Good Morning!

Today marks incoming AWS CEO Adam Selipsky’s first day as an AWS employee since 2016 (that’s a long time; this newsletter started in 2017). His day is bound to be filled with HR paperwork, learning where the bathrooms are, making a bunch of unpleasant discoveries (“Wait, you named a building ‘re:Invent?’ That wasn’t a joke?”), and finding out who this Corey Quinn character is after 40 people forward him this email.

Hi, Adam! It’s great to meet you. Everyone has a giant pile of questions for you, but I have only one: when is your birthday?

From the Community

Take a deep dive into observability at o11ycon+hnycon, a two-day virtual conference on the future of shipping software. Happening June 9-10, this event is designed to connect you and your peers to explore cutting-edge capabilities and unique outcomes that define observability. You’ll also hear from top Honeycomb customers and observability experts—including Corey Quinn and Nora Jones! Sponsored

A Cloud Guru has listed 21 “AWS Builders” to follow in 2021; while many of them work at AWS, The Duckbill Group’s Amy Arambulo Negrette doesn’t, and is indeed well worth paying attention to.

Project Zero found a vulnerability in AWS CloudShell, that has been closed.

I don’t often link to GitHub Issues, but when I do it’s usually a good one. In this case, ZA̡͊͠͝LGΌ breaks an AWS SDK.

I like this QLDB Guide & Demo; why can’t the formal documentation be this clear?

If Amazon is hiring people just to be able to fire them later in order to meet internal turnover goals, there’s an easy optimization; I have a list of names of people that should be shown the door immediately.

Babychakra scored themselves an S3 Bucket Negligence Award, claims that the data wasn’t accessed, but offers no evidence to back that assertion up. Does that mean their logs were clean, or that they weren’t logging data plane access?

My snarky perspective on the launch of Amazon Finspace apparently caught InfoQ’s attention.

I was hoping that someone would argue with me about my position that Security Is Someone Else’s Job Zero, but apparently I was unfortunately once again afforded the Mantle of Thoughtleader Correctness.

The Duckbill Group blog has a dive into what the hell an ECU, or EC2 Compute Unit, is.

Apparently there’s now a Systems Manager Negligence Award, with 5 million records so far exposed.

The Pentagon once again finds itself embodying a cat on the wrong side of the cloud door, as it weighs cancelling JEDI entirely.


If you’ve got an interesting job for this newsletter’s eminently employable subscribers, get in touch!

Some combinations won’t ever play nice. Cats and dogs. 98point6, a mission-driven company that’s making primary care more accessible and affordable, it’s the dynamic duo that’s leading the change in a much-needed digital health revolution. They’re hiring engineers and engineering managers across several disciplines to enhance the practice of medicine—relentlessly improving a platform, built on AWS, that helps reimagine the patient and physician experience.They’re looking for engineers to further their efforts, build critical systems for on-demand care at scale and collaborate across the organization while expanding the types of care they provide. Interested in being a part of healthcare innovation? Check out their open roles and apply now.

The AWS User Experience Products & Platform team is responsible for products that enable AWS users to manage their applications and infrastructure on AWS. Our mission is to deliver an effective, efficient, and loved user experience that makes it easy for all users to discover, learn, and build on AWS. Today, we own the AWS Management Console, the AWS Console Mobile App, the AWS Chatbot, as well as the User Experience Platform used by 175+ AWS service teams to develop and deliver their user experience across multiple channels (web, mobile, chat).

Think “GitHub for marketing teams” and you’d be pretty close to describing Loomly. They’re looking for someone to take ownership of and lead their DevOps/SRE efforts–and that person might well be you. They’re fully remote, post their salary ranges, and using a bunch of AWS services. I’m a fan of what I’ve seen from them so far; see if this role is up your alley.

Choice Cuts

The realities of the past year have forced businesses of all kinds to turn the volume on cloud adoption up to 11. But handling this shift is easier said than done. CloudLIVE 2021 is your chance to get a behind-the-scenes look at proven strategies for FinOps and comprehensive multi-cloud management.Don’t miss out the industry-leading multi-cloud management conference—grab your free ticket today. Sponsored

[Free Book] Definitive Guide to Feature Management

Feature management is a new class of software development tools & techniques powered by feature flags. A feature management platform like LaunchDarkly fills the gaps of conventional feature toggles. Learn the ins & outs of feature management today.Ship Fast. Rest Easy. LaunchDarkly. Sponsored

Announcing Amazon RDS for SQL Server on AWS Outposts – Gone are the old days of data center management; now you can pay Amazon to pay Microsoft to run Microsoft databases in your data center.

AWS Organizations launches new console experience – A pig discovers a shade of lipstick that really offsets its eyes nicely.

AWS Premium Support launches Support Automation Workflow (SAW) runbooks for self-service diagnosis and remediation – AWS has built a bunch of automated tooling to help fix common problems that are breaking your AWS environment, and in its infinite wisdom decided that this is the thing to view as a profit center.

