Darryl Ruggles
@darryl-ruggles.cloud
Principal Cloud Solutions Architect @ Ciena - AWS Community Builder
Serverless, Event-Driven Architecture, AWS, Kubernetes, Rust, Terraform, Security, DevOps, FinOps, MLOps, Maker
https://darryl-ruggles.cloud
https://www.linkedin.com/in/darryl-ruggles
Serverless, Event-Driven Architecture, AWS, Kubernetes, Rust, Terraform, Security, DevOps, FinOps, MLOps, Maker
https://darryl-ruggles.cloud
https://www.linkedin.com/in/darryl-ruggles
Pinned
Darryl Ruggles
@darryl-ruggles.cloud
· Dec 13
AI-Driven Serverless Sales Analytics
Create a budget-friendly serverless sales analytics platform with AI on AWS for under $10/month. Focus on architecture, tools, and implementation
darryl-ruggles.cloud
darryl-ruggles.cloud/building-a-s...
My recent blog features a Serverless AI-powered sales data upload and analytics platform. What if you could build a complete sales analytics platform, with AI-powered insights, automated ETL pipelines, and interactive dashboards, for less than $10 a month? 🧵
My recent blog features a Serverless AI-powered sales data upload and analytics platform. What if you could build a complete sales analytics platform, with AI-powered insights, automated ETL pipelines, and interactive dashboards, for less than $10 a month? 🧵
not being used. It seems like a really good use of AI tools.
Caner Ertem provides an intro on how you could use an approach like this to help. (3/3)
Powered by @nexus_share
Caner Ertem provides an intro on how you could use an approach like this to help. (3/3)
Powered by @nexus_share
February 5, 2026 at 6:30 AM
not being used. It seems like a really good use of AI tools.
Caner Ertem provides an intro on how you could use an approach like this to help. (3/3)
Powered by @nexus_share
Caner Ertem provides an intro on how you could use an approach like this to help. (3/3)
Powered by @nexus_share
go unused, and the principle of least privilege slowly erodes. Manual reviews don't keep up.
This article describes an approach to deal with this using AWS Bedrock with Claude to automatically compare IAM policies against CloudTrail activity and flag what's actually (2/3)
This article describes an approach to deal with this using AWS Bedrock with Claude to automatically compare IAM policies against CloudTrail activity and flag what's actually (2/3)
February 5, 2026 at 6:30 AM
go unused, and the principle of least privilege slowly erodes. Manual reviews don't keep up.
This article describes an approach to deal with this using AWS Bedrock with Claude to automatically compare IAM policies against CloudTrail activity and flag what's actually (2/3)
This article describes an approach to deal with this using AWS Bedrock with Claude to automatically compare IAM policies against CloudTrail activity and flag what's actually (2/3)
https://lckhd.eu/ns8RMX
Managing IAM permissions in AWS accounts with large numbers of users can be challenging. Users come and go, policies accumulate without old versions being cleaned up, permissions 🧵
Managing IAM permissions in AWS accounts with large numbers of users can be challenging. Users come and go, policies accumulate without old versions being cleaned up, permissions 🧵
February 5, 2026 at 6:30 AM
https://lckhd.eu/ns8RMX
Managing IAM permissions in AWS accounts with large numbers of users can be challenging. Users come and go, policies accumulate without old versions being cleaned up, permissions 🧵
Managing IAM permissions in AWS accounts with large numbers of users can be challenging. Users come and go, policies accumulate without old versions being cleaned up, permissions 🧵
and adequate support. Check it out!
(4/4)
Powered by @nexus_share
(4/4)
Powered by @nexus_share
February 5, 2026 at 4:14 AM
and adequate support. Check it out!
(4/4)
Powered by @nexus_share
(4/4)
Powered by @nexus_share
vaults, along with agentless and agent-based models. The trade-offs are discussed as well.
Artem Lajko shares real experience from building the Kubara framework. As he mentions in the article there is a struggle in the open source community for enough people to help (3/4)
Artem Lajko shares real experience from building the Kubara framework. As he mentions in the article there is a struggle in the open source community for enough people to help (3/4)
February 5, 2026 at 4:14 AM
vaults, along with agentless and agent-based models. The trade-offs are discussed as well.
