We build things and write about it
KKloud Tarus is a small team of engineers and creators who love turning ideas into real things. We share what we learn along the way.
Recent Writing
Things GitHub Actions Tutorials Tend to Skip
After Part 1's first pipeline, this article covers 9 things basic CI/CD tutorials skip about GitHub Actions: concurrency control (with the github.ref gotcha), the branch rule for reading YAML on external events, the workflow_* family (dispatch, call, run — with the head_sha gotcha), cache dependencies, matrix strategy, Docker Hub instead of building on the server, GITHUB_TOKEN permissions, OIDC for AWS (no more long-lived SSH keys), and environment + required reviewers.
CI/CD Concepts and Your First Pipeline on AWS EC2
A step-by-step guide to deploying a React + Node.js web app to AWS EC2 with Docker, then wiring up an automated CI/CD pipeline with GitHub Actions. Walks through CI/CD fundamentals, the difference between Continuous Delivery and Continuous Deployment, the standard pipeline stages (Source → Build → Test → Quality Gate → Package → Deploy → Verify), GitHub Actions terminology, common deploy strategies, then builds a first end-to-end pipeline. Aimed at DevOps newcomers.
What's New in AWS: a re:Invent 2025 → Early 2026 Recap
The opening edition of a recurring AWS digest, catching up on six months from re:Invent 2025 to early 2026. The features worth your attention: Lambda Durable Functions, EKS Capabilities (managed Argo CD), DynamoDB multi-Region strong consistency, Bedrock's 18 new open-weight models, S3 Vectors, Security Hub GA, plus the list of services being retired. Every item is grounded in the AWS docs; whatever can be demoed is run for real, then cleaned up.
Popular posts
Infrastructure as Code, What Terraform Is, and Getting to Know the CLI
The series opener: why managing infrastructure by hand eventually breaks, what Infrastructure as Code solves, and where Terraform fits in that picture. We dissect the core and provider architecture, install Terraform 1.15, and tour the main CLI commands.
Provider, Your First Resource, and the init plan apply destroy Lifecycle
Stand up your first real AWS resource: declare a provider and pin its version, create an S3 bucket, then walk the full init → plan → apply → destroy cycle. What each command does inside, why plan writes 'known after apply', what state stores, and why a second apply creates nothing new.
State: What Terraform Stores, Why It's Needed, and Drift
Dig into the state file: why Terraform needs it instead of asking AWS directly each time, what exactly it stores, and the refresh mechanism that compares config, state and reality three ways. Create drift by hand with the AWS CLI then watch Terraform detect it, and the difference between a normal plan and plan -refresh-only.
Series
CI/CD with GitHub Actions for Newbies
A two-part series for beginners: start with CI/CD fundamentals through a first-hand pipeline that deploys a React + Node.js web app to AWS EC2 with Docker, then dive into the things basic GitHub Actions tutorials tend to skip — concurrency, the branch rule for reading YAML, the workflow_* family, dependency caching, matrix, Docker Hub instead of building on the server, GITHUB_TOKEN permissions, OIDC to retire long-lived credentials, and environment + approval gates.
2 parts→
AWS Monthly: What's New + Hands-On
A recurring digest of what AWS just shipped: filtering for the most notable new features and services, explaining why they are worth watching, and actually trying out the ones that are testable. Every item is grounded in the official AWS documentation, with demos run for real on a real account and then torn down. Demo code at github.com/nghiadaulau/aws-whats-new-demos.
1 part→
Serverless in Practice on AWS: URL Shortener + Realtime Analytics
Build a complete serverless product on AWS from scratch: a URL shortening service with realtime analytics. The series does not teach each service in isolation; it builds one production-ready backend end to end — Lambda, API Gateway, DynamoDB single-table, Cognito, EventBridge, Step Functions, WebSocket API — then operates it for real: idempotency, DLQ, X-Ray tracing, cold start, IAM least-privilege, CI/CD canary, cost analysis and load testing. All infrastructure is built with AWS SAM, code in Node.js + TypeScript, every command run for real on AWS, code at github.com/nghiadaulau/serverless-url-shortener-aws. Grounded in the official AWS documentation.
21 parts→
The Team Behind KKloud Tarus
Engineers, creators, and problem solvers.