Anton Aleksandrov

2021-now, Principal Solutions Architect, Agentic AI & Serverless, AWS
2017-2021, Chief Architect, IBM Cloud Security / App Identity Services
2012-2017, Architect, IBM Cloud MobileFirst Platform
Prior to 2012, Software/Solutions Engineer
See Linkedin for details

Highlights

Building production-grade enterprise AI agents with AWS Serverless and open-source
[ Webinar, AWS Article, HashiCorp Article, Okta Article, Code ]

Building cost-efficient, secure, and
scalable SaaS Platforms
[ re:Invent talk, Zapier, Pega Systems, Smartsheet,
SeatGeek, CyberArk ]

AWS re:Invent - Scaling organizations with platform engineering: A blueprint for success
[ re:Invent talk, Case study, Article, Office Hours, ]

Modernizing cloud security and activity threat detection with industry partners
[ Webinar, Threat detection, CVE Patching, Network monitoring, API Security ]

Customer/partner stories (↑)

Deploying serverless AI agents on AWS with Terraform and securing them with HCP Vault (link)
From authentication to identity propagation: Securing serverless AI agents and MCP servers on AWS with Okta (blog)
How Zapier runs isolated tasks on AWS Lambda and upgrades functions at scale (link)
How Launchpad from Pega enables secure SaaS extensibility with AWS Lambda (link)
Automate Early Security Patching in CI Pipelines on AWS Using NVIDIA AI Blueprints (link)
How Smartsheet optimized their Serverless Architecture Using Lambda Provisioned Concurrency (link)
How Smartsheet reduced latency and optimized costs in their serverless architecture (link)
From 18 Weeks to 3 Hours: How CyberArk Delivers Business Value Faster Using Serverless Technology on AWS (link)
How CyberArk is streamlining serverless governance by codifying architectural blueprints (link)
How SeatGeek uses AWS to control authorization, authentication, and rate-limiting in a multi-tenant SaaS app (link)

Technical publications (↑)

Effectively building AI agents with AWS Serverless (link)
Architecting conversational observability for cloud applications (link)
Building multi-tenant SaaS applications with AWS Lambda’s new tenant isolation mode (link)
Building responsive APIs with Amazon API Gateway response streaming (link)
Improving throughput of serverless streaming workloads for Kafka (link)
Enhancing API security with Amazon API Gateway TLS security policies (link)
Dynamically routing requests with Amazon API Gateway routing rules (link)
Enhancing multi-account activity monitoring and threat detection with event-driven architectures (link)
Automating AI-assisted container deployments with the Amazon ECS MCP Server (link)
Monitoring network traffic in AWS Lambda functions (link)
Building Serverless MCP Servers and What Does Peppa Pig Have To Do With It (link)
Optimizing network footprint in serverless applications (link)
Handling billions of invocations – best practices from AWS Lambda (link)
Delivering events to cross-account targets with Amazon EventBridge (link)
Efficiently processing batched data using parallelization in AWS Lambda (link)
Applying Generative AI to CVE remediation – early vulnerability patching in Continuous Integration Pipelines (link)
Building Serverless Applications with Terraform Guide (link)
Accelerating polling scale-up for AWS Lambda functions configured with Amazon SQS (link)
Enhancing runtime security and governance with the AWS Lambda Runtime API proxy extension (link)
Integrating the AWS Lambda Telemetry API with Prometheus and OpenSearch (link)
Cost optimization for AWS Lambda Guide (link)
Implementing long-running TCP Connections within VPC networking (link)
Introducing the AWS Lambda Telemetry API (link)
More room to build: serverless services now support payloads up to 1 MB (link)
Propagating valid mTLS client certificate identity to downstream services using Amazon API Gateway (link)
Extending your SaaS platform with AWS Lambda (link)
Using Istio to secure multi-cloud Kubernetes applications with zero code changes (link)
IBM Cloud App ID White Paper (link)
Adding Sign In to Multicloud Applications Without Code Changes (link)
Reusing Existing Red Hat SSO and Keycloak for Applications That Run on IBM Cloud with App ID (link)
Protecting Your Cloud Applications with App ID and Existing IBM Cloud Identity User Repository (link)
Serving Cached Content Using Cloud Internet Services, Cloud Object Storage and Certificate Manager (link)

