/blog/ Recent content in Blog on FivexL. Cloud Engineering Specialists Hugo en-us info@fivexl.io (FivexL) info@fivexl.io (FivexL) Wed, 20 May 2026 00:00:00 +0000 /blog/scaling-ai-code-review/ Wed, 20 May 2026 00:00:00 +0000info@fivexl.io (FivexL) /blog/scaling-ai-code-review/ How we rolled out AI code review across all repositories using CloudWatch alarms and an automatic Lambda circuit breaker to keep Bedrock costs under control. /blog/fivexl-newsletter-april-2026/ Wed, 06 May 2026 00:00:00 +0000info@fivexl.io (FivexL) /blog/fivexl-newsletter-april-2026/ <p>Greetings!</p> <p>Here&rsquo;s what April looked like at FivexL: a live session on the compliance gap nobody talks about until the auditor is in the room, two open-source releases, and a roundup of what the team flagged in Slack - including AWS sunsetting a long list of services and the community fallout from LocalStack going paid-only.</p> /blog/just-in-time-access-aws/ Mon, 04 May 2026 00:00:00 +0000info@fivexl.io (FivexL) /blog/just-in-time-access-aws/ <p>You have logs. You do not have proof.</p> <p>That is the gap most startups in regulated industries like healthcare or fintech discover during their first HIPAA or SOC 2 audit. The IAM policies are there. The roles are configured. Permissions are restricted. But when an auditor asks &ldquo;who had access to this system on March 12th, and what did they do?&rdquo; the answer involves digging through months of logs trying to reconstruct a timeline that was never recorded in the first place.</p> <p>A failed audit does not just cost time. It costs the partnership or enterprise contract that required it.</p> <p>This is the problem just-in-time access solves - and it is simpler than it sounds.</p> /blog/soc2-hipaa-pci-aws-rightstart/ Fri, 10 Apr 2026 00:00:00 +0000info@fivexl.io (FivexL) /blog/soc2-hipaa-pci-aws-rightstart/ <p>Setting up compliance-ready AWS infrastructure is one of the first real infrastructure challenges a healthcare or fintech startup faces. This post covers what HIPAA, SOC 2, and PCI DSS actually require from your AWS environment - and how to implement those controls without building everything from scratch.</p> <p>Startups don&rsquo;t fail audits because they lack controls. They fail because they try to implement three frameworks manually in the middle of the night.</p> <p>Most early-stage teams building in healthcare or fintech don&rsquo;t think about compliance until something forces the issue: an enterprise customer asks for a BAA, a partner requires a SOC 2 report, or an investor wants audit-ready infrastructure before closing the round. Suddenly it&rsquo;s this quarter&rsquo;s blocker - the thing standing between you and the deal, the funding, the partnership.</p> <p>SOC 2, HIPAA, and PCI DSS each require the same foundational AWS capabilities - access controls, encryption, network segmentation, audit logging, just weighted differently. But most startups don&rsquo;t have a dedicated infra team to implement all three from scratch. Doing it manually is slow, error-prone, and easy to get wrong in ways that only surface during an audit.</p> <p>If you&rsquo;re asking &ldquo;how do I get SOC 2 on AWS?&rdquo; or &ldquo;I need HIPAA-compliant AWS infrastructure today, where do I start?&rdquo; - <a href="https://fivexl.io/rightstart">RightStart</a> is the answer. It&rsquo;s FivexL&rsquo;s compliance-as-code landing zone for regulated AWS workloads. It converts SOC 2, HIPAA, and PCI DSS controls into enforceable AWS configurations, deployed to your AWS Organization in about a month.</p> /blog/fivexl-newsletter-march-2026/ Tue, 31 Mar 2026 00:00:00 +0000info@fivexl.io (FivexL) /blog/fivexl-newsletter-march-2026/ <p>Greetings!</p> <p>Here&rsquo;s what March looked like at FivexL: a webinar with Clearway Health&rsquo;s SVP of Technology on building audit-ready architecture, a major overhaul of our ECS alerting module, three new DevSecOps Talks episodes, and the launch of Humans in the Loop - a video series on agentic AI in DevOps born out of our work building <a href="https://getboris.ai/">B.O.R.I.S</a>, an AI DevOps teammate at Sirob Technologies.</p> <p>Beyond shipping, we&rsquo;re actively integrating AI into how we work - from delivery processes to internal tooling - and the team has been sharing and testing new tools along the way. Some of the best finds from our internal Slack made it into this edition&rsquo;s top articles below.