Field notes from the cloud that survived the draft folder.https://monicacolangelo.com/enhttps://monicacolangelo.com/articles/hardening-cognito-spa-supply-chain-xss/https://monicacolangelo.com/articles/hardening-cognito-spa-supply-chain-xss/A practical implementation of frontend hardening against supply chain XSS for a Cognito-authenticated SPA. An auth proxy that keeps the refresh token out of the browser, short-lived tokens in closure memory, and a strict Content Security Policy delivered via Lambda@Edge with a hash manifest in S3.Wed, 13 May 2026 00:00:00 GMThttps://monicacolangelo.com/articles/multi-tenant-dynamodb-token-vending-machine/https://monicacolangelo.com/articles/multi-tenant-dynamodb-token-vending-machine/A practical implementation of the Token Vending Machine pattern for multi-tenant DynamoDB isolation. A single IAM role with broad permissions, narrowed at runtime via STS inline session policies, with the trust policy and operational details that reference architectures often leave out.Wed, 06 May 2026 00:00:00 GMThttps://monicacolangelo.com/articles/cloudfront-cache-tag-invalidation/https://monicacolangelo.com/articles/cloudfront-cache-tag-invalidation/How CloudFront cache tag invalidation enables per-tenant cache scoping without the brittleness of path-pattern lists. The role of Lambda@Edge in setting tags at the edge, and orchestrating invalidation and prewarm via Step Functions.Mon, 04 May 2026 00:00:00 GMThttps://monicacolangelo.com/articles/evaluating-bedrock-agent-agentcore-evaluations/https://monicacolangelo.com/articles/evaluating-bedrock-agent-agentcore-evaluations/Testing AgentCore Evaluations in production to understand what managed evaluation covers, where its limits are, and when deterministic checks in the pipeline work better.Sun, 19 Apr 2026 00:00:00 GMThttps://monicacolangelo.com/articles/benchmarking-models-bedrock-agent-agentcore/https://monicacolangelo.com/articles/benchmarking-models-bedrock-agent-agentcore/Systematically comparing foundation models for an AI governance agent on AgentCore Runtime, and the production cost surprise that followed.Sat, 18 Apr 2026 00:00:00 GMThttps://monicacolangelo.com/articles/building-governance-agent-strands-bedrock-agentcore/https://monicacolangelo.com/articles/building-governance-agent-strands-bedrock-agentcore/Building an AI agent for AWS Organization governance using Strands Agents, Amazon Bedrock, and AgentCore, and the tool design tradeoffs that shaped it.Fri, 17 Apr 2026 00:00:00 GMThttps://monicacolangelo.com/articles/integrating-lambda-durable-functions-into-a-step-functions-workflow/https://monicacolangelo.com/articles/integrating-lambda-durable-functions-into-a-step-functions-workflow/A practical walkthrough of integrating Lambda Durable Functions into a Step Functions workflow, from CDK setup through the errors and patterns that work.Sat, 14 Feb 2026 00:00:00 GMThttps://monicacolangelo.com/articles/bedrock-studio-first-look/https://monicacolangelo.com/articles/bedrock-studio-first-look/A hands-on first look at Amazon Bedrock Studio, its current limitations, and what the playground experience looks like for building generative AI apps.Sun, 12 May 2024 00:00:00 GMThttps://monicacolangelo.com/articles/transforming-diagrams-into-code/https://monicacolangelo.com/articles/transforming-diagrams-into-code/Discover how AI models like Claude 3 with Amazon Bedrock streamline the transformation of architectural diagrams into functional infrastructure code.Fri, 29 Mar 2024 00:00:00 GMThttps://monicacolangelo.com/articles/a-cloud-architects-top-10-picks-from-aws-reinvent-2023/https://monicacolangelo.com/articles/a-cloud-architects-top-10-picks-from-aws-reinvent-2023/My top 10 sessions tailored for architects, curated with the intention of delivering real value and practical