<?xml version="1.0" encoding="UTF-8"?>
<rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom">
  <channel>
    <title>Toc Consulting - AWS Security &amp; Cloud Architecture Blog</title>
    <link>https://tocconsulting.fr/blog</link>
    <description>Practitioner-level articles on AWS security and cloud architecture from Toc Consulting.</description>
    <language>en-us</language>
    <lastBuildDate>Tue, 23 Jun 2026 12:00:00 GMT</lastBuildDate>
    <atom:link href="https://tocconsulting.fr/blog/rss.xml" rel="self" type="application/rss+xml" />
    <generator>scripts/generate-blog-rss.mjs</generator>
    <image>
      <url>https://tocconsulting.fr/logos/og-image.png</url>
      <title>Toc Consulting - AWS Security &amp; Cloud Architecture Blog</title>
      <link>https://tocconsulting.fr/blog</link>
    </image>
    <item>
      <title>Chaos Engineering on AWS: Running a Program with GameDays and Continuous Chaos</title>
      <link>https://tocconsulting.fr/blog/chaos-engineering-running-a-program</link>
      <guid isPermaLink="true">https://tocconsulting.fr/blog/chaos-engineering-running-a-program</guid>
      <pubDate>Tue, 23 Jun 2026 12:00:00 GMT</pubDate>
      <description>One experiment is a demo. A program is what builds resilience. Turn FIS experiments into an ongoing practice: the resilience flywheel, GameDays, continuous automated chaos on a schedule and in CI/CD, and AWS Resilience Hub. Includes a real, validated EventBridge Scheduler setup and the jsonencode gotcha that makes a recurring schedule silently run only once.</description>
    </item>
    <item>
      <title>Chaos Engineering on AWS: Multi-Region Disaster Recovery and Measuring Real RPO</title>
      <link>https://tocconsulting.fr/blog/chaos-engineering-multi-region-dr</link>
      <guid isPermaLink="true">https://tocconsulting.fr/blog/chaos-engineering-multi-region-dr</guid>
      <pubDate>Mon, 22 Jun 2026 12:00:00 GMT</pubDate>
      <description>Stop talking about disaster recovery and measure it. Pause DynamoDB global table replication with AWS FIS while a live two-Region application keeps writing, then count exactly how many records the surviving Region cannot see. Real Terraform, real RPO, real recovery time.</description>
    </item>
    <item>
      <title>Chaos Engineering on AWS: Containers and Serverless with FIS (ECS Fargate and Lambda)</title>
      <link>https://tocconsulting.fr/blog/chaos-engineering-containers-and-serverless</link>
      <guid isPermaLink="true">https://tocconsulting.fr/blog/chaos-engineering-containers-and-serverless</guid>
      <pubDate>Fri, 19 Jun 2026 12:00:00 GMT</pubDate>
      <description>Leave EC2 behind. Stop a whole Fargate task set and force AWS Lambda invocations to error and to stall, using AWS FIS. Real Terraform, real numbers, and the exact setup gotchas for the Lambda fault-injection extension.</description>
    </item>
    <item>
      <title>Chaos Engineering on AWS: Dependency and API Faults with FIS</title>
      <link>https://tocconsulting.fr/blog/chaos-engineering-dependency-and-api-faults</link>
      <guid isPermaLink="true">https://tocconsulting.fr/blog/chaos-engineering-dependency-and-api-faults</guid>
      <pubDate>Thu, 18 Jun 2026 12:00:00 GMT</pubDate>
      <description>Sever the DynamoDB and S3 endpoints an application quietly depends on, using AWS FIS, and watch whether one dependency outage stays contained or takes the whole app down. Real Terraform, real per-endpoint numbers.</description>
    </item>
    <item>
      <title>Chaos Engineering on AWS: Surviving an Availability Zone Failure with FIS and Static Stability</title>
      <link>https://tocconsulting.fr/blog/chaos-engineering-availability-zone-failure</link>
      <guid isPermaLink="true">https://tocconsulting.fr/blog/chaos-engineering-availability-zone-failure</guid>
      <pubDate>Wed, 17 Jun 2026 12:00:00 GMT</pubDate>
      <description>Take down an entire Availability Zone with AWS FIS: stop every instance in it, blackhole its subnet, and fail Aurora over. See whether a multi-AZ architecture really survives, and the roughly two-minute window that static stability does not erase.</description>
    </item>
    <item>
      <title>Chaos Engineering on AWS: CPU, Memory, and Network Faults with AWS FIS and SSM</title>
      <link>https://tocconsulting.fr/blog/chaos-engineering-stress-and-network-faults</link>
      <guid isPermaLink="true">https://tocconsulting.fr/blog/chaos-engineering-stress-and-network-faults</guid>
      <pubDate>Tue, 16 Jun 2026 12:00:00 GMT</pubDate>
      <description>Inject CPU stress, memory pressure, network latency, and packet loss into a whole EC2 fleet with AWS FIS. Watch network faults turn a healthy service into 7-second page loads while every error dashboard stays green. Real Terraform, real numbers.</description>
