Good morning!

For those relatively new to the list, it’s time once again for my periodic “here’s what I do for a living” story. At the Duckbill Group we fix the horrifying AWS bills, by making them both smaller as well as easier to predict. If you’re having trouble with yours, reach out; we’d love to talk with you!

From the Community

Have you heard about ChaosSearch, the fully managed log analytics platform that leverages your Amazon S3 as a data store, with no further data movement required? According to the CTO at Armor, “ChaosSearch is a critical piece of our infrastructure for processing terabytes per day of our customers’ log data.” And from Hubspot: “We are able to process and analyze terabytes a day of Cloudflare log data to identify and fend off DDoS attacks on behalf of our 76,000 customers at a fraction of the cost of our previous self-hosted ELK Stack.” So take it from me, Corey Quinn, or take it from the ChaosSearch customers – either way, take a look at ChaosSearch today! Sponsored

Brendan Gregg’s seminal book Systems Performance: Enterprise and the Cloud is getting a second edition. You want to buy this one; I promise, whoever you are: you’re going to learn something.

Someone else has completed Forrest Brazeal’s Cloud Resume Challenge. You want to read this one, particularly if you’re looking to hire ambitious talent in the cloud space.

25 In-Demand Tech Jobs and Skills at Amazon – Dice has an article on what jobs and skills are in demand by hiring managers at Amazon itself. “Crap at naming things” remains conspicuously absent.

Have you used AWS Lake Formation? Of course not, only one person has so far. Fortunately, they documented their experience for the rest of us.

AWS’s stubborn insistence on not creating a managed cron service that’s worth anything has been worked around via this handy post.

A counted list of failings; specifically how the best database in the world fails to support DNSSEC.

Another Redmonk article, this one from Rachel Stephens! It talks about this year’s changes to IaaS pricing patterns and trends.

Stephen O’Grady of Redmonk is a source of ever-increasing irritation to me, specifically in the sense of “I wish I could write half as well and with anything approaching his level of insightful.” His latest is no exception, and it covers GCP’s BigQuery and its middleware play. Read this; it’s compelling.

Twitter’s embarrassing hack was showcased in an article that also showcased my embarrassingly against-my-brand display of empathy.

LPM Property Management wins this week’s S3 Bucket Negligence Award. I wish I could retire this thing someday.

AWS has landed a long-term strategic customer, and they’re even a bank! Unfortunately, they’re the same bank who was previously reported as migrating 65 relational databases to MongoDB. Oh dear.

Amazon has settled its non-compete lawsuit against former VP of Product Marketing Brian Hall. Some might naively think that now everyone goes back to being friends–but that doesn’t happen until AWS either does away with non-competes entirely, or scopes them far more reasonably.

I didn’t expect to see a throwaway joke from this newsletter cited in InfoQ, but I’ll take it. Usually it’s my terrible tweets that get mentioned instead!

The annual release of Platformonomics’ Follow the CAPEX is appropriately subtitled “Clown Watch.”


If you’ve got an interesting job for this newsletter’s eminently employable subscribers, get in touch!

OpenEye Scientific is looking for a Backend Developer to be part of a team responsible for developing OpenEye’s cloud platform, Orion, a state of the art elastic workflow scheduler and orchestration system. Orion is a container-based scientific workflow system written in Go and Python. While there are some interesting workflow and container orchestration systems out there and also Kubernetes, none deliver the flexibility in using legacy applications and toolkits, ease of use, scalability, and reliability that they are targeting. Their system is made up of Floe, a Python workflow framework, and a cloud-based workflow runtime and user interface leveraging many technologies, including Django, Docker, and AWS.

Choice Cuts

Bridgecrew is the developer-first infrastructure security platform for both your public cloud and infrastructure-as-code. If you’re drowning in “Fix missing encryption” Jira tickets, you gotta check them out. They embed throughout the developer lifecycle—from commit to CI/CD to cloud—and they don’t just find issues. They give you the actual code to fix them via pull requests or automated playbooks. The best part? Their platform is free to use up for to 100 cloud resources—just sign up on their website. Sponsored

Announcing CDK Pipelines Preview, continuous delivery for AWS CDK applications – The brain-trust at HackerNews has been tapped to re-imagine all of AWS from first principles. Their team is called “CDK.”

