OpenSearch has been moving fast, and a lot of us in the search/data community have been waiting for a comprehensive, modern guide.

On Sept 2nd, The Definitive Guide to OpenSearch will be released — written by Jon Handler, (Senior Principal Solutions Architect at Amazon Web Services), Soujanya Konka (Senior Solutions Architect | AWS), and Prashant Agrawal (OpenSearch Solutions Architect). Foreword by Grant Ingersol.

What makes this book interesting is that it’s not just a walkthrough of queries and dashboards — it covers real-world scenarios, scaling challenges, and best practices that the authors have seen in the field. Some highlights:

• Fundamentals: installing, configuring, and securing OpenSearch clusters
• Crafting queries, indexing data, building dashboards
• Case studies + hands-on demos for real projects
• Performance optimization + scaling for billions of records
• Integrations & industry use cases
• Includes free PDF with print/Kindle

👉 If you’re into OpenSearch, search/analytics infra, or data pipelines, this might be worth checking out:
📘 The Definitive Guide to OpenSearch (Amazon link)

💡 Bonus: I have a few free review copies to share. If you’d like one, connect with me on LinkedIn and send a quick note — happy to get it into the hands of practitioners who’ll actually use it.
https://www.linkedin.com/in/ankurmulasi/

Curious — what’s been your biggest pain point with OpenSearch so far: scaling, dashboards, or query performance?

Built FreeResend - an open-source email service that provides Resend's API compatibility while using Amazon SES for delivery.

AWS Integration highlights:

• SES SDK v3 for email sending (simple + raw with attachments)
• Automatic domain verification with SES
• DKIM key generation and DNS record creation
• Configuration sets for webhook handling
• Bounce/complaint processing
• Multi-region support

Architecture:

• Next.js 15 API routes for HTTP endpoints
• Direct SES integration (no middleware services)
• PostgreSQL for email logging and metrics
• Digital Ocean API for automated DNS setup (optional)

Benefits over managed email services:

• Pay only SES rates ($0.10/1k emails)
• Complete control over delivery settings
• Custom webhook processing
• No vendor lock-in

Performance: Handling 50k+ emails/month across production projects with 99.9%+ delivery rates.

The goal was Resend's excellent DX but at SES pricing. Mission accomplished.

GitHub: https://github.com/eibrahim/freeresend

Fellow AWS users - what's your preferred approach for transactional emails?

Hi, all!

I hope you are all doing very well in the beginning of a new week.

Both in my previous and in my current company - small startups - , we struggled with using H100 instances, because we have to enable and manage another region, which for us is still not needed, because of the data transfer costs between regions, and also because we rarely would require 8 H100 GPUs running at the same time.

I have tried to search for a roadmap for an expansion of availability of H100 in other European regions, but I have not been very successful. Is there any info available online on this topic? Or does anyone know anything about it?

Thank you so much and I wish a lovely week to all of you :)

EDIT: This is really not a technical question, just a question in general, idk ahah

Has anyone used this in production? Is it nightmare to set up? I’m asking because I know services like this can be tricky and completely fail in real world circumstances.

DevOps guy ran my code on Fargate with no persistance storage or execute-command enabled. This database has some data logged and I'd like to retrieve it.

I am writing out of deep frustration regarding unauthorized charges of approximately $4,000 that appeared on my account last year. Despite my repeated attempts for over a year to resolve this matter, it remains unaddressed.

Because my account became inactive and was eventually deleted, I am now unable to sign in or access direct support via phone. This has left me without any proper way to get assistance, despite the fact that my credit card has been continuously charging me interest on these fraudulent charges.

I have also contacted the credit card company directly, but they have informed me that you have not responded to their inquiries. This back-and-forth has gone on far too long.The ongoing charges and accrued interest are unjust, and the lack of response has caused me severe stress and financial hardship.

Can anyone guide me to solve this issue asap. Please

Hi everyone,

I was setting up my personal AWS account with IAM user, when I followed a link to IAM Identity Center and enabling it with the understanding that i need it enabled for admin iam user creation.\ Afterward, I got an email telling me that my account has been upgraded from free plan to paid plan.\ Is there a way to reverse this? I was aiming to use free plan for my personal testing.

