What I Use

The hardware, editor setup, and CLI tools I rely on to build and operate production AWS infrastructure. Nothing here is aspirational. It's all stuff I use daily.

Workstation

  • MacBook Pro 14", M3 Pro, 36GB RAM (2024)

    Moved from Intel to Apple Silicon in 2024. Docker multi-arch builds are noticeably faster, and the ARM architecture gives better parity with AWS Graviton instances. 36GB handles CDK synth, Docker builds, and local container stacks without swapping.

  • LG 34" UltraWide 5K2K Monitor

    I keep a terminal, VS Code, and the AWS console open side by side. The 21:9 aspect ratio means I rarely switch windows during a deployment or debugging session.

Development Tools

  • Visual Studio Code

    My main editor. I run the AWS Toolkit, CDK snippets, Kubernetes, and Docker extensions. The integrated terminal means I can run cdk deploy and check pod logs without leaving the editor.

  • AWS CLI v2 + Session Manager Plugin

    Named profiles for dev, staging, and production. Session Manager replaces SSH for instance access, so there are no open ports and no key management.

  • Kiro (AWS AI-powered IDE)

    I'm experimenting with Kiro for CDK generation. It requires careful review. I caught it creating unnecessary VPC Interface Endpoints that would have added $14/month per AZ. AI-generated infrastructure can be syntactically correct but financially expensive.

Kubernetes & Networking

  • kubectl + kubeadm

    kubectl is my primary interface with the cluster. kubeadm handles node provisioning and cluster lifecycle, automated through SSM Automation documents and Step Functions orchestration.

  • ArgoCD

    My GitOps delivery platform. ApplicationSet generates per-service applications from a single manifest, and sync waves enforce dependency ordering across namespaces. Every deployment is declarative and auditable.

  • Helm

    I deploy the full observability stack (Prometheus Operator, Grafana, Loki, Tempo) and networking components (Traefik, Calico) via Helm charts managed through ArgoCD. Values files are version-controlled alongside the application code.

  • Calico CNI + NetworkPolicy

    Calico provides pod networking and fine-grained NetworkPolicy enforcement. I use it to segment workloads by namespace and restrict pod-to-pod traffic to only what each service needs.

  • Traefik Proxy

    Runs as the cluster ingress controller via IngressRoutes. Traffic flows from CloudFront through an NLB to Traefik, which handles TLS termination, routing, and middleware (rate limiting, headers).

Infrastructure & Deployment

  • AWS CDK (TypeScript)

    I write all my infrastructure in CDK. After working directly with CloudFormation JSON/YAML, having type-checked constructs and refactoring support made a real difference.

  • Docker Desktop

    I build and test container images locally before they go through the CI/CD pipeline. The M3 compatibility improvements have made multi-arch builds more reliable.

  • GitHub Actions

    My CI/CD platform. OIDC integration with AWS means no stored credentials. Reusable workflow files handle synthesis, security scanning, image builds, deployment, and rollback.

  • AWS CloudFormation

    I'm CDK-first, but I still read and debug CloudFormation templates regularly. Understanding the output that CDK generates has helped me fix synthesis issues faster.

AI & Automation

  • Amazon Bedrock + AgentCore

    Powers the self-healing agent that diagnoses and remediates CloudWatch alarms automatically. Uses MCP tool integration for live infrastructure access, with Cognito M2M authentication and token-budget guardrails.

  • Pinecone (Vector Database)

    Stores document embeddings for the RAG-powered content pipeline. Article generation queries the knowledge base for relevant context before passing it to Bedrock for generation.

Monitoring & Debugging

  • CloudWatch Logs Insights

    I use this more than I expected. The query syntax takes a bit to learn, but once you know it, filtering through distributed logs gets fast.

  • Grafana + Prometheus + Loki + Tempo

    The full observability stack runs on Kubernetes, deployed via Helm charts through ArgoCD. Dashboards cover cluster health, application metrics, and request tracing. Clicking a trace span jumps to the matching log entries and metrics panel, which has cut my debugging time significantly.