According to an IBM report, 82% of breaches involved data stored in the cloud. What's your data recovery plan?

Join us on Wednesday, April 23rd @ 10:00 AM PST for Virtual Camp Rubrik: AWS Cloud Protection to -

-Protect AWS workloads, Amazon EC2, Amazon RDS, and Amazon EBS
-Recover and restore your AWS data and workloads
-Discuss the current state of the cloud threat landscape

In this issue: a plain-English breakdown of every way Kubernetes can evict your pods (even the sneaky ones), a simple fix for bloated Terraform state files, and a practical guide to replacing Docker Compose with Quadlet on your servers. Plus, new observability features from AWS, and how to use Postgres as a graph engine.

There’s also a hands-on Rubrik lab this week on how to protect and recover AWS workloads.

I’ve also picked out two books I think you’ll find genuinely useful: The Self-Taught Cloud Computing Engineer and Solutions Architect's Handbook. Both are 30% off for the next 72 hours!

One quick favor: if you caught last week’s special issue by Alexandra McCoy, I’d love your feedback. Just click here and tell me what worked (or didn’t). It will take less than 60 seconds.

Cheers,

Shreyans Singh

Editor-in-Chief

AWS Amplify Hosting Adds Easy Web App Firewall Protection to Block Common Attacks

AWS Amplify Hosting now lets you add a Web Application Firewall (WAF) to your web apps with just one click, making it easier to protect them from threats like SQL injection, XSS, DDoS attacks, and unwanted traffic from certain countries.

AWS will automatically alert teams about internal certificate expiry

Instead of manually checking if certificates are about to expire, this new setup uses Lambda functions, EventBridge, and other AWS tools to generate daily reports and send alerts when action is needed.

How to automatically remove private data from AWS Lambda logs before it’s saved

Sometimes developers accidentally log private info like phone numbers into AWS logs, which can be seen by people who shouldn’t have access. This post shows a way to automatically erase sensitive data from logs in AWS Lambda using a custom Python logger.

New Microsoft tool to help security teams protect containers

As more companies run apps in containers like Kubernetes, protecting them during runtime is getting harder. Hackers often strike when apps are live. Microsoft is offering a new tool that gives security teams a clear view of all threats in one place.

DevSecOps Isn’t Working Because Security Isn’t Built In from the Start

Many companies say they’re doing DevSecOps but just add security tools on top of their old processes, which doesn’t really make things safer. This overloads developers with alerts while real security issues still slip into production. Instead, teams should bake security directly into how software is built and deployed.

New developer products provide a glimpse into the future of app building on HubSpot, including deeper extensibility, flexible UI, modern development tools, and more

HubSpot’s AI-powered ecosystem presents a global opportunity projected to reach $10.2 billion by 2028.

To capitalize on that growth potential, we are opening our platform more, starting with expanded APIs, customizable app UI, and tools that better support a unified data strategy.

AWS Step Functions Now Supports More File Types and Better Output Control

AWS Step Functions just made it easier to handle large batches of data by supporting more input file types like JSONL and tab-delimited files, not just JSON and CSV.

Amazon Cuts S3 Express One Zone Prices by Up to 85%

Amazon just slashed prices for its high-speed S3 Express One Zone storage by up to 85 percent, making it much cheaper to store and access frequently used data.

How to avoid large OpenTofu/Terraform state files

When using OpenTofu or Terraform to manage cloud infrastructure, the system keeps a detailed file (called a state file) to track everything. As your setup grows, this file can get huge, causing slowdowns. This article explains different ways to split that big file into smaller parts.

How to move from CloudFormation to OpenTofu without losing resources or leaving clutter behind

If you're moving from AWS CloudFormation to OpenTofu, the real challenge is cleaning up old CloudFormation stacks without deleting the actual resources. This article explains a clever trick: by intentionally failing the stack deletion using a restricted IAM role, you can then safely force-delete the stack while keeping the resources intact.

Replace Docker Compose with Quadlet for easier and cleaner container management on Linux servers

If you're using Docker Compose to run apps on servers but want something lighter and more stable than Kubernetes, Quadlet is a great alternative. It's part of Podman and lets you manage containers using simple systemd files, which most Linux servers already use. It avoids Docker’s bloat and quirks, while being more reliable than podman-compose for production.

Google Cloud adds tools to run AI models faster and cheaper on Kubernetes

Google Cloud just added tools to help you pick the best hardware, like TPUs, and manage traffic more efficiently when AI requests come in. These updates can cut your costs by 30 percent, reduce slowdowns by 60 percent, and boost performance by 40 percent.

New Google Cloud tool to simplify running Kubernetes apps across regions

Google Cloud just launched a new tool called Multi-Cluster Orchestrator that helps companies run their Kubernetes apps more smoothly across different locations. Instead of manually juggling workloads across clusters, this tool automatically picks the best place to run each job based on available resources.

Azure Kubernetes Service: A friendly guide for Startups

If you're a startup looking to grow fast without being bogged down by infrastructure, Azure Kubernetes Service (AKS) can help. It takes care of managing your container setup so your small team can focus on building and scaling your product.

Set up a Tailscale VPN router in Kubernetes to securely access your home network remotely

If you want to securely access your home network from anywhere, you can use Tailscale, a simple VPN that doesn’t require opening ports. This article explains how to set up a Tailscale subnet router inside a Kubernetes cluster using the Tailscale Operator and ArgoCD.

Every pod eviction in Kubernetes, explained

Sometimes your running apps in Kubernetes can suddenly shut down or move, and it’s not always clear why. This article explains all the hidden ways Kubernetes can kick out your apps. Some methods don’t even follow your safety rules, meaning your apps can go down unexpectedly if you’re not careful.

New AWS tool to quickly spot and fix database lock issues in Aurora PostgreSQL

If your Aurora PostgreSQL database slows down because different queries are blocking each other, it can be hard to figure out why. Now, Amazon CloudWatch can show you exactly which queries are causing the problem and who’s waiting on what, using clear visual diagrams.

AWS adds real-time flow visibility and control to Network Firewall

AWS Network Firewall now lets you see all active network connections and shut down specific ones instantly. This helps you monitor traffic in real time, catch suspicious behavior, and make sure new firewall rules apply right away, even to existing connections.

How to use Postgres and pgRouting for graph problems like scheduling and recommendations

You can use Postgres as a simple graph database by adding the pgRouting extension. Even though it's meant for mapping routes, pgRouting can also help solve general problems like task scheduling or resource allocation, by treating your data as a network of connected points and paths.

Sigma makes threat detection easier by writing one rule for all your security tools

Sigma is a simple rule language that helps cybersecurity teams detect threats in logs without rewriting the same logic for every different security tool or query language. Instead of creating new detection rules for each system, you can write one Sigma rule and automatically convert it to formats like Splunk or Sentinel.

There’s no best observability tool because the best depends on your needs

Not every observability tool is the best for every situation. What works well for one company might be too complex, too expensive, or just unnecessary for another. The right tool is the one that fits your goals, data, budget, and team—not the one with the most features.

📢 If your company is interested in reaching an audience of developers and, technical professionals, and decision makers, you may want toadvertise with us.

If you have any comments or feedback, just reply back to this email.

Thanks for reading and have a great day!