Blog
Thoughts on engineering, design, and building great products.

From Messy Bank Statements to AI Insights in 48h: An AWS-Native AI Money Coach System Design
The real-world AWS architecture story behind BudgetBot, an AI Money Coach for Vietnamese users: upload a statement or payment screenshot and the AI auto-classifies transactions, computes budgets, and advises spending. Async pipeline, 4-level deduplication, ~$30/month cost optimization, and financial-data security.

AWS-native Observability for EC2 with the CloudWatch Agent
A hands-on lab building an observability pipeline for EC2 with the CloudWatch Agent, CloudWatch Logs, CloudWatch Metrics, Alarms, SNS email and a Dashboard, across two real cases: installing the agent on an existing EC2 instance, and bootstrapping the agent at launch time on a brand-new one.
Things GitHub Actions Tutorials Tend to Skip
After Part 1's first pipeline, this article covers 9 things basic CI/CD tutorials skip about GitHub Actions: concurrency control (with the github.ref gotcha), the branch rule for reading YAML on external events, the workflow_* family (dispatch, call, run — with the head_sha gotcha), cache dependencies, matrix strategy, Docker Hub instead of building on the server, GITHUB_TOKEN permissions, OIDC for AWS (no more long-lived SSH keys), and environment + required reviewers.
CI/CD Concepts and Your First Pipeline on AWS EC2
A step-by-step guide to deploying a React + Node.js web app to AWS EC2 with Docker, then wiring up an automated CI/CD pipeline with GitHub Actions. Walks through CI/CD fundamentals, the difference between Continuous Delivery and Continuous Deployment, the standard pipeline stages (Source → Build → Test → Quality Gate → Package → Deploy → Verify), GitHub Actions terminology, common deploy strategies, then builds a first end-to-end pipeline. Aimed at DevOps newcomers.
What's New in AWS: a re:Invent 2025 → Early 2026 Recap
The opening edition of a recurring AWS digest, catching up on six months from re:Invent 2025 to early 2026. The features worth your attention: Lambda Durable Functions, EKS Capabilities (managed Argo CD), DynamoDB multi-Region strong consistency, Bedrock's 18 new open-weight models, S3 Vectors, Security Hub GA, plus the list of services being retired. Every item is grounded in the AWS docs; whatever can be demoed is run for real, then cleaned up.
Capstone: Reviewing Against Well-Architected, Cleanup, and Extensions
The final article of the series. Putting the whole architecture back together, reviewing it through the five Well-Architected pillars to see where each article contributed, walking through a one-command clean teardown, and sketching the next extensions: custom domain, multi-region, and a real dashboard.
Load Testing With k6: Finding the Bottleneck Under Real Load
Throwing real load at the system with k6 and reading how it scales. Firing over 25,000 requests at the link-open path, then cross-checking the k6 results against CloudWatch metrics to find the bottleneck. The numbers point straight at a figure seen many times in the series: the concurrency limit of 10, and show the system sheds excess load fast instead of collapsing.