    </item>
    <item>
      <title>Chaos Engineering on AWS: Graceful Degradation with Circuit Breakers, SQS, and a DynamoDB Cache</title>
      <link>https://tocconsulting.fr/blog/chaos-engineering-graceful-degradation</link>
      <guid isPermaLink="true">https://tocconsulting.fr/blog/chaos-engineering-graceful-degradation</guid>
      <pubDate>Mon, 15 Jun 2026 12:00:00 GMT</pubDate>
      <description>When the database is completely gone, RDS Proxy and retries cannot help. Survive an extended Aurora outage with a circuit breaker, a DynamoDB read cache, and SQS write buffering. Real Terraform, real outage, real numbers.</description>
    </item>
    <item>
      <title>Chaos Engineering on AWS: Database Resilience with Aurora Failover, RDS Proxy, and Read/Write Separation</title>
      <link>https://tocconsulting.fr/blog/chaos-engineering-database-resilience</link>
      <guid isPermaLink="true">https://tocconsulting.fr/blog/chaos-engineering-database-resilience</guid>
      <pubDate>Fri, 12 Jun 2026 12:00:00 GMT</pubDate>
      <description>Force an Aurora failover with AWS FIS and watch your application break. Then fix it with RDS Proxy, read/write separation, and retry logic. Real Terraform code, real experiment results.</description>
    </item>
    <item>
      <title>Chaos Engineering on AWS: Observability and Stop Conditions with CloudWatch and FIS</title>
      <link>https://tocconsulting.fr/blog/chaos-engineering-observability-first</link>
      <guid isPermaLink="true">https://tocconsulting.fr/blog/chaos-engineering-observability-first</guid>
      <pubDate>Thu, 11 Jun 2026 12:00:00 GMT</pubDate>
      <description>Add CloudWatch dashboards, alarms, and FIS stop conditions to your chaos engineering lab. See how guardrails automatically abort experiments when things go wrong.</description>
    </item>
    <item>
      <title>Chaos Engineering on AWS: Your First Experiment with AWS FIS</title>
      <link>https://tocconsulting.fr/blog/chaos-engineering-what-is-chaos</link>
      <guid isPermaLink="true">https://tocconsulting.fr/blog/chaos-engineering-what-is-chaos</guid>
      <pubDate>Wed, 10 Jun 2026 12:00:00 GMT</pubDate>
      <description>A hands-on introduction to chaos engineering on AWS. Deploy a product catalog API backed by Aurora, then break it with AWS Fault Injection Service to find the gap between your architecture diagram and reality.</description>
    </item>
    <item>
      <title>The Code Is Still Yours: Application-Layer Security for AWS Lambda</title>
      <link>https://tocconsulting.fr/blog/application-layer-lambda-security</link>
      <guid isPermaLink="true">https://tocconsulting.fr/blog/application-layer-lambda-security</guid>
      <pubDate>Tue, 09 Jun 2026 12:00:00 GMT</pubDate>
      <description>Part 4 of 4 in the Lambda Security Series. The half no posture scanner reaches: event-data injection, stealable execution-role credentials, insecure deserialization, dependency and code scanning, runtime secrets, and detection.</description>
    </item>
    <item>
      <title>From Findings to Fixed: Lambda Compliance Mapping and Remediation</title>
      <link>https://tocconsulting.fr/blog/lambda-compliance-and-remediation</link>
      <guid isPermaLink="true">https://tocconsulting.fr/blog/lambda-compliance-and-remediation</guid>
      <pubDate>Thu, 04 Jun 2026 12:00:00 GMT</pubDate>
      <description>Part 3 of 4 in the Lambda Security Series. Map every Lambda security finding to ten compliance frameworks (PCI DSS, HIPAA, SOC 2, ISO 27001, NIST, GDPR), then fix each of the 19 checks with a precise AWS CLI command.</description>
    </item>
    <item>
      <title>Inside lambda-security-scanner: 19 Checks Across Every Function in Your Account</title>
      <link>https://tocconsulting.fr/blog/inside-lambda-security-scanner</link>
      <guid isPermaLink="true">https://tocconsulting.fr/blog/inside-lambda-security-scanner</guid>
      <pubDate>Sat, 30 May 2026 12:00:00 GMT</pubDate>
      <description>Part 2 of 4 in the Lambda Security Series. A deep look at lambda-security-scanner: 19 read-only checks across configuration, access control, network, logging, and supply chain, scored 0 to 100 and mapped to ten compliance frameworks.</description>
    </item>
    <item>
      <title>The State of AWS Lambda Security in 2026 | Toc Consulting</title>
      <link>https://tocconsulting.fr/blog/state-of-aws-lambda-security-2026</link>
      <guid isPermaLink="true">https://tocconsulting.fr/blog/state-of-aws-lambda-security-2026</guid>
      <pubDate>Mon, 25 May 2026 12:00:00 GMT</pubDate>
      <description>Serverless does not mean secure. The real AWS Lambda attack surface in 2026: overprivileged IAM roles, secrets in env vars, public function URLs, deprecated runtimes, and event injection.</description>
