Hey, I'm Jimmy
I'm a Principal Cloud Architect with a deep passion for serverless and event-driven architectures. I write about building things on AWS, speak at conferences around the world, and help teams design better cloud systems.
I have attended AWS re:Invent every year since 2016, lead AWS User Groups, and serve as a Lead AWS Certification Subject Matter Expert. When I'm not deep in cloud architecture, you'll find me experimenting with IoT projects, mixing cocktails, and perfecting my BBQ skills.
Authenticating to MongoDB Atlas with AWS Outbound Identity Federation
Service-to-service authentication usually means managing credentials somewhere. Secrets Manager, client credentials flows, rotation policies. AWS IAM Outbound Identity Federation change this by letting your workloads prove their identity with short-lived JWT tokens from STS In this post we look at how Outbound Identity Federation works, verify tokens with a quick API Gateway setup, and then connect to MongoDB Atlas using its native OIDC support. No database passwords, no rotation, just standard OIDC tokens that any service can verify.
Building a Serverless AI Bartender
What started as a New Year's party project turned into a full serverless application. I needed a way to stop being the human drink menu at parties, so I built an AI bartender that lets guests browse cocktails, place orders, and chat with an AI that actually knows the menu. The stack covers Aurora DSQL, AppSync Events, Lambda streaming, Strands Agents with Bedrock, and more.
Building a Serverless AI Bartender - Part 1: Stop Being the ...
Mixing cocktails at home is fun. Mixing cocktails for a room full of guests is how you end...
Building a Serverless AI Bartender - Part 2: Guest registrat...
Having a digital menu is a great start, but a bar isn't really a bar if your guests can't ...
Building a Serverless AI Bartender - Part 3: The AI Chat Age...
In the final part of this series, I build the AI chat agent that actually makes this a bar...
How to re:Invent
I have attended re:Invent every year since 2016 and collected a fair amount of tips and tricks on how to survive not only the conference but also Vegas as a city. This series breaks it all down into four episodes, covering travel and accommodations, session planning, the reserved seating game, and packing and survival tricks for the week. Prepare to walk a lot, get very little sleep, gain a ton of learning, and meet some new friends.
How to re:Invent, Episode 1 - Vegas, Travel, and Accommodati...
Planning your first trip to AWS re:Invent can be daunting, especially when navigating Las ...
How to re:Invent, Episode 2 - Session Planning
Planning your AWS re:Invent schedule can be just as overwhelming as navigating Vegas. In t...
How to re:Invent, Episode 3 - Reserved Seating
Getting into the sessions you really want at AWS re:Invent can make or break your week. In...
How to re:Invent, Episode 4 - Packing and Survival Tricks
Packing right and surviving the week on-site can be the difference between an amazing re:I...
Extending My Blog with Translations by Amazon Nova
Reaching a global audience often means providing content in multiple languages. In this post, I explore how I extended my event-driven blog pipeline with automated translation capabilities using Amazon Nova Pro, enabling my technical content to reach readers in German, Spanish, French, Italian, and Portuguese.
Extending My Blog with Proofreading by Amazon Nova
Writing technical content as a non-native English speaker often means spending significant time proofreading for spelling and grammatical errors. In this post, I explore how I extended my existing event-driven blog CI/CD pipeline with automated proofreading using Amazon Nova and Amazon Bedrock, seamlessly integrating AI-powered text correction.
PEP and PDP for Secure Authorization with AVP and ABAC
Taking our authorization system to the next level! In this third part of our series, we're enhancing our Amazon Verified Permissions (AVP) solution with Attribute-Based Access Control (ABAC). By combining RBAC and ABAC, we get a powerful authorization system that can enforce fine-grained access based on user attributes and context - perfect for multi-tenant applications where access control needs to account for more than just roles.
PEP and PDP for Secure Authorization with AVP
As authorization needs evolve, managing access efficiently becomes even more crucial. In this follow-up post, we extend our Policy Decision Point (PDP) and Policy Enforcement Point (PEP) solution by introducing Amazon Verified Permissions (AVP) for fine-grained authorization. Instead of storing permissions in DynamoDB, we leverage AVP’s centralized policy engine and Cedar policy language to define and enforce access control dynamically.
From cocktails to code building an AI bartender with Amazon Bedrock
Food and drinks are two of my major hobbies, and I love mixing cocktails at home. But when I host friends, I always end up as the menu. People keep asking what I have and what I can make. In this talk I will show how I built an AI bartender on AWS that lets guests interact with a drink menu using natural language. Instead of listing options or explaining what’s available, guests can ask for things like “something fruity” or “a gin drink”, and the AI Bartender respond with suggestions powered by Amazon Bedrock. We will go deep into how I built the AI agent with Amazon Bedrock using Strands Agents, and AgentCore providing conversation memory, identity, and a gateway for tool access. I’ll show how streaming responses, with Amazon API Gateway, are implemented for a great chat experience. MCP tools play a important role providing the agent with data, like ingredients, and menu stored in Aurora DSQL. Finally how serverless and event-driven patterns are used to decouple AI processing from APIs. This is a technical, demo-heavy session with code walkthroughs and architecture deep-dives. We will explore agentic AI with tool calling workflows, conversation memory, and event-driven AI integration. You’ll walk away with insights on how to build intelligent, context-aware AI assistants that work with real data on AWS.
All talks →
PEP and PDP for Secure Authorization with Cognito
Authorization is a critical part of securing cloud applications, and understanding the best practices for implementing it can make all the difference. In this post, we dig deep on the concepts of Policy Decision Points (PDPs) and Policy Enforcement Points (PEPs), and how they work together to manage user access efficiently. We dive into a serverless solution using AWS Lambda and API Gateway, implementing Role-Based Access Control (RBAC) for fine-grained access control based on Cognito User Groups. This solution ensures scalability, low latency, and efficient authorization in serverless environments.
Serverless self-service IoT certificate management - Part 2.
Secure communication is a important in IoT systems, where certificates and trust play a vital role. In this post we extend the API introduced in part 1, we will add functionality to create device certificates, introduce an inventory, add some event-driven parts, and the possibility to list and get certificates. This hands-on approach is great for learning purposes and development environments, production setups however require robust managed solutions.
Serverless self-service IoT certificate management - Part 1.
Secure communication is a important in IoT systems, where certificates and trust play a vital role. In this post, I explore the foundations of certificate management, including PKI, certificate chains, and trust. Also I introduce a serverless self-service API using Amazon API Gateway and Lambda for an easy way to create certificates. This hands-on approach is great for learning purposes and development environments, production setups however require robust managed solutions.
Need help with your cloud architecture?
I offer consulting on AWS, serverless, and event-driven systems.
Let's Talk →