Good Morning!

A big telco launch, some decent quality of life enhancements to some services, and a dive into running Mastodon on AWS await you within this issue. Time to read it!

From the Community

Wiz. The solution for securing your cloud environment. Wiz is the platform that brings together dev, ops and security teams to enable a true cloud-native security operation. Check out Wiz.

This observation about S3 on the horrible orange website has been bugging me for a long time now. There’s a huge opportunity for someone, anyone to make a reasonable "upload the file / download the file" interface for this thing that business users can grasp without six weeks of Cloud School, and it’s become sadly apparently that AWS isn’t going to do it…

Corry Haines has a post up that pioneers both Deploying Mastodon on AWS and also "ways to misspell our shared name."

Tom Forbes is now on my "keep up with what he’s doing," because this is twice in a month or so that I’ve learned something useful from his blog. This time there was apparently a broken Cloudfront feature that failed intermittently for nearly a month .

My dive into the Amazon’s Snowball Edge has been making the rounds, much like a Snowball device itself.

I didn’t realize that there was an engine update to Athena, but that would explain why it’s been better lately. Here, have a deep dive.

SCaLE returns to Pasadena next month. Use the coupon code COREY for 50% off of your registration. It’s arguably one of the best community conferences on the planet.


Last Week In AWS: A Little Security for Everyone

Last Week In AWS: Amazon’s Snowball Edge Frustrates This User

Last Week In AWS: Technical Debt Cash-Out Refinance

Screaming in the Cloud: Being Present in the Moment Through Balcony-Hopping with Mai-Lan Tomsen Bukovec

Screaming in the Cloud: Getting the Basics Right in Cloud Security with Fouad Matin

Choice Cuts

DevOps practices have revolutionized how apps and infrastructure are managed, but access hasn’t kept up. Shared secrets like passwords and keys – the #1 source of data breaches – are the norm. Teleport replaces shared secrets like passwords, keys, tokens, and even browser cookies with true identity, removing risk while letting engineers go fast. Check out Teleport today.

Amazon OpenSearch Service now lets you schedule service software updates during off-peak hours – Wait. Wait a second. You’re telling me that until now it would just update itself randomly throughout the day? And that now you’re able to give it a ten hour range in which it’ll randomly pull that stunt instead? What a piece of junk!

AWS App Runner now supports HTTP to HTTPS redirect – Unfortunately v2 API Gateways do not have these redirects, so my recently relaunched just errors out if you hit it on port 80. I’ve submitted it to the HSTS preload list, but that’s a pretty weak solution…

Announcing the ability to enable AWS Systems Manager by default across all EC2 instances in an account – This is pretty awesome; I only really need it when something has gone horribly awry and I want to break into a running instance, but at that point I haven’t set this up yet and am screwed. This makes that situation rarer; I’ve already enabled it here.

New: AWS Telco Network Builder – Deploy and Manage Telco Networks – This is an interesting area of focus for AWS. I’d (naively) assume that the cost of data transfer would make AWS a non-starter for telco workloads even before you start to worry about their inherent distrust of things that aren’t in their sprawling facilities.

Developing portable AWS Lambda functions – Ugh, this resonates. I have a tool that I’ve built in-house that I deploy to Lambda as a Docker image, but I also have to build a separate container image to run the thing locally as a webserver. My kingdom for a unified ENTRYPOINT that accepts both Lambda payloads and browser requests!

Using Porting Advisor for Graviton – This blog post feels like it’s more of a README for the tool. I kinda want to try the thing out, but I’ve already migrated all of my stuff to Graviton and didn’t have any issues past "update the occasional dependency to a newer version."

Query data with DynamoDB Shell – a command line interface for Amazon DynamoDB – This is kinda neat. Usually I query DynamoDB through a desktop GUI called Dynobase that I adore, or else I ask someone good at things to query the database for me. Congratulations, buddy; you’re my Jason API now.

AWS and Hugging Face collaborate to make generative AI more accessible and cost efficient – What’re they gonna do, turn off SageMaker and its attendant pricing dimensions and provide quickstart AMIs for EC2? Because that’d go a long way towards solving part of it…

Branch Insurance improves hiring diversity and accelerates app development using AWS AppSync – I like what Branch Insurance is doing; their folks are great. Zero shade to them; check them out if you haven’t yet; a purely Serverless architecture for an insurance company is just wild to see. But holy hell AWS; did you warm up before making that incredible stretch to "using this AWS service will improve your hiring diversity?" I feel like Pepperidge Farm here, because I’m old enough to remember a time when you folks had a corporate sense of shame that’d have stopped you from nonsense like this.

Gain compliance insights using the open source community for AWS CloudTrail – "Want to use CloudTrail Lake to query for interesting things? We have some anodyne examples, but here are ones that customers actually use in the wild." These should really be imported into the "Sample Queries;" some of them are just amazing.

The true costs of resiliency decisions – This talks entirely about the costs of not being resilient, while being remarkably silent on some of the more egregious costs you’ll pay due to AWS’s own pricing dimensions. Please take care to label these cloud sales pitches in the future…


MinIO object storage runs everywhere the cloud operating model runs –  offering S3 compatible, cloud-native storage to enterprises that value simplicity, scale and performance in a software-defined, self-hosted solution.  Learn more at and be sure to tell them that Corey sent you.

Someone asked on the Last Week in AWS Slack whether there was a way to use SSM via instance names instead of ID strings that look like your tripped over a keyboard in the dark. A bit of googling turned up this dingus; use at your own risk?

Everything’s a database if you hold it wrong. You can use YouTube for infinite storage via this awesome glitch, though I’d not count on them being thrilled about this if it catches on.

Oh my stars; this snippet automatically removes +/- signs in diff output. The years I’ve wasted not using it…

… and that’s what happened Last Week in AWS.

Newsletter Footer

Sign up for Last Week in AWS

Stay up to date on the latest AWS news, opinions, and tools, all lovingly sprinkled with a bit of snark.

"*" indicates required fields

This field is for validation purposes and should be left unchanged.
Sponsor Icon Footer

Sponsor a Newsletter Issue

Reach over 30,000 discerning engineers, managers, and enthusiasts who actually care about the state of Amazon’s cloud ecosystems.