</p> /blog/from-leadership-values-to-security/ Tue, 24 Mar 2026 00:00:00 +0000info@fivexl.io (FivexL) /blog/from-leadership-values-to-security/ <p>In a recent webinar, <a href="https://www.linkedin.com/in/rustyatkinson/">Rusty Atkinson</a>, SVP, Technology at Clearway Health, joined FivexL&rsquo;s <a href="https://fivexl.io/specialist/andrey-devyatkin/">Andrey Devyatkin</a>, Co-Founder and Principal Cloud Engineering Consultant, and <a href="https://fivexl.io/specialist/guilherme-ferreira/">Guilherme Ferreira</a>, Senior Cloud Engineering Consultant, to discuss a question that matters to every company operating under regulatory pressure: how do leadership values actually turn into secure, audit-ready architecture when deadlines hit?</p> <p>FivexL has worked closely with Clearway Health on building their HIPAA-compliant AWS infrastructure - so this was not a theoretical discussion. Rusty brought the leadership and culture perspective; Andrey and Guilherme brought the architecture and engineering depth. The session connected principles like integrity, clarity, and courage to the operational choices that make security real: least-privilege access, clear tenant boundaries, traceable change management, and HIPAA-aligned evidence practices.</p> <p>When Guilherme asked Rusty directly how he saw the FivexL partnership, Rusty&rsquo;s answer was blunt: <em>&ldquo;In my career, I never had a vendor that I trusted more. You presented to me something that resonated immediately as the answer to the question that I didn&rsquo;t ask - how do you build it when the non-negotiable is security and privacy, when you don&rsquo;t have an army of engineers, and you&rsquo;re running fast? You answered that question before I even asked it.&rdquo;</em></p> <p>That trust - between people, between teams, between an organisation and its infrastructure - was the thread running through the entire conversation.</p> /blog/fivexl-newsletter-february-2026/ Fri, 06 Mar 2026 00:00:00 +0000info@fivexl.io (FivexL) /blog/fivexl-newsletter-february-2026/ <p>Greetings!</p> <p>FivexL kept its usual pace in February: two new case studies for our happy customers, AWS re:Invent 2025 recap webinar, a round of open-source releases, and two podcast episodes covering security patches and agent-native infrastructure. Here&rsquo;s the rundown.</p> /blog/aws-news-you-can-use-2026/ Thu, 12 Feb 2026 00:00:00 +0000info@fivexl.io (FivexL) /blog/aws-news-you-can-use-2026/ <p>AWS ships fast. At AWS re:Invent 2025, AWS made 500+ announcements. Most teams don’t have time to read every release - but we did.</p> <p>We did it for one reason: to stay on top of the technology (and help you do the same). Below is our shortlist of AWS updates worth adopting in 2026 if you want to stay ahead of the competition.</p> <p>These updates help you lower the chance of security incidents, make audits less painful, and remove day-to-day operational friction. Here’s what you can do now to tighten security and compliance.</p> /blog/fivexl-newsletter-january-2026/ Fri, 06 Feb 2026 00:00:00 +0000info@fivexl.io (FivexL) /blog/fivexl-newsletter-january-2026/ <p>January at FivexL usually means less writing and more time deep in customer systems, and this year is no exception. Our consultants are busy helping teams turn last year’s plans into concrete AWS changes: tightening security, cleaning up foundations, and making room for the next round of features.</p> <h2 id="upcoming-events">Upcoming Events</h2> <p>This month we will be hosting a AWSre:Invent 2025 Recap (Wednesday, 11th of February)! <a href="https://fivexl.io/specialist/andrey-devyatkin/">Andrey Devyatkin</a>, <a href="https://fivexl.io/specialist/guilherme-ferreira/">Guilherme Ferreira</a>, and <a href="https://fivexl.io/specialist/vladimir-samoylov/">Vladimir Samoylov</a> will be going through the re:Invent announcements and pick the ones they believe are actually worth your time — features you can start using now that will make a visible difference in how you run AWS. There’s still time to join the <a href="https://fivexl-webinar.scoreapp.com/">webinar</a>; it’s a good chance to meet the team, see how we think about these changes, and ask your own questions.</p> /blog/how-to-get-aws-credits/ Tue, 20 Jan 2026 00:00:00 +0000info@fivexl.io (FivexL) /blog/how-to-get-aws-credits/ <p>There&rsquo;s a lot of information about AWS credits and the different programs behind them. It&rsquo;s easy to get stuck — unsure which credits apply to your stage, what you actually qualify for, and where to start.</p> <p>This guide summarizes the main credit paths for startups: AWS Activate (Founders vs Portfolio), plus PoC and MAP credits — what they are, who they&rsquo;re for, and how to apply.</p> <h3 id="table-of-contents">Table of Contents</h3> <ul> <li><a href="#what-are-aws-credits">What are AWS credits?