Good Morning!

Next week I’m giving a keynote at the of-course-it’s-online Cloud Native Revolution conference, presented by Comcast. Unlike most things provided by Comcast, it’s free. You’re not going to want to miss my Blisteringly Hot Takes on multi-cloud.

Q: How much does it cost to move a gigabyte of data in AWS?

A: Turns out, that’s a rather complex question to answer.

Over at the Duckbill Group, we took a deep dive into the AWS documentation (finding a bug here and there, even!) and hounded an untold number of AWS employees to come up with all the different prices and cost paths. Check out our free (and beautiful) Understanding Data Transfer in AWS resource over here on our resources page: https://www.duckbillgroup.com/resources/

From the Community

Oh – the wondrous original promise of the data lakes… all gone kaput… until now! Join me, Corey Quinn, along with ChaosSearch, on our Sept 24th webinar entitled “Turning Your Amazon S3 into a Hot, Searchable Data Lake”. During this webinar (did I mention I’ll be speaking?) you’ll learn how to monitor and analyze your AWS services directly in your own S3! So register for the Sept 24th webinar today – even if it’s just to hear my dulcet tones and intergalactic wisdom! Brought to you by ChaosSearch – the revolutionary, fully managed log analytics platform that turns your Amazon S3 into an UltraHot™ data store! Sponsored

I snarked about multi-cloud on the RunAsRadio podcast last week. It’s fun to be the one getting interviewed for a change!

An infosec story that features my favorite pattern: DNS as a database.

Exploring limitations of Lambda functions is always worth revisiting if you’re using them seriously.

Ceora Ford has an article about what you should do in order to never get an unexpected AWS bill again. Her writing is excellent, highly accessible, and she’s RIGHT about everything in this article.

A dive into the mechanics of how EBS expands volumes in 2020. This sure beats the olden ways that were 40 steps long and ran a terrific chance of data loss.

A tale of using lessons learned in manufacturing to build a serverless e-commerce site on AWS.

Code Butcher Ian McKay has a container escape for CodeBuild that he wrote up most excellently. CodeBuild remains my favorite way to run a container on a schedule within AWS.

re:Invent (AWS’s own version of Cloud Next) grows ever-closer. My re:Quinnvent side-event is taking form. Today it’s a sponsor call; soon it will be something more. If you want to get your brand out to folks in the AWS customer base (read as: basically everybody), drop us a line.

A former boss/mentor of mine has built a multiplayer game with API Gateway+Websockets, Go and DynamoDB.

This week’s S3 Bucket Negligence Award comes from a land down under’s government.

I like dunking on AWS more than the average bear, but “Amazon now has and will exploit your personal details because a smart meter company is using AWS for infrastructure” is such a hilariously bad take that I don’t even know where to begin mocking it.

Benedict Evans has a thoughtful piece on how Amazon’s profits break down across AWS and advertising business segments.

Chef has been acquired by Progress. I wonder if that means the first-party service is going to become basically a campaign slogan: AWS OpsWorks for Progress.

Amazon lobbied against Amazon Spent $24,000 To Kill Portland’s Facial Recognition Ban. Look, I’m going to bypass the usual angles on this article in favor of one of my own: Rekognition is NOT “a key Amazon Web Services (AWS) product that pads its bottom line and fuels its monopoly on cloud services.” I’ve never seen an expensive Rekognition bill, full stop. It’s “key” only insofar as there are no “unimportant” AWS services, but it’s not a serious revenue driver. And claiming AWS has a monopoly on cloud services is frankly laughable. They’ve got their faults–but they also have healthy competition.

The Washington Post reported that AWS CEO Andy Jassy is likely Jeff Bezos’s next-in-line replacement as Amazon CEO. With respect: no kidding. Andy is terrifyingly intelligent, incredibly deep across the board, and even people who outright hate him all have an abiding respect for the man. As an aside: “Jassy is not a technologist” may very well be the dumbest thing I’ve ever seen in writing. If he isn’t, none of us are.

Jobs

If you’ve got an interesting job for this newsletter’s eminently employable subscribers, get in touch!

Do you hold a US Security Clearance? Do you want to build exciting things? Protect exciting secrets? Make big trouble for Moose and Squirrel? Check out the AWS Cleared Jobs and see if AWS might have a role that’s up your alley. Many restrictions apply; see page for details.

