Welcome to issue number 96 of Last Week in AWS.
Seattle is getting smashed by a snowstorm, AWS released a bunch of interesting things, and Amazon’s CEO was beset by dumpster-weasels, which requires no further comment.
Stay warm out there!
This week’s issue is sponsored by GoCD. Improve your GoCD pipelines with the analytics plugin. GoCD Enterprise Analytics Plugin provides actionable insights about your end-to-end cycle time, pipeline status and infrastructure utilization. Read more information here. My thanks to GoCD for their continued support.
Community Contributions
Yelp, for those who are unaware, is a review site that absolutely does not drive its revenue from extorting small businesses. Nobody would ever think they did, and it’s incredibly reassuring that they have a url explaining this in exhausting detail at https://www.yelp.com/extortion, just like any business routinely does. Why would anyone presume otherwise? In any case: they’ve made 4 million reviews available, and someone else has used this as the basis for an intro to AWS / Python / Machine Learning. It’s a great “getting started” project if you’re looking for one.
A handy way to get notified on IAM user logins–but I can imagine this gets incredibly noisy if you don’t restrict it a bit.
Most S3 Bucket Negligence Awards are merely embarrassing, but Jack’d has taken theirs to a whole new level. Instead of merely embarrassing someone, this one has the potential to get people killed in some countries.
Cloudonaut returns with some cost lessons learned around DynamoDB on-demand.
Some idiot’s Serverless newsletter subscription system had a DoS vector within it. I’ve got no idea who PureSec could possibly be referring to, but I bet the newsletter in question is incredibly insightful, and dazzingly well written.
This article reports that cloud waste will top $14 Billion in 2019. I’m pretty sure that people aren’t spending that much on Oracle Cloud, but what do I know? They don’t break out their cloud revenue from license support…
If you want to play PUBG, which the youth inform me is a game, you can do it rather well on an EC2 Instance. Hacker Noon has a guide on this, which is likely of interest to folks doing things where graphics demands are high.
An exhaustive analysis of Lambda’s idle timeouts before triggering a cold-start. This is the kind of analysis I crave, but don’t have the time to build out myself.
A tale of scaling to billions of requests on top of AWSECS4K8S(EKS)
“WTF is an API?” is something you might be wondering, but were too embarrassed to ask. Don’t ever be embarrassed to ask something; I learned at least three things from this article.
I’ve got a soft spot for Segment. One of their articles was the cornerstone of the first issue of this newsletter. This week they talk about what happens when Autoscaling… doesn’t.
A terrifying glimpse into how you can laterally move between AWS accounts by abusing trust relationships.
In case you missed it, Jerry Hargrove (“AWSgeek”) took a job recently at AWS. He’s still continuing to churn out visual service summaries at a prodigious rate; this week’s covers Elastic Beanstalk. Nobody’s quite sure which office he’s out of, as he moves around regularly to avoid the goon squads the AWS art department keeps sending after him for wrecking their curve.
Business Insider points out that WorkLink is an example of AWS playing with per-user pricing; I think that’s a bit of a late realization. They point out that this also exists for Cognito (which I’d not mention in this context; the model there is ‘not enough money to care about for individual users’ as its billing scale is in tens of thousands) as well as WorkDocs, which effectively nobody uses since Office 365 / G-Suite are worlds better. That said, they miss the other interesting services that you’re charged to use per user: Chime, Quicksight, WorkMail, Workspaces, and probably a couple more that I’m missing–but I’m not done! If you enable “IAM user” as a cost allocation tag, you’ll quickly discover that your AWS bill trends towards being less a function of “how many users you have” and more one of “how many engineers do you employ?”
This is a handy roundup of tips for making AWS feature requests. A hat-tip to the sneaky footnote that references this newsletter.
Percona takes the time to explain Aurora’s HA, DR, and durability in such an approachable way that you just know it didn’t come from AWS itself.
PureSec talks abut a weakness in the signup flow for some newsletter’s subscription system. Boy, whatever fool came up with that Rube Goldberg contraption of a workflow shouldn’t be allowed near computers at all, but I bet they write really really well.
I sat down with Archana Kesavan of ThousandEyes to discuss their recent Public Cloud Performance Benchmark Report. There’s a lot of good stuff in the report, but even more in Screaming in the Cloud Episode 47: Racing the Clouds.
