Good Morning!

I got to talk with DHH on Screaming in the Cloud about kicking trillion-dollar companies in public last week; I suspect it’ll appeal to your sensibilities if you enjoy this nonsense. Check it out.

Come for the fifteen year history of AWS, stay for the handful of Corey quotes within.

Lastly, we’re hiring for a new role here at the Duckbill Group: a Principal Cloud Economist. As a Senior/Principal Cloud Economist, you will be responsible for helping our clients understand and optimize their AWS spend. You will be working on identifying cost reduction opportunities at an architectural level, building cost forecasting models, creating better governance and cost management controls, and helping negotiate multi-million dollar AWS contracts. We’ve found that people with senior SRE skills combined with strong business acumen tend to thrive in our other similar roles. I also did a twitter thread on how we built this (and the rest of our) job descriptions. If you’re looking for a change and it feels like a fit, please consider applying.

From the Community

Ah… the ELK Stack – so much initial promise, yet ultimately so unstable at scale – not to mention the unending time and opportunity costs of maintaining the beast! For those of you still shepherding an ELK Stack along – I can’t urge you strongly enough to put down your Advil, and take a look at ChaosSearch today. They’ve really engineered something amazing – a fully managed data analytics platform, with NO ElasticSearch under the hood, that leverages your own Amazon S3 as a data store. Imagine no more data movement, no more data retention limits and all at a fraction of the cost of running your ELK Stack. Definitely check out ChaosSearch today – you won’t be sorry! Sponsored

A great dive into What Architects Need to Know About Networking on AWS. “More than you might suspect, less than you fear” is the summary.

There are some costs to it, but exporting Cost Explorer data to Excel is a good approach.

Cloudonaut (Andreas) heads out on parental leave. Congratulations and many happy returns; we’ll see you in January.

Another way to avoid using NAT Gateways and their insulting pricing: Step Functions.

I’m still waiting for my first, but ACM somehow landed A Second Conversation with Werner Vogels.

Cold starts aren’t that big of a deal anymore. This analysis helps to show why on a per-language basis; the numbers are tiny. How’d they even do that?

This week’s S3 Bucket Negligence Award goes to Premier Diagnostics. Good work, chumps. You’ve utterly failed the people to whom you owed a responsibility.

Between this reddit thread and this thoughtful analysis it’s pretty clear that Cognito has run out of time in the public perception to improve their service to a point of usability. Honestly? I’m fed up with it too.

According to Business Insider, when Jeff Bezos was deciding who the next CEO of Amazon was going to be, Andy Jassy was the only person out of the four involved in the process who wasn’t named Jeff.

A rare glimpse into Amazon’s document culture.

Protocol has a dive into the history of S3 that prominently features one of the people I respect the most in the business universe, Mai-Lan Tomsen Bukovec.


If you’ve got an interesting job for this newsletter’s eminently employable subscribers, get in touch!

Senior Software Development Manager / Engineer (two roles, not one psychotic one!)

I used to make fun of CloudFront for a variety of things. I don’t do it nearly as much anymore–not because I got tired of the joke, but because it very quietly became a lot better. It’s borderline impressive at this point. Help continue to shift my loud dumb opinion by considering becoming a Senior Software Development Manager in the CloudFront Edge Computing group. Manage the Lambda@Edge team! Work on global scale problems! Make Corey shut his mouth! What’s not to love? Managing people?

Well okay! Same team, same challenges, but work on code instead of wrangling humans. They’re also hiring for a Senior Software Engineer

Choice Cuts

Have you checked out our friends at FireHydrant? They’re helping the likes of CircleCI and LaunchDarkly master the mayhem. What does that mean? Well, they’re an incident management platform founded by SREs who couldn’t find the tools they wanted – so they built one. I mean, why not? Their platform allows teams to create consistency for the entire incident response lifecycle – from alert handoff to retrospective, and everything in between – tracking, communicating, reporting – FireHydrant will automate processes so you can focus on resolution. Visit to get your team started today. Sponsored

Amazon EC2 Auto Scaling adds support for local time zones for scheduled scaling – This is a great idea right until the very moment where you hire engineers in two distinct timezones, but don’t worry–no company would do that!

