DEV Community: luis zuñiga

Building AI-Powered Business Solutions for LATAM with Amazon Quick: A Hands-on Technical Guide

luis zuñiga — Mon, 20 Apr 2026 16:29:59 +0000

Over the past few weeks, I built and deployed five production-ready use cases using Amazon Quick (the agentic evolution of QuickSight) specifically tailored for the Small and Mid-size Business (SMB) market in Latin America.What makes Amazon Quick particularly relevant for our region is the current market gap: while enterprise AI deployment grew by 68% in 2025, only 3% of SMBs have achieved full integration (IDC Latin America ICT Spending). Amazon Quick bridges this divide with a simplified pricing model (starting at $20/user) and natural language capabilities that eliminate the need for massive technical departments.🗺️ Mental Map: The Amazon Quick EcosystemPlaintextAMAZON QUICK ARCHITECTURE
│
├── 🧠 INTERFACE (Natural Language)
│ ├── Chat Agents (Contextual conversation per use case)
│ └── Spaces (Environment organization by project/team)
│
├── 🤖 AGENTIC MODULES
│ ├── Quick Research (Deep research: S3 + Web + Premium sources)
│ ├── Quick Flows (Automated workflows for business users)
│ └── Quick Automate (Complex multi-step automation for engineers)
│
├── 📊 ANALYTICS CORE
│ ├── Quick Sight (Visual BI + SPICE In-Memory Engine)
│ └── Topic Q (NLQ with bilingual synonym support)
│
└── 🛠️ INFRASTRUCTURE (IaC)
├── S3 Knowledge Base (Data Lake: CSV, JSON, TXT)
├── CloudFormation (Modular deployment via Stacks)
└── IAM (Least Privilege & SourceAccount conditions)
🏗️ Infrastructure Design & Technical DecisionsFor these deployments, I utilized an Infrastructure as Code (IaC) approach based on 11 CloudFormation templates. My core design principles were:Stack Isolation: One independent stack per use case to simplify maintenance.Layered Security: All S3 buckets utilize AES-256 encryption, full Block Public Access, and DeletionPolicy: Retain.Strict Least Privilege: IAM roles scoped specifically to each bucket, strictly avoiding wildcards (*).QuickSight Deployment Pattern via CloudFormationOne of my key takeaways was splitting the QuickSight deployment into 5 layers. The QuickSight API requires propagation time and has complex resource dependencies:Layer 1: S3 + IAM Roles.Layer 2: DataSource (S3/JSON Connector).Layer 3: DataSet (SPICE ingestion with explicit type casting).Layer 4: Topic Q (Natural language semantic configuration).Layer 5: Analysis & Dashboard (36-column grid layout definition).🤖 Success Case: Sales Automation with Quick AutomateThe most significant impact was seen in sales, where we eliminated 2 hours of manual work every Monday. We leveraged Quick Automate to generate dynamic reporting pipelines.The "Inline Agent": The Heart of AutomationI used an AI Inline Agent within the flow to transform raw DataTable objects into professional HTML reports with embedded CSS, which are then automatically uploaded to S3.[!CAUTION]Technical Gotcha: The Quick Automate runtime has critical quirks:Double Datetime: You must use datetime.datetime.now(). Using a simple datetime.now() will trigger a NameError.No Boto3: External modules cannot be imported. All S3 interactions must be performed via Action Connectors.⚠️ Builder’s Log: Lessons LearnedThe S3 Typing Challenge: By default, S3/CSV sources import everything as a STRING. If you do not perform a CastColumnTypeOperation within your CloudFormation LogicalTableMap, Topic Q will be unable to perform aggregations.Localization for LATAM: To ensure the AI functions effectively in Spanish, I configured bilingual synonyms in the column metadata (e.g., total_usd → [monto, revenue, ingreso, venta]).Quick Research & Dual Citation: In the Regulatory Compliance use case, Quick Research's ability to cite internal sources (our PDFs in S3) and external sources simultaneously was the primary trust-builder for stakeholders.💰 Cost Analysis (Why LATAM ❤️ Quick)ComponentEstimated Cost (2026)Infrastructure Fee$250/month per account (fixed)Professional User$20/month (Includes Research & Flows)Enterprise User$40/month (Includes Automate Authoring)A deployment for 36 users across 5 critical areas cost approximately $994/month, providing a massive ROI compared to manual reporting hours.ConclusionAmazon Quick is no longer just a visualization tool; it is an Agentic AI platform that democratizes technology for LATAM SMBs. As builders, our mission is to shield these systems with robust architectures and IaC.⚖️ Technical & Legal Safe Harbor DisclaimerAUTHORSHIP AND INDEPENDENT CAPACITY: This publication is authored solely by me in my individual and private capacity. The views, methodologies, and technical workflows expressed herein are my own and do not necessarily reflect the official policy, position, or strategic direction of my current or former employers, clients, or any legal entity I am affiliated with.INTELLECTUAL PROPERTY & CONFIDENTIALITY COMPLIANCE:Zero Proprietary Disclosure: This content has been developed using publicly available information and personal research. No confidential information or internal proprietary source code belonging to my employer has been disclosed.Independent Development: The workflows described are based on general industry best practices and were not developed as a "work for hire".LIMITATION OF LIABILITY (NO WARRANTY): All code snippets and architectural patterns are provided "AS IS" without warranty of any kind.COMPLIANCE: This contribution is made in good faith under the AWS Builder Terms and the MIT-0 License for any included source code.