    </item>
    <item>
      <title>Run AI Locally for AWS Security Work: The Complete Ollama Guide</title>
      <link>https://tocconsulting.fr/blog/ollama-local-ai-aws-security</link>
      <guid isPermaLink="true">https://tocconsulting.fr/blog/ollama-local-ai-aws-security</guid>
      <pubDate>Mon, 30 Mar 2026 12:00:00 GMT</pubDate>
      <description>Stop sending your IAM policies, CloudTrail logs, and infrastructure code to third-party APIs. Run LLMs locally with Ollama on Apple Silicon: private, offline, fast. Complete setup guide with AWS security use cases.</description>
    </item>
    <item>
      <title>Anatomy of a Supply Chain Attack: How LiteLLM Was Weaponized in 6 Hours</title>
      <link>https://tocconsulting.fr/blog/litellm-supply-chain-anatomy</link>
      <guid isPermaLink="true">https://tocconsulting.fr/blog/litellm-supply-chain-anatomy</guid>
      <pubDate>Wed, 25 Mar 2026 12:00:00 GMT</pubDate>
      <description>A deep technical breakdown of how threat actor TeamPCP compromised Trivy, pivoted to LiteLLM, and turned a popular AI proxy into a credential-stealing weapon targeting AWS IMDS, Secrets Manager, and Kubernetes.</description>
    </item>
    <item>
      <title>AWS Security Cards: Free Offensive Security Reference for 60 AWS Services</title>
      <link>https://tocconsulting.fr/blog/aws-security-cards-announcement</link>
      <guid isPermaLink="true">https://tocconsulting.fr/blog/aws-security-cards-announcement</guid>
      <pubDate>Tue, 17 Mar 2026 12:00:00 GMT</pubDate>
      <description>Free, open-source security reference cards covering attack vectors, misconfigurations, enumeration commands, privilege escalation, persistence, detection, and defense for 60 AWS services.</description>
    </item>
    <item>
      <title>I Just Became an AWS Community Builder ... And I Owe It to You</title>
      <link>https://tocconsulting.fr/blog/aws-community-builder-announcement</link>
      <guid isPermaLink="true">https://tocconsulting.fr/blog/aws-community-builder-announcement</guid>
      <pubDate>Fri, 06 Mar 2026 12:00:00 GMT</pubDate>
      <description>A thank you to my readers, and a call to support open source AWS tools.</description>
    </item>
    <item>
      <title>awsmap v1.5.0: Your AWS Inventory Now Has a Brain</title>
      <link>https://tocconsulting.fr/blog/awsmap-v150-your-aws-inventory-now-has-a-brain</link>
      <guid isPermaLink="true">https://tocconsulting.fr/blog/awsmap-v150-your-aws-inventory-now-has-a-brain</guid>
      <pubDate>Thu, 26 Feb 2026 12:00:00 GMT</pubDate>
      <description>A few weeks ago I published awsmap. Scan your AWS account. 140 services. One command. This is v1.5.0 with SQLite storage, natural language queries, pre-built security audits, and multi-account support.</description>
    </item>
    <item>
      <title>AWS Security Audit Checklist: The Complete 2026 Guide</title>
      <link>https://tocconsulting.fr/blog/aws-security-audit-checklist</link>
      <guid isPermaLink="true">https://tocconsulting.fr/blog/aws-security-audit-checklist</guid>
      <pubDate>Tue, 10 Feb 2026 12:00:00 GMT</pubDate>
      <description>A comprehensive AWS security audit checklist covering IAM, S3, networking, logging, and compliance. Follow this step-by-step guide to secure your AWS infrastructure.</description>
    </item>
    <item>
      <title>AWS IAM Security Best Practices: A Comprehensive Guide</title>
      <link>https://tocconsulting.fr/blog/aws-iam-best-practices</link>
      <guid isPermaLink="true">https://tocconsulting.fr/blog/aws-iam-best-practices</guid>
      <pubDate>Thu, 05 Feb 2026 12:00:00 GMT</pubDate>
      <description>Learn the essential AWS IAM best practices to secure your cloud environment. Covers least privilege, MFA, roles, policies, and access management strategies.</description>
    </item>
    <item>
      <title>awsmap \u2014 Find Everything Running in Your AWS Account</title>
      <link>https://tocconsulting.fr/blog/awsmap-resource-discovery</link>
      <guid isPermaLink="true">https://tocconsulting.fr/blog/awsmap-resource-discovery</guid>
      <pubDate>Sun, 01 Feb 2026 12:00:00 GMT</pubDate>
      <description>A CLI tool that scans 140+ AWS services across all regions in about 130 seconds, generating HTML, JSON, or CSV inventory reports for audits, cost analysis, and security reviews.</description>
    </item>
    <item>
      <title>Episode 5: Load Balancer Security Auditor - SSL, Protocols, and Public Exposure</title>
      <link>https://tocconsulting.fr/blog/aws-arsenal-ep5-load-balancer</link>
      <guid isPermaLink="true">https://tocconsulting.fr/blog/aws-arsenal-ep5-load-balancer</guid>
      <pubDate>Thu, 29 Jan 2026 12:00:00 GMT</pubDate>
