Good morning!

Welcome to issue number 146 of Last Week in AWS. I’m back in SF this week after a week annoying people in Seattle.

From the Community

Open source ChatOps is here. Mattermost ChatOps brings you an end-to-end open source ChatOps suite that makes bringing your DevOps systems together simple, prescriptive, and open. Get started today — because running your own IRC server or kidnapping princesses for ransom to pay for its competitors isn’t the best way forward. Sponsored

Cloudonaut talks about how to use ALB authentication to secure your DevOps tools.

F-secure talks about Misadventures in AWS.

‪I’m legit annoyed by how eloquently Redmonk’s Stephen O’Grady captures an incredibly nuanced series of points in this beautifully-crafted view on How to Compete With AWS. If you read one article this week, make it this one. ‬

I really hope that Amazon CTO Werner Vogels doesn’t retire before I get to buy him a drink.

“Someday this will all be us-east-1-g.”

Tim Bray talks about his time (so far) at AWS, and reflects upon his experiences.

I don’t even know what to say here. An AWS engineer committed a bunch of customer credentials to a Github public repo. This is an AWS process failure. How does an engineer have customer credentials and not treat them like plutonium? How does something not catch that commit via a post-receive hook? How does the laptop not explode before transmitting the data? To be explicitly clear, I don’t believe in calling out individuals–it’s unhelpful, and even if they’re awful people they still have friends and family who care about them (except for Larry Ellison who does not and is thus fair game).

This week’s S3 Bucket Negligence Award goes to THsuite. Maybe that paranoia you thought was the product was justified…


If you’re considering a job change, check out a position below. Regardless of where you find it, you should definitely negotiate your salary. If I were to magically become employable, I’d immediately head to and talk to Josh Doody about it before saying anything further. He’s done this many times before, with a special emphasis on engineering roles at FAANG companies. He’s an artist when it comes to getting the best compensation possible without seeming greedy or losing the offer. He offers coaching, free articles, an ebook, and other things along the way. Check him out–and tell him Corey’s talking about him again.

The Amazon RDS Proxy is now in preview, and is a fully managed, highly available database proxy for Amazon Relational Database Service (RDS). It makes applications more scalable, more resilient to database failures, and more secure–or it will, once it supports the best database of them all: Route 53. Join them today to make my ridiculous dream a reality!

X-Team is hiring Go developers with strong AWS skills, anywhere on the planet. The work is interesting, they partner with companies you’ve heard of, and you can work from wherever you care to be. Now before you wind up getting cynical, let me save you some time–I already did, and hopped on a phone call to chat with them and then berate them for their crappy culture. Instead I was pleasantly surprised: they invest in their people (including a personal development stipend), they have distributed community events (both online and in person around the world), and actually work with their employees; this isn’t a “send us a postcard if you ever get there” body shop. Take my word for it; check out X-Team and see for yourself. Tell them Corey sent you…

Choice Cuts

This issue is sponsored in part by my friends at CHAOSSEARCH! You know, Mom always said “Log analytics shouldn’t break the bank!” and finally someone has listened! CHAOSSEARCH is a fully managed log analytics platform that leverages your AWS S3 as a data store. Their revolutionary technology radically lowers costs for analyzing log data at scale, and they pass those savings on to you! If you are tired of your ELK Stack falling over, or tired of paying over-the-top prices to the current litany of ho-hum log analytics vendors out there, try CHAOSSEARCH today! So check them out and tell them Corey sent you so they can sigh exasperatedly and ask you what I said this time… Sponsored

New – T3 Instances on Dedicated Single-Tenant Hardware | AWS News Blog – But if you’re the only tenant on the hardware, then the burstable model wouldn’t ever… I need to go lie down.

Amazon GuardDuty announces threat detection enhancements, reducing alert volume and increasing accuracy for common customer deployed architectures – Isn’t “reducing the alert volume” the entire point of GuardDuty in the first place?

Amazon Neptune provides database deletion protection – Everyone’s favorite 🦒 database now protected from extinction.

Amazon SageMaker Now Supports TensorFlow 2.0 – By 3.0 it’ll be known as “TensestFlow.”

Amazon VPC Ingress Routing Now Supports AWS CloudFormation – Wait–who the hell is configuring VPC routing by hand? That’s like straining raw sewage with your teeth!

Announcing Amazon Relational Database Service (RDS) Snapshot Export to S3 – You can now access RDS snapshots where they already live!

AWS announces 80% price reduction for CloudEndure Disaster Recovery – It’s never been cheaper to endure the disaster that is your cloud migration.

AWS CodePipeline Enables Stopping Pipeline Executions – This is a handy feature. I’ve set all of mine to slam to a halt at 11:59pm on Thursdays to avoid Friday deployments. Charity Majors doesn’t read this newsletter, right?

AWS Control Tower introduces lifecycle event notifications – I was worried that this product was largely abandoned. I love the product’s promise, but it really needs a bit of work to remove some painful parts. This isn’t the most pressing change needed, but it’s a sign of life at least.

AWS IAM policy simulator now simulates permissions boundary policies – …while cloud engineers everywhere simulate caring about permissions and continue to just grant “*” access to everything that holds still long enough.

AWS Key Management Service expands support for asymmetric keys – This time you get to make up the snark yourself! Picture the dumbest thing you can imagine about cryptography, and put it here.Then yell at me on Twitter about my moronic take on cryptography!

Deep Learning Containers Updates for SageMaker Debugger and Tensorflow Serving – This exciting update empowers–okay, I’m sorry, help me out here. T3 instances have a bursting model so that unused or unevenly used capacity can be used to power them. If you’re on dedicated instances you’re paying extra for “burst” but it’s just coming from your existing dedicated hosts! How does this model make a lick of sense?

New AWS Public Datasets Available from Ford, NASA, and NREL – It’s nice to see companies making giant piles of data in S3 public intentionally for a change.

Query Volume Metrics Now Available for Amazon Route 53 Resolver Endpoints – Handy to figure out which endpoints are talking to what, I suppose. In fact–nope, sorry, I can’t do it. If your other instances on that dedicated hardware are all busy, where’s the burst capacity going to come from?!

AWS DataSync Update – Support for Amazon FSx for Windows File Server | AWS News Blog – “The DataSync service can now transfer files from Windows fileshares” is awesome, should you be unfortunate enough to have such a thing lying around your enterprise.

Amazon EKS Price Reduction | AWS News Blog – Each kubernetes control plane now costs $72 a month instead of $144 on AWS. GCP and Azure managed kubernetes control planes still cost $0 over the same timeframe.

In the Works – AWS Osaka Local Region Expansion to Full Region | AWS News Blog – That moment when you get so tired of explaining what a “local region” is that you opt to turn it into a full region instead of clarifying the messaging. AND YOU’RE STILL PAYING FOR THE T3 BURST OVERAGES AGAINST WHAT EXACTLY?!


Do you have a service or product that you’d like to tell the fine readers of this newsletter all about? Hit reply and tell me what you’ve got! Sponsored

A Lambda Log Shipper for Cloudwatch and Grafana’s Loki.

… and that’s what happened Last Week in AWS.

Newsletter Footer

Sign up for Last Week in AWS

Stay up to date on the latest AWS news, opinions, and tools, all lovingly sprinkled with a bit of snark.

"*" indicates required fields

This field is for validation purposes and should be left unchanged.
Sponsor Icon Footer

Sponsor a Newsletter Issue

Reach over 30,000 discerning engineers, managers, and enthusiasts who actually care about the state of Amazon’s cloud ecosystems.