Kiro: Transforming DevOps with AI Agents

You are a DevOps specialist juggling continuous integration and deployment (CI/CD) pipelines, infrastructure provisioning, and developer productivity services in an Amazon Web Services (AWS) environment. You’ve probably wondered: β€œWith all these generative artificial intelligence offerings, is there a service that can actually make my work more efficient?” The answer is yes. In this post, I introduce Kiro, an agentic AI development service, and show how it can save you hours on your daily automation tasks. Learn how the Kiro command line interface (CLI) transforms DevOps automation with AI-powered agents that install, configure, and deploy infrastructure using natural language commands in minutes. ...

December 16, 2025 Β· 10 min Β· 1993 words Β· Matheus Costa

AI and Automation on AWS: Implementing Intelligent Solutions

Introduction AWS offers a complete ecosystem of AI services that allows you to implement intelligent solutions without the need for deep machine learning expertise. This guide explores how to use these services to automate processes and build smarter applications. AWS AI Services 1. Amazon Comprehend - Text Analysis Sentiment Analysis import boto3 import json def analyze_sentiment(text): """Analyze text sentiment using Comprehend""" comprehend = boto3.client('comprehend') response = comprehend.detect_sentiment( Text=text, LanguageCode='pt' ) return { 'sentiment': response['Sentiment'], 'confidence': response['SentimentScore'] } # Usage example text = "I am very satisfied with the company's service!" result = analyze_sentiment(text) print(f"Sentiment: {result['sentiment']}") print(f"Confidence: {result['confidence']}") Entity Extraction def extract_entities(text): """Extract named entities from text""" comprehend = boto3.client('comprehend') response = comprehend.detect_entities( Text=text, LanguageCode='pt' ) entities = [] for entity in response['Entities']: entities.append({ 'text': entity['Text'], 'type': entity['Type'], 'confidence': entity['Score'] }) return entities # Example text = "JoΓ£o Silva works at Amazon in SΓ£o Paulo since 2020" entities = extract_entities(text) for entity in entities: print(f"{entity['text']} - {entity['type']} ({entity['confidence']:.2f})") 2. Amazon Rekognition - Image Analysis Object Detection def detect_objects_in_image(bucket_name, image_key): """Detect objects in an S3 image""" rekognition = boto3.client('rekognition') response = rekognition.detect_labels( Image={ 'S3Object': { 'Bucket': bucket_name, 'Name': image_key } }, MaxLabels=10, MinConfidence=80 ) objects = [] for label in response['Labels']: objects.append({ 'name': label['Name'], 'confidence': label['Confidence'], 'instances': len(label.get('Instances', [])) }) return objects Facial Recognition def detect_faces(bucket_name, image_key): """Detect faces in an image""" rekognition = boto3.client('rekognition') response = rekognition.detect_faces( Image={ 'S3Object': { 'Bucket': bucket_name, 'Name': image_key } }, Attributes=['ALL'] ) faces = [] for face in response['FaceDetails']: faces.append({ 'age_range': face['AgeRange'], 'gender': face['Gender']['Value'], 'emotions': [ { 'type': emotion['Type'], 'confidence': emotion['Confidence'] } for emotion in face['Emotions'] if emotion['Confidence'] > 50 ] }) return faces 3. Amazon Polly - Text-to-Speech def text_to_speech(text, output_bucket, output_key): """Convert text to audio using Polly""" polly = boto3.client('polly') s3 = boto3.client('s3') # Synthesize speech response = polly.synthesize_speech( Text=text, OutputFormat='mp3', VoiceId='Camila', # Brazilian Portuguese voice LanguageCode='pt-BR' ) # Save to S3 s3.put_object( Bucket=output_bucket, Key=output_key, Body=response['AudioStream'].read(), ContentType='audio/mpeg' ) return f"s3://{output_bucket}/{output_key}" # Example audio_url = text_to_speech( "Hello! This is an example of speech synthesis using Amazon