Category: Public Cloud
AWS Business Value Ratio: The Cost Health Check Your FinOps Team Is Missing
1. Two causes, one bill AWS cost posture problems in product accounts come from two distinct sources, and most remediation frameworks conflate them, which is why so much cost optimisation effort produces disappointing results. The detection scripts behind this analysis are published at github.com/andrewbakercloudscale/aws-bvr1. The more common cause is drift. Engineers make locally reasonable decisions […]
Read more →
AWS Risk: Stop Auditing Risks and Start Measuring Loss Pathways
Most cloud governance programmes begin with good intentions and eventually collapse under their own weight. The team starts with a handful of useful controls, someone adds tagging standards, another team adds cost optimisation, security introduces benchmark scanning, and platform engineering introduces configuration standards. Before long the report contains thousands of findings spread across hundreds of […]
Read more →
AWS Security Group Hardening Using VPC Flow Log Analysis: Introducing sg-tightener
Andrew Baker, Group CIO, Capitec Bank Most enterprises did not move to AWS. They extended into it. The datacenter did not go away. The VPN did not go away. The network team provisioned the Direct Connect, someone wrote a security group rule permitting the entire datacenter subnet, and that rule has been sitting there ever […]
Read more →
ARM Servers vs x86: How Edge ARM Servers with NVMe Storage and Cloudflare Could Disrupt Cloud Compute Economics
1. The uncomfortable starting point If this model is even directionally correct, a large percentage of enterprise compute is structurally mispriced, and most organisations are paying a permanent premium for infrastructure characteristics they no longer use. Cloud pricing only makes sense when you actively exploit elasticity. The majority of production workloads have quietly become steady-state […]
Read more →
Multistage Build Optimisation: The Difference Between Amateur Containers and Production Systems
Most teams assume containers are lightweight by default, but that assumption does not survive contact with a real production system. Containers become bloated, slow, insecure, and operationally expensive when left unmanaged, and the penalties compound at scale as CI pipelines slow down, deployments lag, autoscaling becomes inefficient, and infrastructure costs quietly rise. This post goes […]
Read more →
I Have Two Outlooks on a NASA Spacecraft and Neither Works
1. Ground Control to Major Redmond In early April 2026, four astronauts aboard the Orion spacecraft radioed Mission Control. They were travelling at over four thousand miles per hour, more than thirty thousand miles from Earth, on NASA’s first crewed lunar mission in more than fifty years. The hardware that got them there represents the […]
Read more →
EC2 to Raspberry Pi WordPress Migration: Full Guide
How I moved andrewbaker.ninja off AWS, saved hundreds of dollars a year, and ended up with better security in the process. Running a personal site on AWS is completely reasonable when you are starting out. The tooling is mature, the reliability is excellent, and you can spin up a new instance in seconds. But somewhere […]
Read more →
Why Multicloud Is Not a Cloud Resilience Strategy
There is a particular kind of nonsense that circulates in enterprise technology conversations, the kind that sounds like wisdom because it wears the clothes of prudence. Multicloud architecture as a cloud resilience strategy is that nonsense. It has the shape of risk management and the substance of a comfort blanket, and the industry has spent […]
Read more →
Reverse Engineer AWS to Terraform: CloudToRepo Guide
If you have ever inherited an AWS estate, you know the feeling before you can even describe it. Hundreds of resources spread across regions you did not know were enabled. Lambdas with no source repos. Config rules that predate the current team. IAM roles that look like they were generated by a sleep-deprived octopus at […]
Read more →
Aurora PostgreSQL Write Throughput: Saturation & Tuning Guide
1. Introduction Every engineering team that runs a high throughput transactional workload on Amazon Aurora PostgreSQL will eventually arrive at the same uncomfortable question: why does the database start refusing to go faster, and what can actually be done about it? Aurora’s architecture is genuinely brilliant, but it introduces a set of write path constraints […]
Read more →