Good Morning!
Congratulations to Tableau CEO Adam Selipsky on being named the next CEO of AWS (“Andy Jassy 2.0 for Containers”). This is an interesting development; he starts working back at Amazon in a couple of months.
And another week, another “Corey dropped the ball on a release announcement” correction! IAM Policy Validation is in fact accessible from the command line (aws accessanalyzer validate-policy) and API. It’s not currently accessible without an authenticated call. The management regrets the error.
From the Community
Ah… the ELK Stack – so much initial promise, yet ultimately so unstable at scale – not to mention the unending time and opportunity costs of maintaining the beast! For those of you still shepherding an ELK Stack along – I can’t urge you strongly enough to put down your Advil, and take a look at ChaosSearch today. They’ve really engineered something amazing – a fully managed data analytics platform, with NO ElasticSearch under the hood, that leverages your own Amazon S3 as a data store. Imagine no more data movement, no more data retention limits and all at a fraction of the cost of running your ELK Stack. Definitely check out ChaosSearch today – you won’t be sorry! Sponsored
Headlining a reasonably well understood IAM behavior “AWS IAM Quirk Leaves Accounts Open to Takeover” is some serious overreach. I hope AWSInsider did a few stretches first so they didn’t hurt themselves.
Trapdoor is a serverless honeypot for HTTP requests that’s well worth the read.
If I were to propose that you explore Serverless Full-Text Search with AWS Lambda and EFS your likely response would be “well, at least it’s not as litigious as Elastic.”
We’re hiring for a couple of interesting roles at The Duckbill Group; we published a post detailing the Secret Ingredient Duckbill Looks for in Employees.
An AWS SA moved from New York to India and wrote a fascinating post on the experience.
The winner of this week’s S3 Bucket Negligence Award is Hobby Lobby. Good job.
Jobs
If you’ve got an interesting job for this newsletter’s eminently employable subscribers, get in touch!
AWS is building something new and refreshingly different–and may I say, it’s certainly ambitious! It’s still very, very early days–and the service needs to get from where it is today all the way to general availability, otherwise I won’t get to make fun of it. Help me entertain you– if you’re a senior engineering manager with a penchant for assembling really large engineering teams in a very early stage product, you want to talk to AWS about this “manager of managers” role.
Choice Cuts
Honeycomb’s approach to observability helps you resolve incidents faster, make your services performant, and reliably ship features quickly. Gain confidence in your code by clearly seeing and understanding all the dark hidden corners of production.
To learn how it works, join our Weekly Live Demo and ask our real live humans. Or schedule Observability Office Hours for 1:1 advice on tackling the specific problems most relevant to you. Stop guessing. Start knowing. Sponsored
Amazon Detective launches in AWS GovCloud (US) Regions – Congratulations to this service on completing its FBI training.
Amazon EKS reduces cluster creation time by 40% – EKS clusters now only takes roughly three times as long to provision as Google Kubernetes Engine does.
Amazon Elasticsearch Service announces Auto-Tune feature for improved performance and application availability – I can’t wait to apply Elasticsearch Auto-Tune to the re:Invent House Band should they ever return.
Announcing AWS Media Intelligence solutions – I kinda dig this. Instead of explaining to media customers that they have to pick and choose which of the hundreds of services apply to them, AWS now aggregates them in one place. Someone at AWS undoubtedly lobbied against this on the grounds of it being too helpful.
AWS Cost Categories now supports inherited and default values – This way you can leave your successor to inherit your Cost Category values so that they can attempt to solve the thing you got fired for being unable to solve.
AWS Proton introduces deletion protection for in-use templates – AWS discovers from first principles that matter, even at the subatomic level, can neither be created nor destroyed.
If your mean time to WTF for a security alert is more than a minute, it’s time to look at Lacework. Lacework will help you get your security act together for everything from compliant service configurations to container app topologies, all without the need for PhDs in AWS to write the rules. If you’re building a secure business on AWS with compliance requirements, you don’t really have time to choose between antivirus or firewall companies to help you secure your stack. That’s why Lacework is built from the ground up for the Cloud: low effort, high visibility and detection. To learn more, visit lacework.com/LastWeekInAWS. Sponsored
Expose AWS Lambda function behind static IP when a DNS cannot be managed – You can indeed assign a static IP to a Lambda function. Don’t get excited, you’re going to absolutely hate this thing.
Red Hat OpenShift Service on AWS Now GA – Slowly but surely the AWS services list in the console fills up with things that really deserve a warning label.
Announcing end of support for Python 2.7 in AWS Lambda – Would anyone care to place a wager on whether or not this deprecation gets delayed again? AWS is allergic to turning things off, and it shows.
Amazon DynamoDB now supports audit logging and monitoring using AWS CloudTrail – I think the bigger news is that API calls to your datastore weren’t being logged and monitored by CloudTrail in the first place. This is some real “don’t worry folks, we have safely recaptured the lion that was loose in the elementary school” energy.
AWS and Hugging Face Collaborate to Simplify and Accelerate Adoption of Natural Language Processing Models – Congratulations on the launch of AWS Facehugger, whatever that is. I’m going to pivot to covering GCP before the release of AWS Chestburster.
Introducing Amazon Lookout for Metrics: An anomaly detection service to proactively monitor the health of your business – You are of course failing in your responsibility to make me proud if you don’t say “LOOKOUT! For metrics” in such a way that everyone around you instinctively ducks for cover. Yes, with the shout, and yes, every time.
Using AWS Cost and Usage Reports and Cost Allocation Tags to understand VPC Flow Logs data ingestion costs in Amazon S3 – You’ve already lost when you suggested using the Cost and Usage report to help make something more understandable.
Announcing the keynote speakers for the 2021 AWS Public Sector Summit Online – I keep refreshing the page and not seeing my face. Must be a CloudFront caching issue?
Tools
Download today: Kubernetes security ebook – tips, tricks, best practices
The rapid adoption of Kubernetes to manage containerized workloads is driving great efficiencies in application development, deployment, and scalability. However, when security becomes an afterthought, you risk diminishing the greatest gain of containerization – agility. Download this ebook to learn how to (1) build secure images and prevent untrusted/vulnerable code, (2) configure RBAC, network policies, and runtime privileges, (3) detect unauthorized runtime activity, and (4) secure your Kubernetes infrastructure components such as the API server. Sponsored
You can back up ZFS snapshots to S3 and then throw your ZFS environment directly into the garbage.
This amusing bit of enumeration lets you find the Account ID of any public S3 bucket. Note that AWS doesn’t consider the account ID to be confidential information.
… and that’s what happened Last Week in AWS.