DEV Community: Bala Hariharan

How DevOps, GenAI, and Terraform Helped Me Become a Rising Star

Bala Hariharan — Wed, 31 Dec 2025 07:29:09 +0000

Grateful to wrap up this year with some milestones across DevOps, cloud automation, and GenAI that I’m excited to share.

Drove end‑to‑end automation across multiple projects, including GenAI-powered runbooks and cloud cost-optimization workflows, and received an internal R&R award for consistently resolving complex cloud and migration issues under tight timelines.

At Texas Mutual, led the DevOps transformation as a Rising Star awardee: designed the entire AWS infrastructure using Terraform, implemented Azure DevOps pipelines, and enabled smooth deployments by closely collaborating with Dev, QA, business, and client teams while delivering ahead of schedule.

Strengthened my cloud foundation with 4 certifications this year:

Google Cloud – Professional Cloud Architect

AWS – Solutions Architect Professional

AWS – Generative AI Specialty

Microsoft Azure – Security Engineer Associate

Continued contributing to the developer community by sharing learnings from real-world AWS deployments, cost optimization, security, and infrastructure-as-code, and I’m now actively working towards expanding this impact through more blogs, talks, and open knowledge sharing.

If you’re interested in AWS, DevOps, or GenAI in production (Terraform, Azure DevOps, multi-cloud, cost optimization), I’d love to connect, collaborate, and create more community-focused content together.

🔥 Takeaways from the Chennai AWS Meetup – May 2025

Bala Hariharan — Thu, 26 Jun 2025 06:17:35 +0000

Last month, I had the opportunity to attend the AWS Meetup in Chennai, and it was a fantastic experience packed with knowledge sharing, real-world use cases, and tech inspiration.

💡 Key Topics Covered
Amazon Q – Got a great walkthrough on how Amazon Q is redefining developer productivity through generative AI capabilities.
Amazon Bedrock – Understood how Bedrock can streamline building and scaling GenAI applications using foundational models.
Amazon CloudFront – Explored how edge caching and CDN distribution can drastically improve performance and global delivery.
Serverless Architecture – Sessions dived deep into Lambda-based serverless solutions and event-driven design patterns.
👏 Kudos!
Huge kudos to the speakers and organizers who made this event valuable for everyone—from beginners to advanced AWS users.

The sessions were insightful, the discussions engaging, and the networking opportunities were top-notch. It's great to see how vibrant and active the AWS community in Chennai is!

📸 A Moment from the Event

If you're working with AWS or building scalable cloud-native applications, I highly recommend attending these community meetups. You’ll leave inspired, no matter where you are in your cloud journey.

Feel free to share your thoughts or reach out if you want to connect over AWS, serverless, or GenAI!

Unlocking the Power of Gen AI: Key Takeaways from AWS Summit India Online 2025

Bala Hariharan — Thu, 26 Jun 2025 06:14:36 +0000

Introduction
The AWS Summit India Online 2025 brought together tech enthusiasts, architects, and decision-makers to explore the latest advancements in cloud and AI. One standout session was "Gen AI in Action: From POC to Business Value", delivered by Arun Nalpet Ramakrishna, Senior Solutions Architect at AWS India.

As someone deeply interested in AI's practical applications, this session resonated with me. Here’s a brief recap and key takeaways.

🔍 Session Overview: Gen AI in Action
The session focused on how generative AI (Gen AI) has moved beyond hype and is now delivering real, measurable business outcomes. Arun shared AWS's approach to transforming Gen AI from a Proof of Concept (POC) into solutions that drive business value.

🚀 Key Highlights
From Experimentation to Execution
Arun discussed how organizations initially explore Gen AI via small-scale pilots but often struggle to scale them. He emphasized the importance of using a structured framework to transition from POC to production.
Use Cases Across Industries
The talk highlighted several industry use cases where Gen AI is already delivering value – from customer support automation to content generation in media.
AWS Gen AI Stack
Arun walked through the AWS services that empower Gen AI projects, including:
Amazon Bedrock
SageMaker
CodeWhisperer
AI21 and Anthropic models through managed APIs
Building Trust and Governance
Arun also touched on the ethical and governance aspects, showcasing how AWS embeds transparency and control through tools like Amazon Bedrock Guardrails.
💡 My Personal Takeaways
Gen AI adoption should start with a clear business objective, not just technology curiosity.
AWS provides a robust ML Ops and security ecosystem to accelerate Gen AI implementations responsibly.
The session reinforced the importance of cross-functional collaboration between data scientists, developers, and business teams to derive true value.
📌 Final Thoughts
The AWS Summit India Online proved once again that Gen AI is not just the future—it's the now. Sessions like this not only educate but inspire. I’m excited to explore AWS Gen AI tools in my own projects.

