Welcome to the 29th issue of Last Week in AWS.

Last week this newsletter crossed 3000 subscribers, which meant this is no longer an experiment– it’s something that I intend to continue for the forseeable future. Thank you to all of you for reading this every week. To that end, check out the new Last Week in AWS site– now with a blog, a design that hopefully doesn’t make you want to claw your eyeballs out, a statistics and info page for those sponsorship requests that I’ve been hedging on, and more.

This week I’ll be giving the keynote at DevOops in St. Petersburg; next week has me at All Things Open in Raleigh. Be sure to say hello if you’re at either of those!

Finally, if you’ll be at re:Invent this year, I’ll be on a panel. More on this in the weeks to come…


This week’s issue is sponsored by Aster Labs. When people used to ask me to set up monitoring, I would cry and find another job. These days, I send them to my friend Mike at Aster Labs instead. Aster Labs– because “all is well” on the AWS status page isn’t enough anymore.

Community Contributions

I missed this when it first came up, but I like the idea of using a serverless architecture to deliver IRC webhook notifications. I used to be entirely too into IRC, and this takes me back. There are so many problems this would have solved to me, if only Lambda were available in 1998.

I received an email telling me that my free tier was expiring at the end of the month. This didn’t thrill me once I did some digging.

AWS Community Hero Teri Radichel writes about S3 bucket security, in an effort to stem the flow of S3 Bucket Negligence Awards. I want to be hopeful that they’ll soon stop popping up, but I’m not optimistic.

I came across this cheat sheet for AWS Lambda last week, and was struck by how it gathers a lot of the far-flung esoteric Lambda information in one place.

Cloudonaut does a demo with AWS Step Functions, which themselves could easily be renamed “AWS What If Lambda Wasn’t Beset By Aggravating Limitations On All Sides.”

I don’t usually link to rumors or photos on Twitter, but when a senior developer advocate for AWS officially puts something on their slides at a conference, that’s a pretty strong case to make an exception. It would seem that blue / green deploys on Lambda are about to become a thing.

This week’s S3 Bucket Negligence award goes to Accenture. Despite their denials, there’s absolutely no excuse for exposing a KMS master key in an S3 bucket, full stop. I’m particularly incensed here because Accenture charges “kidnap the princess for ransom” money to tell other companies to not do this specific thing. Mistakes happen, but this is egregious.

Ben Kehoe sits down for another round of Serverless Superheroes to discuss using serverless for robots (he works for the company that makes Roombas). I’m impressed and slightly sad that nobody used the word “sucks” in the entire interview. I’m never strong enough to resist the easy puns…

Choice Cuts From the AWS Blog

Amazon EMR now supports I3 instances – You can now use the newest generation of memory optimized instances for Elastic MapReduce, prompting the question “wait, you mean you couldn’t before?”

AWS and Microsoft Announce Gluon to Simplify Deep Learning for Developers – Enterprise relationships are fascinating. In one arena, AWS and Azure are cheerfully attempting to murder one another, whereas in another, they launch a project together that unifies machine learning to a point where both parties benefit. Technology makes for strange alliances.

Amazon RDS Reserved Instances Offer Instance Size Flexibility – The AWS blog team is right; “throw away your capacity planning models, the rules just changed again” sounds much less corporate.

Introducing Lifecycle Policies for Amazon EC2 Container Registry – Lifecycle policies have been a big hit on S3; now they come to the EC2 Container Registry, automating the tedious process of blowing away containers you didn’t realize you still needed until a split-second after the command completes.


Amazon SES Introduces Email Templates for Sending Personalized Email – I’m looking into email providers for this newsletter that have a more robust API than my current provider / workflow. I started to look into SES this week, and was again struck by just how far it has to come to be a first-class contender. I want to like it, but I keep running into sharp edges that imply I’d be signing up for a world of pain if I trusted it for my use case… That said, this enhancement is useful for some workloads, but if I started every issue with a personalized greeting I’d creep everyone out.

AWS Developer Tools Expands Integration to Include GitHub | AWS DevOps Blog – CodeCommit’s status as an also-ran is further cemented by a suite of improvements to AWS’s GitHub support across the board. I’m frankly astounded— who could possibly have predicted that something as simple, straightforward, and user friendly as git was hard to get right?

Amazon CloudFront continues to add capacity to the Nordics, Western Europe, and Western United States with new locations in Stockholm, London, and Dallas! – I feel like at this point I’m not getting something. An additional CloudFront Edge location (and all three of these are in cities with multiple existing Edge locations) increases capacity, but not capability. Assuming I’m right, what’s the point of these blog posts? It’s not actionable in any way by AWS customers. Of all the amazing things the AWS blog highlights, why does it keep posting these?

Elastic Load Balancing: Application Load Balancers now support multiple SSL certificates and Smart Certificate Selection using Server Name Indication (SNI) – ALBs now support multiple certificates. In plain English, “dogs.twitterforpets.com” and “cats.twitterforpets.com” can now coexist using TLS behind the same load balancer. Thanks for getting around to addressing my support ticket from 2010, ELB team!


awsinfo is a read-only CLI tool that tells you information about your current AWS account and its resources. With an intuitive series of arguments, it’s handy for getting information quickly, without having to play silly parameter games with awscli.

This quick script lets you quickly look up IAM resource conditions from the command line. Useful for “oh crap what was that one weird edge case I can never remember” when you don’t want to tab out to a browser.

I showcased Holepunch a few weeks back– but AWS Security Group IP Updater is a different take on the same problem. It automatically updates security groups to reflect the IP you’re connecting from. Handy for those times before you have a reliable client VPN, a functioning bastion host, or a screaming emergency that you need to manually address immediately.

Tip of the Week

A year and a half ago, Amazon announced S3 Transfer Acceleration. I missed this until I was recently introduced to it, and it’s worth a refresher now. It optimizes the network between S3 and the client’s nearest CloudFront Edge location, and can cause massive speed increases for asset storage. They’ve got a tool that tests various speed boosts for different regions (holy crap do NOT click that link on mobile or other metered data plans!), and the benefits are clear. At scale it’s not cheap, but then few things are.

If S3 transfer acceleration is useful to you, hit reply and let me know– I’d love to hear about different use cases.

…and that’s what happened Last Week in AWS.

Newsletter Footer

Sign up for Last Week in AWS

Stay up to date on the latest AWS news, opinions, and tools, all lovingly sprinkled with a bit of snark.

"*" indicates required fields

This field is for validation purposes and should be left unchanged.
Sponsor Icon Footer

Sponsor a Newsletter Issue

Reach over 30,000 discerning engineers, managers, and enthusiasts who actually care about the state of Amazon’s cloud ecosystems.