Pour one out for Protocol, a phenomenally well-written tech publication that suddenly shut down and laid everyone off last week. They’ll be missed; their team was great, and a constant source of news for this newsletter.
But in happier news, the greatest release of re:Invent 2022 has already hit and we haven’t even started the show yet; keep reading!
By the way, the final results are in for this year’s charity shirt fundraiser: you all helped us raise $35,225 for 826 National! Thank you all for your help!
From the Community
Are you willing to pay $430K for a stranger’s cryptocoins? Well, that’s what some companies had to fork out in cloud bills when notorious threat actor TeamTNT hijacked their cloud resources to mine just $8,100 in crypto coins. Stay ahead of these menaces. Get the latest threat intel from Sysdig on how attackers have evolved their techniques to steal your cloud resources for no good!
A dive into how to peer VPCs across regions via Terraform.
This is the first thing I’ve read that made Rust something I’d consider trying out: Carefully exploring Rust as a Python developer.
McKinsey of all places has a dive into questioning what many have taken as a given: does Kubernetes really give you multicloud portability. It turns out it’s not quite that simple; imagine that.
I continue to learn new things, in Kubernetes the Much Harder Way.
Going all cloud opens a world of possibilities, but it can also open a wide door for cyber-attackers. Getting set up on AWS takes a bit of time with lots to consider if you´re planning an operative, secure, reliable, and cost effective solution. These 26 AWS Security Best Practices to Adopt in Production from Sysdig will guide you through the process!
Mai-Lan Tomsen Bukovec has a poignant and germane post titled Live Your Best Life Through Balcony Hopping. I don’t think I’ve read anything else this year that so directly puts its finger on the pulse of the exact things I wrestle with in the quiet moments.
Vox notes that Amazon ads are everywhere. It’s only the beginning. They’re right. They’ve even started creeping into the AWS console.
Wired delves into the myth of the infinite cloud and its attendant climate impact.
Jobs
The Pinecone vector database makes it easy to build high-performance vector search applications. At Pinecone you would have the opportunity to work with world-class scientists and engineers who have built large scale ML applications and platforms at leading companies and cloud providers. We have several engineering opportunities open in New York and Tel Aviv – visit www.pinecone.io/careers/ to find out more.
Podcasts
Last Week In AWS: gp3 for thee, RDS
Last Week In AWS: How To Learn Something New: Kubernetes The Much Harder Way
Last Week In AWS: The Canary in the Git Mine
Screaming in the Cloud: Snyk and the Complex World of Vulnerability Intelligence with Clinton Herget
Screaming in the Cloud: The Non-Magical Approach to Cloud-Based Development with Chen Goldberg
Choice Cuts
The LAN was a magical place to learn about computers. You could do things that would be unthinkable on today’s internet: permission-less file sharing, experimental servers with no security, shared software where one machine could easily bring down the network, and surly network admins who somehow didn’t get ejected from companies due to their toxic attitudes. Can we have a 90’s LAN-like experience again, along with the best parts of the 21st-century internet? Tailscale thinks we can, and I’m inclined to agree with them. Try now – it’s free forever for personal use with up to 20 devices. I’ve been using it for over a year personally, and am moderately annoyed that they haven’t attempted to charge me for what’s become an essential-to-my-workflow service.
Amazon NAT Gateway Now Allows You to Select Private IP Address for Network Address Translation – For as much as that thing costs, it should allow me to select from a variety of fine caviars as well.
Amazon S3 Glacier improves restore throughput by up to 10x when retrieving large volumes of archived data – This is one of those fun releases that improves an issue I didn’t realize existed. Fun story: in the Before Times, I asked a room full of people (I was giving a talk, not being a jackass at Applebee’s) to raise a hand if they’d used Glacier before. A bunch of people raised their hands. "Now keep your hand up if you’ve ever restored something from Glacier." Virtually every hand went down. It’s just not something people restore from all that frequently–which is the point! But when you need it, you’re sure glad that it’s there.
Amazon Time Sync is now available over the internet as a public NTP service – But given that it reports as Stratum 4 (lower numbers are better; Google’s equivalent service reports as Stratum 1) it appears that the source of time is Grandpappy’s old watch kept in an AWS data center for sentimental reasons.
AWS re:Post launches a community leaderboard – I’ve spent a couple of days poking around re:Post and regret to inform you that it seems baby seals get more hits than this iteration of the AWS Forums does.
Announcing the new Applications widget on AWS Console Home – I’m still holding out for custom widgets. Imagine if you could get this level of snark inside of the AWS console itself!
Amazon S3 request-level information on use of access control lists (ACLs) coming to S3 server access logs and AWS CloudTrail – While yes, this does make the logs and also this newsletter issue slightly wordier, it’s incredibly helpful information to have.
Know Before You Go: An AWS Partner’s Guide to re:Invent 2022 – I was kinda surprised to discover that this post was more than just a list of dire threats.
Datadog’s full-stack observability platform allows you to get deep visibility into cloud, on-premises, and hybrid environments during cloud migrations. Read our AWS cloud-scale monitoring eBook and learn about the benefits and complexities of migrating workloads to AWS, how to plan and track every stage of your migration, how to get deep visibility into serverless and containerized applications with Datadog, and more!
Introducing our final AWS Heroes of the year – November 2022 – These are AWS premier community members. To be clear I am not nor have I ever been one! If anything, I’m an AWS Villain.
Now Open–AWS Region in Spain – The rain in Spain falls mainly on the control plane, which then reflects on your AWS bill. ¡Olé!
Introducing Amazon EventBridge Scheduler – I love this so much. Finally. FINALLY! I don’t have to change one of the EventBridge rules for this newsletter twice a year to account for Daylight Saving Time. Yes, I could have overengineered something to compensate for that, but I don’t have "invoke a Lambda function twice a week" kinda money lying around here.
Migrate ROW CHANGE TIMESTAMP from IBM Db2 for z/OS to Amazon RDS for PostgreSQL or Amazon Aurora PostgreSQL-Compatible Edition – Ah hell the mainframe is leaking into AWS again. Somebody call a plumber!
You can now assign multiple MFA devices in IAM – This is the greatest release of this or any other re:Invent. It’s not just about IAM: it applies to the root user as well!
Finally. Finally we don’t have to share QR codes in password vaults, disable MFA, or strike Faustian bargains. This is incredible.
AWS Fault Isolation Boundaries – This is a new whitepaper that you should absolutely take the time to read. It discloses a bunch of single-region services, describes various cloud failure modes during outage situations, and is just phenomenal top to bottom.
Tools
Migrating to a cloud provider, like AWS, offers many benefits to its customers but setup must be done correctly to prevent potential security breaches. Check out the Top 7 AWS Security Misconfigurations you should be aware of to prevent potential security gaps in your infrastructure and discover remediations, such as use of AWS SCP in AWS organizations to define safety guardrails.
… and that’s what happened Last Week in AWS.