Good Morning!

I’ll be submitting for o11ycon+hnycon via livestream tomorrow evening at PDT on Twitch. You should watch–or at least submit your own talk to avoid having to listen to my nonsense.

I got to tell the parts of my origin story that I never talk about publicly on the Seven Eighths podcast last week. If you’re trying to figure out just why I am the way I am and what the hell happened to make me this way, it’s a great listen.

From the Community

With cyberattacks becoming more frequent and sophisticated, proactive Threat Hunting is increasingly critical. And here’s the good news: you can significantly improve your Threat Hunting game with existing staff & analytics tools (including the popular Open Distro Kibana). To learn more,Download The Threat Hunter’s Handbook from ChaosSearch, an amazing guide that covers: the 6 common stages of a sophisticated attack; how to adopt the mindset of an attacker; how to find the hidden clues of an attack in your log data; how to conduct a hunt using standard log analytics tools; and a detailed real-world example of combatting an advanced persistent threat. So check out The Threat Hunter’s Handbook from ChaosSearch and get a blueprint for identifying the clues in your log data that will stop cybercriminals in their tracks. Sponsored

I can’t believe I have to say this: we make fun of AWS for its foibles, we don’t plot to blow up its data centers. What is WRONG with people?!

Business Insider spoke to Kurt Kemple about getting tech jobs as a former felon. If you’re going to read one thing this week, make it this article.

A thinkpiece on why AWS Lambda Pricing has to change for the enterprise.


If you’ve got an interesting job for this newsletter’s eminently employable subscribers, get in touch!

Chronosphere — an industrial-scale software-as-a-service observability platform — is hiring like crazy. This week we’re highlighting their Senior Distributed Storage Engineer opening. In this role, you will be designing and implementing the core of their open source distributed time series database, responsible for handling millions of writes per second. You will work on hard distributed systems and data storage problems, building a highly available storage engine where you need to optimize for every byte in memory, every disk I/O, and every network packet. The time series database is the backbone of the product, and your work will determine its scalability and reliability.

AWS is building something new and refreshingly different–and may I say, it’s certainly ambitious! It’s still very, very early days–and the service needs to get from where it is today all the way to general availability, otherwise I won’t get to make fun of it. Help me entertain you– if you’re a senior engineering manager with a penchant for assembling really large engineering teams in a very early stage product, you want to talk to AWS about this “manager of managers” role.

Think “GitHub for marketing teams” and you’d be pretty close to describing Loomly. They’re looking for someone to take ownership of and lead their DevOps/SRE efforts–and that person might well be you. They’re fully remote, post their salary ranges, and using a bunch of AWS services. I’m a fan of what I’ve seen from them so far; see if this role is up your alley.

Choice Cuts

[Free Book] Definitive Guide to Feature Management

Feature management is a new class of software development tools & techniques powered by feature flags. A feature management platform like LaunchDarkly fills the gaps of conventional feature toggles. Learn the ins & outs of feature management today.

Ship Fast. Rest Easy. LaunchDarkly. Sponsored

Amazon Elasticsearch Service now supports integration with Microsoft Power BI – This reaffirms that “not QuickSight” remains a best practice industry-wide.

Amazon FSx and AWS Backup announce support for copying file system backups across AWS Regions and AWS accounts – A backup service that doesn’t let you do what amounts to offsite backups isn’t a backup service; it’s a liability.

Amazon RDS for PostgreSQL Integrates with AWS Lambda – That’s funny, I always thought that “my database can execute arbitrary code” was a security vulnerability, not a feature.

AWS announces general availability of AQUA for Amazon Redshift – “ChaosSearch done badly” meets “getting the crap kicked out of them by Snowflake” in a launch announcement that prominently features Amazon Advertising as a marquee customer. Oof.

AWS CloudFormation Modules now Provides YAML and Delimiter Support – It’s always depressing when one of the hottest service enhancements is “it supports YAML now.”

AWS Console Mobile Application adds support for Asia Pacific (Osaka) region – “A mobile application that only supports some services, and only some regions” doesn’t seem particularly useful to me, but what do I know?

