Good Morning!

We’ve recently launched AWS Morning Brief and Screaming In The Cloud into video on YouTube, for those who are into that sort of thing. Check them out!

From the Community

Are you struggling to determine what analytics workloads can perform well in the data lake, and which ones should be pushed to the data warehouse for peak performance? According to Gartner, you’re not alone. But thankfully, a category of technologies that Gartner calls “analytics query accelerators” are here to help. Get your free copy of the new Gartner Market Guide Analytics Query Accelerators, courtesy of ChaosSearch. Learn how analytics query accelerators provide SQL or SQL-like query support on a broad range of data sources to deliver BI dashboards, interactive query capabilities, and support for data modeling. Help your data lake deliver faster time to value – get the free Gartner report, courtesy of ChaosSearch, today!

The not-at-all-suspiciously-named "Very Good Software, Not Virus" blog has an experience report about Baby’s First AWS Deployment. Well worth the read.

My observation that S3 Is Not a Backup seems to have been well received. Huzzah!

Protocol has a writeup on the state of the ECS and EKS container services at AWS. Now they should do the other 32 ways to run containers on AWS.


The AWS UX Research Team is one of the biggest research teams at Amazon, and is growing as AWS services focus more than ever on delivering great customer experiences. We are not only striving for excellent experiences within each service, but also for cross-service experiences, and there’s plenty of opportunity to innovate how research can support the evolution of the AWS customer experience.

At Modern Treasury, we are building payments infrastructure to power $750 trillion in bank transfers every year. Before Modern Treasury there has never been a universal API into the global banking system. Our ambition is to be the de facto standard for money movement for the world’s most innovative and fastest growing companies. Our customers use our APIs to automate payouts, direct debits, balance tracking and other payments use cases at scale. Join our engineering team at Modern Treasury to help build the new foundation of business and finance.


Last Week in AWS: S3 Is Not a Backup

Last Week in AWS: Speaking to the Dead with Amazon Chime

Last Week in AWS: The Perils of Bad Corporate Comms

Screaming in the Cloud: It’s like a HeatWave, Burning in my Heart with Nipun Agarwal

Screaming in the Cloud: The Demystification of Zero Trust with Philip Griffiths

Screaming in the Cloud: Would You Kindly Remind with Peter Hamilton

Choice Cuts

Observability is critical for managing and improving complex business-critical systems. With observability, any software engineering team can gain a deeper understanding of system performance, so you can perform ongoing maintenance and ship the features your customers need. Preview Honeycomb’s upcoming O’Reilly book to understand the value of observable systems and how to build an observability-driven development practice.

Amazon CloudFront now supports Server Timing headers – This feels like a move towards end to end tracing. Having just played around with X-Ray to debug a Lambda function only to end up giving up due to sheer frustration, I’m cautiously optimistic.

Amazon CloudWatch adds option for easy monitoring set up – A delightful change from its usual "hard as passing a kidney stone" monitoring setup process.

Amazon EC2 now performs automatic recovery of instances by default – This beats the pants off of the old default of "guess I’ll just die then."

Amazon RDS Free Tier now includes db.t3.micro, AWS Graviton2-based db.t4g.micro instances in all commercial regions – Imagine that, a free tier offering that doesn’t vary per region. Looking at you, EC2.

The AWS Lambda console now supports bulk update of layers – "No!" cries the ignorable voice of the masses who have not seen the way and the light that is ClickOps.

AWS Security Hub launches 12 controls for security posture monitoring – This will be very helpful to your security posturing.

Selecting the right database and database migration plan for your workloads – My joke about "the job of the future is figuring out which of AWS’s 40 managed database offerings a workload should use" is getting disturbingly close to not being a joke anymore.

New – Cloud NGFW for AWS – There are entirely too many disparaging ways to misread that name. Cloud NGMI, NFW, GFY, NSFW, and more.

Integrating Dropbox with AWS SSO for governed file sharing in an AWS Control Tower environment – This is a neat idea, but let’s disregard it for a second in favor of the last sentence: "The content and opinions in this post are those of the third-party author, and AWS is not responsible for the content or accuracy of this post." What the hell is the matter with you? It’s a blog post on your corporate blog, yes you damned well are responsible for it! I have guest authors write posts from time to time at Last Week in AWS; I don’t feel the need to disavow them because I read them first, y’know?