</a></li> <li><a href="#aws-activate-program">AWS Activate Program</a></li> <li><a href="#aws-activate-credit-tracks-overview">AWS Activate credit tracks overview</a></li> <li><a href="#how-to-apply-for-aws-activation-credits-step-by-step">How to apply for AWS Activate credits</a></li> <li><a href="#poc-credits-program-proof-of-concept">PoC credits program</a></li> <li><a href="#how-to-apply-for-poc-credits-step-by-step">How to apply for PoC credits</a></li> <li><a href="#map-credits-migration-acceleration-program">MAP credits program</a></li> <li><a href="#how-to-apply-for-map-credits-step-by-step">How to apply for MAP credits</a></li> <li><a href="#how-fivexl-can-help">How FivexL can help</a></li> </ul> <h2 id="what-are-aws-credits">What are AWS credits?</h2> <p>AWS credits are promotional funds AWS applies directly to your bill. They&rsquo;re not cash you can withdraw — they simply reduce what you owe for eligible AWS services until the credit balance runs out or the credits expire. In most cases, they cover core building blocks like compute (EC2, Lambda), storage (S3), databases (RDS, DynamoDB), analytics, and AI/ML usage. Some categories may be excluded (often AWS Marketplace purchases or certain support charges), so always check the terms for your specific credit type.</p> /blog/fivexl-newsletter-december-2025/ Wed, 14 Jan 2026 00:00:00 +0000info@fivexl.io (FivexL) /blog/fivexl-newsletter-december-2025/ <h2 id="intro">Intro</h2> <p>December is always an intense month in the AWS consulting land. On one hand, you have re:Invent with its barrage of announcements, presentations, and a lot of action to stay up-to-date with. On the other hand, it is the end of the year — which often means project deadlines. And on top of that, you have the upcoming holiday season with its preparations, buying presents, concerts at school, and so on. A very, very busy month. This is why you are reading this newsletter only now. On the bright side, we got an opportunity to disconnect and recharge, and now we are ready to jump into 2026. From all of us at FivexL — Happy New Year 2026, and thank you for staying with us!</p> /blog/sso-elevator-group-assignment/ Thu, 18 Dec 2025 00:00:00 +0000info@fivexl.io (FivexL) /blog/sso-elevator-group-assignment/ Google Workspace SCIM provisioning to AWS IAM Identity Center does not sync groups - a frustrating limitation. SSO Elevator now offers a Terraform-native solution that automatically assigns users to groups based on their attributes, eliminating the need for external tools like ssosync. /blog/mvp-on-aws-part-3/ Tue, 16 Dec 2025 00:00:00 +0000info@fivexl.io (FivexL) /blog/mvp-on-aws-part-3/ <p>A lot of MVP teams pick PostgreSQL because it&rsquo;s familiar, powerful, and boring in the best way. Then they open the AWS console, click through defaults, and accidentally create a database that&rsquo;s hard to secure, annoying to operate, and painful to make audit-friendly later.</p> <p>In our work with startups, this is one of the most common patterns: the product ships fast, the first customers arrive… and suddenly you need tighter security, better logging, sane network boundaries, and fewer &ldquo;who created this?&rdquo; mysteries.</p> /blog/fivexl-newsletter-november-2025/ Mon, 01 Dec 2025 00:00:00 +0000info@fivexl.io (FivexL) /blog/fivexl-newsletter-november-2025/ <p>November was a busy month for us. We published two blog posts, our co-founder Andrey Devyatkin recorded a new podcast episode, and we pulled together a list of articles our teammates shared internally in Slack.</p> <p>December is already moving fast, and Christmas is just around the corner. Before everyone disappears into code freezes, travel, and family time, we wanted to say thank you for subscribing to this newsletter. We’ll do our best to keep it practical and worth your time.</p> /blog/mvp-on-aws-part-1/ Thu, 13 Nov 2025 00:00:00 +0000info@fivexl.io (FivexL) /blog/mvp-on-aws-part-1/ <p>If you&rsquo;re building an MVP on AWS - especially in healthcare or fintech - the account setup decisions you make in week one will determine how easy or hard your first audit is. This guide covers the minimum viable AWS foundation: the security, cost, and compliance controls that every startup needs before deploying anything. If you&rsquo;re in a regulated industry, there&rsquo;s a specific section at the end on what HIPAA readiness adds to this baseline.