      <description>Audit all AWS load balancers across regions in one command. Detect HTTP listeners on public ALBs, outdated TLS policies, unhealthy targets, and insecure configurations.</description>
    </item>
    <item>
      <title>AWS S3 Security: How to Prevent Data Leaks in 2026</title>
      <link>https://tocconsulting.fr/blog/aws-s3-security-guide</link>
      <guid isPermaLink="true">https://tocconsulting.fr/blog/aws-s3-security-guide</guid>
      <pubDate>Wed, 28 Jan 2026 12:00:00 GMT</pubDate>
      <description>Complete guide to securing your AWS S3 buckets. Learn how to prevent data leaks with bucket policies, encryption, access controls, and monitoring.</description>
    </item>
    <item>
      <title>Cryptex \u2014 Because openssl rand -base64 32 Gets Old Fast</title>
      <link>https://tocconsulting.fr/blog/cryptex-cli-tool</link>
      <guid isPermaLink="true">https://tocconsulting.fr/blog/cryptex-cli-tool</guid>
      <pubDate>Tue, 27 Jan 2026 12:00:00 GMT</pubDate>
      <description>A CLI tool that generates cryptographically secure passwords with compliance templates, .env file generation, secret manager integration, and TOTP support.</description>
    </item>
    <item>
      <title>AWS Compliance Guide: HIPAA, GDPR, PCI DSS &amp; SOC 2</title>
      <link>https://tocconsulting.fr/blog/aws-compliance-guide</link>
      <guid isPermaLink="true">https://tocconsulting.fr/blog/aws-compliance-guide</guid>
      <pubDate>Tue, 20 Jan 2026 12:00:00 GMT</pubDate>
      <description>Navigate AWS compliance requirements for HIPAA, GDPR, PCI DSS, and SOC 2. Learn which AWS services help you meet regulatory obligations.</description>
    </item>
    <item>
      <title>The Hidden Backbone of the Internet: Why S3 Security Should Keep You Up at Night</title>
      <link>https://tocconsulting.fr/blog/s3-security-why-it-matters</link>
      <guid isPermaLink="true">https://tocconsulting.fr/blog/s3-security-why-it-matters</guid>
      <pubDate>Thu, 15 Jan 2026 12:00:00 GMT</pubDate>
      <description>Part 1 of the S3 Security Series. Explore the major S3 data breaches of the past decade and why Amazon S3 security matters more than most people realize.</description>
    </item>
    <item>
      <title>The Anatomy of S3 Security: 22 Checks That Stand Between You and a Data Breach</title>
      <link>https://tocconsulting.fr/blog/s3-security-22-checks</link>
      <guid isPermaLink="true">https://tocconsulting.fr/blog/s3-security-22-checks</guid>
      <pubDate>Wed, 14 Jan 2026 12:00:00 GMT</pubDate>
      <description>Part 2 of the S3 Security Series. Learn the 22 critical security checks every S3 bucket needs, mapped to 9 compliance frameworks including CIS, PCI-DSS, and HIPAA.</description>
    </item>
    <item>
      <title>Building an S3 Security Scanner: From Frustration to Open Source</title>
      <link>https://tocconsulting.fr/blog/s3-security-scanner-open-source</link>
      <guid isPermaLink="true">https://tocconsulting.fr/blog/s3-security-scanner-open-source</guid>
      <pubDate>Wed, 14 Jan 2026 12:00:00 GMT</pubDate>
      <description>Part 3 of the S3 Security Series. Learn about the open-source S3 Security Scanner tool that automates 22 security checks, DNS takeover detection, and bucket discovery.</description>
    </item>
    <item>
      <title>I Built a Free AWS IAM Activity Tracker Because CloudTrail Alone Isn&apos;t Enough</title>
      <link>https://tocconsulting.fr/blog/iam-activity-tracker</link>
      <guid isPermaLink="true">https://tocconsulting.fr/blog/iam-activity-tracker</guid>
      <pubDate>Mon, 12 Jan 2026 12:00:00 GMT</pubDate>
      <description>A serverless IAM activity monitoring tool that tracks IAM, STS, and console signin events across all AWS regions with real-time security alerts and long-term analytics.</description>
    </item>
    <item>
      <title>Fixing S3 Security Issues: A Practical Remediation Guide</title>
      <link>https://tocconsulting.fr/blog/s3-security-remediation-guide</link>
      <guid isPermaLink="true">https://tocconsulting.fr/blog/s3-security-remediation-guide</guid>
      <pubDate>Mon, 12 Jan 2026 12:00:00 GMT</pubDate>
      <description>Part 4 of the S3 Security Series. Step-by-step remediation for critical S3 security issues with AWS Console, CLI, and Python boto3 examples.</description>
    </item>
    <item>
      <title>Key AWS Security Updates in 2025 - Complete Timeline</title>
      <link>https://tocconsulting.fr/blog/aws-security-updates-2025</link>
      <guid isPermaLink="true">https://tocconsulting.fr/blog/aws-security-updates-2025</guid>
      <pubDate>Sat, 20 Dec 2025 12:00:00 GMT</pubDate>
      <description>The most impactful AWS security changes in 2025: SCPs got full IAM language support, GuardDuty detects multi-stage attacks, Inspector expanded to SAST and IaC, post-quantum cryptography arrived, and HashiCorp deprecated CDKTF.</description>
