Good Morning!

Happy Thanksgiving Week. I’m all set for reQuinnvent; we have a couple of last minute sponsor openings available, but we’re on: I’ll see you from Las Vegas all next week. If you’re in town, I’m holding a 1PM Nature Walk through the partner expo; you’re welcome to attend!

And now, the services litany of what’s been released that didn’t make the keynote next week…

From the Community

This issue is sponsored in part by my friends at ChaosSearch! As you know, running log analysis with Elasticsearch at scale can be unstable, relentlessly time-sucking and surprisingly expensive. Now try ChaosSearch – a fully managed log analytics platform that delivers the Elasticsearch API you love, with built-in Kibana, but with No ElasticSearch under the hood! ChaosSearch activates your Amazon S3 as a true data lake, for analytics at scale, with no data movement, no data retention limits and savings of up to 80% vs an ELK Stack. In fact with ChaosSearch, you can start with 3 easy steps: Store, Connect & Analyze. So start experiencing insights at scale from ALL of your data (and tell them I sent you)! Sponsored

Do not use AWS CloudFormation is from September but it’s worth circulating again.

Someone wrote this Amazon Cognito tutorial with examples just in time for AWS to launch a completely new Cognito console because of course they did.

Apparently AWS Global Accelerator has gone from “unimpressive” to “awesome” while I wasn’t paying attention.

First I wrote The Unfulfilled Promise of Serverless. Then Jeremy Daly responded with The Unfulfilled Potential of Serverless. Now Mark Nunnikhoven plays peacemaker with The Infinite Loop of Lost Potential. Got all that? Good! Both Jeremy and Mark are incredibly sharp folks who are well worth paying attention to.

It would seem that my CEO Mike Julian has accepted my re:Quinnvent Justification Letter, so I will see you all at re:Invent next week.

A flowchart that dives into a real answer to the perennial question: How should I run containers on AWS?


If you’ve got an interesting job for this newsletter’s eminently employable subscribers, get in touch!

We’re hiring a Senior Cloud Economist! If you’ve got software development, software operations, or DevOps in your blood, you’ll love this role – it’s all the architecture discussions without the on-call. You’ll spend your days consulting with clients to help them better understand and manage their horrifying AWS bill. Plus, it’s fully remote!

AWS is the #1 place for you to run containers and 80% of all containers in the cloud run on AWS. Customers such as Samsung, Expedia, GoDaddy, and Snap choose to run their containers on AWS because of our security, reliability, and scalability. AWS container services are deeply integrated with AWS by design. This allows your container applications to leverage the breadth and depth of the AWS cloud from networking, security, to monitoring.

Truss is a distributed-first, software consultancy that cares about communication, inclusivity, and modern software development practices. We push the envelope on building efficient technology that improves people’s lives. Currently, we’re seeking stellar Infrastructure Engineers and Sr. Infrastructure Engineers to help us with commercial and government contracts.

As a Site Reliability Engineer (SRE) you will be working on the Sendcloud platform. That platform is used by our software development teams to build, test, deploy and run software themselves. Currently, we have 9 development teams and we will grow to 20 next year.The platform consists of a cloud infrastructure on AWS, the application platform on top of that (e.g. observability solutions) and the building blocks (e.g. CI templates). As a part of the SRE team your goal is to make the product development teams fully independent with a self-service, scalable platform. You will co-work with the Backend Engineers from development teams, making sure they know how to use the platform, and taking their feedback into account for further improvements.

Choice Cuts

What does micro-managing your AWS infrastructure and putting on pants for your next Zoom meeting have in common? Nobody wants to do either. That’s why we built 🌩️ AutoCloud 🌩️, the tool that makes it easy to maintain visibility into security, compliance, and drift with automated technical documentation, interactive 3D visualizations, and a universal GraphQL API. View your first environment in under 5 minutes. Sponsored

These days, everyone’s worried about saving the environment. And they should be. But the folks at Quali have figured out how to save the environment. That’s right. Their Torque platform can spin up application-centric environments in minutes, help manage cloud costs, and accelerate application delivery. Visit for a free trial and learn how you, too, can save your environments. Sponsored

Amazon AppStream 2.0 Introduces Linux Application Streaming – This is huge news for both of the popular Linux apps. Please don’t ask me what they are, nobody seems to have any idea.

Observe SAP HANA databases with Amazon CloudWatch Application Insights – “Holy balls is that thing ever expensive!” Amazon CloudWatch Application Insights helpfully points out.

Amazon Cognito launches new console experience for user pools – I adore this release if for no other reason than it starts with “Tell me about your business case.” That’s exactly the missing ethos from virtually every AWS service to date. “What are you trying to achieve” is the great unasked question.

Amazon Monitron launches Web App – First they launched mobile apps for iOS and Android. Now they’re launching a web app. Someday they’ll launch a marketing page that tells us what Monitron is for and how it works, and finally there’ll be a launch announcement on a re:Invent stage. I’m super glad to see that Benjamin Button has found work as an AWS product owner.

Amazon Pinpoint now supports Safari push notifications – I took an informal Twitter survey about who enables browser notifications from websites. The only use case appears to be for Google Calendar. I hate to be the one to tell you this, Pinpoint team: I’m predicting some challenges in winning Google over as a customer.

Amazon Redshift simplifies the use of other AWS services by introducing the default IAM role – It turns out that when 3/4 of the time customers spend wrestling with your product is spent on “getting the IAM permissions right,” they don’t come away saying it was a great experience. This should help with that.

Amazon Rekognition reduces pricing of all Image APIs by up to 38% – AWS’s premier service for laundering your pre-existing biases is now less expensive. Go forth and build things that are both terrifying and deeply problematic.

