Good morning!

Welcome to issue number 132 of Last Week in AWS.

After three weeks on the road I’m back home–just in time for re:Invent to start ramping up. I’m giving a few sessions there, and we’re just last week entering the “pre:Invent” period wherein we’ll start seeing features released that weren’t held for the show. From now until the show closes, you may want to avoid sweeping architectural changes that could be replaced by a new service offering.

From the Community

Manifold is a complete toolkit to build, grow, and extend API-first products. Whether you’re building a single SaaS product or you have a thriving cloud platform, Manifold has you covered. Learn more about how Manifold can help you reach millions of developers in the fastest-growing communities. Sponsored

99designs, makers of aws-vault, talk about request smuggling between ALBs and Go.

Eventually the pagination rules in AWS will be consistent, but that eventual consistency is nowhere near yet. Check out this utter nonsense.

A guide to using AWS Backup to back your AWS resources up.

Tim Wagner, the former GM of Lambda at AWS, “father of Serverless,” and under no circumstances “Server Smashin’ Pappa,” opines on the State of Serverless in 2019.

In the first issue of this newsletter, I linked to Segment’s “$1 million engineering problem” article about solving for their AWS bill. Now, two and a half years later, they’re back with a 10x post: The $10M Engineering Problem.

Lambda’s primary use case is to fill AWS service gaps. This time, it’s about using it to BackFill Failed Delivery From Kinesis To RedShift.

A DynamoDB Wish List. I think I agree with it.

Werner Vogels opines on IoT and Edge computing, and closes with an invitation to re:Invent.

According to an Atlantic writer, Jeff Bezos could break up Amazon before regulators do. I think AWS should absolutely be its own company; the Amazon retail division is a boat anchor around its neck, a very different culture, and massively annoying for me when I have to figure out what’s relevant to this newsletter every week.

A thief was indicted for stealing $5 million in cloud services to mine cryptocurrency. “In the few months his scheme remained active, HO consumed more than $5 million in unpaid cloud computing services with his mining operation and, for a brief period, was one of Amazon Web Services (AWS) largest consumers of data usage by volume.” My ass he was; $5 million wouldn’t make you the largest user of Route 53, let alone a service that’s designed to handle vast quantities of data.

I wrote the inoffensively titled AWS isn’t killing your business, you just suck at it this week, which I’m sure will ruffle no feathers.

I’m giving a session twice at re:Invent. I don’t advise attending both, but I promise it won’t be dull.

Huge Nicholas Cage fan Paul Chin Jr. spoke with me last week on Screaming in the Cloud.

An interview with Abby Fuller on balancing progress with security.

A dive into how AWS builds their own serverless applications.


If you’re considering a job change, check out a position below. Regardless of where you find it, you should definitely negotiate your salary. If I were to magically become employable, I’d immediately head to and talk to Josh Doody about it before saying anything further. He’s done this many times before, with a special emphasis on engineering roles at FAANG companies. He’s an artist when it comes to getting the best compensation possible without seeming greedy or losing the offer. He offers coaching, free articles, an ebook, and other things along the way. Check him out–and tell him Corey’s talking about him again.

Don’t you know who I am?! If so, you chould consider working for AWS Identity. They’ve got a hard problem–wrangling AWS IAM, Cognito, Organizations, and a bunch of other things that Can Not Go Down, all at tremendous scale. I’ve met with many of the team members–some of whom despise me, others of whom begrudgingly tolerate me, but they’re all fantastically sharp people who have the grace not to reach for fantastically sharp objects to drive away my mockery. This is one of the most fascinating teams within AWS; check them out and tell them I said hello–ideally in a vaguely threatening tone.

Choice Cuts

This week’s issue is sponsored by CHAOSSEARCH. My friend Pete Cheslock announced last week that he was moving on from his role as CHAOSSEARCH’s VP of Product–so, do I still endorse CHAOSSEARCH? HELL YES! It provides an ElasticSearch compatible API while separating out compute from storage–so you don’t have to deal with the agony of running ElasticSearch yourself. No cluster resizes, no nodes filling up and breaking things, no slap-and-tickle with license fights. Best part? It’s about 80% less money. Check them out today. Sponsored

Amazon API Gateway now supports access logging to Amazon Kinesis Data Firehose – …and CloudWatch Logs cries as their 50¢-per-GB revenue stream evaporates with the dawn.

