Cloud Computing in the AI Age.

From writing code to designing the system.

This isn't a story about any one vendor. It's that the commodity layer rose: writing a SELECT, an ETL job, a Terraform module or a dbt model is increasingly something a capable model does in seconds. What doesn't automate is the judgment around it — what the data means, what the system is allowed to do, and what it costs. The rest of this page is those three.

Truth, Guardrails & Economics.

Each pillar keeps its name but trades its old core for a new one. The work that used to be the job is now the part AI does; the work that was the hard 20% is now the whole job.

The structural comparison

Data Engineering → the Architect of Truth.

The reality: AI reliably generates SQL, ETL and dbt models. What it cannot reliably do is understand business definitions, data ownership, governance rules, regulatory constraints, or your enterprise ontology — and a confident wrong number is worse than a slow one.

Data Engineers are the gatekeepers of truth: if the foundation is chaotic, every downstream agent, dashboard and model fails. The value shifts from writing ingestion code to structuring the data ontology so autonomous systems can query it without hallucinating. Less plumber, more city planner.

What the human now owns

• Metadata & lineage so any answer is traceable to its source (the blast-radius backbone — see Hot Topics №08).
• Semantic layer & ontology — one governed definition of every metric, so an agent can't invent its own "revenue" (ties to Analytics №04).
• Security & governance policies — guardrails that stop an LLM or agent from reaching restricted files or fabricating financial metrics.
• Vector & knowledge architecture — structured layouts (Apache Iceberg), vector indexes, and the freshness/lineage that make retrieval trustworthy (see Hot Topics №19).

DevOps → the Architect of Guardrails.

The reality: infrastructure is becoming conversational. Instead of terraform apply, teams increasingly say "deploy a scalable data platform with GDPR controls" — and an agent writes the IaC. The hand-written-Terraform era is fading.

The modern DevOps engineer is a Guardrail Architect: you may write less infrastructure code than ever, but you build the system that keeps autonomous code from destroying production. You define the environment policies; agents write and deploy inside isolated, sandboxed environments; you own what happens when AI-generated code fails.

What the human now owns

• Policy-as-code & approval workflows — what an agent is allowed to deploy, and who/what signs off before it reaches production.
• Isolated sandboxes — run model-generated IaC in fully contained environments with no host or production risk.
• Automated testing & rollback — resilient pipelines and fallback architectures for when AI-generated code causes a failure (this is Hot Topics №21 and №13).
• Security boundaries — blast-radius limits so a bad autonomous change can't cascade.

FinOps → the Guardian of Unit Economics.

The reality: the AI era introduced a new expense category — tokens. A single poorly-designed workflow can trigger vector searches, RAG pipelines, agent chains, LLM inference and multi-model orchestration, and quietly cost thousands. Optimization is now a live architectural requirement, not a quarterly cleanup.

The next-generation FinOps professional reasons in unit economics and builds optimization into the architecture itself — dynamically shifting workloads between cheaper custom silicon and heavy accelerators based on the complexity of the query, and knowing exactly when real-time compute beats cheaper cached/static storage.

What the human now owns

• The unit economics of a token — cost per token, per inference, per embedding, per user interaction; profitability becomes an engineering problem.
• Real-time scaling loops — automated, continuous workload shifting, not a dashboard read once a month.
• Silicon & storage choice — custom training/inference chips vs general accelerators; intelligent tiering and dead-data pruning (the storage side of Performance Family 7 and Hot Topics №01/№16).
• Real-time vs cached tradeoffs — when an answer must be live vs served from a cheap pre-computed layer (the heart of Analytics).

Real scenarios: overage, cost balance & deployments.

Why this section exists: every few months another story leaks — an enterprise discovers its assistant or agent fleet has quietly become one of its largest infrastructure line items, an order of magnitude past anything engineering forecast. The details vary; the shape never does: a multiplier nobody modeled, discovered at invoice granularity instead of minute granularity. This is where the Guardrail Architect and the Guardian of Unit Economics earn their titles.

