Cloud Computing Solutions

APIs do more than connect systems—they enable consistent, secure, and scalable interactions across applications. As products grow and diversify, REST API design becomes essential for ensuring that these interactions are reliable, maintainable, and optimized for performance. To build an API that stands the test of time, it must adhere to key REST principles: 1. Code on Demand - Flexibility to download and execute code for specialized actions. 2. Uniform Interface - Standardized methods to simplify and unify API operations. 3. Layered System - Enables scalability by allowing intermediaries like load balancers. 4. Statelessness - Each request from client to server must contain all the necessary information. 5. Client-Server - A clear separation between client and server concerns ensures modularity. These principles allow APIs to be scalable, manageable, and versatile in various architectures. HTTP Methods for CRUD Operations REST APIs primarily rely on HTTP methods to perform Create, Read, Update, Delete (CRUD) operations, making interactions predictable: - GET - Retrieve information (e.g., fetching user data). - POST - Add new resources (e.g., creating a new entry). - PUT - Update existing resources. - PATCH - Partially update resources. - DELETE - Remove resources. Using these methods thoughtfully ensures your API is intuitive and easy to maintain for both current and future developers. To provide a seamless experience and robust data handling, consider these design factors: - Simple and Fine-grained Resources - Avoid overloading endpoints; focus on specific, manageable resources. - Pagination & Links - Ensure data is accessible in manageable chunks with options like first, last, next, and prev links. - Filtering & Ordering - Allow users to query and sort data to meet their specific needs. - Resource Naming - Stick to clear, consistent naming conventions (e.g., /users/{id}), enhancing readability and predictability. - Versioning - Ensure backward compatibility by introducing versioning (`/v1/users`). Security & Reliability Modern APIs must handle sensitive data securely and reliably. Key security practices include: - CORS (Cross-Origin Resource Sharing) - Control who can access your API to prevent cross-site scripting attacks. - Idempotence - Ensure certain operations, like DELETE, can be repeated without unintended effects. - Authentication & Authorization - Implement secure, token-based access to protect user data. - Input Validation - Sanitize and validate user inputs to prevent security vulnerabilities. - TLS (Transport Layer Security) - Encrypt data in transit to prevent interception. Additional Best Practices 1. Use Self-descriptive Messages 2. HATEOAS (Hypermedia as the Engine of Application State) 3. Monitoring & Logging 4. Caching         Have I overlooked anything? Please share your thoughts—your insights are priceless to me.

🚨CISA & NSA release Crucial Guide on Network Segmentation and Encryption in Cloud Environments🚨 In response to the evolving requirements of cloud security, the Cybersecurity & Infrastructure Security Agency (CISA) and the National Security Agency (NSA) recently released a comprehensive Cybersecurity Information Sheet (CSI): "Implement Network Segmentation and Encryption in Cloud Environments." This document provides detailed recommendations to enhance the security posture of organizations operating within cloud infrastructures (that probably means you). Key Takeaways Include: 🔐 Network Encryption: The document underscores the importance of encrypting data in transit as a defense mechanism against unauthorized data access. 🌐 Secure Client Connections: Establishing secure connections to cloud services is fundamental. 🔎 Caution on Traffic Mirroring: While recognizing the benefits of traffic mirroring for network analysis and threat detection, the guidance cautions against potential misuse that could lead to data exfiltration and advises careful monitoring of this feature. 🛡️ Network Segmentation: Stressed as a foundational security principle, network segmentation is recommended to isolate and contain malicious activities, thereby reducing the impact of any breach. This collaboration between NSA and CISA provides actionable recommendations for organizations to strengthen their cloud security practices. The emphasis is on strategically implementing network segmentation and end-to-end encryption to secure cloud environments effectively. Information security leaders are encouraged to review this guidance to understand better the measures necessary to protect cloud-based assets. Implementing these recommendations will contribute to a more secure, resilient, and compliant cloud infrastructure. Access the complete guidance provided by the NSA and CISA to fully understand these recommendations and their application to your organization’s cloud security strategy. 📚 Read CISA & NSA's complete guidance here: https://lnkd.in/eeVXqMSv #cloudcomputing #technology #informationsecurity #innovation #cybersecurity