Artem Lajko shares real experience from building the Kubara framework. As he mentions in the article there is a struggle in the open source community for enough people to help (3/4)
Artem Lajko shares real experience from building the Kubara framework. As he mentions in the article there is a struggle in the open source community for enough people to help (3/4)
very secure by default or choose options like the External Secrets Operator, Hashicorp Vault, Sealed Secrets, or others.
This article discusses using the External #Secrets Operator with Argo CD for a Gitops approach. It includes a hub and spoke setup with dedicated (2/4)
This article discusses using the External #Secrets Operator with Argo CD for a Gitops approach. It includes a hub and spoke setup with dedicated (2/4)
February 5, 2026 at 4:14 AM
very secure by default or choose options like the External Secrets Operator, Hashicorp Vault, Sealed Secrets, or others.
This article discusses using the External #Secrets Operator with Argo CD for a Gitops approach. It includes a hub and spoke setup with dedicated (2/4)
This article discusses using the External #Secrets Operator with Argo CD for a Gitops approach. It includes a hub and spoke setup with dedicated (2/4)
https://lckhd.eu/WHge0d
There are multiple ways to managing secret information in #Kubernetes. You can just use the generic secret approach which are part of Kubernetes which are not really 🧵
There are multiple ways to managing secret information in #Kubernetes. You can just use the generic secret approach which are part of Kubernetes which are not really 🧵
February 5, 2026 at 4:14 AM
https://lckhd.eu/WHge0d
There are multiple ways to managing secret information in #Kubernetes. You can just use the generic secret approach which are part of Kubernetes which are not really 🧵
There are multiple ways to managing secret information in #Kubernetes. You can just use the generic secret approach which are part of Kubernetes which are not really 🧵
Reposted by Darryl Ruggles
Terraform Weekly #260 - Preply's IaC Setup with Atlantis, Version Control with ASDF, Governance at Scale, ALB DNS Automation, and Graft's Module Overlay Pattern
www.weekly.tf/p/issue-260-...
www.weekly.tf/p/issue-260-...
Issue #260 - Preply's IaC Setup with Atlantis, Version Control with ASDF, Governance at Scale, ALB DNS Automation, and Graft's Module Overlay Pattern
www.weekly.tf
February 4, 2026 at 6:33 PM
Terraform Weekly #260 - Preply's IaC Setup with Atlantis, Version Control with ASDF, Governance at Scale, ALB DNS Automation, and Graft's Module Overlay Pattern
www.weekly.tf/p/issue-260-...
www.weekly.tf/p/issue-260-...
Check it out! (4/4)
Powered by @nexus_share
Powered by @nexus_share
February 4, 2026 at 6:27 PM
Check it out! (4/4)
Powered by @nexus_share
Powered by @nexus_share
peering connection, and the key routing configuration to make traffic flow. Some good notes on costs and limitations to watch for are included from the experience setting it up.
The guide from Harsh is good with helpful diagrams and step-by-step console screenshots. (3/4)
The guide from Harsh is good with helpful diagrams and step-by-step console screenshots. (3/4)
February 4, 2026 at 6:27 PM
peering connection, and the key routing configuration to make traffic flow. Some good notes on costs and limitations to watch for are included from the experience setting it up.
The guide from Harsh is good with helpful diagrams and step-by-step console screenshots. (3/4)
The guide from Harsh is good with helpful diagrams and step-by-step console screenshots. (3/4)
peering connections, VPN tunnels, and manual route tables. Using a Transit Gateway Inter-Region Peering approach can be a cleaner path forward.
As always, seeing examples can help and one is below. It involves creating transit gateways in each region, establishing the (2/4)
As always, seeing examples can help and one is below. It involves creating transit gateways in each region, establishing the (2/4)
February 4, 2026 at 6:27 PM
peering connections, VPN tunnels, and manual route tables. Using a Transit Gateway Inter-Region Peering approach can be a cleaner path forward.
