Good morning and after last week please kill me!

Welcome to issue number 139 of Last Week in AWS. Note that you’re going to have to probably click “view all” if you’re using Gmail; there’s a hard size limit, and AWS released a lot last week at re:Invent. I’m currently crying into a bag after tracking all of this for you, so let’s get to it.

From the Community

Did you know that in some regions, the INTERNET outperforms Global Accelerator? Or that in Asia, AWS performance predictability improved nearly 50% last year, but Azure and GCP still beat out AWS in performance predictability? Yeah, didn’t think you did. Those nuggets are just the tip of the iceberg. Read ThousandEyes’ fascinating Cloud Performance Benchmark report here. Sponsored

Another approach to identity federation with multiple AWS accounts.

Using Athena to get fast queries going from Cloudfront logs is either stupendous overkill, or depressingly necessary. You decide.

Even during reInvent we’re still passing out S3 Bucket Negligence Awards; this one goes to Sprint.


If you’re considering a job change, check out a position below. Regardless of where you find it, you should definitely negotiate your salary. If I were to magically become employable, I’d immediately head to and talk to Josh Doody about it before saying anything further. He’s done this many times before, with a special emphasis on engineering roles at FAANG companies. He’s an artist when it comes to getting the best compensation possible without seeming greedy or losing the offer. He offers coaching, free articles, an ebook, and other things along the way. Check him out–and tell him Corey’s talking about him again.

If you’re interested in contributing to a fascinating and fast growing service, check out this selection of jobs available at AWS Systems Manager. You could be a developer, a designer, or a Systems Manager People Manager. They’re working on a number of big challenges and cutting edge technologies like building a low latency messaging framework that scales to millions of nodes, large scale data processing back-end services, a cross-platform/extensible instance agent platform and security services to enable instance agents to securely communicate with AWS’s various back-end services. Check them out and make fun of their terrible naming convention, because it’s really my only beef with their offering.

X-Team is hiring Go developers with strong AWS skills, anywhere on the planet. The work is interesting, they partner with companies you’ve heard of, and you can work from wherever you care to be. Now before you wind up getting cynical, let me save you some time–I already did, and hopped on a phone call to chat with them and then berate them for their crappy culture. Instead I was pleasantly surprised: they invest in their people (including a personal development stipend), they have distributed community events (both online and in person around the world), and actually work with their employees; this isn’t a “send us a postcard if you ever get there” body shop. Take my word for it; check out X-Team and see for yourself. Tell them Corey sent you…

Choice Cuts

Do you want to be able to use machine learning to enable predictive maintenance? Did you know, in a few clicks, you can enable a mechanism that starts and stops EC2 or RDS instances when you’re not using them? Do you want to know how to instantly deploy a Video On Demand system? Are you curious how AWS Solution Architects would design different architectures? Use AWS Solutions to help you get your well-architected workloads deployed quickly! Sponsored

Amazon API Gateway Offers Faster, Cheaper, Simpler APIs Using HTTP APIs (Preview) – “HTTP APIs” are both far simpler than API Gateway, as well as a demonstration of the AWS Product Naming Team taking all of Q4 off. It better be so simple as to need no documentation, since the name is completely ungoogleable.

Amazon Chime now uses 14 AWS regions to host meetings closer to participants – As the only Amazon Chime customer who isn’t Amazon, I guess I have been traveling to a lot of places lately!

Amazon EC2 Nitro System Based Instances Now Support 36% Faster Amazon EBS-Optimized Instance Performance – If you’re using io1 volumes, you probably don’t want to do that. Bounce your nodes, convert to gp2, be happy.

Amazon ECS Capacity Providers Now Available – I think this is a big deal, but it’s so poorly articulated that I can’t be sure. Help?

Amazon Kinesis Video Streams adds support for real-time two-way media streaming with WebRTC – This is a very, very easy service to explain unless you’re not allowed to use the term “pornography.”

Amazon Redshift introduces RA3 nodes with managed storage enabling independent compute and storage scaling – Separating compute from storage is a great idea, as most of the rest of the industry discovered years ago. Glad to see that lesson making it to Redshift.

Amazon VPC Ingress Routing Makes it Easy to Insert Virtual Appliances in the Forwarding Path of VPC Traffic – A bunch of legacy network vendors just got a new lease on life in the cloud, unfortunately. Expect RSA to be insufferable next year.

