I built a simple CLI tool to audit AWS IAM keys because I was tired of clicking through the Console. Roast my code.

Hey everyone,

I've been working on hardening cloud setups for a while and noticed I always run the same manual checks: looking for users without MFA, old access keys (>90 days), and dormant admins.

So I wrote a Python noscript (Boto3) to automate this and output a simple table.

It’s open-source. I’d love some feedback on the logic or suggestions on what other security checks I should add.
repo

https://redd.it/1p7bbop
@r_devops

DevOps engineer here – want to level up into MLOps / LLMOps + go deeper into Kubernetes. Best learning path in 2026?

I’ve been working as a DevOps engineer for a few years now (CI/CD, Terraform, AWS/GCP, Docker, basic K8s, etc.). I can get around a cluster, but I know my Kubernetes knowledge is still pretty surface-level.

With all the AI/LLM hype, I really want to pivot/sharpen my skills toward MLOps (and especially LLMOps) while also going much deeper into Kubernetes, because basically every serious ML platform today runs on K8s.

My questions:

1. What’s the best way in 2025 to learn MLOps/LLMOps coming from a DevOps background?
Are there any courses, learning paths, or certifications that you actually found worth the time?
Anything that covers the full cycle: data versioning, experiment tracking, model serving, monitoring, scaling inference, cost optimization, prompt management, RAG pipelines, etc.?
2. Separately, I want to become really strong at Kubernetes (not just “I deployed a yaml”).
Looking for a path that takes me from intermediate → advanced → “I can design and troubleshoot production clusters confidently”.
CKA → CKAD → CKS worth it in 2025? Or are there better alternatives (KodeKloud, Kubernetes the Hard Way, etc.)?

I’m willing to invest serious time (evenings + weekends) and some money if the content is high quality. Hands-on labs and real-world projects are a big plus for me.

https://redd.it/1p7ey3d
@r_devops

Impostor Syndrome in Tech: Why It Hits Hard and What to Do About it

Have you ever thought you are not good enough at work? You are not that smart to get that job, and it’s all just luck? That’s called the Impostor Syndrome! And it’s common than you think because many people don’t even dare to talk about it!

I wrote a post about that mainly focusing on DevOps, but it’s still valid for software engineering, and the tech industry in general:

- What is impostor syndrome, and what is not?
- Why does impostor syndrome hit hard?
- What to do about impostor syndrome?


Impostor Syndrome in Tech: Why It Hits Hard and What to Do About it

Enjoy :-)

https://redd.it/1p7fqm6
@r_devops

I feel lost, how do I manage to build the right pipeline as a junior dev in my company without a senior?

I have about 2 years of experience as a software developer.

In my last job I had a good senior who taught me a bit of DevOps with Azure DevOps, but here my current boss doesn't have knowledge about CI/CD and DevOps strategies in general, basically he worked directly on production and copied the compiled .exe on the server when done...

In the past months, In the few free moments that I had, I've set up a very simple pipeline on bitbucket which runs on a self hosted Windows machine, very simple:

BUILD->DEPLOY

But now I want to improve it by adding more steps, I want at least to version the db because otherwise is a mess, I've set up a test machine with the test database. I was thinking about starting simple with:

BUILD -> UPDATE TEST DB -> UPDATE PRODUCTION DB -> DEPLOY

is this ok? Should each one of us use a local copy of the db to work with? We always have to check for new changes in the db when working with it? We use Visual Studio.

I feel lost, I know that each environment is different and there isn't a strategy which works for everyone, but I don't even know where can I learn something about it.

https://redd.it/1p7bbz6
@r_devops

What’s the worst kind of API analytics setup you’ve inherited from a previous team?

Is it just me or do most teams over-engineer API observability?

https://redd.it/1p7iich
@r_devops

Smal SaaS on Serverless Setup

I remember seeing multiple comments online about developers working in small scale SaaS companies where an entirely event driven architecture is adopted and everything running on lambdas being such a headache to the developers and endless debugging.

What are your opinions on it? If you agree to the statement, I’d love to hear on why.

https://redd.it/1p7lika
@r_devops

Github Runner Cost

My team has been spending a lot on Github runners and was wondering how other folks have dealt with this? See tools like [blacksmith\](http://blacksmith.sh), but curious if others have tried this? Or if this is a cost we should just eat? Have others had to deal with the cost of Github runners?

https://redd.it/1p7k9fi
@r_devops

I built a small open-source browser extension to validate Kubernetes YAMLs locally — looking for feedback

Hey everyone,


I’ve been working on a side project called Guardon — a lightweight browser extension that lets you validate Kubernetes YAMLs right inside GitHub or GitLab, before a PR is even created.

