Good Morning!

Another week come and gone, along with a veritable mountain of AWS announcements. Fortunately most were of the kind I discard (“Service you don’t use is now available in a region you’ve never heard of!”), so everyone comes out ahead.

If you’re looking to give a talk, the AWS Community Day has an open CFP. If you want help submitting a CFP, join #community-cfp on the OG community Slack and I will help you draft a talk proposal. I promise, you have stories worth telling.

Considering migrating to AWS? The Duckbill Group can help!

When you’re talking about millions of dollars a year in investment in AWS, making mistakes is expensive. Work with The Duckbill Group to plan your migration costs and keep them under control. Altogether, you’ll:

  • Get feedback about cost impacts
  • Have your migration strategy and architecture reviewed by AWS experts. (That’s us).
  • Keep your migration on budget (and your finance team happy)

Read about how we can help you with your AWS migration right here:

From the Community

Oh – the wondrous original promise of the data lakes… all gone kaput… until now! Join me, Corey Quinn, along with ChaosSearch, on our Sept 24th webinar entitled “Turning Your Amazon S3 into a Hot, Searchable Data Lake”. During this webinar (did I mention I’ll be speaking?) you’ll learn how to monitor and analyze your AWS services directly in your own S3! So register for the Sept 24th webinar today – even if it’s just to hear my dulcet tones and intergalactic wisdom! Brought to you by ChaosSearch – the revolutionary, fully managed log analytics platform that turns your Amazon S3 into an UltraHot™ data store! Sponsored

Man, every time I think I’ve come up with a great opinion on something, it seems like Gartner VP Lydia Leong just comes in and absolutely stomps what I’ve said into the dirt with her incredibly well framed version of it. This time it’s multi-cloud. I’m incredibly envious of her ability to do this. I’m just glad our opinions generally align!

A walkthrough with an example of AWS Glue, in case you get stuck.

I could restate what Ian McKay says about a security story involving CloudWatch Synthetics Canaries, but I’d really just be parroting the article.

A GCP employee compared the CLI experiences of AWS, Microsoft Azure, and Google Cloud Platform and came away with a shockingly balanced perspective.

Whenever a headline is a question, such as “Why Did We Start Using AWS Secrets Manager To Store Sensitive Data?“, I like to respond with a facile answer like “because your open S3 bucket proved to be a terrible plan.”

Amazon CTO Werner Vogels has a blog post titled reinventing virtualization with the AWS Nitro System, which I think could have been pun-spun slightly differently in a year in which re:Invent is itself virtualized.

An interestingly positioned article about the relationship between AWS and Snowflake. There are some gems in here; AWS has some work to do on its partner reputation.

A disambiguation between the two confusingly-named options for AWS’s API Gateway: HTTP vs REST.

I was quoted in an article about Kubernetes not helping you with cloud portability, which is always a good thing to become known for.

My working theory of Aurora PostgreSQL vanishing from AWS for a few days without explanation was an accidental hire of a Google product manager without proper training. It’s mighty strange that there wasn’t an announcement about this, though.

A musical parody of Hamilton, titled simply LAMBDA.


If you’ve got an interesting job for this newsletter’s eminently employable subscribers, get in touch!

Do you hold a US Security Clearance? Do you want to build exciting things? Protect exciting secrets? Make big trouble for Moose and Squirrel? Check out the AWS Cleared Jobs and see if AWS might have a role that’s up your alley. Many restrictions apply; see page for details.

Choice Cuts

Download today: Kubernetes security ebook – tips, tricks, best practices

The rapid adoption of Kubernetes to manage containerized workloads is driving great efficiencies in application development, deployment, and scalability. However, when security becomes an afterthought, you risk diminishing the greatest gain of containerization – agility. Download this ebook to learn how to (1) build secure images and prevent untrusted/vulnerable code, (2) configure RBAC, network policies, and runtime privileges, (3) detect unauthorized runtime activity, and (4) secure your Kubernetes infrastructure components such as the API server. Sponsored

Amazon API Gateway now supports mutual TLS authentication – This is screamingly exciting for me, but I can’t tell you why until after I implement it.

Amazon CloudWatch Agent is now Open Source and included with Amazon Linux 2 – This is pretty awesome. Usually companies don’t open source things while making a bunch of excuses that hide the real reason: the code is embarrassingly bad.

Amazon CloudWatch Dashboards now supports sharing – So what? We’ve been using it that way for ages and–oh, my apologies. I misread “sharing” as “shaming.”

Amazon Detective introduces IAM Role Session Analysis – “The pounding on my office door matched the pounding in my head. My landlord was demanding rent, but I wouldn’t get paid until this case got cracked.”

