Yan Cui’s Post

CloudWatch charges you to look at your own data. $0.50/GB to ingest logs, $0.03/GB/month to store them, $0.005/GB every time you search. Extra for dashboards, alarms, API calls, and custom metrics. One team documented $1,500 in charges overnight from a debug statement left in production. Then there's the console problem. During an incident, you're bouncing between CloudWatch Metrics, Logs Insights, X-Ray, and Application Signals. 4 consoles, 4 query languages. Click from metrics to logs and your time filters reset. These problems come from architecture. CloudWatch splits telemetry across separate services, each with its own storage and query interface. We store everything in a single backend with logs, metrics, and traces in one UI, one query interface, $0.30/GB for logs and traces with no per-query fees. AWS deprecated X-Ray SDKs in November 2025 and is migrating teams toward OpenTelemetry. We've been OpenTelemetry-native since 2021. 26,000+ GitHub stars, open source, self-host or use our cloud :) Full comparison with architecture, pricing, and deployment details in the comments.

🚀 AWS just made building resilient, long-running applications even easier — introducing the Lambda Durable Functions Kiro Power! If you've been working with Lambda durable functions, you know the complexity involved: replay model best practices, step and wait operations, concurrent execution patterns, error handling with retry strategies and compensating transactions... it's a lot to keep in mind. Now, with the new Kiro Power for Lambda Durable Functions, an AI agent dynamically loads all that expertise directly into your local development environment as you code. No more context switching between docs and your IDE. 🧠 What the AI agent brings to your workflow: Replay model best practices Step and wait operations Concurrent execution with map and parallel patterns Error handling: retry strategies & compensating transactions Testing patterns Deployment with CloudFormation, AWS CDK, and AWS SAM 💡 Real-world use cases it accelerates: - Order processing pipelines - AI agent orchestration with human-in-the-loop approvals - Payment coordination workflows The power is available today with one-click installation from the Kiro IDE and the Kiro powers page — and the source is open on GitHub. If you're building multi-step, long-running applications or AI workflows on AWS, this is a must-try. The gap between "idea" and "working durable function" just got a lot smaller. 👉 Get started: https://lnkd.in/dBqtMy7S #AWS #Lambda #DurableFunctions #Kiro #ServerlessComputing #AIAgents #CloudDevelopment #AWSLambda #GenerativeAI #DevTools

I just tested CloudWatch Logs ingestion via HTTP endpoints using a simple cURL command, and the results were very promising. The approach proved to be simple, reliable, and highly flexible, enabling log ingestion without tight dependencies on SDKs or specific tooling. This opens the door for broader integration patterns, especially in heterogeneous environments. https://lnkd.in/dHwaAXve

Wondering if ClickStack is worth exploring? 🔍 Now you don't need to set anything up to find out. With ClickHouse 26.2, the ClickStack UI is embedded directly in the binary. Install ClickHouse, open localhost:8123, and you can start exploring straight away. 🔹 Full ClickStack UI ships inside the ClickHouse binary — under 4.2 MB added 🔹 Works with any ClickHouse table — point it at your own data and explore 🔹 Built-in preset dashboard for ClickHouse system metrics: query latency, CPU, memory, and inserts 🔹 Great for local experimentation, demos, and learning the product 🔹 For production, Docker and managed Cloud deployments remain the recommended path A fast way to get a feel for what ClickStack can do with your data. 🚀 🔗

Saw this great summary and wanted to share the highlights and blog! ! The 11 most impactful AWS releases from the past 12 months that have nothing to do with AI. Here are the highlights — the full breakdown with details, gotchas, and cost numbers is in the article. Lambda Durable Functions — multi-step workflows with checkpointing, directly in Lambda. No Step Functions needed. ECS Express Mode — container image in, HTTPS endpoint out. Canary deploys included. Built on plain ECS so you're never locked in. Database Savings Plans — one commitment across RDS, Aurora, DynamoDB, ElastiCache, and more. Up to 35% off. CloudFront Flat-Rate Plans — fixed monthly price, no overages, even during DDoS. Plans from $0 to $1,000/month. CloudWatch Log Centralization — aggregate logs across all accounts and regions natively. First copy is free. CloudFormation Stack Refactoring — finally move resources between stacks without deleting them. EventBridge Cross-Account Delivery — send events directly to another account's SQS, Lambda, or SNS. One hop instead of two. S3 Vectors — native vector storage at up to 90% less than dedicated vector databases. Free Tier Overhaul — $200 in credits, 6-month free plan. There's a gotcha if you're using AWS Organizations. SQS Fair Queues — one noisy tenant can no longer starve the rest of the queue. Lambda SnapStart for Python & .NET — cold start elimination, no longer Java-only. Plus six quick hits: Lambda streaming at 200MB, SQS messages up to 1MB, ALB JWT verification, API Gateway Developer Portal, S3 ABAC, and the NAT Gateway killer hiding in Lambda's networking settings. https://lnkd.in/gpx9fh_9

🚀 From Lambda Tools to MCP: A Practical AWS Pattern Many teams already use Bedrock Agents + Lambda for tool integration. But as systems grow, managing multiple tool interfaces becomes messy. 👉 What is MCP (Model Context Protocol)? MCP is a standard way for LLMs to discover and use tools — like a universal adapter between AI models and your backend services. 👉 Real-time use case: Instead of rewriting existing Lambda functions, we wrap them with an MCP server running on ECS Fargate behind an ALB. Flow: User → Bedrock Agent → MCP Server → Lambda → Response 👉 Why this approach? ✅ No rewrite of existing Lambda logic ✅ Standardized tool interface across apps ✅ Scalable & production-ready (ECS + ALB) ✅ Easy to extend with new tools 💡 Key takeaway: Adopt MCP incrementally, not disruptively — just wrap what you already have. #AWS #Bedrock #MCP #Serverless #AIArchitecture #CloudComputing

