Raj Murugan
I build production AI agents on AWS
Deep technical posts with real code, real gotchas, real architecture decisions. No demo-grade content.
AWS Solutions Architect & AI Engineer · Sydney · Parallo (SoftwareOne)
16 technical posts · AWS Solutions Architect Professional · AWS Certified AI Practitioner
New: Your LLM security diagram defends the wrong layer Read →
Start Here
All posts →Recent Posts
View all →The LLM is not a security boundary
Designing a production agent over sensitive data: no control makes the flow hole-free. You rank the layers, assume each one leaks, and stack them so no single hole reaches the data. Here is the code that does it.
Field Notes: The AgentCore Memory write that returns success and reads back empty
AgentCore long-term memory has a read-after-write gotcha the docs skip: a direct BatchCreateMemoryRecords write returns 201 and stays unsearchable for 15 to 30 seconds. Measured, with the two-tier model that explains it.
Every dashboard was green while the agent burned six figures a year
The most expensive AI agent failures don't throw an error, they hide. One ran at a six-figure-a-year rate for days while every dashboard stayed green, because the signals that catch it, per-session cost and anomalies, are the ones nobody watches. Why agent loops run away, and the two cost instruments your monitoring is missing.
About
Senior Solutions Architect at Parallo (SoftwareOne, AWS Advanced Partner). I take customers from "we want AWS" or "we want GenAI" to a working, governed deployment, then write about how it actually works and where it breaks.
The work I publish here is the work nobody else writes about: the IAM trust policy that takes an afternoon to debug, the VPC cold start that breaks streaming, the OIDC flow that silently fails for a month. AgentCore production gotchas. CDK patterns that survive a real deployment. Cost decisions that show up on the bill, not in the demo.
Featured Work
Production-ready Customer Service AI Agent on Amazon Bedrock AgentCore. Every deployment gotcha documented inline. The companion repo to the 6-part AgentCore series.
An MCP server that turns ADRs, incident reports, and runbooks into a queryable org-knowledge surface for AWS DevOps Agent. Four tools, Bedrock Knowledge Base, frontmatter-filtered chunks. From "agent that reads your docs" to "agent that knows your org."
Three Claude projects with Socratic tutoring, a weekly Cowork routine, three differentiated emails. Open-source spec, full design history including the v1-to-v2 architecture pivot. A personal build whose failure modes mirrored enterprise AI patterns.
Newsletter
Deep AWS + AI engineering in your inbox
Infrequent and high-signal: the kind of post that documents an IAM gotcha, a real CDK pattern, or a production Bedrock deployment decision. No weekly summaries. No AI-generated content. Just the stuff worth your attention.
No spam. Every email has a one-click unsubscribe link.