</p> /blog/sso-elevator-3-1-0-resilience/ Tue, 28 Oct 2025 00:00:00 +0000info@fivexl.io (FivexL) /blog/sso-elevator-3-1-0-resilience/ How a real AWS outage revealed hidden dependencies in SSO Elevator and led to version 3.1.0 with improved resilience through intelligent S3 caching. A practical guide to engineering for failure. /blog/aws_acm_certificate/ Wed, 19 Feb 2025 00:00:00 +0000info@fivexl.io (FivexL) /blog/aws_acm_certificate/ Encountering the “Invalid for_each argument” and “UnsupportedCertificate” errors when configuring AWS ACM certificates via Terraform is surprisingly common. By removing dynamic for_each logic based on unknown attributes and using the aws_acm_certificate_validation resource to wait for certificate issuance, you can sidestep these pitfalls and ensure successful integration with resources like ELB listeners. /blog/aft-for-compliance/ Thu, 07 Nov 2024 00:00:00 +0000info@fivexl.io (FivexL) /blog/aft-for-compliance/ Introduction to AWS Control Tower and AWS Account Factory for Terraform (AFT) and how it can help you achieve compliance /blog/gitops/ Thu, 31 Oct 2024 00:00:00 +0000info@fivexl.io (FivexL) /blog/gitops/ look at Spot Instance allocation strategies and see how you can use the Terraform module with no issues and save money at the same time. /blog/mvp-on-aws/ Wed, 30 Oct 2024 00:00:00 +0000info@fivexl.io (FivexL) /blog/mvp-on-aws/ What an MVP really is and how AWS can help your startup moves from idea to deployment with minimal fuss /blog/aws-advanced-partner/ Wed, 07 Aug 2024 00:00:00 +0000info@fivexl.io (FivexL) /blog/aws-advanced-partner/ FivexL has reached a new milestone: we have become an AWS Andvanced Partner /blog/ecs-service-connect-encryption/ Mon, 15 Jul 2024 00:00:00 +0000info@fivexl.io (FivexL) /blog/ecs-service-connect-encryption/ Deep-dive into AWS ECS Service Connect. How startup can enable encryption in transit with ECS Service Connect and ECS Fargate deployment /blog/terraform-mv/ Sun, 05 May 2024 00:00:00 +0000info@fivexl.io (FivexL) /blog/terraform-mv/ Comprehensive comparison and a step-by-step guide for implementing two methods for moving Terraform managed resources between states in AWS infrastructure in terms of speed, reliability and scalability. /blog/container-hardening-guide/ Thu, 15 Feb 2024 00:00:00 +0000info@fivexl.io (FivexL) /blog/container-hardening-guide/ Comprehensive and continuously updated list of best practices for securing containerized workloads. From build to execution. /blog/fivexl-best-thinking/ Tue, 19 Dec 2023 00:00:00 +0000info@fivexl.io (FivexL) /blog/fivexl-best-thinking/ Discover FivexL expert advice on CI/CD pipelines and branching strategies, combining years of hands-on AWS infrastructure experience. /blog/s3-server-access-logging-date-partitioning/ Thu, 14 Dec 2023 00:00:00 +0000info@fivexl.io (FivexL) /blog/s3-server-access-logging-date-partitioning/ Amazon S3 server access logging now supports automatic date-based partitioning for log delivery. This allows services like Amazon Athena to improve performance and reduce cost when querying logs. /blog/sso-elevator/ Fri, 02 Jun 2023 00:00:00 +0000info@fivexl.io (FivexL) /blog/sso-elevator/ Open-source Terraform AWS SSO Elevator tool allows requesting and granting temporary elevated access for AWS SSO through a Slack request/approval workflow. /blog/remote-work/ Mon, 22 May 2023 00:00:00 +0000info@fivexl.io (FivexL) /blog/remote-work/ FivexL shares insights on cultivating a positive remote work environment, discussing effective task management, work-life balance, workspace organization, tackling procrastination, and building cohesive teams /blog/lprobe/ Mon, 16 Jan 2023 00:00:00 +0000info@fivexl.io (FivexL) /blog/lprobe/ Find out how to securely conduct a local health check without wget, curl, or your proprietary code. LProbe is a reliable open-source solution. /blog/fivexl-reaction/ Thu, 22 Sep 2022 00:00:00 +0000info@fivexl.io (FivexL) /blog/fivexl-reaction/ FivexL shares its outlook on AWS Security Guidelines for startups. Find out how to improve your AWS security efficiently. /blog/security-basics-in-aws/ Wed, 24 Aug 2022 00:00:00 +0000info@fivexl.io (FivexL) /blog/security-basics-in-aws/ Security Manual for Startups: How To Secure Your AWS Account in Several Steps /blog/how-to-save-resources/ Sat, 13 Aug 2022 00:00:00 +0000info@fivexl.io (FivexL) /blog/how-to-save-resources/ look at Spot Instance allocation strategies and see how you can use the Terraform module with no issues and save money at the same time. /blog/vault/ Fri, 22 Jul 2022 00:00:00 +0000info@fivexl.io (FivexL) /blog/vault/ Security basics in AWS or how to get rid of hardcoded credential and reduce data leakage risks with aws-vault. /blog/what-is-aws-cloudtrail/ Sat, 07 May 2022 00:00:00 +0000info@fivexl.io (FivexL) /blog/what-is-aws-cloudtrail/ Find out how the CloudTrail-to-Slack Terraform module by FivexL solves problems for startups and small teams.