The re:Quinnvent planning is doing its typical thing: making my November suck. Someday I’ll be able to enjoy a normal Thanksgiving month. Maybe?

From the Community

Blackboard Inc. is a world leader in education technology, committed to supporting learners throughout their lifelong journey. Traditionally, Blackboard’s Product, SRE, DevOps and Support teams depended on a combination of custom-managed ELK stacks and managed Elasticsearch service offerings for centralized log management. But growing daily log volumes and variable spikes in log volumes were causing pain. Unpredictable spikes would cause the ELK stack to go down, making it unusable at times while management and data storage costs grew. Enter ChaosSearch. To see how ChaosSearch helped Blackboard solve this plethora of Elasticsearch challenges, check out the full Blackboard case study here. And when you’re ready to talk to ChaosSearch yourself – tell them that I, the magnanimous Corey Quinn, sent you! Sponsored

[2110.13234] Let’s Wait Awhile: How Temporal Workload Shifting Can Reduce Carbon Emissions in the Cloud – empty

AWS API Changes – empty

How to Automatically Stop an EC2 Instance With No Open SSH or Session Manager Connections | mpv’s little blog – empty

The hard truth about ransomware: we aren’t prepared, it’s a battle with new rules, and it hasn’t near reached peak impact. | by Kevin Beaumont | DoublePulsar – empty

I love breaking changes for things like SES domain validation without notice. That was sarcasm; I absolutely do not love those things one tiny bit.

I wasn’t kidding about owing a CloudFront PM an Edible Arrangement in return for their feature release last week. Please let me know who to talk to; I’m not joking.

We have a guest post on the blog; The Sneaky Weakness Behind AWS’ Managed KMS Keys is spot on.

Atlassian talks a bit about how Bitbucket moved to AWS; I like it a bit better as a demonstration that despite the presence of a competing product (CodeCommit, businesses do in fact still do business with AWS.


If you’ve got an interesting job for this newsletter’s eminently employable subscribers, get in touch!

We’re hiring a Senior Cloud Economist! If you’ve got software development, software operations, or DevOps in your blood, you’ll love this role – it’s all the architecture discussions without the on-call. You’ll spend your days consulting with clients to help them better understand and manage their horrifying AWS bill. Plus, it’s fully remote!

Truss is a distributed-first, software consultancy that cares about communication, inclusivity, and modern software development practices. We push the envelope on building efficient technology that improves people’s lives. Currently, we’re seeking stellar Infrastructure engineers and Sr. Infrastructure engineers to help us with commercial and government contracts.

The AWS User Experience Products & Platform team is responsible for products that enable AWS users to manage their applications and infrastructure on AWS. Our mission is to deliver an effective, efficient, and loved user experience that makes it easy for all users to discover, learn, and build on AWS. Today, we own the AWS Management Console, the AWS Console Mobile App, the AWS Chatbot, as well as the User Experience Platform used by 175+ AWS service teams to develop and deliver their user experience across multiple channels (web, mobile, chat).

As a Site Reliability Engineer (SRE) you will be working on the Sendcloud platform. That platform is used by our software development teams to build, test, deploy and run software themselves. Currently, we have 9 development teams and we will grow to 20 next year.The platform consists of a cloud infrastructure on AWS, the application platform on top of that (e.g. observability solutions) and the building blocks (e.g. CI templates). #As a part of the SRE team your goal is to make the product development teams fully independent with a self-service, scalable platform. You will co-work with the Backend Engineers from development teams, making sure they know how to use the platform, and taking their feedback into account for further improvements.

Choice Cuts

🌐 CloudGraph is the open-source GraphQL API for AWS. Write simple queries, solve complex security, compliance, and cost challenges. CloudGraph answers questions like, 🔓 “Across all our accounts do we have any public S3 buckets, unencrypted EBS volumes, or internet-facing load balancers?” or, 💰“How much am I paying on a daily basis for each M5 EC2 instance in us-east-1 with the tag, “Environment: Staging?“. Check us out on Github. Sponsored

Incidents are valuable investments in learning new things, but only if you treat them that way; otherwise they’re just sparkling outages. If you’re on call and responsible for operations or reliability, you need frameworks, tools and much more. This pragmatic guide on incident management from Blameless SREs is full of tips. Learn how to use runbooks, retrospectives, checklists and collaboration tools. Download and share. Sponsored

Amazon EC2 now supports sharing Amazon Machine Images across AWS Organizations and Organizational Units – Every once in a while something like this comes along and I have to check that my newsletter collection tooling hasn’t been wedged on it since 2015 or so. Nope; this is only now available – long after the feature has been worked around in every environment that really needs it.

Amazon Lightsail now supports AWS CloudFormation for instances, disks and databases – It’s starting to get hard to distinguish between Lightsail and “AWS Proper.”

Amazon Corretto 17 Support Roadmap Announced – This is a welcome change; Java’s support roadmap more closely resembles the note kidnappers send demanding a ransom.

Amazon EC2 now supports access to Red Hat Knowledgebase – The idea of charging extra for access to documentation is on the one hand absurd, but on the other… maybe if you charge for it customers will actually read it for once?

Amazon MemoryDB for Redis now supports AWS CloudFormation – Yeah, keep telling me how this service was ready for prime-time when it launched to general availability a couple of months ago. I could use a good laugh.

