My apologies for this morning’s duplicate sending– the first copy had a broken link to CloudHealth’s webinar on cloud migrations due to a rendering bug on my end. It’s been fixed below. As it turns out, computers are hard; please feel free to hit reply and hurl snark my way, as I certainly deserve it. Once again, my thanks to CloudHealth for making this newsletter possible.

And now, for the second time today:


Welcome to issue number 34 of Last Week in AWS.

The pace of AWS releases continues to increase, as re:Invent grows nearer. We’re one week away from the start of the conference; if you’ll be in Las Vegas, I hope to see you there. I can’t wait for the conference, if for no other reason than that the pace of new releases should slow down somewhat– it’s getting unwieldily to keep this format sensible.

This week’s issue is sponsored by CloudHealth.


Nearly 40% of companies exceed their budget during migration to the public cloud. Join this webinar to learn: 1) 5 key steps for a successful migration to AWS / Azure, 2) how to reduce the cost of migration by 20-40%, and 3) how to avoid common migration mistakes. Register today to ease your migration to the cloud.

Community Contributions

An in depth dive of the AWS Well Architected Framework. If you’ve heard the term but couldn’t define it, welcome— I’m with you. This helps.

Cross account trust roles are complex. Here’s a great writeup on how they work, with examples.

Why Amazon DynamoDB isn’t for everyone and how to decide when it’s for you – Where was this write up a week ago when I was implementing DynamoDB myself for the first time? I immediately regret every decision I made.

Perhaps you never wondered how to get LibreOffice running in AWS Lambda. Perhaps you are an ancient dinosaur waiting for the asteroid to put you out of your misery.

AWSgeek returns with a visual service summary of the AWS Storage Gateway.

While it’s not an S3 bucket negligence award, watching DXC incur a massive AWS bill due to disclosing AWS keys on a public GitHub repository is fairly damning for a consultancy that charges money to tell the rest of us not to do this precise thing.

This week’s S3 Bucket Negligence Award comes from the US federal government. Really? With all the process and procedural red tape of governmental work, just… really? And it contains data from the Pentagon spying on social media?!

Choice Cuts From the AWS Blog

Amazon Route 53 Releases API to View Service Limits – Now there’s a way to figure out how close you are to Route53 service limits before you find them via smacking into them face first at full speed. Sometimes Amazon’s “we’re customer obsessed” sounds awfully close to “okay, fine, we won’t treat our customers with active contempt.”

Announcing an increased monthly service commitment for Amazon EC2 – EC2 went from three and a half nines of reliability to four— 99.99%. This is great, but I’d love to see an SLA around other services past “they’re generally available.”

Announcing AWS OpsWorks for Puppet Enterprise – Finally, OpsWorks isn’t restricted to Chef, the single major configuration management system I’ve never touched in anger. Full disclosure: I spent a summer as a contract trainer for Puppet several years ago. This is terrific news for an awful lot of companies.

AWS CodeDeploy Supports Local Testing and Debugging – Between this, SAM Local, and the DynamoDB localized java tarball dingus, I’m closer than ever to having an AWS stack running purely on my laptop. Wait— can I run Greengrass on an x86 architecture?

AWS Database Migration Service Adds Support for AWS Snowball – “You know that service we have that likes to break your data and destroy the thing upon which you built your business? We’ve put it in a box!”

AWS Database Migration Service Offers Migration Validation – For all the smack I talk about the Database Migration Service, this one legitimately caught me by surprise. If an intern wrote a data migration tool that didn’t validate its work, I’d gently chastise them and urge them to do better. How the heck did DMS not do this until now? Am I the jerk here?

Introducing additional block storage for Amazon Lightsail – You can now add additional block volumes to LightSail. Only 200 short feature releases to go before the LightSail team realizes they’ve completely rebuilt EC2 from first principles…

Introducing new instance sizes to the Amazon EC2 X1e Memory Optimized instance family – AWS solves the problem of people who want to spend horrifying amounts of money on huge-RAM instances, but don’t have $18K a month to throw at them yet. “Here, have a slightly smaller instance for roughly half of that” is a compelling story for those having trouble getting their money piles to ignite.

New normalized units, instance family, and region information in the AWS Cost & Usage Report – Reserved Instance coverage reports get slightly closer to a day where you don’t have to stick your tongue out the corner of your mouth to do the math in your head.

New One-step Migration Wizard to Migrate a Classic Load Balancer – Amazon becomes ever more explicit about its message of “GET THE HELL OFF OF CLASSIC LOAD BALANCERS,” in case the horrifying failure modes weren’t direct enough for you.

Spot Fleet now supports Target Tracking and new plug-in for Atlassian Bamboo – “What if we brought AutoScaling-style benefits to Spot Fleets?” “You mean for launch, since it’d be pretty useless for most workloads without that?” “No, I mean ages later, once folks have worked around a bunch of annoying limitations themselves!”

Matrix Analytics Uses Deep Learning on AWS to Boost Early Cancer Detection | AWS AI Blog – I talk an awful lot of smack about AWS, but stuff like this is nothing short of incredible. There are companies doing amazing things on the platform.

Use the New Visual Editor to Create and Modify Your AWS IAM Policies | AWS Security Blog – IAM policy creation is still byzantine and depressing, but at least now it’s a lot prettier. This is handy, and solves a major pain point for people like me who struggle to map the abstract nature of IAM policies to actual resources in our heads.

Building a Hotdog Detecting App on AWS—Yes, Really | AWS Startups Blog – There’s absolutely no snark I can write that will top the snark inherent in actually building a HotDog / Not HotDog app. Well done, Amazon Startup Blog. Well done.


This handy tool lets you visualize security groups. Security groups are very straightforward to manage until you have more than ten of them, at which point the seventh seal has crumbled and you’re living in the middle of the apocalypse.

I’m still playing with this cost anomaly detector, but early indications are promising. Being able to identify deviations from historical AWS spend across a variety of axes is handy!

Yet another script you can run that will keep you off of the Check Out What This Company Did list of shame.

Last week’s tool for finding stale security groups is now in Lambda form, thanks to a generous reader.

Spotswap lets you use spot fleets without the fear of having the bid price rise to the point where your entire environment dies. It swaps out spot for on-demand automatically.

Ci/CD for Lambda is a great thing— but you’re now wondering whether it’s “automatically test and deploy Lambda functions,” versus “automatically test and deploy your code USING Lambda functions.” Go read and find out.

A bit off the beaten path, this Twitter account displays all of the outages that Amazon fesses up to experiencing. Add it to your Slack team, PagerDuty rotation, or wristwatch today.

I’m liking traildust’s ability to make sense out of CloudTrail logs from the command line.

Tip of the Week

AWS’s managed NAT gateways are awesome from a simplicitly point of view, but if you’re transferring large amounts of data out of private subnets you may end up paying handsomely for them. Note that they charge per hour, as well as per GB transferred through them. That per-GB charge is in addition to the data transfer charge you pay for the data crossing the AZ boundary. At some point the convenience stops being worth it, and it’s probably time to migrate to running your own NAT instances.

…and that’s what happened Last Week in AWS.

Newsletter Footer

Sign up for Last Week in AWS

Stay up to date on the latest AWS news, opinions, and tools, all lovingly sprinkled with a bit of snark.

"*" indicates required fields

This field is for validation purposes and should be left unchanged.
Sponsor Icon Footer

Sponsor a Newsletter Issue

Reach over 30,000 discerning engineers, managers, and enthusiasts who actually care about the state of Amazon’s cloud ecosystems.