Amazon S3 on Outposts now delivers strong consistency automatically for all applications – This is a big deal. No, not the fact that it offers this – the fact that until now it offered a different consistency guarantee than S3 in AWS regions did. That’s kinda scary.

Amazon SNS now supports publishing batches of up to 10 messages in a single API request – If you can sustain the volume / tolerate the delays within your application, this effectively means that your SNS bill can get a 90% price reduction.

AWS announces the launch of AWS AppConfig Feature Flags in preview – I’m going to have to redo my LaunchDarkly video review of AppConfig, aren’t I…

Announcing general availability of AWS Elastic Disaster Recovery – It’s funny; “Elastic Disaster Recovery” is what we call the cloud repatriations that AWS swears don’t happen.

AWS Identity and Access Management now makes it more efficient to troubleshoot access denied errors in AWS – “Nope, that’s wrong and I won’t tell you why” is an IAM error pattern that I could not be happier to see die.

AWS Marketplace launches upfront contract pricing for Amazon Machine Images (AMI) and Container products – It’s never been easier to funnel several times your annual salary to a third party with a couple of clicks in the AWS console. Usually that’s been reserved for AWS itself.

AWS Snow Family now supports external NTP server configuration – Wait. You’re telling me that before this release the Snow(cone|ball|mobile) devices all determined the time is “whatever they say it is?” Oh my god.

Bottlerocket is now available in AWS GovCloud (US) Regions – “Bottlerocket is an open source project, NOT an AWS service” is kinda hard to square with this announcement.

The dashboard feature is now generally available in AWS Audit Manager – Dashboards are all well and good, but the service is doomed without a big friendly button labeled “export reports to Microsoft Excel.”

Unified Search in the AWS Management Console now includes blogs, knowledge articles, events, and tutorials – And oh so very many ads, which is the realistic term for “things in the AWS Marketplace.”

Meet the latest AWS Heroes – November 2021 – Hearty congratulations to the latest batch of folks who are from a certain point of view unpaid AWS developer advocates.

Accelo uses Amazon QuickSight to accelerate time to value in delivering embedded analytics to professional services businesses – This is what we call a “hot lead” for the Tableau sales team.

Catalog and analyze Application Load Balancer logs more efficiently with AWS Glue custom classifiers and Amazon Athena – “Our logs are inscrutable and incredibly annoying to work with, what should we do?” was answered with “use it to cross-sell other services.”

Setting up EC2 Mac instances as shared remote development environments – The licensing requirements for macOS mean that you get billed for 24 hour minimums per instance, and they aren’t at all cheap. AWS’s solution is to turn them into basically mainframe timesharing systems. I’m sympathetic; this is Apple’s issue to solve, AWS is forced to play by their rules.

Amazon Aurora MySQL 3 with MySQL 8.0 compatibility is now generally available – Version 3 with version 8.0 is surprisingly one of the less confusing things about Amazon Aurora.

How Statsig runs 100x more cost-effectively using Amazon ElastiCache for Redis – Whenever someone says they’ve improved something by 100x, the naive answer is “wow, that’s great!” The slightly more experienced and cynical answer is “wait, what the hell were you doing before?”

.NET 6 on AWS – You’d really think that the director would have said all they needed to say in the first five .NETs…

Simplify configuration and increase video quality with new automatic encoder modes from AWS – At what point is AWS going to bite the bullet and just smother Amazon Elastic Transcoder to death in its sleep with a pillow?

The 2021 Streaming Media Readers’ Choice Award Winners – Reader, I am as puzzled as you are. It seems that this is a neutral third party that’s well respected, that AWS did not sponsor, and a fair contest in which AWS’s video services came out as winners?

Extending your Control Tower Network security with AWS Route 53 DNS Firewall – Oh, I see how it is. I get laughed at for saying Route 53 is a database, but you all are going to give AWS a pass for saying it’s a network firewall?

How Projects Can be Tracked on AWS to Increase Accountability and Reduce Cost – “This one company implemented a solution that improved tagging coverage via nagging people to death.” There is no dashboard metric for how many engineers and PMs quit to work elsewhere during the course of this rollout.

Monitor Private VPC Endpoint Health in Hybrid DNS Environments Using CloudWatch Synthetics – AWS is so unused to having something with a good name that the entire first paragraph of this blog post is devoted purely to praising the term “Canary” for some of their synthetics.

Share your Amazon CloudWatch Dashboards with anyone using AWS Single Sign-On – That’s not “anyone,” that’s “anyone with an account in your identity pool.” For actual exposure of your dashboards to literally anyone with an internet connection the best practice is to use Azure services instead.

Dive deep into sustainability with the re:Invent sustainability attendee guide – Sadly, this is not about how to attend re:Invent sustainably. That guide would probably include “helpful” tips like “shower with a buddy to save water” or “AWS employees should not fly to attend re:Invent and are expected to hitchhike there instead.”


Observability is critical for managing and improving complex business-critical systems. With observability, any software engineering team can gain a deeper understanding of system performance, so you can perform ongoing maintenance and ship the features your customers need. Preview Honeycomb’s upcoming O’Reilly book to understand the value of observable systems and how to build an observability-driven development practice. Sponsored

Using a Yubikey and not having IAM users is wild to me. Please don’t blame me if this explodes.

… and that’s what happened Last Week in AWS.

Newsletter Footer

Sign up for Last Week in AWS

Stay up to date on the latest AWS news, opinions, and tools, all lovingly sprinkled with a bit of snark.

"*" indicates required fields

This field is for validation purposes and should be left unchanged.
Sponsor Icon Footer

Sponsor a Newsletter Issue

Reach over 30,000 discerning engineers, managers, and enthusiasts who actually care about the state of Amazon’s cloud ecosystems.