    </item>
    <item>
      <title>Episode 2: The MFA Enforcement Scanner - Automating Your Security Blind Spot</title>
      <link>https://tocconsulting.fr/blog/aws-arsenal-ep2-mfa-scanner</link>
      <guid isPermaLink="true">https://tocconsulting.fr/blog/aws-arsenal-ep2-mfa-scanner</guid>
      <pubDate>Wed, 03 Sep 2025 12:00:00 GMT</pubDate>
      <description>Build an automated MFA compliance scanner that identifies IAM users with console access but no MFA enabled, with risk-based prioritization and Lambda monitoring.</description>
    </item>
    <item>
      <title>Episode 3: Public RDS Detective - Finding Your Exposed Databases Before Attackers Do</title>
      <link>https://tocconsulting.fr/blog/aws-arsenal-ep3-rds-detective</link>
      <guid isPermaLink="true">https://tocconsulting.fr/blog/aws-arsenal-ep3-rds-detective</guid>
      <pubDate>Wed, 03 Sep 2025 12:00:00 GMT</pubDate>
      <description>Build automated scanners that identify publicly accessible RDS databases, analyze security groups, check encryption, and generate remediation commands across all AWS regions.</description>
    </item>
    <item>
      <title>Episode 4: S3 Exposure Hunter - Preventing the Data Breaches That Make Headlines</title>
      <link>https://tocconsulting.fr/blog/aws-arsenal-ep4-s3-exposure</link>
      <guid isPermaLink="true">https://tocconsulting.fr/blog/aws-arsenal-ep4-s3-exposure</guid>
      <pubDate>Wed, 03 Sep 2025 12:00:00 GMT</pubDate>
      <description>Detect and remediate exposed S3 buckets by analyzing ACLs, bucket policies, public access blocks, and website hosting configurations with automated scanning tools.</description>
    </item>
    <item>
      <title>Episode 1: Hunting Deprecated Lambda Runtimes - Before They Become Problems</title>
      <link>https://tocconsulting.fr/blog/aws-arsenal-ep1-lambda-runtimes</link>
      <guid isPermaLink="true">https://tocconsulting.fr/blog/aws-arsenal-ep1-lambda-runtimes</guid>
      <pubDate>Mon, 01 Sep 2025 12:00:00 GMT</pubDate>
      <description>Learn how to systematically identify Lambda functions running on deprecated runtimes across all AWS regions with CLI and Lambda automation tools.</description>
    </item>
    <item>
      <title>AWS Security &amp; Cost Optimization Arsenal: From CLI to Lambda Automation</title>
      <link>https://tocconsulting.fr/blog/aws-security-arsenal-introduction</link>
      <guid isPermaLink="true">https://tocconsulting.fr/blog/aws-security-arsenal-introduction</guid>
      <pubDate>Mon, 01 Sep 2025 12:00:00 GMT</pubDate>
      <description>Introducing a 14-episode series of production-ready AWS security and cost optimization scripts. Each tool comes as both a CLI version and a Lambda version for automated monitoring.</description>
    </item>
    <item>
      <title>How Netflix Serves 300+ Million Users Without Owning a Single Server</title>
      <link>https://tocconsulting.fr/blog/netflix-cloud-architecture</link>
      <guid isPermaLink="true">https://tocconsulting.fr/blog/netflix-cloud-architecture</guid>
      <pubDate>Wed, 30 Jul 2025 12:00:00 GMT</pubDate>
      <description>The story of Netflix&apos;s historic 7-year cloud migration to AWS and the microservices architecture that powers global streaming for 300+ million subscribers.</description>
    </item>
    <item>
      <title>Mastering AWS SAM for Python Lambda: The Ultimate Hands-On Guide</title>
      <link>https://tocconsulting.fr/blog/aws-sam-python-guide</link>
      <guid isPermaLink="true">https://tocconsulting.fr/blog/aws-sam-python-guide</guid>
      <pubDate>Tue, 15 Jul 2025 12:00:00 GMT</pubDate>
      <description>A complete beginner-to-builder guide for AWS SAM with Python. Learn to create, test locally, deploy, debug, and manage serverless APIs step by step.</description>
    </item>
    <item>
      <title>The $10 Billion Mistake That Revolutionized Computing Forever (And Why Your USB Drive Is Now a Museum Piece)</title>
      <link>https://tocconsulting.fr/blog/cloud-computing-revolution</link>
      <guid isPermaLink="true">https://tocconsulting.fr/blog/cloud-computing-revolution</guid>
      <pubDate>Tue, 08 Jul 2025 12:00:00 GMT</pubDate>
      <description>From forgotten USB drives to the cloud revolution: how Drew Houston&apos;s bus ride and Amazon S3&apos;s launch changed computing forever, validated by Instagram&apos;s $1B acquisition.</description>
    </item>
    <item>
      <title>Building a Production-Ready Serverless File Sharing Platform on AWS</title>
      <link>https://tocconsulting.fr/blog/serverless-file-sharing</link>
      <guid isPermaLink="true">https://tocconsulting.fr/blog/serverless-file-sharing</guid>
