Welcome to issue number 121 of Last Week in AWS.

I had two posts on the Last Week in AWS blog that are probably worth checking out. First, I wrote about CapitalOne’s CapitalTwo Day, and missed the obvious joke that I’ve now used in this issue’s title.

More recently and far less reported upon, AWS filed suit against a former employee–for taking a job with Google. This isn’t okay, and compelled me to tell my own relevant story about Why I Turned Down an AWS Job Offer. I expect more from Amazon; maybe I’m expecting too much.

Lastly, I’m speaking in Mountain View next Monday to give a new talk: Requiem for a Google: the Future We Lost. It’s going to be exactly what you think it will. Come join me!

From the Community

Not everyone’s environment is a born-in-the-cloud startup that sprang fully formed into the world a year ago. Some of us have on-premises data centers, which give rise to hybrid cloud environments. How do you monitor those? Consider NetApp’s Cloud Insights to grant insight into all of your infrastructure—not just the parts that live in a public cloud somewhere. Thanks to NetApp for their support of this newsletter. (SPONSORED)

A nuanced critique with a clickbaity title, How I Make Jeff Richer covers the challenged position open source finds itself in this decade.

“Cloud has picked a winner; now they’re enforcing it” is a bold statement. What’s it about? In this case, object stores.

A discussion of Chaos Engineering with Lambda by using Layers to break your functions intentionally.

Ben Kehoe talks about some of the self-awareness problems with CloudFormation culturally.

Code Terrorist Ian McKay writes about a great security loophole he exploited and reported to AWS in S3 Bucket Namesquatting – Abusing predictable S3 bucket names.

The OpenSource.com blog did a writeup about my contentious argument that the cloud is a scam.

If you’re in San Francisco, next week is Security Week, a way more boring version of Shark Week. I’ll be closing it out by hosting a game show on Thursday called “Whose Role is It Anyway,” the game where the points are made up but the answers absolutely matter. This will likely fill up; register sooner rather than later.

Another whodunnit murder mystery from SigOpt, the Case of the Mysterious AWS ELB 504 Errors.

A deep dive from Stripe into investigating complex networks in the context of my favorite database, Route53. DNS is always challenging.

An older post that CapitalOne should have taken the time to read, but clearly didn’t.

Duckbill Group customer Honeycomb talks about the intersection of durability, cost optimization, and Terraform Enterprise, in Treading in Haunted Graveyards.

AWS is rumored to be tendering for what looks a lot like an AWS region in Israel.

The best comment I’ve seen so far on the stalling of the JEDI contract comes from the Terrible Orange Website: “I’m not the biggest fan of AWS, but I feel like giving $10B to Oracle or IBM, well, you might as well just burn the money.”

The Wall Street Journal (paywall warning) reveals that the Federal Reserve sent investigators to a us-east-1 site in an early indication that they view the cloud as “critical financial infrastructure.” Well, yes; if AWS permanently and suddenly loses a region, a global recession is probably a best-case scenario.


If you’ve got an interesting job for this newsletter’s eminently employable subscribers, get in touch!

If you want to search for useful information in a mountain of data, you’d probably at least consider using ElasticSearch. If you’re searching for a challenging role, consider the Amazon Elasticsearch team. With challenging roles across most busines domains, they’re likely to have something that fits whatever it is you’re searching for.

X-Team is hiring for a fully remote team, anywhere on the planet. The work is interesting, they partner with companies you’ve heard of, and you can work from wherever you care to be. Now before you wind up getting cynical, let me save you some time–I already did, and hopped on a phone call to chat with them and then berate them for their crappy culture. Instead I was pleasantly surprised: they invest in their people (including a personal development stipend), they have distributed community events (both online and in person around the world), and actually work with their employees; this isn’t a “send us a postcard if you ever get there” body shop. They’re looking for folks with AWS skills, as well as a wide variety of other technical abilities; this is legit. Take my word for it; join X-Team and see for yourself. Tell them Corey sent you…

Do you want to work in the Bay Area? Almost certainly not; the people are insufferable here. Consider instead staying wherever the hell in the US you happen to be and talking to Truss, a software consultancy. Picture all of the advice that I’d give you, and now envision that wrapped in something you could tell a customer without getting punched right in your sarcastic mouth. That’s what Truss does, but they for some unknown reason don’t describe it that way. Currently, they are seeking Senior Software Engineers anywhere in the US (yes, even the crappy parts) to help them with commercial and government contracts. Seriously, read this thing–they tell you what levels they’re looking to hire at AND THEN THEY EXPLAIN THEM SO YOU DON’T FEEL LIKE A MORON FOR NOT KNOWING THEIR INTERNAL RUBRIC! Virtually any other hiring manager who happens to be reading this should look at their job descriptions and feel comparatively ashamed.

