majsalotaibi.com
STATIC WEBSITE
S3 + CloudFront + OAC. No EC2, no containers, no origin server. Static HTML served from edge locations in 50ms. WAF Bot Control blocks scrapers — the only ongoing cost. Route 53 + ACM handles DNS and TLS. CloudWatch RUM for real user metrics instead of expensive APM tools. Total idle cost: $0.50/month.
$0.50/mo idle
Contact Form API
SERVERLESS API
API Gateway → Lambda → DynamoDB → SQS. Fully async. Request hits Gateway, Lambda writes to DynamoDB, drops a message in SQS for email processing. No server sitting idle waiting for form submissions that come once a day. Auto-scales to zero. DynamoDB on-demand means I pay per-request, not per-hour. The entire stack costs less than a coffee per month.
~$0.01/mo
EKS Fargate Cluster
KUBERNETES | PROOF OF CONCEPT
Built to prove competency, not for production use. EKS control plane is $73/month idle — that's more than my entire AWS bill some months. I deployed ALB Ingress, Fargate profiles, and namespace isolation to demonstrate I can architect K8s properly. But my real workloads are event-driven and bursty — Lambda handles them better at 1/10th the cost. I tear this cluster down after demos.
$0 (torn down)
AI Contact Center
AMAZON CONNECT | LEX
Connect + Lex + Lambda for an AI contact center. Caller enters Connect, Contact Flow routes to Lex Bot for intent recognition (NLU), Lambda fulfills the request and returns the result. No Twilio, no third-party. Everything native AWS — IAM security, CloudWatch metrics, call recordings in S3. Per-minute pricing means zero cost when no one's calling.
pay-per-minute
Multi-Account Governance
AWS ORGANIZATIONS | SCPs
Organizations + SCPs instead of Security Hub + Config. Security Hub is $15-30/month for a personal account — not justified. SCPs are free and prevent bad actions at the root. I use CloudTrail for audit (free tier covers it), and AWS Config only for critical rules. Governance through prevention, not detection. No monthly Config rule evaluation charges eating my budget.
$0 (SCPs are free)
Azure AD → AWS Federation
IDENTITY | SAML 2.0
SAML 2.0 federation over IAM users. No long-lived credentials, no access keys to rotate. Azure AD as the IdP handles MFA and conditional access — AWS just trusts the SAML assertion and maps it to an IAM Role. One source of truth for identity. If Azure AD says you're authenticated, you assume the role and get a temporary session. Simple, secure, auditable.
$0 (SAML federation is free)
Blast Radius Analyzer
STEP FUNCTIONS | PARALLEL ANALYSIS
Step Functions Map state for parallel resource scanning. Could have used a single long-running Lambda, but 15-minute timeout is a hard ceiling. Map state fans out to concurrent Lambdas — scans EC2, EKS, Security Groups, SQS, Lambda in parallel. Results merge in S3. Fraction of the time compared to sequential execution. Same pattern I used later in VTP for Bedrock processing.
~$0.02/scan
AI Video Transcription Pipeline
14 SERVICES | STEP FUNCTIONS | BEDROCK
Step Functions orchestrating Transcribe → Comprehend → Bedrock → Translate → MediaConvert. No EC2. No containers. 14 services, $0.05/month idle. Bedrock Claude Opus for transcript cleanup because quality matters for the core value prop — Sonnet is 5× cheaper but misses nuance. DynamoDB for user state (not S3 metadata — learned that the hard way). Map state with MaxConcurrency 5 for parallel chunk processing. Total: $8.44 per 3.5hr video.
$0.05/mo idle • $8.44/video
THE PHILOSOPHY
Every architecture decision comes down to one question: does this justify a monthly bill?
I skip WAF on APIs (-$10/mo), Security Hub (-$20/mo),
EKS for event-driven workloads (-$73/mo), multi-region DR (-$10/mo),
and CI/CD pipelines for solo projects (-$3/mo).
That's $116/month saved. My actual idle cost across everything: $0.55/month.
I spend where quality demands it — Bedrock Opus for AI, CloudFront for performance — and cut everything else ruthlessly.