Good Morning!

Welcome to issue number 151 of Last Week in AWS.

I’m in Seattle this week, and hosting a drinkup. See my pinned tweet for details.

For your amusement / listening pleasure, I embarrassed myself last Friday on Whiteboard Confessional: How Cluster SSH Almost Got Me Fired.

From the Community

Honeycomb relies on SLOs to get eng & biz teams on the same page. They know exactly how code is behaving through the customer experience. They further figure you may want to know, too. In Theory of SLO: Why the Business Needs SLOs, Nathen Harvey|Google & Danyel Fisher|Honeycomb explain how SLOs are critical to SRE practices. Register for the webcast or read the transcript. SLOs. Success. Defined. Sponsored

While it’s easy to blame customers for being surprised by $900 free tier bills, the sheer number of these stories indicates there’s something very wrong with the “free tier.” You can only blame customers so much before there’s something systemic you need to fix.

A discussion of AWS Transit Gateway–a service which we’d all benefit from understanding a smidgen better.

The site showcases a bunch of CDK patterns, and itself demonstrates the primary CDK pattern of never, ever shutting up about how awesome the CDK is.

Ten handy tips to optimize DynamoDB costs; I think I agree with basically all of them.

Tickets for the unaffiliated-with-AWS-but-still-named-after-an-email-subject-line security conference fwd:cloudsec go on sale today. See you in Houston!

The story behind a recent cost optimzation talk about using Spot and Kubernetes to smack money off the cloud computing bill.

“Oracle tried to shake us down so we moved to AWS” is the kind of story a lot of companies wish they could tell, but Thomas actually did it.

“Open Source isn’t a business model” is a common refrain, but it’s refreshing to hear it from a company based upon open source. Usually those companies whine and cry about AWS instead.

Sarah Cecchetti reflects on her one year AWS anniversary. A great article from a great hire.

The New York Times discusses a report showing cloud computing’s energy footprint is greener than expected.

This week’s S3 Bucket Negligence Award winds up going to Rotherwood Healthcare, with special distinction for apparently threatening the reporter who asked about it.

ZDnet explores Amazon’s often fraught relationship with commercial open source.


If you’ve got an interesting job for this newsletter’s eminently employable subscribers, get in touch!

The EC2 Control Plane Platform team owns designing, building, provisioning and managing the platforms for all EC2 core services worldwide. Think magic like the provisioning backplane, the Time Sync Service, and many more. Join this storied team and see for yourself what it takes to run something of massive scale with interesting people.

Choice Cuts

Running a business is hard. Your cloud doesn’t have to be. DigitalOcean is the cloud that offers transparent, predictable pricing – even for Kubernetes clusters, which you’d have thought was impossible! You also won’t need 12 weeks of cloud school to absorb a zillion ancillary services just to be able to SSH into an instance. Is this the kind of simplicity you need out of your cloud provider? Check out DigitalOcean today. Sponsored

Amazon Connect announces per-second billing, saving customers up to 5% in telephony costs – Telecoms historically billed in six second increments; it didn’t gouge people for short calls, and each increment was 10% of a minute so the math was easy. AWS now charges you for the first full minute, with the rest usually coming out to four decimal places of precision in the bill. Remember, you pay to store Cost and Usage Reports by the gigabyte…

Amazon EC2 Auto Scaling now provides notifications via AWS Health Service – The bigger news here for most of you is that the AWS Health Service exists, and isn’t something I made up to have fun at your expense–right?

Amazon ECS Now Supports AWS Secrets Manager Version and JSON Keys – Prior to this update, one does wonder just what the hell point there was to having versioning in AWS Secrets Manager if services didn’t support / respect it?

Amazon FSx now enables you to create and use file systems in Shared Amazon Virtual Private Clouds (VPCs) – FSx and Shared VPCs are a great combination, insofar as nobody fully grasps how either one of those things works.

Amazon Lightsail now supports resource monitoring, alarming and notifications – Every Lightsail enhancement makes it closer to being a reimagined EC2, now with fifteen years of lessons baked in. At what point does it effectively become EC3?

Amazon Managed Cassandra Service now enables you to add new columns to existing tables – Well, somebody’s two pizza team has a fifth columnist on it…

Amazon Managed Cassandra Service quota information is now available through Service Quotas – I keep forgetting that Service Quotas exists, which means I’m apparently qualified to run an AWS service team myself.

Amazon MSK can now stream broker logs to CloudWatch Logs, S3, or Amazon Elasticsearch Service – The right option here from an economic point of view is S3. Everything else costs way more–and once it’s in S3, you can do an awful lot.

