<?xml version="1.0" encoding="UTF-8"?>
<rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom" xmlns:dc="http://purl.org/dc/elements/1.1/">
  <channel>
    <title>DEV Community: Hamza Rafique</title>
    <description>The latest articles on DEV Community by Hamza Rafique (@hamza_rafique_ee4b2091ff6).</description>
    <link>https://dev.to/hamza_rafique_ee4b2091ff6</link>
    <image>
      <url>https://media2.dev.to/dynamic/image/width=90,height=90,fit=cover,gravity=auto,format=auto/https:%2F%2Fdev-to-uploads.s3.us-east-2.amazonaws.com%2Fuploads%2Fuser%2Fprofile_image%2F3960970%2F1be4b3d0-29f0-4be4-8c43-0e98becc2a03.png</url>
      <title>DEV Community: Hamza Rafique</title>
      <link>https://dev.to/hamza_rafique_ee4b2091ff6</link>
    </image>
    <atom:link rel="self" type="application/rss+xml" href="https://dev.to/feed/hamza_rafique_ee4b2091ff6"/>
    <language>en</language>
    <item>
      <title>CI/CD Secrets (SSM vs Secrets Manager)</title>
      <dc:creator>Hamza Rafique</dc:creator>
      <pubDate>Tue, 23 Jun 2026 09:48:18 +0000</pubDate>
      <link>https://dev.to/hamza_rafique_ee4b2091ff6/cicd-secrets-ssm-vs-secrets-manager-3861</link>
      <guid>https://dev.to/hamza_rafique_ee4b2091ff6/cicd-secrets-ssm-vs-secrets-manager-3861</guid>
      <description>&lt;p&gt;&lt;a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.us-east-2.amazonaws.com%2Fuploads%2Farticles%2Fkej22ytoblh2sboisssn.png" class="article-body-image-wrapper"&gt;&lt;img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.us-east-2.amazonaws.com%2Fuploads%2Farticles%2Fkej22ytoblh2sboisssn.png" alt=" " width="800" height="800"&gt;&lt;/a&gt;&lt;br&gt;
Found a hardcoded DB password sitting in a CodeBuild pipeline last quarter.&lt;/p&gt;

&lt;p&gt;It had been there 14 months. Nobody noticed.&lt;/p&gt;

&lt;p&gt;This stuff happens more than people admit. And the fix is genuinely not complicated.&lt;/p&gt;

&lt;p&gt;If something rotates — DB credentials, API keys, OAuth tokens — it goes in Secrets Manager. Full stop. Auto-rotation built in, native RDS integration, full audit trail in CloudTrail. Costs $0.40 a month per secret.&lt;/p&gt;

&lt;p&gt;Everything else — feature flags, app config, environment values — SSM Parameter Store. Free tier. KMS encryption on SecureString. IAM controls per environment.&lt;/p&gt;

&lt;p&gt;The thing most teams get wrong: they shove credentials into plain-text CodeBuild env vars because it's faster in the moment. Those values show up in build logs. Anybody with log access can read them.&lt;/p&gt;

&lt;p&gt;One leaked key is all it takes. Uber found that out. Capital One found that out.&lt;/p&gt;

&lt;p&gt;$0.40 a month versus a breach investigation. That's the actual tradeoff.&lt;/p&gt;

&lt;p&gt;How does your team handle secrets in CI/CD right now? Curious if people are actually enforcing this or just saying they are.&lt;/p&gt;

</description>
      <category>aws</category>
      <category>cloudsecurity</category>
      <category>devops</category>
      <category>hiring</category>
    </item>
    <item>
      <title>Developer will need to understand lambda by 2026</title>
      <dc:creator>Hamza Rafique</dc:creator>
      <pubDate>Sun, 31 May 2026 09:38:10 +0000</pubDate>
      <link>https://dev.to/hamza_rafique_ee4b2091ff6/developer-will-need-to-understand-lambda-by-2026-4gg</link>
      <guid>https://dev.to/hamza_rafique_ee4b2091ff6/developer-will-need-to-understand-lambda-by-2026-4gg</guid>
      <description>&lt;p&gt;I used to deploy Node.js apps on EC2 and manage servers like it was my second job.&lt;/p&gt;

&lt;p&gt;Port configs. PM2 restarts. Nginx rewrites. SSL renewals.&lt;/p&gt;

&lt;p&gt;Then I ran my first AWS Lambda function.&lt;/p&gt;

&lt;p&gt;80% of that work is gone.&lt;/p&gt;

&lt;p&gt;Here's what Lambda actually does that nobody explains clearly:&lt;/p&gt;

&lt;ol&gt;
&lt;li&gt;→ You write a function&lt;/li&gt;
&lt;li&gt;→ AWS runs it ONLY when triggered&lt;/li&gt;
&lt;li&gt;→ You pay for milliseconds of execution&lt;/li&gt;
&lt;li&gt;→ It scales from 1 to 1,000,000 requests without you touching anything&lt;/li&gt;
&lt;/ol&gt;

&lt;p&gt;As a full-stack developer in Bahrain, preparing for my AWS Developer Associate exam, this is the shift that changes how you think about backend architecture.&lt;/p&gt;

&lt;p&gt;Not "how do I manage a server" but "what should happen when this event fires."&lt;/p&gt;

&lt;p&gt;That mental model switch took me a week to fully get.&lt;/p&gt;

&lt;p&gt;I'm documenting everything as I study.&lt;/p&gt;

&lt;p&gt;Drop a 🔥 if you want me to share my Lambda notes weekly.&lt;/p&gt;

</description>
      <category>awslambda</category>
      <category>ai</category>
      <category>serverless</category>
      <category>awscertified</category>
    </item>
  </channel>
</rss>
