + rate limiting 2/ Blocked a few obvious IP ranges 3/ Added rate limits on Kubernetes ingress 4/ Added some basic checks in backend (nothing crazy) Within a few hours: Traffic dropped (the fake one) Costs dropped Server felt lighter Honestly, the scary part is: If we didn’t check deeper, we would’ve celebrated "growth" that wasn’t even real. Not all traffic is good traffic. #aws #kubernetes #devops #buildinpublic

We benchmarked Rabata vs AWS S3, Backblaze, Cloudflare R2 and DigitalOcean — and published everything. Even where we lost. Same tool, same setup, no cherry-picking (MinIO warp). Here’s what actually came out: → Upload: 1,462 Mbit/s (AWS: 1,444 — basically tied) → Mixed workloads: 346 Mbit/s → Small objects: 696 obj/s (16× faster than Cloudflare R2) → Download: 1,107 Mbit/s (Backblaze wins this one at 2,075) Top-tier performance shouldn't cost top-tier prices. We led or matched AWS S3 in 3 out of 4 workload categories — at 70% lower cost. The assumption that enterprise-grade storage throughput requires an enterprise-grade bill no longer holds. Our methodology is fully reproducible: every parameter and setup detail is publicly available. Run it yourself: https://lnkd.in/ee-3cD3C #CloudStorage #S3 #DevOps #Infrastructure

We were burning $85K/month on AWS. Three months later — $51K/month. Here's exactly what we did (no fluff): → Step 1: Visibility first. We deployed AWS Cost Explorer + Compute Optimizer across all accounts. Half our EC2s were oversized by 2–3 instance families. → Step 2: Right-sized ruthlessly. Moved 60+ instances from m5.xlarge to m5.large or t3-based. Auto-scaling policies were tuned so nothing was running at 10% CPU at 2 AM. → Step 3: Savings Plans over Reserved Instances. Compute Savings Plans gave us 66% discount on EC2 + Fargate + Lambda without locking us into specific instance types. → Step 4: S3 tiering.) Lifecycle policies moved 70% of objects to Intelligent-Tiering and Glacier. Objects untouched for 90 days? Glacier Instant Retrieval. → Step 5: Killed zombie resources. 200+ unattached EBS volumes. 14 idle load balancers. 3 NAT Gateways nobody owned. Gone. Total savings: $34K/month. Annualized: $408K. FinOps isn't a tool. It's a culture shift. Once engineers see their cloud spend on a dashboard, behavior changes. Are you tracking your team's cost-per-service? Drop a comment — happy to share the tagging strategy we used. #AWS #FinOps #CloudCostOptimization #CloudArchitecture #DevOps #CloudMigration

I just paid ₹16,086 for a lesson I could have learned for free—well, almost.💸 I recently finished an end-to-end RAG application using AWS Bedrock, OpenSearch, S3, and EC2. The project was a success, but I made the rookie mistake of walking away without hitting "Delete.” Luckily, the cloud gods had mercy: AWS waived the bill as a one-time gesture after I explained it was a configuration oversight. Consider this my lucky break and your final warning! 💡 Pro-tips for my fellow devs: • Tag Everything: Use Resource Tagging (e.g., Project: RAG-Demo). It’s the only way to track which specific service is bleeding your wallet in a complex stack. • Billing Alarms: Set a CloudWatch alarm at $10. If you don't, you’re essentially handing AWS a blank check. • OpenSearch Costs: These instances are "always-on." Switch to Serverless for dev work or terminate them the second you’re done. • The "Clean Up" Ritual: S3 storage is pennies, but running EC2 and vector databases will eat your rent. Delete the stack once the demo is over. #AWS #CloudComputing #RAG #GenerativeAI #DevOps #ExpensiveLessons #AWSBilling

Your AWS bill jumped 40% overnight. Now what? Here's what usually happens. Someone opens Cost Explorer. Filters by service. Sees EC2 spiked. Filters by account. Finds the staging account. Checks CloudTrail. Searches for RunInstances events. Finds a p3.8xlarge launched two weeks ago. Tracks the IAM user. Sends a Slack message asking "hey, is this still needed?" That takes most teams 2-4 hours. Sometimes days if the right person is on PTO. Here's the same investigation with Akal: "Why did our bill spike last month?" -> EC2 up 42%. Staging account. One p3.8xlarge since March 14. "Who started it?" -> IAM user jchen, launched via CLI at 11:47 PM. "Is it still running?" -> Yes. Current CPU: 3%. Estimated monthly cost: $8,400. Three questions. Under 30 seconds. From live AWS data. The difference isn't just speed. It's that every engineer on the team can run that investigation, not just the one person who knows where to click in the console. We built Akal at Akal Cloud because cost investigations shouldn't require tribal knowledge. What's the longest a cost spike went unnoticed on your team? #AWS #CloudCosts #DevOps #FinOps #AkalCloud

AWS bill went nuts last quarter. Finance was breathing down our necks for it. It was for our internal Lambda functions. Nothing critical, just some background tasks. But a 30% jump in a quarter? That's genuinely mad. We checked logs, tried to figure it out. Usage looked normal. Everyone was scratching their heads, frankly. Then I thought about my own personal serverless website. I'm always tweaking Lambda memory there to keep costs near zero. Realized many of our company's I/O-bound functions were provisioned at 512MB. Way too much. CPU scales with memory, so even if the function is just waiting, you're paying more for duration. Dropped most of those Lambdas to 128MB. Immediate bill drop. We saved thousands in AWS spend, just like that. Funny how obsessing over your $5 personal infra teaches you the real tricks for company-level cost cuts. #AWSCostOptimization #Lambda #Serverless #DevOps

AWS bills for Community Sandbox dropped 32% last month. Not because we cut features. Because we finally killed the last EC2 instances. We’re all-in on serverless now. Lambda, Fargate, Aurora Serverless v2. Took a full quarter to refactor everything. The initial dev cost was high. But the operational overhead? Gone. Engineers spend zero time patching OS, managing ASGs, or capacity planning. They focus on features. That’s why we built this platform: to let developers build, not babysit infrastructure. It's a common trap: you start with EC2 because it's familiar. Then you scale, and suddenly you’re paying an ops team to maintain servers that barely do anything. We were burning $1,500/month just for base compute on an early-stage product. Now it’s $400. What’s the biggest infrastructure cost you’re still carrying because "it’s always been that way"? #Serverless

Day 5 of the #30DayTerraformChallenge I've been building up to this day 5. variables, resources, auto scaling groups, and today I finally put it all together with a fully load-balanced AWS infrastructure. And then broke it. And fixed it. Multiple times. Here's what I built: ✅ An Application Load Balancer routing public traffic across multiple EC2 instances ✅ An Auto Scaling Group spanning multiple availability zones ✅ Security groups that only allow instances to receive traffic from the ALB not directly from the internet ✅ Health checks that automatically pull unhealthy instances out of rotation The moment it worked — hitting the ALB DNS in my browser and seeing the hostname and instance ID come back — was genuinely satisfying. Refreshing the page and watching it cycle through different instances across different AZs? Even better. But the real lesson today wasn't the infrastructure. It was Terraform state. I used to think the .tfstate file was just a log. It's not. It's the source of truth for everything Terraform manages. I also hit some real errors today - a 502 Bad Gateway that took a while to diagnose, an instance type not supported in us-east-1e, and a DNS issue that had nothing to do with my code. Documenting and working through each one was honestly more valuable than when things just work. #30DayTerraformChallenge #TerraformChallenge #Terraform #AWS #ELB #IaC #AWSUserGroupKenya #EveOps #CloudEngineering #DevOps