If you're interested in Gen AI, cloud computing, or just keeping up with tech trends, I highly recommend catching the replays or attending the next AWS event!

📈 Mastering AWS CloudWatch: Monitor, Visualize, and Automate Like a Pro

Bala Hariharan — Mon, 05 May 2025 03:51:29 +0000

If AWS is the engine powering your infrastructure, CloudWatch is the dashboard that helps you drive with visibility, precision, and control.

In this blog, we’ll break down:

What CloudWatch actually does
Core services and features
Real-world monitoring examples
Dashboards, Alarms, Logs, and Events
Best practices to maximize visibility and cost-effectiveness
🔍 What is AWS CloudWatch?
AWS CloudWatch is a monitoring and observability service that provides:

Metrics: CPU, memory, network, disk, custom metrics
Logs: App/server logs in near real time
Alarms: Alerting based on thresholds
Dashboards: Real-time visualizations
Events / Rules: Automated actions on certain events
Insights: Interactive log queries
Anomaly detection: Machine learning-based pattern alerts
Think of it as your single pane of glass into AWS infrastructure.

🧱 CloudWatch Core Components
Component Description
Metrics Numerical data like CPU utilization
Logs Collect and search logs from applications
Dashboards Visualize system health in real time
Alarms Trigger notifications or actions based on thresholds
Events / Rules Respond automatically to changes (e.g., EC2 state change)
Insights Query logs with SQL-like syntax
📊 Use Case: Monitoring EC2 with Alarms
Let’s say you want to monitor an EC2 instance’s CPU.

Step 1: Create an Alarm

aws cloudwatch put-metric-alarm \
--alarm-name "HighCPUUtilization" \
--metric-name CPUUtilization \
--namespace AWS/EC2 \
--statistic Average \
--period 300 \
--threshold 70 \
--comparison-operator GreaterThanThreshold \
--evaluation-periods 2 \
--alarm-actions arn:aws:sns:us-east-1:123456789012:NotifyMe \
--dimensions Name=InstanceId,Value=i-0abcd1234efgh5678
This will trigger an SNS notification when CPU > 70% for 10 minutes.

📥 Use Case: Centralized Logging with CloudWatch Logs
You can stream logs from:

Lambda functions
EC2 instances (via CloudWatch Agent)
ECS, Fargate, EKS, etc.
Custom applications
Sample Log Push from EC2:

Install CloudWatch Agent
Configure /opt/aws/amazon-cloudwatch-agent/etc/amazon-cloudwatch-agent.json
{
"logs": {
"logs_collected": {
"files": {
"collect_list": [
{
"file_path": "/var/log/syslog",
"log_group_name": "EC2SyslogGroup",
"log_stream_name": "{instance_id}"
}
]
}
}
}
}
Start the agent:
sudo /opt/aws/amazon-cloudwatch-agent/bin/amazon-cloudwatch-agent-ctl \
-a fetch-config -m ec2 -c file:/path/to/config.json -s
📋 Use Case: Build a Custom CloudWatch Dashboard
Want to track metrics visually?

Go to CloudWatch → Dashboards
Click Create dashboard
Add widgets like:
Line graph of Lambda duration
Number of invocations by API Gateway
RDS CPU usage
You can also use CloudWatch Metric Math to build compound charts like:

(WriteIOPS + ReadIOPS) for EBS volumes
Sum of all invocations across multiple Lambdas
🔔 Real-World Example: Lambda Alerting + Slack Notification
Create an Alarm on Lambda Errors metric
Hook it to SNS topic
SNS pushes to Lambda function that sends Slack alert
The Lambda uses a webhook to post message:

const https = require("https");

exports.handler = async (event) => {
const message = event.Records[0].Sns.Message;
const options = {
hostname: 'hooks.slack.com',
path: '/services/your/webhook/path',
method: 'POST',
headers: { 'Content-Type': 'application/json' }
};

const req = https.request(options);
req.write(JSON.stringify({ text: 🚨 Alert: ${message} }));
req.end();
};
🔎 CloudWatch Insights: Search Logs Like a Pro
Let’s say you want to find all 5xx errors from your Lambda logs:

fields @timestamp, @message
| filter @message like /ERROR/ and status >= 500
| sort @timestamp desc
| limit 20
Or identify slow API calls:

filter duration > 3000
| stats count(*) by api, duration
Insights makes log mining fast and readable.

