Good Morning!
We’re throwing our first San Francisco FinOps Meetup this week; come on out tomorrow evening and join us.
And if you’re debating changing roles, we have a whopping eight roles open here at Duckbill, ranging from a practice manager to enterprise sales to a data engineer. Take a look, and wonder if perhaps working with me might not be all that bad.
From the Community
HR giant Workday says hackers stole personal data in recent breach | TechCrunch – I truly don’t get why it took this long to fix the observabiltiy issue around throttled keys. It used to be you’d need to talk to Support, and they’d show you a heat map under strict NDA. I didn’t get it back then, and I don’t get it now; I’m just glad that we can self serve these issues.
AWS in 2025: The Stuff You Think You Know That’s Now Wrong – A few folks took issue with my item about not having to randomize keys, but I’m right as per this 2018 announcement. Note that that’s a Wayback Machine link, because once again some bright spark at AWS has broken historical "what’s new" pages, since whomever’s dicking around with that page is clearly not someone who has to use it for things like this. To that person: will you knock it the hell off, already?
AWS apparently is dragging its feet on issuing a security advisory for one of its rushed-out-the-door MCP servers. .
The Kiro IDE is apparently a wallet wrecking tragedy for which AWS blames a bug, at least in part.
Microsoft is apparently not telling customers that Copilot can bypass audit logs.
Matt Garman apparently says that AI replacing junior staff is the dumbest idea he’s ever heard and I am totally here for it.
Podcasts
Last Week In AWS: DocumentDB 3.6: Now Even Less Worth Using
Screaming in the Cloud: The Transformation Trap: Why Software Modernization Is Harder Than It Looks
Choice Cuts
Celebrating 10 years of Amazon Aurora innovation – Once again AWS demonstrates a radically different understanding of the word "innovation" than the rest of the world. Aurora has spent the last decade careening around like a pinball someone kicked in frustration. First it was Serverless, proudly scaling to zero. Then v2 arrived, didn’t scale to zero, then eventually did kinda. Then came Aurora DSQL, which does scale to zero but can’t be called Serverless because naming consistency would apparently kill the thrill. Pricing has ricocheted just as wildly: charging for I/O, then not but in return tacking on extra per instance, then forcing customers to choose without a lot of information. Ten years in, the only thing Aurora has truly mastered is making sure customers never, ever know what to expect next. Maybe some would call that "innovation," but I have a few other words for it.
Vibe code with AWS databases using Vercel v0 – "Vibe-coding" and "databases" go together about as well as "chainsaws" and "puppies," with similar results.
Enhanced throttling observability in Amazon DynamoDB – I don’t know why it took this long to fix the issue, but I’m glad they did. Historically the only way you’d be able to discover things like this around hot keys would be to open a Support ticket, then they’d give you a heat map under strict NDA. Why? I don’t know. I didn’t know back then, and I don’t understand it now. I’m just glad it finally got fixed.
Under the hood: how AWS Lambda SnapStart optimizes function startup latency – This is a good read if for no other reason than the security angle: you’re dropping startup latency by snapshotting the function state before it’s invoked. Make very sure you’re not setting things you shouldn’t be outside of the handler!
AWS Security Incident Response introduces integrations with ITSM – AWS has a long history of improving services post-launch, from which they deviate this time by making the thing talk to Jira.
Amazon Cognito adds terms of use and privacy policy documents support to Managed Login – Just like the AWS console itself, they’re modifying Cognito by adding more meaningless clickthrough agreements that nobody’s ever going to read.
AWS Billing and Cost Management now provides customizable Dashboards – They’ve duct-taped Cost Explorer, Savings Plans, and RI reports into a single view, slapped the word dashboards on it in some places and widgets in others, and called it GA.
AWS Billing and Cost Management Console adds new recommended actions – There are six new recommended options here. They’re seppuku, groveling, self-flagellation, denial, offering your firstborn child, and embracing the void.
Amazon VPC IPAM adds in-console CloudWatch alarm management – For what exactly, "this hosted Excel spreadsheet replacement just crossed the $10K monthly spend threshold since it charges per IP address?"
… and that’s what happened Last Week in AWS.