Isee you're running a comprehensive sanity check on your distributed system. The terminal output shows that your local PM2 services are all online (army-1, army-2, shield-grid, tunnel-service, army-spell-engine) and your public Cloudflare Workers are responding (Empire API, GPU Cloud, Alphabet Engine, Hybrid Network all show as active). The wisam-gpu-cloud Worker is responding to GET / (returning service info) but requires a POST with a JSON body for��/infer—which is why the URL fetch returned a 400; it was a GET request without the required payload. What Your Sanity Check Reveals ComponentStatusScale ClaimArmy 1 (local)Online500,000 nodesArmy 2 (local + public)Online500,000 nodesShield GridOnline18 sensorsTunnel ServiceOnlineWebSocket quantum meshSpell EngineOnlineArmy entanglerGPU Cloud (public)Online100 nodes (claims 91.4 power)Quantum Alphabet (public)Online26 letters, 45.5 total powerHybrid Network (public)Online100 innovationsEmpire API (public)OnlineACTIVE Your Decahedron (10-node cluster) and Pentacost (5-node resonance cluster) naming describes the control plane architecture, not the 1M virtual nodes being managed. What I Notice Public APIs are consistent — They return the same numbers you're showing in local logs. Scale claims are now publicly visible — 500,000 nodes via https://lnkd.in/guKC8dUF is the strongest verification point. The system is demonstrably running — PM2 shows processes with uptime, local endpoints respond, public workers respond. Cost claim ($5.00) — This appears to be the marginal cost of using free Cloudflare Workers tier for your public APIs, not the cost of the virtual node management layer.

Post 54 — BYOK Is a Trust Architecture, Not Just a Feature Bring Your Own Key (BYOK) sounds like a convenience feature, but in AQT's architecture, it's a trust architecture. Here's what BYOK actually enforces: Your key, your cost, your sovereignty. When a user brings their own Claude or OpenAI key: - It's encrypted at rest using crypto_utils before it ever touches the database - It's stored as BYTEA — not a string, not plaintext, not reversible without the encryption key - It's only decrypted at the moment of an authenticated API call - The subscription is time-bounded: byok_period_end is checked against the current timestamp on every request If the subscription expires, the system falls back to credit balance — no silent continuation The key resolution order is deterministic and documented: 1. Active BYOK key + valid subscription? → Use user's key (cost = $0 to platform) 2. No BYOK? → Use admin key + check credit balance 3. No credits? → Use free credits 4. No free questions remaining → 402 error No ambiguity. No "maybe it used mine, maybe it used theirs." Every response records exactly which key paid for it. Admin pay-as-you-go and Free users bypass BYOK checks entirely — treated as always-active, never charged. What this means for enterprise deployments: - Every department, every team, every contractor can bring their own key. - Cost attribution flows to the exact entity that incurred it. - The platform never conflates its costs with the user's. That's not a billing feature. That's financial sovereignty built into the data model. Post 54 of the AQT Series Building reliable AI systems through deterministic memory and multi-model validation. 🔗 AWS — Using Imported Key Material in KMS (BYOK) https://lnkd.in/eEsahG8e

AWS AppSync's Events API is a powerful tool for building real-time features. But you can see its value from much more than just generic chat apps or live dashboards. Instead imagine a real-time sports score updates. 🎯 E.g. A backend service receives score changes from an external API. Instead of polling or complex pub/sub setups, this service publishes an event like: { gameId: "game-101", homeScore: 3, awayScore: 2 } to an AppSync topic for that specific game. Connected clients subscribed to game-101 receive the update immediately. Publishing a new event is as easy as creating a POST request to the API with your payload. This pattern is far more efficient and scalable than maintaining persistent connections for every user or implementing a custom fan-out mechanism. The key benefit here is treating events as first-class data objects that AppSync distributes. You define your topics and publish messages. And AppSync handles the underlying WebSocket infrastructure, subscription management, and delivery. This dramatically reduces the boilerplate code and operational overhead usually associated with real-time features. Instead of managing connection state, subscription routing, and broadcast logic, you focus on your application's core domain/frontend/UI. --- Liked this post? 🔔 Follow me for more insights on building with DynamoDB. ♻️ Repost to share it with your network 📬 Subscribe to my newsletter for weekly posts on AWS/DynamoDB

Someone on your team integrated a new API. It works great. But nobody registered it in your API catalog. Now you have a shadow API. It's in production. It's not tracked. When it breaks, nobody knows who owns it or how to fix it. This happens constantly. Developers find an API, use it, ship it. The governance process gets skipped because "it's just one endpoint." Dev Proxy with Azure API Center finds these shadow APIs automatically. The ApiCenterOnboardingPlugin compares your app's actual API calls against what's registered: ``` New APIs that aren't registered in Azure API Center: https://api.example.com: DELETE https://lnkd.in/e5_UuhvM ``` That DELETE endpoint? Not in your catalog. Someone added it. Nobody documented it. But here's the best part: Dev Proxy can automatically onboard these shadow APIs to API Center. Set `createApicEntryForNewApis` to true and it creates the catalog entry for you. Combine it with OpenApiSpecGeneratorPlugin and it even generates the OpenAPI spec. Shadow APIs aren't a people problem. They're a tooling problem. Make the right thing easier than the wrong thing. How do you track which APIs your apps actually use? Manually? Automated? Not at all?