Good Morning!
This week re:Inforce descends upon Boston. I also turn 40 so screw that noise, I’m staying in San Francisco with my family.
There’s oh so much more to come later this week, but today let’s get right into it…
From the Community
Observability Leader Honeycomb Releases O’Reilly Book on Observability
Honeycomb helps you sift through billions of events to see your application’s hidden problems so you can quickly debug before users notice. Get your FREE copy of our new O’Reilly book and register for our Authors’ Cut Series to discuss key concepts
Friend of the Newsletter Forrest Brazeal has an excellent article about the cloud billing risk that scares me most as a developer. One note: Oracle Cloud does in fact have a "we are bloody serious about the free tier and will not let you run up a charge until and unless you affirmatively upgrade." It’s one of the best things about their platform.
The media is reporting that Amazon Will Reportedly Scale Back Its Private-Label Products, so we may see them sunset Amazon Basics MongoDB (but they call it DocumentDB for some reason) in the near future.
The New Stack has an article about Honeycomb’s Arm Advantage. They also have the advantage of a large team of highly competent people to implement basically whatever they want.
Amazon is acquiring One Medical (my doctor’s office, in fact!) and I’m convinced that this is bad news for society.
I don’t fully understand all of the nuances behind Alex DeBrie’s Understanding Eventual Consistency in DynamoDB., but I’m sure I’ll get it eventually.
I really thought I’d have had some outreach from Microsoft on my Azure’s Security Vulnerabilities Are Out of Control article by now, but as of this writing? Radio silence.
I remain unconvinced that Linuxes (Linuces?) optimized for individual providers is the right path, but a version of Rocky Linux optimized for Google Cloud has arrived.
Jobs
Product Security at DigitalOcean helps solve large challenges while reducing the burden of security on dev teams, whether they’re building serverless function isolation or customer IAM. They believe security should make safe development easy. They’re looking for Senior Product Security Engineers who can collaborate with internal developers to design secure architecture and construct secure-by-default guardrails that empower engineers to make informed security decisions.
Podcasts
Last Week In AWS: AWS’s Disclosure Improvements
Last Week In AWS: Azure’s Security Vulnerabilities are Out of Control
Last Week In AWS: Immortal AWS Accounts, the Methuselah Pattern
Screaming in the Cloud: Cloud-Hosted Database Services with Benjamin Anderson
Screaming in the Cloud: Developer Advocacy, Empathy, and Imposter Syndrome with Brandon West
Choice Cuts
Fortinet’s partnership with AWS is a better-together combination that ensures your workloads on AWS are protected by best-in-class security solutions powered by comprehensive threat intelligence and more than 20 years of cybersecurity experience. Integrations with key AWS services simplify security management, ensure full visibility across environments, and provide broad protection across your workloads and applications. Visit us at AWS re:Inforce to see the latest trends in cybersecurity on July 25-26 at the Boston Convention Center.
Amazon Braket SDK adds support for near-real time cost tracking – At last! An AWS service offers near realtime cost tracking. This is the grail of Cloud Economics! I’m just disheartened that it apparently requires a quantum computer to do it.
New Amazon EBS Elastic Volumes automated performance settings make it even easier to modify volumes and save costs – I want to see a projected cost impact first; I can imagine a couple of scenarios where this does customers no favors, but I haven’t had the chance to model them out yet.
The AI Use Case Explorer is now available – Great, there’s now a tool to solve the actual business problem of "leadership wants to do something that we can call AI but we have no blessed clue just what the hell that might be at our company." This is surprisingly insightful of AWS to provide.
AWS Lambda announces support for Attribute-Based Access Control (ABAC) – Awesome. I can control access based upon attributes of my Lambda functions. Two notable attributes of the Lambda functions I author is that they are both "overwrought" as well as "shitty."
AWS re:Post introduces community-generated articles – If you want to do volunteer work and write articles for no money I guess you do you, but there’s a reason that I periodically feature guest authors on the Last Week in AWS blog. I’ll also point out that every last one of them is paid for their work (though some choose to donate it to a non-profit due to conflict-of-interest issues with their employers).
AWS Single Sign-On (AWS SSO) adds support for AWS Identity and Access Management (IAM) customer managed policies (CMPs) – AT LAST! Suddenly I can map SSO users to the same management structure I was using for IAM roles. This is a great thing.
Best Practices from Crayon for Building an Agile Cloud Center of Excellence with AWS – Most of the business cases I’ve seen for an Agile Cloud Center of Excellence were indeed written in crayon.
How We Sent an AWS Snowcone into Orbit – I just assumed that it had hitched a ride on the Managed NAT Gateway bill and asked politely to be dropped off as it passed the ISS.
Every application needs authentication, but building it yourself is a distraction. FusionAuth is customer identity software built for developers. They’re not Auth0. Their people know authentication and will show you a better experience. What’s cool is you can self-host so you’re in control of your identity data. There’s a free download version, no strings attached. Or if you want it hosted, they’ll set you up in AWS, just ask.
Introducing Amazon CodeWhisperer in the AWS Lambda console (In preview) – I’m horrified at the idea of authoring and editing a Lambda function within the console for anything that’s even slightly beyond "a quick typo fix." Meanwhile I still can’t edit a small text file in the S3 console.
Simplifying serverless best practices with AWS Lambda Powertools for TypeScript – This solves the problem of bringing Powertools to a language which likes to periodically "pull a Twitter" by yelling at you for things that could theoretically be taken slightly out of context.
Understanding AWS Lambda scaling and throughput – This may be the most in-depth explanation of a topic that’s mostly only understood by getting it painfully wrong a bunch of times first.
Create a notification for changes to Amazon WorkSpaces gateway ranges – Oh lovely, surprise IP address changes have a way of just absolutely ruining people’s weeks. At least there’s now a way to get notified about it.
Keep your AWS resources when you rename an AWS CloudFormation stack – Reading the depth this requires means that the answer on how you rename a CloudFormation stack remains "you don’t."
Four ways to buy cloud with federal year-end funds – There’s usually a bit more discretion and class involved in messaging "you have leftover budget, it’s ‘use it or lose it,’ so hurry up and give it to us before it evaporates." Respect for the transparency here.
Amazon Open Sources new Cloudscape Design System – I used their older "northstar" system to build out hasIAMfailedopenyet.com, but the Cloudscape system looks like a nice refinement of that into something better suited for production / aggressive shitposts mocking the AWS console design aesthetic. More to come on this in the future, without a doubt.
Tools
Developers are responsible for not just the code they write, but also the containers and cloud infrastructure their applications run on. And a big part of that responsibility is application security. Meet Snykers at AWS re:inforce or your local AWS Summit to learn more about how Snyk integrates seamlessly with AWS to keep applications secure.
This AWS region picker is focused purely on latency. While it’s not the only factor to consider when selecting a new region, it’s definitely a good place to start.
… and that’s what happened Last Week in AWS.
