AWS Dedicated Hosts: Your Own Physical Server in the Cloud
An AWS Dedicated Host is your own physical server in the cloud, providing single-tenant hardware. Use it for "bring your own license" (BYOL) software tied to physical cores, or for compliance rules that forbid multi-tenancy.
AWS Placement Groups: Control Where Your Instances Run
AWS Placement Groups let you control where EC2 instances run relative to each other. Use a Cluster group for low-latency HPC, or Spread/Partition groups to reduce correlated hardware failures. The main footgun is picking the wrong strategy for your workload.
Spot Instances: Trade Reliability for Huge Cost Savings
Spot Instances let you use spare AWS compute for up to 90% off. They're great for fault-tolerant jobs like batch processing or CI/CD. The footgun: AWS can reclaim your instance with a two-minute warning, so don't use them for critical workloads.
User Data Scripts: Day-One Instance Configuration
User data scripts are your instance's "Day One" instructions, automatically running commands like package installs on first boot. Use it to set up a web server or install agents without manual SSH.
AWS Reserved Instances: Commit to Compute, Save Big
Reserved Instances are like leasing a car instead of renting daily: commit to 1-3 years of compute for a steep discount. They're ideal for predictable, steady-state workloads. The footgun is buying inflexible Standard RIs when your needs might change.
Auto Scaling Groups: Elasticity and Self-Healing
An Auto Scaling Group (ASG) is like a thermostat for your servers, automatically adding or removing instances to match demand and replacing any that fail. Use it for web apps with variable traffic or services that need to self-heal from instance failures.
The Cloud's Shared Responsibility Model
Using the cloud means you share security duties with the provider. The split depends on the service: in IaaS, you manage the OS and up; in PaaS, just your app and data; in SaaS, mostly your data and users.
Cloud Scalability vs. Elasticity: Planned Growth vs. Real-Time Reaction
Think of scalability as adding lanes to a highway for long-term growth. Elasticity is opening a reversible lane only during rush hour. Scalability handles predictable demand, like a product launch; elasticity manages unpredictable spikes, like a viral post.
Shift Left Security: Treat Security Like a Bug
Treat security vulnerabilities like bugs by finding them early in the development cycle, not as a final gate before release. This means running automated security scans in CI/CD pipelines and even in your IDE.
Secret Sprawl: When Credentials Multiply Unchecked
Secret sprawl is when credentials like API keys multiply without control, getting lost in code, config files, and CI/CD pipelines. It's common in automated cloud systems where non-human identities proliferate.
Artifact Signing: Proving Your Code is Your Code
Artifact signing is a notary's seal for software, proving who built it and that it hasn't been tampered with. It's used in CI/CD to sign container images and binaries before publishing.
Developer Portals: A Self-Service Hub for APIs
A developer portal is a self-service hub for APIs, bundling docs and access controls so developers can discover and use APIs without platform team help. They're used externally for third-party developers or internally for infrastructure automation.
Docker Image Tagging: A Strategy for Reliable Deployments
Think of Docker tags as pointers, not permanent labels. Multiple tags like `v1.2.3` and `production` can point to the same image SHA, enabling reliable CI/CD and rollbacks. The footgun is relying on mutable tags like `latest` in production.
Visual Regression Testing: Catching Unintended UI Changes
Visual regression testing is a 'spot the difference' game for your UI, comparing screenshots to a baseline to catch visual bugs. It's used in CI/CD to prevent CSS regressions and layout breaks that unit tests miss.
Score: Define Your Workload Once, Run Anywhere
Score is a universal remote for your workload configs, letting you define what your app needs once in a `score.yaml` file. It translates this spec into files for Docker Compose or Kubernetes, preventing config drift.
Software Catalog: Your Org's Engineering Map
A software catalog is a searchable map of your software ecosystem, tracking ownership and metadata for every service, library, and pipeline. It helps growing orgs discover services and find owners.
App of Apps Pattern: Manage Application Fleets, Not Individuals
The App of Apps pattern uses a single parent Argo CD application to declaratively manage a fleet of child applications. This is ideal for bootstrapping entire environments from one Git repo.
Flux CD: Git as the Source of Truth for Kubernetes
Flux CD makes Git your cluster's source of truth. It automatically syncs Kubernetes manifests from a repo to your cluster, ensuring the live state matches your config. This is for continuous delivery, not CI.
eBPF: Run Sandboxed Programs in the Linux Kernel
eBPF lets you run sandboxed programs directly in the Linux kernel, like adding programmable event handlers to your OS. This enables high-performance networking, security, and observability without changing kernel code.
Fuzz Testing: Finding Bugs with Random, Invalid Inputs
Fuzz testing is automated chaos engineering for your inputs. It feeds your program semi-random, invalid data to uncover crashes and security flaws, especially in code that parses files or network protocols.