Good Morning!

Welcome to issue number 149 of Last Week in AWS.

With most of the US off today for Presidents’ Day, we’re probably looking at a sparser release cadence than most other weeks–but we’ll see. Trying to predict what AWS will or won’t do remains a fool’s errand.

From the Community

Honeycomb relies on SLOs to get eng & biz teams on the same page. They know exactly how code is behaving through the customer experience. They figure you may want to know, too. In Theory of SLO: Why the Business Needs SLOs, Nathen Harvey|Google & Danyel Fisher|Honeycomb explain how SLOs are critical to SRE practices. Register for the webcast or read the transcript. SLOs. Success. Defined. — from Honeycomb. Sponsored

A software engineer’s intro to VPCs.

I’m super torn about the JEDI lawsuit. On the one hand, I’d be savaging Microsoft or Oracle had they done this if the award had gone to AWS; my simplistic theory of business is that you compete for deals and if you lose then life goes on, you don’t take it to court afterwards. On the other, the current administration promotes family values far less than they promote family members, so of course there’s corruption involved in effectively everything they touch. My solution is to mostly ignore the situation entirely–but now you at least know why.

It’s nice to know that I’m not the only person disappointed with Amazon Cognito‘s current state.

A real tale of using AWS Session Manager to replace SSH.

A wonderful walk through using Go for Cloud.

Legendary distinguished engineer Peter Vosshall retired from Amazon last week.

The ever entertaining Vicki Boykis opines on committing ot your lock-in.

Amazon EBS addresses the challenge of the CAP Theorem at scale – This came out after I’d already made reference to CAP theorem elsewhere in this newsletter. It’s a weird week.

It seems that Deutsche Bank will be able to fix all of its cultural and technical failures magically via the arcane power of Digital Transformation–but only if it selects the correct cloud vendor.

Jail inmates are the latest victims of this week’s S3 Bucket Negligence Award.


If you’re considering a job change, check out a position below. Regardless of where you find it, you should definitely negotiate your salary. If I were to magically become employable, I’d immediately head to and talk to Josh Doody about it before saying anything further. He’s done this many times before, with a special emphasis on engineering roles at FAANG companies. He’s an artist when it comes to getting the best compensation possible without seeming greedy or losing the offer. He offers coaching, free articles, an ebook, and other things along the way. Check him out–and tell him Corey’s talking about him again.

The EC2 Control Plane Platform team owns designing, building, provisioning and managing the platforms for all EC2 core services worldwide. Think magic like the provisioning backplane, the Time Sync Service, and many more. Join this storied team and see for yourself what it takes to run something of massive scale with interesting people.

Choice Cuts

This issue is sponsored in part by my friends at CHAOSSEARCH! You know, Mom always said “Log analytics shouldn’t break the bank!” and finally someone has listened! CHAOSSEARCH is a fully managed log analytics platform that leverages your AWS S3 as a data store. Their revolutionary technology radically lowers costs for analyzing log data at scale, and they pass those savings on to you! If you are tired of your ELK Stack falling over, or tired of paying over-the-top prices to the current litany of ho-hum log analytics vendors out there, try CHAOSSEARCH today! So check them out and tell them Corey sent you so they can sigh exasperatedly and ask you what I said this time… Sponsored

Amazon Cognito User Pools service now supports case insensitivity for user aliases – aMazoN cOGNito is A GrEaT sErViCe.

Amazon ECS-optimized Linux 2 AMIs now come with pre-installed AWS Systems Manager Agent – I wonder how they’re going to mispronounce “Systems Manager” to keep a consistent brand.

Amazon MSK increases the default broker limit per cluster to 30 brokers – And if you spin up all 30, you’ll be noticeably broker.

Amazon RDS for PostgreSQL now supports additional sizes for db.m5 and db.r5 instance classes – “None of these fourteen existing sizes will do” pouted DBA Goldilocks, so AWS added four more to see if this solved her problem. There’s never a hungry bear around when you need one.

Aurora PostgreSQL Supports Machine Learning, Export to Amazon S3, and New Minor Versions – I’m incredibly annoyed that they baked Machine Learning into a database and didn’t have the good sense to charge the hype-driven folks slobbering over it through the nose.

AWS Systems Manager now enables auto-approval of patches by date – “Approve everything released before date X” is a great thing to deploy on Fridays.

AWS Well-Architected Tool now supports AWS Serverless Lens – The entire Well-Architected Tool is a notable entry in the compendium of “lies my cloud provider told me.” It is not, in fact, a tool; it’s a questionnaire.

Configure fine-grained data access with Amazon Elasticsearch Service – Forget what I said elsewhere in this newsletter; read this release and try to do it; THAT becomes the best possible advertisement for CHAOSSEARCH.

EC2 Hibernation adds support for Ubuntu 16.04 LTS – Older versions of Ubuntu can now go to sleep as the rest of us eagerly await the day they reach EOL and can instead be put to sleep.

Introducing content filtering for Amazon EventBridge – Now I want to add content filters to other aspects of my life. “We auto-removed that meeting from your calendar because the agenda was complete nonsense.”

Introducing Multi-Region Asynchronous Object Replication Solution – While Google is releasing whitepapers about their database that apparently solves CAP theorem, Amazon instead is releasing solutions like this that offer none of Consistency, Availability, or Partition Tolerance. Absolutely nobody would choose a solution like this unless they’re tallying caucus votes in Iowa.

Now Available: Updated Versions of 2 APN Partner Digital Courses – Amazon is all about customer obsession, which is why its partner program continues to add hoops of ever-increasing complexity for partners to focus upon instead of helping their own customers.

New – Multi-Attach for Provisioned IOPS (io1) Amazon EBS Volumes | AWS News Blog – That thing we were asking for twelve years ago finally came to pass, but only for the hideously expensive io1 volumes. Now a bunch of software hacks can be removed, people will inappropriately use this for all the wrong workloads, and we’ll have a new generation of file locking issues. Thanks, AWS.

New: Use AWS CloudFormation StackSets for Multiple Accounts in an AWS Organization | AWS News Blog – This is finally getting AWS Organizations to the point where they’re useful for daily tasks rather than strictly as billing constructs.

Launching Open Distro for Elasticsearch security features on Amazon Elasticsearch Service | AWS Open Source Blog – Those weasels at Elastic are up to their old tricks, including getting irritated at people pointing out that they’re up to their old tricks.

How to use KMS and IAM to enable independent security controls for encrypted data in S3 | AWS Security Blog – And then you can explain those independent security controls to your auditors just as soon as they complete a sixteen week detailed course into how IAM works.

Manage your AWS KMS API request rates using Service Quotas and Amazon CloudWatch | AWS Security Blog – Yes, the burden of making sure that your use of the pay-for encryption service doesn’t exceed how much of that service AWS wants you to have, so you should build custom things to ensure you don’t annoy them. It’s stories like this that make me advocate for things like Hashicorp’s Vault.


A new tool for tagging your various resources; just remember that tags have security implications now.

… and that’s what happened Last Week in AWS.

Newsletter Footer

Sign up for Last Week in AWS

Stay up to date on the latest AWS news, opinions, and tools, all lovingly sprinkled with a bit of snark.

"*" indicates required fields

This field is for validation purposes and should be left unchanged.
Sponsor Icon Footer

Sponsor a Newsletter Issue

Reach over 30,000 discerning engineers, managers, and enthusiasts who actually care about the state of Amazon’s cloud ecosystems.