Polly.", "my-audio-bucket", "speech/example.mp3" ) Practical Use Cases 1. Automatic Customer Feedback Analysis import boto3 from datetime import datetime import json class FeedbackAnalyzer: def __init__(self): self.comprehend = boto3.client('comprehend') self.dynamodb = boto3.resource('dynamodb') self.sns = boto3.client('sns') self.table = self.dynamodb.Table('customer-feedback') def process_feedback(self, feedback_text, customer_id): """Process customer feedback""" # Sentiment analysis sentiment_response = self.comprehend.detect_sentiment( Text=feedback_text, LanguageCode='pt' ) # Key topic extraction key_phrases_response = self.comprehend.detect_key_phrases( Text=feedback_text, LanguageCode='pt' ) # Prepare data for storage feedback_data = { 'feedback_id': f"{customer_id}_{int(datetime.now().timestamp())}", 'customer_id': customer_id, 'text': feedback_text, 'sentiment': sentiment_response['Sentiment'], 'sentiment_scores': sentiment_response['SentimentScore'], 'key_phrases': [ phrase['Text'] for phrase in key_phrases_response['KeyPhrases'] if phrase['Score'] > 0.8 ], 'timestamp': datetime.now().isoformat(), 'processed': True } # Save to DynamoDB self.table.put_item(Item=feedback_data) # Alert if negative feedback if sentiment_response['Sentiment'] == 'NEGATIVE': self.send_alert(feedback_data) return feedback_data def send_alert(self, feedback_data): """Send alert for negative feedback""" message = { 'alert_type': 'negative_feedback', 'customer_id': feedback_data['customer_id'], 'sentiment_score': feedback_data['sentiment_scores']['Negative'], 'key_issues': feedback_data['key_phrases'][:3], 'timestamp': feedback_data['timestamp'] } self.sns.publish( TopicArn='arn:aws:sns:region:account:customer-alerts', Message=json.dumps(message), Subject='Negative Feedback Detected' ) # Class usage analyzer = FeedbackAnalyzer() result = analyzer.process_feedback( "The product arrived defective and the customer service was terrible!", "customer_123" ) 2. Automatic Content Moderation class ContentModerator: def __init__(self): self.rekognition = boto3.client('rekognition') self.comprehend = boto3.client('comprehend') self.s3 = boto3.client('s3') def moderate_image(self, bucket_name, image_key): """Moderate image content""" # Detect inappropriate content moderation_response = self.rekognition.detect_moderation_labels( Image={ 'S3Object': { 'Bucket': bucket_name, 'Name': image_key } }, MinConfidence=60 ) inappropriate_content = [] for label in moderation_response['ModerationLabels']: inappropriate_content.append({ 'category': label['Name'], 'confidence': label['Confidence'], 'parent_category': label.get('ParentName', '') }) # Detect text in the image text_response = self.rekognition.detect_text( Image={ 'S3Object': { 'Bucket': bucket_name, 'Name': image_key } } ) detected_text = ' '.join([ text['DetectedText'] for text in text_response['TextDetections'] if text['Type'] == 'LINE' ]) # Analyze sentiment of detected text text_sentiment = None if detected_text: sentiment_response = self.comprehend.detect_sentiment( Text=detected_text, LanguageCode='pt' ) text_sentiment = sentiment_response['Sentiment'] return { 'image_key': image_key, 'inappropriate_content': inappropriate_content, 'detected_text': detected_text, 'text_sentiment': text_sentiment, 'approved': len(inappropriate_content) == 0, 'confidence_score': min([label['confidence'] for label in inappropriate_content]) if inappropriate_content else 100 } def moderate_text(self, text_content): """Moderate text content""" # Detect toxic language using Comprehend sentiment_response = self.comprehend.detect_sentiment( Text=text_content, LanguageCode='pt' ) # Prohibited words list (simplified example) prohibited_words = ['spam', 'scam', 'fraud'] contains_prohibited = any( word.lower() in text_content.lower() for word in prohibited_words ) return { 'text': text_content, 'sentiment': sentiment_response['Sentiment'], 'sentiment_scores': sentiment_response['SentimentScore'], 'contains_prohibited_words': contains_prohibited, 