Up to 15 times improvement in Hive write performance with the Amazon EMR Hive zero-rename feature – Amazon is very bad at naming things, so they have a new policy of not renaming things as a result.

Using larger ephemeral storage for AWS Lambda – "Now that there’s a new feature, we should probably get around to demonstrating its use, huh" is a fairly common pattern that we see continuing here.

What can happen when you copy Lambda function code from the Internet and deploy it to your AWS account? Read the Sysdig blog that walks you through a real attack scenario from a black box and white box angle to uncover a vulnerable AWS Lambda function and learn the best practices to mitigate this vector attack.

Understanding Virtual Network Interfaces on AWS Snowball Edge – AWS is apparently moving backwards in time and teaching a bunch of born-in-the-cloud types how to handle data center networking.

Automated, scalable, and cost-effective ML on AWS: Detecting invasive Australian tree ferns in Hawaiian forests – Apparently Australian tree ferns are so invasive that they’re debating launching their own Marketplace for third parties.

Build a mental health machine learning risk model using Amazon SageMaker Data Wrangler – Tired of seeing me mock Machine Learning® for being applied to dumb use cases, the SageMaker team tries instead to present one that’s horrifyingly dystopian. "People don’t feel safe talking to their provider about mental health, so we’re going to analyze their medical records so we can intercede anyway" has a whole mess of nuance and danger to it that I absolutely do not think Amazon has frankly bothered to consider.

Improve search accuracy with Spell Checker in Amazon Kendra – Rest assured, this is optional. You can keep misspelling words as you name new AWS products.

Powering Travel through Geofences and Amazon Location Service – This is a strong competitor to the early days of Apple Maps, which Powered Travel through Actual Fences, Brick Walls, and Into The Bay.

AWS Organizations now provides a simple, scalable and more secure way to close your member accounts – Hallelujah! Meanwhile, your organization’s terrible security posture now provides a simple, scalable and less secure way to close other people’s member accounts.

Enforce compliance using AWS Organizations tag policies with Serverless Transit Network Orchestrator (STNO) – Did a Machine Learning® algorithm write this headline? It smashes together a whole bunch of unrelated things.

Collecting AWS networking information in large multi-account environments – This is a microcosm of the larger problem: there is no decent way to get an inventory of everything within one, let alone multiple, AWS accounts.

Implementing Default Directory Indexes in Amazon S3-backed Amazon CloudFront Origins Using CloudFront Functions – If your product requires me to write custom dynamic functions that are then executed on every request, purely to display an index of the files I’m serving, then your product is not one that I would consider to be very good.

How governments can use open source solutions for faster transformation and more – It’s good to see open source being advocated for as something other than "launching a substandard hosted option with a dumb name."

What you missed at the AWS IMAGINE: Nonprofit conference – The fact that this is the headline tells me that absolutely nobody showed up to this thing.


While AWS doesn’t like to talk about it, this multi-cloud thing is…well a thing. This is where MinIO comes in. MinIO’s high performance, Kubernetes-native object store works on every cloud – literally all of them from AWS to Zayo. This means you can build S3-like data infrastructure anywhere. The world’s fastest object store with READ/WRITE speeds in excess of 325 GiB/sec/165 GiB/sec respectively, MinIO can handle any workload – from modern databases to AI/ML and advanced analytics. Couple that with a suite of enterprise features for ILM, IAM, security and resilience and organization can architect consistency for their data persistency – across and between clouds. Don’t take our word for it, see for yourself at

I stumbled upon this glorious mess in the Serverless App Repo (it’s like the AWS Marketplace except nobody’s heard of it as it slowly decays into irrelevance): a tool to highlight whenever someone is performing ClickOps in your account. I like it very much.

… and that’s what happened Last Week in AWS.

Newsletter Footer

Sign up for Last Week in AWS

Stay up to date on the latest AWS news, opinions, and tools, all lovingly sprinkled with a bit of snark.

"*" indicates required fields

This field is for validation purposes and should be left unchanged.
Sponsor Icon Footer

Sponsor a Newsletter Issue

Reach over 30,000 discerning engineers, managers, and enthusiasts who actually care about the state of Amazon’s cloud ecosystems.