Four new EC2 High Memory instances with up to 12TB of memory are now available with On-Demand and Savings Plan purchase options – Apparently AWS has taken their EC2 instance pricing page and made it significantly worse in every respect. You now have to tab through a bunch of things to find the instance you want, and as best I can tell these new high memory instances still cost “reach out to your account team for details.”

Learn how to develop applications with Amazon DynamoDB – AWS launches their own crappier version of Alex DeBrie’s DynamoDB Guide, and has begun charging you for it. Can someone please explain to me the logic behind “charging people to learn to use a thing they will pay you far, far, far more money to use?”

Discovering Hot Topics using Machine Learning – I had to read the article just to ensure the answer wasn’t a snake-oil equivalent of “go to the local mall; you’ll find a Hot Topic there.”

Cost Tagging and Reporting with AWS Organizations – A less accessible, more overwrought version of The Duckbill Group’s guide to cost allocation tagging has come to AWS. After all, doesn’t every great guide to cost tagging feature a curated selection of SQL queries?

Introducing Cold Storage for Amazon Elasticsearch Service – Instead of pulling a ChaosSearch and letting you query your data in place via Elasticsearch/OpenSearch compatible APIs, AWS has decided that the better move was to make you manually move data from S3 to their Elasticsearch service, then query it. If you practice enough, you can turn this into a more expensive version of ChaosSearch that’s only 6,000 times slower.

Unify your iOS mobile app CI/CD pipeline with Amazon EC2 Mac Instances – This is the way to contextualize today’s EC2 Mac instance offering, NOT as your workstation in the cloud. Next year at re:Invent maybe…

Integrating Dropbox for persistent user data storage in Amazon AppStream 2.0 – Glad to see the AWS / Dropbox business relationship is thriving, or else this post would never have seen the light of day.

A Short History of Digital Commerce and Five Trends to Watch in the Next Decade – “Trend number six, prepare for our retail division to either destroy you outright or die in the attempt.”

Build an anomaly detection model from scratch with Amazon Lookout for Vision – For a company that’s as finicky as AWS is about the proper use of its branding, logos, and inscrutable “Amazon vs. AWS” service naming convention, they sure did stomp all over the LEGO group’s branding requirements. They started by not capitalizing “LEGO,” and also by failing to flag it the first time it’s used as a registered trademark. Then, they wound up defacing a number of the bricks to simulate “production defects,” which is just going to please the hell out of the LEGO group employees who’ve been vocal champions of AWS. I maintain that AWS remains its own worst enemy.

Delete Amazon CloudWatch Synthetics dependent resources when you delete a CloudFormation stack – The CloudWatch team has the stunning breakthrough realization that when someone deletes a stack, they want all of the resources it created to go along with it. Yes, even those. Yes, I’m sure. No, I don’t want you to bill me for them anymore.

How Wealthfront utilizes AWS X-Ray to analyze and debug distributed applications – That 0.25% management fee they charge before fund expense ratios had to have been going somewhere; apparently “their AWS bill” is the answer.

AWS SaaS Boost released as open source – AWS has open sourced their tool that migrates existing SaaS products into AWS. If there’s one company that clearly knows what it takes to succeed in providing well structured SaaS products to customers it’s AWS, as demonstrated by… hang on… I’m sure an example will come to me in a second…

Automated Earth observation using AWS Ground Station Amazon S3 data delivery – Are there really so many companies paying AWS to talk to the satellites they’ve put in orbit that this content is best served as a blog post instead of, y’know… an email to both of the customers to whom it would apply?

Use EC2 Instance Connect to provide secure SSH access to EC2 instances with private IP addresses – EC2 Instance Connect is a hidden gem of AWS services; it’s a great way to get quick access to your EC2 instances without completely pooching your SSH key management.


Flying blind in the cloud? Lacework provides a flight recorder for your user, API, and container activity – all organized into behaviors that deliver answers in seconds and takes you out of the analysis paralysis game. Whether you’re ready to take the red pill or the blue pill, Lacework bridges the gap between DevOps and Security. Lacework makes it easy with everything from compliant service configurations to container app topologies – no rules required. Got doubts? Challenge accepted. See for yourself at Sponsored

If you need to deploy assets to S3, consider s3assetdeploy instead of rebuilding your own again.

At last, a one-off task handler for ECS that streams the output, called ecs-run-task.

This week I learned what Topfew and Amdahl were, and will be integrating them into my workflows immediately.

… and that’s what happened Last Week in AWS.

Newsletter Footer

Sign up for Last Week in AWS

Stay up to date on the latest AWS news, opinions, and tools, all lovingly sprinkled with a bit of snark.

"*" indicates required fields

This field is for validation purposes and should be left unchanged.
Sponsor Icon Footer

Sponsor a Newsletter Issue

Reach over 30,000 discerning engineers, managers, and enthusiasts who actually care about the state of Amazon’s cloud ecosystems.