Good morning!

Welcome to issue number 128 of Last Week in AWS.

A relatively sedate week from AWS, all things considered. If you’d prefer to listen to my snark, as always the AWS Morning Brief is the podcast version of this newsletter.

From the Community

Helen Anderson explains what the hell an AWS Kinesis is.

I’m super annoyed that I had to make a public statement this week that I’m not paid to make fun of Amazon by any of its competitors. Apparently not everyone can say that. Where’s my check?!

A dive into AWS CloudWatch Container Insights. Pro tip, be careful around the CloudTrail charges…

Cloudonaut reviews Amazon Aurora Serverless, somehow without comparing it to Route 53.

DynamoDB streams as a form of cost control? Sign me up.

The ECS optimized AMI is interesting; take a deep dive into it.

A dive into handling complexity in lambda functions.

The best part about new AWS features is waiting for Rhino Security Labs to find creative ways to abuse them. Next up, Abusing VPC Traffic Mirroring in AWS.

Some actual data shows up around burstable EC2 instances.

Marco was a great AWS VP; now clearly 1tired of working at a company people mostly admire, he’s off to Goldman Sachs instead.

This week’s S3 Bucket Negligence Award goes to Lion Air. And you thought they only cheaped out on pilot training…

Last week on Screaming in the Cloud I covered Going Serverless with AJ Stuyvenberg.

Tim Bray talks about Cloud and Open Source.

I’m not entirely sure where to start with Chef’s series of unforced errors this week. Their deal with ICE? Their stonewalling the complaint? Their amateur-hour hardcoded runtime dependency on someone else’s GitHub account? Their characterization of Seth acting in his capacity as “former employee” rather than as a member of the community? Their hamfisted lifting / theft of Seth’s code and claiming it as their own followed by a bumbling apology? Their CEO’s description of cashing a check as a “principled moral decision?” Or the fact that their CEO utterly failed in his primary duty as to present his company well. Chef’s an amazing company with spectacular staff and community who’s being thoroughly failed by their “leadership” at this time. More, unfortunately, to come in future weeks.


If you’ve got an interesting job for this newsletter’s eminently employable subscribers, get in touch!

This week’s team / victim at AWS to receive the jobs spotlight is the Amazon Elastic Compute Cloud (EC2) Core Platform Team! You may have heard of them–they build the services that do actual work instead of futzing around with flashy on-stage ML / AI / BlockChain nonsense. They’re far too polite to say that, so I will instead. Work on things that are fantastic and underneath the hood of the rst of it–like AWS Time Sync (yes, it’s real and it’s fantastic). I’m not eligible to work there, as it’s not the Corey Platform Team, but you probably are; check them out.

X-Team is hiring for a fully remote team, anywhere on the planet. The work is interesting, they partner with companies you’ve heard of, and you can work from wherever you care to be. Now before you wind up getting cynical, let me save you some time–I already did, and hopped on a phone call to chat with them and then berate them for their crappy culture. Instead I was pleasantly surprised: they invest in their people (including a personal development stipend), they have distributed community events (both online and in person around the world), and actually work with their employees; this isn’t a “send us a postcard if you ever get there” body shop. They’re looking for folks with AWS skills, as well as a wide variety of other technical abilities; this is legit. Take my word for it; join X-Team and see for yourself. Tell them Corey sent you…

Do you want to work in the Bay Area? Almost certainly not; the people are insufferable here. Consider instead staying wherever the hell in the US you happen to be and talking to Truss, a software consultancy. Picture all of the advice that I’d give you, and now envision that wrapped in something you could tell a customer without getting punched right in your sarcastic mouth. That’s what Truss does, but they for some unknown reason don’t describe it that way. Currently, they are seeking Senior Software Engineers anywhere in the US (yes, even the crappy parts) to help them with commercial and government contracts. Seriously, read this thing–they tell you what levels they’re looking to hire at AND THEN THEY EXPLAIN THEM SO YOU DON’T FEEL LIKE A MORON FOR NOT KNOWING THEIR INTERNAL RUBRIC! Virtually any other hiring manager who happens to be reading this should look at their job descriptions and feel comparatively ashamed.

