Good Morning!

I Azure you, it’s not a good week for the cloud; Azure’s CosmosDB database apparently let anyone who wanted to read other people’s data and Microsoft’s response distills down to “logs? Yeah, we really should have had some of those, huh…”

Separately, Forrest Brazeal has [accepted a position]) as the Head of Content for Google Cloud, which is fantastic for both him and Google Cloud, and a demonstration that AWS either has absolutely no idea how its community functions, or else doesn’t care; both are terrifying to its longer term prospects. More to come on that later this week…

From the Community

Observability is critical for managing and improving complex business-critical systems. With observability, any software engineering team can gain a deeper understanding of system performance, so you can perform ongoing maintenance and ship the features your customers need. Preview Honeycomb’s upcoming O’Reilly book to understand the value of observable systems and how to build an observability-driven development practice. Sponsored

The headline AWS Gamelift to be deprecated in favor of containerization caused me to do a spit-take until I realized it was a particular company’s approach, not AWS’s.

Forrest Brazeal’s newest, The Cloud Resume Challenge Book, is on sale now. Use code ‘lwiaws’ to save 40% as a special thank you from him for reading this. I make no money here!

Mark Nunnikhoven has a great review of AWS re:Inforce 2021, which was last week.

An AWS privilege escalation; “this is how it’s supposed to work, you’re just not smart enough to get it” is the gist of their initial response unless I’m missing something?

I’m annoyed that despite being cited in it, they failed to call this a guide to Cloud Security Coreyenteering.

A Docker approach to using DynamoDB locally.

My post on How to Effectively Interview for Work with a Portfolio Site seems to once again have struck a nerve amongst folks looking to get into the cloud industry. Let me know if I can help!


If you’ve got an interesting job for this newsletter’s eminently employable subscribers, get in touch!

The Duckbill Group (that’s me!) is hiring a Head of Consulting Services to join the team. We’re looking for someone skilled in managing and leading people, as well as in building and optimizing delivery processes. As a member of the leadership team in a nine-person company, you contributions will be instrumental to our continued growth and success. AWS expertise isn’t required, but it’s certainly a bonus. If you’re interested in a role that’s fully-remote, has big impact, and you want off the VC rollercoaster, come check us out.

Choice Cuts

Cribl LogStream is an observability pipeline that lets you collect, reduce, transform, and route machine data from anywhere, to anywhere. It helps you not only improve visibility into what’s going on, but also helps you save money. See for yourself what LogStream can do for your data. Go to Sandboxes > Sponsored

In 2021, ISVs will generate over $3 billion in revenue through the Cloud Marketplaces. Meeting buyers where they have a budget is just part of the reason Marketplace sellers are thriving. The Tackle 2021 Cloud Marketplace Playbook breaks down the key strategies to Marketplace success at every stage, whether you’re getting started or looking to scale and operationalize – all with zero engineering resources required. Complete with expert insights from companies like HashiCorp, CloudZero, CrowdStrike and more – check out the most comprehensive Marketplace Playbook today! Sponsored

IPv6 endpoints are now available for the Amazon EC2 Instance Metadata Service, Amazon Time Sync Service, and Amazon VPC DNS Server – The Amazon Time Sync service and I have a simple relationship: mention it in a release, I will talk about it. I adore that thing even though it’s not well known.

Amazon Data Lifecycle Manager now automates deprecation of Amazon Machine Images (AMIs) – If it does that, why not call it Amazon Google?

The new Amazon DynamoDB console is now your default experience to help you manage data and resources more easily – The DynamoDB service page in the console now has a different default look and feel than the other 400 service pages do, because they all have their own distinct looks and feels, most of them awful.

Amazon ElastiCache for Redis now supports auto scaling – Oh hell yes. Thanks, AWS; you can close out my feature request ticket at an old employer that was opened in 2012.

Amazon Virtual Private Cloud (VPC) customers can now resize their prefix list – AWS might not remember what happened when they launched a new Availability Zone in us-east-1, but my Large Client couldn’t use it because they’d already allocated all of their address space in the private range they were using under the assumption that there would only be five AZs, but I do. Oh, do I ever. This update doesn’t fix that problem, but I just wanted to remind you about it.

Introducing AWS Backup Audit Manager – This is an awesome release with a bad name. It’s not an audit manager! It’s a validator that your backups can be restored from. “AWS Backup Restore Guarantor” is the better name.

AWS Database Migration Service now supports Redis as a target – It doesn’t support MemoryDB because doing so would be unconscionable.

AWS IoT Core now supports MQTT retained messages – And another entrant in the “free database” tier! This holds 64MB of data per account at no charge.

