Good Morning!

Welcome to issue number 147 of Last Week in AWS. Last week I reported on an AWS engineer spilling customer credentials into GitHub. A late-breaking update after that issue went to press reveals that it was in a personal capacity, not a professional one. This does change the story somewhat![[ /fromthecommunity ]]

From the Community

Did you know observability doesn’t just help ops–it’s incredibly useful during development too? “Bullcrap– prove it!” Well, okay: Eaze uses Honeycomb to stabilize their existing service while simultaneously building their new Go and Node.js microservices platform. Observability lets them see exactly how to prioritize work and maintain reliability. Listen to the webcast to learn how Eaze reduced the costs of running their service and increased customer happiness at the same time — with Honeycomb. Alternately, just rebrand your crappy monitoring product as “observability” and call it a day like some notable vendors do. Sponsored

Catching up with the cloud trend and the AWS ecosystem – empty

A marketing teardown of AWS’s accidental sending of their email template a few weeks ago. I’m struck by how much more compelling their filler text is than some of their actual email content. As AWS’s new self-appointed Chief Marketing Officer, I will address this problem despite not being allowed into any AWS office or being paid.

I don’t usually report on Azure in this newsletter–there isn’t a lot of news that’s broadly relevant to an AWS audience. That said, if a hypervisor escape into other tenant instances doesn’t qualify, nothing does.

You’d really think that “AWS’s partnership with Iridium means your IoT crap can now connect globally” would have gotten more traction, but here we are.

An IT cost management company that excels at busting into conference attendees room despite Do Not Disturb signs being posted to deliver swag extends its core competence to patent trolling VMware out of $235m. It’s nice to see companies in this space diversify!

AWS made just shy of $10 billion last quarter, almost all of which was due to you folks failing to turn off your EC2 instances when not using them. I’m disappointed in you all.

The headline of Defying Company Policy, Over 300 Amazon Employees Speak Out is a bit out there, but there’s a lot of good commentary in here. So far no formal word from Amazon; there are some amazing people in this list who clearly care passionately about a better tomorrow.


If you’re considering a job change, check out a position below. Regardless of where you find it, you should definitely negotiate your salary. If I were to magically become employable, I’d immediately head to and talk to Josh Doody about it before saying anything further. He’s done this many times before, with a special emphasis on engineering roles at FAANG companies. He’s an artist when it comes to getting the best compensation possible without seeming greedy or losing the offer. He offers coaching, free articles, an ebook, and other things along the way. Check him out–and tell him Corey’s talking about him again.

Amazon RDS Proxy – now in preview – is a fully managed, highly available database proxy for Amazon Relational Database Service (RDS) that makes applications more scalable, more resilient to database failures, and more secure. Your job, should you choose to accept it, is to finally defeat the opponents of progress who are resisting extending support for this service to Route 53.

X-Team is hiring Go developers with strong AWS skills, anywhere on the planet. The work is interesting, they partner with companies you’ve heard of, and you can work from wherever you care to be. Now before you wind up getting cynical, let me save you some time–I already did, and hopped on a phone call to chat with them and then berate them for their crappy culture. Instead I was pleasantly surprised: they invest in their people (including a personal development stipend), they have distributed community events (both online and in person around the world), and actually work with their employees; this isn’t a “send us a postcard if you ever get there” body shop. Take my word for it; check out X-Team and see for yourself. Tell them Corey sent you…x

Choice Cuts

This issue is sponsored by CHAOSSEARCH. They’ve created new technology and architecture (say goodbye Lucene!), which dramatically lowers the costs of log analysis, and in turn, is passing those cost savings along to you. Before they sponsored this newsletter I recommended them to my clients–check them out and see for yourself. Tell them Corey sent you, and watch them shake their heads in resignation that I’m still shooting my mouth off about their problem domain. Sponsored

Fact-checking GigaOm’s Microsoft-sponsored benchmark claims | AWS Compute Blog – Azure stumbled into a briar patch by trumpeting the results of a sponsored benchmark that has them handily beating out AWS. The trouble is, nobody in their right mind ever trusts a sponsored benchmark, just because it LOOKS untrustworthy. Personally when I see vendors trotting out benchmarks in advertising at all, I suspect they’ve lost the plot somewhere. I get that GigaOm has to pay the bills somehow, but this really cheapens their brand…

Amazon Managed Cassandra Service now supports ordering clauses in CQL queries and AWS CloudTrail logging – This opens up Pandora’s box of “how the hell do you pronounce CQL in such a way that you neither get yelled at, nor get it confused with SQL?”

