Good Morning!

Welcome to issue 177 of Last Week in AWS.

If I ever doubt whether people are reading this newsletter, all I apparently have to do is get something wrong. Did I ever get letters last week! Cloudonaut’s article on DynamoDB latency through VPC Endpoints was corrected at some point between the time I added it to my publication system and Monday morning. “Benchmarking error” is the short version.

Later this month I’ll be keynoting Comcast Connect. Registration is free. The conference starts on September 16th, and due to its namesake could be any time between 10 and 5.

Over at the Duckbill Group, we just wrapped up work with another wonderful client.* As a result of the cost-optimization work Instana did with us, they reduced their AWS bill by 25%—immediately. Read the full case study here: https://www.duckbillgroup.com/clients/instana/

From the Community

We’re all sadly familiar with the failed promises of the original data lake… but now that’s all changed! Join me, Corey Quinn, along with ChaosSearch, as we explore “DataLakes 2.0 – a new vision for Log Analytics” in their upcoming 3-part webinar series starting on Sept 10th! During this series (did I mention I’ll be speaking?) you’ll learn how to turn your Amazon S3 into a hot, searchable data lake, how to monitor and analyze your AWS services directly in S3, and more! So sign up for the webinar series “Data Lakes 2.0” today – even if it’s just to hear my lovely voice and unbounded wisdom! Brought to you by ChaosSearch – the fully managed log analytics platform that leverages your Amazon S3 as a data store! Sponsored

I’ve done a lot of “Screaming in the Cloud” podcast interviews, but I think this is the first time someone wrote an entire blog post an episode–in this case, Everything is new to someone. Hiro was an amazing guest; I’d love to have her back on.

Usually I’d expect a blog post titled Is cloud security too easy to screw up? to be posted defensively directly after an embarrassing data breach, but in this case it’s an in-depth interview with infosec legend Troy Hunt.

Unlimited rotating IP addresses via AWS will surely not be abused. Please abuse terms of service responsibly.

Malicious AWS Community AMIs are back in the news. Fortunately the written news, so we don’t have a pronunciation debate this time.

Cloud is going to take time is a truism, made all the more real by the facts that it’s written by Matt Asay and cites some of my nonsense.

Another S3 Bucket Negligence Award victimizes 54,000 holders of NSW drivers licenses.

S3 Bucket Negligence Awardss are never good things, but particularly when you’re a security company.

An Amazon employee on the committee to choose the UK’s next chief digital officer is one hell of a look. It’s like they’re trying to call down controversy.

There are a lot of unanswered questions, but when a former employee blows away 456 EC2 instances and causes a 2 week WebEx outage for some customers, you know something’s gone off the rails somewhere.

Jobs

If you’ve got an interesting job for this newsletter’s eminently employable subscribers, get in touch!

Do you hold a US Security Clearance? Do you want to build exciting things? Protect exciting secrets? Make big trouble for Moose and Squirrel? Check out the AWS Cleared Jobs and see if AWS might have a role that’s up your alley. Many restrictions apply; see page for details.

Choice Cuts

6Connex saved 50%. Onriva saved 35%. And Uber saved 15% in the first 30 days. Typical AWS cost savings using nOps cloud management. Yup, typical savings. nOps was built for DevOps teams, and provides auto-discovery of high-risk issues, dashboards with instant drill-down to the resource level for root cause analysis, and aligns with AWS Well-Architected. Get a free trial. Start saving with nOps. Sponsored

Amazon CloudWatch Logs features now available in the AWS Toolkit for Visual Studio Code – Okay, “my IDE can now show me realtime CloudWatch logs for what I’m working on” is so freaking awesome that it’s challenging for me to snark about. I even gave it an exceedingly generous allowance for “realtime” in the previous sentence.

Amazon EC2 Instance Metadata Service Now Supports Additional Fields for Improved Automation and Operability – This lets instances discover where they’re running–region, AZ, etc. It would have launched ages ago except that as soon as instances realized they were running in Ohio they self-terminated.

AWS CloudTrail now provides relevant user statistics to act on anomalies detected by CloudTrail Insights – “AWS CloudTrail now actually relevant” isn’t a headline I expected to slip through AWS marketing, but then again I’d also have expected those folks to realize that “AWS Aeronautics and Space Services” needed a better acronym before the internet pointed it out to them post-launch.

