The library
142 lessons. One library.
In-depth, expert-written guides on cloud cost, compliance, reliability and monitoring. Read in your browser. No signup, no paywall.
Cost
52 lessonsCut cloud spend without slowing teams down. Rightsize workloads, lock in commitments, kill idle waste, and turn raw billing data into decisions leadership trusts.
Compliance
60 lessonsMake audits boring. Continuous controls for SOC 2, HIPAA, PCI and ISO 27001: encryption, IAM hygiene, evidence collection, and the daily habits that keep you in scope.
Site Reliability
19 lessonsBuild systems that don't wake you up. SLOs that mean something, error budgets that change decisions, and the operational practices behind reliable cloud platforms.
Monitoring
11 lessonsSee your system clearly. Metrics, logs, traces and the questions worth asking. Instrument once, observe forever, and skip the dashboard sprawl.
Featured this month
6 lessonsMigrate EBS volumes from gp2 to gp3
Same baseline performance, ~20% cheaper, online change — the EBS upgrade with no downside.
Right-size EC2 instance
Match instance types to actual workload — stop overpaying for unused capacity.
Delete unused NAT Gateways
A NAT Gateway with no traffic still bills $32/month — find the orphans and replace them with VPC endpoints where possible.
Enable MFA for root and IAM users
One capability across the root user, IAM console and programmatic users, and Cognito user pools: make a stolen password or key useless on its own by requiring a second factor everywhere an identity can sign in.
Block public access to AWS resources
One capability across S3, EC2, RDS, snapshots, queues and topics: make sure nothing is reachable from, or shareable with, the public internet unless you genuinely intend it.
Enable VPC flow logs in every VPC
Security Hub EC2.6 — without flow logs you have no network audit trail. Investigations and threat detection need them.
Learning paths
All pathsCut your storage bill
From gp2→gp3 and lifecycle policies to snapshot hygiene: squeeze the storage bill.
Trim your network spend
NAT gateways, idle load balancers and public IPv4: the quiet network line items.
Right-size your compute
Right-size, Graviton and idle instances: match spend to what you actually run.
Lock in your commitments
Savings Plans, Reserved Instances and reservations: stop paying on-demand for steady-state workloads.
Kill idle waste
Unattached volumes, idle endpoints, orphaned IPs and empty tables: delete what nothing uses.
Lock down access
Public S3, IAM hygiene, security groups and MFA: close the obvious doors.
Encrypt everything
Encrypt at rest and in transit across EBS, S3, RDS and load balancers.
Tighten your databases
Lock down RDS: private subnets, IAM auth, custom ports and logging.
Build in resilience
Multi-AZ, backups, restore testing and read replicas, to survive the bad day.
See what's happening
Flow logs, access logs, CloudTrail and scanning: see what's happening.
Get your alarms right
Coverage, dead alarms and noise: make CloudWatch alarms something you can actually trust.
All lessons
142 lessons0 results
Nothing matched.
Try widening the search or clearing a filter.