Good Morning!

Let me begin with an explanation: my 17-year-old dog Ethel passed away shortly before I had to write this newsletter. She was an irascible, cantankerous old weasel of a dog whom I loved very much. Originally I adopted her from the pet rescue that I volunteered at; it wasn’t until years later that I recognized that she rescued me, too.

All of this is to say, I want to apologize in advance if any of my news write-ups below seem off-kilter, too mean, not funny, or anything else. I’m doing the best I can over here. Next week we’ll be back to normal.

From the Community

Tired of egregious egress? Understand why SMBs and Enterprise are relocating their workloads from EC2 to Vultr in droves when you try Vultr’s new Optimized Compute Instances. Starting at $28/mo, you can free yourself from Big Tech’s unpredictable, competitive practices when you deploy in 60 seconds or less today. Redeem $150 in free infrastructure credit for Last Week in AWS readers!

If I see a post titled 10 CloudWatch Logs Insights examples for serverless applications from AWS I’d likely pass on it; coming as this one does from the Cloudash folks, it’s a must-read.

Reading about how some folks describe how to Implement an Uptime Monitor Using AWS Lambda, EventBridge, SNS, and SQS, I realized that I’ve never done a deep dive into kicking the tires on SNS or SQS. I’ve used them as part of ancillary solutions and I’ve obviously analyzed the costing bits of it, but I think I have a new item for my list of services to explore…

If you have an S3 bucket named abc, you’re going to want to check that Reddit thread out. Alternately, just wait for a seven to eight figure surprise in a few weeks.

I’m gratified by how much attention my breakdown of Ubiquiti Teaching AWS Security and Crisis Comms Via Counterexample has gotten. Thanks!

I’m going to guess that unless someone wants to be torn to ribbons, an article titled How I cut AWS Lambda Java Cold Start Times in Half isn’t a one liner about not using Java anymore. There are some super handy tips in this one.


AWS External Security Services (ESS) builds and operates AWS services that help customers get security right. ESS services include Amazon GuardDuty, Amazon Inspector, Amazon Macie, and Amazon Security Hub, with many more to come. This is a fast-paced team with an entrepreneurial spirit and passion for delighting customers with innovative security solutions. Helping customers operate securely is the top priority at AWS and ESS is helping lead the charge.

At Modern Treasury, we are building payments infrastructure to power $750 trillion in bank transfers every year. Before Modern Treasury there has never been a universal API into the global banking system. Our ambition is to be the de facto standard for money movement for the world’s most innovative and fastest growing companies. Our customers use our APIs to automate payouts, direct debits, balance tracking and other payments use cases at scale. Join our engineering team at Modern Treasury to help build the new foundation of business and finance.

Choice Cuts

What can happen when you copy Lambda function code from the Internet and deploy it to your AWS account? Read the Sysdig blog that walks you through a real attack scenario from a black box and white box angle to uncover a vulnerable AWS Lambda function and learn the best practices to mitigate this vector attack.

Amazon EC2 now reduces visibility of public Amazon Machine Images (AMIs) older than two years – Ooh, you mean I’m not going to accidentally spin up a Ubuntu version from 2009 next time?

Amazon Athena adds support for querying Amazon Ion data – I keep forgetting that Amazon Ion (basically protocol buffers except not Googly) exists.

Amazon EC2 now provides a new and improved launch experience on the EC2 Console – This has been in beta for a while and I really enjoyed using it. It took a bit of hunting around the first time I used it to track down where a few things are, but this is superior in every way to the old version. Well done.

Amazon EKS, Amazon EKS Distro, and Amazon EKS Anywhere now support Kubernetes version 1.22 – Microsoft’s infamous "Patch Tuesday" is a thing of the past thanks to Kubernetes, now go enjoy "Patch Q2" instead.

AWS releases version 2.0 of the Amazon Pinpoint API for expanded support of SMS and voice channels – "This release also includes a new SDK for sending SMS and voice messages called Amazon PinpointSMSVoiceV2 SDK" because we have apparently given up completely on naming things well, even on rename.

Amazon Route 53 now offers usage-based pricing for resource records above the free tier limit – This is awesome. Instead of suddenly slamming into a hard per-zone limit that you need to reach out to Support to get raised, it now will simply start charging you for them. This is revolutionary for Route 53 table design!

