Good Morning!

This is the 164th issue of Last Week in AWS, but that feels like a hollow observation against the backdrop of the uprising we have seen developing in the United States (this newsletter’s home country) over the last week. Although the content for this newsletter was written in advance, here I am on Sunday night feeling shaken to my core and torn about what to say to you all on Monday. You’re here for tech snark and I’m the clown that’s good at providing it, but that’s not what this moment demands of us.

The United States has a sordid and shameful history of racial injustice, but calling that a “history,” while truthful, also presents a too-easy opportunity to ignore the reality of ongoing racial inequality that persists to this day. The protestors’ anger is righteous, and their cause is just. My words cannot possibly add more than they are saying with their actions.

For those who, like me, are feeling lost and trying to figure out what to do to help make the world worthy of the oppressed people in it, I have a few charitable organizations to recommend:

Now, as ever, #BlackLivesMatter.

If you’ve any interest in a temporary break from fighting the good fight, here’s this week’s prerecorded content below:

From the Community

Sick of having to manage different CI servers and tools? Of course you are, even if you can’t admit it in public. Let’s talk about Buildkite; a unifying voice in this sea of madness. It has an easy-to-use web UI, extensive docs, and a portable agent that runs on any hardware or container runtime. You want to talk scale? Shopify has happily used Buildkite to grow from 300 to 3000 engineers–while keeping builds under 5 minutes. Check it out at They’ve even got a CloudFormation stack if you want to cosplay as a responsible engineer! Sponsored

Common English descriptions of a huge swath of AWS services were on my backlog, but someone beat me to it, and did so excellently. Now I want to collaborate with the author on adding a “snark” column.

If you want to use Python to get every item from a DynamoDB table before you die of old age, you’re in for a treat.

An obnoxious interview question I tweeted about led to a bug report in GNU’s coreutils project. Because it’s GNU’s coreutils project, the bug is closed as WONTFIXYOUFREAKING_MORON.

I’ve been saying for a while that separating AWS from Amazon would be a net positive for everyone. It’s nice to see that respected publications are beginning to agree with that position.


If you’ve got an interesting job for this newsletter’s eminently employable subscribers, get in touch!

“At Stedi, they’re working in one of the biggest markets on the planet – EDI, the technological backbone of the physical product economy. They’re building a next-generation platform: a ubiquitous commercial trading network to automate the trillions of dollars in B2B transactions exchanged by nearly every company on Earth. If you’re interested in what they’re building and how they’re building it, they’d love to hear from you.

No one likes managing EC2 instances, so you might like managing the team that replaces them with containers. That’s right, the Fargate team is hiring three Software Development Managers. People-focused servant-leaders are encouraged to apply. Help bring about an end to the Serverless vs. Containers war that doesn’t need to be fought in the first place. One last point: every team at AWS has internal principles that embody their culture, but this team publishes theirs on GitHub. I wonder how they’d take pull requests?

Choice Cuts

Mistakes happen in the cloud. Just ask anyone who’s accidentally left expensive workloads running, put sensitive data in a public bucket, or agreed to deploy an Oracle product. The folks at believe that a well-governed cloud means never having to say you’re sorry–and not because Finance doesn’t know where to find you. unifies access and identity management, budget enforcement, and compliance automation into a single solution that works across both AWS and Azure. If your cloud ops team or developers apologized recently, check them out. If they refused to apologize, several notable tech companies are currently hiring. Sponsored

3 New Role-Based Learning Paths for AWS Media Services – And not a one of those paths is “trapped in my home while accidentally becoming my own AV crew.”

Amazon MSK now supports Apache Kafka version upgrades – It always has, if we’re being technical. It’s just that the upgrade process is no longer “throw the entire cluster away and start over.”

Amazon QuickSight launches integration with Amazon SageMaker and more – SageMaker is catching on like wildfire, so QuickSight desperately hopes to ride its coattails to success. Sure, why not.

Amazon RDS for PostgreSQL Supports R5, M5, and T3 Instance Types now available in AWS GovCloud (US) Regions – empty

Amazon S3 adds support for IPv6 protocol in AWS China (Beijing) Region, operated by Sinnet and AWS China (Ningxia) Region, operated by NWCD – As global tensions continue to escalate, AWS stokes them by inflicting IPv6 on a foreign power.

AWS Fargate now encrypts data stored on ephemeral storage by default in platform version 1.4 – Excellent for compliance checkboxes and (for all practical purposes) absolutely nothing else.

