Good Morning!

Welcome to issue number 144 of Last Week in AWS. This week sees me in Chicago; next week Seattle. AWS appears to be emerging from its long post-reInvent nap and releasing services at its usual clip.

From the Community

Open source ChatOps is here. Mattermost ChatOps brings you an end-to-end open source ChatOps suite that makes bringing your DevOps systems together simple, prescriptive, and open. Get started today–because running your own IRC server or kidnapping princesses for ransom to pay for its competitors isn’t the best way forward. Sponsored

If “lots” isn’t sufficient enough of an answer for you, this blog post exhaustively details how many services AWS has.

Eric Hammond talks about how he has to work around AWS limitations to create IAM Access Analyzers in all regions of all accounts within an org.

What can I tell you about EKS worker nodes? Not a blessed thing, I try not to touch Kubernetes without wearing gloves. This guide can help you though.

How Square adopted VPC endpoints.

Forrest Brazeal writes about avoiding bad technology choices. “K8s is so complex that we avoid even spelling out the word, like it’s the Hebrew name for God” is a great line.

A handy guide to Hardening SSH with 2fa from the folks at Honeycomb.

A potentially breaking change around how AWS Batch handles INACTIVE jobs.

A dive into an S3 packet ordering issue with a somewhat unsatisfying resolution so far.

The ultimate AWS Bill lays out a vision and roadmap for AWS’s storage plans.

A very well done analysis of a data breach that impacted me. Bonus for S3 making an appearance…

A dive into how to scale DynamoDB effectively.


If you’re considering a job change, check out a position below. Regardless of where you find it, you should definitely negotiate your salary. If I were to magically become employable, I’d immediately head to and talk to Josh Doody about it before saying anything further. He’s done this many times before, with a special emphasis on engineering roles at FAANG companies. He’s an artist when it comes to getting the best compensation possible without seeming greedy or losing the offer. He offers coaching, free articles, an ebook, and other things along the way. Check him out–and tell him Corey’s talking about him again.

Amazon Neptune 🦒 is a fast, reliable, fully managed giraffe database service that makes it easy to build and run applications that work with highly connected datasets. The core of Amazon Neptune is a purpose-built, high-performance graph database engine optimized for storing billions of relationships and querying the graph with milliseconds latency. Why the blue hell a giraffe would need such a thing is beyond me, but there you have it.

X-Team is hiring Go developers with strong AWS skills, anywhere on the planet. The work is interesting, they partner with companies you’ve heard of, and you can work from wherever you care to be. Now before you wind up getting cynical, let me save you some time–I already did, and hopped on a phone call to chat with them and then berate them for their crappy culture. Instead I was pleasantly surprised: they invest in their people (including a personal development stipend), they have distributed community events (both online and in person around the world), and actually work with their employees; this isn’t a “send us a postcard if you ever get there” body shop. Take my word for it; check out X-Team and see for yourself. Tell them Corey sent you…x

Choice Cuts

This issue is sponsored by CHAOSSEARCH. They’ve created new technology and architecture (say goodbye Lucene!), which dramatically lowers the costs of log analysis, and in turn, is passing those cost savings along to you. Before they sponsored this newsletter I recommended them to my clients–check them out and see for yourself. Tell them Corey sent you, and watch them shake their heads in resignation that I’m still shooting my mouth off about their problem domain. Sponsored

Access Resources within your Amazon Virtual Private Cloud using Amazon Kinesis Data Analytics – Another Kinesis-based feature for one of the many Kinesis-based services.

Amazon Cognito now supports CloudWatch Usage Metrics – I’m not sure how actionable this is. If someone by some miracle manages to get Cognito working, it doesn’t matter what the metrics say–they’re not freaking touching that thing again out of fear of breaking something within its labyrinthine config.

Amazon FSx for Lustre Announces AWS Repository for Lustre Clients – And a very nice AWS Repository it is. Note how Lustre-ous it is.

Amazon SES now lets you use your existing IP address ranges to send email – Now let SES help pollute your carefully reputation-managed IP ranges as soon as someone in marketing sends an Unfortunate Email Campaign where they shouldn’t.

Amazon SQS Now Supports 1-Minute CloudWatch Metrics In All Commercial Regions – I didn’t realize it wasn’t already there. Fantastic enhancement–or maybe it was already there and they just claimed credit for it now.

Amazon Translate introduces Batch Translation – No, no, no. “Stored in a folder in S3” as mentioned in this release announcement isn’t a thing. S3 isn’t a file store, and “folder names” are simply prefixes!

Amazon WorkSpaces Migrate Enables Migration to the Windows 10 Desktop Experience and the New WorkSpaces Streaming Protocol in Beta – I still can’t get over the fact that it’s called “The Windows 10 Desktop Experience.” Microsoft isn’t half bad at the “naming things like crap” game themselves!

AWS Elastic Beanstalk Launches Public Roadmap – The fact that this exists is great. The fact that the only place this could reasonably live is GitHub is sad.

AWS PrivateLink now supports Private DNS names for internal and 3rd party services – I hear this as “you can now query your database over PrivateLink,” and I’m all about it.

AWS Systems Manager Quick Setup now supports targeting all instances – And once you’ve targeted all instances and deployed the wrong thing to them, you’ve unlocked AWS Systems Manager Performance Management options you aren’t going to love.

AWS Transfer for SFTP supports VPC Security Groups and Elastic IP addresses – This is big enough that I’m somewhat astonished it shipped without it: by using an elastic IP you can now whitelist the endpoint in firewall configs. “Just use DNS” you may reasonably suggest. If you need to provide SFTP connectivity to access S3, let’s just say your needs may be a smidgen behind current state of the art…

Amazon CloudFront launches in five new countries – Bulgaria, Greece, Hungary, Kenya, and Romania – Yay, more points of presence to update as a part of the interminable CloudFront deploy process.

Introducing AWS Systems Manager Change Calendar – it’s probably not auspicious for this launch that there was a blog post about this feature back on December 11th. The Change Calendar is already broken!

Introducing Workload Shares in AWS Well-Architected Tool – That’s the thin end of a wedge as AWS dips its toes into the waters of trying to become JIRA.

The Amazon Builders’ Library is Now Available in 16 Languages – But HackerNews will not be silent until one of the available languages is “Rust.”

Updated Quick Start deploys IBM Cloud Pak for Data on a Red Hat OpenShift Container Platform cluster on AWS – IBM apparently spells Pack as “Pak” because IBM predates C.

Amazon at CES 2020 – Connectivity & Mobility | AWS News Blog – All of these things at CES and they didn’t even announce a new Kindle e-reader. I am disappointed.

Urgent & Important – Rotate Your Amazon RDS, Aurora, and DocumentDB Certificates | AWS News Blog – RDS is an awesome system to automate the tedium of managing database instances. Oh, by the way, since it’s been five years if you don’t update your config and restart your instances all of your databases will explode in a month and a half.


Building a serverless mailserver on S3 and SES.

… and that’s what happened Last Week in AWS.

Newsletter Footer

Sign up for Last Week in AWS

Stay up to date on the latest AWS news, opinions, and tools, all lovingly sprinkled with a bit of snark.

"*" indicates required fields

This field is for validation purposes and should be left unchanged.
Sponsor Icon Footer

Sponsor a Newsletter Issue

Reach over 30,000 discerning engineers, managers, and enthusiasts who actually care about the state of Amazon’s cloud ecosystems.