2026-01-10 16:03:00
In Part 1, we successfully finished building the EKS Control Plane, we set up the VPC, Subnets, NAT Gateway, the Kubernetes API Server, and configured kubectl connectivity.
kubectl already connected to the clusterBut if you run:
kubectl get nodes
you’ll see… nothing.
That’s the real state of the cluster we created: it has a brain (Control Plane), but no hands and feet (Worker Nodes). Without compute capacity, the Kubernetes Scheduler can only stare at Pods stuck in the Pending state.
In this Part 2, we’ll “grow limbs” for your EKS cluster by deploying Worker Nodes using AWS Managed Nodes - the most practical middle ground between production readiness and operational effort.
This post won’t stop at “click and it works.” We’ll also explore what AWS quietly builds for you in a Managed Node Group, and contrast it with the Self-managed way so you understand the fundamentals and can debug with confidence.
In the most accurate - and simplest - definition:
A Worker Node is an EC2 instance configured to run Kubernetes workloads (Pods).
At minimum, every worker node runs:
kubelet — the agent that talks to the Kubernetes API Servercontainerd
kube-proxy — manages service/network rulesFollowing production best practices, EKS worker nodes usually live inside private subnets without public IPs. That significantly reduces exposure: workloads are not directly reachable from the Internet, and outbound connectivity is handled through a NAT Gateway.
AWS offers three main ways to run compute for EKS, each with a different balance of control, operational cost, and “serverless-ness”:
| Criteria | Managed Nodes | Self-managed Nodes | AWS Fargate |
|---|---|---|---|
| Infrastructure | EC2 Instances (partly managed by AWS) | EC2 Instances (fully managed by you) | Serverless (no nodes to manage) |
| Operational cost (OpEx) | Low | High | Very low |
| Control | Medium | Highest | Lowest |
| Billing | Per EC2 instance | Per EC2 instance | Per Pod (CPU/Mem) |
Fargate hides almost everything—including the “node layer.” That’s convenient, but if your goal is to understand EKS fundamentals, the interesting engineering happens in Managed Nodes vs Self-managed Nodes.
| Criteria | Managed Nodes (Managed Node Group) | Self-managed Nodes |
|---|---|---|
| Node creation | EKS Console or CLI command creates a Node Group | EC2 Launch Template + ASG + User Data (bootstrap) |
| ASG management | AWS manages the Auto Scaling Group lifecycle | You manage the ASG entirely |
| Cluster Join | AWS automatically handles the wiring and credentials for join | You must provide user data calling /etc/eks/bootstrap.sh
|
| Node auth mapping (IAM→ RBAC) | AWS typically maps the Node Role automatically | You must manually update aws-auth to map the Node Role |
| Upgrades/Updates | Built-in, managed rolling update workflows | You design and manage drain / replace strategies |
| Debug level | Fewer common traps, higher abstraction | More control, but more responsibility for low-level configuration |
When you click Create Node Group, AWS typically handles a long checklist that Self-managed nodes would require you to build manually:
Recommendation: Use Managed Nodes for most production setups to reduce operational overhead. Choose Self-managed only when you have very specific requirements (custom OS hardening, special bootstrap, deep control of the node lifecycle).
This is one of the most common points of confusion, so let’s make it crystal clear.
This role is not meant for workloads.
Worker nodes need a Node IAM Role to:
Your worker nodes won’t become Ready without (at least) these managed policies:
| Policy | Purpose |
|---|---|
AmazonEKSWorkerNodePolicy |
Join cluster, talk to the API Server |
AmazonEKS_CNI_Policy |
Attach ENIs, allocate Pod IPs |
AmazonEC2ContainerRegistryReadOnly |
Pull images from ECR |
Access to an EKS cluster is a combination of two layers: AWS IAM & Kubernetes RBAC.
IAM answers: “Who are you?”
When a principal (an EC2 node or a human user) calls the Kubernetes API Server, EKS uses IAM authentication to verify:
✅ This is why worker nodes must have a proper Node IAM Role attached.
RBAC answers: “What are you allowed to do?”
Even if IAM authentication succeeds, the API call can still fail with Forbidden if RBAC doesn’t grant the required permissions.