🧠 Best Practices for CloudWatch
✅ Tag everything — use consistent tags for resource grouping
✅ Prefix log group names — like /app/backend, /app/frontend
✅ Use dashboards per microservice or team
✅ Enable anomaly detection on critical metrics
✅ Set retention policies — don’t hoard logs forever
✅ Export to S3 for long-term analytics (cheap!)
✅ Restrict access via IAM least privilege

💡 Cost Optimization Tips
Set log retention (default is never expire, which adds cost)
Use filters to store only necessary logs
Aggregate and batch custom metrics before publishing
Disable detailed monitoring on dev/staging environments
🧾 Common Metrics Worth Monitoring
Service Metric
EC2 CPUUtilization, NetworkIn/Out
RDS CPUUtilization, FreeStorageSpace
Lambda Invocations, Errors, Duration
API Gateway 4xx, 5xx Errors, Latency
SQS ApproximateNumberOfMessagesVisible
ECS MemoryUtilization, CPUUtilization
🛡️ CloudWatch for Security
Detect sudden spikes in requests (possible DDoS)
Log unauthorized IAM calls with CloudTrail logs in CloudWatch
Set alarms on root account usage or failed login attempts
Send custom logs from WAF or GuardDuty to CloudWatch
⚙️ Automate with CloudWatch Events (Now EventBridge)
CloudWatch Events can trigger:

Lambda functions
SSM commands
ECS tasks
SNS topics
📌 Example: Automatically stop idle EC2 instances at night

{
"source": ["aws.ec2"],
"detail-type": ["EC2 Instance State-change Notification"],
"detail": {
"state": ["running"]
}
}
Target: Lambda that checks tags and shuts down if AutoStop=true.

✅ CloudWatch Cheat Sheet
Feature Use Case
Metrics Monitor performance over time
Logs Debug, trace, and analyze log data
Alarms Get notified or act on metric thresholds
Dashboards Visualize health in real time
Insights Query logs with SQL-like syntax
Events Automate actions on system changes
Anomaly Detection ML-based thresholding and alerting
🧠 Final Thoughts
AWS CloudWatch is more than just logs or metrics — it’s a complete observability suite for modern applications.

With proper setup, it becomes your early warning system, performance profiler, and automation engine — all in one.

Whether you’re running microservices, serverless apps, or monoliths, CloudWatch brings peace of mind to your AWS operations.

💬 Let’s Talk!
What’s your favorite CloudWatch feature?
How do you monitor your AWS resources?

Drop your setup, questions, or tips in the comments.
Let’s build reliable systems together — one metric at a time.

AWS

💰 Cost Optimization with AWS Compute Optimizer:

Bala Hariharan — Sat, 03 May 2025 09:38:02 +0000

💰 Cost Optimization with AWS Compute Optimizer.

“You can’t optimize what you don’t measure.” — This quote holds especially true in the cloud.
If you're running workloads on AWS, cost optimization should never be a one-time effort. AWS offers a wide array of services to help manage your spending, and one of the most powerful — yet underutilized — tools is AWS Compute Optimizer.

In this blog, I’ll walk you through what Compute Optimizer is, how it works, and how I used it in a real-world project to save money without compromising performance.

🔍 What is AWS Compute Optimizer?
AWS Compute Optimizer is a service that uses machine learning to analyze your workload configurations and utilization metrics. Based on this data, it provides right-sizing recommendations for:

EC2 instances
EBS volumes
Lambda functions
Auto Scaling groups
Instead of over-provisioning by default or relying solely on manual metrics, you can use Compute Optimizer to guide your sizing decisions with data-driven insights.

⚙️ How Compute Optimizer Works
Data Collection:
Collects up to 14 days of historical metrics from CloudWatch.
Monitors CPU, memory, disk I/O, and network activity.
Analysis & Modeling:
Uses machine learning models trained on millions of AWS workloads.
Evaluates whether a resource is under-provisioned, over-provisioned, or optimized.
Recommendation:
Suggests better instance types or volume types.
Projects expected performance and cost for each recommendation.
Categorizes into:
Not optimized
Optimized
Insufficient data
🛠️ Enabling Compute Optimizer
To start using Compute Optimizer:

Go to the AWS Console.
Enable it in your target regions.
Optionally enable Enhanced Infrastructure Metrics for deeper insights (e.g., memory data for EC2).
You’ll begin to see recommendations within 12–24 hours.