Deep Dive: Accelerating Infrastructure as Code (IaC) on GCP using Terraform and Antigravity

luis zuñiga — Fri, 17 Apr 2026 00:42:09 +0000

Key Stack: Terraform, Google Cloud Platform (GCP), Cloud Armor, Cloud SQL, Antigravity AI

When designing robust and scalable architectures for production environments, efficiency is non-negotiable. Traditionally, SRE and Infrastructure teams spend significant cycles managing network segregation, variable consistency, and manual security audits. However, the paradigm has shifted: Generative AI applied to Platform Engineering has arrived to eliminate operational toil.

In this article, we will technically analyze the paquetesaction project. We will explore how to deploy advanced Terraform modules on Google Cloud by operating alongside Antigravity—an AI-powered assistant tailored for infrastructure workflows based on Google DeepMind technology—which acts as an additional software engineer within your terminal.

The Multi-Project Modularity Challenge For this use case, the requirements demanded four distinct architectures designed to coexist within an enterprise ecosystem. The goal was clear: total isolation and automated scalability.

Base VPC (Core Networking): Implementation of custom networks with Private Google Access enabled for internal consumption of Google APIs without internet egress.

Private Data Workloads: Cloud SQL (MySQL) with restricted access via VPC Peering, eliminating any public IP exposure.

Resilient L7 Frontend: Global HTTP(S) Load Balancer supported by Managed Instance Groups (MIG) and perimeter protection via Cloud Armor.

Management Access (Bastion): e2-micro instances for administration, using strict tag-based routing.

Antigravity: Pair Programming "On Steroids" The true disruption of Antigravity lies not in static code generation, but in its ability to execute an iterative framework within the DevOps lifecycle.

Rather than generating isolated code, the agent operated as a collaborator aware of the repository and the Terraform lifecycle. While orchestrating the environments/dev directory, the agent autonomously structured:

The file architecture (main.tf, variables.tf, outputs.tf).

Initialization logic via CLI commands (terraform init and terraform fmt).

Selection of optimized images (Debian 11) to meet internal compliance policies.

Technical Architecture & Data Flow Below is a breakdown of the critical infrastructure components designed for this project.

A. Managed Database Isolation (Cloud SQL)
Exposing a database to the internet is an unacceptable risk. We utilized Private Services Access to connect our VPC with the Google Tenant Project.


+----------------------------------------------------+
| Your GCP Project (Consumer VPC)                    |
|                                                    |
|  +----------------------------------------------+  |
|  | VPC: "mysql-vpc-dev"                         |  |
|  |                                              |  |
|  |  [Global IP Range Reservation: /16]          |  |
|  |             |                                |  |
|  +-------------|--------------------------------+  |
|                |                                   |
|                v (Automatic VPC Peering)           |
|                                                    |
|  +----------------------------------------------+  |
|  | Google Managed Services (Tenant VPC)          |  |
|  |                                              |  |
|  |  +---------------------------------------+   |  |
|  |  | Cloud SQL Instance (MySQL 8.0)         |   |  |
|  |  | - IPv4_enabled: OFF                   |   |  |
|  |  | - Private IP (from reserved range)    |   |  |
|  |  +---------------------------------------+   |  |
|  +----------------------------------------------+  |
+----------------------------------------------------+

B. Next-Gen WAF Defenses via Cloud Armor
To protect backends, we delegate security to Google's Edge. Cloud Armor acts as a Layer 7 shield, filtering threats before they ever reach our compute instances.