Choice Cuts

Ever wondered why your CEO doesn’t give a toss about technical debt? The folks at Raygun set out to learn why, interviewing the executive leadership at Xero, Pushpay, and Vend to find out what’s really going on and how they think about engineering effort and software quality. (SPONSORED)

Amazon EC2 Hibernation Now Available on Ubuntu 18.04 LTS – But not, apparently, Amazon Linux 2.

Amazon EC2 On-Demand Capacity Reservations Can Now Be Shared Across Multiple AWS Accounts – This is super handy for large orgs trying to drive forward a multiple account strategy, but want to be able to intelligently do capacity planning at the same time.

Amazon FSx Now Supports Windows Shadow Copies for Restoring Files to Previous Versions – This is a great feature; NetApp has offered something like this for a decade and change, but nobody else ever seems to have caught on. I’m assuming patent encumbrance?

Amazon Polly Launches Neural Text-to-Speech and Newscaster Voices – No, AWS is finally coming after my Radio Voice and attempting to out-compete me!

Amazon Sumerian Now Supports Physically-Based Rendering (PBR) – Hosts now come to life and hit you so hard candy comes out.

Amplify Framework Adds Predictions Category – That’s funny, because I predict that Amplify is going to just go all in and become AWS For Javascript soon.

Announcing the new AWS Middle East (Bahrain) Region – Welcome to me-south-1, which I’m assuming is the new AWS region based where I grew up in Southern Maine.

AWS IoT Events now supports AWS CloudFormation – Only two months after it went GA, or “about as long as CloudFormation takes to roll back from a failed update.”

EBS default volume type updated to GP2 – As opposed to what?! WHAT YEAR IS IT?!

Amazon QuickSight adds support for custom colors, embedding for all user types and new regions! – “Maybe it’s because we didn’t let folks skin it in the proper shade of cornflower blue” shrieks a QuickSight product manager as they hurl all manner of spaghetti at the wall in the hopes of finding something, anything that sticks.

AWS CloudFormation now supports higher StackSets limits – Another default limit you’ll ignore until you smack into it has been changed.

Lambda@Edge Adds Support for Python 3.7 – I’ve never been a huge fan of running dynamic code against web requests simply to inject static headers, but now I can’t object to it solely on the grounds of “Javascript is terrible.”

Announcing PartiQL: One query language for all your data | AWS Open Source Blog – Let a thousand mispronunciations of PartiQL bloom. The correct one is of course “particular.”

Introducing the “Preparing for the California Consumer Privacy Act” whitepaper | AWS Security Blog – Also known as “oh crap, GDPR-lite is coming to America!”

Somehow the CloudFormation team launched a roadmap and didn’t formally put a blog post up about it. Congratulations to the CloudFormation team for continuing to be misunderstood for long periods of time. I further point out that this lives in GitHub, a competitor’s property.


If hitting your local metadata endpoint via HTTP is too much work for you, you can either use the EC2 Instance Metadata Query Tool, or else just wait until an attacker does it for you, CapitalOne.

This dropped a while ago; retro-tag lets you retroactively tag AWS resources to figure out who created them.

This seems a good week to dump a bunch of AWS pentesting tools on you.

Lyft has had a metadata proxy for years that gives out scoped IAM credentials; you can too. It’s called metadataproxy.

… and that’s what happened Last Week in AWS.

Newsletter Footer

Sign up for Last Week in AWS

Stay up to date on the latest AWS news, opinions, and tools, all lovingly sprinkled with a bit of snark.

"*" indicates required fields

This field is for validation purposes and should be left unchanged.
Sponsor Icon Footer

Sponsor a Newsletter Issue

Reach over 30,000 discerning engineers, managers, and enthusiasts who actually care about the state of Amazon’s cloud ecosystems.