Good morning!

First, last week this newsletter crossed 20,000 active subscribers. Thanks; I’m deeply moved by the fact that so many of you read my nonsense every week.

Second, tomorrow AWS’s Chief Evangelist Jeff Barr turns 60; be sure you wish him a happy birthday. I sure will be! There… might be another email coming tomorrow about that.

Also, last week AWS saw the launch of their “Aeronautics and Satellite Solutions” business group. I really wish AWS ASS luck with the hole thing. AWS ASS is getting bigger all the time. I kinda think something smells about AWS ASS. There’s only one service in AWS ASS: Ground Station, so it kinda feels like they half-ASSed it. I can’t wait to see what other products they pull out of their AWS ASS. The AWS ASS team puts up with this barrage by turning the other cheek. SpaceX’s Starlink may position them to spank AWS’s ASS. This business unit has been in the works for a while, but it didn’t leak. AWS did a great job of sitting on its ASS. Their first launch event is guaranteed to be an AWS ASS blast. If you work on AWS ASS, you’ve gotta have a thick skin, otherwise these might cause you to crack.

From the Community

Have you heard about ChaosSearch, the fully managed log analytics platform that leverages your Amazon S3 as a data store? According to the CTO at Armor, a global cybersecurity company with more than 1,000 customers in 42 countries, “ChaosSearch is a critical piece of our infrastructure for processing tens of terabytes per day of our customers’ log data.” And at Hubspot, the Engineering Lead said “We are able to process and analyze 10’s of terabytes a day of Cloudflare log data to identify and fend off DDoS attacks on behalf of our customers at a fraction of the cost of our previous self-hosted ELK Stack.” So take it from me, or take it from them – either way, take a look at ChaosSearch today! Sponsored

A report of a since-patched Cross Site Scripting exploit in the AWS console is… concerning, to say the least.

A brief dive into what’s doable now that we have shared storage for lambda functions.

The HEY email client apparently runs on AWS, which is great, and Kubernetes, which is considerably less great.

This story of a company pursuing multi-cloud is frankly the best case study I can find in support of not going multi-cloud. “Manage everything ourselves and only use network, storage, and VMs from each cloud provider” was their approach, at which point… why use cloud at all?

13 lessons from someone doing a speed run through 8 AWS certifications.

As if HoneyCode didn’t have enough problems with its launch, this post on how to use it to build a crypto app is certainly not going to help it gain enterprise trust any.

This post from Presto on hunting down transient EC2 networking issues is eye-opening.

Fitness firm V Shred is now challenged by fitness S3 Bucket Negligence Award into their corporate display case.

Summit Route (an AWS security firm) has this excellent LINK AWS Security Maturity Roadmap 2020 that I somehow missed when it first came out.

At this point the only way that AWS Rekognition could have worse press coverage would be for them to put two more Ks into the name, but given AWS’s track record with naming I’m not entirely ruling it out. This time it misidentified over 100 politicians as criminals.

Jeremy Daly has launched the Serverless Reference Architectures Project. Frankly its best selling point is that it’s community driven by people stuck with what AWS has given us rather than folks whose email addresses contain the word “Amazon.”

We dropped our AWS bill to 2% of revenue by using Lightsail sounds like a joke I’d tell except this company did it for real.

Wired’s survey of Virtual Conferences give a delightful taste of how AWS is likely to completely pooch a virtual re:Invent (AWS’s own version of Cloud Next) this year.


If you’ve got an interesting job for this newsletter’s eminently employable subscribers, get in touch!

If you’re looking for a senior management role, consider leading the Well Architected Tech Leads team at AWS. The Senior SA Manager, Well-Architected Tech Leads Leader will drive and improve best practices across a global team, helping customers use AWS better. (Let’s not kid ourselves; some of them are closer to the ideal cloud usage pattern than others, which is why Well Architected exists in the first place…) With roles in several states including California, this is a job of interest to some of you; check it out.

If you’re a Solutions Architect on the Well Architected team, you could slur your words slightly and be a Swell Architect. If that’s not enough to inspire you to greatness, consider the joy in helping customers and partners design better ways of working with the cloud, but not having to stick around for their terrible interpretation of what implementing that architecture looks like. If this sounds at all appealing, consider becoming a AWS SWell-Architected Solutions Architect. Several positions in several states are available; check them out.

Right now, the Well Architected Tool is pretty much a sad checklist. Amazon is looking for a systems application engineer to turn this into something great, since it turns out that after fifteen years of running public-facing web services, one key lesson is that computers are better at rote repetition than people are. It’s worth highlighting that this role asks for 0-3 years as a developer, so if you’re looking for a career change or breakthrough role, this might me of interest to you.

Choice Cuts

Bridgecrew is the developer-first infrastructure security platform for both your public cloud and infrastructure-as-code. If you’re drowning in “Fix missing encryption” Jira tickets, you gotta check them out. They embed throughout the developer lifecycle—from commit to CI/CD to cloud—and they don’t just find issues. They give you the actual code to fix them via pull requests or automated playbooks. The best part? Their platform is free to use up for to 100 cloud resources—just sign up on their website. Sponsored

Find your most expensive lines of code and improve code quality with Amazon CodeGuru – now generally available – Given that it still charges per line of code it analyzes, your most expensive lines of code are the ones you submit to Amazon CodeGuru.