AWS DeepRacer Evo and Sensor Kit now available for purchase – Amazon goes full circle by leveraging its expertise in AI and Machine Learning in order to sell you things that it ships to your house.

AWS Systems Manager now supports adding offsets to maintenance window schedules – Congratulations, AWS; you have successfully re-implemented cron. Badly.

AWS Launch Wizard for SAP supports integration with Amazon Route53 for domain naming and routing outbound internet connections via your own Proxy Servers – Oracle whines an awful lot about SAP and now we see why–whatever an SAP might be, it’s clearly tightly integrated with databases–now including Route 53.

Fluent Bit supports Amazon Elasticsearch as a destination to route container logs – Logs you won’t read can now be piped to an AWS service you can’t afford.

New AWS Public Datasets Available from National Center for Biotechnology Information, the Johns Hopkins and University of Texas at Southwestern, National Oceanic and Atmospheric Administration (NOAA) and others – AWS announces that they’ve left some S3 buckets open.

Amazon Interactive Video Service – Add Live Video to Your Apps and Websites | AWS News Blog – This is to embed livestreaming video in Amazon services. Now that’s great and all–but let’s not kid ourselves here. Their online events lately have been… lackluster. The videos are pre-recorded, there are serious capacity issues resulting in folks unable to access these events, and the overall experience has been dismal. I want to believe that this service is great, but first I want to see proof positive that AWS has at least a vague understanding of how to handle online live streaming video that isn’t either Twitch, or otherwise outsourced to the lowest bidder that lies about their own competence. The message gets lost due to crappy delivery.

Making Time to Change, Part 1 | AWS Cloud Enterprise Strategy Blog – I would have published this when it came out a couple of weeks ago, but a blog post that starts with “a person who chases two rabbits catches neither” coming from AWS pegged the irony meter so hard that it broke, leaving this post stuck in the pipeline.

Facebook uses Amazon EC2 to evaluate the Deepfake Detection Challenge | AWS Machine Learning Blog – Amazon’s AI/ML team continues its “completely pooching the messaging” performance art. Instead of helping cops write more tickets or misidentifying members of congress as criminals, this time it’s helping Facebook, the world’s best known criminal enterprise. Are there really no uplifting or non-ridiculous ML stories out there? Is every use case incredibly problematic? What’s the deal here?!

Implement automatic drift remediation for AWS CloudFormation using Amazon CloudWatch and AWS Lambda | AWS Management & Governance Blog – Puppet used to make sysadmins think they were going mad by reverting changes humans had made every time the tool ran. Those days of gaslighting your colleagues are back! See the Tools section below for how this should be done properly instead.

How to retroactively encrypt existing objects in Amazon S3 using S3 Inventory, Amazon Athena, and S3 Batch Operations | AWS Security Blog – Many foolhardy customers eagerly await the sequel to this post, “how to retroactively secure S3 buckets using a heavily modified DeLorean.”


Remember the Log Song from the Ren & Stimpy cartoon in the 90s? This issue is sponsored by Scaylr; because all kids hate their logs…

♪ ♫ ♬ doo do do doo do doot ♪ ♫ ♬

When your site doesn’t go / Or maybe it’s slowAnd people can’t load up your blog Where do you start? / What’s the state of the art?With logs logs logs

Logs, logs, full of repetitive noiseLogs, logs, Awk and grep? Sorry, they’re toys

Everyone hates the logsNobody can read their logsImprove the state of your logsScalyr can help with your logslogs logs logsLogs. From Scaylr..♪ ♫ ♬ doo do do doo do doot ♪ ♫ ♬ Sponsored

If you really want to remediate CloudFormation drift automatically, Code Butcher Ian McKay turned this around within eight hours of discovering AWS’s sub-optimal implementation.

A neat pass at determining the cost of Terraform changes in the GitHub Actions world.

Ruby still exists, so here’s an Athena interface for it.

… and that’s what happened Last Week in AWS.

Newsletter Footer

Sign up for Last Week in AWS

Stay up to date on the latest AWS news, opinions, and tools, all lovingly sprinkled with a bit of snark.

"*" indicates required fields

This field is for validation purposes and should be left unchanged.
Sponsor Icon Footer

Sponsor a Newsletter Issue

Reach over 30,000 discerning engineers, managers, and enthusiasts who actually care about the state of Amazon’s cloud ecosystems.