Good Morning!
Last week’s article on what Parler’s facing if it rebuilds basically took the internet by storm. With only a dozen scathing emails from people swearing they “would never read my garbage again” (note that they were not subscribed in the first place), I consider that a success.
Slowly, slowly it feels like the internet is returning to normal. Tech news is starting to come out again, GCP and AWS are slapping at each other ineffectually via hamfisted marketing campaigns, and the Twittersphere is SLIGHTLY calmer. Onward!
From the Community
This issue is sponsored in part by my friends at ChaosSearch! As you know, log analytics with an ELK Stack is: A. Expensive at scale; B. Unstable at scale; C. Time-sucking at scale; D. All of the above. Now try ChaosSearch – a fully managed log analytics platform that leverages your Amazon S3 as a data store. ChaosSearch means no data movement, no data retention limits and savings of up to 80% vs an ELK Stack. Are you tired of your ELK stack falling over, or of having your data retention squeezed by increasing costs? With ChaosSearch, just Store, Connect & Analyze for insights at scale (and tell them Corey Quinn sent you)! Sponsored
VM Brasseur points out that given Elastic’s license shift to the not-open-source SSPL, the argument could be made that Elasticsearch and Kibana are now business risks.
Lydia Leong raises the truly excellent point that Terms of Service and enforcement thereof in the modern era has a direct lineage to the (email) Spam Wars of the 90s.
Every time I read something that Lydia Leong (Gartner VP / Distinguished Analyst) writes, I feel a sense of bittersweet “this is wonderful, and I’m sad I didn’t write it myself.” This post on whether or not cloud service agreements are safe is a great example.
The SummitRoute AWS Security Maturity Roadmap is out for 2021. I dig Scott Piper’s work.
The fact that AWS employees need to be vigilant after banning Parler says a lot about some fringe elements of society–none of it good.
Telco is dragging their feet on embracing public cloud. TelcoDR’s Danielle Royston argues that they should absolutely not be doing this.
I can’t figure out whether the constant tug-of-war over where Zoom runs its workloads is cloud companies trying to claim it or disavow responsibility for it.
Jobs
If you’ve got an interesting job for this newsletter’s eminently employable subscribers, get in touch!
Choice Cuts
Need to classify and protect sensitive data in AWS? Is Amazon Macie just too expensive and inadequate for your use case? There are good reasons why AWS users are flocking to Open Raven. Discover, classify, map, and monitor sensitive data risks in AWS, continuously and in real-time. Operationalize data loss protection and compliance, end-to-end. Request a demo to see how Open Raven is better, faster, cheaper than Amazon Macie. Sponsored
Amazon EC2 API now supports Internet Protocol Version 6 (IPv6) – This is exciting news, and also the root cause of some weird timeouts some folks with broken ipv6 configurations are undoubtedly seeing start to crop up.
Amazon Fraud Detector launches ability to cancel in-progress model trainings – This saves a bunch of money on misconfigured training runs, which apparently were themselves being classified as fraud.
Announcing New Segmentation Capabilities for Amazon Pinpoint – Capabilities like this worry me. My abilities to send segmented emails to this list are less “users between the ages of 18 and 24 that joined after a certain date with a lifetime value of more than $500” (to quote the post’s example) and more “have a gmail address.” This is very much an intentional choice not to track my audience because that is creepy.
AWS Snowcone now supports multicast streams and routing by providing instances with direct access to external networks – An awful lot of people have a list of services that they wish supported multi-cast. “A box that sits on your desk” is usually dead last on that list.
How to estimate your AWS WAF and AWS Shield Advanced cost? – When the “how to estimate your costs” post requires you to use Athena, multiple complex SQL queries, the AWS console, and AWS Glue in order to arrive at an estimate you know the pricing team gave up, went home, and just accepted that snarky comments like this one would be the price of doing business. I do wonder how they estimated that price, though.
Introducing message archiving and analytics for Amazon SNS – The existing analytics for SNS have proven too depressing, since they’re really just “the bill.”
Cross-account replication with Amazon DynamoDB – Without clicking, stop and think for a minute. What’s the dumbest possible way you could imagine to achieve this? If your answer isn’t at least as dumb as “export the table to S3, then re-import it in the destination account” you need to Think Bigger.
Deploying AWS Step Functions using GitHub Actions – “Why would you use GitHub Actions instead of AWS Code(Pipelines|Build|Deploy|Star)?” “Go use GitHub Actions and you’ll be able to answer your own question.”
NEW in Amplify DataStore: Selective sync and sort functionality | Front-End Web & Mobile – “Implement Quicksort on a whiteboard. Good work, congratulations, you passed. Welcome to AWS! Now implement Quicksort in one of our production products.”
How AWS is helping to secure internet routing – This doesn’t solve everything, but it does make accidental BGP route announcements far less likely to materially break part of the internet. us-east-1 has that one covered for you.
Amazon WorkSpaces supports CAC/PIV smartcard authentication – This is exciting news for my ability to securely play Skyrim on an Amazon Workspace one of these days.
Now available: The AWS Nonprofit Credit Program – This sounds awesome. Okay, it’s only for $2K, which is still better than nothing. What do I have to do to get it? Redirect to a third party site that charges a $175 “Admin fee” for the program because AWS apparently doesn’t want to bother running this themselves? I’d award them an “at least you tried” except for the part where they very clearly didn’t.
Tools
Gaining control of your cloud shouldn’t slow you down. That’s why cloudtamer.io gives you cloud control that won’t impact progress and innovation. You get a single solution to control cost, increase visibility and automation, and reduce risk. Think of it as your cloud governance multi-tool. One solution, many capabilities. Learn more and get 30 days free. Sponsored
An open source project called Leapp is a desktop tool that securely generates temporary cloud credentials. Picture “aws-vault with a desktop client” and you’re close.
JuiceFS is a POSIX filesystem built on top of S3 and Redis and should be immediately burned to the ground and never spoken of again.
Thanks to gping it appears that 40 years later ping gets a graphic designer.
… and that’s what happened Last Week in AWS.