'approved': not contains_prohibited and sentiment_response['Sentiment'] != 'NEGATIVE' } # Usage example moderator = ContentModerator() # Moderate image image_result = moderator.moderate_image('content-bucket', 'user-uploads/image.jpg') print(f"Image approved: {image_result['approved']}") # Moderate text text_result = moderator.moderate_text("This is a normal comment about the product.") print(f"Text approved: {text_result['approved']}") 3. Intelligent Chatbot with Lex class IntelligentChatbot: def __init__(self): self.lex = boto3.client('lexv2-runtime') self.comprehend = boto3.client('comprehend') self.dynamodb = boto3.resource('dynamodb') self.conversation_table = self.dynamodb.Table('chatbot-conversations') def process_message(self, user_id, message, session_id=None): """Process user message""" if not session_id: session_id = f"{user_id}_{int(datetime.now().timestamp())}" # Analyze intent with Lex lex_response = self.lex.recognize_text( botId='your-bot-id', botAliasId='your-bot-alias-id', localeId='pt_BR', sessionId=session_id, text=message ) # Analyze message sentiment sentiment_response = self.comprehend.detect_sentiment( Text=message, LanguageCode='pt' ) # Prepare response based on intent intent_name = lex_response.get('sessionState', {}).get('intent', {}).get('name', 'Unknown') bot_response = lex_response.get('messages', [{}])[0].get('content', 'Sorry, I did not understand.') # Customize response based on sentiment if sentiment_response['Sentiment'] == 'NEGATIVE': bot_response = f"I can see you're frustrated. {bot_response} Would you like me to transfer you to a human agent?" # Save conversation conversation_data = { 'conversation_id': f"{session_id}_{int(datetime.now().timestamp())}", 'user_id': user_id, 'session_id': session_id, 'user_message': message, 'bot_response': bot_response, 'intent': intent_name, 'sentiment': sentiment_response['Sentiment'], 'confidence': lex_response.get('sessionState', {}).get('intent', {}).get('confirmationState', 'None'), 'timestamp': datetime.now().isoformat() } self.conversation_table.put_item(Item=conversation_data) return { 'response': bot_response, 'intent': intent_name, 'sentiment': sentiment_response['Sentiment'], 'session_id': session_id } def get_conversation_analytics(self, user_id): """Get conversation analytics""" response = self.conversation_table.query( IndexName='user-id-index', KeyConditionExpression='user_id = :user_id', ExpressionAttributeValues={':user_id': user_id} ) conversations = response['Items'] # Calculate metrics total_messages = len(conversations) sentiments = [conv['sentiment'] for conv in conversations] intents = [conv['intent'] for conv in conversations] return { 'total_messages': total_messages, 'sentiment_distribution': { 'positive': sentiments.count('POSITIVE'), 'negative': sentiments.count('NEGATIVE'), 'neutral': sentiments.count('NEUTRAL') }, 'top_intents': list(set(intents)), 'last_interaction': max([conv['timestamp'] for conv in conversations]) if conversations else None } # Usage example chatbot = IntelligentChatbot() # Process message response = chatbot.process_message( user_id="user_123", message="I need to cancel my order", session_id="session_456" ) print(f"Bot response: {response['response']}") print(f"Detected intent: {response['intent']}") Automation with Step Functions Document Processing Workflow { "Comment": "Automatic document processing workflow", "StartAt": "ExtractText", "States": { "ExtractText": { "Type": "Task", "Resource": "arn:aws:states:::aws-sdk:textract:startDocumentTextDetection", "Parameters": { "DocumentLocation": { "S3Object": { "Bucket.$": "$.bucket", "Name.$": "$.key" } } }, "Next": "WaitForExtraction" }, "WaitForExtraction": { "Type": "Wait", "Seconds": 10, "Next": "GetExtractionResults" }, "GetExtractionResults": { "Type": "Task", "Resource": "arn:aws:states:::aws-sdk:textract:getDocumentTextDetection", "Parameters": { "JobId.