Amazon Chime now supports screen sharing from Mozilla Firefox and Google Chrome without a plug-in or extension – Good news for AWS customers talking with AWS employees; you no longer have to install Chime at all.

Amazon CloudWatch now sends alarm state change events to Amazon EventBridge – You can now invoke Lambdas on things like network outages, CPU overruns, and your CloudWatch bill passing the stratosphere.

Amazon EC2 Hibernation Now Available on Windows – Sorry, I haven’t had a Windows laptop in thirteen years. Did they ever solve hibernations on Windows on laptops and desktops, or is EC2 leapfrogging that too?

Amazon EC2 Instances are Now Available in South America (Sao Paulo) – What the hell were they running in Sao Paulo before?!

Amazon FSx for Windows File Server now enables administrators to restore activity on files locked by inactive users – Every part of this headline speaks to a horrifying failure case that I fortunately had no idea existed.

Amazon GuardDuty Adds Three New Threat Detections – The three threats are DNS rebinding to the Metadata endpoint, someone turning off S3 Block Public Access on a bucket, and that SRE you hired with a bad attitude and a gambling problem.

Amazon Redshift Improves Performance of Inter-Region Snapshot Transfers – What the first half of this headline giveth, the second half taketh away.

AWS CodePipeline Enables Setting Environment Variables on AWS CodeBuild Build Jobs – Secrets management always comes down to environment variables. That’s both depressing and true.

AWS IoT Greengrass now Provides Deployment Notifications – Wait, it’s called “IoT Greengrass” now? Just thought you’d sneak that in and I wouldn’t catch it, AWS? Don’t you know who I am?!

AWS IoT Things Graph now provides workflow monitoring with AWS CloudWatch – Have they tried graphing their name first? If so they’d have realized that it’s “Internet of Things Things Graph.”

You can now expand your Amazon MSK clusters and deploy new clusters across 2-AZs – Wait, until now you were stuck using it in a single-AZ for one massively challenging single point of failure? And people were using this in production?!

Migration Complete – Amazon’s Consumer Business Just Turned off its Final Oracle Database | AWS News Blog – Oracle’s gloating that even Amazon couldn’t wean themselves off of Oracle databases for many years doesn’t send the message they think it does. I don’t want to hear about “cloud lock-in” from Oracle ever again.

New – Amazon CloudWatch Anomaly Detection | AWS News Blog – I love this new offering while simultaneously cringing at how many terrible companies will plug this directly into PagerDuty and abuse the crap out of their engineering staff at 2AM.

Now Available – Amazon Relational Database Service (RDS) on VMware | AWS News Blog – It’s RDS running on your own hardware. You only have to pay for the hardware, the datacenter it lives in, the data transfer, Direct Connect, your VMware license, a per-hour instance charge per RDS VM you’re running locally, Business or Enterprise support from AWS (required), and any CloudWatch metrics you want. Easy as that!

AWS’ Sponsorship of the Rust Project | AWS Open Source Blog – Since Rust developers never stop extolling the benefits of Rust long enough to build anything with it, AWS is basically sponsoring an engineering filibuster.


It’s 2AM and your site just broke. Are you awake? No–at best you’re awakish. This week’s issue is sponsored by Awakish, a website monitoring tool that tells you when your site or application is down. It’s got an internal collector that lets you get HTTP/S monitoring for service within your environment, at a compelling pricepoint. Check them out with a credit-cardless free trial at Sponsored

If AWS flips you to a different region, this Chrome extension will warn you before you do something ill-considered in the console.

Something besides a bus station with critical structural issues has Salesforce’s name on it: Policy Sentry. It’s an IAM Least Privilege policy generator, and worth your time to investigate.

… and that’s what happened Last Week in AWS.

Newsletter Footer

Sign up for Last Week in AWS

Stay up to date on the latest AWS news, opinions, and tools, all lovingly sprinkled with a bit of snark.

"*" indicates required fields

This field is for validation purposes and should be left unchanged.
Sponsor Icon Footer

Sponsor a Newsletter Issue

Reach over 30,000 discerning engineers, managers, and enthusiasts who actually care about the state of Amazon’s cloud ecosystems.