After IAM authentication, EKS maps IAM identity into Kubernetes users/groups so RBAC can evaluate permissions. Two common mechanisms exist:
aws-auth ConfigMap (classic, still widely used), example:
mapRoles: |
- rolearn: arn:aws:iam::<account-id>:role/EKSNodeRole
username: system:node:{{EC2PrivateDNSName}}
groups:
- system:bootstrappers
- system:nodes
EKS Access Entries / Access Policies (newer Console-based approach)
For this article:
system:bootstrappers and system:nodes
system:masters or granted an equivalent Access PolicyThe AWS architecture after completing the steps below:
Make sure all resources from Part 1 are created correctly and your cluster is ACTIVE.
Open the AWS Console:
→ Go to IAM
→ Choose Roles → Create role
→ Configure Trusted entity:
Use case: EC2
→ Click Next
→ Attach policies:
AmazonEKSWorkerNodePolicyAmazonEKS_CNI_PolicyAmazonEC2ContainerRegistryReadOnly→ Role name: EKSNodeRole
→ Click Create role
→ Open the EKS service
→ Select cluster demo-eks-cluster
→ Go to Compute → Add node group
eks-mng-general
Node IAM role: EKSNodeRole
→ Click Next.
t3.medium
→ Keep other settings as default.
→ Click Next.
Select only the two private subnets.
This is critical: subnet selection here determines where your worker nodes live. Private subnets are ideal for production worker nodes because they don’t expose instances to the Internet.
→ Click Next → Create.
Wait until the node group status becomes Active.
You don’t need to manually configure bootstrap steps for a Managed Node Group - but understanding the join flow is what makes you effective at troubleshooting.
When you create a Managed Node Group, AWS launches EC2 worker nodes. Each instance gets an Instance Profile containing your Node IAM Role (EKSNodeRole). The join flow looks like this:
kubelet with:
kubelet calls the Kubernetes API Server to register the nodesystem:nodes), the node becomes Ready
In short: nodes don’t “join by Kubernetes magic.” They join because:
IAM authentication proves identity + Kubernetes group mapping allows the node role to function.
With Self-managed nodes, you must build the join path yourself:
/etc/eks/bootstrap.sh <cluster-name>
aws-auth to map the node role into:
system:bootstrapperssystem:nodesManaged Node Groups remove most of this plumbing.
This is the moment your EKS cluster finally starts to feel alive.
→ Open a terminal and run:
kubectl get nodes -o wide
→ Then check system pods:
kubectl get pods -n kube-system
Expected results:
Ready statecoredns, metrics-server, and kube-proxy should transition to Running
Now let’s satisfy curiosity and confirm what AWS created inside your account.
(1) Auto Scaling Group
→ Open EKS Service
→ Select EKS cluster demo-eks-cluster
→ Click Compute tab
→ Select node group eks-mng-general
→ In Details, click the Auto Scaling Group
Inside the ASG page, you’ll find:
InService
(2) Launch Template
From the ASG page:
→ Click the Launch template link.
You’ll see:
(3) Security Group for worker nodes
From the ASG details page
→ Click the Security group IDs.
Review inbound/outbound rules applied to worker nodes.
kubectl get nodes shows nothing
Likely causes:
EKSNodeRole)Likely causes:
t3.large, m5.large, etc.)Pending
Likely causes:
ImagePullBackOff / ErrImagePull
Likely causes:
In Part 2, we:
Next, in Part 3, we’ll go deeper into EKS networking: VPC CNI, ENIs, Pod IP allocation, and traffic flow debugging.
2026-01-10 15:59:32
Keeping documentation up to date is one thing! helping your team or partners quickly digest changes is another. At my company, we use Retype for our docs, and we wanted a way to make them instantly AI-ready for summarization, search, or internal tooling.
Enter retype_llms: a lightweight GitHub Action and Python tool that generates a llms.txt file directly from your Markdown docs. Instead of manually exporting files or worrying about URLs and images, this tool handles it automatically.
llms.txt?
If you’ve ever tried feeding docs to AI tools or building search indexes, you know the challenge: multiple Markdown files, relative images, front-matter headers, and custom routes can all break the context.
retype_llms solves this by:
This means your AI tools, or even scripts that analyze your docs, get clean, structured, ready-to-use content.