Announcing Accelerated Site-to-Site VPN for Improved VPN Performance – This sounds awesome until you realize that for each connection you’re charged an Accelerated Site-to-Site VPN connection fee, a Data transfer out fee, an AWS Global Accelerator hourly fee, and an Accelerated Site-to-Site VPN DT-Premium fee. There’s nothing I can say that’s funnier than that.

Announcing Amazon Augmented AI: Easily Implement Human Review for ML Predictions – Let’s see, what is this– wait. “Amazon Augmented AI (Amazon A2I).” No. That is not an acceptable abbreviation. Holy crap, who hurt you?!

Amazon Chime Meetings App for Slack is Now Available – If Chime can directly integrate with Slack, then my reasons to use Slack grow fewer since they’re apparently not innovating much anymore past “screwing up the message editor.”

Announcing Amazon Kendra: Reinventing Enterprise Search with Machine Learning – It’s big money, so it’s definitely big-e Enterprise; think “$7K a month” territory. So have fun, bring money, but someone’s finally built a search engine for Google Docs.

Announcing Amazon Managed Apache Cassandra Service – Now in Preview – This feels an awful lot like DynamoDB, but with a Cassandra API. If the existing providers of managed Cassandra follow the path of other companies built upon open source technologies, those companies will rapidly differentiate themselves by whining about Amazon’s entrance to the space to anyone who will listen. You’ll further note that AMACS is very particular about what text editor you use with it.

Announcing Amazon Redshift data lake export: share data in Apache Parquet format – You can now store Redshift data in a storage format that you can actually afford.

Announcing AWS Wavelength for delivering ultra-low latency applications for 5G – It doesn’t matter what the hell 5G is going to be–transformative, or marketing hype. AWS has bought itself a seat at that table regardless, and all it cost them was letting the Verizon CEO on stage to talk about how, and I quote, “5G being the best G.”

Announcing New Amazon EC2 M6g, C6g, and R6g Instances Powered by Next-Generation Arm-based AWS Graviton2 Processors – Meanwhile Intel sponsored an amazing re:Play event last week, which remains the single noteworthy thing they’ve done in 2019 for all I can see.

AWS announces Amazon CodeGuru for automated code reviews and application performance recommendations – The pricing on this one sucks–not because 75¢ per 100 lines of code is necessarily too expensive, but because now it’s targeting a metric that until now no developer has had to worry about at all. Now they do, and all to hit an artificial billing metric.

AWS DeepRacer expands: more ways to participate, more things to learn, and more ways to win! – The “DeepLens with a robot body on it” can now follow you to the bathroom more effectively in less time.

AWS Lambda announces Provisioned Concurrency – You can now keep cold-starts out of your serverless applications by… checks notes paying for a server.

AWS launches Amazon Rekognition Custom Labels to enable customers find objects and scenes unique to their business in images – An object that’s unique to my business would be a platypus with an open mouth smile. Can Rekognition find that?

AWS launches new program to drive migrations for end of support Windows Server applications – It’s unclear whether this “program” is software, a team of people, or an initiative internal to AWS, but whatever it is: please use it.

AWS License Manager now adds Dedicated Host management capabilities to simplify your ‘Bring your own license’ (BYOL) experience – Because everything about software licensing could benefit from simplification. Maybe pick services that don’t require an accountant and an attorney working in concert to make sense of what you should be paying?

AWS License Manager allows administrators to automate discovery of existing software licenses – This is the exact inverse of an Oracle audit; usually that automates discovery of licensing shortfalls.

AWS Marketplace announces a simplified fee structure and the expansion of Seller Private Offers – Through the Marketplace’s expansion of Seller Private Contracts, there’s now a viable replacement available for Craigslist Casual Encounters.

AWS Marketplace makes it easier for you to discover relevant third-party software and data products – “Please, please, please, can we have a better launch partner name than ‘Deloitte’s ConvergeHEALTH Miner platform’? We don’t like promoting our competitors in the space of ‘terrible service names.'”

AWS Transit Gateway now supports Inter-Region Peering – empty

Introducing Access Analyzer for Amazon S3 to review access policies – Another tool launches to stem the tide of S3 Bucket Negligence awards, but it probably won’t fix the problem.

Introducing Amazon Braket, a service for exploring and evaluating quantum computing – But how is it pronounced?! I’m standing by “briquette” in the absence of further detail. Its name is the most interesting thing about it; right now “Quantum Computing” is still theoretical, so there’s nothing to actually buy yet.

