Good Morning!
Another week has come and gone, and with it some interesting AWS releases.
From the Community
An unnamed contractor for the Indian government wins this week’s S3 Bucket Negligence Award.
Charles Fitzgerald makes the excellent observation that AWS sure has dropped its CapEx spend for a company that can’t stop running its mouth about GenAI.
Well, it’s been five years. I confess I was more wrong than right when I predicted Nuclear hot take: nobody will care about Kubernetes in five years..
I didn’t expect to see myself mentioned in a security writeup that’s three decades old–specifically in glibc’s qsort().
This amazing analysis on how AWS Will Lose The Future Of Computing is well worth the read. SemiAnalysis is spot on when it comes to this stuff.
I think the expert The Register cited is undercounting IPs; I’d expect their IPv4 address rentals to mint them billions rather than millions. Very few AWS public IPs allow ICMP echo responses; none of mine do, for instance.
Forgetting entirely who’s been hyping it for the past year despite having next to nothing to show for it, AWS CEO Adam Selipsky Likens Generative AI Hype to the Dotcom Bubble.
Podcasts
Last Week In AWS: A Slightly Better Free Tier
Screaming in the Cloud: Exploring Advanced Cybersecurity with Michael Isbitski
Screaming in the Cloud: SmugMug’s Cloud Adventure with Andrew Shieh
Choice Cuts
re:Invent 2023 Cost Optimization highlights that you were not expecting – This post is relevant to my interests. Stephanie Gooch wrote it (new to me: she apparently also hosts a whole AWS Twitch show on cost optimization that I’ll need to MST3K from the cheap seats one of these days). Anyhoo, the one caution I’d throw about this blog post is the emphasis on CloudWatch Logging costs. Stephanie isn’t at all wrong in what she says, but a nuance that might well sail past folks is that it’s not the storage costs that spike CloudWatch Logs bills, but rather the ingest charges. The standard tier costs 50¢ per GB to ingest, the less-fully-featured CloudWatch Logs Infrequent Access tier costs 25¢ to ingest, and storing logs from either of these costs 3¢ per GB/month. Too many folks see the logging cost spike, figure it’s all their old logs, delete them, and don’t realize any meaningful savings whatsoever. Meanwhile the applications left spewing debug traces continue to do their thing uninterrupted.
Five things to consider when choosing your cloud provider – I wish this would be a little more honest about the obvious: "we believe that AWS is the best place to run cloud workloads, and here are some aspects we think may be overlooked when you’re making a decision" is a lot better than this thing’s attempt at faux-objectivity.
Announcing CDK Migrate: A single command to migrate to the AWS CDK – I need to actually try this; I can see a bunch of ways it goes bad, but not a whole lot that go well. Combined with the other launch that imports existing apps into CloudFormation it provides a bright new day for us to turn ClickOps into something maintainable.
Accenture creates a regulatory document authoring solution using AWS generative AI services – I did something vaguely similar last week myself! I needed a starting template for a DR policy document, and was discouraged by a blank page. The trick, as I learned, was not to tell ChatGPT to do it in one go; rather, I explained what I was trying to do, gave some context, and then instructed it to ask me questions until it had enough information to draft the document. It was awesome. Busywork just became a lot less busy.
Using one-click unsubscribe with Amazon SES – This is important. There are upcoming requirements for "one click unsubscribes." Given that I have some experience with large email systems, this is a bit trickier than it sounds like. Take, I don’t know, this newsletter you’re reading right now. As I figured out years ago when building an anonymizing aggregate click counter (a tale for another time), some of you will click any and every link contained within this email within seconds of my sending it out. In fact, some of you will click those links even if they’re single pixel click targets, or even completely hidden due to CSS. What’s happening is your email providers are validating that none of those links lead to malware or other spam-heavy sites. You’ve gotta be careful that you don’t wind up with people who have affirmatively decided to receive your emails aren’t having automation inadvertently unsubscribe them from things they want to receive. Of course, if they want to stop hearing from you, you should (and must!) honor that immediately.
How to interconnect AWS Cloud WAN core networks – I recently spoke with an AWS customer using Cloud WAN who absolutely adored it. Unfortunately I haven’t gotten to play with it myself yet; there’s a fair bit of cost involved in just getting the baseline set up, and I’ve had bigger fish to fry.
Tools
This fun tool and accompanying writeup talks about AWS Metadata Enumeration and is a terrific reinforcement of the idea that you should absolutely not put anything you’d not want public into an AWS resource tag.
A new version of fck-nat has been released. Man, are those Managed NAT Gateways horribly priced.
… and that’s what happened Last Week in AWS.