Choice Cuts

6Connex saved 50%. Onriva saved 35%. And Uber saved 15% in the first 30 days. Typical AWS cost savings using nOps cloud management. Yup, typical savings. nOps was built for DevOps teams, and provides auto-discovery of high-risk issues, dashboards with instant drill-down to the resource level for root cause analysis, and aligns with AWS Well-Architected. Get a free trial. Start saving with nOps. Sponsored

Amazon MSK now offers version 2.4.1.1, fixing a perpetual rebalance bug in Apache Kafka 2.4.1 – This was critical for AWS to fix immediately, since they don’t pass on the cost of cross-AZ replication in MSK to their customers.

Amazon RDS for SQL Server Now Supports More Time Zones – Once again for the people in the back: for the love of God do NOT set your databases to anything other than UTC; do that in the presentation layer. This feature is for legacy compatibility ONLY.

Amazon Redshift now supports 100K tables in a single cluster – 100K tables in one place is kinda how I think of the re:Invent expo hall.

Amazon S3 bucket owner condition helps to validate correct bucket ownership – People are so bad at S3 bucket permissions that they now need to enable you to explicitly check that the bucket that holds your data backups isn’t someone else’s insecure S3 bucket instead.

Application Load Balancers now support AWS Outposts – Sadly I don’t get to try this out, because a loading dock is required to use an AWS Outpost. Sadly, no Load Balancing Dock option is yet available.

AWS Single Sign-On adds account assignment APIs and AWS CloudFormation support to automate multi-account access management – This is potentially a game-changer for folks managing multiple AWS accounts within an organization. If the idea of using multiple AWS accounts seems like a completely revolutionary new idea, you probably work on an AWS service team.

Build Amazon Chime SDK web applications with the React user interface framework – Chime begins to seriously compete with Slack in “embedding a webapp into something that hoovers up all your RAM.”

Introducing security groups for pods – Finally! A native way to restrict Kubernetes workload permissions sensibly. You’re now going to have to find another Kubernetes sharp edge to focus on instead of doing real work, but don’t worry; there are plenty left.

Detecting fraud in games using machine learning – Seems simple enough. If they claim to be using machine learning, it’s probably fraud.

Creating a sophisticated conversational experience using Amazon Lex in Australian English – Blimey, Lex’s language support is going flat out like a koala in season.

Right-sizing resources and avoiding unnecessary costs in Amazon SageMaker – This is a blog post on how to use a whole lot of manual human effort to save money on AWS’s machine learning platform, delivered without a trace of irony.

Recovering from a disaster using AWS Storage Gateway and Amazon S3 Glacier – Post publication they slightly modified the headline so the answer wasn’t “buying a NetApp and not trusting the cloud again.”

Slay imposter syndrome while prepping for AWS Certification exams – I got at least one question wrong on the Cloud Practitioner. We’re all learning as we go; nobody, absolutely nobody has all of AWS stuffed into their heads.

Amazon Scholar John Preskill on the AWS quantum computing effort – One thing I wish got a bit more attention is some of the amazing academics that Amazon hires from time to time. That said, I’d have personally rewritten the intro as “In June, Amazon Web Services (AWS) announced that John Preskill, the Richard P. Feynman Professor of Theoretical Physics at the California Institute of Technology, an advisor to the National Quantum Initiative, and one of the most respected researchers in the field of quantum information science, would be joining AWS’s billing team in an attempt to finally understand a single bill.”

Tools

Trend Micro Cloud One. It’s a security services platform for organizations building in the cloud. It’s also an automated, flexible, all-in-one solution to protect workflows and containers with cloud-native security. But to you… it’s more time to focus on what you do best— building great applications. Learn more Sponsored

I was lamenting the lack of disposable cloud environments on Twitter, then someone mentioned the documentation for Disposable Cloud Environment (DCE). I stand very much corrected.

What ‘hub’ is for GitHub, c3 is for CodeCommit. And what CodeCommit is to GitHub is as LEGO is to actual bridge construction.

Most “control your EC2 environments from the command line” tools are garbage, but this htop-inspired cloudman is a welcome exception.

A Datasette plugin to support using DNS as a database.

… and that’s what happened Last Week in AWS.

Newsletter Footer

Sign up for Last Week in AWS

Stay up to date on the latest AWS news, opinions, and tools, all lovingly sprinkled with a bit of snark.

This field is for validation purposes and should be left unchanged.
Sponsor Icon Footer

Sponsor a Newsletter Issue

Reach over 30,000 discerning engineers, managers, and enthusiasts who actually care about the state of Amazon’s cloud ecosystems.