Amazon RDS now supports cross account KMS keys for exporting RDS Snapshots – Well this would have been awesome in… 2015, I think? I had to build something awful to achieve a worse version of this.

Amazon Simple Email Service now offers a new console experience – Is it a whitelabeled Sendgrid account?

Amazon Time Sync Service now makes it easier to generate and compare timestamps – Oh okay they can call a service “SageMaker” but the one time I typo this service as “Amazon Thyme Sync” everyone starts calling for my head…

AWS Backup Vault Lock is now available in the AWS China (Beijing) Region and AWS China (Ningxia) Region – Even before this was supported, you could have gotten your old backups from the Chinese government. If you didn’t like this joke, replace it with “GovCloud” and “the NSA.” If you still don’t like this joke, they can’t all be bangers; please do not email me.

AWS DataSync can now copy data between Hadoop Distributed File Systems (HDFS) and AWS Storage services – I keep forgetting DataSync exists! It’s like rclone as a service, which is rsync for cloud, which is cp(1) for a network which is… oh dear I’m old.

AWS Secrets Manager increases secrets limit to 500K per account – I’d like to just point out for a second that at 40¢ per secret per month, this means that if you can trick someone into running a malicious provisioning script, “Free Tier” accounts can happily hum along while incurring $200K a month in charges. Per region.

Simplify CI/CD Configuration for AWS Serverless Applications and your favorite CI/CD system – General Availability – This is SAM Pipelines; the post title is unclear. The bigger problem with the headline is the entire conceit that any of us have a “favorite CI/CD system” instead of one we simply despise the least.

MariaDB Collaborates with AWS to Deliver SkySQL on AWS – I have no idea how this differs from RDS MariaDB, and at this point I’m too afraid to ask.

Introducing the SAP Lens for the AWS Well-Architected Framework – For the SAP lens, the cost optimization pillar is just the sound of a SAP salesperson laughing so hard they wet themselves.

Blur your background and suppress noise in an online meeting application built with the Amazon Chime SDK for JavaScript – That’s nothing! I was able to completely obscure my background as well as suppress all noise last week because a meeting was set to use Microsoft Teams and it didn’t freaking work.

Bottlerocket, A Year in the Life – In the past year since Bottlerocket was announced, two AWS-adjacent scandals have happened. The first was the “workers peeing in bottles” nonsense, while the second was Jeff Bezos’s Blue Origin launching a rocket that bore a striking resemblance to… well, a schlong. As a result through absolutely no fault of their own, “Bottlerocket” wins the 2021 award for Most Unfortunate Name.

Build a shelf monitoring application using AWS Panorama – There’s “watching paint dry” boring, and then there’s “now that the paint is dry, watch the shelf sit there” boring. Computers are better at doing boring tasks like watching shelves, or talking about VMware Tanzu.

Host RStudio Connect and Package Manager for ML development in RStudio on Amazon SageMaker – SageMaker continues to absorb other functionality left and right. We’re not too far from the day where we can call it its own ecosystem with a fair bit of legitimacy.

Your guide to media and entertainment at re:Invent 2021 – Yeah, ignore all of this. The proper guide you need to media and entertainment at re:Invent 2021 is simply reading this newsletter and flagging the things that are of interest. I’ll be doing a lot for re:Quinnvent this year; it’s only a few weeks away!

Amazon CloudFront introduces Response Headers Policies – Finally, finally, finally. I have been asking for this for years (and owe an Edible Arrangement to whomever drove this through; please let me know where to send that). You no longer need to write custom code that dynamically invokes upon every request just to set a static header.

AWS Global Security and Compliance Acceleration initiative now supporting UK customers – That’s right, a Global dingus is now supporting an additional country because somebody at AWS named something without consulting a dictionary first.

Fighting fraud and improper payments in real-time at the scale of federal expenditures – If this solution doesn’t tie together AWS services to form a congressional ethics oversight body, I’m unconvinced it solves the root of the problem.


Trajectory Conference is One Giant Leap for DevOps

Software powers the world. LaunchDarkly empowers all teams to deliver and control their software. DevOps and feature management are reimagining how businesses build and release new products. On November 9th and 10th, LaunchDarkly is hosting Trajectory Conference 2021 — a two-day event for software innovators who want to break orbit, not systems. Trajectory is a fully-virtual conference that focuses on the technology, people, and processes that continuously deliver better user experiences and more powerful software. Register today to join fellow thought leaders shaping the future of software development. Sponsored

Ben Kehoe’s excellent aws-sso-util continues to see frequent updates. I really need to redo how I work with SSO in the next few months, but making big changes to your AWS account right before re:Invent is generally a fool’s errand.

This hyperlocal weather API is a drop-in replacement for the deprecated-by-Apple DarkSky API. Seriously, it’s awesome – and is built on AWS.

… and that’s what happened Last Week in AWS.

Newsletter Footer

Sign up for Last Week in AWS

Stay up to date on the latest AWS news, opinions, and tools, all lovingly sprinkled with a bit of snark.

"*" indicates required fields

This field is for validation purposes and should be left unchanged.
Sponsor Icon Footer

Sponsor a Newsletter Issue

Reach over 30,000 discerning engineers, managers, and enthusiasts who actually care about the state of Amazon’s cloud ecosystems.