🧪 Real-World Use Case: Cost Cutting with EC2
Let me walk you through a scenario from one of my Java backend applications.

We had 6 EC2 instances of type t3.large in a production environment. These handled various microservices with relatively low average usage but had burst workloads occasionally.

Compute Optimizer Analysis:

CPU utilization: <10% average
Network I/O: <5 MB/s
Memory (after enabling enhanced metrics): ~35% used
Recommendations:

Switch to t3.medium
Enable T3 Unlimited for burst scenarios
📉 What We Did
We reviewed the recommendations, validated CloudWatch metrics, and decided to switch 3 of the 6 instances to t3.medium.

We used this migration strategy:

Create AMI backups
Update Auto Scaling Group launch templates
Monitor via CloudWatch and logs
Use SSM for post-launch validation
💡 The Result
After two weeks of monitoring:

No increase in latency
No service degradation
Saved $50/month per instance
Projected annual savings: $1800+
We later migrated the remaining 3 nodes, leading to a total monthly cost reduction of ~$300.

🛑 Things to Keep in Mind
Before applying Compute Optimizer recommendations blindly, consider:

Is this instance intentionally over-provisioned? (e.g., for redundancy or DR)
Is it serving memory-heavy or burst workloads?
Is it running a containerized workload with memory/cpu reservation?
What’s your availability SLA?
Recommendations are starting points — always validate against application performance and business requirements.

📦 What About EBS and Lambda?
EBS

We had a general-purpose gp2 volume attached to our dev environment with almost no IO requirements.

Compute Optimizer suggested sc1 (cold HDD), and we tested it for archive-type workloads.

✅ Result: No functional issues, 60% storage cost saved.

Lambda

In a different project, our Lambda functions had 1024MB memory allocated by default. Compute Optimizer showed average usage around 200MB.

We lowered to 512MB, which also reduced the timeout rate and improved cold-start behavior.

📊 How to Track the Savings
Once you apply changes:

Use AWS Cost Explorer to monitor actual savings
Use AWS Budgets to track against thresholds
Tag optimized resources with something like optimization: compute for cost analysis
📎 Tips to Integrate into Your Workflow
Include Compute Optimizer reviews as part of your monthly cloud hygiene check
Automate snapshotting EC2 & EBS before resizing with scripts
Store recommendations as JSON and review diffs over time
Build a custom dashboard using the Compute Optimizer API
📈 Going Beyond: Combine With Trusted Advisor & Cost Explorer
While Compute Optimizer is focused on resource rightsizing, pairing it with:

AWS Trusted Advisor → checks for idle load balancers, unused IPs, etc.
Cost Explorer → visualizes usage trends and service spikes
… gives you a complete picture of cost optimization.

🔚 Final Thoughts
AWS Compute Optimizer is one of the easiest ways to cut cloud bills without rewriting your infrastructure.

🎯 It's free, data-backed, and supports multiple AWS services.

In my experience, implementing even 10–15% of the recommendations led to significant savings — without a single service interruption.

Mastering AWS IAM: Secure Your Account and Resources Like a Pro

Bala Hariharan — Sat, 26 Apr 2025 05:25:28 +0000

AWS IAM (Identity and Access Management) is the foundation of all things security in AWS. Whether you're a solo developer, part of a small team, or managing a large-scale infrastructure, IAM best practices can make or break your cloud security.

In this blog, I’ll cover:

IAM concepts you must understand
Real-world IAM configurations
Common mistakes to avoid
A practical security checklist
Hands-on examples for developers and DevOps engineers
Let’s turn your AWS account from “default” to bulletproof.

🧠 What is IAM?
IAM is the AWS service that helps you:

Authenticate who is making a request (identity)
Authorize what that identity can do (access)
It supports:

Users (humans with long-term credentials)
Roles (temporary access for AWS services or external identities)
Groups (collections of users)
Policies (documents that define permissions)
🧱 IAM Components Explained Simply
Component Use Case
User An engineer in your team
Group All backend developers
Role Give Lambda temporary access to S3
Policy “Allow reading from S3 bucket X”
Policies use JSON and follow this structure:

{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": "s3:GetObject",
"Resource": "arn:aws:s3:::your-bucket/*"
}
]
}
🔒 Step 1: Secure Your Root Account Immediately
Your AWS root user is the most powerful account. Here's what to do:

