Blog Posts

Home /
Blog Posts

If It Ain't Stress Tested, It's Broken

On Friday, December 26th, 2025, I released a bugfix for our private PyPI server. The server had been running for months in a degraded single-instance mode to work around a cache synchronization bug across EFS-backed containers. With caching enabled, the single instance performed well, but adding more instances would trigger the bug. The fix removed caching entirely by switching to --backend simple-dir, which meant we could finally restore high availability.

Stop Paying for Mediocre Code Reviews – Build Exceptional Ones Yourself

If you write or review infrastructure code-Terraform, AWS IaC, CI/CD pipelines, automation scripts - you’ve likely felt the pain points in this story. Maybe you’ve tried commercial AI review tools and found them shallow. Maybe your team struggles with inconsistent reviews. Or maybe you’re scaling quickly and need a way to enforce standards without slowing development down.

Three Days, Two Developers: How AI Pair Programming Transformed Good Code into Excellence

Discover how InfraHouse transformed a routine Lambda module into production excellence through disciplined AI collaboration. Same timeline, exponentially better outcome-including ISO 27001 compliance, comprehensive testing, and security patterns discovered after years of experience.

From Keycloak to Cognito: Building a Self-Hosted Terraform Registry on AWS

A practical engineering story about replacing Keycloak with Cognito to create a self-hosted Terraform registry using Tapir, AWS ECS, and ALB - a simpler, cost-efficient, and fully reproducible setup.

Vulnerability Management, Part 2: Finding Vulnerabilities in Docker Images

In Part 1 we explored how tools like OSV-Scanner help you detect vulnerabilities in application-level dependencies (think requirements.txt, package-lock.json, etc.).

Vulnerability Management in CI/CD: Balancing SLAs and Developer Velocity (Part 1: Dependency Scanning with OSV-Scanner)

Part 1 of the Vulnerability Management Series — how to manage dependency vulnerabilities with OSV-Scanner and ih-github while meeting SLAs and keeping developer velocity high.

Upgrading Terraform Modules to AWS Provider v6 with Confidence

When HashiCorp releases a new major version of the AWS Terraform provider, engineering teams often brace themselves. Major upgrades bring new features and bug fixes, but they also come with breaking changes. A module that “just worked” under v5 might fail or drift silently under v6.

Implementing Compliant Secrets with AWS Secrets Manager

I had a conversation with a colleague other day, and he asked who has access to a specific password. We use AWS Secrets Manager to store secret data and AWS Identity and Access Management to control access to it. Seemingly simple question, it was difficult to answer. I started off with describing how an IAM role can have particular permissions on a particular secret, etc. Pretty soon, I realized, that to answer what roles can read a secret, one would need to parse every available IAM policy.