Amazon EKS is now available in the AWS US West (N. California) Region – I rarely mention regional expansions but… really? Kubernetes only now comes to the Northern California region? You really, really don’t want to use us-west-1, in case you didn’t already know that.

Amazon Redshift announces spatial functionality enhancements – I’ve read this five times and I have no idea what it does. If you go to and let a Markov chain generate an AWS release announcement, it will be more coherent than this post is. I suddenly understand why Snowflake is doing so well post-IPO.

Amazon Transcribe adds support for automatic language identification – Why doesn’t AWS’s ML Marketing team highlight things like this?! It’s freaking magical that it can analyze audio and determine what language is being spoken. That’s transformative, uplifting, and not given a marketing fanfare at all, apparently because it doesn’t help the cops hunt homeless people for sport or whatnot. Stories like this one are incredibly powerful. Tell them!

AWS Budgets now offers Daily Granularity for Cost & Usage Budgets – The caveat of course is that all of a day’s spend is accurately reported within 24 hours. It’s not always!

AWS IQ now provides short URLs for expert profiles – Man, this could be so much more than it is. A short URL that AWS hosts that becomes a non-crappy version of LinkedIn-meets-GitHub that oh by the way lets you pay me via your AWS bill? Who on earth would say no to that?!

Amazon CloudFront announces support for Brotli compression – If you visit the Brotli GitHub page, it’s entirely unclear WTF it does. AWS Marketing stole a march on them and explains it clearly in this post: “Brotli is a widely supported lossless compression algorithm that often provides a better compression ratio than Gzip.” Well done.

Elasticsearch Audit Logs now available on Amazon Elasticsearch Service – Technically the logs themselves live in CloudWatch Logs, because otherwise it’d be “self auditing,” which is how you get punched by an auditor.

Enforce encryption for Amazon Elastic File System resources using AWS IAM – This seems handy. And maddening if you don’t know it’s there, because it’s a near certainty that the error message will be completely useless.

HIPAA Eligible AWS Services deployed in AWS Wavelength can now be used to process Protected Health Information – “Our 5G offering can now support health data” is the kind of offering that while useful, will no doubt be taken and twisted by just the worst conspiracy theorists on the internet.

New EC2 T4g Instances – Burstable Performance Powered by AWS Graviton2 – Try Them for Free – Due to a misunderstanding that I’m sure we’ll all laugh about later, many AWS services still don’t support tagging, but do support t4g instances instead.

Analyzing Amazon S3 server access logs using Amazon ES – This blog post tells you how to take access logs for what’s accessing S3 (which costs 2.3 cents per month per gigabyte) and store those logs in Amazon Elasticsearch (which costs 13.5 cents per month per gigabyte) because they’re apparently hoping you’ve been ignoring me whenever I talk about ChaosSearch. I just… why would someone do this?

Activity detection on a live video stream with Amazon SageMaker – If there’s no activity detected, then it’s apparently either dead video or sleeping video.

AWS debuts Cloud Digital Interface (AWS CDI) to reliably transport uncompressed live video between applications – You can now get enormous bandwidth between EC2 instances inside of AWS. 98% of the world will forget it’s there, but somewhere in Hollywood an engineer at an entertainment company just dropped their coffee cup in excitement.

Simplifying permissions management at scale using tags in AWS Organizations – “Ah, I’ve finally rolled out the ability to set tags to every engineer in the entire company so they can allocate costs. Now to put on my CISO hat, take a giant sip of this burning hot coffee, and read this blog post.”


How do you separate observability hype from the functionality your team really needs? Check out our buyer’s guide and learn how to evaluate an observability tool, understand why observability goes beyond the traditional tools you use today, and how Honeycomb is leading the charge.

Or sign up today and try Honeycomb for free. Guess less and know more. Sponsored

Normally I try to only highlight open source tools here, but Epsagon really saved my bacon on an obnoxious issue last week that was driving me nuts–so I’m feeling charitable. I’m a (happy) paying customer, but their free tier is surprisingly capable. It’s kinda everything that AWS X-Ray wants to be but really isn’t.

The other week I had to export a DynamoDB table that was a few megabytes, so I consulted the AWS documentation. Then I wept. Then I did some poking around and found export-dynamodb, which after a quick pip install, gave me exactly what I wanted in a single command: the whole table in a CSV file.

… and that’s what happened Last Week in AWS.

Newsletter Footer

Sign up for Last Week in AWS

Stay up to date on the latest AWS news, opinions, and tools, all lovingly sprinkled with a bit of snark.

"*" indicates required fields

This field is for validation purposes and should be left unchanged.
Sponsor Icon Footer

Sponsor a Newsletter Issue

Reach over 30,000 discerning engineers, managers, and enthusiasts who actually care about the state of Amazon’s cloud ecosystems.