Good Morning!

Welcome to issue 168 of Last Week in AWS. Continuing its run of poor decision making that saw them suing a former employee under a non-compete agreement (thereby making Google seem sympathetic and Oracle Cloud appear well worth a second look), AWS continued to demonstrate that it’s not standing still!

Last week, AWS continued to see how much damage it can inflict upon itself despite no compelling reason to do so. Highlights included “posting and then deleting a blog post about how machine learning can help the cops write more speeding tickets, launching a hilariously underbaked nocode service with a potentially sexist name (see below!), and announcing what will most assuredly become known as us-west-3.

I dread how they’re going to top these this week.

From the Community

Sick of having to manage different CI servers and tools? Of course you are, even if you can’t admit it in public. Let’s talk about Buildkite; a unifying voice in this sea of madness. It has an easy-to-use web UI, extensive docs, and a portable agent that runs on any hardware or container runtime. You want to talk scale? Shopify has happily used Buildkite to grow from 300 to 3000 engineers–while keeping builds under 5 minutes. Check it out at They’ve even got a CloudFormation stack if you want to cosplay as a responsible engineer! Sponsored

A dive into the economics of AWS telling you to f-off.

Julia Evans has a great walkthrough of what happens when you update your database, which she for some reason refers to as DNS records instead.

A neat walkthrough that uses Lambda to convert CSV to JSON files. XML still pending.

Using Fargate to create on-demand bastion hosts.

My increasingly-aggressive snarking at AWS for their lawsuit choices was cited in the New York Times.

This article should be required reading for the Rekognition team; a false positive led to a Michigan man’s arrest for a crime he didn’t commit.

Former AWS VP / Distinguished Engineer / Man of Conscience Tim Bray has written an AWS-style PR / FAQ as to why AWS should be broken off from Amazon. I support this.

This is interesting; HashiCorp Cloud Platform was launched last week and runs only on AWS for the time being (in private beta). Given that more folks I talk to than not run Terraform, this is of great interest to the community.

It’s rare that a S3 Bucket Negligence Award has the potential to get people killed, but this one does. Good god.


If you’ve got an interesting job for this newsletter’s eminently employable subscribers, get in touch!

If you’re looking for a senior management role, consider leading the Well Architected Tech Leads team at AWS. The Senior SA Manager, Well-Architected Tech Leads Leader will drive and improve best practices across a global team, helping customers use AWS better. (Let’s not kid ourselves; some of them are closer to the ideal cloud usage pattern than others, which is why Well Architected exists in the first place…) With roles in several states including California, this is a job of interest to some of you; check it out.

If you’re a Solutions Architect on the Well Architected team, you could slur your words slightly and be a Swell Architect. If that’s not enough to inspire you to greatness, consider the joy in helping customers and partners design better ways of working with the cloud, but not having to stick around for their terrible interpretation of what implementing that architecture looks like. If this sounds at all appealing, consider becoming a AWS SWell-Architected Solutions Architect. Several positions in several states are available; check them out.

Right now, the Well Architected Tool is pretty much a sad checklist. Amazon is looking for a systems application engineer to turn this into something great, since it turns out that after fifteen years of running public-facing web services, one key lesson is that computers are better at rote repetition than people are. It’s worth highlighting that this role asks for 0-3 years as a developer, so if you’re looking for a career change or breakthrough role, this might me of interest to you.

Choice Cuts

ExtraHop provides threat detection and response for the enterprise. On-prem security doesn’t translate well to cloud or multi-cloud environments, and that’s not even counting IoT (because who wants to try?). ExtraHop automatically discovers everything inside the perimeter including all cloud workloads and IoT devices, detects threats up to 95 percent faster, and helps you act immediately. Sponsored

Amazon Database Migration Accelerator is now available – This is fascinating for anyone who wrestles with migrating databases. MongoDB wins this round handily, since it loses data before it can be migrated elsewhere.

Amazon DocumentDB (with MongoDB compatibility) adds sixteen additional Amazon CloudWatch metrics for monitoring MongoDB opcounters, connections, cursors, operations on documents and index cache hits – “Starting today, Amazon DocumentDB offers sixteen additional in Amazon CloudWatch.” A word was mysteriously lost from this sentence, showing that despite MongoDB’s protestations that this isn’t “true compatibility,” it’s definitely improving at losing data and then blaming the customer.

