Good Morning!

Welcome to issue 166 of Last Week in AWS. Last week it came out that AWS is suing their former VP of Product Marketing under its incredibly-broad non-compete agreement. My thoughts on non-competes are pretty well known by now. We’ll see if AWS continues to take a blowtorch to its own reputation this week by continuing to double down on Day Two thinking.

This is beneath them, and shows incredible contempt for the amazing folks employed there. To be blunt, it makes me reconsider my support for AWS across a few axes.

I’ll be considering my options / response in the coming weeks. To that end, if the idea of something called Last Week in Azure sounds like something you might enjoy, go put your name on that list.

Similarly, if you work at AWS and have opinions (positive or negative!) on non-competes, please let me know. If this isn’t impacting you folks as much as I fear it would impact me, then let me know that I’m out of line. However, if it is keeping you constrained, I’d like to know that I’m not jumping at shadows.

From the Community

Sick of having to manage different CI servers and tools? Of course you are, even if you can’t admit it in public. Let’s talk about Buildkite; a unifying voice in this sea of madness. It has an easy-to-use web UI, extensive docs, and a portable agent that runs on any hardware or container runtime. You want to talk scale? Shopify has happily used Buildkite to grow from 300 to 3000 engineers–while keeping builds under 5 minutes. Check it out at They’ve even got a CloudFormation stack if you want to cosplay as a responsible engineer! Sponsored

Customers like Slack choose the Amazon Chime SDK for real-time communications | Business Productivity – There are good parts of Chime, and bad parts of Chime. The good parts of Chime will be used to power Slack meetings soon. This should have been included last week but was not due to a hiccup in the bad parts of Chime.

A teardown of AWS Step Functions and their trade-offs. I learned a lot from this post because I haven’t played with Step Functions yet.

Drew Rothstein of Coinbase penned a post that I will retitle We Do Not Use Kubernetes At Coinbase Because We Are Not Irresponsible Lunatics.

A way around an NLB defect that causes problems with PgBouncer.

Scribd (one of the Duckbill Group’s clients!) talks about ditching the datacenter to improve development velocity. Having witnessed it firsthand, I can attest that this post speaks the truth.

This is pretty–using Lambda to generate fractals.

aCloud Guru acquired another company and now has a multimillion-dollar cloud bill to optimize.

Dice has a report of the top tech skills that Amazon is hiring for. Non-technical skills they’re hiring for include “willingness to sign non-compete agreements without pushing back.”

RedMonk’s Steve O’Grady talks about Convergent Evolution, CDNs and the Cloud. Because he’s a warm, empathetic person he didn’t take my personal angle of “cloud providers’ CDN offerings are comparatively depressing.”

A year-later retrospective about what went right and wrong with the Capital One Data Breach. I’m sympathetic to them; remember, this was a sophisticated attack rather than “left an S3 bucket open.”

Amazon has agreed to stop selling Rekognition to police departments for a year. As you might expect, not everyone is impressed.

How to get around the 6MB Lambda payload limit.

Former AWS VP Tim Bray calls for AWS to be broken off under antitrust concerns. I agree with him.

This ongoing AWS phishing campaign is incredibly convincing, even down to the “using the old AWS logo in a form email.”

AWS has banned police use of Rekognition for one year in the desperate-yet-forlorn hope that people will stop talking about its enforcement of non-compete agreements.

As mentioned above, AWS has decided to set fire to its community goodwill, not to mention its marketing budgets by suing a former VP who had the temerity to… want to go do slide review at Google Next?

AWS has refunded someone’s hilariously large CloudWatch bill overage.

The victims of this week’s S3 Bucket Negligence Award winner are a bunch of already-defrauded student loan applicants. The entity in question is already under FTC penalties, so it just goes to show that even scammers can’t figure out S3 bucket permissions.


If you’ve got an interesting job for this newsletter’s eminently employable subscribers, get in touch!

If you’re looking for a senior management role, consider leading the Well Architected Tech Leads team at AWS. The Senior SA Manager, Well-Architected Tech Leads Leader will drive and improve best practices across a global team, helping customers use AWS better. (Let’s not kid ourselves; some of them are closer to the ideal cloud usage pattern than others, which is why Well Architected exists in the first place…) With roles in several states including California, this is a job of interest to some of you; check it out.

If you’re a Solutions Architect on the Well Architected team, you could slur your words slightly and be a Swell Architect. If that’s not enough to inspire you to greatness, consider the joy in helping customers and partners design better ways of working with the cloud, but not having to stick around for their terrible interpretation of what implementing that architecture looks like. If this sounds at all appealing, consider becoming a AWS SWell-Architected Solutions Architect. Several positions in several states are available; check them out.

Right now, the Well Architected Tool is pretty much a sad checklist. Amazon is looking for a systems application engineer to turn this into something great, since it turns out that after fifteen years of running public-facing web services, one key lesson is that computers are better at rote repetition than people are. It’s worth highlighting that this role asks for 0-3 years as a developer, so if you’re looking for a career change or breakthrough role, this might me of interest to you.

