Good MorningGood Morning!

Happy Thanksgiving week, Americans. Next week begins re:Invent: AWS’s own version of Cloud Next. I’ll be doing a series of livestreams, video rebuttals, and analysis so you don’t need to watch three straight weeks of videos; the schedule will be posted at

Also–one more thing for those of you who like games. Introducing:

From the Community

People might say traces can be used anywhere, but let’s face it: you absolutely need them when you’re dealing with distributed systems and microservices. You probably don’t have them yet because instrumenting your apps to collect them will get you super table-flippy. (╯°□°)╯︵ ┻━┻

Until now. Download Distributed Tracing: A Guide to Microservices & More and get the tracing you deserve the easy peasy way. Guess less & know more with Honeycomb. Sponsored

A dive into the philosophy of AWS’s internal manyrepos build system.

Friend of the newsletter Whitney Champion outlines FusionAuth’s bulletproof go-to-market approach: letting people use Amazon Cognito first.

A customer re-imagines what the Route 53 console could be.

There are things I love and hate in equal measure about this multi-cloud synopsis.

While I was out on parental leave, Jaana Dogan left Google to be a Principal Engineer at AWS focusing on observability. Now that she’s not working on Spanner anymore I think she’s finally allowed to agree that Route 53 is in fact the superior database.


If you’ve got an interesting job for this newsletter’s eminently employable subscribers, get in touch!

If you’ve been working on infrastructure for a while (OK more than a week maybe) you’re sure to have Opinions on how our industry could improve the workflows we put in place to keep systems secure. Come work at Sym to help us build the platform to solve this! We’re looking for a Security & Infrastructure Engineer to lead our security program and improve the safety and reliability of our environment.

Do you hold a US Security Clearance? Do you want to build exciting things? Protect exciting secrets? Make big trouble for Moose and Squirrel? Check out the AWS Cleared Jobs and see if AWS might have a role that’s up your alley. Many restrictions apply; see page for details.

Choice Cuts

Understanding Kubernetes: A Guide to Modernizing Your Cloud Infrastructure

Learn fundamental concepts of Kubernetes, from the components of a Kubernetes cluster to network model implementation. After reading this guide, you’ll have a working knowledge of containers and be able to jump right in and deploy your first Kubernetes cluster. This free guide is available as an instant download with no registration required. Sponsored

AWS IQ launches new functionality to support firms – That’s funny, AWS IQ has had a bunch of “experts” listed for a while whose last name is apparently “LLC.”

Amazon Athena announces availability of engine version 2 – Athena is a serverless query service, but you somehow have to still worry about which kind of engine it’s got under the hood or your queries will all catch fire.

Announcing protection groups for AWS Shield Advanced – On some level, paying $36K a year for “DDoS prevention” feels like a different kind of protection group.

AWS Backup and AWS Organizations bring cross-account backup feature – To me, “back up my stuff into another account” would be a high priority roadmap item, but here we are. I’d also like to see “back it up into another provider,” because while I likely won’t ever need it, it’ll stop a bunch of ridiculous auditor questions.

The AWS CDK EKS Construct Library is Now Available as a Developer Preview and Adds Support for cdk8s – “cdk8s” is of course pronounced “cicadas,” except you have to listen to and about it way more frequently than every 13 years.

AWS CloudFormation change sets now support nested stacks – “Nested YAML” and now you’re screaming too. Happy Monday!

Pause and Resume Workloads on T3 and T3a Instances with Amazon EC2 Hibernation – Much like a bear, when hibernation is over these instances can now wake up and bite your face in a billing context.

Tired of juggling the cost of AWS backup and recovery with your SLAs? What about multiple products for your data NOT in AWS? Then quit the circus act and check out Veeam! Veeam unifies AWS backup and recovery with any other platform you need to protect into one easy solution. Better yet, they’ll help cut your cloud costs without compromising the ability to recover what you need, when and where you need to (even across clouds). They’ll be at re:Invent, so check them out! I hear they’re giving out free t-shirtsSponsored

AWS Identity and Access Management introduces new policy defaults for IAM user passwords – Crap, now I have to find a way to make “Kitty!” somehow stretch into at least 8 characters. It otherwise qualifies.

