Good Morning!

It’s here at last: the annual Last Week in AWS Charity T-Shirt drive. This year’s design is appropriately titled “AWS Status Page” and is now on sale for one week only. All proceeds benefit the good work that the folks at 826 National are doing. You’ll get another email on this with more details in a few hours; there’s oh so much more to come this week.

From the Community

Observability is critical for managing and improving complex business-critical systems. With observability, any software engineering team can gain a deeper understanding of system performance, so you can perform ongoing maintenance and ship the features your customers need. Preview Honeycomb’s upcoming O’Reilly book to understand the value of observable systems and how to build an observability-driven development practice. Sponsored

I encountered a mostly Complete History of AWS Outages, which may be useful for others as well.

I know this isn’t a networking newsletter; read Should You Build or Buy a Router? anyway. Consider the trade-offs of what your time is worth building something vs. paying for that thing from a provider.

A post entitled Do not use AWS CloudFormation is absolutely going to catch my eye. I can’t say as I disagree with it either. I should really do a crash course on Terraform…

A list of Hands-On Learning Resources to Master Containers, Kubernetes, and Clouds is super useful for those of us who learn best by doing.

I’m not here to beat up on Facebook for their technical failures, since I much prefer to dunk on them for their moral failures instead. That said, Mark Nunnikhoven has a great takeaway in the form of Lessons in Designing Blast Radius The Hard Way from last week’s outage.

In citing my post about the next million cloud customers, I think that Matt Quirion made my point more eloquently than I did.

A shorter form of How to Cleanup AWS CloudFormation Stacks Efficiently would be “report your account as fraudulent so it gets turned off for you,” but the article is probably the better approach.

I missed this piece on a better way to exploit AWS corner cases of billing to stream video for free.

A dive into How AWS Lambda Runs Your Code. “Reluctantly at best” in the case of my own code I suspect…

The Compelling Economics of Cloudflare R2 remain just that: compelling.

What is Block Storage? A Definition and Overview is a guest post that’s up on my blog this week.

It appears that the general consensus on Graviton2 powered Lambda functions for video encoding is a resounding “meh.”

A post on how Cloudflare is arguably Eating the Cloud from Outside In.


If you’ve got an interesting job for this newsletter’s eminently employable subscribers, get in touch!

The Duckbill Group (that’s me!) is hiring a Head of Consulting Services to join the team. We’re looking for someone skilled in managing and leading people, as well as in building and optimizing delivery processes. As a member of the leadership team in a nine-person company, you contributions will be instrumental to our continued growth and success. AWS expertise isn’t required, but it’s certainly a bonus. If you’re interested in a role that’s fully-remote, has big impact, and you want off the VC rollercoaster, come check us out.

Q: What is Amazon GuardDuty?

Amazon GuardDuty offers threat detection that enables you to continuously monitor and protect your AWS accounts, workloads, and data stored in Amazon S3. GuardDuty analyzes continuous streams of meta-data generated from your account and network activity found in AWS CloudTrail Events, Amazon VPC Flow Logs, and DNS Logs. It also uses integrated threat intelligence such as known malicious IP addresses, anomaly detection, and machine learning to identify threats more accurately. #### Q: What are the key benefits of Amazon GuardDuty?Amazon GuardDuty makes it easy for you to enable continuous monitoring of your AWS accounts, workloads, and data stored in Amazon S3. It operates completely independently from your resources so there is no risk of performance or availability impacts to your workloads. It’s fully managed with integrated threat intelligence, anomaly detection, and machine learning. Amazon GuardDuty delivers detailed and actionable alerts that are easy to integrate with existing event management and workflow systems. There are no upfront costs and you pay only for the events analyzed, with no additional software to deploy or subscriptions to threat intelligence feeds required.

Choice Cuts

Amazon Braket offers D-Wave’s Advantage 4.1 system for quantum annealing – Read this headline out loud, Kubernetes evangelists. This. This is exactly what you sound like when you talk about service meesh.

Amazon Chime SDK media capture pipelines adds the ability to configure APIs for customizable media capture – This has potential. “Capture the video or audio tracks, then throw them into an S3 bucket” is basically how I record podcasts, only I pay a company that would build it out of something like this because I don’t want to maintain things myself.

Amazon CodeGuru announces Security detectors for Python applications and security analysis powered by Bandit – I always thought “AWS Bandit” was the codename for the Managed NAT Gateway…

Amazon Kendra launches support for 34 additional languages – 🎶Where can you search Finnish? Only in Kendra! Come to Kendra, we search Finnish… 🎵

Amazon QuickSight adds support for Pixel-Perfect dashboards – I’m sorry, WHAT? AWS should start with “Pixel-Good” or “Pixel-Sufficient” or “within two bus connections and a lengthy train ride of Pixel-Acceptable” before aiming this high…

Introducing Amazon Workspaces Cost Optimizer v2.4 – So far you’ve launched 2.4 attempts at working around a billing quick-fix of “cap the hourly usage fee per month per workspace at the monthly flat-rate fee” and still not gotten there.