Whether you prefer Python scripts or GitHub Actions, retype_llms fits seamlessly:
llms.txt on demand.llms.txt on every push, optionally before Retype builds your site. The file lands in your static/ folder, ready to use.You can integrate retype_llms directly before your Retype build to make sure llms.txt is always up to date:
name: Build Retype Documentation
on:
push:
branches: [main]
workflow_dispatch:
jobs:
build:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: Generate llms.txt
uses: zakaria-chahboun/[email protected]
- name: Build Retype
uses: retypeapp/action-build@latest
- name: Deploy to GitHub Pages
uses: retypeapp/action-github-pages@latest
with:
update-branch: true
It’s designed to require zero changes to your existing Retype setup 😎 just add it to your workflow, and it works.
The tool respects Retype’s logic:
retype.yml
permalink, route, and index file rulesAll of this ensures the llms.txt output mirrors your documentation structure accurately, without any manual cleanup.
Check it out here and give it a spin: 👉 https://github.com/zakaria-chahboun/retype_llms
This small addition can save hours of manual work and make your docs AI-ready in minutes.
Happy documenting! 🚀
2026-01-10 15:58:57
...like the Cloud Practitioner Exam opened our eyes to the potential of the cloud, the AWS Certified AI Practitioner (AIF-C01) is designed to provide that same foundational common language for the world of Artificial Intelligence.
Whether you’re an Executive, Developer, Engineer, or Project Manager, having a baseline understanding of AI principles is no longer a nice to have, it’s absolutely essential.
According to AWS, the AWS Certified AI Practitioner (AIF-C01) is intended for individuals who can effectively demonstrate an overall knowledge of AI/ML, Generative AI Technologies, and associated AWS services, independent of a specific technical job role.
It isn't about proving you can build complex neural networks from scratch. Instead, it validates your ability to:
The ideal candidate has up to 6 months of exposure to AI/ML on AWS. Importantly, you are expected to be a user of AI solutions, not necessarily a builder of models.
To keep this accessible, the following tasks are not required for this exam:
The exam is divided into five main content domains. While Generative AI is the "star of the show," the exam ensures you have a grounded understanding of traditional ML and security as well.
| Domain | Description | Weight |
|---|---|---|
| Domain 1: Fundamentals of AI and ML | Basic concepts, types of ML, and the ML lifecycle. | 20% |
| Domain 2: Fundamentals of Generative AI | What GenAI is, how Foundation Models work, and terminology like "tokens." | 24% |
| Domain 3: Applications of FMs | How to actually use Foundation Models (Bedrock, SageMaker) for real tasks. | 28% |
| Domain 4: Guidelines for Responsible AI | Fairness, bias, explainability, and safety. | 14% |
| Domain 5: Security & Governance | Compliance, IAM, and the Shared Responsibility Model for AI. | 14% |
What makes the AI Practitioner certification special is its accessibility. It provides a structured understanding of the AI ecosystem that is relevant to virtually everyone in tech today.
In many ways, this exam provides AI Literacy: the ability to fluently discuss, plan, and collaborate in an AI-first environment.
The exam consists of 65 questions (50 scored, 15 unscored) to be completed in a single sitting.
In the coming weeks, I’ll be breaking down each of the five domains and their associated task statements. We will dive into everything from the difference between Discriminative and Generative AI to how Amazon Bedrock is changing the way we consume Foundation Models.
Whether you’re a seasoned Cloud Veteran or just starting out, building a foundation in AI is the single best investment you can make in your career today.
The AWS Certified AI Practitioner exam isn’t just about adding a badge to your LinkedIn profile, it’s about building fluency in the technology that is defining our era.
So, let's take the plunge. Learn the basics. Refresh the fundamentals. Build the foundation that unlocks the future.
Let’s get certified!
AWS Certified AI Practitioner (AIF-C01) Exam Guide
2026-01-10 15:54:00
Technology truly shines when it solves a real problem, no matter how small. A few days ago, I found myself in a situation many parents will recognize: helping my oldest son review a science lesson. The added difficulty was that the subject is bilingual, so he not only had to memorize terms like "joints" or "spinal column" but also their English translation and phonetics.
Our initial method was the classic one: the ancient art of "covering the answer with your hand" to guess. It was functional, but monotonous, unmotivating, and not very effective. As we struggled to stay focused, an idea struck me: what if instead of fighting distraction, we combat it with a better tool? Could I, with the help of AI, create a small, custom study application in a matter of minutes?
