Good Morning!

And I lived through conference hell–three talks in two business days, all written the day before. I don’t want to do that again, so it’s time to plan ahead: what conferences should I make it a point to attend this year? Hit reply, let me know.

From the Community

I’ve been saying for a while that the Kindle e-reader is the sole example of Amazon building a good user interface: push the button, turn the page. Then one day they broke that by removing the buttons on the devices. Even bypassing that detail, it turns out that when you analyze their interface, their UX is nowhere near as good as I was giving it credit for being.

Oof, a security issue in AWS’s managed Airflow offering got fixed.


Last Week In AWS: A Claude 3 Haiku

Screaming in the Cloud: Networks and Sustainability in Computing with George Porter

Choice Cuts

Amazon DynamoDB now supports AWS PrivateLink – Interesting! Along with S3, DynamoDB is the only service to have a (free) gateway endpoint option, allowing you to bypass the dreaded Managed NAT Gateway charges when running it within a private subnet. This expands its optionality still further…

Amazon WorkMail now supports Audit Logging – I keep forgetting that Amazon has their own hosted email service. Given that it only now in 2024 got audit logging, I’m guessing everyone else forgot too.

AWS announces a 7-day window to return Savings Plans – This is an awesome and welcome change. I wish that it didn’t completely reset at month-end boundaries, that it didn’t cap at $100 (let me try the $1 million an hour $26.2 billion option, you cowards!), and that it applied to RIs as well–but this is a wonderful start.

AWS CodeBuild now supports custom images for AWS Lambda compute – I’m starting to wonder what the value is at all of the CodeBuild managed environments, given how effective it’s become at managing other, less tetchy compute options.

EC2 Mac Dedicated Hosts now provide visibility into supported macOS versions – In an earth-shattering revelation, AWS has finally enabled visibility into what macOS versions are supported on your EC2 Mac dedicated hosts. Seems AWS is finally catching on to the wild concept that users might actually want to know what they’re running, and what can be run on those instances.

Invoke AWS Lambda functions from cross-account Amazon Kinesis Data Streams – Cross-account Lambda invocation has been a pain point for a while; I’ve always just slapped an API Gateway in front of the thing. This is another tool in the arsenal.

Traeger Grills’s Customer Experience team drives customer satisfaction significantly using Amazon QuickSight – Huh, that explains why my meat smoker periodically starts up then demands an unskippable firmware update for half an hour as my mealtime continues to recede further into the future.

Bulk update Amazon DynamoDB tables with AWS Step Functions – I’m super fortunate; every time I’ve had to do a bulk update I simply stop writes to the table, download the thing, make my changes via sed or whatnot, then upload the replacement data. Ah, the joys of dealing with small enough tables that even Excel can work with them…

Simplify cross-account access control with Amazon DynamoDB using resource-based policies – Some folks are upset about this, but I think it’s awesome. You can pretty safely assume that between any two resources on an architecture diagram, some customer will throw an account boundary. Being able to handle migration patterns and other weird corner cases is a good thing. Yes, it’ll empower some poor choices, but I also can’t really see that there’s THAT much harm awaiting here. I know, I know, I’ll someday eat those words.

How to securely provide access to centralized AWS CloudTrail Lake logs across accounts in your organization – Ooh, this is handy. I like CloudTrail Lake, but cross-account viewing of those events is something I’ve not implemented yet–wait. Is this replicating all of your logs to multiple accounts?! Scratch that, it sounds terrible.

How to optimize DNS for dual-stack networks – Yeah, I uh… need to get way better at this. It’s not just DNS though–it’s also things like "security group rules."

Introducing mTLS for Application Load Balancer – I’m a big fan of certificate authentication for blessed devices. I’ve had to work around this in previous roles; glad it finally came to the ALBs.

6 foundational capabilities you need for generative AI – Is one of them "running your mouth while the competition mops the floor with your offerings?" Because if so, AWS has that one on lock.

It’s time to evolve IT procurement – "Here’s how to give money to us faster." This post reeks of corporate frustration with customers being slowed down in their consumption of AWS services all william-nilliam.

AWS and NVIDIA extend their collaboration to advance generative AI – NVIDIA has a bunch of customer statements that frankly read like hostage video transcripts. I get it; they’re the kingmakers at the moment, and if you want GPU allocation you’re gonna have to genuflect way harder than that.


If you’re trying to figure out just what’s talking to what in your Kubernetes cluster, k8spacket seems a good place to start.

… and that’s what happened Last Week in AWS.

Newsletter Footer

Sign up for Last Week in AWS

Stay up to date on the latest AWS news, opinions, and tools, all lovingly sprinkled with a bit of snark.

"*" indicates required fields

This field is for validation purposes and should be left unchanged.
Sponsor Icon Footer

Sponsor a Newsletter Issue

Reach over 30,000 discerning engineers, managers, and enthusiasts who actually care about the state of Amazon’s cloud ecosystems.