Choice Cuts

Some companies sponsor this newsletter. Other companies I recommend based upon my experiences with them. This week, CHAOSSEARCH is both. If you want to use Elasticsearch APIs but want to spare yourself the “run an ES cluster, maintain it, fix it all-too-frequently, curse God, retire to the wilderness” steps, check them out. Your data lives in your own S3 bucket, while their magic provides incredibly responsive queries with the same ES APIs you already know and… tolerate. Reach out to CHAOSSEARCH and tell them I sent you, and also to turn off their caps-lock key. Sponsored

Amazon API Gateway Simplifies Invoking Private APIs – An incredibly complicated service makes a thing less complicated and declares victory, as they well should. If I want to know how API Gateway works, I save time and skip the impenetrable documentation–I ask Richard Boyd for help instead.

Amazon Athena adds support for inserting data into a table using the results of a SELECT query or using a provided set of values – I thought Athena was a read-only database. Today I learned…

Amazon EKS provides EKS-Optimized AMI metadata via SSM Parameters – Why in the world would this matter to anyone!? You don’t use Kubernetes if you want things to be simpler, you use it to add horrendous levels of unnecessarily complexity! Doesn’t the EKS team talk to their customers?!

Amazon EKS Supports Cluster Tagging – Relax, they’re not real tags–they don’t do cost allocation. They just–wait, they let you set security policies?! Are you mad!?

Amazon Elastic Inference Now Available In Amazon ECS Tasks – You can now use Machine Learning on the blockchain with containers more effectively, completing the trifecta of “fund me immediately” buzzwords.

Amazon S3 introduces Same-Region Replication – This is such a long-requested feature and such a clear and obvious win for customers that I can only assume someone lobbied passionately and well against it. “We must have customers replicate back and forth between regions for this functionality!” presumably screamed the VP who was bonused on data transfer spend.

Amazon WorkSpaces Introduces WorkSpaces Restore to the Last Known Healthy State – Because “f*ck it, revert to last known good state” is sometimes the only answer when dealing with Windows. I don’t miss those days.

AWS CloudFormation updates for Amazon EC2, Amazon ECS, Amazon ElastiCache, Amazon ElasticSearch, and more – “CloudFormation team finally conceded and did work for a week” is the uncharitable reading of this headline. It feels like CF lags so desperately far behind the services it empowers that something needs to be done–but what?

AWS Elemental MediaConnect Adds Ability for Content Owners and Subscribers to Share the Cost of Live Video Entitlements – “This lets content owners share the cost of content syndication with their subscribers, reducing expenses and simplifying billing.” That’s what it sounds like when Amazon lies to your face. “Only a percentage of the bill goes to you, the rest goes to a counter-party” is the exact opposite of bill simplification!

AWS Step Functions adds support for dynamic parallelism in workflows – empty

Introducing Amazon EC2 G4 Instances with NVIDIA T4 Tensor Core GPUs, the Most Cost-effective GPU Platform for Machine Learning Inference and Graphics Intensive Applications – Your G3s are old and busted, G4s are the new hotness. What does the G instance family do? Nobody can remember all of them; I couldn’t tell you. I thought the headline was closer to the P family, so what do I know?

NoSQL Workbench for Amazon DynamoDB – Available in Preview | AWS News Blog – And then immediately updated once it came out that the Windows version was eating people’s ~/.aws/credentials files. People kinda need those…


If you want to intentionally whitelist a handful of S3 buckets for public access, you’d be hard pressed to come up with a better name than YES3.

… and that’s what happened Last Week in AWS.

Newsletter Footer

Sign up for Last Week in AWS

Stay up to date on the latest AWS news, opinions, and tools, all lovingly sprinkled with a bit of snark.

"*" indicates required fields

This field is for validation purposes and should be left unchanged.
Sponsor Icon Footer

Sponsor a Newsletter Issue

Reach over 30,000 discerning engineers, managers, and enthusiasts who actually care about the state of Amazon’s cloud ecosystems.