It runs completely local (no backend or telemetry) and supports multi-document YAML and Kyverno policy import.
The goal is to help catch resource, limits, and policy issues early — basically shifting security a bit more “left.”

It’s open-source here: https://github.com/guardon-dev/guardon

Try It : https://chromewebstore.google.com/detail/jhhegdmiakbocegfcfjngkodicpjkgpb?utm\_source=item-share-cb

Demo: https://youtu.be/LPAi8UY1XIM?si=0hKOnqpf6WzalpTh



Would really appreciate any feedback or suggestions from folks working with Kubernetes policies, CI/CD, or developer platforms.

Thanks!

https://redd.it/1p7nzb7
@r_devops

Oci DevOps CI/CD

Anybody here using OCI DevOps CI/CD extensively ? We have been using it for a while and have had good experience. Sure, there are some problems but so far it’s been very effective for us

https://redd.it/1p7kf9c
@r_devops

WIP student project: multi-account AWS “Secure Data Hub” (would love feedback!)

https://preview.redd.it/dgn7dr8a6p3g1.png?width=1920&format=png&auto=webp&s=d8f3e6f9de1fcb713aa505dd7236f71ac798462c

Hi everyone,

**TL;DR:**

I’m a sophomore cybersecurity engineering student sharing a work-in-progress multi-account Amazon Web Services (AWS, cloud computing platform) “Secure Data Hub” architecture with Cognito, API Gateway, Lambda, DynamoDB, and KMS. It is about 60% built and I would really appreciate any security or architecture feedback.

**See overview below!** (bottom of post, check repo for more);

...........

I’m a sophomore cybersecurity engineering student and I’ve been building a personal project called **Secure Data Hub**. The idea is to give small teams handling sensitive client data something safer than spreadsheets and email, but still simple to use.

The project is about 60% done, so this is not a finished product post. I wanted to share the design and architecture now so I can improve it before everything is locked in.

**What it is trying to do**

* Centralize client records for small teams (small law, health, or finance practices).
* Separate client and admin web apps that talk to the same encrypted client profiles.
* Keep access narrow and well logged so mistakes are easier to spot and recover from.

**Current architecture (high level)**

* Multi-account AWS Organizations setup (management, admin app, client app, data, security).
* Cognito + API Gateway + Lambda for auth and APIs, using ID token claims in mapping templates.
* DynamoDB with client-side encryption using the DynamoDB Encryption Client and a customer-managed KMS key, on top of DynamoDB’s own encryption at rest.
* Centralized logging and GuardDuty findings into a security account.
* Static frontends (HTML/JS) for the admin and client apps calling the APIs.

**Tech stack**

* Compute: AWS Lambda
* Database and storage: DynamoDB, S3
* Security and identity: IAM, KMS, Cognito, GuardDuty
* Networking and delivery: API Gateway (REST), CloudFront, Route 53
* Monitoring and logging: CloudWatch, centralized logging into a security account
* Frontend: Static HTML/JavaScript apps served via CloudFront and S3
* IaC and workflow: Terraform for infrastructure as code, GitHub + GitHub Actions for version control and CI

**Who this might help**

* Students or early professionals preparing for the AWS Certified Security – Specialty who want to see a realistic multi-account architecture that uses AWS KMS for both client-side and server-side encryption, rather than isolated examples.
* Anyone curious how identity, encryption, logging, and GuardDuty can fit together in one end-to-end design.

I architected, diagrammed, and implemented everything myself from scratch (no templates, no previous setup) because one of my goals was to learn what it takes to design a realistic, secure architecture end to end.
I know some choices may look overkill for small teams, but **I’m very open to suggestions** for simpler or more correct patterns.

**I’d really love feedback on anything:**

* Security concerns I might be missing
* Places where the account/IAM design could be better or simpler
* Better approaches for client-side encryption and updating items in DynamoDB
* Even small details like naming, logging strategy, etc.