Amazon DocumentDB (with MongoDB compatibility) now supports T3 medium instances – If you disable unlimited mode, DocumentDB will suddenly lose performance, which gets it slightly closer to MongoDB’s model of suddenly losing your data.

Amazon Elastic File System increases file system minimum throughput – This is big–no longer do your initial copy jobs suddenly slam to a complete halt. Now they only slam to a medium halt when the burst credits are exhausted.

Amazon QuickSight launches Histogram, new languages, and cross region APIs – QuickSight is a marvelous example of what AWS services can become if they’re freed from the constraint of having paying customers.

Amazon RDS Proxy is Generally Available – This solves the “10,000 Lambda functions just hugged your database to death” problem.

Amazon Virtual Private Cloud (VPC) customers can now use their own Prefix Lists to simplify the configuration of security groups and route tables – There was a time I’d have given a lot for this feature. Fortunately the next version of me needs but to click a button.

Kernel Live Patching for Amazon Linux 2 is now generally available – “You don’t have to restart your instances for kernel updates” is arguably more meaningful to most companies’ cloud estates than all of AWS Lambda.

AWS CodeBuild supports resource utilization metrics in CloudWatch – AWS’s best serverless offering for running Docker containers on a schedule now gets better monitoring.

AWS CodeDeploy now enables automated installation and scheduled updates of the CodeDeploy Agent – CodeDeploy can now go deploy itself. Given the lack of updates in recent years, SimpleDB can apparently go f*ck itself.

Amazon Comprehend Medical adds relationship extraction to medical condition – This service of course depends upon its pre-existing wallet extraction capability. Because it was pre-existing, insurance won’t help you.

Amazon Personalize adds improved handling of missing metadata – It’s getting progressively harder for me to fill ML training sets with bogus or incomplete data for hilarious results. Soon will be far less funny.

Amazon Simple Email Service is now available in the US East (Ohio), Asia Pacific (Singapore), Asia Pacific (Tokyo), and Asia Pacific (Seoul) Regions – After this many years, I think anyone using SES has either made their peace with its availability, or switched over to a mail service that’s actually decent. This email is brought to you by ConvertKit bolted on top of Sendgrid; SES was never seriously considered.

AWS AppSync introduces new 12xlarge instance for server-side API caching – “Managed services where you still have to pick EC2 instance sizes” are starting to feel a bit retro…

AWS DataSync can now automatically configure your Amazon CloudWatch Logs configuration – “Automatically configure your configuration” is one of those sentences that makes you want to pick up the phone to the teams that write these release announcements and make sure that they’re doing okay. Y’know? It’s a pandemic. Maybe reach out a bit more…

Introducing EC2 Launch v2 to simplify customizing Windows instances – If you say “EC2 launch V2” out loud, you’ll start to realize that maybe someone at AWS needs to start reading those famous six pagers aloud in meetings.

Why AWS Certification Consent is Important for Individuals and APN Partners – If you’re letting your employer count your certifications towards their AWS partner status, make sure you’re being compensated appropriately for it. Curiously, this blog post makes no mention of how to withdraw consent.

Announcing the Porting Assistant for .NET | AWS News Blog – This tool lets you port your .NET applications to .NET Core. I have no idea what this means, as I’m not .NET Corey.

AWS App2Container – A New Containerizing Tool for Java and .NET Applications | AWS News Blog – This tool supporting only .NET and Java should tell you exactly what kind of customer profile it’s aimed at.

Best practices for handling EC2 Spot Instance interruptions – “Only 5% of Spot instances get interrupted” is a fascinating data point.


Remember the Log Song from the Ren & Stimpy cartoon in the 90s? This issue is sponsored by Scaylr; because all kids hate their logs…

♪ ♫ ♬ doo do do doo do doot ♪ ♫ ♬

When your site doesn’t go / Or maybe it’s slow
And people can’t load up your blog Where do you start? / What’s the state of the art?
With logs logs logs

Logs, logs, full of repetitive noise
Logs, logs, Awk and grep? Sorry, they’re toys

Everyone hates the logs
Nobody can read their logs
Improve the state of your logs
Scalyr can help with your logs
logs logs logs
Logs. From Scalyr…
♪ ♫ ♬ doo do do doo do doot ♪ ♫ ♬ Sponsored

I really like as a way to compare EC2 instances, but using curl to spit out the data in table format is just icing on the cake.

Another stab at AWS_PROFILE env var management, this one from a thought lord who knows what’s up in this space.

Turn a Python virtualenv into a AWS lambda deployment package, then get back to work turning Pinocchio into a real boy.

Another week, another stab at using Slack as an AWS billing management tool.

… and that’s what happened Last Week in AWS.

Newsletter Footer

Sign up for Last Week in AWS

Stay up to date on the latest AWS news, opinions, and tools, all lovingly sprinkled with a bit of snark.

"*" indicates required fields

This field is for validation purposes and should be left unchanged.
Sponsor Icon Footer

Sponsor a Newsletter Issue

Reach over 30,000 discerning engineers, managers, and enthusiasts who actually care about the state of Amazon’s cloud ecosystems.