Good Morning!

What a week of announcements, and mostly not from AWS.

First and most selfishly related to me: if you’re into selling things for a living and are open to a change, consider perusing our new Account Executive role to see if it’s a fit for your interests.

Next, Andy Jassy starts as Amazon’s next CEO tomorrow because it’s the best way he could devise to both remain working at Amazon but also have to deal with me and the trouble that I cause far, far, far less. The unfortunate soul who inherits the Corey Quinn Problem is Adam Selipsky.

Lastly, the release of AWS Infinidash last week took the internet by storm. There’s a lot of content that’s been released on it, to the point where there’s a GitHub repository curating all of the Infinidash content for which you could ask and then some. What makes this service basically unique is two interesting aspects: the AWS community has embraced it and begun promoting it heavily across the board, and also the service itself isn’t actually real. Yet. More on that later this week.

TODO:* Hiring* New CEOs* Infinidash

From the Community

With cyberattacks becoming more frequent and sophisticated, proactive Threat Hunting is increasingly critical. And here’s the good news: you can significantly improve your Threat Hunting game with existing staff & analytics tools (including the popular Open Distro Kibana). To learn more,Download The Threat Hunter’s Handbook from ChaosSearch, an amazing guide that covers: the 6 common stages of a sophisticated attack; how to adopt the mindset of an attacker; how to find the hidden clues of an attack in your log data; how to conduct a hunt using standard log analytics tools; and a detailed real-world example of combatting an advanced persistent threat. So check out The Threat Hunter’s Handbook from ChaosSearch and get a blueprint for identifying the clues in your log data that will stop cybercriminals in their tracks. Sponsored

Some study notes for the Cloud Practitioner cert.

RedMonk’s James Governor writes about how the future of tech events is media. I absolutely agree. Why do folks think I’ve spent the past 16 months learning how to talk to a camera?!

A lot of the monitoring discourse passes me by these days; I don’t know Rust or Go, I’m not super into Observability / Hipster Monitoring, and a lot of this stuff is confusing. That’s why I was so glad to discover a way to handle CloudWatch monitoring and alerting via my lingua franca: crappy bash scripts.

Ian McKay came up with a way to make CloudFormation buy and sell GME stock automatically as you provision and deprovision other resources. This is every bit as terrifying as it sounds.

Apparently this will be unveiled in more detail at BlackHat next month, but it’s cool that there was a Route 53 hijack that was relatively easy to pull off.

A few weeks ago I saw a Twitter thread from Adam Elmore that really struck my fancy. I reached out to him and commissioned a blog post; that thread became AWS for Startups: 5 Practical Tips for Small Businesses Building on AWS.

I discussed how I Scored 81% on my AWS Certification Exam, Locking in my re:Invent Lounge Pass.


If you’ve got an interesting job for this newsletter’s eminently employable subscribers, get in touch!

Your curiosity of the world drives everything you do. You thrive in a collaborative environment where you get to build software in finance, healthcare, IoT, telecom, home security and automation, or other industries. You’d feel like you are home at Chariot Solutions. We’re a boutique software development firm looking for senior engineers – Java, Python, Node, AWS, React, Angular, iOS, Android. We’re one of top workplaces in the Philadelphia area, and we founded, curate and host Philly ETE, a conference with world-class speakers that’s been running since 2005. Our team sets us apart, including leadership that truly cares and treats you like family. We are committed to continuous learning and improvement, and we pay it forward to the tech community, attend and speak at conferences, and strive for work/life balance. Check out our job listings and apply to join us today.

Our friends at RedMonk have an entry level analyst role. Let me be very clear here: the people at RedMonk are legitimately amazing. I have zero concerns recommending that someone strongly consider working there.

The AWS User Experience Products & Platform team is responsible for products that enable AWS users to manage their applications and infrastructure on AWS. Our mission is to deliver an effective, efficient, and loved user experience that makes it easy for all users to discover, learn, and build on AWS. Today, we own the AWS Management Console, the AWS Console Mobile App, the AWS Chatbot, as well as the User Experience Platform used by 175+ AWS service teams to develop and deliver their user experience across multiple channels (web, mobile, chat).

Choice Cuts

[Free Book] Definitive Guide to Feature Management

Feature management is a new class of software development tools & techniques powered by feature flags. A feature management platform like LaunchDarkly fills the gaps of conventional feature toggles. Learn the ins & outs of feature management today.Ship Fast. Rest Easy. LaunchDarkly. Sponsored

Clouds are getting… cloudier? I mean, have you tried charting out all the ways a lambda function can assume a role with privilege escalation to access stuff it shouldn’t? Exactly. That’s why Sonrai tells you what’s accessing your data, what could get access & what’s changed – thanks to a graph that monitors every possible relationship between identities and data. Security is everybody’s job these days; take our AWS checklist as a starting point for configuring your identity protection properly. And when you get overwhelmed, we’re here for you. Sponsored

AWS Glue DataBrew adds support for backslash delimiter (\) in .csv datasets – Wait what the hell was it doing before?! Excuse me, I have to go run some data integrity checks immediately.