Amazon QLDB Increases Verification APIs Throughput by an Order of Magnitude – If this wasn’t due to engineering improvements but rather just clever sleight-of-hand the acronym still works as the Quantum Legerdemain Database.

AWS announces Developer Preview release of opinionated deployment tool for .NET CLI – YES. THANK YOU! More opinionated tools, please. “There are 500 ways to do this” is great for folks who need that level of configurability; for those who don’t, pick a path and don’t bug me about it.

AWS Cost Anomaly Detection now supports AWS CloudFormation – As in “you can configure it in CloudFormation,” not “it will tell you if your CloudFormation template is about to blow the budget.” Because you absolutely want that one to exist.

AWS Launch Wizard now supports ‘No Rollback on Failure’ – As a result, the current state of your environment is “wedged.”

Amazon S3 Glacier Price Reduction – This is a meaningful reduction because it affects PUTs and lifecycle functions. If they wanted to have a flashy reduction that didn’t change anything they would have instead lowered the price on retrieving data from Glacier. While that price is already low / reasonable, it’s also irrelevant because nobody has ever retrieved anything from Glacier; it’s where data goes to die.

Amazon S3’s 15th Birthday – It is Still Day 1 after 5,475 Days & 100 Trillion Objects – Just something to consider here: the lowest cost to create an object in S3 is $.005 per 1,000 requests. That’s half a billion dollars just to create those objects, assuming none of them were created under the auspices of a private pricing agreement. Simply staggering…

AWS Fault Injection Simulator – Use Controlled Experiments to Boost Resilience – Now when the AWS status page shows “increased error rates,” in addition to being annoyed that things are broken you can also worry about being charged an extra 10¢ per minute.

IAM Access Analyzer Update – Policy Validation – “Your IAM policy is bad and you should feel bad, or at least fix it” finally comes to the AWS console, which you should never ever be using–wait, what? I grow wearing of waiting out the “eventually” part of the messaging’s eventual consistency.

Honeycomb’s approach to observability helps you resolve incidents faster, make your services performant, and reliably ship features quickly. Gain confidence in your code by clearly seeing and understanding all the dark hidden corners of production.

To learn how it works, join our Weekly Live Demo and ask our real live humans. Or schedule Observability Office Hours for 1:1 advice on tackling the specific problems most relevant to you. Stop guessing. Start knowing. Sponsored

Introducing Amazon S3 Object Lambda – Use Your Code to Process Data as It Is Being Retrieved from S3 – S3 can now host both static websites and dynamic ones. Please implement WordPress via Lambda now.

NEW – Using Amazon ECS Exec to access your containers on AWS Fargate and Amazon EC2 – Systems Manager Session Manager (wonderful service, terrible name, strange job title) is leveraged again to allow you to run arbitrary commands inside of running containers.

AWS Community Builders | Worldwide Cloud Community | AWS Developer Center – The AWS Community Builder program (of which I am a member) is launching for new nominees. Come help me badger AWS employees from a slightly different angle!


Download today: Kubernetes security ebook – tips, tricks, best practices

The rapid adoption of Kubernetes to manage containerized workloads is driving great efficiencies in application development, deployment, and scalability. However, when security becomes an afterthought, you risk diminishing the greatest gain of containerization – agility. Download this ebook to learn how to (1) build secure images and prevent untrusted/vulnerable code, (2) configure RBAC, network policies, and runtime privileges, (3) detect unauthorized runtime activity, and (4) secure your Kubernetes infrastructure components such as the API server. Sponsored

If Lake Formation has wrecked your access controls, this handy tool will help you fix them.

Ooh, show me a tree view of my SSM parameters is awesome.

I’ve been looking for a new Python style enforcer, and Black seems like it might do the trick. Talk me out of it?

If you want to get out of a conference call, it’s hard to beat Zoom Escaper as your method of choice.

… and that’s what happened Last Week in AWS.

Newsletter Footer

Sign up for Last Week in AWS

Stay up to date on the latest AWS news, opinions, and tools, all lovingly sprinkled with a bit of snark.

"*" indicates required fields

This field is for validation purposes and should be left unchanged.
Sponsor Icon Footer

Sponsor a Newsletter Issue

Reach over 30,000 discerning engineers, managers, and enthusiasts who actually care about the state of Amazon’s cloud ecosystems.