IAM Access Analyzer helps you generate IAM policies based on access activity found in your organization trail – Oh my god. When I tried to do this back when the Access Analyzer first came out I smacked into errors and thought I’d busted something in my account. I’m going to sit here and seethe with rage while I consider my response.

Accelerating your Migration to AWS – Here’s a long blog post that AWS authored as to how you can hurry the hell up and give them your money faster.

Augmenting VMware Cloud on AWS Workloads with Native AWS services – I’m pretty sure that’s called “migrating off of VMware Cloud on AWS.”

Announcing the latest AWS Heroes – August 2021 – The newest AWS Heroes are announced. Basically you only lose Hero status if you take a job at Amazon or at one of its competitors–wait. Isn’t that every company? How are there any Heroes at all?

Introducing CloudWatch Container Insights Prometheus Support with AWS Distro for OpenTelemetry on Amazon ECS and Amazon EKS – There is absolutely nothing I’m going to say here that is more ridiculous than that headline. I’m serious! Read it aloud right now. Listen to how it sounds.

Real-world cryptographic verification with Amazon QLDB – QLDB is one of those services I’m not quite smart enough to fully understand, but what I know of it is “blockchain without the hype combined with solving a business problem.” That’s compelling.

Deploy a Docker application on AWS Elastic Beanstalk with GitLab – Is this the 18th way to run a container on AWS?

Recognize celebrities in images and videos using Amazon Rekognition – I have already opened a support ticket with AWS since this service fails to recognize me as a celebrity. Your move, AWS.

Meet Aria, the first New Zealand English accented voice for Amazon Polly – includes limited te reo Māori support – Only AWS would release a voice that cannot sing and name it “Aria.”

AWS Artist Series: Animating Noa – Some AWS blog posts are ridiculous. Others are incredibly overcomplicated. Still others make zero sense. But this one is visually beautiful.

Amplify Video now supports MPEG-DASH for on-demand video – MPEG-DASH today, AWS Infinidash tomorrow.

What happens when you type a URL into your browser? – This is glorious. It’s the answer to a common interview question, explained in a straightforward way. It’s independently useful, and doesn’t push AWS products. More like this please. These are the posts that people read and appreciate, rather than read because they’re frustrated with a service. I cannot stress enough just how welcome this is.

How Rackspace uses AWS Systems Manager for instance patching across multi-cloud and hybrid environments – AWS admits that multi-cloud is legitimate enough to use in a headline. Personally I’m a bit outraged that they took the same perspective on Rackspace.

Nonprofits save time and money with AWS Lambda: How to set up a function – This headline is only not pants-on-head lunacy if development time is free. The Last Week in AWS website was moved from a serverless environment to WordPress because my team’s time is very much not free, and having a stack that has more than a dozen people on the planet who understand it is important. Lambda’s learning curve is still too steep to broadly recommend it without significant caveats.

New in October: AWS Security Awareness Training and AWS Multi-factor Authentication available at no cost – Microsoft committed to invest $20 billion in security over the next five years. Amazon committed to publish some internal security trainings they had lying around and give a few boxes of old Yubikeys away to new customers.

AWS introduces changes to access denied errors for easier permissions troubleshooting | AWS Security Blog – I can’t WAIT for this change. It’s bound to be a vast improvement over the current “Error 500: you suck at computers.”

Confidential computing: an AWS perspective – I think AWS gets it right here. The idea of being able to keep data private when you don’t trust your cloud provider is only ever going to be solved by “don’t use that cloud provider.” Keeping data private from some of your own staff (such as sysadmins) is a lot more reasonable.


The forecast is showing clouds so make sure you’re prepared with simple, secure, and cost-effective cloud data protection from Veeam. Take advantage of this exclusive Veeam offer that includes: unlimited AWS backup FREE for 30 days, $250 AWS credits, and 3 months free when you buy. Veeam has you covered – check it out! Sponsored

Handy “grab this thing and run it in Docker” repository.

No idea why it doesn’t get a blog post of its own, but SAM cli lets you delete things.

A handy way to search IAM policies.

… and that’s what happened Last Week in AWS.

Newsletter Footer

Sign up for Last Week in AWS

Stay up to date on the latest AWS news, opinions, and tools, all lovingly sprinkled with a bit of snark.

"*" indicates required fields

This field is for validation purposes and should be left unchanged.
Sponsor Icon Footer

Sponsor a Newsletter Issue

Reach over 30,000 discerning engineers, managers, and enthusiasts who actually care about the state of Amazon’s cloud ecosystems.