I have a Node.js App Runner deployment set up. If you've ever tried to use App Runner you will know how incredibly complicated it is to get CloudFront to work with it (especially with a custom domain name). Even putting an App Runner instance in front of Cloudflare is complicated for some reason.

This makes me wonder if caching is already active on App Runner? I've tried looking at the documentation and can't find anything.

My web app is returning about 30-150ms response times consistently. It's not a huge app (about 25kb of HTML and 250kb of JS). These response times are pretty fast out of the box so I'm wondering if there's any reason to torture myself trying to get Cloudfront to work with App Runner again.

I’ve been thinking about my own workflow recently and realized I don’t have a great way of staying on top of CloudWatch alarms.

Right now, I mostly just log into the AWS Console → CloudWatch → open Alarms page and monitor .. I’ll hook critical alarms up to email/SNS.

I’m curious: - Do you rely mostly on the CloudWatch console? - Do you forward alarms to Slack/Teams/PagerDuty or something similar? - Do you use any third-party tools to manage or visualize ? - Or have you just built your own scripts/pipelines?

Trying to figure out if I’m missing a smarter or more common way people are handling this. Would love to hear what your setups look like

God why did they change such a simple layout.

Needing to now scroll left-to-right is janky and slow. Weird and unnecessary zoom effect. Text wrapping as lines don't fit. Everything is a button now so I can't highlight text, for example the source ID. Multiple in-flight executions are now hidden/extra button click away. It's terrible.

When I'm logged in either as root user or IAM user, when I click on the "users" tab on AWS IAM, my URL link flashes between https://us-east-1.console.aws.amazon.com/home and https://us-east-1.console.aws.amazon.com/#/, and eventually it stops and doesn't bring me to the users tab.

I've noticed that when I log in to an incognito tab, this issue doesn't happen and I can see my users tab without any issues.

Does anyone know why this might be?

We have a reels feed in our web app. Flow is simple: • User uploads full video → stored in S3 • Frontend (Next.js on AWS Amplify) fetches the file directly from S3 • Plays in <video> element

Issue: Every reel takes 1–3s before it starts. After it plays, scrolling to the next reel causes the same delay again.

So far we tried: • Lowering video file size/bitrate • Preload settings in the player • Different encoding formats

But still seeing startup lag on every reel.

👉 Anyone know best practices to make short videos load instantly from S3 + Amplify? • Should we transcode to HLS/DASH instead of serving MP4 directly? • Is prefetching next reel in player code the way to go? • Any Amplify configs (caching/headers) that help with this?

Looking for tips from anyone who has optimized reels/shorts delivery on Amplify + S3 🙏

Does anyone how to change the ssh port on ec2 instance to hardened it? TIA

...and how can the management bypass the Great Fire Wall?

Greetings fellas,

I want send a voice recording along with some text to an AI provider. Will stream from the user's computer & also with an HTTP request backup.

User computer >---stream/http--> AWS >---http--> AI provider
‎ ‎ ‎ ‎ ‎ ‎ ‎ ‎ ‎ ‎ ‎ ‎ ‎ ‎ ‎ ‎ ‎ ‎ ‎ ‎ ‎ ‎ ‎ ‎ ‎ ‎ ‎ ‎ ‎ ‎ ‎ ‎ ‎ ‎ ‎ ‎ ‎ ‎ ‎ ‎ ‎ ‎ ‎ ‎ ‎ ‎ ‎ ‎ ‎ ‎ ‎ ‎ ‎ ‎ ‎ ‎ |
User computer <--------http-----< AWS <--------http----/

My Question is, Which AWS service is best suited for this?

AWS will be there as the middleman to authenticate the request, process it and then return the response. Problem is I saw that there is a payload limit of 6mb with Lambda functions. The first stream/http will easily be over 6mb manytimes :( So would need something that accommodate more requests at least 10 - 20mb.

User authentication is already implemented using Supabase. I can't use supabase edge functions for the above though because of the delay. I got the 200$ AWS free trial haha 😂

Your kind advice is highly appreciated <3

Hey all, I’m currently an SSD associate working full time and I’m looking into transferring over to one of the AWS data centers in my area through the WBLP so I can build my career. I don’t have any experience in AWS, but I’m an engineering major who’s good with computers. Could someone please point me in the right direction as to what skills I should include on my resumé that the recruiting team looks for? Would me holding a leadership position in the FC be good to include? Looking to transition soon and move on with Amazon. Any and all help is appreciated 🙏

Last year the deadline for applying was on Aug 2, 2024 and the results were out around Sep 18, 2024. However, this year the deadline was on July 22, 2025. It's been over a month now. So this year when will it be out?

