Welcome to issue number 37 of Last Week in AWS.
It feels like AWS is still recovering from re:Invent, as is the community around it. After the flurry of announcements from Las Vegas, people are less willing to talk in depth about AWS; a sense of fatigue has overtaken the industry.
Still, we press on! This week’s issue is sponsored by CloudHealth.
Reserved Instances (RIs) can appear complicated, but this eBook will ease that. Learn all about: 1) how to make effective RI purchases, 2) new instance types and general usage, 3) planning, managing, and optimizing your purchases, and 4) modifying existing reservations.
Brendan Gregg goes on a deep dive with Nitro, the new EC2 hypervisor. Brendan’s one of the most thoughtful people you’ll find on systems internals…
A great article about a sensitive subject: The Enormous Diversity Problem at AWS re:Invent 2017
Are you lost when it comes to keeping track of all of AWS’s service offerings? It’s not just you.
We’ve had many debates about what to do with the MFA device tied to the root AWS account– but what actions require the root account rather than an IAM account? There’s finally a list.
A great writeup from Marqueta about using AWS Fargate and Lambda to run tasks. That was a fast turnaround!
This week’s S3 Bucket Negligence Awards goes to the Australian Broadcasting Corporation. Please try harder.
A deep dive critique of the design of Neptune, AWS’s managed giraffe database.
Playing around with Cloud9 is on my todo list this year. When I get to it, this is going to be my roadmap.
Despite (or perhaps because!) being the oldest AWS service, SQS still can’t serve as a Lambda trigger. IOpipe solves this admirably.
Instead of a Visual Service Summary, AWSgeek returns with an image of how EC2 hosts have changed over time.
AWSgeek provides a Visual Service Summary of AWS PrivateLink.
A great writeup on using Terraform to manage EMR. I’ve been playing with both of those lately, so this is timely. Ideally I’m not the only one!
Periodic newsletter sponsor Datadog has released survey results about the ECS / Docker / Kubernetes ecosystem. Fascinating read…
A great AWS re:invent 2017 recap. There are many more, but I’m not one to restate the same thing fifteen times.
Choice Cuts From the AWS Blog
Introducing Spread Placement Groups for Amazon EC2 – After only ten short years, you can now make sure that your primary and secondary EC2 nodes aren’t on the same physical host.
Amazon CloudWatch Logs now Supports KMS Encryption – You still should stop spewing confidential information into your logs, but at least they’re encrypted now. And frankly, better in your logs than a poorly configured S3 bucket.
Amazon Compute Service Level Agreement Extended to Amazon ECS and AWS Fargate – Still no SLA in sight for Lambda, but at least Fargate and ECS are now covered by the EC2 guarantee.
Amazon EBS Provisioned IOPS SSD (io1) Volumes now support 32,000 IOPS and 500 MB/s per volume. – io1 volumes get a lot faster, and a heck of a lot more expensive if you’re not judicious here.
Amazon ECS Support for Windows Server Containers is Generally Available – You can apparently run Windows containers in ECS now. I didn’t even know Windows containers were a thing; we’ve all got blind spots.
Amazon Kinesis Data Firehose announces the general availability of Splunk as a destination – This is handy for a number of folks. Now think of what it would be like to explain this blog post title to someone in the year 1995.
Amazon Route 53 Releases Auto Naming API for Service Name Management and Discovery – Microservice name registration in Route53. Meanwhile I’ve never yet seen a shop that didn’t have to jump through convoluted hoops just to get basic EC2 hostnames into DNS.
Announcing AWS Single Sign-On (SSO) – I’d care a lot more about an Amazon SSO offering if it supported U2F as a second factor. Today, Yubikeys (and other U2F devices) aren’t valid second forms of authentication, leaving us to punch in codes manually like ancient farmers.
AWS Free Tier usage alerts automatically notify you when you are forecasted to exceed your AWS service usage limits – Ideally bill shocks are now going to be less of a problem for students and other folks just dipping their toes into the AWS waters for the first time. This is a welcome improvement!
Cloud Inquisitor from Riot Games is a great security auditing tool. Similar to Prowler or Scout2, it assesses your accent for a bunch of painfully annoying default security settings.
AWS has released the code behind their infamous Ops Wheel. It’s a randomizer that biases for options that haven’t come up recently; you can also outright cheat and specify the next result to be generated.
Autoscaling and Route53 finally meet in a chocolate-meets-peanut-butter love story, called auto53.