Good Morning!
I’ll be at the Chicago AWS summit this week along with several of my Duckbill Group colleagues. Come find us, we’ll likely be haunting the show floor.
From the Community
What can happen when you copy Lambda function code from the Internet and deploy it to your AWS account? Read the Sysdig blog that walks you through a real attack scenario from a black box and white box angle to uncover a vulnerable AWS Lambda function and learn the best practices to mitigate this vector attack.
Google biffs it again by discontinuing its IoT Core service next year. Y’know, IoT services? Those things you embed into products you then sell and ship to customers with the economic model baked in and little if any ability to update them post-sale? My god.
IT Pro asks whether AWS’s naming strategy gives it a competitive edge. No, because their naming is crap, IT Pro. It doesn’t even give them a Snowball Edge, an actual product whose name gives them no end of mockery online for obvious urbandictionary related reasons.
A year after its OpenSearch debacle, the consensus seems to be that AWS is improving its open source reputation.
Jobs
Enabling code changes to be deployed faster than ever before, DevCycle is looking for feature flag developers to help keep software innovation flowing. With a streamlined workflow for resolving any issues that may arise in production, DevCycle is the perfect place for those passionate about code to make a real impact. Join a company on the cutting edge of software development and help engineering teams shorten release timelines from months to days.
Podcasts
Last Week In AWS: An Unexpected Love Letter to Azure
Last Week In AWS: AWS Private 5G v2
Last Week In AWS: Trivy-al Releases
Screaming in the Cloud: Google Cloud Carbon Footprint with Steren Giannini
Screaming in the Cloud: Invisible Infrastructure and Data Solutions with Alex Rasmussen
Choice Cuts
Observability Leader Honeycomb Releases O’Reilly Book on Observability
Honeycomb helps you sift through billions of events to see your application’s hidden problems so you can quickly debug before users notice. Get your FREE copy of our new O’Reilly book and register for our Authors’ Cut Series to discuss key concepts
Amazon EKS announces cluster-level cost allocation tagging – Necessary but not sufficient. I want to know what the cost is on a pod level…
Amazon MSK Serverless is now integrated with AWS CloudFormation and Terraform – Amazon MSK Clickless.
Amazon SageMaker Canvas enables faster onboarding with automatic data import from local disk – Great! Fix the session hourly charge problem that bit me so it doesn’t enable faster customer bankruptcy.
AWS Config now supports 20 new resource types – And my AWS Config bill ticks steadily upward as a result.
AWS Cost Anomaly Detection gets a simplified interface for anomaly exploration – I keep forgetting that there’s more to this service than just the alerts I get in Slack. It’s time for me to revisit…
AWS Cost Categories now support Out of Cycle cost categorization – AWS Cost Categories remains a hidden gem of the AWS billing experience, but it does require a certain level of customer maturity.
A Decade of Ever-Increasing Provisioned IOPS for Amazon EBS – If you take a look at what’s happened over the past decade and where we started, it’s pretty astonishing. AWS’s storage technology is both "sweepingly transformative" as well as "improves so steadily that most people don’t recognize just how far we’ve come."
AWS Trusted Advisor – New Priority Capability – "Trusted Advisor is crap, but if you pay us enough we’ll have your account team curate the things that are actually important and prioritize that above the irrelevant noise."
How Grillo Built a Low-Cost Earthquake Early Warning System on AWS – This is nothing. Back in the data center days we built a low-cost earthquake early warning system by balancing a laptop precariously on top of a server rack. When it went crashing to the floor, it meant an earthquake was starting. Okay, honestly it usually meant that Dewey the Data Center Tech was back in the building and extremely accident-prone…
Would you like to learn how to build inherently secure applications without jumping through time-consuming security hoops? Join our Live Hack Series on AWS where we’ll demonstrate how a malicious actor might exploit some of the most common vulnerabilities across several application components, and what you can do to apply automated security controls across the SDLC to quickly find and remediate those risks!
New – HTTP/3 Support for Amazon CloudFront – This week has been an HTTP/3 education for me. One thing I learned: you have to explicitly enable it on Safari.
Managing Kubernetes control plane events in Amazon EKS – "We picked a Kubernetes default that may not work for you, and rather than applying engineering solutions to this have decided to make implementing a workaround your expensive problem instead."
Amazon DynamoDB can now import Amazon S3 data into a new table – "Let’s make migrating a table between regions or accounts or even within one account be overcomplicated, with extra steps." This is SO CLOSE and yet SO FAR from what customers actually want that it’s actively infuriating.
Live content moderation using machine learning – Okay, if you’re pushing content like this then why is the auto-moderator bot on every AWS Twitch stream so aggressively awful? I no longer really participate just because I’m tired of playing the "what innocuous statement will trigger some auto-moderation rule" game.
Customize AWS Config resource tracking in AWS Control Tower environment – "Config can be really expensive, so here’s how to turn it off" is one solution. I’d accept it from, say, me. But when AWS is saying it, maybe you should fix the damned "do I track resource changes or do I remain solvent" problem, no?
AWS launches AWS Wickr ATAK Plugin – It protec. It ATAK. Mostly it just crappy Slack.
How to use customer managed policies in AWS IAM Identity Center for advanced use cases – I admit, it’s gonna take me a while to get used to reading about the IAM Identity Center and grokking that it’s about the service formerly known as AWS SSO…
Enabling secure mission success with Wickr RAM in Department of Defense Cloud One – AWS took this blog post down soon after publishing it, but I kept (and linked to!) the receipts because I’ve been trying my damnedest to make a "Wicker Man" parody song work, and they just gave me a freebie in terms of "Wickr RAM." Thanks, AWS!
Take a look inside the lab where AWS makes custom chips – This post talks about Toronto, California. As best I can determine there is in fact no such city. That’s okay, it’s not like details matter when it comes to custom processors…
Tools
If everything in your AWS accounts becomes horribly compromised, where’s the air-gapped backup that lets you rehydrate your business? If you don’t have a great answer to that terrifying question, you should talk to Clumio!
I’ve been using CloudSnorkel’s CDK GitHub Runners to effectively do all of my GitHub Actions CI/CD nonsense in Lambda functions. It’s surprisingly straightforward to get working; check it out if this interests you.
This look at Lambda runtime info for Node runtimes tells you exactly what’s running / available in that environment.
… and that’s what happened Last Week in AWS.