Now reference latest AWS Systems Manager parameter values in AWS CloudFormation templates without specifying parameter versions – Hmm. I don’t overly love some of what this will enable; specifically reproducible builds that aren’t. “Twenty minutes ago this deployed a different AMI than it does now” is a rabbit hole of debugging madness if you’re not exceedingly careful.

Register now for the Serverless Live virtual event – I’m on the fence about whether I should show up and heckle this live via Twitter or not. Opinions? Hit reply and let me know.

Today’s use of multiple clouds across multiple teams with multiple ways of implementing Kubernetes introduces complexity. Out of this complexity comes success and failures. Success requires companies to be aligned on technical and business goals.Join us to learn where teams fail with the cloud and Kubernetes and why gaining visibility into this multi-everything cloud native world is key. Here’s the link: Sponsored

Containerizing Lambda deployments using OCI container images – It’s always nice to see services integrate with their competitors–in this case, Oracle Cloud Infrastructure.

Prepare for Oracle license audits in AWS using AWS Audit Manager and AWS License Manager – Prepare for Oracle license audits anywhere by keeping a law firm on retainer.

Solving DNS zone apex challenges with third-party DNS providers using AWS – Curiously, all three of these solutions include “spending money on ancillary AWS services” instead of “look into whatever the third party offers around CNAME flattening, since almost all of them do that these days.”

Upgrading AWS Direct Connect to 100 Gbps in 5 steps – If I’m about to 10x my spend on an AWS service, my single-step approach is to call up my account manager and tell them to figure it out themselves.

VPC sharing: key considerations and best practices – The most valuable takeaway for many people will be “wait, you can share VPCs between accounts?” Yes, you can, and yes, it’s incredibly handy.

Introducing OpenSearch – Elasticsearch is now a closed-source fork of the open source OpenSearch project. It’s rare that you get to watch a giant company like Amazon taking the moral high road, but this is one of those times. Added bonus: Amazon Elasticsearch Service will be renamed AOS, as in “engineering.”

How to relate IAM role activity to corporate identity – New, from the company that can’t tell who the hell you are as a person as soon as you change jobs, email addresses, or AWS accounts within your AWS Organization, comes a guide on doing the things that they don’t.

How to use AWS IAM Access Analyzer API to automate detection of public access to AWS KMS keys – When the architecture diagram to do this simple-sounding thing includes EventBridge rules, Security Hub, Lambda functions, CloudTrail, EventBus, Access Analyzer, and SNS, the answer is “I guess I don’t.”

Optimizing operational costs in CloudEndure Disaster Recovery – What if the real disaster was the spend we incurred for Disaster Recovery along the way?

Amazon helps employees become software engineers in 9 months – Amazon and Lambda School have launched a partnership around their shared interests: teaching the next generation how to cloud, boosting the number of employable people in technical professions, and committing a whole bunch of unforced errors that get them yelled at on Twitter periodically.


Flying blind in the cloud? Lacework provides a flight recorder for your user, API, and container activity – all organized into behaviors that deliver answers in seconds and takes you out of the analysis paralysis game. Whether you’re ready to take the red pill or the blue pill, Lacework bridges the gap between DevOps and Security. Lacework makes it easy with everything from compliant service configurations to container app topologies – no rules required. Got doubts? Challenge accepted. See for yourself at Sponsored

This incredibly useful Chrome extension replaces occurrences of the word “Bitcoin” on webpages with the far more apt “Dunning-Krugerrands.”

If you want to get your kube-bench reports into S3, there’s a tool that can help.

… and that’s what happened Last Week in AWS.

Newsletter Footer

Sign up for Last Week in AWS

Stay up to date on the latest AWS news, opinions, and tools, all lovingly sprinkled with a bit of snark.

"*" indicates required fields

This field is for validation purposes and should be left unchanged.
Sponsor Icon Footer

Sponsor a Newsletter Issue

Reach over 30,000 discerning engineers, managers, and enthusiasts who actually care about the state of Amazon’s cloud ecosystems.