So I created a cert for my ALB and then validated the cert in Route53. Is there any reason to leave that CNAME record in Route53:

_7ca416c7b571747ebd12202b1078b797.albname.etc.etc.etc

...get myself a clean working surface? Is there any reason remove it, aside from OCD bugs underneath my left arm?

[RESOLVED] Access to the S3 bucket via the private path was working already! However, my experience with vpce is very little which made me think that my s3 requests were being sent out to the public internet. The tricky part that made me think and doubt that it was going to the public was the public ip addresses that were resolved from our s3 bucket's name. However, I was told that AWS does some magic internally which will reroute requests to internal private network via vpc when it's configured properly. I think it works the same way as transparent proxying where you don't specify a proxy server but you are rerouted to a different path. After enabling cloudtrail logging, I literally saw the source ip of my ec2 instance as well as the s3:action I executed. :)Thank you everyone for all the tips! I learned a lot of things from all of you!

[My original post]
I've been trying to troubleshoot an ec2 accessing an s3 bucket. I can access the bucket but traffic is not going through the vpce endpoint. It is still using the public internet. I checked endpoints and there is an S3 endpoint defined. I checked the subnet of my ec2 so I can trace if it does have a route going to the vpce endpoint and it does.

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Sid": "AllowVPCEAndTrusted",
      "Effect": "Allow",
      "Principal": "*",
      "Action": "s3:*",
      "Resource": [
        "arn:aws:s3:::my_s3_bucket.example.com",
        "arn:aws:s3:::my_s3_bucket.example.com/*"
      ],
      "Condition": {
        "StringEquals": {
          "aws:SourceVpce": [
            "vpce-0AAAAAAAAAAAAAAA"
          ]
        }
      }
    },
    {
      "Sid": "AllowTrustedRoles",
      "Effect": "Allow",
      "Principal": "*",
      "Action": "s3:*",
      "Resource": [
        "arn:aws:s3:::my_s3_bucket.example.com",
        "arn:aws:s3:::my_s3_bucket.example.com/*"
      ],
      "Condition": {
        "StringLike": {
          "aws:PrincipalArn": [
            "arn:aws:sts::123456789012:assumed-role/ec2_instancerole_role/*",
            "arn:aws:sts::123456789012:assumed-role/AWSReservedSSO_AwsAdministratorAccess_aaaaaaaaaaaaaa/*"
          ]
        }
      }
    }
  ]
}

I ran "dig s3.amazonaws.com" and got public ip addresses. I was assuming that it would return some internal ip address. I also ran "aws s3 ls" with debugging on, then I grep'd vpce. I was hoping to find it but there wasn't one. This proved that my request was still being sent to the public internet.

I am also assuming that the bucket's fqdn will be my_s3_bucket.example.com.s3.amazonaws.com.

Another thing I noticed is that in the details of the vpce endpoint, the "Private DNS names enabled" has a value of "No".

I am not sure if we are missing any configuration, incomplete bucket policy, or maybe I am referencing the s3 bucket name incorrectly. Any help would be greatly appreciated.

Thank you so much in advance!

I am building a platform where we need to place a hold on the customer’s card ~3 days before a booking is scheduled to start. Our backend runs on ECS, so we’re thinking we could use EventBridge to schedule a job to run that places this hold automatically and updates the database, and another job to run to retry failed payments after a certain period of time has elapsed.

We can choose between Lambda or Fargate tasks to handle this part of the flow. It seems like Lambda is the preferred method because the process will be short-lived and Lambda has quicker cold start times. I am wondering if this is a common use for Lambda, or if it’s typically used for more non-critical processes?

It took a loooong time to draft this in a way that conveyed what i felt during the event and what it feels like now, it was hard for me since i had already posted it prior but they had removed it for some reason and back to square one, would appreciate the help to get back to where i was!