cost per agent cycle (~50K tok @ $15/M blended) ....... $0.75
stuck conversations .................................... 500
retry cadence (no backoff) ............................. every 30 s
cycles per conversation (10 h) ......................... 1,200
total cycles ........................................... 600,000
──────────────────────────────────────────────────────────────
bill before the morning stand-up ....................... ≈ $450,000

designed context per request ........................... 6,000 tok
shipped context (full doc + full history) .............. 60,000 tok
requests per day ....................................... 1,000,000
input price ............................................ $3 / M tok
intended spend ......................................... $18K / day
actual spend ........................................... $180K / day
──────────────────────────────────────────────────────────────
silent delta ........................................... +$162K / day
caught at invoice review, day 12 ....................... ≈ $1.9M

traffic ................................................ 10M req/day · ~2K tok
flagship-only (blended $15/M) .......................... $300K / day
cascade: 90% small model ($0.5/M) ...................... $9K / day
       + 10% routed to flagship ........................ $30K / day
──────────────────────────────────────────────────────────────
with routing ........................................... $39K / day   (−87%)

client retries ×3 · queue redelivery ×2 · fan-out ×5
amplification at peak .................................. 30×
baseline inference spend ............................... $4K / hour
storm window (brownout + replay) ....................... ~6 h
──────────────────────────────────────────────────────────────
surge spend ............................................ ≈ $0.7M
plus duplicate writes to reconcile ..................... days of cleanup

system prompt + tool defs .............................. 2K → 9K tok  (+7K every call)
requests per day ....................................... 5,000,000
hidden extra input ..................................... 35B tok / day
at $3 / M .............................................. +$105K / day
canary gates checked ................................... latency ✓  errors ✓  cost —
days until anyone looked ............................... 7
──────────────────────────────────────────────────────────────
cost of a "no-op" deploy ............................... ≈ $735,000

acquired lake .......................................... 6 PB on GCP (acquirer on AWS)
"just migrate it" egress @ ~$0.08/GB ................... ≈ $480K for ONE copy
re-runs + failed loads (×1.5 in practice) .............. ≈ $720K
dual-run both platforms ................................ 18 mo × $250K/mo ≈ $4.5M
committed-use shortfall (unused CUD/EDP) ............... mid six figures
two catalogs · two IAMs · two DQ stacks ................ the silent ticket tax
──────────────────────────────────────────────────────────────
the line item M&A diligence never priced ............... ≈ $6M before any synergy

The deployment, cost-gated.

Five of the six files share one root cause: cost was not a deployment or runtime gate. The fix is mechanical — put dollars next to latency in the pipeline you already have:

The Guardrail Architect's cost playbook

One engine, not three silos.

In the AI era these domains stop being isolated. They form a continuous loop: DE builds the foundations, DevOps deploys and guards the systems, and FinOps makes sure the infrastructure doesn't bankrupt the company — each feeding the next.

The senior insight is that you can't optimize one corner in isolation. A governance gap in DE becomes a security incident DevOps must contain; a careless deploy becomes a runaway bill FinOps must absorb; a cost cut that drops the wrong tier becomes a data-trust regression back in DE. The people who operate the whole loop are the ones who compound.

AWS · GCP · Azure — patterns, not products.

The same three pillars, three strategic bets

Notice the convergence: all three are racing to the same place — an open-ish data layer, agentic and sandboxed delivery, and economics driven by custom silicon and automated tuning. The differentiator is less the feature list than the ecosystem you're already standing in. The real competition isn't "AWS vs Azure vs GCP" — it's whether your org can govern AI-built systems on whichever one you picked.

The feature matrix — a 2026 snapshot

This is the perishable layer: the product names will churn, but the ten capability categories (the rows) are durable. Read it as a current map and a vocabulary check — not a spec to memorize. Colour marks the provider; each cell is the offering and what it actually does, and the ‹/› toggle expands a minimal code sketch so you can see the shape of each API. Sketches are illustrative — check the provider docs for current syntax before copy-pasting.

import boto3
client = boto3.client('s3tables')
client.create_table(
  tableBucketARN='arn:aws:s3tables:...',
  namespace='analytics_db',
  name='user_logs',
  format='ICEBERG'
)

-- THE point of Omni: this table LIVES in AWS S3,
-- queried from BigQuery in place — zero egress copy
SELECT user_id, action
FROM `aws_us_east_1.s3_logs`   -- Omni connection (AWS region)
WHERE date = CURRENT_DATE();

// virtualize an EXTERNAL AWS S3 bucket into
// the Fabric tenant — no copy, no move
POST https://api.fabric.microsoft.com/v1
  /workspaces/{id}/items/{id}/shortcuts
{
  "name": "External_S3_Shortcut",
  "target": {
    "amazonS3": { "location": "https://bucket.s3..." }
  }
}

{
  "LambdaConfiguration": {
    "Events": ["s3:ObjectCreated:*"],
    "Function": "arn:aws:lambda:...VectorParse"
  }
}

SELECT * FROM ML.PROCESS_DOCUMENT(
  MODEL `my_project.invoice_parser`,
  TABLE `my_project.raw_pdf_blobs`
);

// continuous ingestion mapping
.create table StreamedDocs
  ingestion json mapping 'Map'
  '[{"column":"Text","path":"$.body"}]'