AWS Site-to-Site VPN now supports Internet Key Exchange (IKE) initiation – “This feature is now available in these AWS Regions: US East (N. Virginia), US East (Ohio), US West (Oregon), US West (N. California), EU (Ireland), EU (Frankfurt), EU (London), EU (Paris), EU (Stockholm), Asia Pacific (Singapore), Asia Pacific (Hong Kong), Asia Pacific (Tokyo), Asia Pacific (Sydney), Asia Pacific (Seoul), Asia Pacific (Mumbai), Middle East (Bahrain), Africa (Cape Town), South America (Sao Paulo), Canada (Central), and AWS GovCloud (US) Regions” is how this post ends. Let me reword this in a way that isn’t actively customer hostile: “It’s not available in the China or Milan regions, but works everywhere else.”

AWS Transfer Family adds support for email addresses as usernames – Add one more to the dauntingly long list of “credentials you’ll need to remember to work with AWS.”

Pause and Resume Workloads on M5a and R5a Instances with Amazon EC2 Hibernation – It’s called “hibernation” because, much like an angry bear, a suddenly awakened workload will attempt to bite your metaphorical face off.

Price change notice for customers using Amazon Pinpoint to send SMS messages to India – This may be the first straight-up price hike that AWS has ever done. The previous price increases were all model changes (Config going from “per rule” to “per execution” modeling, which usually was a price decrease is one example). I can’t really blame them; the Indian telcos are charging more for SMS suddenly, and at least one article attributes this to “blockchain.”

Announcing a second Local Zone in Los Angeles – How many Local Zones does LA get before it becomes its own Local Region?

New EBS Volume Type (io2) – 100x Higher Durability and 10x More IOPS/GiB – Your expensive io1 volumes can be replaced with equally expensive io2 volumes that are way faster. You will of course overlook that EBSByteBalance on the instance itself is the bottleneck and gp2 volumes would have been a third the cost and delivered identical performance for your workload.

Seamlessly Join a Linux Instance to AWS Directory Service for Microsoft Active Directory – “Seamless,” “Linux,” and “Active Directory” in the same sentence can be interpreted as “you look extraordinarily gullible, want to buy some software?”

Learn why AWS is the best cloud to run Microsoft Windows Server and SQL Server workloads – I swear to you, this official AWS blog post has a section heading that reads “Cloud pricing shouldn’t be complicated.” DO YOU NOT KNOW WHERE YOU WORK?!

Announcing the express testing capability in Amazon Lex – I don’t care how “express” your testing is, my “the hell with testing it, yeet it into production” approach will always be faster.

How to run Microsoft Exchange Server on AWS using Amazon EC2 – I like that this is the better answer than “running Amazon WorkMail.” And don’t misunderstand me: it absolutely is.

Advanced Troubleshooting with AWS Transit Gateway Network Manager Route Analyzer – A handy walkthrough of a service that… hang on… wow. “AWS Transit Gateway Network Manager Route Analyzer” has nineteen syllables.

Tools

Webinar I Empower DevOps and Security Teams with Kubernetes-native Security

Startups and enterprises alike are embracing containerization and Kubernetes, but security struggles to move at the pace of DevOps, bogged down by tools and processes not suited for cloud-native technology. Register for this webinar where cloud-native security experts from AWS, Informatica, and StackRox will discuss how to apply Kubernetes-native security and controls to protect containers and Kubernetes without slowing down application development and rollout. Date: Sep 03, 2020 | 10 AM PDT Sponsored

Here’s a great collection of malware for Lambda Functions–wait, sorry. That’s MIDDLEWARE. Easy mistake to make.

awsssmchaosrunner is an official Amazon “chaos runner” that intentionally injects faults to slow things down and cause them to break in interesting ways. If anyone other than Amazon had built it, they would have of course called it “us-east-1” instead.

I’m really liking awsls for listing AWS resources. I know I’ve mentioned it before, but it’s really good.

… and that’s what happened Last Week in AWS.

Newsletter Footer

Sign up for Last Week in AWS

Stay up to date on the latest AWS news, opinions, and tools, all lovingly sprinkled with a bit of snark.

This field is for validation purposes and should be left unchanged.
Sponsor Icon Footer

Sponsor a Newsletter Issue

Reach over 30,000 discerning engineers, managers, and enthusiasts who actually care about the state of Amazon’s cloud ecosystems.