Everyone talks about scalability. Very few talk about where the latency is hiding. I once worked on a system where a single API call took ~450ms. The team kept trying to “scale the service” by adding more replicas. Pods were multiplied. Autoscaling was tuned. Dashboards were made fancier. But the request still took ~450ms. Because the problem was never about scale. It was this: - 180ms spent waiting on a downstream service. - 120ms on a database round-trip over a noisy network hop. - 80ms wasted in JSON -> DTO -> Internal Model conversions. - 40ms in logging + metrics I/O. - The actual business logic: ~15ms. We were scaling the symptom, not the cause. Optimizing that request had nothing to do with distributed systems wizardry. It was mostly about treating latency as a budget, not as a consequence. Here’s the framework we used that changed everything: - Latency Budget = Time Allowed for Request - Breakdown = Where That Time Is Actually Spent - Gap = Budget - Breakdown And then we asked just one question: “What is the single biggest chunk of time we can remove without changing the system’s behavior?” This is what we ended up doing: - Moved DB calls to a closer subnet (dropped ~60ms) - Cached the downstream call response intelligently (saved ~150ms) - Switched internal models to protobuf (saved ~40ms) - Batched our metrics (saved ~20ms) The API dropped to ~120ms. Without more servers. Without more Kubernetes magic. Just engineering clarity. 🚀 Scalability isn’t just about adding compute. It’s about understanding where the time goes. Most “slow” systems aren’t slow. They’re just unobserved.

The final step in the procurement journey just became invisible. For years, partners have been able to surface AWS Marketplace products—primarily software, but also professional services and data—on third-party sites or within other AWS service consoles. But there was always a catch: to actually close the deal, the buyer had to be redirected to the AWS Marketplace website's subscription page. That redirect kills conversions. Today, it is no longer required. With the AWS Marketplace Agreements API now generally available, partners can embed the entire transaction flow directly into their own user interfaces. This release provides a programmatic way to generate quotes, accept offers, track charges and entitlements, and manage renewals and cancellations without ever sending customers away. Buyers can browse, evaluate, and complete the purchase in one place. No redirects, no context switching, and no friction at the most critical moment. Combined with the Discovery API, organizations can now build a completely native, end-to-end programmatic procurement experience. This is our "Marketplace Everywhere" vision in action: moving beyond AWS Marketplace as a single destination and turning it into a core distribution layer that powers commerce wherever customers choose to work—whether that is a partner website, an artificial intelligence application, or a procurement tool. Learn more: https://lnkd.in/ekyRrFhT

This week has been a perfect storm. As if Diwali, Halloween, and month-end weren’t keeping us on our toes, the Tech Titans threw in their earnings for good measure. The big takeaway is this: for the cloud giants — Google, Microsoft, and Amazon—the AI trend has come with both a trick and a treat. 👻 On the one hand, they’re seeing accelerating cloud revenue as companies rush to adopt AI. On the other, they’re being handed the bill. Meeting this demand requires infrastructure—a lot of infrastructure—and that means some eye-popping capex projections. 🥇 Google kicked things off with a bang. Google Cloud’s 35% surge to $11.35 billion signals the AI hype is translating into real dollars. Overall revenue up 15% to $88.3 billion. Sundar Pichai dropped a fun stat for us in the earnings call - 25% of new code at Google is AI-generated. 🥈 Microsoft came in hot, but guidance left investors cold. Microsoft’s Azure posted a solid 29% growth, hitting $24.1 billion, but then the stock took a hit when they projected slower. Satya Nadella’s take? “We are seeing more demand for AI than we can keep up with.” Translation: the market wants AI now, but Microsoft’s pace is held back by its own infrastructure buildup. 🥉 Amazon had a massive quarter too, with AWS posting 19% growth to $27.5 billion and total revenue up 13% to $158.9 billion. But it’s Andy Jassy’s “once-in-a-lifetime opportunity” language on AI that’s notable. He talks about it like it’s a rare planetary alignment, so naturally, they’re investing accordingly. Their CAPEX is substantial, especially for AWS, and Amazon’s approach seems to be, “Spend now, explain to shareholders later.” The bigger picture here is that Alphabet, Microsoft, and Amazon are collectively bracing to drop over $200 billion by 2025 on the infrastructure needed to support AI. The market might flinch a bit at that figure, but there’s a certain inevitability to it. They aren’t just reacting to demand—they’re building the AI economy’s plumbing, making sure they’re the pipes. 🔌