Public speaking (↑)

AWS re:Invent 2025 - Secure Multi-tenant SaaS with AWS Lambda: A Tenant Isolation Deep Dive (video, slides, resources)
AWS re:Invent 2025 - Scaling Serverless with platform engineering: A blueprint for success (video, slides, resources)
AWS re:Invent 2025 - Building production-ready Agentic AI architectures (slides, resources)
AWS re:Invent 2025 - Optimizing Kafka workloads with AWS Lambda (slides, resources)
Building serverless AI Agents on AWS with Strands Agents SDK Webinar (video, slides)
Serverless Office Hours - Building Serverless AI agents (video)
Serverlеss Office Hours - Building secure multi-tenant apps with Lambda Tenant Isolation mode (video)
Serverlеss Office Hours - API Gateway Response Streaming for AI applications (video)
What’s new in Serverless and Containers - re:Invent 2025 recap (slides)
Building serverless MCP Servers on AWS (video, slides)
Enhancing multi-account activity monitoring and threat detection with event-driven architectures (video, slides, resources)
Serverless Office Hours - Dynamically routing requests with Amazon API Gateway routing rules (video)
AWS re:Inforce 2025 - Governance Best Practices for Modern Applications (slides, resources)
Platform Engineering Best Practices from AWS and CyberArk (video)
Serverless Office Hours - Handling billions of AWS Lambda invocations (video)
NVIDIA GTC 2025 - Automated Vulnerability Patching in CI pipines for Financial Services organizations (slides)
Serverless Office Hours - Scaling Apache Kafka Processing (video)
What’s new in Serverless 2025 (slides)
AWS re:Invent 2024 - Accelerate serverless deployments using Terraform with proven patterns (slides, video, resources)
AWS re:Invent 2024 - Improve throughput and monitoring of serverless streaming workloads (slides, video, resources)
HashiConf 2024 - Accelerate serverless deployments using HashiCorp Terraform (video, slides)
Serverless cost and performance optimization (slides)
AWS PartnerEquip 2024 - Using Lambda extensions for enhanced observability (slides)
What’s new in Serverless 2024 (slides)
Scaling Serverless Development with Platform Engineering (video, slides, webinar)
Building serverless applications on AWS with HashiCorp Terraform (webinar)
Serverless Office Hours - Serverless Platform Engineering (video)
Containers from the Couch - Automate container security with Amazon Bedrock, ECR, EKS, Inspector, and Lambda (video)
Serverless Office Hours - Building Serverless Apps with Terraform (video)
LASCON 2024 - Applying generative AI to CVE remediation (video, slides)
AWS re:Invent 2023 - Combining EventBridge and Step Functions - advanced usecases and best practices (slides)
AWS re:invent 2023 - Building multi-tenant applications with Lambda and Fargate (slides)
What’s new in Serverless 2023 (slides)
Building multi-tenant SaaS applications with AWS Serverless (slides)
LASCON 2023 - Reverse-engineering the Enigma Machine and rebuilding with serverless (video, slides)
Building SaaS on AWS - Multi-tenant sharding strategies in SaaS applications (video, slides)
AWS re:Invent 2022 - What’s possible with AWS Step Functions (slides)
Serverless Office Hours - Building real-life asynchronous architectures (video)
Serverless Office Hours - Multi-tenant serverless SaaS applications with AWS Serverless (video)
LASCON 2022 - A visual journey to demystifying OAuth2 and OIDC (video, slides)
KubeCon 2019 - Declaratively Securing Kubernetes Applications with Zero Code Updates (slides)
LASCON 2019 - Building secure cloud apps (and sleeping well at night) (video, slides)
LASCON 2018 - GDPR for Cloud Applications (video, slides)
(And quite a few more in the last ~15 years…)

Code (↑)

