@sandrovolpicella.com
I teach developers about the cloud โ ๐จ๐ฝโ๐ป Platform Lead @hashnode ๐ New Book: https://cloudwatchbook.com โ AWS Fundamentals Book: https://awsfundamentals.com ๐ผ Builds https://kitlytics.com ๐ค AWS Community Builder
For buckets with millions of tiny files (<128KB).
Because the monitoring fee per object will eat up your savings.
But for logs, media, and backups?
It is the best default setting in AWS.
We broke down all the storage classes in this infographic:
awsfundamentals.com/infographic...
If you suddenly need to read that file?
It opens instantly.
And you pay ๐๐๐ซ๐จ retrieval fees.
This is the killer feature.
With standard Glacier, reading your own backup is a hassle.
With Intelligent Tiering, you don't even notice it happened.
The only time I don't use it?
The fear of needing the data back.
Here is why it is different:
You get the cost savings of archive storage, but the performance of S3 Standard.
If your data sits there for 90 days?
AWS moves it to the Archive Instant Access tier.
You save ~68% on storage.
Everyone tells you to move old data to Glacier to save money.
But they usually forget to mention the pain.
โข Retrieval fees hurt.
โข Waiting 5-12 hours for data sucks.
That is why I prefer ๐๐ ๐๐ง๐ญ๐๐ฅ๐ฅ๐ข๐ ๐๐ง๐ญ-๐๐ข๐๐ซ๐ข๐ง๐ .
It solves the biggest problem with archiving:
Most of these take 5 minutes to set up.
But they save you weeks of headaches later.
Join 11,000+ devs learning real-world AWS: awsfundamentals.com/newsletter
8. ๐๐ฎ๐ซ๐ง ๐จ๐ง ๐๐
๐. This should be non-negotiable for every maintainer.
9. ๐๐ฌ๐ ๐ ๐ซ๐๐ง๐ฎ๐ฅ๐๐ซ ๐ญ๐จ๐ค๐๐ง๐ฌ. Don't use your personal token for CI/CD. Use automation tokens.
10. ๐๐๐ญ๐๐ก ๐จ๐ฎ๐ญ ๐๐จ๐ซ ๐ญ๐ฒ๐ฉ๐จ๐ฌ. `react` is not `rceact`. Typosquatting is real.
6. ๐๐ซ๐จ๐ญ๐๐๐ญ ๐ฒ๐จ๐ฎ๐ซ ๐ฌ๐ฎ๐ฉ๐ฉ๐ฅ๐ฒ ๐๐ก๐๐ข๐ง. Consider a local proxy like Verdaccio to control what comes in.
7. ๐๐จ๐ง'๐ญ ๐ฅ๐๐๐ค ๐ฏ๐ฎ๐ฅ๐ง๐๐ซ๐๐๐ข๐ฅ๐ข๐ญ๐ข๐๐ฌ. If you find a bug, report it privately. Don't put it on Twitter.
4. ๐๐ก๐๐๐ค ๐ฒ๐จ๐ฎ๐ซ ๐ฉ๐ซ๐จ๐ฃ๐๐๐ญ ๐ก๐๐๐ฅ๐ญ๐ก. `npm outdated` and `npm doctor` are built-in tools. Use them.
5. ๐๐๐๐ง ๐๐จ๐ซ ๐ฏ๐ฎ๐ฅ๐ง๐๐ซ๐๐๐ข๐ฅ๐ข๐ญ๐ข๐๐ฌ. Make `npm audit` part of your CI pipeline.
2. ๐๐จ๐๐ค ๐ฒ๐จ๐ฎ๐ซ ๐๐๐ฉ๐๐ง๐๐๐ง๐๐ข๐๐ฌ. Don't just install. Use `npm ci` or `yarn install --frozen-lockfile` to ensure everyone uses the exact same version.
3. ๐๐ฅ๐จ๐๐ค ๐ฆ๐๐ฅ๐ข๐๐ข๐จ๐ฎ๐ฌ ๐ฌ๐๐ซ๐ข๐ฉ๐ญ๐ฌ. Attackers love post-install hooks. Add `--ignore-scripts` to your install commands.
1. ๐๐ญ๐จ๐ฉ ๐ฉ๐ฎ๐๐ฅ๐ข๐ฌ๐ก๐ข๐ง๐ ๐ฌ๐๐๐ซ๐๐ญ๐ฌ. It happens faster than you think. Use `.npmignore` and always dry-run before publishing.
