Good Morning!

Welcome to issue number 136 of Last Week in AWS.

This week takes me to Nashville for some reason. re:Invent is nearly upon us; it’s a great time to not make any significant changes for the next few weeks if there’s a chance an AWS feature release will solve the problem for you. Expect a torrent of releases over the next few weeks as a result.

From the Community

Automatic updates. Auto-generated code. Who would go back to the days of manual operations? Epsagon, an AWS Advanced Technology Partner, delivers automated, distributed tracing for monitoring and troubleshooting cloud microservices – containers and serverless. Get started today with a Free Trial to see how Epsagon provides flexibility with the convenience of a fully automatic solution that fixes issues in seconds with trace, log and payload visibility in a single interface. Save your developers 95% in troubleshooting time and reduce errors by 75%. Sponsored

Meet a stranger at re:Invent and try not to get murdered. I’ve signed up.

Cloudonaut reviews the AWS Global Accelerator. My own review of it is still to come.

I think that this article titled the introduction to servers I wish I’d had lives up to its name. This would have made so much clear to me when I was getting started.

Using Lambda and ClamAV to scan S3 objects for viruses just makes me very, very sad as the 2010s draw to a close.

Do you want to monitor memory on AWS Elastic Beanstalk? Of course not, but you should do it anyway.

A fascinating story about how AWS’s outage last week in Frankfurt was handled without downtime for any customers by a vendor.

AWSgeek attempts to explain the unexplainable: Amazon Cognito.

A guide to AWS re:Invent brought to you by Datadog (motto: “Tinder for pets”).

I sat with Jeff Barr and Ariel Kelman at AWS to debunk some AWS myths.

The third part of my twelve week Networking in the Cloud series has been posted. This time I talk about BGP.

A serverless DynamoDB importer apparently wrote a million records in sixty seconds with a single Lambda. That’s some “using Route 53 as a database” level architecture from the sounds of it.


If you’re considering a job change, check out a position below. Regardless of where you find it, you should definitely negotiate your salary. If I were to magically become employable, I’d immediately head to and talk to Josh Doody about it before saying anything further. He’s done this many times before, with a special emphasis on engineering roles at FAANG companies. He’s an artist when it comes to getting the best compensation possible without seeming greedy or losing the offer. He offers coaching, free articles, an ebook, and other things along the way. Check him out–and tell him Corey’s talking about him again.

Amazon Redshift is AWS’s petabyte-scale data warehouse service in the cloud whose name should in no way be construed as a dig at Oracle. It enables customers to dramatically increase their query performance when analyzing virtually any size data set using the same SQL-based business intelligence tools they use today. They’re looking for developers with expertise and passion for building large scale distributed systems. There are a number of rules, but in general experience with parallel query optimization and execution, large scale data analytics, highly available/fault tolerant systems, replicated data storage, and operating complex services running in the cloud are all pluses.

There are a number of fascinating roles on offer from ThousandEyes. Having been to their office and talked with their staff, a few things stood out. Most notably, they’re a startup (so each person has massive impact) while focusing on global-scale problems. Notably, their retention rate is sky-high and people don’t have that dead look in their eyes that so many startup employees seem to. Check them out; they’d make my short-list of places to work if I were employable.

X-Team is hiring Go developers with strong AWS skills, anywhere on the planet. The work is interesting, they partner with companies you’ve heard of, and you can work from wherever you care to be. Now before you wind up getting cynical, let me save you some time–I already did, and hopped on a phone call to chat with them and then berate them for their crappy culture. Instead I was pleasantly surprised: they invest in their people (including a personal development stipend), they have distributed community events (both online and in person around the world), and actually work with their employees; this isn’t a “send us a postcard if you ever get there” body shop. Take my word for it; check out X-Team and see for yourself. Tell them Corey sent you…

Choice Cuts

ThousandEyes report Sponsored

Amazon CloudSearch provides option to mandate HTTPS & minimum TLS version – Apparently I wasn’t the only person who’d forgotten that CloudSearch existed; the security team rediscovered it recently too!

Amazon CloudWatch Metric Math now supports additional functions – But does it support additional math? Truly, math is the most compelling feature a monitoring system can provide to its users.

Amazon DynamoDB adaptive capacity now handles imbalanced workloads better by isolating frequently accessed items automatically – They’re edging ever closer to telling you when you’ve got hot keys rather than keeping it as a fun mystery you get to solve in your free time.

Amazon ElastiCache now supports T3-Standard cache nodes – You can now add “CPU credits exhausted” to the already-lengthy list of why your cache might be breaking things.

Amazon GuardDuty Supports Exporting Findings to an Amazon S3 Bucket – This is a nice enhancement from their default of “exporting findings to a dashboard that nobody remembers to check.”

Amazon RDS for SQL Server now supports R5 and T3 instances types – Wow. It’s not every day you see the license for a database cost an order of magnitude more than the hardware for the database; usually that’s an Oracle trick.