Github repo (code + diagrams):
[`https://github.com/andyyaro/Building-A-Secure-Data-Hub-in-the-cloud-AWS-`](https://github.com/andyyaro/Building-A-Secure-Data-Hub-in-the-cloud-AWS-)
Write-up / slides:
[`https://gmuedu-my.sharepoint.com/:b:/g/personal/yyaro_gmu_edu/IQCTvQ7cpKYYT7CXae4d3fuwAVT3u67MN6gJr3nyEncEcS0?e=YFpCFC`](https://gmuedu-my.sharepoint.com/:b:/g/personal/yyaro_gmu_edu/IQCTvQ7cpKYYT7CXae4d3fuwAVT3u67MN6gJr3nyEncEcS0?e=YFpCFC)

Feel free to DM me. whether you’re also a student learning this stuff or someone with real-world experience, I’m always happy to exchange ideas and learn from others.
And if you think this could help other students or small teams, an upvote would really help more folks see it. Thanks a lot for taking the time

to look at it

[overview](https://preview.redd.it/w2ju77jq6p3g1.png?width=1920&format=png&auto=webp&s=4a27d436df83967e8a306f78e31b0f8e117dabfa)



https://redd.it/1p7orww
@r_devops

Building Docker Images with Nix

I've been experimenting creating container images via Nix and wanted to share with the community. I've found the results to be rather insane!

[Check it out here!](https://github.com/okwilkins/h8s/tree/f7d8832efce6a19bb32cdc49b39928f8de49db80/images/image-buildah)

The project linked is a fully worked example of how Nix is used to make a container that can create other containers. These will be used to build containers within my homelab and self-hosted CI/CD pipelines in Argo Workflows. If you're into homelabbing give the wider repo a look through also!

Using Nix allows for the following benefits:

1. The shell environment and binaries within the container is near identical to the shell Nix can provide locally.
2. The image is run from scratch.
* This means the image is nearly as small as possible.
* Security-wise, there are fewer binaries that are left in when compared to distros like Alpine or Debian based images.
3. As Nix flakes pin the exact versions, all binaries will stay at a constant and known state.
* With Alpine or Debian based images, when updating or installing packages, this is not a given.
4. The commands run via Taskfile will be the same locally as they are within CI/CD pipelines.
5. It allows for easily allow for different CPU architecture images and local dev.

The only big downside I've found with this is that when running the `nix build` step, the cache is often invalidated, leading to the image to be nearly completely rebuilt every time.

Really interested in knowing what you all think!

https://redd.it/1p7mpnd
@r_devops

Skill Rot from First DevOps-Adjacent Job. Feel Like I Don’t Have the Skills to Jump.

Hello, intelligentsia of the illustrious r/devops. I’m in a bit of a pickle and am looking for some insight. So I’m about 1 year and couple of months into my first job which happens to be in big tech. The company is known to be very stable and a “rest and vest” sort of situation with good WLB.

My work abstractly entails ETL operations on internal documents. The actual transformation here is usually comprised of node noscripts that find metadata in the documents and re-inserts the metadata, either in its original form or transformed by some computations, into a simplified version of the documents (think html flattering) before dropping them in an s3 bucket. I also schedule and create GitHub Action jobs for these operations based off of jobs already established. Additionally we manage our infrastructure with terraform and AWS. The pay is very good for this early in my career.

This is where the big wrinkle comes in, it seems that our architecture and processes are very mature and the team’s pace is very slow/stable. I looked back at all my commits in the months since I started working and was shocked at how few code contributions I’ve made. In terms of the infrastructure the only real exposure I’ve had to it is through routine/ run book style operations. I haven’t been actually able to alter the terraform files in all the time I’ve been here. There is a lot of tedious/rote work. My most significant contributions have been in the ETL side.

At this point some may say to communicate with my boss to ask for more on the infra side/ more complex tasks. However, the issue is that it genuinely doesn’t seem that there are that many more complex things to do. I realized recently that the second most junior person on the team whose been here a couple more years than I have and also has had more jobs than I have doesn’t seem to do all that more complex work than me. The most complex work just goes to the senior engineer and I suspect it’s been like this for a while. I had a feeling that this position may be bad for my career 6 months in but held out hope until now and I’m now afraid I realized too late.

I am hoping to find a junior devops role, but I am feeling fearful and overwhelmed since 1. I barely have the experience needed for devops with how surface level my experience here has been and 2. the job market seems vicious. I am beginning to upskill and work on getting a tight understanding of python, docker, kubernetes, and AWS. I also plan to make some projects. I hope to hop within the next 6 months.

I guess my questions with all this information in mind are:

1. Is my plan realistic? How much do projects showing self-learned devops skills really matter when the job I performed did not actually require or teach those skills. Short of lying, this will put me at a significant disadvantage, right?
2. If you were in my position how would you handle this?

