Welcome to this week’s edition of the DevOps Bulletin!

At AWS, engineers share how they enforce system correctness before things break. GitHub's MCP exploit raised fresh concerns about MCP security, and Uber walks us through how they built a multi-cloud secrets management platform.

Meanwhile, Google SREs are rethinking what reliability looks like. In cloud cost control, we’re featuring a new tool: Server Scheduling. It lets you visually schedule test and dev servers to shut down during off hours, downsize idle machines, and cut cloud waste.

This week’s video is packed with advice for security teams using AI and LLMs in real work.

Tutorials this week cover critical topics:

• Who really has root access in production?

• How remote prompt injection works in GitLab

• Avoiding "Too Many Connections" in Lambda + RDS setups

• A solid breakdown of atomics and concurrency

• Solving the Terraform backend chicken-and-egg problem

• Chat directly with your AWS bill

• Gain central visibility of Kubernetes clusters across regions

• Disaster recovery planning with Terraform

• Understand how the Kubernetes Gateway API works

Projects of the week:

• CloudPEASS for mapping cloud permissions and privilege escalation paths

• PgDog, a transaction pooler and sharding tool for PostgreSQL

• Arsenal is a quick way to store and run pentest commands

• TerraForce, policy enforcement at every Terraform stage

All this and more in this week’s DevOps Bulletin—don’t miss out!

Newsworthy stories

• Systems correctness practices at AWS

• GitHub MCP exploited

• Building Uber’s multi-cloud secrets management platform

• Do not deploy on Friday!

• Google SREs are changing the game again

• Agentic AI & MCP for platform teams

Slash cloud costs with server scheduling

Test servers don't need to be online at 3 am. Manually schedule instances with a visual time grid.

• Shut down servers during off hours

• Downsize idle machines

• Multi-cloud support: AWS, GCP & Azure

Video of the week

Tutorials of the week

• Who really has root in prod?

• Remote prompt injection in GitLab

• Avoiding ‘Too Many Connections’ in Lambda + RDS workflows

• Atomics and concurrency

• Solving the Terraform backend chicken-and-egg problem

• Chat with your AWS bill

• Centralized visibility of Kubernetes clusters across AWS Regions and accounts

• Disaster recovery strategies with Terraform

• Understanding Kubernetes Gateway API

Projects of the week

• Go-based replacement for git add -i and git add -p, offering an interactive terminal UI with advanced features like hunk splitting, global regex filtering, and multi-mode patch operations.

• CloudPEASS helps analyze permissions and detect escalation paths across AWS, Azure, and GCP using non-intrusive techniques.

• PgDog is a transaction pooler and logical replication manager that can shard PostgreSQL.

• Arsenal is just a quick inventory, reminder, and launcher for pentest commands.

  

• TerraForce is a standalone policy enforcement tool for Terraform that runs checks at every stage of the Terraform lifecycle.

• Microsandbox is a self-hosted platform for safely running untrusted or AI-generated code using lightweight microVMs.

Meme of the week