Returning to Blogging: AWS Governance, ARIA, and What's Next

Breaking the Silence

It’s been quite a while since my last post. In the tech world, that’s practically an eternity - cloud services have evolved, frameworks have come and gone, and AI has fundamentally changed how we approach development and operations. Meanwhile, my work has shifted more deeply into the AWS cloud governance space, bringing new challenges and insights worth sharing.

So, why the silence? Between managing complex AWS Organizations structures, designing multi-account security models, juggling family life with five kids, and continuing open-source contributions, something had to give. Unfortunately, it was this blog.

But that changes now.

What’s Coming Next

Moving forward, I’ll be focusing on several interconnected areas that reflect my current professional journey:

1. AWS Governance & Security

As a Senior Lead Cloud Governance & Security Engineer, I spend my days designing and implementing security frameworks across complex AWS Organizations structures. Expect posts covering:

• Service Control Policies (SCPs) - designing effective guardrails
• AWS Control Tower - customizing and extending landing zones
• IAM Identity Center - implementing least-privilege access patterns
• Multi-account architectures - balancing security and development velocity
• Cost optimization - managing spend without compromising security

I’ll share real-world patterns (suitably anonymized), common pitfalls, and solutions developed through experience rather than just theory.

2. ARIA: AI Governance for Development

I’m excited to announce my latest open-source project: ARIA (Artificial Intelligence Regulation Interface & Agreements).

ARIA is an open-source framework for defining and enforcing AI 
participation policies in software projects. It provides a 
standardized way to specify how AI can interact with your codebase, 
ensuring clear boundaries and responsibilities between human and 
AI contributors.

As AI assistants become more integrated into development workflows, the question of proper governance becomes critical. ARIA emerged from my work at the intersection of governance frameworks and development practices, addressing questions like:

• How do we document which parts of a codebase can be modified by AI?
• How can we enforce consistent guidelines for AI contributions?
• What safeguards should be in place for sensitive code?

I’ll be sharing the evolution of this project, practical implementation patterns, and how it relates to broader governance principles from the cloud world.

3. AWS Certification Journey

This year, I’ll be renewing my AWS Solutions Architect certification. Rather than just studying in isolation, I’ll document parts of that journey here, focusing on:

• New services and features since my last certification
• Study strategies for busy professionals (and parents!)
• Practical applications of certification knowledge
• The evolving AWS architecture landscape

This won’t be yet another “how to pass the exam” series. Instead, I’ll connect certification topics to real governance and security challenges.

The Human Element

Beyond the technical content, I want to explore the human side of cloud governance. How do we balance security with developer experience? How can we communicate complex governance concepts to non-specialists? How do we build a culture of security rather than just a set of technical controls?

These questions matter as much as the technology itself, yet they often receive less attention.

Cadence and Commitment

I’m committing to a sustainable publishing schedule - one substantive post per month, with additional shorter updates as time allows. Quality over quantity.

For those who’ve followed this blog over the years, you’ll recognize my patterns - deep technical dives mixed with practical insights, and occasionally a bit of powerlifting philosophy thrown in for balance.

Let’s Connect

I’d love to hear about your own governance challenges, questions about AWS security, or thoughts on the role of AI in development. Drop a comment below or reach out through LinkedIn.

In the meantime, back to designing SCPs and thinking about how ARIA can better protect sensitive code paths from overeager AI assistants.

The silence is broken. Let’s talk cloud governance.

Antenore Gatta

A proud and busy Hacker, Father and Kyndrol

Post comment