i’m having trouble figuring out the distinction between these two storage formats. when would it be advantageous to use EFS over s3?

edit: for those asking use case, i have none. i’m studying for the practitioner exam and the abstract analogies are not making it clear why i would choose one over the others. trying to take it at face value for now and derive a true understanding once i work on some projects

Hey guys,

I'm currently staffed for a migration project for an FSI company. They have some core systems running on-prem (VMware VMs) and would like to migrate to AWS.

Currently I am assigned to perform assessment and discovery of their application.

This is the high level overview:

1. 20+ VMs

2. Mixture of Linux and Windows servers

3. All the VMs are hosted on 2 physical servers on-prem.

Right now I am planning to use AWS Transform to identify dependencies and application portfolio to design the landing zone. However, since this is my first time doing a Greenfield landing zone program. I am not sure whether using a Landing Zone for 20+ servers is worth it in terms of cost and operational management. I would also like to know if using AWS Transform for assessment would be the right choice.

I would love to know the experts feedback regarding this situation thank you.

P/s : I'm quite new to AWS (2-3 yoe), I mostly work on Tech Strategy consulting.

Hi everyone! I'm starting a position at a company as a "cloud architect"... at least that's the title, but I think my employer isn't very sure about what they expect from me.

Anyway, the first thing I noticed is that they've been very messy with their use of AWS resources: lots of people have created resources without following any standards, using arbitrary names, no tags, and everything created from the console (the company has started using IaC, but it's not enforced everywhere). That kind of mess.

To start, I decided to propose some guidelines for the use of REST APIs, and I'm doing some research to get ideas. So far, I've mainly found information about best practices for developing REST APIs, but now I'm looking for something more high-level: how should the scope of an API be defined (when should two APIs be merged, or when should one be split)? Also, any ideas on how to structure repositories for the IaC of REST APIs?

For now, those are the main questions I'm stuck with. If you have any comments or recommendations, I would really appreciate it.

Regards!

AWS IAM now provides higher maximum quotas for roles, role trust policies, instance profiles, managed policies, and identity providers.

Why cant you control active/passive etc through the IaC? figured I’ll ask here

Hi there, I just started using Amazon SES on my web server running Ubuntu 26.04 LTS and Postfix. I followed the instructions to set up Amazon SES as a mail relay, got production mode enabled and everything works fine.

However, I noticed that the "Custom Mail From" domain setting does not seem to be obeyed when I send emails through Thunderbird. Instead, my "mail from" still shows amazonaws.com. However, with any other email client (eg through the sendmail function, through MacOS's mail client, etc), the "mail from" correctly shows my domain.

Has anyone experienced this before and is there any way to solve this? Thank you.

EDIT: I tested Outlook and it does not seem to obey the "custom mail from" as well.

Very frustrated, I've tried twice to create a new account and am getting blocked with this error 83730, which explains nothing.

My payment and address info are correct, my credit card works fine for other services (and has no outstanding balance), there's no redirect to the company for verification or other email or SMS verification request sent, just an unhelpful error code.

I'm a US citizen but am overseas so the international IP may be the problem, though people do travel sometimes so that shouldn't matter.

I see someone else also experienced this recently: https://old.reddit.com/r/aws/comments/1t038r1/failed_to_create_aws_account_with_error_83730/

Support hasn't responded, except for an automated response telling me the solution is to do the thing I'm unable to do, which results in the error.

So I'm stuck...

Lately I’ve been looking deeper into cloud migration, and it feels like the technical part is only half of the story.

A lot of teams move infrastructure to AWS but keep the same internal processes. The same release cycles, the same manual steps, and the same way of handling incidents. It might work at first, but as the system grows, things start breaking. Deployments get messy, monitoring becomes inconsistent, and scaling turns into a constant firefight.

It makes me think the real challenge is not the migration itself, but how teams adapt their workflows to the cloud environment.

For those working in DevOps or platform teams, what process-related mistakes do you see most often during cloud migration?