✅ Enable MFA (Multi-Factor Authentication)
✅ Don’t use it for daily tasks
✅ Create an IAM user with admin privileges for regular operations

Tip: Use a password manager to store root credentials safely.
👥 Step 2: Create IAM Users and Groups (No Sharing)
Instead of sharing access keys:

Create a separate user for each team member
Assign users to groups like dev, ops, admin
Attach policies to groups — not individual users
aws iam create-group --group-name developers
aws iam add-user-to-group --group-name developers --user-name alice
🛡️ Step 3: Use Roles for Services and Temporary Access
IAM Roles are not tied to a specific user. They are:

Assumed by AWS services (e.g., EC2, Lambda)
Used for federated identities (e.g., SSO or cross-account access)
Example: EC2 Instance Access to S3

Create a role with S3 read access
Attach role to EC2 instance
The EC2 instance automatically gets temporary credentials
🔁 Step 4: Rotate Access Keys and Use IAM Roles for Apps
If you’re storing AWS access keys in:
❌ Source code
❌ GitHub
❌ Hardcoded scripts

… STOP!

Do this instead:

Use IAM roles with temporary credentials
Rotate keys via AWS Secrets Manager
Enable CloudTrail logging to audit credential usage
📄 Step 5: Follow the Principle of Least Privilege (PoLP)
Don’t give “Admin” permissions to every resource.

✅ Give only the permissions the user or service needs
✅ Use IAM Access Analyzer to detect unused permissions
✅ Start with “read-only” access and escalate if necessary

🔐 Example: Read-only Policy for RDS
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"rds:Describe*",
"cloudwatch:GetMetricData"
],
"Resource": "*"
}
]
}
Attach this to a user who only needs monitoring access.

🚨 Step 6: Enable MFA Everywhere
Use MFA for:

Root account
All IAM users
AWS CLI (aws configure + session-token)
SSO users via external identity providers
MFA options:

Virtual (Google Authenticator, Authy)
Hardware (Yubikey)
SMS (less secure)
🔍 Step 7: Monitor IAM Activity
IAM changes are sensitive. Use these tools:

CloudTrail → Logs every IAM action
IAM Access Analyzer → Detects unused access
AWS Config → Tracks config drift
Trusted Advisor → Flags security risks
Example: Query who made a policy change in the last 24 hours:

aws cloudtrail lookup-events --lookup-attributes AttributeKey=EventName,AttributeValue=PutUserPolicy
🧪 Step 8: Test Permissions Safely
Use the IAM Policy Simulator:

Test if a user/role has access before deploying
Avoid downtime due to incorrect permissions
Also:

Use DryRun in AWS CLI:
aws ec2 start-instances --instance-ids i-12345 --dry-run
🧰 Step 9: Use Service Control Policies (SCP) for Org-Wide Control
If you're using AWS Organizations:

SCPs allow you to restrict what accounts can do even if a user has admin
Great for child accounts (dev, test)
Example: Block EC2 usage in dev account:

{
"Effect": "Deny",
"Action": "ec2:",
"Resource": ""
}
🧼 Step 10: Periodic IAM Cleanup
Don’t let your IAM become the “junk drawer” of AWS.

Schedule monthly cleanup tasks:
✅ Remove inactive users
✅ Revoke unused keys
✅ Rotate credentials
✅ Review attached policies
✅ Delete test roles

Use this script to find users who haven’t logged in:

aws iam get-user --user-name alice
aws iam generate-credential-report
🧾 IAM Security Checklist
✅ Task Description
Root MFA Enabled Absolute must
IAM Users Created No sharing of credentials
Groups Used For scalable access control
Roles Used Temporary access only
Least Privilege No wide-open * policies
MFA Everywhere For users + services
Monitor Changes CloudTrail, Config, Access Analyzer
Rotate Keys At least every 90 days
Cleanup Old Users Monthly checkup
SCP Applied Restrict dev/test accounts
🔚 Final Thoughts
IAM is not optional — it’s the backbone of cloud security.

Whether you’re building apps, deploying ML models, or running Kubernetes clusters — IAM determines what has access to what. A single misconfigured policy could expose your data, shut down your environment, or worse.

Start small, review regularly, and automate wherever possible.

📢 Let's Chat
Have you implemented IAM best practices in your AWS environment?
What worked well — and what didn’t?

Drop your experiences in the comments. Let’s make cloud security a habit, not an afterthought.