# zero-ETL integration: RDS -> Redshift
aws rds create-integration \
  --integration-name prod-sync \
  --source-arn arn:aws:rds:...:cluster:prod-db \
  --target-arn arn:aws:redshift:...:namespace/analytics

-- Spanner: emit every change for analytics
CREATE CHANGE STREAM analytics_stream FOR ALL;

-- source DB: enable the change feed that
-- Fabric Mirroring replicates from
EXEC sys.sp_change_feed_enable_db;

import sagemaker
sess = sagemaker.Session()
pipeline = sagemaker.workflow.pipeline.Pipeline(
    name="UnifiedStudioPipeline", steps=[...]
)

from google.cloud import aiplatform
aiplatform.init(project='prod-agents')
agent = aiplatform.AgentInstance(id='de-pipeline-agent')

az fabric capacity create \
  --resource-group rg-data \
  --sku F64 --location eastus

{
  "AWSTemplateFormatVersion": "2010-09-09",
  "Description": "Agent-generated cloud structure",
  "Resources": {
    "DataBucket": { "Type": "AWS::S3::Bucket" }
  }
}

apiVersion: workstations.cloud.google.com/v1
kind: WorkstationConfig
metadata:
  name: secure-code-box

- name: Deploy Azure Resources
  uses: azure/arm-deploy@v1
  with:
    resourceGroupName: rg-prod
    template: ./azuredeploy.json

bedrock.apply_guardrail(
  guardrailIdentifier='gr-devops-rules',
  source='SYSTEM_PROMPT',
  content=agent_iac_code
)

run:
  environment: agent-sandbox-secure
  isolation: containerized
  network: egress-blocked

from azure.ai.evaluation import evaluate
res = evaluate(
  evaluation_name="canary_run",
  target=autonomous_agent_wf
)

{
  "AlarmName": "PipelineAnomalyDetection",
  "Metrics": [{
    "Id": "m1",
    "ReturnData": true,
    "Expression": "ANOMALY_DETECTION_BAND(m1, 2)"
  }]
}

{
  "action": "BLOCK",
  "filter_settings": {
    "prompt_injection": { "threshold": "HIGH" }
  }
}

// query the diagnostic stream
AzureDiagnostics
| where Category == "PipelineRuns"
| summarize avg(DurationMs)
    by bin(TimeGenerated, 5m)

# PyTorch Neuron configuration
import torch, torch_neuronx
x = torch.randn(2, 3).to("neuron")

import tensorflow as tf
resolver = tf.distribute.cluster_resolver \
             .TPUClusterResolver()
tf.config.experimental_connect_to_cluster(resolver)

az vm create \
  --resource-group rg-ai \
  --name ND-Blackwell-Node \
  --image Ubuntu2204

client.put_bucket_lifecycle_configuration(
  Bucket='iceberg-data-bucket',
  LifecycleConfiguration={'Rules': [{
    'Status': 'Enabled',
    'Transitions': [{'Days': 30,
      'StorageClass': 'GLACIER'}]}]}
)

gcloud compute instance-groups managed \
  set-autoscaling my-group \
  --max-num-replicas=10 \
  --target-cpu-utilization=0.75

Update-AzFabricCapacity `
  -ResourceGroupName "rg" `
  -Name "myFabric" `
  -Sku "F128"

import redis  # Valkey-compatible client
r = redis.Redis(host='valkey.cache.aws')
r.setex('query_cache_hash', 3600, query_results)

-- identical query shapes reuse cached results
ALTER PROJECT SET OPTIONS(
  use_cached_results = true
);

SELECT * FROM FabricWarehouse.sales
FOR SYSTEM_TIME AS OF
  '2026-06-01 12:00:00';

Read each row across to see how the same capability category is expressed three ways — and read each column down to feel a provider's personality. The skill the matrix is really testing: can you map a requirement to the right primitive on whichever cloud you're handed?

Commodity → valuable → elite.

The highest-paid professionals aren't the fastest coders — they're the ones who can hold all three questions at once: is it trustworthy, is it resilient, is it profitable? That's Data + Infrastructure + Economics in one head.

The real shift, in one table

The AI era doesn't eliminate Data Engineering, DevOps or FinOps — it elevates them. The people who thrive won't be the fastest coders; they'll be the best architects of truth, guardrails and economics.

How to say it in the interview.

When a loop probes how AI changes your role, don't list products — give the durable frame and then prove you operate the loop:

That answer works on any cloud and survives every product rename. The specifics — Iceberg, vector stores, sandboxed agents, custom silicon, canary rollback — are the supporting evidence; the frame is what reads as senior.