Building AI workloads on AWS with AgentCore and Terraform (link)
Serverless AI Agent (Strands Agents SDK) and MCP Server, with E2E user authorization (link)
Lambda Tenant Isolation mode (link)
Serverless MCP Servers (link)
Lambda Network Monitoring (link)
Efficiently processing batched data using parallelization in AWS Lambda (link)
API Gateway response streaming (link)
Introducing faster polling scale-up for AWS Lambda functions configured with Amazon SQS (link)
Enhancing runtime security and governance with the AWS Lambda Runtime API proxy extension (link)
AWS Lambda Telemetry API extension, Golang (link)
AWS Lambda Telemetry API extension, Node.js (link)
AWS Lambda movie theater with response streaming (link)
Propagating valid mTLS client certificate identity to downstream services using Amazon API Gateway (link)
Using data compression with AWS Lambda functions (link)
Jenkins plugin for AWS Lambda (link)
Okta Customer Identity Cloud (Auth0) JWT Validation Extension (link)
Lambda functions on deprecated runtimes finder (link)
Lambda runtimes status (updated daily)] (link)

Advisor / technical authority / reviewer (↑)

Optimizing Compute-Intensive Serverless Workloads with Multi-threaded Rust on AWS Lambda (link)
Orchestrating large-scale document processing with AWS Step Functions and Amazon Bedrock batch inference (link)
Accessing private Amazon API Gateway endpoints through custom Amazon CloudFront distribution using VPC Origins (link)
Understanding and Remediating Cold Starts: An AWS Lambda Perspective (link)
Building resilient multi-tenant systems with Amazon SQS fair queues(link)
Infrastructure as code translation for serverless using AI code assistants (link)
AWS Serverless MCP Server: AI-powered development for modern applications (link)
AWS Lambda introduces tiered pricing for Amazon CloudWatch logs and additional logging destinations (link)
Streamlining trace sampling behavior for AWS Lambda functions with AWS X-Ray (link)
Automating chaos experiments with AWS Fault Injection Service and AWS Lambda (link)
Protecting REST APIs Behind Amazon API Gateway Using Okta (link)
Building a three-tier architecture on a budget (link)
Protegrity Data Protection for Amazon S3 and Snowflake (link)

Patents (↑)

Trusted Repository Review (Patent No. 12124583) (link)
User Profile Access From Engaging Applications With Privacy Assurance Associated With An API (Patent No. 11122048) (link)
Updating Web Resources (Patent No. 10713034, 10694353, 10212563, 10282191, 9921821, 9733919, 9690563) (link)
Intelligent Mobile Application Update (Patent No. 9952851, 9934020) (link)
Processing Hybrid Data Using A Single Web Client (Patent No. 9930130, 9648124, 9525587) (link)
Integrating Remote Content with Local Content (Publication No. 20130307871) (link)

Oldies, but still goodies (↑)

IBM Cloud App ID - Technologies Under the Hood (video)
IBM Cloud App ID - Protecting Node.js Backend Application (video)
IBM Cloud App ID - Protecting Node.js Web Applications (video)
IBM Cloud App ID - Protecting Liberty Java Web Applications (video)
IBM Cloud App ID - Protecting Liberty Java Backend Applications (video)
IBM Cloud App ID - Management API (video)
IBM Cloud App ID - Protecting Android Applications (video)
IBM Cloud App ID - Protecting iOS Applications (video)

IBM Cloud App ID - Protecting Spring Boot Backend Application (video)
IBM Cloud App ID - Protecting Spring Boot Web Applications (video)
IBM Cloud App ID - Using Multiple App ID Instances (video)
IBM Cloud App ID - Implementing the End-2-End Workflow (video)
IBM Cloud App ID - Introduction to Istio Service Mesh (video)
IBM Cloud App ID - Integrating with Keycloak (video)
IBM Cloud App ID - Integrating with IBM Cloud Identity (video)
IBM Cloud App ID - Protecting IBM Kubernetes Service OpenShift Applications (video)
IBM Cloud App ID - Protecting IBM Cloud Pak for Applications (video)