Amazon RDS Performance Insights Supports Counter Metrics on Amazon RDS for SQL Server – You can now illustrate exactly where on the spectrum of “slow AND expensive” your SQL Server falls this week.

Amazon Redshift announces a console refresh to improve management and monitoring of your data warehouse – Your multi-million dollar data warehouse gets a fresh coat of paint on the clunky webapp you use to interact with it.

Amazon SNS Adds Support for Dead-Letter Queues (DLQ) – This is where all of your SNS messages to Santa Clause wind up.

Automate your operational playbooks with AWS Systems Manager – Now you can click buttons to resolve errors, because that always works super well. Runbooks are great until suddenly they’re disastrous.

AWS CloudFormation updates for Amazon API Gateway, AWS CodePipeline, AWS Amplify, Amazon ES, AWS App Mesh and more – So many service enhancements, so little time to pick one to beat up! Let’s go with… CodePipeline! It’s like SNS for CI/CD only expensive. It’s like they held a vote for the most creative name and then picked the loser. It’s like GitHub Actions except for all the customers.

AWS CodePipeline Enables Passing Variables Between Actions At Execution Time – …how on earth was it a “pipeline” without this?! We need a plumber over here, please.

AWS Cost Explorer now supports Hourly and Resource Level Granularity – And because it’s part of the billing system, there’s no reasonable way to know what it’s going to cost you before you use it. “1¢ per 1,000 resources, a typical EC2 instance has 24” because of course it freaking does.

Bring Your Own IP for Amazon Virtual Private Cloud is Now Available in Five Additional Regions – The BGP folks are over the moon happy about this; those of you who make better choices probably vaguely suspect this is an area into which you should not press. You are correct.

Data Lifecycle Manager now supports adding tags to the lifecycle policy – Visibility comes for all things; eventually to the hideous bill around your data storage.

NoSQL Workbench for Amazon DynamoDB adds support for DynamoDB local – DynamoDB has always seemed goofy to me, and (judging by the terms and conditions around it) freaking terrifying to AWS’s lawyers.

Parameter Store announces enhanced search experience – That’s Systems Manager Parameter Store to you, and it’s now open for business.

Use the AWS CLI v2 preview with AWS Single Sign-on to increase developer productivity – This is a formal offering from AWS that effectively offers the open source tool aws-vault as a service. I’m optimistic that this will offer other handy fixes for annoying CLI issues.

You now can configure table settings when you restore a table from your Amazon DynamoDB backups – Somehow I missed that there was now a formal way to restore backups that didn’t require writing a custom importer from scratch. Wow!

15 Years of AWS Blogging! | AWS News Blog – This is a heartfelt, sincere, authentic reflection by AWS Chief Evangelist Jeff Barr on his fifteen years of blogging, except where he refers to me as a “pundit” and picks the losing side of my Great War for AMI Pronunciation. It’s a great read; check it out.

AWS Data Exchange – Find, Subscribe To, and Use Data Products | AWS News Blog – The AWS Dating Exchange is now live, in a bold attempt to put Tinder out of business. I’m told there’s no better place to Date a Scientist.

New Automation Features In AWS Systems Manager | AWS News Blog – It appears that they haven’t spoken to enough real-world customers. The concept of “update my version of Foo to 3.2” can be called a lot of things, but no engineers call it a “document.”

New – Import Existing Resources into a CloudFormation Stack | AWS News Blog – Finally there’s an altermative to the “good work with that thing you built in the console, now throw it all away and build it in CloudFormation–what are you, stupid?” position that AWS has taken towards us for the past fifteen years or so.

How to enable encryption in a browser with the AWS Encryption SDK for JavaScript and Node.js | AWS Security Blog – The AWS Encryption SDK for Javascript is indeed now Generally Available. I don’t see what all of the hubbub is about. I find the existing crypto libraries to be far too confusing, so I just roll my own. “If I can’t break it, it’s secure.”

Monitor data transfer costs related to Amazon S3 Replication | AWS Storage Blog – The original version of this blog post typo’d the cost per GB of data transfer as 20¢. That’s more damning than anything I could possibly say about it.


The recipe for observability has two main ingredients: tools that provide so much more than metrics dashboards, and an engineering culture of software ownership. Our latest e-guide, Developing a Culture of Observability, lays out why observability culture and tools go hand-in-hand. Learn how observability culture reduces business risk, makes developers happy, and increases site reliability – all for the benefit of your customers. Happy devs – happy customers, with Honeycomb. Sponsored

If you want to scream at people but need a good excuse, how about detecting manual AWS console actions to find your next victim?

… and that’s what happened Last Week in AWS.

Newsletter Footer

Sign up for Last Week in AWS

Stay up to date on the latest AWS news, opinions, and tools, all lovingly sprinkled with a bit of snark.

"*" indicates required fields

This field is for validation purposes and should be left unchanged.
Sponsor Icon Footer

Sponsor a Newsletter Issue

Reach over 30,000 discerning engineers, managers, and enthusiasts who actually care about the state of Amazon’s cloud ecosystems.