This post is the result of that experiment—the creation of a custom study app with flashcards. Let's look at the initial specifications, the creation process, and, most importantly, the final result ready for use.
Incredibly powerful study tools like Quizlet, AnkiApp, or ProProfs already exist. They are fantastic and offer a multitude of possibilities. However, they often come with a learning curve or a number of options that can be overwhelming for an immediate and specific need.
Primarily, I didn't need a social ecosystem for the required concepts, nor multiple spaced repetition methods. The priority was to have a quick solution with very specific requirements:
With these goals in mind, and relying on the same "AI copilot" techniques I've explored in other posts, the "Flashcards de Estudio" app was born.
The application is designed to be minimalist yet powerful, offering three ways to start studying in seconds:
This is the most direct method. It allows you to add "Term" and "Definition" rows one by one. It's perfect for short review lists or when you already have the material prepared and just want to quickly digitize it to start studying.
This is where the magic of AI comes into play. In this mode, you just need to type a term, and the AI automatically generates the definition or translation in the language you choose. For my son's science lesson, I simply entered the list of words in Spanish, and the AI instantly completed their English translation and an approximation of their phonetics. It's a spectacular time-saver. To use it, you need to generate a free Key at Google AI Studio and enter it in the "Your Gemini API Key" field to use the Gemini AI engine for content generation.
The application supports translations and definition generation in several languages:
For longer lists (vocabulary for an entire topic, lists of capitals, etc.), the application allows you to upload a text (.txt) or CSV (.csv) file with the terms and definitions. You simply prepare your list in a file, upload it, and the application generates the cards instantly. This feature is ideal for those who want to prepare material for their children or for students who need to digitize entire subjects.
Once the terms and the mode of operation have been selected, it's simply a matter of starting to study. During the session, cards will be displayed for the user to practice the translations or terms before flipping them and indicating whether they got it right or wrong. If correct, the application will add 2 points and a congratulatory emoji and message will appear; if wrong, it will not add points and an encouraging message will appear. In these cases, the mistakes are recorded so that at the end of the session, they can be reviewed again until we are sure we have mastered them.
If all answers are successfully correct, an animated celebration gif will be displayed at the end, and from this screen, we can either study all the terms again or return to the home screen to generate new content.
What started as a solution for an afternoon of studying has become a personal project that I plan to continue improving. "Flashcards de Estudio" is a living project. My intention is to gradually add new features, such as different game modes, progress tracking over time, or the ability to share card decks.
I will chronicle these improvements in future blog posts. Also, once the comment feature is active on Datalaria, I will be happy to gather your ideas and suggestions to make this an even better learning tool for everyone.
This small application is a perfect testament to the era we live in. A personal need, which in the past would have remained a simple complaint or a fruitless search for the "perfect app," can now be materialized into a custom solution thanks to AI.
This is the era of custom content creation. We no longer just consume digital tools; we can build, adapt, and improve them with unprecedented agility.
I hope you find this tool useful. I invite you to try the flashcards app, use it in your own study sessions, and, above all, think about that small problem in your daily life that perhaps, with the help of an AI copilot, you could start solving today.
2026-01-10 15:52:46
2026-01-10 15:37:47
La tecnología brilla de verdad cuando resuelve un problema real, por pequeño que sea. Hace unos días, me encontré en una situación que muchos padres y madres reconocerán: ayudando a mi hijo mayor a repasar una lección de ciencias. La dificultad añadida era que la asignatura es bilingüe, por lo que no solo debía memorizar términos como "articulaciones" o "columna vertebral", sino también su traducción y fonética en inglés.
Nuestro método inicial fue el clásico: el ancestral arte de "tapar con la mano" para adivinar la respuesta. Era funcional, pero monótono, poco motivador y no muy efectivo. Mientras luchábamos por mantener la concentración, me surgió una idea: ¿y si en lugar de luchar contra la distracción, la combatimos con una herramienta mejor? ¿Podría crear, con la ayuda de la IA, una pequeña aplicación de estudio a medida en cuestión de minutos?
Este post es el resultado de ese experimento, la creación de una aplicación propia de estudio con flashcards (tarjetas de memoria). Vamos a ver las especificaciones de partida, el proceso de creación y, lo más importante, el resultado final listo para su uso.