      <pubDate>Tue, 08 Jul 2025 12:00:00 GMT</pubDate>
      <description>How I built a secure, scalable file sharing solution using AWS Lambda, API Gateway, and Cognito with zero infrastructure to manage and 91% cost reduction.</description>
    </item>
    <item>
      <title>Stop Reinventing Authentication: How I Built a Production-Ready Auth API That Scales to 50K Users for Free</title>
      <link>https://tocconsulting.fr/blog/serverless-auth-api</link>
      <guid isPermaLink="true">https://tocconsulting.fr/blog/serverless-auth-api</guid>
      <pubDate>Sun, 06 Jul 2025 12:00:00 GMT</pubDate>
      <description>How I built CognitoApi, an open-source serverless authentication API on AWS Cognito that handles 50,000 users for free with MFA, token management, and complete user lifecycle support.</description>
    </item>
    <item>
      <title>AWS Architecture Patterns: Proven Blueprints for Scalable Cloud Applications</title>
      <link>https://tocconsulting.fr/blog/architecture-patterns</link>
      <guid isPermaLink="true">https://tocconsulting.fr/blog/architecture-patterns</guid>
      <pubDate>Mon, 23 Jun 2025 12:00:00 GMT</pubDate>
      <description>Six production-proven AWS architecture patterns: three-tier web apps, serverless APIs, event-driven processing, static websites, data lakes, and multi-region disaster recovery with diagrams and implementation guides.</description>
    </item>
    <item>
      <title>AWS Cost Optimization: Reduce Your Cloud Bill Without Sacrificing Performance</title>
      <link>https://tocconsulting.fr/blog/cost-optimization</link>
      <guid isPermaLink="true">https://tocconsulting.fr/blog/cost-optimization</guid>
      <pubDate>Mon, 16 Jun 2025 12:00:00 GMT</pubDate>
      <description>Complete guide to AWS cost optimization covering Cost Explorer, Compute Optimizer, Savings Plans, Spot Instances, S3 lifecycle policies, gp2 to gp3 migration, scheduling, budgets, and production best practices.</description>
    </item>
    <item>
      <title>AWS AI and ML Services: Add Intelligence to Your Applications</title>
      <link>https://tocconsulting.fr/blog/ai-ml-services</link>
      <guid isPermaLink="true">https://tocconsulting.fr/blog/ai-ml-services</guid>
      <pubDate>Mon, 09 Jun 2025 12:00:00 GMT</pubDate>
      <description>Complete guide to AWS AI services including Rekognition, Comprehend, Textract, Polly, Translate, Transcribe, and Bedrock with CLI commands, pricing, and production best practices.</description>
    </item>
    <item>
      <title>Amazon CloudFront Deep Dive: CDN, Caching, and Edge Computing on AWS</title>
      <link>https://tocconsulting.fr/blog/cloudfront-cdn-speed</link>
      <guid isPermaLink="true">https://tocconsulting.fr/blog/cloudfront-cdn-speed</guid>
      <pubDate>Mon, 02 Jun 2025 12:00:00 GMT</pubDate>
      <description>Complete guide to Amazon CloudFront covering S3 origins with OAC, cache policies, path-based routing, origin failover, CloudFront Functions, Lambda@Edge, WAF, signed URLs, invalidation, pricing, and monitoring.</description>
    </item>
    <item>
      <title>Amazon SQS and SNS Deep Dive: Messaging and Event-Driven Architecture on AWS</title>
      <link>https://tocconsulting.fr/blog/sqs-sns-messaging</link>
      <guid isPermaLink="true">https://tocconsulting.fr/blog/sqs-sns-messaging</guid>
      <pubDate>Mon, 26 May 2025 12:00:00 GMT</pubDate>
      <description>Complete guide to Amazon SQS and SNS covering standard and FIFO queues, dead-letter queues, SNS fan-out, message filtering, Lambda integration, encryption, pricing, and event-driven architecture patterns.</description>
    </item>
    <item>
      <title>EKS: Kubernetes on AWS Deep Dive (Part 3/3)</title>
      <link>https://tocconsulting.fr/blog/eks-kubernetes-aws</link>
      <guid isPermaLink="true">https://tocconsulting.fr/blog/eks-kubernetes-aws</guid>
      <pubDate>Mon, 19 May 2025 12:00:00 GMT</pubDate>
      <description>Complete guide to Amazon EKS covering cluster creation with eksctl, managed node groups, Fargate on EKS, Kubernetes manifests, IRSA, EKS Pod Identity, AWS Load Balancer Controller, Karpenter autoscaling, and the ECS vs EKS decision guide.</description>
    </item>
    <item>
      <title>ECS Production Patterns: Deployments, Auto-Scaling, and CI/CD (Part 2/3)</title>
      <link>https://tocconsulting.fr/blog/ecs-production-patterns</link>
      <guid isPermaLink="true">https://tocconsulting.fr/blog/ecs-production-patterns</guid>
      <pubDate>Mon, 12 May 2025 12:00:00 GMT</pubDate>
      <description>Production patterns for Amazon ECS covering rolling updates, blue-green deployments with CodeDeploy, auto-scaling, Fargate Spot, secrets management, CI/CD pipelines, AWS Batch, and cost optimization.</description>
    </item>
    <item>
