Good Morning!

Welcome to issue 152 of Last Week in AWS. Many of you are likely cooped up working from home, but that’s okay; I’ll keep you company on Twitter all week long if you’d like!

We begin with a glorious announcement; Andrew Certain, AWS Employee and friend of the newsletter (when reached for comment, he would only state “HOLY CRAP DO NOT CALL ME THAT!”) was promoted to Distinguished Engineer at AWS. That’s a VP-equivalent engineering role. They don’t pass that out like candy (there are now only seventeen of them in all of Amazon), and it’s one hell of an accomplishment. Congratulations, Andrew. You deserve it.

From the Community

This issue is sponsored in part by my friends at CHAOSSEARCH)! You know, Mom always said “Log analytics shouldn’t break the bank!” and finally someone has listened! CHAOSSEARCH is a fully managed log analytics platform that leverages your AWS S3 as a data store. Their revolutionary technology radically lowers costs for analyzing log data at scale, and they pass those savings on to you! If you are tired of your ELK Stack falling over, or tired of paying over-the-top prices to the current litany of ho-hum log analytics vendors out there, try CHAOSSEARCH today! So check them out and tell them Corey sent you so they can sigh exasperatedly and ask you what I said this time… Sponsored

It’s not just me; other folks who are benchmarking AWS’s Graviton2 processors are seeing ridiculous improvements for real-world workloads. There’s never been a better time to begin eyeing ARM workloads–once the processors themselves go GA, of course.

A thoughtful analysis of 7 Ways AWS Can Fix Its Public S3 Bucket Problem after some ReplyGuy on Twitter sounded off without a deep understanding of either the problem nor to whom he was speaking.

A discussion of using ELB as a strangler. Specifically, that’s strangler as in the “strangler pattern,” not as in Google’s approach to beloved consumer products like Reader.

An exploration into how Firecracker virtual machines work. Fun fact: it’s called “Firecracker” because if you try to use one to invent your own Lambda equivalent you’re likely to blow your hand off.

Jerry Hargrove / AWSgeek once again has a visual service summary, this time for Amazon Lightsail. If he ever wants to collaborate on one for Route 53, I hope he calls me.

A useful cheatsheet for DynamoDB, with an eye towards preparing for a certification. I find it useful regardless.

Geekwire is reporting that a secret AWS product is coming soon. SHH! AWS is going to be announcing a new service at some point in the future! Giant scoop there…

Even though AWS is supporting the now-EOL Python2 through the end of the year, you absolutely do not want to be building anything even slightly net new on top of it. Please. For me.

This article discusses how open source companies are thriving in the cloud. At some point these companies are going to have to reconcile the stories of “AWS is kicking our butts so hard we can taste its shoe leather” and “we’re seeing record profits.”

A while back I did a tweet thread about my experience with IBM Cloud. I’ve now rehashed it in the form of a blog post.

A further discussion into using GitHub Actions. I’m really liking them; it’s hinting at what’s doable with AWS’s CodeStar suite of tools with a bit of love.

Someone at the Seattle Times took my job title of “Cloud Economist” seriously and asked my thoughts on some macro-economic topics, specifically as to whether Amazon and Microsoft’s cloud divisions could weather a recession. You’ll never guess what I said!

This week’s S3 Bucket Negligence Award goes to a Brazillian “security” firm.


If you’ve got an interesting job for this newsletter’s eminently employable subscribers, get in touch!

The EC2 Control Plane Platform team owns designing, building, provisioning and managing the platforms for all EC2 core services worldwide. Think magic like the provisioning backplane, the Time Sync Service, and many more. Join this storied team and see for yourself what it takes to run something of massive scale with interesting people.

Choice Cuts

ExtraHop provides threat detection and response for the enterprise. On-prem security doesn’t translate well to cloud or multi-cloud environments, and that’s not even counting IoT (because who wants to try?). ExtraHop automatically discovers everything inside the perimeter including all cloud workloads and IoT devices, detects threats up to 95 percent faster, and helps you act immediately. Ask for a free trial of detection and response for AWS at Sponsored

Amazon Athena adds support for querying data in S3 buckets using AWS Identity and Access Management’s aws:CalledVia condition key – Allow me to explain what this release does, since the release announcement does not: “you can’t access the contents of an S3 bucket directly, but when you invoke Athena it can query that bucket on your behalf.” Was that so hard?

Amazon Neptune refreshes the console experience to simplify management of your database – How many words does it take to describe the work of a single screenshot? Click here to find out.

Amazon Pinpoint added template personalization using Machine Learning – …the same kind of Machine Learning, in fact, that leads a company to build a user engagement system like Amazon Pinpoint and then market it to its existing customer base of “infrastructure engineers.”

Announcing column-level access control for Amazon Redshift – Good news, you can now restrict people from reading the column that contains your users’ passwords in cleartext.