              Inbound Web Traffic
                      |
                      v
       +-------------------------------+
       | Global HTTP Load Balancer     | 
       +--------------+----------------+
                      |
       +--------------v----------------+
       | Cloud Armor Security Policy   |  (L7 Filtering)
       | -> Blocks SQLi, XSS, LFI      |
       +--------------+----------------+
                      |
                      v (Sanitized Traffic)
+---------------------+-----------------------------------+
| Principal VPC                                           |
|   +-------------------------------------------------+   |
|   | Subnet                                          |   |
|   | Firewall: Allow ONLY Google LB IPs              |   |
|   |           (130.211.0.0/22 & 35.191.0.0/16)      |   |
|   |                                                 |   |
|   |   +-----------------------------------------+   |   |
|   |   | Managed Instance Group (MIG)            |   |   |
|   |   |  [ Apache Web Server VM - Debian 11 ]   |   |   |
|   |   +-----------------------------------------+   |   |
|   +-------------------------------------------------+   |
+---------------------------------------------------------+

Checkov: Closing the Governance Loop In a production workflow, compliance is vital. When integrating tools like Checkov, it is common to trigger security alerts. Antigravity helped us apply the Principle of Least Privilege, replacing default accounts with dedicated IAM Service Accounts.

For cases where the design required specific exceptions, the agent injected formal suppression syntax:

Terraform resource "google_compute_instance" "public_instance" { # checkov:skip=CKV_GCP_40: Public IP explicitly required for administrative bastion # checkov:skip=CKV_GCP_32: OS Login bypass authorized for this specific use-case name = "bastion-dev" machine_type = "e2-micro" ... }
Each exception was evaluated during the design phase and documented inline to preserve traceability and facilitate future audits.

The Future of Infrastructure The paquetesaction project demonstrates that the future of the cloud is hybrid: human strategic judgment amplified by AI execution speed. Our next steps involve expanding toward Vertex AI and consolidating security operations with Mandiant.

The infrastructure is code, and AI is its most powerful catalyst!

⚖️ Technical & Legal Safe Harbor Disclaimer
AUTHORSHIP AND INDEPENDENT CAPACITY: This publication is authored solely by me in my individual and private capacity. The views, methodologies, and technical workflows expressed herein are my own and do not necessarily reflect the official policy, position, or strategic direction of my current or former employers, clients, or any legal entity I am affiliated with.

INTELLECTUAL PROPERTY & CONFIDENTIALITY COMPLIANCE:

Zero Proprietary Disclosure: This content has been developed using publicly available information and personal research. No confidential information or internal proprietary source code belonging to any specific organization has been disclosed.

Independent Development: The workflows described are based on general industry best practices and were not developed as a "work for hire".

LIMITATION OF LIABILITY (NO WARRANTY): All code snippets and architectural patterns are provided "AS IS" without warranty of any kind.

COMPLIANCE: This contribution is made in good faith under the MIT-0 License for any included source code patterns.

🚀 Mastering the Hybrid Workflow: AWS Development with Kiro Pro (IDE + CLI)

luis zuñiga — Wed, 15 Apr 2026 15:48:29 +0000

Description
Stop choosing between a GUI and a Terminal. Learn how to leverage Kiro Pro, AWS MCPs, and a hybrid Windows/Linux workflow to build secure, well-architected cloud projects from scratch to deployment.

The Content
Hey fellow builders! 👋

As a Cloud Engineer, I’m always looking for ways to bridge the gap between "writing code" and "deploying securely." Lately, I’ve been experimenting with Kiro Pro and its AWS Model Context Protocol (MCP) integration.

I’ve found that the secret sauce isn't just using the tool—it's how you split the work between Windows (IDE) for planning and Linux (CLI) for the heavy lifting. I recently published a deep dive on this methodology, which you can check out here:

👉 The Art of Hybrid Development: Optimizing Application Lifecycles with Kiro Pro and AWS

Here’s the breakdown of one possible professional workflow for building high-quality AWS projects.

🏗️ Phase 1: The "Architect" (Kiro IDE on Windows)
I recommend using the IDE when you are in "creation mode." It’s where the logic is born.

The Setup
First, ensure your AWS MCPs are active. This gives the AI the "eyes" it needs to see your AWS environment in real-time.
The "Requirements-First" Strategy
Don't just prompt "build an app." Create a requirements.md file. This is your project's source of truth. Include:

User Stories: Step-by-step behavior.

