Good morning!

Welcome to issue number 104 of Last Week in AWS.

Google Next is in San Francisco this week, assuming they haven’t cancelled that along with all of the other Google products we’ve come to love–I’ll be livetweeting at least one of the keynotes. I’ll be doing the same thing on Thursday from the AWS Anaheim Summit. If you’re at either, hit reply and say hi!

As to today’s subject line, in case you missed it I’ve merged my consultancy with my friend’s; Mike Julian and I are now the Duckbill Group. More to come on that front in the weeks ahead…

Community Contributions

This issue is sponsored in part by Site24x7, Zoho’s cloud services monitoring solution. Site24x7 has recently launched its cost analytics platform – CloudSpend, which gives you more visibility into your AWS spend without charging a terrifyingly high percentage of your bill. Free for small accounts, reasonably priced for larger ones. Give it a spin! My thanks to Site24x7 for sponsoring this ridiculous newsletter.

A discussion of how to use one of the best services with the worst names, AWS Systems Manager Session Manager, in place of SSH.

A guide to everything Lambda, including Lambda Throttling, Reserved Concurrency, and Execution Limits.

Richard Boyd and James Beswick (both of whom have been previously linked from this newsletter) decided to test scalability by beating the crap out of DynamoDB in a load test…

The last Oracle database running in Amazon Fulfillment has been terminated.

This week’s S3 Bucket Negligence Award goes to Facebook. Yes, it was one of their “partners” that leaked the data–but Facebook was entrusted with it. The responsibility lies with them. As a bonus, I was quoted in this Bloomberg article.

A fascinating roundup of 6 ways Azure beats AWS in the Cloud. I’m not sure I entirely agree with all of them, but it’s not the clickbait it sounds like, either.

I like the idea of using Serverless “Reapers” to harvest idle resources; it’s a great “responsible usage of automation to save money.” The more advanced version of this is of course Cloud Custodian.


If you have a job to share with this newsletter’s discerning, thoughtful, all-above-average readers, hit reply so we can chat. This week I have three companies to tell you about–here we go!

The AWS ElasticBlockStore team has one impossible challenge: disambiguating their acronym from Elastic BeanStalk. They also have many challenges that they can overcome: effectively zero tolerance for data corruption, latency requirements that make almost every other AWS service look like slow tortoises, and being constantly overshadowed in keynotes by ridiculous services that wouldn’t work at all without EBS as a foundation. They can’t do it alone–join them today!How would you like an opportunity to apply your AWS skills with a company solving real-world problems and improves people’s lives and their health? Novartis Institutes for BioMedical Research is hiring for a Principal Cloud Engineer in Cambridge, MA. It sounds like an incredible role: regularly work across teams cross-functionally helping other teams to implement industry best-practices in their work and keep the AWS-based platform running smoothly. Have a look at the job posting for more details.

Do you want to work in the Bay Area? Almost certainly not; the people are insufferable here. Consider instead staying wherever the hell in the US you happen to be and talking to Truss, a software consultancy. Picture all of the advice that I’d give you, and now envision that wrapped in something you could tell a customer without getting punched right in your sarcastic mouth. That’s what Truss does, but they for some unknown reason don’t describe it that way. Currently, they are seeking stellar Infrastructure engineers anywhere in the US (yes, even the crappy parts) to help them with commercial and government contracts. Seriously, read this thing–they tell you what levels they’re looking to hire at AND THEN THEY EXPLAIN THEM SO YOU DON’T FEEL LIKE A MORON FOR NOT KNOWING THEIR INTERNAL RUBRIC! Virtually any other hiring manager who happens to be reading this should look at their job descriptions and feel comparatively ashamed.

Choice Cuts From the AWS Blog

AWS is leading the public cloud for a reason, but their model is only half of the story. That’s where N2WS Backup & Recovery comes in—complementing + completing the vision of the always-available, disaster-proof cloud—for no downtime and no worries. Get their free “Ultimate AWS DR Starter Kit” for ultimate peace of mind. Remember–backups are easy, but restores are not.

AWS RoboMaker now supports the Gazebo 9 engine – Every once in a while I like to include a headline that you’re compelled to click through just to figure out whether or not I’m making things up just to screw with you.

AWS Systems Manager Session Manager Enables Session Encryption Using Customer Keys – AWS Systems Manager Session Manager has Sessions encrypted with Customer Managed Keys. If you feel good about how you named this service, you really shouldn’t.