We pull in thousands of dependencies. We trust them blindly.
That is a mistake. ๐ฃ
OWASP just released their top 10 security practices for NPM.
I went through them so you don't have to.
Here is what you need to change in your workflow:
AppSync has great SDKs that handle offline data synchronization automatically.
Stop the back-and-forth. Let the frontend drive.
Grab our full visual guide here
awsfundamentals.com/infographic...
You can cache specific fields or full queries. No need to spin up a separate Redis instance.
๐ ๐
๐ข๐ง๐-๐๐ซ๐๐ข๐ง๐๐ ๐๐๐๐๐ฌ๐ฌ
Control who sees what. You can use @auth directives to lock down specific fields based on user groups.
๐ฑ ๐๐๐๐ฅ๐ข๐ง๐ ๐๐ฎ๐ฉ๐ฉ๐จ๐ซ๐ญ
Two weeks later, the endpoint is updated. ๐ข
This friction kills velocity.
AppSync removes the bottleneck entirely.
It lets the frontend query exactly what they need, when they need it.
Here is why developers love it
๐ ๏ธ ๐๐ฎ๐ข๐ฅ๐ญ-๐ข๐ง ๐๐๐๐ก๐ข๐ง๐
Sometimes you need to give frontend developers the ability to choose their own data.
And if you want to build that in a serverless way you need to use AppSync!
We have all been there.
The frontend asks for one more field.
The backend team puts it on the backlog.
I see Opus is debugging in the same way I do: make the background red and figure out why there is so much fricking space at the top ๐ฌ
In the /spec command & CLAUDE MD I often define how the feedback process looks like. Sometimes I also add it to the spec (e.g. check abc in the DB or deploy and build it until this works).
I LOVE that ๐ฅฐ
Sometimes claude jumps back into plan mode after the /clear if it sees it is a huge feature. I'll let it do it and then verify it.
4. I read it, sometimes but rarely need to update it - copy path
5. /clear
6. Implement spec now
Currently, I don't use any ralph loop because this workflow works insanely good for me.
I only do this for whole features or fixes where I'm not sure about the issues.
My current claude-code workflow:
1. cc (alias for alias cc='claude --dangerously-skip-permissions')
2. /spec <idea of the feature> - give all context needed, interviews me with all important things, lots of depth.
3. Specfile is created in Markdown (not JSON/YML -> MD)
"yes - go ahead" / "no - simple data transformations which are in the session can be kept in there"
I love that!
It just makes the work with an agent more natural like I would work with a colleague as well.
e.g.:
"hey I implemented the /me api but saw that we are mixing business logic from the API package which should be in the core package, should I refactor that?"
One nugget I really took from the podcast of Steinberger & Friedman is this prompt: With everything you have seen right now, is there anything to improve.
In the image is the exact prompt I'm using and I really like the results.
- Backup of openclaw
Mainly reminders, but lets see what else I will find! ๐
- Daily workbook diary
- AWS Costs Summary
- Hourly tracking of projects
- Morning Briefing with Emails/Calendar
- Some gym-related stuff which is not that good yet
- Daily Shopify SaaS digest (what happened yesterday in Mantle & Posthog)
- Tuesday YouTube Publishing Checklist
But I love to have the ability to have crons with AI now. This was a huge missing factor for me. I tried setting it up myself (e.g. with GitHub runners) but I do like this setup.
Also interesting: I find myself using it like I imagined Siri should behave.
๐๐ฌ๐-๐๐๐ฌ๐๐ฌ:
I also change the header and make sure on my PI that this is actually coming from my tunnel. Additionally I check the HMAC signature of course as well.
Honestly, yes this is mainly playing at the moment.
๐๐๐๐ก๐จ๐จ๐ค๐ฌ:
Thats quite interesting! Thanks to Jannik for the idea!
I run a CloudFlare tunnel where I get webhooks (notion for example).
CloudFlare is making sure I won't get DDOSed.
I created an own repo with the skill OpenClaw with links to the docs and some information about my setup and my preferences (e.g. use TS if possible).
๐๐๐:
In Tailscale I use my pi-hole as DNS, simply to block ads also from my phone.
Main intention: Watch tennis also on mobile ๐
I also have SSH running and most of my openclaw setup is happening through Claude Code from my Mac.
Actually i rarely develop anything within OpenClaw I do all of that from CC through SSH.