$": "$.JobId" }, "Next": "AnalyzeText" }, "AnalyzeText": { "Type": "Task", "Resource": "arn:aws:states:::lambda:invoke", "Parameters": { "FunctionName": "analyze-extracted-text", "Payload.$": "$" }, "Next": "ClassifyDocument" }, "ClassifyDocument": { "Type": "Task", "Resource": "arn:aws:states:::aws-sdk:comprehend:detectSentiment", "Parameters": { "Text.$": "$.extractedText", "LanguageCode": "pt" }, "Next": "StoreResults" }, "StoreResults": { "Type": "Task", "Resource": "arn:aws:states:::dynamodb:putItem", "Parameters": { "TableName": "processed-documents", "Item": { "documentId": {"S.$": "$.documentId"}, "extractedText": {"S.$": "$.extractedText"}, "sentiment": {"S.$": "$.Sentiment"}, "processedAt": {"S.$": "$$.State.EnteredTime"} } }, "End": true } } } Monitoring and Optimization CloudWatch Metrics for AI Services def monitor_ai_services(): """Monitor usage and performance of AI services""" cloudwatch = boto3.client('cloudwatch') # Custom metrics metrics = [ { 'MetricName': 'ComprehendRequests', 'Value': 1, 'Unit': 'Count', 'Dimensions': [ { 'Name': 'Service', 'Value': 'Comprehend' } ] }, { 'MetricName': 'RekognitionRequests', 'Value': 1, 'Unit': 'Count', 'Dimensions': [ { 'Name': 'Service', 'Value': 'Rekognition' } ] } ] cloudwatch.put_metric_data( Namespace='AI/Services', MetricData=metrics ) # Dashboard for monitoring dashboard_config = { "widgets": [ { "type": "metric", "properties": { "metrics": [ ["AI/Services", "ComprehendRequests"], ["AI/Services", "RekognitionRequests"] ], "period": 300, "stat": "Sum", "region": "us-east-1", "title": "AI Services Usage" } } ] } Conclusion AWS AI services democratize access to artificial intelligence, enabling developers to implement sophisticated solutions without deep ML expertise. The main advantages include: ...

July 16, 2025 Β· 7 min Β· 1282 words Β· Matheus Costa

Infrastructure as Code with Terraform on AWS: Best Practices and Automation

Introduction Infrastructure as Code (IaC) has revolutionized the way we manage cloud infrastructure. Terraform, combined with AWS, offers a powerful solution for creating, modifying, and versioning infrastructure in a declarative and reproducible way. Why Terraform + AWS? Terraform Advantages βœ… Multi-cloud - Support for multiple providers βœ… Declarative - Describes the desired state βœ… Planning - Preview changes before applying βœ… State Management - Centralized state control βœ… Modularity - Code reuse Benefits on AWS πŸš€ Scalability - Infrastructure that grows with demand πŸ”’ Security - Integrated security controls πŸ’° Cost-effective - Automatic resource optimization πŸ”„ Automation - Automated deployment and management Terraform Project Structure Directory Organization terraform-aws-infrastructure/ β”œβ”€β”€ environments/ β”‚ β”œβ”€β”€ dev/ β”‚ β”‚ β”œβ”€β”€ main.tf β”‚ β”‚ β”œβ”€β”€ variables.tf β”‚ β”‚ β”œβ”€β”€ outputs.tf β”‚ β”‚ └── terraform.tfvars β”‚ β”œβ”€β”€ staging/ β”‚ └── production/ β”œβ”€β”€ modules/ β”‚ β”œβ”€β”€ vpc/ β”‚ β”œβ”€β”€ ec2/ β”‚ β”œβ”€β”€ rds/ β”‚ β”œβ”€β”€ s3/ β”‚ └── security-groups/ β”œβ”€β”€ shared/ β”‚ β”œβ”€β”€ backend.tf β”‚ └── providers.tf └── scripts/ β”œβ”€β”€ deploy.sh └── destroy.sh Base Configuration Provider Configuration # providers.tf terraform { required_version = ">= 1.0" required_providers { aws = { source = "hashicorp/aws" version = "~> 5.0" } random = { source = "hashicorp/random" version = "~> 3.1" } } backend "s3" { bucket = "terraform-state-bucket" key = "infrastructure/terraform.tfstate" region = "us-east-1" encrypt = true dynamodb_table = "terraform-locks" } } provider "aws" { region = var.aws_region default_tags { tags = { Environment = var.environment Project = var.project_name ManagedBy = "Terraform" Owner = var.owner CostCenter = var.cost_center } } } Variables Configuration # variables.tf variable "aws_region" { description = "AWS region for resources" type = string default = "us-east-1" } variable "environment" { description = "Environment name" type = string validation { condition = contains(["dev", "staging", "production"], var.environment) error_message = "Environment must be dev, staging, or production." } } variable "project_name" { description = "Name of the project" type = string } variable "vpc_cidr" { description = "CIDR block for VPC" type = string default = "10.0.0.0/16" } variable "availability_zones" { description = "List of availability zones" type = list(string) default = ["us-east-1a", "us-east-1b", "us-east-1c"] } Reusable Terraform Modules VPC Module # modules/vpc/main.tf resource "aws_vpc" "main" { cidr_block = var.cidr_block enable_dns_hostnames = true enable_dns_support = true tags = { Name = "${var.name}-vpc" } } resource "aws_internet_gateway" "main" { vpc_id = aws_vpc.main.id tags = { Name = "${var.name}-igw" } } resource "aws_subnet" "public" { count = length(var.public_subnets) vpc_id = aws_vpc.main.id cidr_block = var.public_subnets[count.index] availability_zone = var.availability_zones[count.index] map_public_ip_on_launch = true tags = { Name = "${var.name}-public-${count.index + 1}" Type = "Public" } } resource "aws_subnet" "private" { count = length(var.private_subnets) vpc_id = aws_vpc.main.id cidr_block = var.private_subnets[count.index] availability_zone = var.availability_zones[count.index] tags = { Name = "${var.name}-private-${count.index + 1}" Type = "Private" } } resource "aws_route_table" "public" { vpc_id = aws_vpc.main.id route { cidr_block = "0.0.0.0/0" gateway_id = aws_internet_gateway.main.id } tags = { Name = "${var.name}-public-rt" } } resource "aws_route_table_association" "public" { count = length(aws_subnet.public) subnet_id = aws_subnet.public[count.index].id route_table_id = aws_route_table.public.id } # NAT Gateway for private subnets resource "aws_eip" "nat" { count = var.enable_nat_gateway ? length(var.public_subnets) : 0 domain = "vpc" tags = { Name = "${var.name}-nat-eip-${count.index + 1}" } depends_on = [aws_internet_gateway.main] } resource "aws_nat_gateway" "main" { count = var.enable_nat_gateway ? length(var.public_subnets) : 0 allocation_id = aws_eip.nat[count.index].id subnet_id = aws_subnet.public[count.index].id tags = { Name = "${var.name}-nat-${count.index + 1}" } } resource "aws_route_table" "private" { count = var.enable_nat_gateway ? length(var.private_subnets) : 0 vpc_id = aws_vpc.main.id route { cidr_block = "0.0.0.0/0" nat_gateway_id = aws_nat_gateway.main[count.index].id } tags = { Name = "${var.name}-private-rt-${count.index + 1}" } } resource "aws_route_table_association" "private" { count = var.enable_nat_gateway ? length(aws_subnet.private) : 0 subnet_id = aws_subnet.private[count.index].id route_table_id = aws_route_table.private[count.index].id } Security Groups Module # modules/security-groups/main.tf resource "aws_security_group" "web" { name_prefix = "${var.name}-web-" vpc_id = var.vpc_id description = "Security group for web servers" ingress { description = "HTTP" from_port = 80 to_port = 80 protocol = "tcp" cidr_blocks = ["0.0.0.0/0"] } ingress { description = "HTTPS" from_port = 443 to_port = 443 protocol = "tcp" cidr_blocks = ["0.0.0.0/0"] } egress { from_port = 0 to_port = 0 protocol = "-1" cidr_blocks = ["0.0.0.0/0"] } tags = { Name = "${var.name}-web-sg" } lifecycle { create_before_destroy = true } } resource "aws_security_group" "database" { name_prefix = "${var.name}-db-" vpc_id = var.vpc_id description = "Security group for database servers" ingress { description = "MySQL/Aurora" from_port = 3306 to_port = 3306 protocol = "tcp" security_groups = [aws_security_group.web.id] } ingress { description = "PostgreSQL" from_port = 5432 to_port = 5432 protocol = "tcp" security_groups = [aws_security_group.web.id] } tags = { Name = "${var.name}-db-sg" } lifecycle { create_before_destroy = true } } EC2 Module with Auto Scaling # modules/ec2/main.tf data "aws_ami" "amazon_linux" { most_recent = true owners = ["amazon"] filter { name = "name" values = ["amzn2-ami-hvm-*-x86_64-gp2"] } } resource "aws_launch_template" "web" { name_prefix = "${var.name}-web-" image_id = data.aws_ami.amazon_linux.id instance_type = var.instance_type vpc_security_group_ids = var.security_group_ids user_data = base64encode(templatefile("${path.module}/user_data.sh", { environment = var.environment })) iam_instance_profile { name = aws_iam_instance_profile.web.name } block_device_mappings { device_name = "/dev/xvda" ebs { volume_size = var.root_volume_size volume_type = "gp3" encrypted = true } } tag_specifications { resource_type = "instance" tags = { Name = "${var.name}-web-instance" } } lifecycle { create_before_destroy = true } } resource "aws_autoscaling_group" "web" { name = "${var.name}-web-asg" vpc_zone_identifier = var.subnet_ids target_group_arns = var.target_group_arns health_check_type = "ELB" health_check_grace_period = 300 min_size = var.min_size max_size = var.max_size desired_capacity = var.desired_capacity launch_template { id = aws_launch_template.web.id version = "$Latest" } tag { key = "Name" value = "${var.name}-web-asg" propagate_at_launch = false } instance_refresh { strategy = "Rolling" preferences { min_healthy_percentage = 50 } } } # IAM Role for EC2 instances resource "aws_iam_role" "web" { name = "${var.name}-web-role" assume_role_policy = jsonencode({ Version = "2012-10-17" Statement = [ { Action = "sts:AssumeRole" Effect = "Allow" Principal = { Service = "ec2.amazonaws.com" } } ] }) } resource "aws_iam_instance_profile" "web" { name = "${var.name}-web-profile" role = aws_iam_role.web.name } resource "aws_iam_role_policy_attachment" "web_ssm" { role = aws_iam_role.web.name policy_arn = "arn:aws:iam::aws:policy/AmazonSSMManagedInstanceCore" } Environment Implementation Development Environment # environments/dev/main.tf module "vpc" { source = "../../modules/vpc" name = "${var.project_name}-${var.environment}" cidr_block = var.vpc_cidr availability_zones = var.availability_zones public_subnets = ["10.0.1.0/24", "10.0.2.0/24"] private_subnets = ["10.0.10.0/24", "10.0.20.0/24"] enable_nat_gateway = false # Cost savings in dev } module "security_groups" { source = "../../modules/security-groups" name = "${var.project_name}-${var.environment}" vpc_id = module.vpc.vpc_id } module "web_servers" { source = "../../modules/ec2" name = "${var.project_name}-${var.environment}" environment = var.environment instance_type = "t3.micro" min_size = 1 max_size = 2 desired_capacity = 1 subnet_ids = module.vpc.public_subnet_ids security_group_ids = [module.security_groups.web_sg_id] } Production Environment # environments/production/main.tf module "vpc" { source = "../../modules/vpc" name = "${var.project_name}-${var.environment}" cidr_block = var.vpc_cidr availability_zones = var.availability_zones public_subnets = ["10.1.1.0/24", "10.1.2.0/24", "10.1.3.0/24"] private_subnets = ["10.1.10.0/24", "10.1.20.0/24", "10.1.30.0/24"] enable_nat_gateway = true } module "security_groups" { source = "../../modules/security-groups" name = "${var.project_name}-${var.environment}" vpc_id = module.vpc.vpc_id } module "web_servers" { source = "../../modules/ec2" name = "${var.project_name}-${var.environment}" environment = var.environment instance_type = "t3.medium" min_size = 2 max_size = 10 desired_capacity = 3 subnet_ids = module.vpc.private_subnet_ids security_group_ids = [module.security_groups.web_sg_id] } module "database" { source = "../../modules/rds" name = "${var.project_name}-${var.environment}" engine = "mysql" engine_version = "8.0" instance_class = "db.t3.medium" allocated_storage = 100 subnet_ids = module.vpc.private_subnet_ids security_group_ids = [module.security_groups.database_sg_id] backup_retention = 7 multi_az = true } Automation and CI/CD GitLab CI Pipeline # .gitlab-ci.yml stages: - validate - plan - apply - destroy variables: TF_ROOT: ${CI_PROJECT_DIR} TF_ADDRESS: ${CI_API_V4_URL}/projects/${CI_PROJECT_ID}/terraform/state/${CI_ENVIRONMENT_NAME} cache: key: "${TF_ROOT}" paths: - ${TF_ROOT}/.terraform before_script: - cd ${TF_ROOT}/environments/${CI_ENVIRONMENT_NAME} - terraform --version - terraform init -backend-config="address=${TF_ADDRESS}" -backend-config="lock_address=${TF_ADDRESS}/lock" -backend-config="unlock_address=${TF_ADDRESS}/lock" -backend-config="username=${CI_USERNAME}" -backend-config="password=${CI_JOB_TOKEN}" -backend-config="lock_method=POST" -backend-config="unlock_method=DELETE" -backend-config="retry_wait_min=5" validate: stage: validate script: - terraform validate - terraform fmt -check only: - merge_requests - main plan: stage: plan script: - terraform plan -out="planfile" artifacts: name: plan paths: - ${TF_ROOT}/environments/${CI_ENVIRONMENT_NAME}/planfile only: - merge_requests - main apply: stage: apply script: - terraform apply -input=false "planfile" dependencies: - plan when: manual only: - main environment: name: ${CI_ENVIRONMENT_NAME} destroy: stage: destroy script: - terraform destroy -auto-approve when: manual only: - main environment: name: ${CI_ENVIRONMENT_NAME} action: stop Automation Scripts #!/bin/bash # scripts/deploy.sh set -e ENVIRONMENT=${1:-dev} ACTION=${2:-plan} echo "πŸš€ Deploying to $ENVIRONMENT environment" cd "environments/$ENVIRONMENT" # Initialize Terraform terraform init # Validate configuration terraform validate # Format code terraform fmt -recursive case $ACTION in "plan") echo "πŸ“‹ Planning infrastructure changes..." terraform plan -var-file="terraform.tfvars" ;; "apply") echo "πŸ”¨ Applying infrastructure changes..." terraform plan -var-file="terraform.tfvars" -out=tfplan terraform apply tfplan rm tfplan ;; "destroy") echo "πŸ’₯ Destroying infrastructure..." terraform plan -destroy -var-file="terraform.tfvars" -out=tfplan terraform apply tfplan rm tfplan ;; *) echo "❌ Invalid action. Use: plan, apply, or destroy" exit 1 ;; esac echo "βœ… Operation completed successfully!" Monitoring and Observability CloudWatch Integration # modules/monitoring/main.tf resource "aws_cloudwatch_dashboard" "main" { dashboard_name = "${var.name}-infrastructure" dashboard_body = jsonencode({ widgets = [ { type = "metric" x = 0 y = 0 width = 12 height = 6 properties = { metrics = [ ["AWS/EC2", "CPUUtilization", "AutoScalingGroupName", var.asg_name], ["AWS/ApplicationELB", "TargetResponseTime", "LoadBalancer", var.alb_name] ] period = 300 stat = "Average" region = var.aws_region title = "Infrastructure Metrics" } } ] }) } resource "aws_cloudwatch_metric_alarm" "high_cpu" { alarm_name = "${var.name}-high-cpu" comparison_operator = "GreaterThanThreshold" evaluation_periods = "2" metric_name = "CPUUtilization" namespace = "AWS/EC2" period = "300" statistic = "Average" threshold = "80" alarm_description = "This metric monitors ec2 cpu utilization" dimensions = { AutoScalingGroupName = var.asg_name } alarm_actions = [aws_sns_topic.alerts.arn] } resource "aws_sns_topic" "alerts" { name = "${var.name}-infrastructure-alerts" } Security and Compliance Terraform Security Scanning # .github/workflows/security-scan.yml name: Security Scan on: pull_request: branches: [main] jobs: security-scan: runs-on: ubuntu-latest steps: - uses: actions/checkout@v3 - name: Run Checkov uses: bridgecrewio/checkov-action@master with: directory: . framework: terraform output_format: sarif output_file_path: reports/results.sarif - name: Run TFSec uses: aquasecurity/[email protected] with: soft_fail: true - name: Run Terrascan uses: accurics/terrascan-action@main with: iac_type: terraform iac_version: v14 policy_type: aws State File Security # Backend configuration with encryption terraform { backend "s3" { bucket = "terraform-state-secure-bucket" key = "infrastructure/terraform.tfstate" region = "us-east-1" encrypt = true kms_key_id = "arn:aws:kms:us-east-1:account:key/key-id" dynamodb_table = "terraform-locks" # Versioning enabled on S3 bucket versioning = true # Server-side encryption server_side_encryption_configuration { rule { apply_server_side_encryption_by_default { sse_algorithm = "aws:kms" kms_master_key_id = "arn:aws:kms:us-east-1:account:key/key-id" } } } } } Best Practices 1. Code Organization βœ… Use reusable modules βœ… Separate environments into directories βœ… Keep files small and focused βœ… Use consistent naming conventions βœ… Document modules and variables 2. State Management βœ… Use remote backend (S3 + DynamoDB) βœ… Enable state versioning βœ… Configure locks to avoid conflicts βœ… Encrypt state files βœ… Regularly back up the state 3. Security βœ… Use the least privilege principle βœ… Encrypt data in transit and at rest βœ… Implement resource tagging βœ… Use secrets management βœ… Perform regular security scanning 4. Performance and Costs βœ… Use data sources for existing resources βœ… Implement lifecycle rules βœ… Monitor costs with tags βœ… Use spot instances when appropriate βœ… Optimize storage classes Common Troubleshooting 1. State Lock Issues # Force unlock (use with caution) terraform force-unlock LOCK_ID # Check current state terraform show # Import existing resources terraform import aws_instance.example i-1234567890abcdef0 2. Dependency Issues # Explicit dependencies resource "aws_instance" "web" { # ... configuration ... depends_on = [ aws_security_group.web, aws_subnet.public ] } 3. Provider Version Conflicts # Lock provider versions terraform { required_providers { aws = { source = "hashicorp/aws" version = "= 5.0.1" # Exact version } } } Conclusion Terraform offers a robust platform for implementing Infrastructure as Code on AWS. By following the best practices presented, you can: ...

July 16, 2025 Β· 9 min Β· 1891 words Β· Matheus Costa

CI/CD with GitHub Actions: Automating Deploy to Cloudflare Pages

Introduction to CI/CD Continuous Integration/Continuous Deployment (CI/CD) is an essential practice in modern development that automates the process of code integration, testing, and deployment. Why GitHub Actions? Advantages βœ… Native integration with GitHub βœ… Free for public repositories βœ… Marketplace with thousands of actions βœ… Support for multiple languages and platforms βœ… Execution in Docker containers Basic Concepts Workflow: Automated process Job: Set of steps executed on a runner Step: Individual task Action: Reusable code block Setting Up the Pipeline 1. Workflow Structure Create the file .github/workflows/deploy.yml: ...

July 16, 2025 Β· 3 min Β· 507 words Β· Matheus Costa

Amazon Q Developer in Practice: Revolutionizing Development with AI

Amazon Q Developer represents a revolution in how we develop and operate applications on AWS. This generative AI assistant not only accelerates development but also optimizes operations and solves complex problems in real time. πŸš€ What is Amazon Q Developer? Amazon Q Developer is a generative AI assistant specialized in software development and AWS operations. It combines: Intelligent and contextual code generation Analysis and optimization of AWS infrastructure Automatic resolution of operational issues Native integration with development tools Key Capabilities πŸ€– Code Generation: Generates code in multiple languages πŸ” Code Analysis: Analyzes and optimizes existing code πŸ› οΈ Infrastructure as Code: Creates and optimizes Terraform/CloudFormation templates πŸ”§ Troubleshooting: Automatically identifies and resolves issues πŸ“Š Cost Optimization: Suggests AWS cost improvements πŸ› οΈ Setup and Getting Started 1. Installation in VS Code # Install Amazon Q extension code --install-extension amazonwebservices.amazon-q-vscode 2. AWS Credentials Configuration # Configure AWS CLI aws configure # Or use AWS SSO aws configure sso 3. Activating Amazon Q Open VS Code Press Ctrl+Shift+P (or Cmd+Shift+P on Mac) Type β€œAmazon Q: Sign In” Follow the authentication process πŸ’» Practical Use Cases 1. AWS Code Generation Prompt: β€œCreate a Lambda function in Python that processes SQS messages and saves to DynamoDB” ...

December 10, 2024 Β· 7 min Β· 1334 words Β· Matheus Costa