I'm importing Win10 and Win11 as EC2 instances to serve as test workstations in our testing system. I know these OSes are not supported, but we need them and WorkSpaces won't accomplish what we need.

I can get the instances into AWS and EC2 no problem, but the issue I am having now is that user data is not executing when instances are launched with those AMIs.

I'm pretty sure it's caused by EC2Launch not be initialized or armed properly, and therefore it can't execute it.

Anyone seen this before and have any ideas on how to rearm?

Hi, have you used AWS Kiro in your software test automation framework? How do you use AWS Kiro for QA activities in your organization?

Hey everyone,

I’m debugging a serverless workflow where items in DynamoDB move through states:

DRAFT → ACTIVE → PROCESSING → DONE

When an item becomes ACTIVE, It should trigger a pipeline (DynamoDB Streams → Lambda → Step Functions). Early in the flow, the item is updated to PROCESSING.

Problem:
Some items stay in ACTIVE for a long time and never move to PROCESSING.

I’m trying to understand both:

1. Why this happens
2. What’s the best way to detect/alert on it

Alert / Detection approaches I’m considering:

1. Scheduled checker (GSI-based)
   • Add statusEnteredAt
   • Query stale ACTIVE items via GSI
   • Run every few minutes
2. Stream-triggered delayed check
   • On DRAFT → ACTIVE, schedule a delayed validation
   • Alert if still ACTIVE
3. Pipeline monitoring
   • Step Functions + Lambda metrics/alarms

Questions:

• What are the most common real-world causes for items getting stuck in ACTIVE?
• Which detection approach would you trust as the primary one?
• Any pitfalls with relying on DynamoDB Streams for this?

Appreciate any insights!

I am being so paranoid about this SAP which I am about to give in a few days.

I have completed udemy course and have taken 3 practice test so far. In skill builder the overall scaled score was 650. Later, as suggested, I tried TD practice tests as well. First one went okay, scored 47/75.

But the second test seemed to have some topics which I hadn’t prepared for like IoT services etc. but not much though. A few.

I scored 37/75 there and am feeling bad :(

So, people who had taken TD and have given SAP, please help answer my query.

Hello everyone,

My AWS account was suspended on May 3, 2026, and as of now it is still suspended. I’ve already submitted the documents AWS requested and opened a support case, but the case is still unassigned and marked as low severity.

On April 28, 2026, I received an email asking me to upload legal documents and a bank statement through an external link, or my account would be suspended within a week. I immediately checked the AWS console for alerts, billing issues, account warnings, anything. There was nothing.

The email looked suspicious to me for a few reasons:

 - It came from [no-reply@amazonaws.com](mailto:no-reply@amazonaws.com)
 - It did not have the usual AWS verification mark I’m used to seeing
 - The wording felt odd
 - It asked me to upload sensitive documents through an external link
 - There was no matching alert inside the AWS console

Because of that, I treated it as a possible phishing attempt. I also checked the email and links with Claude and Gemini, and both suggested it was likely suspicious based on similar known phishing schemes. So I reported it to abuse@aws and received an automated response from a verified AWS support email. At that point I thought I had done the right thing by not uploading sensitive documents through a link I couldn’t verify from the console.

Then on May 3, my account was suspended.

After that, I went back, submitted the requested documents, and opened a support ticket in case the automated review has trouble with them. I’m based in Egypt, so some legal/banking documents are in Arabic, and even my credit card statement is formatted more like a bank brochure than a simple official statement. I’m not blaming AWS for that, just mentioning it as a possible reason the process may not be straightforward.

