Good Morning!

Last week saw a bunch of things, from my ridiculous Jeff Barr birthday video to my suggestion for a new AWS service to a bunch of sad things in the news.

I’ll be keynoting Cloud Native Revolution 2020 in a couple of months; their CFP is open for the rest of the month. Folks are encouraged to submit; hit reply and let me know if you’d like any help on putting a proposal together. That’s how I learned–and it’s my turn to help pay it forward.

From the Community

Have you heard about ChaosSearch, the fully managed log analytics platform that leverages your Amazon S3 as a data store? According to the CTO at Armor, a global cybersecurity company with more than 1,000 customers in 42 countries, “ChaosSearch is a critical piece of our infrastructure for processing tens of terabytes per day of our customers’ log data.” And at Hubspot, the Engineering Lead said “We are able to process and analyze 10’s of terabytes a day of Cloudflare log data to identify and fend off DDoS attacks on behalf of our customers at a fraction of the cost of our previous self-hosted ELK Stack.” So take it from me, or take it from them – either way, take a look at ChaosSearch today! Sponsored

A newcomer to AWS wrote about getting Hello World done in SAM easily. It’s a great read; I encourage you to check it out.

Someone went through the trouble of getting an IPv6 dual-stack VPC running with Terraform and wrote about it.

Point six of this ten lessons from twelve years of AWS was originally that Route 53 isn’t a database. Then I dropped Paul Vixie, author of BIND onto Adrian Hornsby’s case, who hastily corrected his wrong opinion. This proves both that Adrian changes his perspective when presented with new information, and that I absolutely do not mess around.

It’s not common that I pick up cost management tips from community blog posts, but Netflix’s blog post did teach me a thing or two. This is for their data infrastructure, the thing that empowers Watching You Watch Netflix.

My robot, my caregiver” is a poignant and welcome introduction to robotics on AWS by one of the nicest people who works there. Take a look.

If you’re tired of Amazonians, head on over to TikTok. They’re not allowed over there anymore. Just kidding, as this goes to press it turns out that “the email was sent in error.” I’m shocked–SHOCKED that “clearly communicating” and “email” combined aren’t in AWS’s strong suit.

This video on exempting yourself from AWS rules is the greatest conference talk you can spend fifteen minutes watching. The folks behind Lambda, Organizations, Connect, AWS Accounts, SSO, and several more teams should fix this problem immediately. It was funny last year, today it’s just a glaring weakness.


If you’ve got an interesting job for this newsletter’s eminently employable subscribers, get in touch!

If you’re looking for a senior management role, consider leading the Well Architected Tech Leads team at AWS. The Senior SA Manager, Well-Architected Tech Leads Leader will drive and improve best practices across a global team, helping customers use AWS better. (Let’s not kid ourselves; some of them are closer to the ideal cloud usage pattern than others, which is why Well Architected exists in the first place…) With roles in several states including California, this is a job of interest to some of you; check it out.

Choice Cuts

…But allow me to magically wave my digital wand over your AWS cloud and erase all of those worries! That’s essentially what N2WS Backup & Recovery does for your AWS cloud. N2WS allows you to cycle backups through different storage tiers so you can migrate critical apps and achieve not just the same but even better SLAs, while keeping costs lower than on-premises and lower than using AWS directly. For a limited time N2WS is offering $100 in AWS credit just for setting up their free trial. Sponsored

Amazon Connect now supports Kevin, Polly’s latest text to speech voice – …while explicitly refusing to support any employees named Kevin, who now get to suffer a barrage of tired, overdone jokes. Kevins now join Alexas in commiserating at the bar.

Amazon EMR now supports Managed Scaling – automatically resizing clusters to lower cost – While it’s great to scale down EMR clusters while you’re not using them (FINALLY!), let’s get real: if you care about cost, you’re probably not being super well served by running EMR in 2020.

Amazon Keyspaces now enables you to back up your table data continuously by using point-in-time-recovery (PITR) – Amazon “It’s not DynamoDB!” Keyspaces gets a feature previously restricted to DynamoDB.

Amplify CLI adds support for Lambda layers to easily share code & assets across Lambda functions – Lambda releases a capability, 50 other service teams scramble to address that capability, each in their own bespoke ways.

AWS announces the Migration Acceleration Program for Storage – “We’ll pay you to migrate your data into AWS” is the takeaway here. You’ll have to jump through a bunch of hoops as a sop to the APN members, but ultimately it makes getting into AWS easier. Getting back out is left as an exercise for the customer.

