Good morning!

Welcome to issue number 64 of Last Week in AWS.

Last week, a bunch of messages bounced. I resent the bounces I could detect yesterday; sorry about that. My new mail provider is having some teething issues with respect to deliverability.


Tomorrow evening there’s an Amazon Linux feature announcement at the San Franciso Loft. I’ll be there; I’ll have Last Week in AWS stickers and such if you find me.

Friend of the newsletter Datadog is having their Dash conference in New York on July 11-12. If it works for your schedule, I strongly suggest attending; AWS is a platinum sponsor, and longtime readers know how finicky they are about putting their logo on any conference that doesn’t have the word “Amazon” in the title somewhere. Use the code “DASHLAST” to get 20% off of registration. 

Welcome to issue number 64 of Last Week in AWS.

Community Contributions

Husband of renowned bassoonist Annet Vogels, Werner Vogels is also Amazon’s CTO. This week he talks about Amazon’s various database offerings and why there are so many of them.

A fantastic deep dive into Linux system calls– this time to determine who used the EC2 metadata server.

Using SAM to schedule Lambda functions feels like tremendous overkill– but doing it by hand is a lot more painful. The life lesson here is that computers are terrible.

For those of you in higher ed, you might be very interested to see what Emory University has to say about the cloud’s impact on research.

A number of Amazon workers wrote a letter of protest to Jeff Bezos regarding Rekognition’s use by police. We’ll see how this shakes out…

The dog and pony show around cloud optimization is near and dear to my heart; this is a decent analysis of the various moving parts.

Honeypots are a tried and tested method of keeping tabs on what bad actors are up to. Deploying one on AWS is a neat way to get one going quickly.

Nathan Peck takes us through his workflow for local Docker development for Fargate applications.

If you need to set up a private Docker registry, using S3 isn’t the worst idea. Just make sure you get the permissions right…

I’m a happy IOpipe customer– moreso now that I’m going to use CPU profiling to improve my functions’ efficiency. Watch this space for either a triumphant victory or a sad yet blameless postmortem.

Rhino Security highlights a few different methods of AWS Privilege Escalation; this is a fascinating glimpse into “what happens when people finally start treating their S3 buckets with respect” and into other areas for potential exploits.

A great discussion of how to build a business using a Slack bot. This is nifty enough that I don’t need a direct AWS tie-in to mention it.

A fun dive into reverse engineering AWS Lambda in some depth.

Last week I got to speak with Ilan Rabinovitch, Datadog’s vice president of product and community. Check out Screaming in the Cloud Episode 15: Nagios was the Original Call of Duty.

During its public sector summit last week, AWS took pains to spotlight its work with USCIS. “What’s a Zeitgeist?” “I think it’s a Google product, why?” “No reason…”

Choice Cuts From the AWS Blog

Amazon DynamoDB Announces 99.999% Service Level Agreement for Global Tables – By going global and introducing an SLA at the same time, Amazon has unlocked the rarest of achievements: five neins.

Amazon Pinpoint Now Includes Phone Number Validate – “Hey, American phone numbers have more than four digits” is now available as a service.

Automatically Refresh your AWS Cost & Usage Report when Charges Related to Previous Months are Detected – This is a fantastic enhancement that gently slips past awkward questions, including “what do you mean previous months’ bills can change,” and “wait, you weren’t doing this already?”

AWS Storage Gateway Adds SMB Support to Store and Access Objects in Amazon S3 Buckets – You can now treat S3 like a Windows file share! If you need to treat S3 like a Windows file share, I’ll buy you a drink at re:Invent this year. Hit reply, get in touch.

Introducing Optimize CPUs for Amazon RDS for Oracle – Another wonderful answer to “how can we absolutely screw Oracle over with respect to their crappy billing model?” On the one hand, it feels mean. On the other… is anyone rooting for Oracle in this space?

How do I get an evangelist to speak at my event? | Dear DevOps Abby – I’m looking forward to the sequel, “Okay, great, thanks, now how do I get an evangelist to stop speaking at my event? It’s been six hours and they’re still going. Please send help.”

How AWS uses automated reasoning to help you achieve security at scale – A great glimpse into internal AWS services; I’d heard of Zelkova before, but thought it was a soon-to-launch public service so I kept quiet about it so as not to be beaten to death in a darkened alley.


A fascinatingly opinionated way of building out serverless applications, Titanium Lambda is open sourced, not attempting to sell anything, and frankly a great series of patterns for a “what do I do now” serverless learning cycle.

cloudfront-auth is a Lambda@Edge function that lets you authenticate requests against a third party oauth provider such as Twitter, Github, etc. I’m fascinated by this– it’s similar to the Cognito integration with ALBs, but without a lot of the complexity.

A fun open source “try by doing” series of AWS workshops. I’m eager to see where this goes.

…and that’s what happened Last Week in AWS.

Newsletter Footer

Sign up for Last Week in AWS

Stay up to date on the latest AWS news, opinions, and tools, all lovingly sprinkled with a bit of snark.

"*" indicates required fields

This field is for validation purposes and should be left unchanged.
Sponsor Icon Footer

Sponsor a Newsletter Issue

Reach over 30,000 discerning engineers, managers, and enthusiasts who actually care about the state of Amazon’s cloud ecosystems.