Hard Constraints: e.g., "Never hardcode credentials—use AWS Secrets Manager." 🛡️

Visualizing with ASCII
Ask Kiro to generate an ASCII Flowchart. Seeing the data flow between the Frontend, Backend, and S3/DynamoDB in plain text helps catch logic flaws before you even start coding.
The Power Move: Claude 3.5/Opus
When it's time to generate the code, I suggest switching to Claude 3.5 Sonnet or Opus. The reasoning capabilities for Infrastructure as Code (IaC) are top-tier. Once validated, push everything to a private GitHub repo.

🐧 Phase 2: The "Operator" (Kiro CLI on Linux)
When it's time to get "dirty" with deployment, moving to a Linux VM ensures superior operational control.

Secure Credential Injection
Use a custom script to inject temporary AWS credentials. No long-term keys, no leaks.
Deep Contextualization
Once you clone the repo, run:
kiro prompt "Deep dive into local repo XXX and build full context."
This ensures the CLI knows exactly what was built in Phase 1.
The "Least Privilege" Audit 🔍
This is the most critical step. Ask Kiro to:

Validate credentials against the repo resources.

Output a JSON of required permissions. This allows for the creation of a scoped IAM Policy that follows the Principle of Least Privilege before hitting "deploy."

The "Smart" README & Technical Memory After a successful deploy, let Kiro handle the documentation. It can update the README.md with the actual execution findings and generate a Technical Memory file for future reference.

💡 Pro-Tips for the Community
Sync your MCPs: If your IDE knows something your CLI doesn't, you're going to have a bad time. Keep them updated.

Separation of Concerns: Use the IDE for Design and the CLI for Implementation.

Score your work: Ask Kiro for a "Project Score" at the end to see where you can optimize your AWS architecture.

What about you? Are you using Kiro or other AI-assisted tools for your AWS deployments? Check out my full article on AWS Builder Center and let’s discuss in the comments! 👇

aws #cloudcomputing #devops #kiropro #productivity #architecture #awsbuilders

INTELLECTUAL PROPERTY & CONFIDENTIALITY COMPLIANCE:

Zero Proprietary Disclosure: This content has been developed using publicly available information, official documentation, and personal research. No confidential information, trade secrets, internal proprietary source code, or non-public infrastructure schemas belonging to my employer or any third party have been used, referenced, or disclosed in this publication.

Independent Development: The workflows described (including the Kiro Pro / AWS hybrid methodology) are based on general industry best practices and were not developed as a "work for hire" or as part of specific assigned duties for any organization.

Standard Industry Tools: References to third-party tools (AWS, Kiro, Anthropic/Claude) are for educational purposes and based on commercially available features.

LIMITATION OF LIABILITY (NO WARRANTY): All code snippets, scripts, and architectural patterns are provided "AS IS" without warranty of any kind, express or implied, including but not limited to the warranties of merchantability or fitness for a particular purpose. In no event shall the author be liable for any claim, damages, or other liability arising from the use of this technical information.

COMPLIANCE: This contribution is made in good faith and intended to foster community knowledge under the AWS Builder Terms and the MIT-0 License for any included source code.

From Learning to Practice: Why I Decided to Stop Studying Privately and Start Sharing 🚀

luis zuñiga — Thu, 02 Apr 2026 02:38:58 +0000

Hi everyone! 👋
I’ve spent a long time immersed in courses, labs, and documentation. For months (and even years), my focus has been on absorbing as much as possible about Cloud Engineering, Data Analysis, and beyond. However, today I’ve made an important decision: to stop keeping my projects in local folders and start sharing them with the community.
I’ve realized that the best way to grow isn’t just by studying, but by exposing my work to the eyes of other professionals—to receive feedback, improve, and hopefully help someone else on a similar path.
🛠️ My first contribution: Data Processing
Today, I’m sharing a repository I’ve been working on. It’s a tool designed to standardize and streamline data processing in Python, which is essential when seeking efficiency in Cloud environments.
🌟 Why did I decide to publish it today?
Validation: I want to know if the solutions I design follow industry best practices.
Community: I firmly believe the developer ecosystem thrives when we share what we learn.
Transparency: This marks the beginning of my public portfolio, showcasing my real evolution in technologies like AWS and GCP.
💻 Explore the repository
I invite you to check out the code, clone it, or even critique it (constructively, of course!). Any suggestions on how to optimize it are more than welcome.
👉 Project URL: https://github.com/luiszuniga1990/data-processing.git