Amazon RDS for MySQL Supports Authentication with Active Directory – I had to double check that the fake service generator didn’t spit this one out, but it’s somehow real. Why on earth would you do this?!

AWS Backup is now available for Amazon Elastic File System (Amazon EFS) in 4 additional regions – I see. So the previous “cross-region backups now supported!” announcement was heavily caveated? Ouch.

AWS Certificate Manager Private Certificate Authority Now Offers CloudFormation Resources – Be careful with this one. At $400 a month per CA charge means that this can get fiendishly expensive if you expose a logic bug.

AWS OpsWorks for Chef Automate Now Supports In-Place Upgrade to Chef Automate 2 – …but you’d be far better off in-place upgrading directly to Docker, or some other form of immutable infrastructure.

New Digital Course: Architecting Serverless Solutions – It’s now free to spend three hours in a digital training course in which you’re told you’re building applications completely wrong and need to evolve your software development approaches. I swear, it’s like these people have never once looked at the #serverless hashtag on Twitter…

Update on Amazon Linux AMI end-of-life | AWS News Blog – AWS once again fails to catch Google in its core competency of “turning things off,” and sets back the original Amazon Linux EOL date by a full six months.

Results of the 2019 AWS Container Security Survey | Containers – Remember the AWS Container Security Survey late last year? Of course you don’t; this is the first I’m hearing about it too. Apparently 90 people visited the survey, which tells me that they didn’t do a super job promoting it. For comparison’s sake, in the last issue of this newsletter in 2019 only three links got fewer clicks than that–one of which being the unsubscribe link.

Receive AWS Developer Tools Notifications over Slack using AWS Chatbot | AWS DevOps Blog – This is a nice idea, but I’m pretty sure that the only company that uses AWS CodeCommit, AWS CodeBuild, AWS CodeDeploy, and AWS CodePipeline also uses Amazon Chime instead of Slack.

The value of using an Email Service Provider (ESP) for end customer communications | AWS Messaging & Targeting Blog – I agree with absolutely everything in this blog post except for the very last paragraph that suggests using SES. Having more than a little experience with large scale email systems, SES fills that role rather well–but falls down a well and starves to death in the context of anything above the plumbing level–say, like sending a snarky weekly email to 17,000 people.

How to set up CloudWatch Anomaly Detection to set dynamic alarms, automate actions, and drive online sales | AWS Management & Governance Blog – “People don’t care about monitoring no matter how much we yell at them, so we’re going to pivot into how to use CloudWatch to drive additional sales.” It’s a bit of a reach, but at least it’s something new from a venerable space.

Automated Response and Remediation with AWS Security Hub | AWS Security Blog – My whole problem with posts like this is that it pushes what absolutely feels like undifferentiated heavy lifting away from AWS and onto the customer, in the form or “hey, wire these 12 things together yourself to solve the problem that basically everyone has!” Isn’t the entire point of Security Hub to not have to deal with this entire class of problem?


“Landing zones but not terrible!” is compelling; AWS Organization Formation sounds like AWS could have named it.

… and that’s what happened Last Week in AWS.

Newsletter Footer

Sign up for Last Week in AWS

Stay up to date on the latest AWS news, opinions, and tools, all lovingly sprinkled with a bit of snark.

"*" indicates required fields

This field is for validation purposes and should be left unchanged.
Sponsor Icon Footer

Sponsor a Newsletter Issue

Reach over 30,000 discerning engineers, managers, and enthusiasts who actually care about the state of Amazon’s cloud ecosystems.