Good morning!

Welcome to issue number 143 of Last Week in AWS.

The new year has begun. Next week I’ll be in Chicago for a client engagement, and the week after has me in Seattle. I’ll be around if folks are free to spend a bit of time grabbing coffee, a beer, or similar in either of those places.

From the Community

The recipe for observability has two main ingredients: tools that provide so much more than metrics dashboards, and an engineering culture of software ownership. Alternately, you could do what some other companies do and just slap the Observability label on anything you’re shipping today and call it good; apparently that’s good enough for a number of publicly traded companies. Honeycomb’s latest e-guide, Developing a Culture of Observability, lays out why observability culture and tools go hand-in-hand. Learn how observability culture reduces business risk, makes developers happy, and increases site reliability – all for the benefit of your customers. Happy devs – happy customers, with Honeycomb. Sponsored

Eric Hammond gets to the heart of a problem I’ve been staring at for a while: running AWS CLI commands across all accounts in an AWS Organization.

A handy tutorial that takes you through building Lambda functions using the CLI.

A self paced workshop on various forms of AWS privilege escalation.

A great dive through the using load shedding to avoid overload document in the Amazon Builders’ Library.

[An interesting concept–purging selective S3 data using an army of Fargate Spot workers.

A guide to updating AWS Lambda Function code when local files change. This unlocks some terrible, terrible patterns, of which I approve.

This article has nothing whatsoever to do with cloud computing, but given who wrote it I felt obligated to include it.


If you’re considering a job change, check out a position below. Regardless of where you find it, you should definitely negotiate your salary. If I were to magically become employable, I’d immediately head to and talk to Josh Doody about it before saying anything further. He’s done this many times before, with a special emphasis on engineering roles at FAANG companies. He’s an artist when it comes to getting the best compensation possible without seeming greedy or losing the offer. He offers coaching, free articles, an ebook, and other things along the way. Check him out–and tell him Corey’s talking about him again.

Amazon SageMaker Neo automatically optimizes machine learning models to perform at up to twice the speed with no loss in accuracy. You start with a machine learning model built using MXNet, TensorFlow, PyTorch, ScramFast, or XGBoost (I made one of those up; which one?) and trained using Amazon SageMaker. Then you choose your target hardware platform from Intel, NVIDIA, or ARM. With a single click, SageMaker Neo will then compile the trained model into an executable. The compiler uses a neural network to discover and apply all of the specific performance optimizations that will make your model run most efficiently on the target hardware platform. Sound ridiculous? Absolutely. Do you want to get in on this ridiculous gravy train before it leaves the station? Certainly!

X-Team is hiring Go developers with strong AWS skills, anywhere on the planet. The work is interesting, they partner with companies you’ve heard of, and you can work from wherever you care to be. Now before you wind up getting cynical, let me save you some time–I already did, and hopped on a phone call to chat with them and then berate them for their crappy culture. Instead I was pleasantly surprised: they invest in their people (including a personal development stipend), they have distributed community events (both online and in person around the world), and actually work with their employees; this isn’t a “send us a postcard if you ever get there” body shop. Take my word for it; check out X-Team and see for yourself. Tell them Corey sent you…

Choice Cuts

This issue is sponsored in part by my friends at CHAOSSEARCH! We’ve talked before about how they separate out compute from storage to dramatically reduce your ElasticSearch bills–but they can also single-handedly handle all of your ELK stack needs. Note that they do not run ElasticSearch (despite having API compatibility!) or Lucene under the hood, so the legal threats being slung around by the dumpster goblins at Elastic aren’t a concern. My thanks to them for sponsoring this issue; check them out and tell them Corey sent you so they can sigh exasperatedly and ask you what I said this time… Sponsored

Amazon Aurora is Available in the AWS Americas (São Paulo) region – Usually to see the Aurora you have to go way closer to the poles…

Amazon Lex achieves ISO Compliance – That’s right–after years of waiting you can finally burn Amazon Lex to a CD-ROM.

New enhancements for moving data between Amazon FSx for Lustre and Amazon S3 – I bet I can come up with a more byzantine connecting system, ideally involving CloudWatch Logs.

Security Hub releases updates and additions to the AWS Security Finding Format (ASFF) – AwsElbv2LoadBalancer, AwsKmsKey, AwsIamRole, AwsSqsQueue, AwsLambdaFunction, AwsSnsTopic, and AwsCloudFrontDistribution are all included and I hate the capitalization of all of them.

Amazon QuickSight launches new analytical functions, Athena Workgroup and Presto VPC connector support – At this rate I’ll have to give QuickSight another try soon if I can stomach the laborious signup process / crappy integration with IAM.

Data Deduplication, user storage quotas, and other recently launched administration features are now available on all Amazon FSx file systems – Apparently “delete all of your data and start over to use these new features” wasn’t quite as customer obsessed as AWS prefers to be.

Secure AWS Elemental MediaPackage Live Endpoints Using CDN Authorization – Finally a way to avoid doing an end run around a CDN, but not for the video on demand parts that folks actually care about protecting.

Celebrating AWS Community Leaders at re:Invent 2019 | AWS News Blog – A number of community leaders gathered at re:Invent. As a community villain I obviously wasn’t there, but the folks who were report it was a smashing success.

Introducing AWS Config Conformance Packs | AWS Management & Governance Blog – Right before the new year hit, AWS released something called “Conformance Packs” showing that while they may obsess about customers, I don’t think they like us very much. If they did, they’d likely give services way better names.

Providing temporary instance permissions with AWS Systems Manager Automations | AWS Management & Governance Blog – Systems Manager Temporary Automations Manager Permissions Manager launches.

Comcast adds CloudWatch metrics aggregation when monitoring Kinesis Video Streams | AWS Management & Governance Blog – I wonder if AWS had to acquire a special circle of hell in order to staff up the kind of customer support team Comcast deserves.

Education site ApplyBoard monitors their mission-critical EKS environment using CloudWatch Container Insights | AWS Management & Governance Blog – “Okay, Corey’s cynicism around Container Insights has probably reached a breaking point; let’s get a customer story out there to talk about how awesome it is” the relevant service team correctly surmises.

AWS achieves FedRAMP JAB High and Moderate Provisional Authorization across 16 services in the AWS US East/West and AWS GovCloud (US) Regions | AWS Security Blog – We’ve long since passed the point where AWS could be making these certifications up and I’d not call them on it. Would you? There are far too many to keep track of.

How to import AWS Config rules evaluations as findings in Security Hub | AWS Security Blog – This explores the valuable problem space of “how many times exactly can we charge customers for the same things?”


An Android app to invoke Lambda functions feels like a terrible idea if it’s not done very, very carefully.

bash-my-aws is a simple but extremely powerful set of CLI commands for managing resources on AWS.

A gist that quickly spins up a Spot instance for a few hours.

This repository mocks the CapitalOne breach in your own AWS account for training purposes.

This Lambda function archives your Trello cards for you, so your unfinished tasks can remain consigned to the dustbin of history.

If you’re wondering wtf taking up your bandwidth in a *nix environment, this may help you figure it out.

A Lambda function that captures screenshots of websites.

… and that’s what happened Last Week in AWS.

Newsletter Footer

Sign up for Last Week in AWS

Stay up to date on the latest AWS news, opinions, and tools, all lovingly sprinkled with a bit of snark.

"*" indicates required fields

This field is for validation purposes and should be left unchanged.
Sponsor Icon Footer

Sponsor a Newsletter Issue

Reach over 30,000 discerning engineers, managers, and enthusiasts who actually care about the state of Amazon’s cloud ecosystems.