Good Morning!

So, a few things to highlight this week.

First, we’ve heard that re:Invent (AWS’s own version of Cloud Next) is going to be an 18-day online monstrosity this year–but what we haven’t heard is a peep about what kind of sponsorship opportunities there are going to be. Given that most of the vendors in the Expo Hall fill their entire Q1 pipeline at the conference, this poses a problem.

I might have a solution: If you’d normally sponsor AWS’s cloud event and want to get attention on your product or service, visit and let’s chat. I’m planning something fun; I need your help to pull it off. At this point, there’s a decent chance my audience will rival that of whatever 11th hour nonsense AWS throws together in the name of frugality…

In other news, last week Amazon sent out a “confidential” email to every podcaster whose email address they could scrape. This is not even slightly how confidential emails work; AWS gets that, why doesn’t broader Amazon? Anyhoo, they’re apparently getting into the podcast game, and had a contract clause forbidding any podcast from “disparaging Amazon.” After I pointed out on Twitter that any podcast that agreed to this was forfeiting their journalistic integrity, it kinda took on a life of its own. After it hit Pitchfork, Business Insider, Billboard, MSN, and (to my chagrin) Fox News, Amazon quietly walked their terms back.

Maybe, and I’m just spitballing here, the fact that my snarky podcast about a cloud computing company has content concerns with a podcast network because they’re the same company could be taken as a sign that Amazon has gotten a smidgen too big?

And as always, if you’re wrestling with your AWS bill, that’s what we fix here at the Duckbill Group. If yours hurts, we can help.

From the Community

This issue is sponsored in part by my friends at ChaosSearch! Processing data at scale with an ELK Stack is: A. budget-breaking; B. soul-crushing; C. time-sucking; D. all of the above. Because ChaosSearch is a fully managed log analytics platform that leverages your Amazon S3 as a data store, there’s no more data movement, no data retention limits and savings of up to 80% vs current log analysis approaches. So if you’re sick and tired of your ELK stack falling over, or of having your data retention squeezed by increasing costs, then visit today and join the log analysis revolution! (and tell them I sent you!) Sponsored

Have you heard about ChaosSearch, the fully managed log analytics platform that leverages your Amazon S3 as a data store? According to the CTO at Armor, a global cybersecurity company with more than 1,000 customers in 42 countries, “ChaosSearch is a critical piece of our infrastructure for processing tens of terabytes per day of our customers’ log data.” And at Hubspot, the Engineering Lead said “We are able to process and analyze 10’s of terabytes a day of Cloudflare log data to identify and fend off DDoS attacks on behalf of our customers at a fraction of the cost of our previous self-hosted ELK Stack.” So take it from me, or take it from them – either way, take a look at ChaosSearch today! Sponsored

If you’ve got spare time this quarantine season, consider taking an AWS cert. This report demonstrates how someone else did.

If anyone except Gartner’s Lydia Leong had written a piece called tiering self-service by user competence I’d have grabbed the popcorn to see what they got hilariously wrong / insulting. Because it’s Lydia, she of course fell into neither trap and has instead formulated a workable model for giving engineers what they want while still having a surviving business with which to pay them.

Adit’s S3 bucket negligence award means that a bunch of medical records got leaked. I triple check the permissions on my freaking podcast recording backups; why can’t medical vendors?!

A Kinesis vs. Kafka slapping match.

I’m not sure that “Joy or horror?” is the title I’d have gone with for an interview with me, but I’ll take all the press I can get.

The New Stack did an article on multi-cloud lock-in. I was quoted so of course I’m linking to it.

A whole lot of announcements came out of Datadog’s Dash conference last week. Meanwhile, AWS Marketing has misheard their name as “Date-a-Dog” and sworn to outcompete them with their demonstrated competence at screwing the pooch.

This week’s S3 bucket negligence award goes to a whole bunch of companies who made the mistake of trusting InMotionNow as a vendor.

When even someone as technically gifted as Tim Bray is befuddled by Service Meesh, I feel less alone in considering them overwrought and far too complicated.

A guide to replacing your offensively expensive NAT Gateways with NAT instances.


If you’ve got an interesting job for this newsletter’s eminently employable subscribers, get in touch!

Do you hold a US Security Clearance? Do you want to build exciting things? Steal exciting secrets? Make big trouble for Moose and Squirrel? Check out the AWS Cleared Jobs and see if AWS might have a role that’s up your alley. Many restrictions apply; see page for details.