Existen herramientas de estudio increíblemente potentes como Quizlet, AnkiApp o ProProfs. Son fantásticas, y con muchísimas posibilidades. No obstante, a menudo vienen con una curva de aprendizaje o una cantidad de opciones que, para una necesidad inmediata y concreta, pueden resultar abrumadoras.
Principalmente yo no necesitaba un ecosistema social para los conceptos requeridos ni múltiples métodos espaciados de aprendizaje. La premisa prioritaria era disponer de una solución rápida y con unos requisitos muy específicos:
Con estos objetivos en mente, y apoyándome en las mismas técnicas de "copilotaje con IA" que he explorado en otros posts, nació la aplicación "Flashcards de Estudio".
La aplicación está diseñada para ser minimalista pero potente, ofreciendo tres formas de empezar a estudiar en segundos:
Es la forma más directa. Permite añadir filas de "Término" y "Definición" una por una. Es perfecto para listas de repaso cortas o para cuando tienes el material ya preparado y solo quieres digitalizarlo rápidamente para empezar a estudiar.
Aquí es donde la magia de la IA entra en juego. En este modo, solo necesitas escribir un término y la IA se encarga de generar la definición o la traducción automáticamente en el idioma que elijas. Para la lección de ciencias de mi hijo, simplemente introduje la lista de palabras en español y la IA completó al instante su traducción al inglés y una aproximación de su fonética. Es un ahorro de tiempo espectacular. Para poder utilizarlo, es necesario generar una Key gratuita en Google AI Studio e incluirla en el campo de "Tu Clave API de Gemini" para utilizar el motor de IA de Gemini para la generación de contenido.
La aplicación dispone de traducciones y generación de definiciones en varios idiomas:
Para listas más largas (vocabularios de un tema completo, listas de capitales, etc.), la aplicación permite subir un fichero de texto (.txt) o CSV (.csv) con los términos y definiciones. Simplemente preparas tu lista en un fichero, la subes y la aplicación genera las tarjetas al instante. Esta función es ideal para aquellos que quieran preparar material para sus hijos o para estudiantes que necesiten digitalizar temas enteros.
Una vez seleccionados los términos y el modo de funcionamiento, simplemente se trata de empezar a estudiar y durante su ejecución se irán mostrando tarjetas para que el usuario practique dichas traducciones o términos antes de voltearlas e indicar si ha acertado o fallado. Si acierta, la aplicación sumará 2 puntos y aparecerá un emoticono y un mensaje de felicitación, si falla, no sumará puntos yaparecerá un mensaje de ánimo. En estos casos, los fallos son registrados para que una vez finalizada la ejecución se puedan volver a repasar nuevamente hasta asegurarnos que ya los dominamos.
Si todas las respuestas son acertadas con éxito, al finalizar se mostrará un gif animado de celebración y desde esta pantalla podemos volver a estudiar todos los términos de nuevo o volver a la pantalla de inicio para generar nuevos contenidos.
Lo que empezó como una solución para una tarde de estudio se ha convertido en un proyecto personal que quiero seguir mejorando próximamente. "Flashcards de Estudio" es un proyecto vivo. Mi intención es ir añadiendo nuevas funcionalidades poco a poco, como diferentes modos de juego, seguimiento del progreso a lo largo del tiempo o la capacidad de compartir listas de tarjetas.
Relataré estas mejoras en futuras entradas del blog. Además, una vez que la función de comentarios de Datalaria esté activa, estaré encantado de recoger vuestras ideas y sugerencias para hacer de esta una herramienta de aprendizaje aún mejor para todos.
Esta pequeña aplicación es el testimonio perfecto de la era en la que vivimos. Una necesidad personal, que antes se habría quedado en una simple queja o en una búsqueda infructuosa de la "app perfecta", puede hoy materializarse en una solución a medida gracias a la IA.
Es la era de la creación de contenidos a medida. Ya no solo consumimos herramientas digitales, sino que podemos construirlas, adaptarlas y mejorarlas con una agilidad sin precedentes.
Espero que esta herramienta os sea de utilidad. Os invito a probarla app de flashcards, a usarla en vuestras propias sesiones de estudio y, sobre todo, a pensar en ese pequeño problema de vuestro día a día que quizás, con la ayuda de un copiloto de IA, podríais empezar a resolver hoy mismo.