Amazon CloudWatch Launches Search Expressions – And CloudWatch continues to improve over the past year. We’re witnessing a modern-day Renaissance in this product group–and I like what I’m starting to see. Keep going!

Amazon DynamoDB drops the price of global tables by eliminating associated charges for DynamoDB Streams – DynamoDB just got less scarily-and-unpredictably expensive for global tables; this is a welcome change to folks in your Finance department, although you’re going to have a heck of a time explaining why.

Amazon EKS Now Delivers Kubernetes Control Plane Logs to Amazon CloudWatch – The secret is that it has been doing this all along, but the spinup latency of EKS also extends to log delivery, and is measured via calendar.

APN Program 2019 Changes – Being an AWS partner becomes yet more difficult and painful. Just as a single data point–I’ve not once in three years had a client ask or care if I was an AWS partner, so at least for the world I operate in, I struggle to see the value. If you think this is a hopelessly naive perspective, I’d love you to show me otherwise–hit reply and let’s chat!

AWS Amplify Console Now Supports Deploying Fullstack Serverless Applications with a Single Click – This is, from a certain point of view, an entire career arc reduced to a single click of a mouse.

AWS Cloud9 announces support for Ubuntu development environments – I’d kinda like it if Cloud9 also announced iPad Pro support. It’s still “not quite there” for my mobile workflow. If you work on the Cloud9 team, I will sit with you via Chime, in person, next to you on the bus, etc. and show you exactly what I mean. Please, please, please focus on this.

AWS Fargate PV1.3 adds secrets and enhanced container dependency management – You can now rip a lot of unfortunate code out of your containerized tasks if you’re running on Fargate.

AWS introduces CSI Drivers for Amazon EFS and Amazon FSx for Lustre – How many more “CSI” spinoffs is CBS going to greenlight? Get a new show already!

AWS Elastic Beanstalk extends Tag-Based Permissions – Tag, Beanstalk hasn’t been “it” since 2013.

New Setup Tool To Get Started Quickly with Amazon Elastic Inference – This week’s edition of “fixing problems you didn’t know you had,” there’s a script to set up Elastic Inference dependencies. Wait, you need a PrivateLink endpoint in your VPC to use attachable GPUs? I’m sorry, could you repeat that please? I had a piece of lunacy stuck in my ear…

You can now use resource level policies for Amazon CloudWatch Alarms – This is a giant disappointment. Not the actual release, which is super handy, but rather the subject-verb disagreement in the post: “Resource level policies for CloudWatch alarms is now available.”

Anatomy of CVE-2019-5736: A runc container escape! | AWS Compute Blog – This well-researched discussion of a CVE is brought to you by Samuel Karp. Samuel’s an engineer in the Container group at AWS, and has always been incredibly kind when I’ve spoken to him. Not once have I been made to feel like an idiot when talking to him about technical topics–and he’s always been more than generous with his time when I’m in Seattle. Samuel is Good People You Should Know(tm).

AWS Security releases IoT security whitepaper | AWS Security Blog – This is a wonderful whitepaper that manufacturers will of course not read, as my toilet-camera continues to spy on me. Meanwhile Google’s Nest shipped a product with a microphone that they forgot to disclose until a firmware update activated it…


This issue is sponsored in part by GoCD, from Thoughtworks. If you’re running workloads in Azure, good for you–it’s rapidly improving by all accounts. With GoCD’s new Azure plugin, you can run your CI/CD pipelines on Azure virtual machines, and let GoCD scale up on-demand agents based on your need. To learn more, check out their Microsoft Azure Elastic Agent Plugin. My thanks to them for their continued support.

A visual approach to serverless development; similar to Stackery, only open source. I dig this.

This S3 performance measurement tool measures performance against S3 from any region. It was used to get useful per-instance-family benchmark data as well, and is linked therein.

You don’t see too much automation around EMR jobs, but AWSFlow takes a crack at it.

…and that’s what happened Last Week in AWS.

Newsletter Footer

Sign up for Last Week in AWS

Stay up to date on the latest AWS news, opinions, and tools, all lovingly sprinkled with a bit of snark.

"*" indicates required fields

This field is for validation purposes and should be left unchanged.
Sponsor Icon Footer

Sponsor a Newsletter Issue

Reach over 30,000 discerning engineers, managers, and enthusiasts who actually care about the state of Amazon’s cloud ecosystems.