AWS IQ now supports attachments – This solves a big problem for AWS IQ. Not for its customers; for the service. Specifically it stops driving expert / client pairs to communicate via a side channel and invariably cut the AWS IQ middleman service out of the loop.

AWS Lambda now supports SASL/PLAIN authentication for functions triggered from self-managed Apache Kafka – Lambda begrudgingly grows the ability to accept passwords from Kafka.

How Banks Can Use AWS to Meet Compliance – This is super useful for banking customers. I’m eagerly awaiting the followup article, “how to explain the architecture diagrams full of AWS services feeding back into themselves repeatedly to an auditor who’s actively contemplating failing your audit and then immediately rage-quitting.”

Overview of Data Transfer Costs for Common Architectures – This is awesome except for the part where it doesn’t discuss exactly what the relative transfer costs are for the various flows. That’s why I still kinda prefer my own handy image.

Prime Day 2021 – Two Chart-Topping Days – The worst part of this post is the tidbit about “normalized instances” that Amazon uses internally. This is a Cloud Economics anti-pattern that I keep encountering and never understood where it was coming from. AMAZON! It was coming from Amazon the whole time!

Hosting Hugging Face models on AWS Lambda for serverless inference – Once upon a time I used to make snide comments like “combine ML and serverless in one slide deck and you’ll raise a $20 million seed round on hype alone.” Yesterday’s joke has become today’s nightmare.

Introducing new self-paced courses to improve Java and Python code quality with Amazon CodeGuru – This is slightly disappointing; I thought this was a way to use Amazon CodeGuru to learn how to code more effectively. I’m being completely serious when I say that there’s a driving customer desire for exactly that thing.

Use AWS CodeCommit to mirror an Azure DevOps repository using an Azure DevOps pipeline – This will be super helpful for the hordes of customers who are using Azure’s cloud offerings but prefer to keep their code in AWS instead of GitHub.

How AWS Partners can determine AWS Support plans in an organization – The fact that this is complicated enough to warrant a blog post notwithstanding, the real gem here is that one of AWS’s two reseller models is “Solution Provider Account Model (SPAM).” Yes. Yes there are a whole bunch of AWS resellers whose model is clearly email spamming people into submission. Come on, AWS; at least make me work for the snark sometimes?

How UCL migrated its Moodle virtual learning environment to the cloud in 10 weeks – The real story is hidden midway down the post: UCL flew a planeload of diamonds to an AWS partner and told them to FIX IT FIX IT NOW. The partner apparently obliged (probably by making its staff work days, nights, weekends, and more) and they hit the window–presumably not like a bird.

Library and Archives Canada helps better preserve Canadian history by embracing the cloud – Oh come on. If you really want to preserve history, you embrace the data center instead, preferably one that houses a mainframe.

US Navy deploys DevSecOps environment in AWS Secret Region to deliver new capabilities to its sailors – While I’m tempted to go with the obvious “the real secret is that the navy bought in on the DevSecOps buzzword nonsense,” the far more sobering fact is that this post uses the phrase “delivering synchronized lethal and non-lethal effects.”

AWS Verified episode 6: A conversation with Reeny Sondhi of Autodesk – There’s apparently a podcast wherein people get to talk about their security models with AWS’s CISO. I can’t seem to find the form to suggest guests; anyone want to inflict me upon Steve Schmidt so I can demonstrate the horrifying security tricks I use in my environment?


Flying blind in the cloud? Lacework provides a flight recorder for your user, API, and container activity – all organized into behaviors that deliver answers in seconds and takes you out of the analysis paralysis game. Whether you’re ready to take the red pill or the blue pill, Lacework bridges the gap between DevOps and Security. Lacework makes it easy with everything from compliant service configurations to container app topologies – no rules required. Got doubts? Challenge accepted. See for yourself at Sponsored

A tool for chargebacks with ECS. It sorta works.

Ben Kehoe built a thing that lets you get AWS credentials from a profile to inject into other programs.

Easy alarming and dashboards for Lambda, DynamoDB, API Gateway, Kinesis, and Step Functions.

A way to assume AWS IAM roles from GitHub Actions.

I use curl for a lot of things, but it’s awful to use with AWS calls because sigv4 signing is an unholy nightmare. Meet awscurl to fix that.

Relational database tools in your browser sounds like a neat trick, but meet SQLtools; it’s both libre and free.

… and that’s what happened Last Week in AWS.

Newsletter Footer

Sign up for Last Week in AWS

Stay up to date on the latest AWS news, opinions, and tools, all lovingly sprinkled with a bit of snark.

"*" indicates required fields

This field is for validation purposes and should be left unchanged.
Sponsor Icon Footer

Sponsor a Newsletter Issue

Reach over 30,000 discerning engineers, managers, and enthusiasts who actually care about the state of Amazon’s cloud ecosystems.