insights.Tue, 05 Dec 2023 00:00:00 GMThttps://monicacolangelo.com/articles/automated-mass-tagging-in-aws-across-accounts-and-organizations/https://monicacolangelo.com/articles/automated-mass-tagging-in-aws-across-accounts-and-organizations/Explore automated AWS resource tagging with Python Lambdas. Dive into a multi-tiered strategy for efficient tagging across accounts and organizations.Thu, 17 Aug 2023 00:00:00 GMThttps://monicacolangelo.com/articles/guardian-of-the-functions/https://monicacolangelo.com/articles/guardian-of-the-functions/Efficient AWS Step Functions monitoring using custom CloudWatch metrics and Terraform.Tue, 18 Jul 2023 00:00:00 GMThttps://monicacolangelo.com/articles/push-the-green-button-creating-event-gadgets-with-iot-and-serverless-architecture/https://monicacolangelo.com/articles/push-the-green-button-creating-event-gadgets-with-iot-and-serverless-architecture/Explore how AWS IoT was leveraged to create an innovative, eco-friendly event giveaway solution — from a button press to a tree planted.Thu, 22 Jun 2023 00:00:00 GMThttps://monicacolangelo.com/articles/automating-the-injection-of-cicd-runtime-information-into-terraform-code/https://monicacolangelo.com/articles/automating-the-injection-of-cicd-runtime-information-into-terraform-code/Automate the process of injecting CI/CD runtime information into your Terraform provider using tools like hcledit.Fri, 31 Mar 2023 00:00:00 GMThttps://monicacolangelo.com/articles/continuous-delivery-for-the-rest-of-us/https://monicacolangelo.com/articles/continuous-delivery-for-the-rest-of-us/Combining a classic CI pipeline with GitOps-based continuous deployment across multiple Kubernetes environments with different release timings.Wed, 04 Jan 2023 00:00:00 GMThttps://monicacolangelo.com/articles/4-ultimate-reasons-to-prefer-aws-cdk-over-terraform/https://monicacolangelo.com/articles/4-ultimate-reasons-to-prefer-aws-cdk-over-terraform/A comparison of Cloudformation, Terraform, and AWS CDK, focusing on the practical advantages that make CDK stand out for infrastructure as code.Mon, 05 Dec 2022 00:00:00 GMThttps://monicacolangelo.com/articles/bluegreen-fargate/https://monicacolangelo.com/articles/bluegreen-fargate/Using ECS Fargate and blue/green deployments to modernize legacy web server infrastructure without touching existing configurations.Sat, 27 Aug 2022 00:00:00 GMThttps://monicacolangelo.com/articles/pipeline-with-vm-step/https://monicacolangelo.com/articles/pipeline-with-vm-step/How to include a traditional virtual machine as a step in a modern CI/CD pipeline, using AWS CodePipeline, Step Functions, and Systems Manager.Wed, 17 Aug 2022 00:00:00 GMThttps://monicacolangelo.com/articles/multiple-eks-single-alb/https://monicacolangelo.com/articles/multiple-eks-single-alb/A solution to expose multiple EKS microservices through a single Application Load Balancer using the VPC CNI add-on, without NodePort.Mon, 15 Aug 2022 00:00:00 GMThttps://monicacolangelo.com/articles/eks-autoscaling-karpenter/https://monicacolangelo.com/articles/eks-autoscaling-karpenter/How Karpenter simplifies EKS node autoscaling compared to Cluster Autoscaler, with fewer configurations and smarter instance type selection.Fri, 12 Aug 2022 00:00:00 GMThttps://monicacolangelo.com/articles/eks-cluster-autoscaler/https://monicacolangelo.com/articles/eks-cluster-autoscaler/Setting up Cluster Autoscaler on Amazon EKS to scale nodes on demand, keeping costs low while letting users run independent workloads.Wed, 10 Aug 2022 00:00:00 GMThttps://monicacolangelo.com/articles/multiple-gke-single-lb/https://monicacolangelo.com/articles/multiple-gke-single-lb/Exposing multiple GKE applications through a single Cloud Load Balancer using container-native load balancing and standalone Network Endpoint Groups.Tue, 26 Jul 2022 00:00:00 GMT