Amazon ECS Management Console now supports custom capacity provider strategy with run task – “So we launched a great new feature, but uh… this is awkward… could you please put it in the management console? If it’s not in the web interface it may as well not exist for a depressingly large percentage of our userbase.”

Amazon MSK provides additional EC2 M5 broker sizes for more flexibility and cost optimization – Use higher level managed services to… have the same decision tree and overhead considerations of running the open source version yourself on top of EC2 instances.

Amazon SQS now provides results for the “List Queues” and “List Dead Letter Source Queues” requests in multiple pages – Pagination comes to SQS after only fourteen short years.

Amplify Console adds support for automatically creating and deleting custom sub-domains for every branch deployment – If each of these becomes a complete hosted zone, my preferred database (Route 53) just became a lot more expensive!

AWS Backup and AWS Organizations bring cross-account data protection management and monitoring – Being able to forcibly apply a backup / retention policy across your entire organization is a huge win. I’m kinda surprised this isn’t being given more attention.

AWS CodeBuild Now Supports Additional Shell Environments – CodeBuild beats Lambda to offering a bash runtime.

AWS CodeCommit now supports Emoji Reactions to Comments – 🐕💨💩

AWS DeepComposer announces the launch of Chartbusters, a monthly challenge for developers to showcase their machine learning skills – Music has been described as the language of the soul. In this release, developers can now compete to rip humanity’s collective soul out through its chest.

Introducing Digital User Engagement Events Database – “Modern marketers look to data to understand their customers to deliver the right message, on the right channel, at the right time. These marketers require messaging tools that can execute across multiple channels at scale and analytics tools to gain insights from customer engagement.” This is a great sentiment, but hilarious to hear from AWS, the Company of a Thousand Marketing Emails That Go To Every Customer.

Introducing Multi-Region Application Architecture – The idea of reference multi-region architectures is such a good one, I can only assume it was released because the AWS SVP of Bad Decisions was too distracted with suing former employees to block it.

Introducing Amazon Honeycode – Build Web & Mobile Apps Without Writing Code | AWS News Blog – This is a fantastic no-code / low-code service that was launched before it supported CloudFormation, had anything resembling granular access permissions, had a narrative around why it integrates no fewer than four different account / account models, offers support past “talk to the community forum we just launched,” integrates with third party sources, had an option for more than 100,000 rows per app that wasn’t “your app just broke and needs to be reworked,” had a name that wasn’t more than a little problematic, or had a go-to-market strategy aligned with anything targeting users beyond “AWS’s existing developer customers.” But on balance, hey: the UI is very shiny.

Work From Home Offer – Extended – Amazon WorkSpaces and Amazon Chime | Desktop and Application Streaming – “This hack to the free tier has been further hacked due to These Unprecedented Times. Please do not grow accustomed to it.”

Track IBM license usage with AWS License Manager | AWS Management & Governance Blog – Use the cloud today to track your punch-card inventory. This is of course a stopgap measure pending the release of the AWS/400.

Accreditation Models for Secure Cloud Adoption | AWS Security Blog – “Multiple accreditation models for secure cloud adoption” is designed to appeal to exactly the kind of company that this phrase brings immediately to mind.


Running a business is hard. Your cloud doesn’t have to be. DigitalOcean is the cloud that offers transparent, predictable pricing – even for Kubernetes clusters, which you’d have thought was impossible! You also won’t need 12 weeks of cloud school to absorb a zillion ancillary services just to be able to SSH into an instance. Is this the kind of simplicity you need out of your cloud provider? Check out DigitalOcean today. Sponsored

A cloud security tool from Dow Jones, which has gotten mighty preachy about cloud security since scoring their own S3 Bucket Negligence Award last year.

Tools used by red teams to tear insecure AWS accounts apart.

Honeycode didn’t bother to integrate with anything yet, so once again the community steps in to help out the poor $1.3 trillion company who can’t quite seem to figure out how to make something usable at launch.

A command line tool to copy files directly to and from AWS Lambda.

A tool for forensically imaging EC2 instances.

… and that’s what happened Last Week in AWS.

Newsletter Footer

Sign up for Last Week in AWS

Stay up to date on the latest AWS news, opinions, and tools, all lovingly sprinkled with a bit of snark.

"*" indicates required fields

This field is for validation purposes and should be left unchanged.
Sponsor Icon Footer

Sponsor a Newsletter Issue

Reach over 30,000 discerning engineers, managers, and enthusiasts who actually care about the state of Amazon’s cloud ecosystems.