Good Morning!
Happy Monday–the AWS New York Summit is next week. If you’re in town for it, or even in town for unrelated reasons because you choose happiness over cloud talk, come hang out with me at 6PM on Tuesday night at Vol de Nuit and let me buy you a beer or soda pop or whatnot. Tell your friends. Tell your boss. Tell the bartender it’s on my tab.
From the Community
https://github.com/aws/aws-cdk/issues/34892 – AWS announced that the CDK CLI will start collecting anonymous telemetry by default starting August 8, 2025—and the GitHub thread caught fire instantly. While the team insists the data is anonymized and content-free, community reaction was swift and spicy. EU users raised GDPR flags, others blasted the opt-out default, and some rightfully pointed out that upgrading just to disable telemetry in existing projects feels like AWS handing out homework. Bonus points to the user who tried to opt out with npx only to find the command didn’t exist–until they upgraded. It’s opt-out and upgrade-first: the true CDK experience.
I deeply admire the folks at PlanetScale, and now they’re coming for some of my own workloads with their support for PostgreSQL (pronounced, as always, POST-gruh-SQUEAL).
How to get rekt using AWS Neptune may be close to the perfect blog post title for a ridiculous service that made many security trade-offs in its rush to get itself out the door just under the wire, much like my children do on school days.
Aurora DSQL: A Technical Marvel with a Pricing Randomizer holds up. I want to be clear: I love the service. I just can’t trust my estimates of what it’s gonna cost me to run, because I don’t know how to fit this into a mental model that makes sense.
Simon Willison highlights something I’d missed: PlanetScale retired their free tier in one of the most customer-friendly ways I’ve ever seen.
Podcasts
Last Week In AWS: The Hubris of Security Hub
Choice Cuts
Finch expands support to Ubuntu, streamlining container development across platforms – Increasingly I don’t care what the hell container runtime / tooling I’m using, but everything I touch expects docker, so if you’re gonna replace it you need to be a drop-in replacement that other tools won’t object to. Last time I checked Finch wasn’t quite there for this use case; has that improved?
AWS Certificate Manager now supports exporting public certificates – A blog post on this feature that’s a pale shadow of my own.
Remote access to AWS: A guide for hybrid workforces – Or you could avoid most of this crap and just use Tailscale like a sensible person. It’s what I do.
Build AWS architecture diagrams using Amazon Q CLI and MCP – The only real question is which would generate a worse diagram: an unsupervised LLM with a Red Bull addiction, or the allegedly supervised AWS design team that thought the Step Functions icon needed more 90 degree angles. Either way, you’re getting an architectural fever dream, just now in diagram form.
How to Use AWS Data Transfer Terminal – This video is a helpful how-to, but leaves out two crucial details:
-
The soul-crushing bleakness of a data center conference room, which feels like it was decorated by someone who’s only seen colors in theory.
-
The casual assumption that you just have a spare laptop lying around with a 100 gigabit optical interface. Which you will, thirty years from now.
Build the highest resilience apps with multi-Region strong consistency in Amazon DynamoDB global tables – This means you can finally read your own writes across the globe without having to roll your own distributed nightmare. Of course, this miracle of engineering comes with the usual AWS trade-offs: increased latency, extra costs, and the deeply calming feeling of three-way region replication. It’s like they reinvented Spanner, but with more billing line items and fewer vowels in the service name.
Amazon CloudFront announces support for HTTPS DNS records – In a rare move that both makes sense and helps performance, CloudFront can now return HTTPS DNS records. This lets clients figure out what ciphers and protocols an endpoint supports before they waste time on a failed TLS handshake. Imagine that: AWS doing something to reduce roundtrips instead of billing for them.
Amazon Q Business launches the ability to customize responses – Finally, enterprises can tailor their AI chatbot to sound exactly like their support center: 50,000 distinct companies, all faithfully parroting the sacred mantra: "Your call is important to us. Please continue to hold. A representative will be with you shortly." It’s like nostalgia for being ignored, but with AI.
Leveling up Amazon RDS with AWS Graviton4: Benchmarks – AWS claims up to 40% better performance and 29% better price-performance for RDS on Graviton4 vs. Graviton3. Which is their roundabout way of admitting Graviton4 instances cost significantly more. That missing 11%? That’s what we call the AWS Tax.
Using generative AI to help dog owners make smarter health decisions – This headline reads like someone lost a bet during a game of Enterprise Mad Libs. Next up: “Leveraging blockchain to teach your cat mindfulness.”
Amazon EC2 R7i instances are now available in Asia Pacific (Hyderabad) Region – empty
Tools
I’ve been using Claude Code a lot with the Max plan (great conference swag from Anthropic a month ago). ccusage shows how much my usage last month would have been if I’d paid per API call. In my case: Almost $2K. More to come on that later.
… and that’s what happened Last Week in AWS.