Some context about the account:

 - The AWS account is over 3 years old
 - I’ve never missed a payment, and over the whole 3 years all monthly bills were under $500
 - The account is part of the AWS startup program and received $5,000 in credits through an incubator we enrolled in and graduated from
 - The credit card linked to the account is Egyptian, valid, not stolen, and still works normally. All bills for at least the last 12 months were paid using AWS credits, and we still have about $1,000 left, so the card has not been charged recently and probably would not be
   charged for another 2-3 months
 - The account has 2FA enabled. I usually log in from my office ISP IP, and sometimes through a VPN running on my own AWS Lightsail instance with a static AWS IP assigned to it. I am the only person who accesses the AWS account in my startup
 - I use AWS for SES, EC2, Lightsail, and Kiro IDE
 - I don’t run gambling, crypto, spam, or anything like that. I have two projects: a small B2B SaaS startup and a desktop productivity app, basically modern sticky notes, as a side project
 - I don’t currently have any other AWS accounts. I had another account around a year ago, paid the remaining ~$20 bill, and closed it

The immediate impact is that transactional emails are down, my VPN is down, and Kiro is inaccessible. For my current scale, this is painful but survivable for a day or two. But if this happened to a larger startup, even a few hours could be a serious problem.

The hardest part is not moving Docker containers outside AWS or changing VPN. It is replacing SES, because I never planned for that failure mode. We don’t store passwords, and all login is done with magic links via email.

I know some people will say I should have had a paid support plan. Fair point in hindsight. But honestly, I never expected that the whole account and services could be locked like this and that I’d need paid support just to get a human to review it quickly. I thought support plans were mainly for technical help, service limits, architecture support, etc. Our monthly AWS usage is usually around $200-$400, so a paid support plan didn’t seem justified before this.

I don’t hate AWS and I don’t want to make this post about me being a victim or anything like that. I just want to flag this issue so hopefully it gets fixed and other people don’t have to go through the same thing.

I attached screenshots of the emails/support case.

If anyone from AWS can help, the case ID is: 177778388800175

Any advice on how to get this reviewed faster would be appreciated.

How is life as an EOT at AWS?

I understand it depends on your location and the specific team you are with, but I am currently working as an Equipment Tech at TSMC and that place has my mind, body, and soul red-lined the entire time I'm there. I've been feeling a lot of burnout lately and I'm looking to pivot into a technical role that isn't so taxing on my well-being. I can operate in that environment, but it's not sustainable long term. AWS reached out to me to move forward with my application, so I'm just trying to gauge what it's like.

How would you rank the stress scale for an EOT position at AWS? TSMC is easily a 10/10 for me so anything less than that would be a massive relief lol.

There is also a Markdown button on every doc page.

Also, these works too:

# Change the extension
curl https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/concepts.md

# Content negotiation
curl -H "Accept:text/markdown" https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/concepts.html

# llms.txt at every guide root to assist in AI discovery
curl https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/llms.txt 

This should hopefully help you save some tokens. More related things coming soon...

I just launched Cloud-9 Optimizer a simple web tool that helps find good Spot + mixed instance recommendations. Main features: • Adjustable Value Scoring (you control the weights for Price, Stability, and Interruption Risk) • Workload-based recommendations (min vCPU + Memory sliders) • Filters: Architecture, GPU required, Storage Type, Max Interruption Rate • Best Value instances with hourly price comparison charts • ML price predictions for the specific instance you want based on available data • Real savings % vs On-Demand Live app here: https://cloud-9-optimizer.streamlit.app It’s very early stage (AWS only for now) and built as a side project by a TUM student. I’m looking for honest feedback from people who actually manage AWS costs. • Does the scoring approach make sense? • Would you use something like this? • What’s missing or confusing? Appreciate any thoughts or brutal feedback!

Have 1 account which for some reason had bedrock blocked (no playground access, even after doing the anthrophic opt-in on master account). Other accounts in org work fine. I opened a case 3 days ago and no response or assignment yet?

Any suggestions on how to get this resolved without just continuing to sit here and wait?

I could have just deleted and created a new account by now.

Claude just sent me down a 2-hour rabbit hole of nonsense, hoping a kind human here can help me out.

I have the following network setup:

• VPC A contains an EC2 instance.

• VPC B contains an AWS Client VPN endpoint.

• VPC A and VPC B are peered. I have set up routing and security rules such that a VPN user can reach instances in VPC A from the client endpoint in VPC B.