AWS Backup Audit Manager now supports AWS CloudFormation – So let me get this straight, the “automate your backups and the validation thereof because you suck at doing it manually” service had to be implemented manually until now?

AWS Backup Audit Manager adds compliance reports – I’m apparently the naive fool who thought that this was the entire purpose of the service. Oops.

AWS Partner Engagement Principles Guide How We Collaborate with Partners Every Day – You know that the first draft of this had the word “Compete” instead of “Collaborate.” These principles are all well and good, but I have anecdata for violations of all four of them. Good to see the effort being made, but the proof is in the pudding.

VMware Cloud on AWS Outposts Brings VMware SDDC as a Fully Managed Service on Premises – So VMware Cloud can now run on top of hardware from AWS that sits in your data center. I’m very confused about why anyone would want this unless that person receives a commission on your purchase of this whole boondoggle.

Automate your Amazon Redshift performance tuning with automatic table optimization – For an expensive managed service, this thing sure does have an awful lot of dials and knobs I apparently have to tune myself…

Using Okta as an identity provider with Amazon MWAA – What, instead of AWS SSO, AWS IAM, AWS root account credentials, HoneyCode accounts, Cognito, AWS forum accounts, or no doubt the 40 or so I’m missing?

Creating container images with Cloud Native Buildpacks using AWS CodeBuild and AWS CodePipeline – This feels like it’s on the cusp of becoming, yes you’ve guessed it, another way to run containers on AWS.

Align with best practices while creating infrastructure using CDK Aspects – Slow down there, hasty pudding; in most production environments using the CDK has yet to be established or tested as a best practice.

Building an InnerSource ecosystem using AWS DevOps tools – Increasingly a lot of these blog posts are skipping the formalities and just putting the sales pitch right there in the headline.

Build a system for catching adverse events in real-time using Amazon SageMaker and Amazon QuickSight – This is exactly what I want from the AWS billing system – EXACTLY! I want it to alert me in real-time if it detects an adverse event, like the use of Amazon SageMaker and Amazon QuickSight in my account.

Create a cross-account machine learning training and deployment environment with AWS Code Pipeline – I’ll tolerate Machine Learning® services if they serve as the wedge by which we get better cross-account AWS service capability.

Detect defects in automotive parts with Amazon Lookout for Vision and Amazon SageMaker – This beats the Tesla approach of shipping things that fall apart, then their owners publicly defend the company for it. Please do not email me about this paragraph.

Simplifying Kubernetes configurations using AWS Lambda – I’m unconvinced that Lambda functions have ever once made anything simpler, much less Kubernetes of all godforsaken things.


Think the data lake is dead? Well, think again – because with the ChaosSearch Data Lake Platform – the data lake is back! And now, courtesy of ChaosSearch, get complimentary access to the new 2021 Gartner Hype Cycle™ for Data Management. This new Gartner report assesses more than 30 different categories of data management technologies — including data lakes, multi-model DBMS, logical data warehouses, and more! Get your copy of this new Gartner report to learn: The top data management technologies in use today; which vendors offer solutions for each category of data management tech, and more! Take it from me, Corey Quinn, or take it from the growing list of ChaosSearch customers like Klarna, Blackboard, Equifax, Armor and more… the data lake is back. Sponsored

Imagine a world where you have the flexibility to welcome any change – any cloud —and take advantage of its opportunities. VMware can help make this world a reality. Find out how with VMware multi-cloud solutions that provide the choice, speed, and control you need to tackle any challenge and power every application across the data center, edge, and any cloud. Sponsored

Disney Streaming has an Automated Cloud Advisor up on GitHub that’s another take on CloudCustodian. You’d really think they’d include a fun Disney drawing or two, but not so much.

A tool that does a lot of work to combine policies is artfully named wonk.

A CLI tool to shove CloudFormation or SAM or CDK stacks into either visjs networks or to make diagrams.

… and that’s what happened Last Week in AWS.

Newsletter Footer

Sign up for Last Week in AWS

Stay up to date on the latest AWS news, opinions, and tools, all lovingly sprinkled with a bit of snark.

"*" indicates required fields

This field is for validation purposes and should be left unchanged.
Sponsor Icon Footer

Sponsor a Newsletter Issue

Reach over 30,000 discerning engineers, managers, and enthusiasts who actually care about the state of Amazon’s cloud ecosystems.