As a Backend and Deep Learning developer, I’ve always found managing AWS on my own pretty complicated. Many times, when we’re coding in Python, we don’t want to stop and jump into the AWS console just to run a quick test or train a model.

AWS is the most affordable and flexible cloud provider, which is why most of us end up using it. I’m working on a library to make that workflow much simpler:

1. Just import the library, provide your AWS API keys, and that’s all the configuration needed.
2. Run your Python function or program directly with this library. The syntax is extremely simplified (I’d love suggestions: what minimum parameters would you expect as developers to keep it short?).
3. Once the function or program finishes, the instance shuts down automatically, so it behaves almost like a serverless service.
4. While running, you can call dashboard(), which spins up a local dashboard to configure things like domain setup and view resources — all simplified.

What do you think of this idea? Would this be useful in the developer community? Any feedback on how to shape it further is really appreciated!

If you've exec into an ECS container in the past then you know it's painful.

There are too many guides out there that only cover the basics, but you won't find a detailed doc like this anywhere else. This one actually covers fundamentals properly - enabling it on your service, checking if it's working at both service and task levels, handling IAM permissions, and dealing with VPC endpoints for private subnets.

What makes this different is the complete Terraform example to give deeper understanding of how everything connects. Shows you the actual networking, permissions, and VPC endpoints instead of just telling you to "add some permissions."

Also has a troubleshooting script that checks your config and tells you exactly what's broken.

Worth reading if you're setting this up for the first time and want to understand what's actually happening under the hood.

 https://www.kubeblogs.com/use-ecs-exec-to-access-fargate-containers-with-terraform/

I have an rds aurora postgres serverless v2 instance defined as follows:

resource "aws_rds_cluster" "operational-postgresql-cluster-dev" {

cluster_identifier = "operational-postgresql-cluster-dev"

engine = "aurora-postgresql"

engine_version = "16.6"

engine_mode = "provisioned"

availability_zones = ["eu-central-1a", "eu-central-1b", "eu-central-1c"]

vpc_security_group_ids = [aws_security_group.dev_v1_security_group_rds.id]

db_subnet_group_name = aws_db_subnet_group.operational_db_dev_subnet_group.name

database_name = "operational_db_dev_v1"

master_username = "db_admin"

master_password = aws_secretsmanager_secret_version.operational_dev_db_password_v1.secret_string

skip_final_snapshot = false

final_snapshot_identifier = "aurora-postgres-dev-cluster-backup-v1"

backup_retention_period = 14

enable_http_endpoint = true

serverlessv2_scaling_configuration {

max_capacity = 1.0

min_capacity = 0.5

}

}

resource "aws_rds_cluster_instance" "operational-postgresql-db-instance-dev" {
  cluster_identifier = aws_rds_cluster.operational-postgresql-cluster-dev.id
  instance_class     = "db.serverless"
  engine             = aws_rds_cluster.operational-postgresql-cluster-dev.engine
  engine_version     = aws_rds_cluster.operational-postgresql-cluster-dev.engine_version
  identifier              = "operational-db-dev"
  # setting this for now so we can develop. not a good ideaa in general
  publicly_accessible = true
}

According to this article from a year ago, it should be possible to configure this database to scale down to 0 to save costs when it's not being used, and to set a timeout window for this: https://aws.amazon.com/es/blogs/database/introducing-scaling-to-0-capacity-with-amazon-aurora-serverless-v2/

According to this example it should be possible: https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/rds_cluster#rds-serverless-v2-cluster

However, when I try setting the min_capacity to 0.0, I get this error:

*Error: expected serverlessv2_scaling_configuration.0.min_capacity to be in the range (0.500000 - 128.000000), got 0.000000*

Is this a bug? If so, are aws cli commands the only way to enable this type of scaling down?

Any advice would be much appreciated.

Hi all,

I’m stuck with an AWS account access issue and hoping someone here has experience.

I still received billing emails at my root email in August 2025, but now when I try to sign in, AWS says “account does not exist.” I remember my password, but the system won’t recognize the email anymore.

I already submitted a support case with billing statements, payment card details, and proof of ownership. It’s been 48 hours with no response.

Has anyone faced this? How did you get AWS Account Recovery to actually respond? Any advice is appreciated.

Thanks.