Good Morning!
I didn’t realize my next federal holiday falling on a Monday would happen so soon, but yesterday was one of them. Happy Tuesday, happy start of Q3, and happy AWS billing day for most of you; go check your email for the latest series of charges. At The Duckbill Group we’re always here to answer "fun" questions about things you see in yours that you weren’t expecting; I’ve got one of those my own from late last month.
If you’re in NYC, I’ll be there next week for the AWS summit, and in town all week; we’ll be hosting a drinkup on Wednesday evening(7/13); hope to see you there. All are welcome!
From the Community
Free Copy of Honeycomb’s O’Reilly Book: Observability Engineering Looking to make the switch from monitoring to observability? Download your free copy of Honeycomb’s O’Reilly book: Observability Engineering to help you get started. Debrief the chapters with the authors themselves during our Authors’ Cut Series.
I’m not such a fan of Amazon Cognito, but Be a Better Dev has a Complete Beginner Guide that makes it more tolerable.
It’s always fun when people discover the Lumberyard legal terms and conditions that talk about a zombie apocalypse. What makes this article fun is that it’s written by lawyers.
It’s not just me; this analysis of why someone would switch from AWS CodePipeline to GitHub Actions further reinforces my position that GitHub Actions really should be your default choice.
TechCrunch has an article about AWS’s CodeWhisperer launch, titled Amazon launches CodeWhisperer, a GitHub Copilot-like AI pair programming tool. It includes the line "ahead of today’s announcement, Vasi Philomin, Amazon’s VP in charge of its AI services, stressed that the company didn’t simply create this in order to offer a copy of Copilot." This is of course an outright lie because when it comes to press denials, Amazon has zero credibility. Obviously it’s because they saw Copilot’s beta launch and frantically slapped together a competing offering. Do they think we’re this easily misled?
My post about 9 Ways AWS Made Me Headdesk When Using the CDK generated some great discussion. The consensus is that I don’t know what I’m talking about, but we knew that already.
Podcasts
Last Week In AWS: 9 Ways AWS Made Me Headdesk When Using The CDK
Last Week In AWS: Concerning Your DeepRacer’s Extended Warranty
Last Week In AWS: Enter Your Passwordle
Screaming in the Cloud: Granted, Common Fate, and AWS Functionality with Chris Norman
Screaming in the Cloud: TikTok and Short Form Content for Developers with Linda Vivah
YouTube: From Broadway to Tech with Carla Stickler
YouTube: The ChatOps Issue That No One’s Chatting About
Choice Cuts
Fortinet’s partnership with AWS is a better-together combination that ensures your workloads on AWS are protected by best-in-class security solutions powered by comprehensive threat intelligence and more than 20 years of cybersecurity experience. Integrations with key AWS services simplify security management, ensure full visibility across environments, and provide broad protection across your workloads and applications. Visit us at AWS re:Inforce to see the latest trends in cybersecurity on July 25-26 at the Boston Convention Center.
Amazon EC2 Auto Scaling announces increased Auto Scaling group default limit per account – The default limits are wild to me. Some seem aligned with making sure a free tier user doesn’t accidentally get charged, while others seem way more intense. This one is a good example of the latter; the limit for ASGs has gone from 200 to 500. Free tier friends: do not do this, or you will not like the bill.
AWS CloudShell is available in AWS GovCloud (US) Regions – I started to see how this compared to other companies, and discovered that Azure is gonna Azure. In 2021 they mentioned that "In Azure Government, there is no equivalent to Azure Cloud Shell that you can find in the Azure portal". Yet back at the start of 2020, they did an entire video about Azure Cloud Shell in Government. Left hand, meet right tentacle.
AWS Database Migration Service now supports VPC source and target endpoints – They’ve done it; they’ve actually done it! There’s now a supported AWS service that doesn’t require dark magic to ensure your traffic passes through two Managed NAT Gateways, for double the expensive pain.
AWS SAM Accelerate is now generally available – quickly test code changes against the cloud – I’ve been using this for a bit; I didn’t realize it hadn’t gone GA. Handy!
AWS Support announces an improved create case experience – I discovered this before reading this release, because I’m seeing something odd in my account that I can’t explain. I’m going to hold off until I get a resolution before I talk about it publicly, just because every once in a while these things have security implications… That said, the experience is a definite improvement.
Announcing general availability of Amplify UI for React – I dread having to go back into React, but this will be useful the next time I find myself there, invariably by accident.
AWS CloudFormation template guidelines for AMI-based products in AWS Marketplace – How interesting; I was just talking with someone about what the requirements are to list an AMI in the marketplace, and here’s a post that explains it. Handy!
Migrate from Snowflake to Amazon Redshift using AWS Glue Python shell – You may as well migrate in that direction via trained unicorns, seeing as how no customer I’ve spoken to has ever done it.
Building a low-code speech “you know” counter using AWS Step Functions – The idea is neat, but the implementation here is unkind. As a public speaker, I worked like mad to get "filler words" out of my speech patterns, and I would have appreciated something like this. That said, having it positioned as something to run on other people’s speech (the suggested reference data is the AWS podcast, which features customer guests!) means that someone forgot the human somewhere. Imagine if I ran this on the re:Invent keynotes this December. People would say I was being nasty, that I was punching down, and they would be completely right. Public speaking is hard, and while I’m sure this article wasn’t intended to be used as a stick with which to beat people, that’s very much how it could be interpreted. Don’t do this.
Introducing the new AWS Step Functions Workflows Collection – Okay, this might get me to try Step Functions again. The last time I attempted it, I felt lost, confused, and without good references to get myself unstuck.
Use AWS Nitro Enclaves to perform computation of multiple sensitive datasets – A neat dive through an underappreciated feature. Nitro Enclaves are aimed less at "AWS isn’t secure" and more at "you probably don’t trust everyone at your company with all of the data at your company."
Introducing bare metal deployments for Amazon EKS Anywhere – I’ll have to get some hardware in here later this year and see what I can make of this. Apparently they aren’t even bothering to charge for it yet.
Leverage AWS secrets stores from EKS Fargate with External Secrets Operator – The more I work with secrets in cloud offerings, the more convinced I am that people just give up and hardcode them, then lie about it. SecretsOps is full of terrible things.
Jenkins high availability and disaster recovery on AWS – Oh. Oh no. Are people still using individual Jenkins servers that are artisanally handcrafted instead of a managed service for their CI/CD stuff? This is terrifying.
How Twitch Built the Global Live Streaming Network that Powers Amazon IVS – When you run Twitch’s traffic numbers through a price calculator to see what it would cost to run Twitch at customer IVS pricing, you quickly realize that they are Not Doing That, as it would bankrupt Amazon almost overnight.
400 Amazon CloudFront Points of Presence – I used to track these on the map above my desk. These days there are too many for it to be particularly interesting or actionable, so instead I just track regions and announced-but-not-yet-online regions. It’s Adam Selipsky’s way of teaching me remedial geography.
Tools
Every company needs a plan for when things go wrong. We’ve written these plans many times, and every time wished for a reference that reflects how companies actually work today. So here it is — our years of collective knowledge and experience distilled into a Practical Guide to Incident Management for your whole organisation. Enjoy!
This week’s tool is, of all things, Google. Specifically, this list of "Google Dorks." These are additional search operators that make it way easier to find that one specific thing you’re looking for, once you get past the 3/4 of the search results page that’s become completely full of ads.
… and that’s what happened Last Week in AWS.