Introducing The Amazon Builders’ Library – This amazing series of lessons learned from building AWS will be handy both to systems architects elsewhere, as well as naive children on Hacker News who will attempt to rebuild their own AWS in a weekend.

Introducing Amazon Detective – Look for the first installment coming soon: The Amazon Detective and the Case of the Missing EBS Volume Snapshots.

Introducing the Amazon EventBridge Schema Registry – Now In Preview – This would desperately benefit with an explainer blog post that shows what it means for actual humans who haven’t touched EventBridge yet.

Introducing Amazon Fraud Detector – Now in Preview – You’re contractually forbidden from bringing this too close to any of the Blockchain offerings, or any AWS partner above a certain tier.

Introducing Amazon SageMaker Debugger – Get complete insights into the training process of machine learning models – You can now solve ML training issues the right way: by hurling more money into your ML training program.

Introducing Amazon SageMaker Operators for Kubernetes – Machine Learning and Kubernetes, two great tastes that are fun to play with instead of doing real work.

Introducing the Amplify DataStore, a persistent storage engine that synchronizes data between apps and the cloud – Your apps can now work offline. “Wait, why would I be offline?” CenturyLink shifts uncomfortably in the corner of the expo hall.

Introducing Amplify for iOS and Android – Oh, good. The smartphone wars just got louder.

Introducing AWS Identity and Access Management (IAM) Access Analyzer – The best AWS services are multi-account and multi-region. This service is neither, and also lacks CloudFormation report at release, so if you have a lot of accounts in your AWS organization, some intern is about to have a job so terrible they’ll still be talking about it after they retire.

Introducing AWS Retail Competency Partners – Now there are specific partners available to aid both of the AWS retail customers who haven’t managed to get the hell off of Amazon’s platform yet.

Introducing Contact Lens for Amazon Connect (Preview) – It’s taken years, but they finally came up with a service that has a spectacular name. Well done.

Introducing a new benefit for APN Consulting Partners, APN Immersion Days – AWS announces a new program under which they will begin systematically drowning their partners.

Introducing the new Amazon SageMaker Notebook Experience – Now in Preview – Remember, it’s not a console, it’s an “experience.”

New APN Global Startup Program, helping startup APN Technology Partners grow their cloud-based business – If you’re a startup, it has never been easier for you to give AWS money while they study exactly what your business is doing for absolutely no reason whatsoever.

Run IP Multicast Workloads in the Cloud Using AWS Transit Gateway – This is riveting, or will be just as soon as this generation of cloud engineers figures out what multicast is.

Amazon EC2 Update – Inf1 Instances with AWS Inferentia Chips for High Performance Cost-Effective Inferencing | AWS News Blog – High performance ML instances, powered by a chip named after what the president has.

Amazon EKS on AWS Fargate Now Generally Available | AWS News Blog – Under the hood this is just normal Fargate, but to make it feel more like Kubernetes they added sixty steps to the configuration process and installed a random cron job that degrades the network.

Amazon SageMaker Autopilot – Automatically Create High-Quality Machine Learning Models With Full Control And Visibility | AWS News Blog – Autopilot? Isn’t that machine learning for machine learning?

Amazon SageMaker Debugger – Debug Your Machine Learning Models | AWS News Blog – Has someone given any through as to what we’re going to do with all of these sages once we’ve made them?

Amazon SageMaker Experiments – Organize, Track And Compare Your Machine Learning Trainings | AWS News Blog – The first experiment is “how many SageMaker sub-services can we release before the customers revolt and destroy us?”

Amazon SageMaker Model Monitor – Fully Managed Automatic Monitoring For Your Machine Learning Models | AWS News Blog – At this point we’re just going to have to call the entire system a SageFactory, aren’t we…

Amazon SageMaker Studio: The First Fully Integrated Development Environment For Machine Learning | AWS News Blog – AWS continues to expand in its core competency: picking a random product and then putting a bunch of other products under the same naming umbrella.

Amazon Transcribe Medical – Real-Time Automatic Speech Recognition for Healthcare Customers | AWS News Blog – This service’s medical lexicon is growing rapidly; it’s already surpassed the “he fell on his ass and his foot’s all messed up” level.