🎀 Building Secure Cloud Environments with IAM and SCP Lets understand IAM and SCP better through a scenario-based approach! 💥 𝐒𝐜𝐞𝐧𝐚𝐫𝐢𝐨: You run a small online store with an AWS account. You have different employees with varying needs: ✨ Marketing team: Needs access to analyze customer data stored in an S3 bucket. ✨ Sales team: Needs access to create and manage customer orders in a database. ✨ Finance team: Needs access to view billing information and manage AWS costs. 💥𝐈𝐀𝐌: Create separate users or groups for each team. Define roles with the specific permissions needed for each team: ✨ Marketing: Read-only access to the S3 bucket containing customer data. ✨ Sales: Read/write access to the customer order database. ✨ Finance: Read-only access to billing information and AWS cost management tools. Attach these roles to the respective groups/users. 💥𝐒𝐂𝐏: Create an SCP for the account that: ✨ Allows access to S3, the database service you use, and billing/cost management tools. ✨ Restricts access to other potentially risky services like EC2 (virtual machines) or Lambda (serverless functions). ✨ Additionally, within the allowed services, you can further restrict specific actions: 🎊 𝐅𝐨𝐫 𝐞𝐱𝐚𝐦𝐩𝐥𝐞, the SCP could allow reading data from the S3 bucket but disallow deleting it. 💥 𝐖𝐢𝐭𝐡 𝐭𝐡𝐢𝐬 𝐬𝐞𝐭𝐮𝐩: ❄ Each team only has access to what they need, thanks to IAM roles and policies. ❄ The SCP acts as a safety net, ensuring no one uses unauthorized services or performs risky actions, even with their IAM permissions. ❄ This example shows how IAM allows granular control for different users, while SCP ensures everyone adheres to your overall security guidelines. ❄ You can tailor IAM and SCP configurations to your specific needs and organizational structure for optimal security and access management in your cloud environment. ✨Follow me Nagaswetha Mudunuri on LinkedIn for more information on Cloud Security, DevSecops and Cybersecurity✨ #learnwithswetha #awscloud #learning #career #aws #scp #iam