Amazon WorkSpaces launches APIs to allow custom branding – Using your own brand provides a familiar look and feel when users access your WorkSpaces, making it easier to phish your own employees.

AWS Backup adds support for VMware Cloud on AWS Outposts – This will be worth every penny when you inevitably cheap out on generator maintenance and burn your data center down.

AWS Compute Optimizer Supports 66 New EC2 Instance Types – Y’know, the answer to "who can possibly disambiguate between all of AWS’s offerings" is probably "another AWS offering" come to think of it…

AWS Announces Data Transfer Price Reduction for AWS PrivateLink, AWS Transit Gateway, and AWS Client VPN services – This is going to counterintuitively piss you off. You won’t see your price for these services drop at all. You may however see your cross-AZ data transfer bill plunge and only now realize just where it was coming from.

Couchbase Capella DBaaS is flexible, full-featured, and fully managed with built-in access via K/V, SQL, and full-text search. Flexible JSON documents align to your applications and workloads. Build faster with blazing fast in-memory performance and automated replication and scaling, while reducing costs. Try it today for free and be up and running in 3 minutes—no credit card required.

AWS announces integration between AWS AppConfig Feature Flags and Atlassian’s Jira Cloud – Uh… is this why Atlassian took a multi-day cloud outage last week? TURN THE FEATURE BACK OFF!

AWS Security Hub now supports specifying names for custom integrations – Exciting times! AWS admits it’s bad at naming things, agrees to let customers take a whack at it.

Announcing AWS Lambda Function URLs: Built-in HTTPS Endpoints for Single-Function Microservices – Yay, the thing they released at re:Invent, deactivated, then never publicly made a statement about is now out for real.

Introducing Protocol buffers (protobuf) schema support in Amazon Glue Schema Registry – This feels like it’s going to open a LOT of doors for integrations to me.

Introducing global endpoints for Amazon EventBridge – Ooh. Suddenly a new service that just works without having to control for various regions appears on the horizon…

Scale applications using multi-Region Amazon EKS and Amazon Aurora Global Database: Part 1 – There’s never been a better way to scale your AWS bill. Wait, that’s not true. This isn’t just expensive, it’s also a LOT of work!

How to Create Great Customer Experiences Powered by Zendesk on AWS – Gotta say, every time I see a support site hosted off-site on the Zendesk domain I know I’m not in for anything approaching a Great Customer Experience.

Simplify development using AWS Lambda container image with a Serverless Framework – "A" Serverless Framework, not the Serverless Framework that we all know and love? I’m less than confident here.

What you missed at the AWS Summit Brussels keynote – …I’ve been looking for an excuse to visit my brother in Brussels for a while now, but I only find out that AWS had an entire summit there after the fact? Dear lord.

LinkedIn: Amazon is #1 company where Americans want to work in 2022 – Congratulations to Amazon for beating out some close competitors such as… Wells Fargo? The company that had a systemic fraud problem and thought that firing 3500 employees would fix it?


While AWS doesn’t like to talk about it, this multi-cloud thing is…well a thing. This is where MinIO comes in. MinIO’s high performance, Kubernetes-native object store works on every cloud – literally all of them from AWS to Zayo. This means you can build S3-like data infrastructure anywhere. The world’s fastest object store with READ/WRITE speeds in excess of 325 GiB/sec/165 GiB/sec respectively, MinIO can handle any workload – from modern databases to AI/ML and advanced analytics. Couple that with a suite of enterprise features for ILM, IAM, security and resilience and organization can architect consistency for their data persistency – across and between clouds. Don’t take our word for it, see for yourself at

I somehow didn’t realize until last week that aws-nuke was not the same thing as cloud-nuke. You probably don’t want to run either of them in production.

… and that’s what happened Last Week in AWS.

Newsletter Footer

Sign up for Last Week in AWS

Stay up to date on the latest AWS news, opinions, and tools, all lovingly sprinkled with a bit of snark.

"*" indicates required fields

This field is for validation purposes and should be left unchanged.
Sponsor Icon Footer

Sponsor a Newsletter Issue

Reach over 30,000 discerning engineers, managers, and enthusiasts who actually care about the state of Amazon’s cloud ecosystems.