Good Morning!

Welcome to issue number 162 of Last Week in AWS.

This week saw an AWS online summit that was… less than it could have been, largely due to unclear expectations. There weren’t any significant service releases to speak of as a part of it, and that means less new material for my snark cannon. Maybe this week will be different.

That said, the summit’s mismet expectations were overshadowed by a pricing change to Amazon Macie that still leaves me scratching my head. You may detect some salt over that decision in the items below. Onward!

From the Community

Do you ever find yourself wondering “what the hell is happening with the Internet?” The folks at ThousandEyes just launched a new weekly show answering exactly that. Co-hosts Angelique and Archana deconstruct the week’s most disruptive outages, interview industry thought leaders to discuss the headlines, and share data quantifying just how bad things got across ISPs, cloud provider networks and collaboration app networks. Check out last week’s episode of The Internet Report, featuring Martin Levy from Cloudflare, and don’t forget to subscribe to get new episodes in your inbox every Monday at 6pm PT. Sponsored

Friend of the newsletter and former Google VP Adam Seligman is now Mozilla’s new COO. Congratulations to him!

I love this article; it’s a guide to getting started with Serverless from someone whose primary job isn’t engineering, but rather business development. Pay attention; this is the future you’re seeing peeking through.

It’s cool that AWS has a whole getting started guide for Graviton processors, but I have to confess: I’ve been using a m6g instance for a couple of months now and I haven’t needed any of this. My stuff all “just works.”

I’m rocking my quarantine haircut in this article from my interview on cloud elasticity.

It may not be a S3 Bucket Negligence Award, but NSO Group has definitely screwed the responsibility pooch somehow…

A good high level overview that doesn’t descend into the madness of “API calls as content,” this guide on securely logging in to an EC2 Instance is worth a look.

While self sufficient AWS Lambda functions are interesting, remember that you’re paying for execution time. At least set this up outside of the handler for frequently invoked functions if you do this.

A fun dive into the practical realities of FTP and NFS in AWS to millions of files.

Have you registered for the NoSQL digital event of the year? Accelerate: A NoSQL Original Series is around the corner with season 1 premiering on May 12, 2020. The original series will be a combination of live stream and on-demand, binge-worthy episodes that capture how users and enterprises are succeeding with NoSQL and Apache Cassandra™.

Sign up today to hear from leading technologists and immerse yourself in Cassandra, Kubernetes, Graph, and more. What are you waiting for? Register today at Sponsored

AWS engineer Samuel Karp takes us on a video deep dive into madness with Linux Container Primitives: cgroups, namespaces, and more.


If you’ve got an interesting job for this newsletter’s eminently employable subscribers, get in touch!

At Stedi, they’re working in one of the biggest markets on the planet – EDI, the technological backbone of the physical product economy. They’re building a next-generation platform: a ubiquitous commercial trading network to automate the trillions of dollars in B2B transactions exchanged by nearly every company on Earth. If you’re interested in what they’re building and how they’re building it, they’d love to hear from you.

No one likes managing EC2 instances, so you might like managing the team that replaces them with containers. That’s right, the Fargate team is hiring three Software Development Managers. People-focused servant-leaders are encouraged to apply. Help bring about an end to the Serverless vs. Containers war that doesn’t need to be fought in the first place. One last point: every team at AWS has internal principles that embody their culture, but this team publishes theirs on GitHub. I wonder how they’d take pull requests?

Choice Cuts

Sick of having to manage different CI servers and tools? Of course you are, even if you can’t admit it in public. Let’s talk about Buildkite; a unifying voice in this sea of madness. It has an easy-to-use web UI, extensive docs, and a portable agent that runs on any hardware or container runtime. You want to talk scale? Shopify has happily used Buildkite to grow from 300 to 3000 engineers–while keeping builds under 5 minutes. Check it out at They’ve even got a CloudFormation stack if you want to cosplay as a responsible engineer! Sponsored

Amazon Chime SDK for JavaScript supported on Ubuntu – I’m gratified to hear that a SDK for a specific service in a specific language is now supported on a specific distro of a specific operating system. At this rate Chime will dominate the industry by the mid 2080s or so.

Amazon EC2 M6g instances powered by AWS Graviton2 processors are now generally available – The new m6g instances are seriously awesome, and don’t cost an ARM or a leg.

Amazon EKS now available in the AWS GovCloud (US) Regions – Stinging from recent JEDI setbacks, AWS strikes back at the government by offering them Kubernetes.

Amazon Route 53 is now available in AWS China (Ningxia) Region, Operated by NWCD – My favorite database expands once again!

AWS Cloud9 is now available with a new default theme – And that theme, when compared to GCP’s Cloud Shell offering, is of course “sadness.”

New AWS CloudTrail console simplifies trail creation and management – It includes pricing links alongside features. This shouldn’t be transformative in 2020, but it’s AWS so of course it is. I love this so much.

