Good morning!

Welcome to issue number 67 of Last Week in AWS.

I find myself lost in New York again. I’m speaking tomorrow at the (free to attend) AWS Summit New York, this time about “The Myth of Cloud Agnosticism.” The entire Dev Chat track is not to be missed. If you’re around, come say hi! I’ll be well dressed, sporting a “Last Week in AWS” lapel pin, and waxing poetic about whatever surprises AWS unveils for us.But first, a couple of words from me about our sponsors, who help make this newsletter a reality:

Scalyr has published an agnostic (by which I mean “isn’t a thinly disguised sales pitch”) guide to evaluating log management systems. Be forewarned– the more I read this, the angrier I become with CloudWatch Logs and its shortcomings.

SiliconANGLE recently sat down with Last Week in AWS sponsor DigitalOcean’s VP of Product to discuss their upcoming Kubernetes release. I’m impressed with the care that they’re obviously taking with this; it takes discipline to wait for products to bake prior to release.

Community Contributions

Kevin Burke has turned up something I wasn’t aware of; apparently Amazon’s ALB’s do not validate TLS certificates from internal services. This seems like an oversight– several compliance regimes require being able to authenticate certificates on the backend.

A discussion of how Fender (of guitar fame) leverages serverless technologies. A lot of fascinating stuff here that mixes new and old.

Part 2 of the Right Way™ to do Serverless in Python series from IOpipe came out last week.

I’ve been a fan of CloudTracker for a while– but now you don’t need to spin up an Elasticsearch cluster to use it. Nice to see the debut of Athena support in CloudTracker.

AWS Serverless Advocate Chris Munns stood up and said some words; Jeremy Daly wrote down the talking points. It’s nice to see frank admissions from AWS employees about current service shortcomings; pretending everything is rosy all the time serves nobody.

AWS’s new application autoscaler apparently started as a project AWS built for Netflix.

I’m a sucker for any article with a title like Amazon Lumberyard: A Scream of Anguish. I must say I’ve got no criticisms of Lumberyard myself, because I’ve never seen it in the wild. That’s what I get for not being a games developer…


A majority of the world’s population send a combined quarter trillion email messages a day. There’s just one problem: Because authentication isn’t built into email, nobody can be certain who is sending most of these messages. If solving this kind of problem interests you, check out the career opportunities at Valimail, which is working to solve these problems with a platform (yes, it’s AWS-based) built on top of open standards. If you like the idea of working on planetary-scale messaging systems with the latest AWS tools and making a difference in the lives of half the world’s population, Valimail would love to talk to you.

Choice Cuts From the AWS Blog

AWS Lambda Supports .NET Core 2.1 – I’m told this is huge news for folks active in the .NET ecosystem. Given that I’m not one of them, I’ll take them at their word. Go nuts, I guess; the only person I’ve ever talked to in depth about .NET in a Linux context is a dangerous madman.

Add Scaling to Services You Build on AWS – An interesting new offering that shoves scaling in at the application layer.

Amazon EC2 F1 Instances Adds New Features and Performance Improvements – This one sails over my head, as I’m not doing anything in the ML space– I suspect in part because my business model doesn’t require me to hoodwink investors.

Amazon EFS Now Supports Provisioned Throughput – The single crappiest feature of EFS has now gone away– you don’t need to store piles of garbage data on it just to get acceptable performance. You can instead store piles of garbage data because everything is terrible. Given that it also achieved PCI compliance last week, my sole remaining EFS gripe isn’t even EFS’s fault– it’s the architectural antipattern that is NFS. This is a great example of a service that’s evolved from “I hate everything about it” to “this is a decent service and I just hate most of its customers.”

Amazon API Gateway Supports Request/Response Parameters and Status Overrides – Every freaking time I spend time working around a limitation, Amazon releases a better answer the next week. I really need to get better at procrastinating.

Amazon API Gateway Usage Plans Now Support Method Level Throttling – This is a welcome change– I’ve been wanting to throttle API Gateway for a while now, but in a different sense.

AWS Glue now supports reading from Amazon DynamoDB tables – As the parent of a toddler, I instinctively flinched at the idea of getting Glue on a database.

Delegate Permission Management to Employees by Using IAM Permissions Boundaries – Good news– IAM has become more complicated!

Introducing Amazon Data Lifecycle Manager for EBS Snapshots – Apparently keeping EBS snapshots around for 10 years is no longer a best practice. Go figure…

Access Reserved Instance (RI) Purchase Recommendations for your Amazon Redshift, Amazon ElastiCache, and Amazon Elasticsearch Reservations using AWS Cost Explorer – Cost Explorer gets better all the time– this is no exception. I’ve got some issues with the presentation (“let’s add more knobs!”) but this is a welcome change, to be sure.

AWS Heroes – New Categories Launch – I missed this post by Ross Barich last week; there are now Serverless Heroes and Container Heroes. There’s still no word on my nomination for Community Anti-Hero, nor Larry Ellison for Community Villain.

AWS re:Invent 2018 is Coming – Are You Ready? | AWS News Blog – re:Invent 2018 looms as a storm cloud on the horizon. Jeff Bar’s here a few months early with some great tips to survive Amazon’s Complex Queueing Service.

Sailing with Spinnaker on AWS | AWS Open Source Blog – If you’ve never tried to shoehorn a reluctant dog into a bathtub that’s too small to contain them, you’re in for a real treat trying to put Spinnaker into EKS. Wear old clothes.

Recovering from a rough Monday morning: An Amazon GuardDuty threat detection and remediation scenario | AWS Security Blog – In this whodunnit murder mystery, the real villain is “Alice,” for setting up a new service and then taking a long weekend. I really like this model for learning about new services; I learn better from “here’s a scenario, start investigating” than I do “here’s a YouTube video.” More like this please.


If you’ve got compliance requirements to run a virus scanner, consider using AWS Lambda & Node.js to scan your S3 uploads.

Cloudonaut has released cfn-modules, a modular tool for working with CloudFormation in repeatable ways. Thank you for making a lot of the repetitive boilerplate go away.

If you need to ensure your EC2 instances are sized appropriately, awsrightsizer isn’t a bad place to start.

…and that’s what happened Last Week in AWS.

Newsletter Footer

Sign up for Last Week in AWS

Stay up to date on the latest AWS news, opinions, and tools, all lovingly sprinkled with a bit of snark.

"*" indicates required fields

This field is for validation purposes and should be left unchanged.
Sponsor Icon Footer

Sponsor a Newsletter Issue

Reach over 30,000 discerning engineers, managers, and enthusiasts who actually care about the state of Amazon’s cloud ecosystems.