Co-sell = Marketplace When I first joined AWS, nearly 4 years ago, I treated co-sell and Marketplace as two separate GTM activities. My partners were mostly engaged in trying to win the hearts and minds of AWS sellers and customers. Some were active in Marketplace, but some were just getting started. During my time working with those partners, all got a Marketplace listing, but not all invested as heavily in Marketplace as they did in co-sell. That is changing. Now, co-sell is Marketplace and vice versa. And you need to weave the two strategies together. In my 4th installment of co-sell best practices, I'm going to scratch the surface of how to weave these two strategies together. 1. Your listing strategy defines your co-sell motion. More and more, what you list and how customers try and buy defines how you should build your cloud co-sell strategy. Product led growth, free trials, paygo offerings and other listing strategies will determine how a cloud provider, like AWS, can drive sales with you. This may mean innovating in new sales motions, but marketplace is a new sales motion, so lean into some of the amazing benefits of this channel and innovate. 2. Focus on lighthouse wins. Sales is storytelling. I recently joined a Sales training with an ISV partner and they led with a seller talking about a joint opportunity that grew on the Marketplace. If marketplace is new for you or your buyers, find those first wins and shout them from the rooftops. 3. Be a winner. AWS has tons of data that sales through our marketplace are bigger and faster than direct deals. If you aren't seeing those results, then you have some work to do to be a leader. I know I want to win and I bet you do too. And if you aren't measuring time to close, deal size and other KPIs related to your Marketplace strategy, then you won't know how you stack up and won't be able to sell this up to your C-suite and Board. 4. Talk marketplace early and often in your sales cycle. I've seen a lot of talk lately about layering in AWS Marketplace into MEDDIC sales methodology and I love it. I love it, because partners should be built into your sales methodology as a forcing function. I've seen partners force cloud and marketplace qualifying questions into their sales stages. Your sellers should know which cloud and what procurement method early in the cycle to bring all that we have to bear into your deal. Don't wait until the end of the cycle. No one likes surprises in late stage deals. 5. Train your sellers. Maybe not all of them at first, but the ones you know can get it. Train them on the benefits of Marketplace for customers, for cloud sellers and for your company. Ride shotgun on their deals and nudge them to talk about cloud and marketplace early. And for pete's sake, put an incentive in place to drive marketplace wins quickly! There is a lot more I can say on Marketplace. For next time. What are some of your keys to winning in Marketplace? #AWS #Marketplace #cosell

🚀 Agentic AI Identity and Access Management: A New Approach In my View ..... "Architectures are going to change ; Approach to Development is going to change ; In Secure First and Automation First Era , we need to work Digital 1st , Intelligent 1st Approach to avoid rework ..." ▬▬▬▬▬▬▬▬▬▬▬▬▬ 🌍 Let's find how we can it with Identity and Access Management .. #AgenticAI is pushing the boundaries of automation, autonomy, and decision-making at machine speed. But traditional identity and access management (IAM) protocols, designed for static applications and human users, can’t keep up. This publication from the Cloud Security Alliance (CSA) introduces a purpose-built Agentic AI IAM framework that accounts for autonomy, ephemerality, and delegation patterns of AI agents in complex Multi-Agent Systems (MAS). It provides security architects and identity professionals with a blueprint to manage agent identities using Decentralized Identifiers ( #DIDs), Verifiable Credentials ( #VCs), and Zero Trust principles, while addressing operational challenges like secure delegation, policy enforcement, and real-time monitoring. 🞕 Let's understand - ➟ Identify shortcomings of OAuth 2.1, SAML, and OIDC in agentic environments ➟ Define rich, verifiable Agent IDs that support traceable, dynamic authentication ➟ Apply decentralized and privacy-preserving cryptographic architectures Enforce fine-grained, context-aware access control using just-in-time credentials ➟ Build zero trust IAM systems capable of scaling to thousands of agents ▬▬▬▬▬▬▬▬▬▬▬▬▬ 🎯 Bottomline - With detailed guidance on deployment models, governance consideration, and threat mitigation using the MAESTRO framework, this publication lays the foundation for secure identity and access in the next generation of AI systems. ▬▬▬▬▬▬▬▬▬▬▬▬▬ Its wake-up call for existing Identity and Access Management frameworks and companies.... Excellent Read for Weekend !! #Security #Identity #AI #Automation #Technology