AWS Launch Wizard now enables customers to further automate SAP deployments with pre and post-deployment configuration scripts – By adding support for this to the wizard, it’s now as simple as “click, click, click, done” and you now owe SAP $14 million.

AWS Step Functions now supports Amazon API Gateway service integration – Once you surmount both learning cliffs I’m sure this works terrifically well.

AWS Trusted Advisor enables multi-account reporting of best practice recommendations with AWS Organizations – Of course, this only works if you’re paying for business or enterprise tier support. If you’re on the fence, don’t let this feature sway you; it’s Plausible Advisor at best.

Network Load Balancer now supports IPv6 – “Please stop whining at us” is the subtext of this entire post.

New IDC Study Shows VMware Cloud on AWS Delivers Significant Value to Customers – It doesn’t speak super well of IDC, this report, or AWS’s decision to trumpet it that they talk about how VMware on AWS “saves customers 40%” without ever explaining what they’re comparing it to. Managing physical servers by hand? Running Kubernetes in the data center? Paying an external company to manage their infrastructure by hand for them? I assure you, they’re not saving 40% versus “using AWS natively rather than trying to shoehorn a bunch of legacy VMs into the cloud and lying to yourself that it’s a digital transformation.”

Architecture Monthly Magazine: Open Source – When AWS talks about open source, you could be forgiven for hearing it as “next we’re going to talk about our product roadmap.”

Introducing Amazon S3 Storage Lens – Organization-wide Visibility Into Object Storage – Though it pains me to say it, this is snazzy. A few “well, what about” sneaky tricks I’ve picked up were all represented on the default dashboard, and I’m reduced to having to say nice things about this release. Well played, S3 team. Well played.

Announcing Red Hat OpenShift Service on AWS – At long last, there’s a native container management service in the AWS console to which EKS compares favorably.

Build a Production-Ready Game Backend on AWS – This would have come out months ago but their case study was Amazon’s own game, Crucible.

Amazon Textract recognizes handwriting and adds five new languages – If it can recognize my chickenscratch handwriting, I’ll buy the team pizzas.

etcd gets ready to graduate – etcd prepares to move back into GitHub’s basement.

The versatility of gRPC, an open source high-performance RPC framework – It’s impressive when you can write a deep dive into gRPC without ever once mentioning the word “Google.”

Set up centralized monitoring for DDoS events and auto-remediate noncompliant resources – You have to monitor for a lot of things to ensure you don’t miss them, but “DDoS attacks” are generally not one of them, as they tend to make their presence known.


What do HubSpot, Klarna, Alert Logic and Armor all have in common? They all use the ChaosSearch Data Platform to connect and index data in their own AWS S3 environments, rendering their data fully searchable and available for analysis with their existing data tools. With unlimited scale, industry-leading resiliency, and massive cost savings, ChaosSearch is an ideal replacement for the ELK stack (which we all know tends to flop over at scale)! Now perform scalable log analytics on your AWS S3, using the familiar ElasticSearch API for queries, and Kibana for log analytics and visualizations, while reducing costs and improving analytical capabilities! Want to learn more? Schedule a demo (easily pick a day and time that works for you), or start a free trial today! Sponsored

A tool to set up full container environments in AWS, Digger is like Copilot only written by people safely at arm’s length from internal AWS decisions.

Since the re:Invent catalog search function is hot garbage, try one that Ken Robbins made instead. I swear, half of all AWS projects are customers spackling over the things AWS got wrong…

A development workflow tool for CloudFormation, rain takes second place only to “giving up in frustration and using the console.”

… and that’s what happened Last Week in AWS.

Newsletter Footer

Sign up for Last Week in AWS

Stay up to date on the latest AWS news, opinions, and tools, all lovingly sprinkled with a bit of snark.

"*" indicates required fields

This field is for validation purposes and should be left unchanged.
Sponsor Icon Footer

Sponsor a Newsletter Issue

Reach over 30,000 discerning engineers, managers, and enthusiasts who actually care about the state of Amazon’s cloud ecosystems.