Good Morning!

It’s increasingly clear that there’s incredible risk to using AWS as an independent learner. If AWS doesn’t care enough to build strong guardrails for people just starting their cloud journey, can we in good faith suggest that people use the platform? I’m incredibly troubled by these stories.

From the Community

With cyberattacks becoming more frequent and sophisticated, proactive Threat Hunting is increasingly critical. And here’s the good news: you can significantly improve your Threat Hunting game with existing staff & analytics tools (including the popular Open Distro Kibana). To learn more,Download The Threat Hunter’s Handbook from ChaosSearch, an amazing guide that covers: the 6 common stages of a sophisticated attack; how to adopt the mindset of an attacker; how to find the hidden clues of an attack in your log data; how to conduct a hunt using standard log analytics tools; and a detailed real-world example of combatting an advanced persistent threat. So check out The Threat Hunter’s Handbook from ChaosSearch and get a blueprint for identifying the clues in your log data that will stop cybercriminals in their tracks. Sponsored

Andreessen Horowitz has a piece on the Cost of Cloud, which is correct on virtually all points but draws some incorrect conclusions based upon a great deal of missing context. I’m going to have to write something long about this one…

A guide to modifying AWS Cloudfront response headers with Cloudfront functions because heaven forbid you just be able to set static headers in CloudFront.

Forrest Brazeal is taunting me into doing another parody music video.

A guide to using the “X-Amzn-Trace-Id” header to follow requests through AWS load balancers.

The Duckbill Group blog has a post up on Aurora vs. RDS: An Engineer’s Guide to Choosing a Database.

I enumerated the 17 Ways to Run Containers on AWS.

Amazon now has much greater diversity among its executives, and all it took to do that was redefining the term “executive” to include folks further down the org chart.

An S3 Bucket Negligence award goes to Decathlon. “While Decathlon is not responsible for this data breach” is a lie; you can outsource the work, not the responsibility. It remains with Decathlon.

Keeping track of one cloud provider’s data products is a ‘full-time job’ so forget mixing and matching, says Gartner. “Frankly, keeping track of one cloud provider’s nonsense across the board is closer to six full time jobs” added Corey Quinn.

The Register has picked up the story about AWS’s garbage version of a free tier. This needs to be fixed immediately and with extreme prejudice.


If you’ve got an interesting job for this newsletter’s eminently employable subscribers, get in touch!

Some combinations won’t ever play nice. Cats and dogs. 98point6, a mission-driven company that’s making primary care more accessible and affordable, it’s the dynamic duo that’s leading the change in a much-needed digital health revolution. They’re hiring engineers and engineering managers across several disciplines to enhance the practice of medicine—relentlessly improving a platform, built on AWS, that helps reimagine the patient and physician experience.They’re looking for engineers to further their efforts, build critical systems for on-demand care at scale and collaborate across the organization while expanding the types of care they provide. Interested in being a part of healthcare innovation? Check out their open roles and apply now.

The AWS User Experience Products & Platform team is responsible for products that enable AWS users to manage their applications and infrastructure on AWS. Our mission is to deliver an effective, efficient, and loved user experience that makes it easy for all users to discover, learn, and build on AWS. Today, we own the AWS Management Console, the AWS Console Mobile App, the AWS Chatbot, as well as the User Experience Platform used by 175+ AWS service teams to develop and deliver their user experience across multiple channels (web, mobile, chat).

Think “GitHub for marketing teams” and you’d be pretty close to describing Loomly. They’re looking for someone to take ownership of and lead their DevOps/SRE efforts–and that person might well be you. They’re fully remote, post their salary ranges, and using a bunch of AWS services. I’m a fan of what I’ve seen from them so far; see if this role is up your alley.

Choice Cuts

Got a headache from tracking down backups across dozens of accounts for compliance? Is the EC2-Other line item on your AWS bill exploding? Has AWS Backup taken you hours if not days to restore? All too common symptoms of AWS users until they met Clumio. This cloud backup tool can fix these problems and more, plus they just launched a free backup visualization and optimization engine called Clumio Discover, go check it out! Sponsored

[Free Book] Definitive Guide to Feature Management

Feature management is a new class of software development tools & techniques powered by feature flags. A feature management platform like LaunchDarkly fills the gaps of conventional feature toggles. Learn the ins & outs of feature management today.Ship Fast. Rest Easy. LaunchDarkly. Sponsored

Amazon Elastic Container Service Anywhere is now generally available – Though they go to great pains not to mention it, you can use this to run containers on other cloud providers as well.