If you’ve been following the Big Tech companies’ earnings reports, you know that they’re pouring more than ever into capital expenditure to pursue their AI futures. Amazon, Alphabet, Meta, and Microsoft all spent record sums last quarter on purchases of property and equipment — largely tied AI chips and data centers. And for the companies that offered forward-looking guidance, their capex plans for the year blew analysts’ already generous estimates out of the water. Amazon expects its 2026 capex to surge to $200 billion. Google is aiming for $175 billion to $185 billion. Meta estimates it will spend between $115 billion and $135 billion. All of those figures came in well above expectations and, for the most part, have weighed on their stocks. Microsoft didn’t give a formal 2026 capex outlook, but if its peers are any indication, spending will likely exceed the roughly $114 billion Wall Street expects for the calendar year. Of the Big Tech companies, just one stands apart this earnings season. Apple’s capital expenditure, already just a fraction of its peers, actually declined in the December quarter from a year earlier. For better or worse, Apple has struck its own path with AI. As we’ve argued before, it’s embracing AI but is not an AI company. Instead, it’s chosen a hybrid model, relying on both first- and third-party data centers — a move that keeps a significant amount of infrastructure spending off its balance sheet. And while Apple has said it expects capex to increase as it invests more heavily in AI, particularly to support its Private Cloud Compute, those outlays remain minimal compared with its peers. You can see that approach reflected in Apple’s decision to use Google’s Gemini, rather than an in-house model, to power the next generation of Siri and Apple Intelligence. The Google deal, reportedly worth about $1 billion a year, gives Apple access to a top-tier AI model for pennies on the dollar compared to what other Big Tech companies are spending to build their own. Of course, it also means Apple won’t fully own a technology that some see as powering the next industrial revolution. But if that revolution fails to materialize — or takes longer than expected — Apple won’t be left holding the most expensive bag in Silicon Valley history. https://lnkd.in/eDTFzE46

🔐 RBAC vs. ABAC: Choosing the Right Access Control for Your IAM Strategy 🚀 In Identity and Access Management (IAM), controlling who can access what is critical. Two powerful approaches—Role-Based Access Control (RBAC) and Attribute-Based Access Control (ABAC)—offer distinct ways to manage permissions. But which one fits your needs? Let’s break it down! 🧠 🔍 Role-Based Access Control (RBAC) What is it? Assigns permissions based on predefined roles tied to job functions (e.g., "Admin," "Developer"). Users inherit access through their roles. How it works: Admins define roles and assign users to them. Permissions are tied to roles, not individuals. Best for: Organizations with clear hierarchies and stable access needs (e.g., enterprise apps like Salesforce). Pros: Simple to implement and manage. Scalable for large teams with similar access needs. Supported by most IAM tools (e.g., Okta, AWS IAM). Cons: Less flexible for dynamic or complex access scenarios. Can lead to "role explosion" with too many roles. Example: A "Marketing" role grants access to social media tools but not financial systems. Fun Fact: RBAC is a staple in traditional enterprises for its straightforward approach! 🔑 Attribute-Based Access Control (ABAC) What is it? Grants access based on attributes (e.g., user’s department, location, time, or device) using dynamic policies. How it works: Policies evaluate attributes in real-time to decide access (e.g., "Allow access if user is in HR, in the UK, during work hours"). Best for: Dynamic, complex environments like cloud-native apps or zero-trust architectures. Pros: Highly granular and flexible for nuanced access needs. Adapts to context (e.g., location, risk level). Ideal for modern IAM platforms like Ping Identity. Cons: More complex to set up and maintain. Requires robust policy management and attribute data. Example: An employee can access sensitive data only from a secure device in the office. Fun Fact: ABAC’s flexibility makes it a go-to for zero-trust security models! ⚖️ Key Differences: Approach: RBAC uses static roles; ABAC uses dynamic attributes. Flexibility: RBAC is simpler but rigid; ABAC is flexible but complex. Use Case: RBAC suits structured organizations; ABAC excels in dynamic, cloud, or high-security settings. Scalability: RBAC is easier for broad access; ABAC scales better for fine-grained control. 💡 Why They Matter Together: RBAC offers simplicity for standard access, while ABAC provides precision for complex scenarios. Many IAM tools (e.g., SailPoint, Microsoft Entra ID) support both, letting you combine them for hybrid strategies. For example, use RBAC for employee apps and ABAC for sensitive data access. 🔥 Pro Tip: Start with RBAC for quick wins, then layer ABAC for high-risk or dynamic use cases. Tools like Okta or Saviynt make this seamless! Which do you use—RBAC, ABAC, or both? Share your IAM insights or challenges below! 💬 #Cybersecurity #IAM #RBAC #ABAC #Tech