      <title>Containers on AWS: ECR, ECS, and Fargate Deep Dive (Part 1/3)</title>
      <link>https://tocconsulting.fr/blog/containers-ecs-fargate</link>
      <guid isPermaLink="true">https://tocconsulting.fr/blog/containers-ecs-fargate</guid>
      <pubDate>Mon, 05 May 2025 12:00:00 GMT</pubDate>
      <description>Complete guide to running containers on AWS with ECR, ECS, and Fargate. Covers task definitions, services, networking, load balancing, IAM roles, service discovery, logging, and CloudFormation deployment.</description>
    </item>
    <item>
      <title>Amazon CloudWatch Deep Dive: Monitoring, Logging, and Observability on AWS</title>
      <link>https://tocconsulting.fr/blog/cloudwatch-monitoring-deep-dive</link>
      <guid isPermaLink="true">https://tocconsulting.fr/blog/cloudwatch-monitoring-deep-dive</guid>
      <pubDate>Mon, 28 Apr 2025 12:00:00 GMT</pubDate>
      <description>Complete guide to Amazon CloudWatch covering metrics, alarms, Logs Insights, CloudWatch Agent, dashboards, anomaly detection, Synthetics, Container Insights, X-Ray tracing, EMF, and cost optimization.</description>
    </item>
    <item>
      <title>Amazon API Gateway Deep Dive: Build and Manage APIs at Any Scale</title>
      <link>https://tocconsulting.fr/blog/api-gateway-deep-dive</link>
      <guid isPermaLink="true">https://tocconsulting.fr/blog/api-gateway-deep-dive</guid>
      <pubDate>Mon, 21 Apr 2025 12:00:00 GMT</pubDate>
      <description>Complete guide to Amazon API Gateway covering REST API vs HTTP API, Lambda integration, authorization, custom domains, throttling, caching, WebSocket APIs, and production best practices.</description>
    </item>
    <item>
      <title>Amazon DynamoDB Deep Dive: NoSQL at Any Scale</title>
      <link>https://tocconsulting.fr/blog/dynamodb-deep-dive</link>
      <guid isPermaLink="true">https://tocconsulting.fr/blog/dynamodb-deep-dive</guid>
      <pubDate>Mon, 14 Apr 2025 12:00:00 GMT</pubDate>
      <description>Complete guide to Amazon DynamoDB covering data modeling, primary keys, secondary indexes, capacity modes, transactions, streams, global tables, DAX caching, and production best practices.</description>
    </item>
    <item>
      <title>Amazon RDS Deep Dive: Managed Relational Databases on AWS</title>
      <link>https://tocconsulting.fr/blog/rds-database-deep-dive</link>
      <guid isPermaLink="true">https://tocconsulting.fr/blog/rds-database-deep-dive</guid>
      <pubDate>Mon, 07 Apr 2025 12:00:00 GMT</pubDate>
      <description>Complete guide to Amazon RDS and Aurora covering supported engines, Multi-AZ deployments, read replicas, backups, security, monitoring, Aurora architecture, and production best practices.</description>
    </item>
    <item>
      <title>Amazon S3 Deep Dive: Object Storage from Basics to Production</title>
      <link>https://tocconsulting.fr/blog/s3-storage-deep-dive</link>
      <guid isPermaLink="true">https://tocconsulting.fr/blog/s3-storage-deep-dive</guid>
      <pubDate>Mon, 31 Mar 2025 12:00:00 GMT</pubDate>
      <description>Complete guide to Amazon S3 covering the object model, storage classes, security, encryption, lifecycle policies, replication, performance optimization, and cost management.</description>
    </item>
    <item>
      <title>AWS Lambda Deep Dive: Serverless Computing from First Function to Production</title>
      <link>https://tocconsulting.fr/blog/lambda-serverless</link>
      <guid isPermaLink="true">https://tocconsulting.fr/blog/lambda-serverless</guid>
      <pubDate>Mon, 24 Mar 2025 12:00:00 GMT</pubDate>
      <description>Complete guide to AWS Lambda covering the execution model, deployment options, triggers, cold starts, concurrency, pricing, and production architecture patterns.</description>
    </item>
    <item>
      <title>EC2 Networking and Security: Build Bulletproof Cloud Infrastructure</title>
      <link>https://tocconsulting.fr/blog/ec2-networking-security</link>
      <guid isPermaLink="true">https://tocconsulting.fr/blog/ec2-networking-security</guid>
      <pubDate>Mon, 17 Mar 2025 12:00:00 GMT</pubDate>
      <description>Master EC2 networking and security. Learn VPCs, subnets, security groups, NACLs, NAT gateways, VPC endpoints, SSH hardening, load balancers, and defense-in-depth architecture.</description>
    </item>
    <item>
      <title>EC2 Instance Types Deep Dive: Choosing the Right Machine for Any Workload</title>
      <link>https://tocconsulting.fr/blog/ec2-instance-types</link>
      <guid isPermaLink="true">https://tocconsulting.fr/blog/ec2-instance-types</guid>
      <pubDate>Mon, 10 Mar 2025 12:00:00 GMT</pubDate>
      <description>Master EC2 instance type selection. Learn instance families, burstable instances and CPU credits, purchasing options, enhanced networking, placement groups, and right-sizing strategies.</description>
