--- title: "One UI Gets Fixed, Another Falls" id: "15071" type: "newsletter" slug: "one-ui-gets-fixed-another-falls" published_at: "2025-06-23T14:30:00+00:00" modified_at: "2025-06-23T14:30:00+00:00" url: "https://www.lastweekinaws.com/newsletter/one-ui-gets-fixed-another-falls/" markdown_url: "https://www.lastweekinaws.com/newsletter/one-ui-gets-fixed-another-falls.md" excerpt: "Good Morning! I’m in Cancun this week, so if there’s anything you think I got wrong this week, I blessedly won’t have to hear about it until I’m back. Have fun! From the Community Google Cloud took an outage, and..." --- About the Author Corey is the Chief Cloud Economist at Duckbill, where he specializes in helping companies improve their AWS bills by making them smaller and less horrifying. He also hosts the "Screaming in the Cloud" and "AWS Morning Brief" podcasts; and curates "Last Week in AWS," a weekly newsletter summarizing the latest in AWS news, blogs, and tools, sprinkled with snark and thoughtful analysis in roughly equal measure. Sign up for the Newsletter Stay up to date on the latest AWS news, opinions, and tools, all lovingly sprinkled with a bit of snark. "*" indicates required fields ## [Good Morning](https://bsky.app/profile/quinnypig.com/post/3lrttd2s2cc2w) ! I’m in Cancun this week, so if there’s anything you think I got wrong this week, I blessedly won’t have to hear about it until I’m back. Have fun! ## From the Community Google Cloud [took an outage](https://status.cloud.google.com/incidents/ow5i3PPK96RduMcb1SsW) , and it’s curious to me that it seems that no core Google offerings were down. Search? Ads? It shows a lack of eating their own dogfood. If AWS took a global nap (something hard to imagine, I admit), there’s zero chance that Amazon’s storefront would work… [Frequent reauth doesn’t make you more secure](https://tailscale.com/blog/frequent-reath-security) is something that needs to be shouted from the mountaintops, apparently. ## Podcasts Last Week In AWS: [AWS What’s New Got Old](https://www.lastweekinaws.com/podcast/aws-morning-brief/aws-what-s-new-got-old/) ## Choice Cuts [AWS IAM now enforces MFA for root users across all account types](https://aws.amazon.com/about-aws/whats-new/2025/06/aws-iam-mfa-root-users-across-all-account-types/) – FINALLY. We’ve only wanted this since, when, 2006? [One Year EC2 Instance Savings Plans are now available for P5 and P5en instances](https://aws.amazon.com/about-aws/whats-new/2025/06/one-year-ec2-instance-savings-plans-p5-p5en-instances) – Suddenly this month all of the GPU instances (not the latest ones, of course) seem to be on sale over at AWS. [AWS Certificate Manager introduces exportable public SSL/TLS certificates to use anywhere](https://aws.amazon.com/blogs/aws/aws-certificate-manager-introduces-exportable-public-ssl-tls-certificates-to-use-anywhere/) – I think my [writeup on the topic](https://www.lastweekinaws.com/blog/aws-certificate-manager-has-announced-exportable-tls-certificates-and-im-mostly-okay-with-it/) encapsulates this nicely. Good feature. Keep going. [Verify internal access to critical AWS resources with new IAM Access Analyzer capabilities](https://aws.amazon.com/blogs/aws/verify-internal-access-to-critical-aws-resources-with-new-iam-access-analyzer-capabilities/) – This is $9 a month per resource! That is so far beyond "reasonable" pricing that I have to wonder if it’s some kind of joke. At a glance it’d turn my $504 AWS bill into ~$1750, and I’m not fully convinced it’s seeing all of the eligible resources to which it’d apply. I’m sorry, but I’m hard pressed to imagine a scenario where the data breach isn’t less expensive. [Introducing AWS CDK Community Meetings](https://aws.amazon.com/blogs/opensource/introducing-aws-cdk-community-meetings/) – If you’re looking for something to to tomorrow that has strong PTA energy, AWS has something for you. [Rapid monitoring of Amazon S3 bucket policy changes in AWS environments](https://aws.amazon.com/blogs/storage/rapid-monitoring-of-amazon-s3-bucket-policy-changes-in-aws-environments/) – Again, this sure seems like something that could be built into the S3 service natively. And yes, without charging an arm and a leg for it. [1Password’s New Secrets Syncing Integration With AWS | 1Password](https://blog.1password.com/1password-secrets-syncing-integration-with-aws/) – This was announced by 1Password, not AWS, but merits inclusion here. Secrets Manager remains the best at one thing: charging per password. I’d rather see integration with the (excellent) Session Manager Parameter Store, personally. CNBC reports that Anthropic’s Claude 4 "[launched on Trainium2 GPUs](https://www.cnbc.com/2025/06/17/aws-chips-nvidia-ai.html) " and there are some questions I have. Exclusively, or some small part ran there so it checked a box? When did AWS start calling Trainium2 a "GPU" instead of a "systolic array?" And it seems weird to run inference workloads on something called Trainium when Inferentia is right there, so I find myself very confused here. Credit where due, AWS has [reverted their terrible AWS What’s New feed interface](https://www.reddit.com/r/aws/s/B3tsQnLflT) . This is why we get noisy! ## Tools Before they backpedaled and fixed it, someone made [An AWS news feed interface that doesn’t blow](https://github.com/grammeaway/awsbreeze) . Their words, not mine. Another stab at a pricing calculator, this one for [DynamoDB](https://www.scylladb.com/2025/06/10/dynamodb-cost-analyzer/) . … and that’s what happened ***Last Week in AWS.*** ## You might also like [More Newsletter Issues](https://www.lastweekinaws.com/newsletter/) Issue No.468 ### [Multicloud Interconnect and the Great CVE Hunt](https://www.lastweekinaws.com/newsletter/multicloud-interconnect-and-the-great-cve-hunt/) [Read More about Multicloud Interconnect and the Great CVE Hunt](https://www.lastweekinaws.com/newsletter/multicloud-interconnect-and-the-great-cve-hunt/) Issue No.467 ### [S3 Files and an AI-Powered Singing Rat Trap](https://www.lastweekinaws.com/newsletter/s3-files-and-an-ai-powered-singing-rat-trap/) [Read More about S3 Files and an AI-Powered Singing Rat Trap](https://www.lastweekinaws.com/newsletter/s3-files-and-an-ai-powered-singing-rat-trap/) Issue No.466 ### [S3 Gets Vectors, CloudFront Gets SHA-256, You Get the Bill](https://www.lastweekinaws.com/newsletter/s3-gets-vectors-cloudfront-gets-sha-256-you-get-the-bill/) [Read More about S3 Gets Vectors, CloudFront Gets SHA-256, You Get the Bill](https://www.lastweekinaws.com/newsletter/s3-gets-vectors-cloudfront-gets-sha-256-you-get-the-bill/) Issue No.465 ### [Aurora PostgreSQL: Now Free Enough to Be Dangerous](https://www.lastweekinaws.com/newsletter/aurora-postgresql-now-free-enough-to-be-dangerous/) [Read More about Aurora PostgreSQL: Now Free Enough to Be Dangerous](https://www.lastweekinaws.com/newsletter/aurora-postgresql-now-free-enough-to-be-dangerous/)