As always, seeing examples can help and one is below. It involves creating transit gateways in each region, establishing the (2/4)
As always, seeing examples can help and one is below. It involves creating transit gateways in each region, establishing the (2/4)
https://lckhd.eu/GRJ1cp
Setting up multi-region networking on AWS is needed for some use case. It can start out quite simple with a handful of VPCs but it can get quite complicated with a web of 🧵
Setting up multi-region networking on AWS is needed for some use case. It can start out quite simple with a handful of VPCs but it can get quite complicated with a web of 🧵
February 4, 2026 at 6:27 PM
https://lckhd.eu/GRJ1cp
Setting up multi-region networking on AWS is needed for some use case. It can start out quite simple with a handful of VPCs but it can get quite complicated with a web of 🧵
Setting up multi-region networking on AWS is needed for some use case. It can start out quite simple with a handful of VPCs but it can get quite complicated with a web of 🧵
chart replica counts based on environment type stored in SSM. Check it out!
(4/4)
Powered by @nexus_share
(4/4)
Powered by @nexus_share
February 4, 2026 at 7:31 AM
chart replica counts based on environment type stored in SSM. Check it out!
(4/4)
Powered by @nexus_share
(4/4)
Powered by @nexus_share
during deployment, computes what you need, and passes it back to CDK. With this approach you have one codebase, environment-aware behaviour, and no manual overrides.
It's an interesting approach to this situation from Rajesh Murali Nair. His example is configuring Helm (3/4)
It's an interesting approach to this situation from Rajesh Murali Nair. His example is configuring Helm (3/4)
February 4, 2026 at 7:31 AM
during deployment, computes what you need, and passes it back to CDK. With this approach you have one codebase, environment-aware behaviour, and no manual overrides.
It's an interesting approach to this situation from Rajesh Murali Nair. His example is configuring Helm (3/4)
It's an interesting approach to this situation from Rajesh Murali Nair. His example is configuring Helm (3/4)
decisions made at deploy time. These will be based on values that live inside the account, like SSM parameters. This gap can cause confusion.
A way to deal with this is described in the workaround below. It is a Lambda-backed Custom Resource. It reads account metadata (2/4)
A way to deal with this is described in the workaround below. It is a Lambda-backed Custom Resource. It reads account metadata (2/4)
February 4, 2026 at 7:31 AM
decisions made at deploy time. These will be based on values that live inside the account, like SSM parameters. This gap can cause confusion.
A way to deal with this is described in the workaround below. It is a Lambda-backed Custom Resource. It reads account metadata (2/4)
A way to deal with this is described in the workaround below. It is a Lambda-backed Custom Resource. It reads account metadata (2/4)
https://lckhd.eu/OTKtS8
Using some type of Infrastructure as Code (IaC) is great IMO. The Cloud Development Kit (CDK) on AWS works. It evaluates logic at synthesis time, but sometimes you need 🧵
Using some type of Infrastructure as Code (IaC) is great IMO. The Cloud Development Kit (CDK) on AWS works. It evaluates logic at synthesis time, but sometimes you need 🧵
February 4, 2026 at 7:31 AM
https://lckhd.eu/OTKtS8
Using some type of Infrastructure as Code (IaC) is great IMO. The Cloud Development Kit (CDK) on AWS works. It evaluates logic at synthesis time, but sometimes you need 🧵
Using some type of Infrastructure as Code (IaC) is great IMO. The Cloud Development Kit (CDK) on AWS works. It evaluates logic at synthesis time, but sometimes you need 🧵
is worth the time to save headaches later.
(4/4)
Powered by @nexus_share
(4/4)
Powered by @nexus_share
February 4, 2026 at 5:29 AM
is worth the time to save headaches later.
(4/4)
Powered by @nexus_share
(4/4)
Powered by @nexus_share
certificate updates. It covers how to check expiration dates, rotate certificates manually or automatically, and set up monitoring to catch issues before they become problems.
Nawaz Dhandala wrote the article. Setting up a review of your certificate rotation strategy (3/4)
Nawaz Dhandala wrote the article. Setting up a review of your certificate rotation strategy (3/4)
February 4, 2026 at 5:29 AM
certificate updates. It covers how to check expiration dates, rotate certificates manually or automatically, and set up monitoring to catch issues before they become problems.
Nawaz Dhandala wrote the article. Setting up a review of your certificate rotation strategy (3/4)
Nawaz Dhandala wrote the article. Setting up a review of your certificate rotation strategy (3/4)
start complaining they can't connect. It's one of those operational details that's easy to overlook until it suddenly turns into an unexpected outage.