    </item>
    <item>
      <title>EC2 Getting Started: Launch Your First Virtual Server on AWS</title>
      <link>https://tocconsulting.fr/blog/ec2-getting-started</link>
      <guid isPermaLink="true">https://tocconsulting.fr/blog/ec2-getting-started</guid>
      <pubDate>Mon, 03 Mar 2025 12:00:00 GMT</pubDate>
      <description>Step-by-step guide to launching, configuring, and managing your first Amazon EC2 instance, covering instance types, security groups, key pairs, SSH access, web server setup, monitoring, and cost management.</description>
    </item>
    <item>
      <title>Production Vault Deployment on AWS: From Terraform to Monitoring</title>
      <link>https://tocconsulting.fr/blog/vault-production-deployment</link>
      <guid isPermaLink="true">https://tocconsulting.fr/blog/vault-production-deployment</guid>
      <pubDate>Mon, 24 Feb 2025 12:00:00 GMT</pubDate>
      <description>Complete guide to deploying HashiCorp Vault in production on AWS with Terraform, KMS auto-unseal, Raft storage, TLS, load balancing, auto scaling, monitoring, and backup strategies.</description>
    </item>
    <item>
      <title>Vault Authentication and Python Integration: From AppRole to Production Code</title>
      <link>https://tocconsulting.fr/blog/vault-auth-python-integration</link>
      <guid isPermaLink="true">https://tocconsulting.fr/blog/vault-auth-python-integration</guid>
      <pubDate>Mon, 17 Feb 2025 12:00:00 GMT</pubDate>
      <description>Deep dive into Vault authentication methods including AppRole and AWS IAM auth, with a complete Python application that uses dynamic AWS credentials transparently.</description>
    </item>
    <item>
      <title>HashiCorp Vault with AWS: What It Is and Why Dynamic Secrets Matter</title>
      <link>https://tocconsulting.fr/blog/hashicorp-vault-aws</link>
      <guid isPermaLink="true">https://tocconsulting.fr/blog/hashicorp-vault-aws</guid>
      <pubDate>Mon, 10 Feb 2025 12:00:00 GMT</pubDate>
      <description>Understanding HashiCorp Vault, why traditional credential management is broken, how dynamic secrets work, and hands-on setup of the AWS secrets engine with role-based credential generation.</description>
    </item>
    <item>
      <title>IAM Access Keys and Credential Management: The Security Lifecycle</title>
      <link>https://tocconsulting.fr/blog/iam-access-keys-management</link>
      <guid isPermaLink="true">https://tocconsulting.fr/blog/iam-access-keys-management</guid>
      <pubDate>Mon, 03 Feb 2025 12:00:00 GMT</pubDate>
      <description>Enterprise-grade strategies for AWS credential lifecycle management including rotation automation, monitoring, Secrets Manager, and compliance reporting.</description>
    </item>
    <item>
      <title>IAM Roles Demystified: Cross-Account Access and Federation</title>
      <link>https://tocconsulting.fr/blog/iam-roles-cross-account</link>
      <guid isPermaLink="true">https://tocconsulting.fr/blog/iam-roles-cross-account</guid>
      <pubDate>Mon, 27 Jan 2025 12:00:00 GMT</pubDate>
      <description>Complete guide to AWS IAM roles covering trust policies, cross-account architecture, service roles, SAML/OIDC federation, and the confused deputy problem.</description>
    </item>
    <item>
      <title>IAM Policies Mastery: From Zero to Advanced Permission Control</title>
      <link>https://tocconsulting.fr/blog/iam-policies-mastery</link>
      <guid isPermaLink="true">https://tocconsulting.fr/blog/iam-policies-mastery</guid>
      <pubDate>Mon, 20 Jan 2025 12:00:00 GMT</pubDate>
      <description>Deep dive into AWS IAM policies covering policy types, evaluation logic, condition keys, advanced patterns, and common pitfalls with real-world examples.</description>
    </item>
    <item>
      <title>IAM Fundamentals: Your First Line of Defense in AWS</title>
      <link>https://tocconsulting.fr/blog/iam-fundamentals-beginners</link>
      <guid isPermaLink="true">https://tocconsulting.fr/blog/iam-fundamentals-beginners</guid>
      <pubDate>Mon, 13 Jan 2025 12:00:00 GMT</pubDate>
      <description>A practical guide to AWS Identity and Access Management covering users, groups, roles, and policies with hands-on Python examples.</description>
    </item>
    <item>
      <title>Setting Up Your AWS Developer Environment with Python Automation</title>
      <link>https://tocconsulting.fr/blog/aws-developer-setup-python</link>
      <guid isPermaLink="true">https://tocconsulting.fr/blog/aws-developer-setup-python</guid>
      <pubDate>Mon, 06 Jan 2025 12:00:00 GMT</pubDate>
      <description>A practical guide to configuring AWS CLI v2, Boto3, and secure credential management for professional cloud development.</description>
    </item>
  </channel>
</rss>