Choice Cuts

Mistakes happen in the cloud. Just ask anyone who’s accidentally left expensive workloads running, put sensitive data in a public bucket, or agreed to deploy an Oracle product. The folks at believe that a well-governed cloud means never having to say you’re sorry–and not because Finance doesn’t know where to find you. unifies access and identity management, budget enforcement, and compliance automation into a single solution that works across both AWS and Azure. If your cloud ops team or developers apologized recently, check them out. If they refused to apologize, several notable tech companies are currently hiring. Sponsored

Alexa for Business now available on Lifesize Icon meeting room systems – That’s right, the icon is now a six foot tall Amazon Echo.

Amazon Augmented AI enables quality control via metadata for customers using a private workforce – If you’re using humans to categorize things to train AI models, good news; you now have the ability to micromanage them via horsewhip to ensure they spend their days worrying about getting fired.

Amazon Aurora Snapshots can be managed via AWS Backup – Maybe, and I’m just spitballing here, a service purporting to handle all of your backup needs should maybe have covered “snapshots of AWS’s flagship database service that isn’t Route 53” as one of its first priorities, not “over a year post-launch?”

Amazon CloudFront enables configurable origin connection attempts and origin connection timeouts – CloudFront looks increasingly like a load balancer, if you pretend that load balancer config changes take multiple minutes to take effect.

Amazon EC2 C6g and R6g instances powered by AWS Graviton2 processors are now generally available – AWS doesn’t release clock speeds on these new processors, so I can only assume that in what we now now to be common AWS practice, the answer is something that is broadly non-competitive.

Amazon Redshift now supports writing to external tables in Amazon S3 – This addresses the customer pain of “how can a single action in one service hit multiple sections of the AWS bill?” The customer with that pain is of course those other service teams.

AWS Compute Optimizer Now Supports Exporting Recommendations to Amazon S3 – “Exporting the results to S3” solve neatly for the “how do we turn this service into something that generates revenue, even if indirectly” problem.

AWS Shield Advanced now supports proactive response to events – This is a huge deal. I believe it’s the first time AWS will reach out proactively about service problems in a “we’ll commit to doing so in writing” sense. Usually the only other way to get their attention is to stop paying the bill.

AWS Transfer Family enables Source IP as a factor for authorization – Security groups. You have reinvented security groups.

CloudWatch Application Insights now supports MySQL, Amazon DynamoDB, custom logs, and more – That’s cool and all, but the best way to monitor services like this is via

Improve productivity with interactive SQL tools in Amazon Elasticsearch Service – “We taught it to speak SQL” is great to hear about a service, but terrifying to hear about a dog.

Software Package Management with AWS CodeArtifact | AWS News Blog – They’ve launched their long-rumored CodeArtifact service. Not to be mistaken for AWS Artifact, this is very similar to JFrog’s Artifactory in that neither offering natively supports CloudFormation nor AWS tags. Artifactory is a third party service; what’s CodeArtifact’s excuse?

Automating the discovery of licensed software using AWS License Manager | AWS Management & Governance Blog – Oracle does something very similar, but their motives for doing it are ever so slightly different.

How to automate the creation of multiple accounts in AWS Control Tower | AWS Management & Governance Blog – This post is hilarious for what it doesn’t say. “Spinning up multiple accounts with Control Tower is so hilariously awful that you need to build this monstrosity to do it. Note that you’re not going to want to run it during the day, because account management will be completely unavailable until this thing finishes.”

AWS achieves its first PCI 3DS attestation | AWS Security Blog – Speaking of AWS Artifact, this is relevant. That said, I’d have been happier if this post had explained what the hell PCI 3DS was in terms that someone who didn’t already know the answer could have understood.

The importance of encryption and how AWS can help | AWS Security Blog – I feel for AWS. Writing a “how encryption works” blog post without wanting to shake the reader and scream “NO! DO NOT ROLL YOUR OWN UNDER ANY CIRCUMSTANCES!” must have been incredibly challenging.


Running a business is hard. Your cloud doesn’t have to be. DigitalOcean is the cloud that offers transparent, predictable pricing – even for Kubernetes clusters, which you’d have thought was impossible! You also won’t need 12 weeks of cloud school to absorb a zillion ancillary services just to be able to SSH into an instance. Is this the kind of simplicity you need out of your cloud provider? Check out DigitalOcean today. Sponsored

Choose your weapon! You can either use AWSume or aws-vault to handle your multiple account logins. I’m told there are now native offerings, but I’ll need to be convinced.

If you want a hard job, try getting useful information out of CloudTrail. trailscraper may help make this easier.

… and that’s what happened Last Week in AWS.

Newsletter Footer

Sign up for Last Week in AWS

Stay up to date on the latest AWS news, opinions, and tools, all lovingly sprinkled with a bit of snark.

"*" indicates required fields

This field is for validation purposes and should be left unchanged.
Sponsor Icon Footer

Sponsor a Newsletter Issue

Reach over 30,000 discerning engineers, managers, and enthusiasts who actually care about the state of Amazon’s cloud ecosystems.