Thank you all in advance. I’m feeling very uncertain about the future of my career.

https://redd.it/1p7sd6t
@r_devops

How do you make fzf ignore filesystem areas when you dont have a global gitignore and are not necessarily in a git folder?

noscript



I think the fzf docs allow filtering out gitignore items like node_modules, dist but it pulls a lot of unwanted results from XDG .cache/bun/install/cache, for example




https://redd.it/1p7nj2m
@r_devops

Our dev workflow feels like a group project gone wrong

I need ONE platform that unifies everyone and lets us track dependencies in a way humans can actually understand. Design, product, marketing, and dev teams all contribute to our releases, but no one sees the same information. Marketing launches features before they’re done. Product teams write requirements no one reads. Devs don’t know what’s blocked until it's too late.




https://redd.it/1p7v4ev
@r_devops

Devops teams: how do you handle cost tracking without it becoming someone's full time job?

Our cloud costs have been creeping up and leadership wants better visibility, but i'm trying to figure out how to actually implement this without it becoming a huge time sink for the team. We're a small devops group, 6 people, managing infrastructure for the whole company.

right now cost tracking is basically whoever has time that week pulls some reports from aws cost explorer and tries to spot anything weird. it's reactive, inconsistent, and honestly pretty useless. but i also can't justify having someone spend 10+ hours a week on cost analysis when we're already stretched thin.

what i'm looking for is a way to handle this that's actually sustainable:

- automated alerts when costs spike or anomalies happen, not manual checking
- reports that generate themselves and go to the right people without intervention
- recommendations we can actually act on quickly, not deep analysis projects
- something that integrates into our existing workflow instead of being a separate thing to maintain
- visibility that helps the team make better decisions during normal work, not a separate cost optimization initiative

basically i want cost awareness to be built into how we operate, not a side project that falls on whoever drew the short straw that quarter.

How are other small devops teams handling this? What's actually worked in practice?

https://redd.it/1p7xpx3
@r_devops

How are you handling AIsec for developers using ChatGPT and other GenAI tools?

Found out last week that about half our dev team has been using ChatGPT and GitHub Copilot for code generation. Nobody asked permission, they just started using it. Now I'm worried about what proprietary code or sensitive data might have been sent to these platforms.

We need to secure and govern the usage of generative AI before this becomes a bigger problem, but I don't want to just ban it and drive it underground. Developers will always find workarounds.

What policies or technical controls have worked for you? How do you balance AI security with productivity?



https://redd.it/1p7xih3
@r_devops

ArgoCD but just for Docker containers

Kubernetes can be overkill, and I bet some folks are still running good old Docker Compose with custom automation.
I was wondering what if there were an ArgoCD-like tool, but just for Docker containers? Obviously, compared to Kubernetes, it wouldn't be feature complete.. But that's kind of the point.
Does such a tool already exist? If yes, please let me know! And if it did, would it be useful to you?

https://redd.it/1p7xv48
@r_devops

Funny how the worst DevOps bottlenecks have nothing to do with tools, and almost nobody brings them up.

Every time people talk about DevOps, the conversation somehow circles back to tools, CI/CD choices, Kubernetes setups, IaC frameworks, whatever. But the longer I’ve worked with different teams, the more I’m convinced the biggest bottlenecks aren’t usually the tools. 

It’s all the weird “in-between” stuff nobody ever brings up.

One thing I keep running into is just… messy handoffs. A feature is “done,” but the tests are half-missing, or the deploy requirements aren’t clear, or the local/staging/prod environments are all slightly different in ways that break everything at the worst possible moment. 

None of that shows up in a DevOps guide, but it slows things down more than any actual infrastructure issue.

Another one, slow feedback loops. When a pipeline takes 20-30 minutes per commit, people won’t say anything, but they silently start pushing code less often. 

It completely changes how the team works, even if the pipeline is technically “fine.”

Anyway, I’m curious what other people have seen.

What’s a DevOps bottleneck you’ve dealt with that doesn’t really get talked about?

https://redd.it/1p7ynlq
@r_devops

Deployment to production . Docker containers

We have a automated ci cd environment for the Dev triggered by any changes to dev . Most of the artifacts are either react app or docker containers


Now we need to move this containers to a prod environment. Assume aws and different region.

Now how do we deploy certain containers. Would it be manual as containers are already built amd noscripts need to be built to just deploy a certain docker image to a different t region ?

https://redd.it/1p7z1ij
@r_devops

QA/Dev AI testing tool

Hey everyone! I’m working on a new AI-powered QA tool called Sentinel that’s still in development, but we’ve got a few features ready to test out and I’d love to get some real-world feedback. Basically, it helps with things like self-healing tests, AI-driven dashboards, and visual regression comparisons, and I’m looking for a couple of companies or teams who might want to give it a spin and let me know what they think. If you’re interested in trying it out and giving some feedback, just let me know!

P.S.

It’s not a magic AI tool that claims that’s going to take over your testing. It’s more of a dev focused tool that provides insights and gives suggestions.

https://redd.it/1p82kdi
@r_devops