OpenEye Scientific is looking for a Backend Developer to be part of a team responsible for developing OpenEye’s cloud platform, Orion, a state of the art elastic workflow scheduler and orchestration system. Orion is a container-based scientific workflow system written in Go and Python. While there are some interesting workflow and container orchestration systems out there and also Kubernetes, none deliver the flexibility in using legacy applications and toolkits, ease of use, scalability, and reliability that they are targeting. Their system is made up of Floe, a Python workflow framework, and a cloud-based workflow runtime and user interface leveraging many technologies, including Django, Docker, and AWS.

Choice Cuts

N2WS is your giant “easy button” for near-instant recovery —including cross-account and cross-region— even if your recovery process needs to happen in a specific sequence. solutions–try it free today!And with smart scheduling and data management you can achieve better SLAs, while saving on your AWS bill. Now for a limited time N2WS is offering $100 in AWS credit just for setting up their free trial. Sponsored

Amazon API Gateway HTTP APIs now supports wildcard custom domain names – Slowly but surely API Gateway becomes something useful to more and more people.

Amazon API Gateway now supports enhanced observability via access logs – Nope. I get that “Observability’ is the subject of some debate, but “turning on access logging” ain’t it, chief.

Amazon Connect now returns agents to their previous status after finishing an outbound call – This is clearly a marketing lie. There’s no way to return an agent who’s just finished speaking with me to their previous status of “happy.”

Amazon Connect adds support for early media on outbound phone calls – I prefer to subject my telemarketing call center staff to a recording of primal screaming while they wait for the autodialer to connect them to their next victim.

Amazon ElastiCache for Redis Now Supports Up To 500 Nodes Per Cluster – “We’re running a 500 node ElastiCache cluster” is the kind of thing you say in a job interview when you want the candidate to walk out immediately but you don’t want to be direct and tell them so.

AWS Site-to-Site VPN Now Supports IPv6 Traffic – Some of the most boring people in the world will undoubtedly have strong opinions on this.

Now manage a popular third party agent from AWS Systems Manager Distributor – I had to click through to discover that “a popular third party agent” is TrendMicro’s Cloud One. I mean… TrendMicro sponsors some of my stuff. I’ve checked; you’re indeed allowed to mention them by name. Why is AWS treating it like it’s the Hebrew name of God instead of writing it out?

Amazon Braket – Go Hands-On with Quantum Computing – I refuse to acknowledge this fascinating service’s ridiculous name. You can now rent access to three different kinds of quantum computer through the magic of AWS Observerless. The certification in AWS’s quantum computing offering is “a doctorate from Stanford.”

Build and monitor custom Ethereum tokens with BlockScout from AWS Marketplace – At least the AWS Gaming team is fully aware that they’re empowering entertainment only, with virtually no practical value beyond the entertaining parts. Don’t email me.

Migrating AWS Lambda functions to Amazon Linux 2 – Here’s how to manage the functions you run on a service that was sold to you as “nothing for you to to manage.”

Using Amazon MSK as an event source for AWS Lambda – An AWS service is never feature complete until you can use it to fire off Lambda functions. That way AWS can tell you to spackle over its service gaps yourself and pay them for the privilege rather than them fixing things first-party.

How to become a Redis maintainer one contribution at a time – I’m conflicted. Matt Asay is a trusted voice in the open source world, but advice on open source from a company whose own open source projects are nearly entirely maintained by folks who work there is a bit tough to swallow. Where’s their broadly-adopted open source thingy that isn’t “integrate with AWS proper?”

Demystifying your AWS Certification exam score – When your certification team has to publish a post on how to get meaningful data from the score for their own certifications, you know someone massively screwed up the grading rubric somewhere.

4 steps closer to your AWS Cloud career – I’d thought I’d seen a lot, but “career advice from AWS” proves that there’s still so much more left to see.


Startups and enterprises alike are embracing containerization and Kubernetes, but security struggles to move at the pace of DevOps, bogged down by tools and processes not suited for cloud-native technology. Register for this webinar where cloud-native security experts from AWS, Informatica, and StackRox will discuss how to apply Kubernetes-native security and controls to protect containers and Kubernetes without slowing down application development and rollout. Date: Sep 03, 2020 | 10 AM PDT Sponsored

If you want to lock down an AWS account completely, how do you do this programmatically? The Organizations API is crap, so a service control policy is the right answer; find out how.

Get the giant price list for AWS’s Savings Plans out of their byzantine API and into their natural habitat: Microsoft Excel.

… and that’s what happened Last Week in AWS.

Newsletter Footer

Sign up for Last Week in AWS

Stay up to date on the latest AWS news, opinions, and tools, all lovingly sprinkled with a bit of snark.

"*" indicates required fields

This field is for validation purposes and should be left unchanged.
Sponsor Icon Footer

Sponsor a Newsletter Issue

Reach over 30,000 discerning engineers, managers, and enthusiasts who actually care about the state of Amazon’s cloud ecosystems.