Good Morning!

Another week has come and gone, thankfully. I’ll be aiming to be at the Chicago and Anaheim summits later this month, so if you’ll be there keep an eye out for drink-up announcements as I turn my travel schedule into a reason to socialize.

From the Community

O’Reilly Book on Observability Engineering — Get Yours Free from Honeycomb!
Manage complex cloud-native systems, improve customer experiences, and build & run better software using Honeycomb. Get your FREE copy of our new O’Reilly book and register for our Authors’ Cut Series to discuss key concepts.

A neat discussion into the world of the often unseen humans who run cloud data centers.

I like the idea of Certbot as an init container for AWS ECS, though I’d probably just use ACM for all of my certificate needs.

The results of the 2022 CDK Community Survey are in. I don’t view consumers not contributing to the project to be a bug; that feels like a feature to me?

A dive into the practical application and use of Calling AWS from Your On-Premises with IAM Roles Anywhere.

This article on The Rise of Observability (o11y) is accurate to my understanding of the history of the space.

This article on How to Solve AWS EFS “Operation Not Permitted” Errors in EKS comes, surprisingly enough, from an old boss of mine.

When reached for comment about Amazon’s PR and policy chief Jay Carney leaving to join Airbnb, neither company would go on the record about literally anything.

I was cited in Protocol for being concerned about Amazon’s proposed acquisition of One Medical. I’m apparently very far from the only person who’s unhappy with the proposed acquisition.


Product Security at DigitalOcean helps solve large challenges while reducing the burden of security on dev teams, whether they’re building serverless function isolation or customer IAM. They believe security should make safe development easy. They’re looking for Senior Product Security Engineers who can collaborate with internal developers to design secure architecture and construct secure-by-default guardrails that empower engineers to make informed security decisions.


Last Week In AWS: Never Gonna Shut Me Up

Last Week In AWS: New Cloudscape Cloudscrapes

Last Week In AWS: The Mental Breakdown of Auto-Remediation

Screaming in the Cloud: Generating Demand and Building Trust with Anadelia Fadeev

Screaming in the Cloud: Remote Work and Finding Your Voice with Jeff Smith

Choice Cuts

Developers are responsible for not just the code they write, but also the containers and cloud infrastructure their applications run on. And a big part of that responsibility is application security. Meet Snykers at AWS re:inforce or your local AWS Summit to learn more about how Snyk integrates seamlessly with AWS to keep applications secure.

Amazon DocumentDB (with MongoDB compatibility) now supports fast database cloning – Isn’t DocumentDB ("Amazon Basics MongoDB") already the clone / crappy knockoff of a fast database?

Amazon EC2 Console adds ‘Verified Provider’ label for public AMIs – Much like Twitter, you can get a blue checkmark if your product has been rigorously vetted–or if you hung out with Adam Selipsky at a party in 2012.

Amazon Neptune now supports fine grained access control with IAM – What the blue hell was it doing before?!

Amazon SageMaker Canvas announces encryption support with customer managed keys – Great, another way to make SageMaker Canvas sneakily more expensive to screw customers over.

AWS announces AWS Wickr (Preview) – AWS decides to compete with Google in launching and then abandoning messaging products.

AWS Control Tower now reduces AWS Config configuration items by only recording global resources in home Regions – This is handy. I just hate that you’ve gotta apply this one OU at a time, and you can’t schedule it. It basically turns an afternoon into "click button, come back in an hour and click another button," etc.

AWS Lambda announces support for a new IAM condition key, lambda:SourceFunctionArn – You can now scope IAM restrictions down to specific Lambda functions. Please do so.

AWS Single Sign-On (AWS SSO) is now AWS IAM Identity Center – A service rename is definitely one of those things worth keeping an eye on.

Announcing AWS Transfer Family support for Applicability Statement 2 (AS2) – Price gouging and then some–YEOWCH. "If you’re a big company forced to use this protocol, AWS is going to charge you a penny per message" is just monstrously bad.

Now programmatically manage primary contact information on AWS accounts – This is legitimately useful, but most people will miss the release.

Introducing specialization categories for the AWS Level 1 MSSP Competency – Some of those categories are presumably "taking it on the chin when AWS competes with you," "stoically saying nothing when AWS introduces another partner into the mix that eats your lunch," and so on.

10 Years of Success: AWS and F5 – Looking at the relative stock prices of these two companies over the last ten years, I think it’s pretty clear that "success" has not accrued equally to both parties.

Amazon Prime Day 2022 – AWS for the Win! – Amazon congratulates AWS in a self-referential customer backpatting story.

New for AWS Global Accelerator – Internet Protocol Version 6 (IPv6) Support – Progress, as well as the globe, is apparently accelerating in AWS’s bid to kill all of us by flinging us off the planet into space.

Introducing Amazon Neptune Global Database – Is the globe in question Earth, or Neptune?

Introducing Community Health on AWS – Yes, because if there’s one company that knows what it takes to foster healthy communities, it’s Amazon. Don’t believe me? Go check out the moribund re:Post forums…

Predict shipment ETA with no-code machine learning using Amazon SageMaker Canvas – Based upon my own experience with SageMaker Canvas, odds are you’ll be bankrupt by the time your shipment arrives if you implement this solution.

Tiny cars and big talent show Canadian policymakers the power of machine learning – I look forward to attending the big talent show, ambiguous AWS headline writer.

Andy Jassy and RJ Scaringe discuss Rivan electric vehicles – I am absolutely gutted by this; I’ve been trying and failing for five years to get to beep the horn on an AWS Snowmobile, and now Andy Jassy is taunting me with pictures taken inside of a different Amazon-labeled vehicle.


Every application needs authentication, but building it yourself is a distraction. FusionAuth is customer identity software built for developers. They’re not Auth0. Their people know authentication and will show you a better experience. What’s cool is you can self-host so you’re in control of your identity data. There’s a free download version, no strings attached. Or if you want it hosted, they’ll set you up in AWS, just ask.

There’s an official AWS glossary that’s probably super handy for folks who don’t know what the hell we’re talking about when we start babbling in Cloud.

A fun Twitter-reported nightmare resulted in someone sucessfully using the IAM policy simulator to track down what was wrong with a weird S3 bucket issue.

… and that’s what happened Last Week in AWS.

Newsletter Footer

Sign up for Last Week in AWS

Stay up to date on the latest AWS news, opinions, and tools, all lovingly sprinkled with a bit of snark.

"*" indicates required fields

This field is for validation purposes and should be left unchanged.
Sponsor Icon Footer

Sponsor a Newsletter Issue

Reach over 30,000 discerning engineers, managers, and enthusiasts who actually care about the state of Amazon’s cloud ecosystems.