AWS Single Sign-On supports zero-downtime external IdP certificate rotation – It feels to me that the bigger story here is that until last week, it didn’t.

Control your email flows in Amazon WorkMail using AWS Lambda – If you used an email service that required writing Lambda functions to implement mail filtering rules, you’d probably use a different email service very quickly.

EC2 Image Builder now includes support for AWS CloudFormation – Excellent. You can now write shell scripts in CloudFormation that apply to ImageBuilder that in turn get baked into your AMIs, which themselves get turned into running instances. Bash remains eternal.

Enhanced monitoring capabilities for AWS Direct Connect – You can now get increased visibility into the state of the security blanket tying you to your legacy data center.

Espressif’s ESP32-WROOM-32SE module is now qualified for use with AWS IoT Multi-Account Registration – I have no idea what the hell this is, or what the hell it means; I just wanted to make a “WROOM WROOM” joke because it sounds like a race car.

Introducing Heapothesys – An Open-Source Garbage Collector Latency Benchmark with Predictable Allocation Rates – I’m sorry, “Heapothesys” is such an awesome name I can only assume that four AWS VPs fought against it to the point of resigning in fury.

Introducing the CDK for Kubernetes, a New Software Development Framework and Open Source Project for Defining Kubernetes Applications Using Code – If the release of “cdk8s” doesn’t enrage you on some level–be it the name, the pronunciation, the blending of Serverless with Kubernetes, the abstractions around CloudFormation, or the use of YAML, ask your doctor if perhaps you’re dead and weren’t aware of it.

Adventures in Scaling in Changing Times | AWS News Blog – While I do like this Jeff Barr blog post, all of the companies he profiled have “scaling up rapidly” challenges. What about the other side? When a company finds its traffic evaporate (it turns out that nobody wants to patronize during a pandemic), it can scale down and stop paying for unused resources. This is the entire value proposition of cloud–so why aren’t folks telling that story more frequently?

AWS Inter-Region Data Transfer (DTIR) Price Reduction | AWS News Blog – It’s no longer more expensive to replicate from AWS to “another AWS region” than “the internet” from any AWS region. In other words, it’s no longer economically sound to suggest hosting replicated workloads “in any location that isn’t AWS.” Hallelujay.

New – Enhanced Amazon Macie Now Available with Substantially Reduced Pricing | AWS News Blog – It’s still a dollar per GB ingested, plus a new thing you get billed for that you never had to worry about previously: the number of S3 buckets in your account. Two and a half years of fixing the Macie billing problems and this was the best they could come up with? I wasn’t aware “Settle for Mediocrity” was an Amazon Leadership Principle, but based upon how intensely disappointing this release is, I’m starting to think it might be.

Deploying a serverless application using AWS CDK | AWS DevOps Blog – My vision for Cloud9 is that it one day makes “deploy this architecture” workshops faster and easier. This blog post is the starting point; let’s revisit this down the road and see how it’s evolved.

Using CodeBuild in Spinnaker for continuous integration | AWS DevOps Blog – “You already use overly complicated, strangely documented things to deploy; you’re PERFECT for CodeBuild!”

Catching fraud faster by building a proof of concept in Amazon Fraud Detector | AWS Machine Learning Blog – This is huge. If you can catch fraud faster, things like Amazon Macie’s new-yet-still-ridiculous pricing model will never see the light of day.

Manage your Oracle JDK licenses with AWS License Manager | AWS Management & Governance Blog – “All right, Corey; how would you rename this one?” Easy: AWS License Manager ProcessServer for Oracle.

Using State Manager over cfn-init in CloudFormation and its benefits | AWS Management & Governance Blog – This is really how AWS does deprecations: by pleading with you to use something better.

Easily control the naming of individual IAM role sessions | AWS Security Blog – “Your security now depends upon naming things correctly and well” is probably the last thing you want to hear from AWS.


Running a business is hard. Your cloud doesn’t have to be. DigitalOcean is the cloud that offers transparent, predictable pricing – even for Kubernetes clusters, which you’d have thought was impossible! You also won’t need 12 weeks of cloud school to absorb a zillion ancillary services just to be able to SSH into an instance. Is this the kind of simplicity you need out of your cloud provider? Check out DigitalOcean today. Sponsored

You want to have a Rust library to generate repositiories? Tough says AWS.

… and that’s what happened Last Week in AWS.

Newsletter Footer

Sign up for Last Week in AWS

Stay up to date on the latest AWS news, opinions, and tools, all lovingly sprinkled with a bit of snark.

"*" indicates required fields

This field is for validation purposes and should be left unchanged.
Sponsor Icon Footer

Sponsor a Newsletter Issue

Reach over 30,000 discerning engineers, managers, and enthusiasts who actually care about the state of Amazon’s cloud ecosystems.