Building cloud Systems

AWS AI Cloud Software Engineering

A technical blog on building AWS workloads, designing AI-enabled systems, and making software architecture more reliable, scalable, and maintainable.

Latest Articles

AWS deployments, cloud architecture, AI systems, and production engineering deep dives.

  • Configuring CloudWatch Alarms and Log Groups

    Configuring CloudWatch Alarms and Log Groups

    CloudWatch is the monitoring layer that most AWS workloads eventually depend on, whether the team planned for it or not. EC2 sends CPU metrics to it, Lambda writes logs to it, API Gateway exposes error rates through it, ECS services can be watched through it, and almost every production incident ends with someone opening CloudWatch… Read →

  • Setting up S3 for production

    Setting up S3 for production

    S3 is the storage layer underneath almost every AWS workload. Static websites serve assets from it, Lambda functions write results to it, CloudFront pulls content through it, RDS snapshots land in it. It shows up in every architecture diagram as a box with an arrow pointing at it, and most teams never look past that… Read →

  • Configuring VPC Endpoints

    Configuring VPC Endpoints

    If you have ever put a Lambda function or an EC2 instance inside a private subnet and then tried to reach S3 or DynamoDB from it, you already know the problem. The request just hangs. There is no internet gateway, no NAT device, no route out — so the traffic has nowhere to go. The… Read →

  • Deploying application load balancer

    Deploying application load balancer

    An Application Load Balancer operates at Layer 7 — the HTTP layer. Unlike a classic load balancer which distributes traffic purely based on connection-level information, an ALB understands HTTP. It can read the request path, inspect headers, evaluate query strings, and make routing decisions based on what is actually in the request. That is what… Read →

  • Deploying a cloudfront distribution

    Deploying a cloudfront distribution

    Serving files directly from S3 works, but it has two problems that surface quickly in production. The first is latency — an S3 bucket lives in one region, and a user in Singapore hitting a bucket in us-east-1 feels that distance on every request. The second is cost — S3 data transfer rates are higher… Read →

  • Configuring IAM roles and policies

    Configuring IAM roles and policies

    Every AWS API call is an authenticated and authorized request. When a Lambda function reads from DynamoDB, when an EC2 instance uploads a file to S3, when a CloudFormation stack creates a VPC — all of it goes through IAM authorization evaluation first. If the identity making the request does not have permission, the call… Read →

Contact Me

Building AI systems, AWS architectures, and cloud-native applications.
Open to collaboration, consulting, and conversation.

© Shivansh Jain