Good Morning!

And we’re back! Hopefully everyone enjoyed their holidays / reInvent decompression / not hearing about cloud every ten seconds.

Today, let’s have a brief summary of what got put out since re:Invent. Let me know what you think…

From the Community

This post shows an unfortunate cost caveat of AWS DMS. This is the problem with services having a dozen different billing dimensions, and 15 other services they trigger costs within: nobody can model the costs in their head anymore without running the workloads and discovering this sort of thing for themselves.

This is a remarkably hard hitting piece by a current AWS employee detailing the "Silent Sacking" that’s been going on over there. Former AWS VP Adrian Cockcroft weighed in on it as well. It’s clear that we’re less in "Day 2" territory at AWS than we are "Day 3," and Bezos’s famous "it’s always Day 1" statement has proven to not be true. These stories map very well to what we’re seeing from the outside.

I missed Stephen O’Grady’s recap of re:Invent when it first came out; Re-founding, reInventing and the Future of AWS is artfully crafted.

Yan Cui has a piece on How to Securely let Frontend Apps to Directly Access AWS services up, and I can’t decide if this is amazingly insightful, or profoundly cursed. As always, your use case is going to dictate whether or not you think this is a great idea or not.

Chris Farris has revisited SecurityHub , and deemed it better, but not all the way fixed. It’s sad and also telling that I depend upon people like Chris to explain the caveats and nuances of services like Security Hub to me, as AWS has largely abdicated the role of clearly explaining itself. On the plus side, Chris’s work remains excellent.


Screaming in the Cloud: Benchmarking Security Attack Response Times in the Age of Automation with Anna Belak

Screaming in the Cloud: The Fundamentals of Building Mission-Driven Technology with Danilo Campos

Choice Cuts

AWS Lambda adds support for Python 3.12 – Whatever was going on with the delays in getting new language runtimes out a year or more after the language version itself was released seems to have been resolved. I wonder how long it’ll take that unpleasant chapter to fade from the collective awareness around Lambda?

Amazon EC2 Serial Console is now available in all Local Zones – This is a good thing, because it’s historically been maddening to have to incur the mental overhead of remembering just which bits of the EC2 experience apply to this instance in that region or local zone. I generally think of "local zones" as some number of AWS Outpost racks in a colocated facility, akin to what I used to work on professionally in the early 2010s. You can do a lot in those environments, but a lot of AWS special magic is going to be missing. Easy example: out of AWS’s hundreds of services available for our collective use, Local Zones offer nine or less. Note that they’re also a bit spendier and almost certainly less durable. In other words: if you don’t need to use a Local Zone, use a region instead.

macOS support policy updates for the AWS CLI v2 – This is more than a bit of a mess. Apple itself doesn’t support as many historical versions of macOS as the AWS CLI does. If the CLI team is looking for things to work on, how about "making v2 available via a pip install," "setting v2 to be the default branch on the github repo," or "having the binary installer support Apple Silicon / Arm?" Customers running unsupported operating systems as decreed by the OS vendor should have zero expectation that third party tools will continue to support them.

How Transfer Family can help you build a secure, compliant managed file transfer solution – It’s easy to look at AWS Transfer Family and think that it’s economically ridiculous. You wouldn’t be wrong! Given that it charges 30¢ an hour per protocol (FTP, SFTP, FTPS) plus another 4¢ per GB sent to it, running this thing to share files with your friends would be a horrible start to your "pay AWS less money" New Year’s Resolution. But that’s not what it’s built for. Think of large banks dealing with legacy, behind-the-times partners such as other large banks–or worse, being a startup and dealing with a partner like that. You’re unlikely to move them, so you’ve gotta meet them where they are. Having spent time at multiple companies implementing this stuff manually, the few hundred bucks a month or whatnot to run this is a steal. That’s the use case, not sharing warez with your teenage friends. Remember, almost anything can be expensive and absurd if you hold it wrong.


I adore this Region Comparison Tool that compares a lot more features between different services. It shows where things I depend upon, like v2 API Gateways, aren’t being deployed, opting instead to be yeeted over the wall in nearly ten regions now. This alternative script does something similar if you want to tweak it yourself.

… and that’s what happened Last Week in AWS.

Newsletter Footer

Sign up for Last Week in AWS

Stay up to date on the latest AWS news, opinions, and tools, all lovingly sprinkled with a bit of snark.

"*" indicates required fields

This field is for validation purposes and should be left unchanged.
Sponsor Icon Footer

Sponsor a Newsletter Issue

Reach over 30,000 discerning engineers, managers, and enthusiasts who actually care about the state of Amazon’s cloud ecosystems.