Amazon Lightsail DNS now supports pointing root domains to Lightsail Container Services – LightSail continues to evolve as “AWS, re-imagined.”

Amazon SQS Now Supports a High Throughput Mode for FIFO Queues – Now that SQS queues can process 3,000 messages per second per API call, they’re almost suitable for handling AWS service and feature update announcements.

Announcing Amazon CloudWatch Resource Health – At long last CloudWatch has evolved the ability to tell you whether your EC2 instances are working or completely screwed.

AWS Compute Optimizer enhances EC2 instance type recommendations – “AWS Compute Optimizer now less crap” is all well and good, but the service itself is still neither well nor good.

AWS Outposts launches support for EC2 Capacity Reservations – You can now reserve capacity in your own data center to screw over Bob from Accounting. Just reading about this makes me glad I don’t work in some of these places.

AWS Transfer Family now supports Microsoft Active Directory – All families have those shady members who shake you down for money, and the Transfer Family’s version of that is Microsoft AD.

Making Effective Decisions for Your V1 AWS Design – “Disregard every best practice AWS gave prior to some arbitrary date” is the answer, since these things continuously evolve.

In the Works – AWS Region in the United Arab Emirates (UAE) – AWS is getting a new region in a country where it’s easy, safe, and fun to visit unless you’re a woman or LGBT.

Performance and functionality improvements for AWS Lambda extensions – Lambda Extensions are now better / faster / healthier / a floor wax.

Build and Deploy Docker Images to AWS using EC2 Image Builder – Yay, another way to deploy containers to AWS.

It’s a wrap for Amazon SageMaker Month, 30 days of content, discussions, and news – Did you know it was Amazon SageMaker Month? I didn’t.

Understanding AWS Direct Connect multi-account pricing – Even AWS is dropping blog posts on how to understand its byzantine service pricing.

Introducing Assisted Log Enabler for AWS – “Open source tool” is doing a lot of heavy lifting for a script that turns on a bunch of chargeable AWS features and provisions them, and is built by AWS itself.

Finding the right tools to build sustainable cities: how the cloud can help – At a glance, the cloud could help by Amazon releasing all of the data it gathered from cities across America during its ridiculous HQ2 beauty pageant a few years ago–much of it NDA’d.

How cloud can help agencies enhance security, save costs, and improve mission delivery through the Technology Modernization Fund (TMF) – “The federal government just received another billion in funding for technology modernization initiatives, here’s how you can give some of it to us” isn’t the subtext, it’s basically the first paragraph of the post.

A closer look at AWS Certification exam security – How AWS ensures the security of an exam that nobody but AWS themselves really cares about. I’m serious: employers only care insofar as AWS partner requirements force them to care. If someone claims to have an AWS cert, nobody generally validates that claim.


Flying blind in the cloud? Lacework provides a flight recorder for your user, API, and container activity – all organized into behaviors that deliver answers in seconds and takes you out of the analysis paralysis game. Whether you’re ready to take the red pill or the blue pill, Lacework bridges the gap between DevOps and Security. Lacework makes it easy with everything from compliant service configurations to container app topologies – no rules required. Got doubts? Challenge accepted. See for yourself at Sponsored

PMapper lets you quickly evaluate IAM permissions.

Outsourcing compiler work to Lambda is now possible with llama.

… and that’s what happened Last Week in AWS.

Newsletter Footer

Sign up for Last Week in AWS

Stay up to date on the latest AWS news, opinions, and tools, all lovingly sprinkled with a bit of snark.

"*" indicates required fields

This field is for validation purposes and should be left unchanged.
Sponsor Icon Footer

Sponsor a Newsletter Issue

Reach over 30,000 discerning engineers, managers, and enthusiasts who actually care about the state of Amazon’s cloud ecosystems.