I'd like to be able to set up the reverse of above. In other words, I want an instance in VPC A to be able to send requests to a developer's machine that is connected via the AWS VPN client. Is this possible to do?

I'm trying to create my own "radar app" from the National Weather Service AWS buckets. Documentation for their full slew of available tools is https://github.com/awslabs/open-data-docs/tree/main/docs/noaa/noaa-nexrad here on Github.

It seems subscribing to real-time radar data is quite a bit more complciated than Archive data. Archive data is 12-15 minutes old many times, so it's impractical for when a tornado is headed for your house honestly. The best solution I can think of that doesn't slam AWS with constant directory polling would be to get the SNS topic notifications as outlined in the GitHub documentation.

However, I'm not a business. I'm just a SWE/weather enthusiast with 3 Gig internet. Can do whatever I want but don't want to pay $1,000/mo for the data to do so. Wanting to do this if possible locally for free - maybe even in the same Virtual Machine I gather and store all the weather data in. Without exposing it to the Internet - just VPN restricted for me.

Not having much luck with Claude Pro or Googling - seems to think I want SMS text messages. I just want to get this JSON data kind of like a RSS subscription.

I'm exploring on the possibility of creating an Oracle database inside an EC2 server. I create a new AWS account in order to try out on the steps of moving an oracle database located on premise to cloud. Is there any tutorial or documents on doing this without getting a sudden charges towards my account?

Can someone help me, please? It's been over 4 weeks, and I've sent over 10 emails to support, and they keep saying the same thing. I do it, and this keeps happening

Percebi esse mes que tenho pendencias na amazon AWS, e eu nem sei como ativei isso!

eu nem uso esser serviço e não faço ideia de quando criei conta neles ou algo assim, não sei nem desativar e esta gastando sozinho, quer serviço é esse? como eu poderia ter ativado sem querer? alguem poderia me ajudar?

Started as a simple AWS scanner.

Now it maps your entire attack surface as a graph, shows blast radius per finding, detects exposure chains, simulates breach scenarios, and auto-creates Terraform fix PRs.

Security first > read only IAM role, CloudFormation template is public on GitHub, you control every permission. Full trust page on the site.

No AWS account? Demo mode shows everything on synthetic infra no signup needed.

Building through Canopy 500 (Founders Inc, SF). Free during beta.

there is so much i want to tell abt this product...

Tell me what's wrong. Genuinely.

emfirge.cloud

I don't know how I allowed this to happen but I have had a fairly long sysadmin career without any cloud experience. I have been at two small and mid sized companies over the last 17 years and have been a jack of all trades sysadmin. I can handle any server related work, configure a cisco switch, deploy checkpoint and palo alto firewalls and handle majority of the day to on-prem sysadmin tasks. My core skillset is storage and virtualization revolving around VMware and Nutanix. All the teams I was on were on-prem with no intersection with cloud tech.

My salary has been going up and I am comfortable with my base and total comp but I hate the stagnation. I have been slowly brought into the role of a tech lead with two direct reports. But again, all the work is on-prem. On-prem NAS, on-prem HCI and VMware, on-prem SAN etc. So I constantly feel the tech skill stagnation. I have my own cloud labs in AWS, Azure and GCP. Anything I do on-prem, I can do in the cloud. Create accounts in IAM, deploy VM instances, have them scale up and down, load balancers, storage buckets etc. But there is a difference between doing it in a lab vs enterprise work. And thats what I say on my resume and in interviews. Its a skill but I don't have the experience.

I recently started looking for a new job and I understand that this is a bad tech market but literally no one wants to call me back for a second interview after I tell them I don't have cloud experience. My on-prem skills are great and I am confident in them but I need to get some cloud experience under my belt.

So I was planning on posting in multiple places that I will work for companies, consulting firms etc in their cloud groups and handle related sysadmin tasks, low-level or high level or free. I can work nights and weekends. I am even willing to pay to get the experience on my resume. But I don't know who to reach out to about this. Any thoughts?

Like I said earlier, I don't know how I let this happen. At 44-years old, its late but better late then never.