Announcing Time Expression for Amazon Comprehend Medical – It appears that the Amazon Comprehend Medical team also got tired of waiting for Timestream to ship, and went ahead with implementing what they needed themselves.

Automate index management with Amazon Elasticsearch Service – “ElasticSearch is terrible, you should manage less of it” isn’t just CHAOSSEARCH’s approach, it’s also every managed ElasticSearch service offering’s approach.

AWS CodeCommit Introduces an Open Source Remote Helper – “What if we made something like GitHub’s “hub” or its new “GitHub CLI,” but called it something that absolutely nobody would equate back to doing what those things do?”

AWS Console Mobile Application Launches a New Android Version – The iOS application for the AWS Console is severely limited. I’d much rather see the effort that goes into these native apps redirected towards making a responsive version of the console that works cross-platform.

AWS Control Tower now supports single-step account provisioning – Before this release, spinning up a new Control Tower account took you leaving Control Tower’s console page, logging in as an SSO user, then provisioning an account from there. It sounds nutty but I swear it’s true! Anyway, that’s not the case anymore.

AWS Secrets Manager now supports larger size for secrets and higher request rate for GetSecretValue API – Excellent news–you can now replace DynamoDB with Secrets Manager if your read request rate is less than 2K per second.

AWS WAF adds Anonymous IP List for AWS Managed Rules – “Keeping track of all the VPN endpoint IP addresses in the world” sounds like a Sisyphean task that’s right up there with “reading the comments on YouTube.”

Build k-Nearest Neighbor (k-NN) similarity search engine with Amazon Elasticsearch – I guess it’s easy to run ElasticSearch after all, presupposing you’re smart enough to grasp just what the living hell “k-Nearest Neighbor similarity” is. I am not.

AWS Lambda@Edge now supports Node 12.x and Python 3.8 – Lambda and its Edge equivalent are great, since you no longer have to worry about patching or maintaining infrastructure. Now please make sure you update your functions every year so you don’t fall off the EOL treadmill.

NoSQL Workbench for Amazon DynamoDB is now generally available – I want this to exist for iPad. Then I want NoSQL Workbench for Route 53 to exist for the world at large.

US commercial regions now support Bank Redirect payment method in Chinese Yuan for China based customers – AWS now supports China based customers, who use services in US commercial regions, to pay their invoices from Amazon Web Services, Inc. (“AWS Inc.”) in Chinese Yuan through Bank Redirect payment method. You’d think that was me making fun of the convoluted nature of this release, but no–it’s the first sentence from the release verbatim. I can’t out-snark that!

AWS Named as a Leader in Gartner’s Magic Quadrant for Cloud AI Developer Services | AWS News Blog – This is fair; I mean “Cloud AI Developer Services” is pretty much catnip in phrase form for Gartner analysts…

Host Your Apps with AWS Amplify Console from the AWS Amplify CLI | AWS News Blog – The problem with Amplify, or at least with my understanding of it, is that it’s not entirely clear to me whether it’s a Javascript library, a framework, a CLI, a console, or a breakfast cereal.

Identifying and resolving security code vulnerabilities using Snyk in AWS CI/CD Pipeline | AWS DevOps Blog – I’ve been reading a lot about Snyk lately, but not hearing it–thus, I can’t figure out how the company’s name is pronounced. Ideally they’ll raise enough money in their next round to buy a vowel to help me out.

Introducing AWS Config Multi-Account, Multi-Region support for Advanced Query | AWS Management & Governance Blog – Historically when you were looking at recently developed AWS services, you could choose between multi-account or multi-region on a good day; frequently, “neither” was the hand you were dealt. It’s nice to see that changing; I’m looking forward to more releases like this one.

Holy crap, Amazon CloudFront has made a change that reduces deploy and update times down to 5 minutes. Then they announced it on Twitter. I’d imagine they’ll announce it on the AWS blog after six more months of latency.


Running a business is hard. Your cloud doesn’t have to be. DigitalOcean is the cloud that offers transparent, predictable pricing – even for Kubernetes clusters, which you’d have thought was impossible! You also won’t need 12 weeks of cloud school to absorb a zillion ancillary services just to be able to SSH into an instance. Is this the kind of simplicity you need out of your cloud provider? Check out DigitalOcean today. Sponsored

A… Lambda layer, with a Python library, all to let you run AWS Config rules at scale? How very straightforward.

Disney Streaming has released a small (for now) collection of SSM helpers. Handy if you’re looking to build more fully-featured tools on top of Systems Manager’s suite of poorly-named automation offerings.

… and that’s what happened Last Week in AWS.

Newsletter Footer

Sign up for Last Week in AWS

Stay up to date on the latest AWS news, opinions, and tools, all lovingly sprinkled with a bit of snark.

"*" indicates required fields

This field is for validation purposes and should be left unchanged.
Sponsor Icon Footer

Sponsor a Newsletter Issue

Reach over 30,000 discerning engineers, managers, and enthusiasts who actually care about the state of Amazon’s cloud ecosystems.