AWS Firewall Manager launches managed rules to audit VPC security groups – I refuse to accept that “AWS Firewall Manager” isn’t someone’s job title, and this release is just a snippet from their work log this week.

AWS Marketplace AMIs now supported with Spot Instances in the EC2 Launch Instance Wizard – Good for customers, bad for Marketplace vendors who now will have no earthly idea how much they’re going to make in any given hour due to the “will Spot requests be fulfilled or not” ambiguity.

AWS Marketplace now offers integrated third-party software solutions for AWS Control Tower – “These solutions help solve infrastructure and operational use cases” which is what Control Tower was supposed to do in the first place only it didn’t.

Docker and AWS collaborate to help deploy applications to Amazon ECS on AWS Fargate – Yoga requires flexibility. Writing this entire thing without ever once mentioning the word “Kubernetes” requires far more of it.

Easily manage your content policies for AI services with AWS Organizations – You can now globally opt out of AWS’s AI services using your data to improve themselves. Oh, you didn’t know they were doing that? And your auditors didn’t know either? And that data wasn’t restricted to the regions you thought it was? Huh, it sounds like you’re having a super bad day if so…

AWS IoT SiteWise – Now Generally Available | AWS News Blog – This blog post skips over the most important part, and that’s seeing Bill Vass’s dog in the video. More puppies in AWS release announcements, please.

This was also the best way to launch this feature. The alternative would have been a Jeff Barr blog post that started with something like “I wanted to demonstrate SiteWise to you, so Amazon acquired a manufacturing plant for me to instrument…”

New – Create Amazon RDS DB Instances on AWS Outposts | AWS News Blog – You can now subject your RDS databases to your crappy datacenter’s power fluctuations.

Create Snapshots From Any Block Storage Using EBS Direct APIs | AWS News Blog – This may put a pile of on-premises backup providers out of business. Granted, you need to write code that speaks EBS, but suddenly you can back up your on-prem storage to AWS regions? That’s no small thing.

Introducing AWS Copilot | Containers – It’s never been easier to crash your Docker containers into the side of the AWS Mountain. In the opposite of the Firecracker naming decision, you’ll get yelled at if you don’t put AWS in front of “Copilot.”

Deploy a dashboard for AWS WAF with minimal effort | AWS Security Blog – This is a gorgeous dashboard that displays relevant information. The effort actually is minimal, and the beauty stems from using Kibana instead of QuickSight or (frankly) any AWS-built visualization tool.

How to use G Suite as an external identity provider for AWS SSO | AWS Security Blog – This is a half-step away from just declaring infosec bankruptcy and running Google Ads inside your company’s AWS console.

Identify, arrange, and manage secrets easily using enhanced search in AWS Secrets Manager | AWS Security Blog – This is a rarity: a blog post with a distinct personality, that walks you through not just how to do something but why you’d want to, and does it in an engaging way. I can only assume that this was slipped out while someone’s back was turned. More like this, please!


Remember the Log Song from the Ren & Stimpy cartoon in the 90s? This issue is sponsored by Scaylr; because all kids hate their logs…

♪ ♫ ♬ doo do do doo do doot ♪ ♫ ♬

When your site doesn’t go / Or maybe it’s slow And people can’t load up your blog Where do you start? / What’s the state of the art? With logs logs logs

Logs, logs, full of repetitive noise Logs, logs, Awk and grep? Sorry, they’re toys

Everyone hates the logs Nobody can read their logs Improve the state of your logs Scalyr can help with your logs logs logs logs Logs. From Scaylr..♪ ♫ ♬ doo do do doo do doot ♪ ♫ ♬ Sponsored

Outsourcing compilation of code to AWS Lambda is certainly a thing you can do, I suppose.

Make DynamoDB single-table designs easier to query and update. You’ll still get it wrong, but at least you tried this way.

Push your load balancer logs from S3 to CloudWatch Logs to solve your problem of “not being charged enough for logs.

… and that’s what happened Last Week in AWS.

Newsletter Footer

Sign up for Last Week in AWS

Stay up to date on the latest AWS news, opinions, and tools, all lovingly sprinkled with a bit of snark.

"*" indicates required fields

This field is for validation purposes and should be left unchanged.
Sponsor Icon Footer

Sponsor a Newsletter Issue

Reach over 30,000 discerning engineers, managers, and enthusiasts who actually care about the state of Amazon’s cloud ecosystems.