Good Morning!
If you’re in Paris this Wednesday evening, let me buy you a drink at The Bowler at 6PM. Come out, say hello, and marvel at my terrible French.
From the Community
It’s been a while since I publicly pointed people at the Battle Of The Bears, when some "friends" of mine sent my toddler a teddy bear the size of a freaking NFL linebacker. (That’s American for "freaking huge.")
Speaking of bears, AWS nails Russia’s Cozy Bear trying to nick Microsoft creds.
Podcasts
Last Week In AWS: Amazon Q Rules Except It Doesn’t At All
Screaming in the Cloud: Conversations at the Intersection of AI and Code with Harjot Gill
Choice Cuts
Amazon disrupts watering hole campaign by Russia’s APT29 – Amazon CISO CJ Moses demonstrates that it’s not just possible to lead a horse to water, but also to drown one if you work hard enough at it.
AWS IAM launches new VPC endpoint condition keys for network perimeter controls – Finally, the IAM team takes a break from enforcing access permissions for account colors to give us a straightforward way to force traffic to use VPC endpoints. That’s a compliance win.
RDS Data API now supports IPv6 – I keep forgetting the RDS Data API exists distinctly from the RDS Proxy. Why? Nobody knows.
Now Open — AWS Asia Pacific (New Zealand) Region – This is exciting news for the folks who started mandating data residency laws as a shakedown of the hyperscalers: your project worked!
AWS Resource Explorer is now available in AWS Asia Pacific (Taipei) Region – So long as entire regions aren’t available in Resource Explorer, it’s forever going to take a backseat to using the AWS bill as the authoritative source of truth for what’s running in your account. After all, if AWS isn’t billing you for it, it doesn’t really exist.
Protect your Amazon Route 53 DNS zones and records – Well yes, you do have to ensure that your databases are locked down properly. That said, it’s more than a little nutty that you’ve gotta implement special Lambdas to back up Route 53 zones rather than the established methods by which all other DNS servers achieve these things (IXFR, or more realistically AXFR). But noooo, Route 53 just has to be precious like that…
Efficiently verify Amazon S3 data at scale with compute checksum operation – It’s now possible to determine whether S3 ate your data at scale.
AWS Elemental celebrates 10 years of innovation – Sure seems to me that a lot of this "innovation" is iterative improvements; the incremental addition of small improvements over time. That’s valid, and fair, but it’s not "innovation" in any meaningful sense. "Well we listen to customers to do it." Sure, but if you didn’t they’d leave for vendors who do. Every company, to some degree, is beholden to the desires of its customers.
Choosing the right AWS live streaming solution for your use case – You’re going to have to do some remarkably heavy lifting to convince me that the right solution for most streaming use cases is AWS at all, and the reason comes squarely down to data egress fees. Yes, I know, you can negotiate significant discounts on data transfer rates, but those come in return for commitments that you’re not prepared to make when you’re still doing back-of-the-envelope math to see if you even build on AWS in the first place.
… and that’s what happened Last Week in AWS.
