I built a private S3 + CloudFront stack for this blog. AWS recommends Amplify instead. Here’s when each makes sense.

The four S3 misconfigs behind most breaches, and how to prevent them with SCPs.

Why tqdm keeps printing staircases and how to fix it.

How I host this blog on a private S3 bucket with CloudFront, OAC, and zero stored credentials.