Announcing UltraWarm (Preview) for Amazon Elasticsearch Service | AWS News Blog – “Most feature enhancements to Amazon Elasticsearch have gotten a really tepid response; what do we call this one?” And that’s how AWS accidentally named a service after personal lubricant.

Automate OS Image Build Pipelines with EC2 Image Builder | AWS News Blog – This is an AWS-native version of Hashicorp’s “Packer” except without the good name and great community behind it.

AWS Compute Optimizer – Your Customized Resource Optimization Service | AWS News Blog – The Compute Optimizer tells you what instance families and sizes you should have picked instead. For some reason it’s not folded into Cost Explorer…

AWS DeepComposer – Compose Music with Generative Machine Learning Models | AWS News Blog – I keep hearing this as “Decomposer,” and it kinda works better than the actual name. “A keyboard with AI built in” sounds like it’s coming for Jeff Barr’s job until you realize it’s the other kind of keyboard. The question “why did Amazon launch a product in late 2019 with USB B” still stands.

AWS ECS Cluster Auto Scaling is Now Generally Available | AWS News Blog – Fortunately this is actually generally available. Another service claims to be “generally available in preview” because words apparently don’t mean things anymore.

AWS Fargate Spot Now Generally Available | AWS News Blog – It’s now way less expensive to blur the line between containers and serverless, thus annoying everyone around you.

AWS Now Available from a Local Zone in Los Angeles | AWS News Blog – The Oregon region has expanded to Los Angeles, which sounds like an alternative history of the Civil War. This is a neat feature, but it’s not as durable as the full region, so use it if you must. That said, of course I’ll be using it, and will eagerly relocate to Los Angeles so as to be closer to the Local Zone.

AWS Outposts Now Available – Order Yours Today! | AWS News Blog – This is great for companies with extreme latency requirements, specific data sovereignty issues, very specific on-premises needs, or just an irrational fear of any computer that they can’t take a sledgehammer to in a fit of panic when their Windows desktop bluescreens.

Coming Soon – Graviton2-Powered General Purpose, Compute-Optimized, & Memory-Optimized EC2 Instances | AWS News Blog – AWS has released its second generation processor this year. Meanwhile, Intel has spent this year publishing some press releases about why it’s missed a bunch of milestones.

Easily Manage Shared Data Sets with Amazon S3 Access Points | AWS News Blog – This is transformative. Don’t think of it as being “for data lakes,” which nobody self-identifies as having. Instead, view it as highly granular permissions to the same bucket. It’s a brave new world that you’re going to completely ignore and just grant all access to everyone, but let me dream for a minute first.

New – AWS Step Functions Express Workflows: High Performance & Low Cost | AWS News Blog – Why on earth not give this a better name? At a glance, I’d nominate “AWS Sprint Functions.”

New for AWS Transit Gateway – Build Global Networks and Centralize Monitoring Using Network Manager | AWS News Blog – Congratulations to AWS for doing what my employer in 2002 did and hiring a Network Manager.

New – Programmatic Access to EBS Snapshot Content | AWS News Blog – Snapshots get easier to predict, as well as shine a light upon how opaque they’ve been until now.

Now Available on Amazon SageMaker: The Deep Graph Library | AWS News Blog – Thanks to their long necks, Deep Giraffes are well suited for machine learning. It’s hard but not impossible for the crap the space is full of to drown them as a result.


CHAOSSEARCH allows you to turn terabytes of raw data into actionable insights in minutes… literally. If you want to use Elasticsearch APIs but want to spare yourself the constant “my Elasticsearch cluster has fallen over and it won’t get up” moments, check them out. Your data lives in your own S3 bucket, while their magic provides incredibly responsive queries… and you never have to move your data. Reach out to CHAOSSEARCH and tell them I sent you, and also to turn off their caps-lock key. Sponsored

Ooh, Systems Manager Session Manager Dumb Name Manager gets a better CLI client.

A dive into some AWS security tooling that helps map IAM permissions more effectively.

… and that’s what happened Last Week in AWS.

Newsletter Footer

Sign up for Last Week in AWS

Stay up to date on the latest AWS news, opinions, and tools, all lovingly sprinkled with a bit of snark.

"*" indicates required fields

This field is for validation purposes and should be left unchanged.
Sponsor Icon Footer

Sponsor a Newsletter Issue

Reach over 30,000 discerning engineers, managers, and enthusiasts who actually care about the state of Amazon’s cloud ecosystems.