-
Buffers Don't Scale: Killing OOMKilled on a 4 GiB Fargate Downloader
The EventBridge-Pipes-to-Fargate downloader I wrote about in February had a quiet bug from day one. It worked beautifully for the small daily files we use in dev and UAT, and...
-
Five Small Traps in the Week After Standing Up Jenkins on a NUC
A week ago I stood up a self-hosted Jenkins on a NUC and called it done. The two _smoke pipelines were green, the Docker cloud was spawning ephemeral agents, and...
-
Standing up Self-hosted Jenkins on a NUC: JCasC, an Ephemeral Docker Cloud, and a Socket Proxy
I’ve been hand-deploying this blog with jekyll build && aws s3 sync && aws cloudfront create-invalidation since the Terraform stack went up. Three other projects sit alongside it on my...
-
PageIndex and Claude Code: Vectorless RAG That Reasons Over Long Documents
Retrieval-Augmented Generation has become the default architecture for grounding language models in external knowledge, and the idea is sound: rather than baking every fact into model weights, retrieve relevant text...
-
CloudFront Log Collection and Local Visualisation: Seeing What Your Static Site Actually Does
Once the Terraform stack for this blog was running, the obvious next question was: is anyone reading it, and what are they actually requesting? A static site has no application...
-
Hosting a Static Blog on AWS with Terraform: S3, CloudFront, and the Gotchas In Between
This blog runs on Jekyll, but Jekyll is just the build tool. The actual hosting stack is AWS: an S3 bucket behind a CloudFront distribution, with ACM for TLS and...
-
Standardising Logging and Metrics Across Lambda and ECS Fargate with AWS Powertools
The batch download pipeline spans two compute runtimes: a Lambda function that orchestrates the daily batch, and ECS Fargate containers that do the actual download and decryption work. Both write...
-
DynamoDB Table Design and GSI Patterns for a Daily Batch Pipeline
DynamoDB design starts with access patterns, not with data. In a relational database you normalise first, then write queries. In DynamoDB you enumerate every read and write your application needs,...
-
SQS FIFO Deduplication and Retry: Two Safety Nets Are Better Than One
SQS guarantees at-least-once delivery. This means a message can, under normal failure conditions, be delivered more than once. For most workloads this is fine; you design your consumer to be...
-
Envelope Encryption in Practice: RSA + AES with Node.js Crypto
In the previous post I described an ECS Fargate container that downloads encrypted files from a pre-signed URL, decrypts them, and uploads the plaintext to S3. I glossed over the...
-
EventBridge Pipes: Driving ECS Fargate Tasks from SQS When Lambda Isn't Enough
In a previous post I covered converting a daily polling Lambda into a Durable Function that orchestrates a batch download workflow. That post ends at the point where files are...
-
AWS Lambda Durable Functions: Orchestrating Daily Batch Workflows Without the Cost
AWS Lambda Durable Functions let you write long-running, stateful workflows directly in Lambda code, without reaching for Step Functions or an SQS-driven state machine, and crucially without paying for compute...
-
Run OpenClaw Securely in Docker Sandboxes
Docker Sandboxes is a new ecosystem feature that lets AI agents and other workloads run inside isolated micro VMs. Each sandbox sits behind a configurable network proxy that can restrict...
-
Fixing Sass Deprecation Warnings in Jekyll with Minima
If you’re running a Jekyll site with the Minima theme and a recent version of Ruby, you’ve likely seen a wall of deprecation warnings like this when building:
-
Setting Up Jekyll with Minima
Jekyll is a static site generator that turns Markdown files into a fully functional blog. This post walks through getting a Jekyll site up and running with the default Minima...
-
Welcome to Jekyll
You’ll find this post in your _posts directory. Go ahead and edit it and re-build the site to see your changes. You can rebuild the site in many different ways,...
subscribe via RSS