Announcing 36% faster EBS-optimized performance on additional AWS Nitro System-based Amazon EC2 instances – This is big for a lot of you; you’ve seen yourself get limited throughput, blame GP2, spend 3x more for io1, and don’t bother to dig deep enough to realize that this limit is the thing that’s been throttling you the entire time.

AWS Chatbot Now Supports Amazon CloudWatch Metrics and Logs – Now you get to quantify exactly how much time you spend talking to robots instead of doing whatever your actual job is. My apologies if that actual job is “talking to robots.”

AWS Global Accelerator now supports Bring Your Own IP Addresses and Resource Tagging – You now can bring your own IPs (/24 or greater required) to Global Accelerator and stop using AWS’s dwindling pool. They’re even kind enough not to charge you extra for doing them the favor.

AWS IoT Greengrass now supports Advanced Package Tool (APT) package management – My new favorite operating system thus becomes IoT Greengrass, beating out whatever nonsense CentOS / Amazon Linux are using for package management these days.

AWS Step Functions now supports CloudWatch Logs for standard workflows – Unless you’re Uncle Pennybags, there are no “standard workflows” that involve Step Functions. I love the service, hate how expensive it makes Serverless.

AWS X-Ray now available in AWS GovCloud (US) Regions – The TSA gets a new X-Ray machine.

New Quick Start deploys Nubeva TLS Decrypt on the AWS Cloud – This helpful Quick Start lets you defeat all of the TLS security protections you currently enjoy in the name of compliance.

New version of AWS Certified Solutions Architect – Associate exam is now available – Note this release’s date. Anything that gets released after 2/25 will not be on the test; pretend it doesn’t exist. Yes, having to remember this is awful.

Amazon FSx for Lustre Update: Persistent Storage for Long-Term, High-Performance Workloads | AWS News Blog – Add another entry to the pantheon of persistent data stores that AWS offers. Please note that this exalted group doesn’t include instance storage on Spot instances, unqueried items in SQS, or open S3 buckets that don’t belong to you.

AWS has launched the Activate Founders package for Startups 🚀 | AWS News Blog – With a short 20 question minimum questionnaire, you can get $1K in AWS Activate credits for your bootstrapped company because Amazon doesn’t appear to know how scarce a commodity time is for folks in the early stages. Personally I’d suggest going through one of the many programs that’ll spit out 5x this for about the same level of effort.

Get to know the latest AWS Heroes, including the first IoT Heroes! | AWS News Blog – There are a bunch of new AWS Heroes. I know some of them, but others are new to me. If you’re one of them, hit reply and let’s chat!

Now available in Amazon Transcribe: Automatic Redaction of Personally Identifiable Information | AWS News Blog – Given how personally identifiable my snark is, if you run this on my podcasts you’ll basically get an empty string back.

Automating code reviews and application profiling with Amazon CodeGuru | AWS DevOps Blog – I love everything about Code Guru except for the “per line of code” pricing model. It suddenly makes engineers pay attention to something that they previously didn’t have to even consider–at risk of making a costly mistake if they get it wrong. This is a problem.

For RepricerExpress, the best place to run Microsoft workloads is on AWS | Modernizing with AWS – I missed this post throwing shade at Azure. Good times. Good times.


This issue is sponsored in part by my friends at CHAOSSEARCH! You know, my dog groomer always said “Log analytics shouldn’t break the bank!” and finally someone has listened to their pawsome advice. CHAOSSEARCH is a fully managed log analytics platform that leverages your AWS S3 bucket as a data store. Their revolutionary technology radically lowers costs for analyzing log data at scale—by a lot. If you’re tired of your ELK Stack falling over, or tired of paying over-the-top prices to the current litany of ho-hum log analytics vendors out there with pricing that’s suspiciously close to a phone number, try CHAOSSEARCH today! So check them out and tell them Corey sent you so they can sigh exasperatedly and ask you what I said this time… Sponsored

Following up from last week’s comment about GitHub Actions being awesome, act lets you run them locally for CI/CD purposes.

… and that’s what happened Last Week in AWS.

Newsletter Footer

Sign up for Last Week in AWS

Stay up to date on the latest AWS news, opinions, and tools, all lovingly sprinkled with a bit of snark.

"*" indicates required fields

This field is for validation purposes and should be left unchanged.
Sponsor Icon Footer

Sponsor a Newsletter Issue

Reach over 30,000 discerning engineers, managers, and enthusiasts who actually care about the state of Amazon’s cloud ecosystems.