It's really quite easy and quick to rotate these - you just need to remember. The example below shows how to deal with (2/4)
It's really quite easy and quick to rotate these - you just need to remember. The example below shows how to deal with (2/4)
February 4, 2026 at 5:29 AM
start complaining they can't connect. It's one of those operational details that's easy to overlook until it suddenly turns into an unexpected outage.
It's really quite easy and quick to rotate these - you just need to remember. The example below shows how to deal with (2/4)
It's really quite easy and quick to rotate these - you just need to remember. The example below shows how to deal with (2/4)
https://lckhd.eu/YGqp0l
Kubernetes certificates expire silently - typically after one year. This has happened to me personally a number of times with my local clusters. I just forget about this until people 🧵
Kubernetes certificates expire silently - typically after one year. This has happened to me personally a number of times with my local clusters. I just forget about this until people 🧵
February 4, 2026 at 5:28 AM
https://lckhd.eu/YGqp0l
Kubernetes certificates expire silently - typically after one year. This has happened to me personally a number of times with my local clusters. I just forget about this until people 🧵
Kubernetes certificates expire silently - typically after one year. This has happened to me personally a number of times with my local clusters. I just forget about this until people 🧵
App auth, buildspec, and workflow integration. If CodeBuild is useful to you then this may be worth checking out. (4/4)
Powered by @nexus_share
Powered by @nexus_share
February 3, 2026 at 10:56 PM
App auth, buildspec, and workflow integration. If CodeBuild is useful to you then this may be worth checking out. (4/4)
Powered by @nexus_share
Powered by @nexus_share
scoped to specific workflow runs. You get VPC access when you need it, GitHub-hosted runners when you don't, and no webhook complexity tying your workflow config to infrastructure decisions.
This article from Sebastian Mincewicz shows the full setup including GitHub (3/4)
This article from Sebastian Mincewicz shows the full setup including GitHub (3/4)
February 3, 2026 at 10:56 PM
scoped to specific workflow runs. You get VPC access when you need it, GitHub-hosted runners when you don't, and no webhook complexity tying your workflow config to infrastructure decisions.
This article from Sebastian Mincewicz shows the full setup including GitHub (3/4)
This article from Sebastian Mincewicz shows the full setup including GitHub (3/4)
Actions self-hosted runners, but most setups use webhooks. These tend to push you toward using CodeBuild for everything. That's often more than you actually need.
There's a cleaner approach described below involving spinning up ephemeral runners on-demand which are (2/4)
There's a cleaner approach described below involving spinning up ephemeral runners on-demand which are (2/4)
February 3, 2026 at 10:56 PM
Actions self-hosted runners, but most setups use webhooks. These tend to push you toward using CodeBuild for everything. That's often more than you actually need.
There's a cleaner approach described below involving spinning up ephemeral runners on-demand which are (2/4)
There's a cleaner approach described below involving spinning up ephemeral runners on-demand which are (2/4)
https://lckhd.eu/enfdCZ
There are many #CICD options out there. Teams that have requirements to use the AWS ecosystem (or those who prefer it) can use AWS #CodeBuild. It can power #GitHub 🧵
There are many #CICD options out there. Teams that have requirements to use the AWS ecosystem (or those who prefer it) can use AWS #CodeBuild. It can power #GitHub 🧵
February 3, 2026 at 10:56 PM
https://lckhd.eu/enfdCZ
There are many #CICD options out there. Teams that have requirements to use the AWS ecosystem (or those who prefer it) can use AWS #CodeBuild. It can power #GitHub 🧵
There are many #CICD options out there. Teams that have requirements to use the AWS ecosystem (or those who prefer it) can use AWS #CodeBuild. It can power #GitHub 🧵
out and ensure you're not going to be stuck with a setup that no longer receives updates.
(4/4)
Powered by @nexus_share
(4/4)
Powered by @nexus_share
February 3, 2026 at 5:27 PM
out and ensure you're not going to be stuck with a setup that no longer receives updates.
(4/4)
Powered by @nexus_share
(4/4)
Powered by @nexus_share