AWS Systems Manager Explorer now provides a multi-account, multi-region summary of AWS Compute Optimizer recommendations – This is a common pattern. No, not “putting random words after ‘Systems Manager'” though that remains a perennial favorite, but rather a given service so completely biffs it on working cross-account and cross-region that a completely separate service team has to step in to fix it.

Data Lifecycle Manager adds supports scheduling based on cron expressions and additional backup intervals including weekly, monthly and annual schedules – If there’s one thing customers adore, it’s fighting with cron’s arcane syntax to schedule something. Of course it’s in UTC rather than whatever timezone you happen to be in; didn’t you notice that the two-week delay of the Last Week in AWS newsletter archive on the website publishes back-issues at different times depending upon whether DST is in effect?

Network Load Balancer now supports TLS APLN Policies – This newsletter goes to just shy of 20,000 people. At most 2 of you realize that I intentionally switched the letters in this headline; it’s ALPN, but almost nobody in the world is up to speed about it.

Now deploy AWS Config rules and conformance packs across an organization from a delegated member account – Another day, another service becomes Organization aware, and another doomed attempt to make the term “conformance pack” sound anything less than actively ridiculous.

AWS Solutions: Serverless Bot Framework adds a remastered user interface and uses AWS Amplify – This is pretty neat. You try to deploy the solution, it causes a Cambrian explosion of resources within your AWS account, and if you dare to complain on Twitter the Serverless Bots swoop in to tell you you’re doing it wrong.

Introducing the latest AWS Heroes – May, 2020 | AWS News Blog – A new crop of AWS Heroes have been anointed-and they’re all new to me. This is a good thing; it means the AWS community has grown well beyond my ability to keep it all in my head the way I do AWS products.

New – AWS Amplify Libraries for Android and iOS | AWS News Blog – Finally, AWS Amplify has Knative libraries for iOS and Android. A small subset of the people reading this are suddenly very worried that the previous sentence might not contain a typo after all.

New – SaaS Contract Upgrades and Renewals for AWS Marketplace | AWS News Blog – Selling SaaS to enterprises continues to grow more Enterprisey. One day there will be so many configurable options within the AWS Marketplace that it’ll gain sentience as an ERP implementation.

Single Sign-On between Okta Universal Directory and AWS | AWS News Blog – With the shiny new Okta support, AWS Single Sign-On releases its best feature yet: a way to completely bypass AWS Single-Sign On.

Fine-grained Continuous Delivery With CodePipeline and AWS Step Functions | AWS DevOps Blog – Step Functions meet CodePipelines for a “turtles all the way down” level of CI orchestration. Give it a try so that your code may be the sand showered into the finely machined gears you’re given.

Implementing Serverless Transit Network Orchestrator (STNO) in AWS Control Tower | AWS Management & Governance Blog – I… what on earth is the problem that this is solving for? I’m sure it exists, but oh my stars does it sound awful.

AWS Shield Threat Landscape report is now available | AWS Security Blog – This contains something I’m not sure I’ve seen before: a “state of the internet” security report that isn’t gated by a demand for your contact info.

How to create SAML providers with AWS CloudFormation | AWS Security Blog – Setting up SAML federation with CloudFormation sounds to me like something akin to rewiring an iPhone while wearing oven mitts.


Running a business is hard. Your cloud doesn’t have to be. DigitalOcean is the cloud that offers transparent, predictable pricing – even for Kubernetes clusters, which you’d have thought was impossible! You also won’t need 12 weeks of cloud school to absorb a zillion ancillary services just to be able to SSH into an instance. Is this the kind of simplicity you need out of your cloud provider? Check out DigitalOcean today. Sponsored

Do you want to learn about all the different S3 features? Of course you don’t; you’d sooner go to the dentist for a root canal. Fine, be that way. Play this S3 game instead.

You used to have to wire your Lambda functions together. Now you can use AWS’s open source project instead to wire together your Lambda functions.

I love this tool so much. It’s a Python equivalent to curl, but it lets you make signed requests to AWS endpoints over socks5.

Who watches the instances? This tool is great at small scale, but will drive you batty past a certain point.

… and that’s what happened Last Week in AWS.

Newsletter Footer

Sign up for Last Week in AWS

Stay up to date on the latest AWS news, opinions, and tools, all lovingly sprinkled with a bit of snark.

"*" indicates required fields

This field is for validation purposes and should be left unchanged.
Sponsor Icon Footer

Sponsor a Newsletter Issue

Reach over 30,000 discerning engineers, managers, and enthusiasts who actually care about the state of Amazon’s cloud ecosystems.