This issue is sponsored in part by DigitalOcean. This week, they have a tutorial explaining the differences between HTTP/1.1 and HTTP/2–which I am in no way highlighting because someone asked me that question and I didn’t have a good answer to it. This is incredibly important to understand as you’re building out new webapps; take five minutes and give it a read. My thanks to DigitalOcean for their continued support of this newsletter.
Choice Cuts From the AWS Blog
Amazon Elasticsearch Service now supports three Availability Zone deployments – Hooray, you can now get charged more for a highly constrained service that already costs a fortune!
Amazon FSx for Lustre Offers New Options and Faster Speeds for Working with S3 Data – Pay attention–for the first time I’m aware of, an EFS (or something close to it, “FSx” name not withstanding) offering integrates natively with S3. This feels like the early days of EFS becoming something used for patterns I don’t architecturally hate.
Amazon Transcribe Now Supports US Spanish Speech-to-Text in Real Time – Real-time translation is cool, but let me know when you perfect ahead-of-time translation.
Announcing a 25% price reduction for Amazon EC2 X1 Instances in the Asia Pacific (Mumbai) AWS Region – If you’re in India, it’s now a lot less expensive to run an instance that can handle Chrome and Slack at the same time.
AWS Batch now supports Amazon EC2 A1 Instances and EC2 G3s Instances – Announcements like these profoundly annoy me. On the one hand, it’s great that services are becoming more capable. On the other, it feels a lot like AWS is proudly trumpeting “we told one service team about another service team!” as a praise-worthy enhancement. When the re:Invent keynote highlights that last year there were however many thousand service and feature enhancements, I grumble about how many of them should have been there at launch.
AWS Fargate Now Has Support For AWS PrivateLink – Combining these two services together modifies the old guidance of “We don’t know what your service is going to cost to run…” to include “…but it’s going to be expensive.”
AWS OpsWorks for Chef Automate and AWS OpsWorks for Puppet Enterprise Now Support AWS CloudFormation – CloudFormation’s support for technologies is speeding through the early 2010s at a breakneck pace; 2015 is right around the corner!
Develop and Test AWS Step Functions Workflows Locally – While I’m not a huge fan of local development for serverless, I understand that many others are. That said, “AWS Step Functions Local” is exactly what I’d expect as a name from AWS, versus something fun such as “AWS Stumble Functions–because you have to crawl before you can walk.”
GPU Support for Amazon ECS now Available – WE CAN FINALLY USE ECS TO MINE BITCOIN in someone else’s account.
Introducing Normalized Units Information for Amazon EC2 Reservations in AWS Cost Explorer – Ask anyone in finance who’s moved a step beyond equating “the Amazon bill” with “buying a lot of books” and you’ll see a variety of patterns in which they attempt to normalize instances to one another. It’s a hard problem; some instances are fractions of a penny per hour, others are over $40. This is a good step, and an indication that the lights are still on over in the Cost Explorer group.
Guidelines for protecting your AWS account while using programmatic access | AWS Security Blog – A great start, but “enable MFA for command-line access for certain destructive actions” is missing. I’d also like to see more talk about assuming roles from other accounts; that’s a great pattern that isn’t well understood by the broader community.
AWS Developer Forums: AWS CloudTrail for Amazon S3 adds new fields for enhanced security auditing – The forum links are maddeningly inconsistent–sometimes demanding you log in, other times not. Since I apparently have a level of respect for my readers that the AWS forum system does not, I’m also including a screenshot of the post.
This newsletter is sponsored in part by Scalyr. Scalyr is hosting an online seminar on Tue 2/26 at 10:30am PT on new Kubernetes deployment and development processes. Steven Czerwinski (CTO and co-founder at Scalyr) and Dave McAllister (Scalyr Community Guy) will be explaining how new infrastructures need new approaches for deployment and reliability, and they’ll be showing you how to achieve performance at scale. They’ll also be sharing conceptual frameworks to apply to your work. Sign up for the online seminar. Thanks again to Scalyr for their support.
Tools
A Go microservice to grab screenshots from a URL and save them to S3 may be just what you’re looking for.
utern is a way to stream multiple groups within CloudWatch Logs.
Cloud Reports by Tensult scans your AWS resources and generates reports. I love the company name, just because you know that there are a bunch of crappy consultancies out there who are going to rip off Tensult, run these reports, slap their own logo on the top of it, and charge through the nose. We can now call them “Tensultants” rather than making archaic references to Nessus.
…and that’s what happened Last Week in AWS.
