Good Morning!

Thanks to Ian Wolfe, Philip Wigg, Mike Graff, Ibrahim Cesar, and Dima El-Charif for being the first 5 people to make a new referral to this newsletter when I mentioned it a couple of weeks ago. We recently launched our updated referral program and the top tier is an all expenses paid trip to San Francisco to have dinner with me; part of me thinks the better prize would be to give you a pass to not have to spend a dinner tolerating me at all.

Another week has come and gone, along with a disturbing number of new ways to run containers on AWS. Read on…

From the Community

Are you struggling to determine what analytics workloads can perform well in the data lake, and which ones should be pushed to the data warehouse for peak performance? According to Gartner, you’re not alone. But thankfully, a category of technologies that Gartner calls “analytics query accelerators” are here to help. Get your free copy of the new Gartner Market Guide Analytics Query Accelerators, courtesy of ChaosSearch. Learn how analytics query accelerators provide SQL or SQL-like query support on a broad range of data sources to deliver BI dashboards, interactive query capabilities, and support for data modeling. Help your data lake deliver faster time to value – get the free Gartner report, courtesy of ChaosSearch, today!

It’s super interesting to see the design considerations that went into Aurora past "get us the hell off of Oracle as fast as possible."

I really like Daniel Compton’s take on Google’s price hike. I just can’t wrap my head around the logic…

I really can’t top this title: Its Always Sunny in us-east-1: The gang does business continuity is just awesome no matter how you slice it.

The reaction to my article on Google Cloud’s price hikes has basically been "the only people who aren’t horrified work at Google."


Aptible is building a multi-cloud PaaS with powerful security and compliance guardrails baked in. Our platform is used every day by thousands of developers across hundreds of startups in order to ship complex architectures without needing to stop and think about security, compliance, or IaaS best practices. Help us build the future of cloud deployment! We’re hiring principal and senior software engineers, DevRel, and more. (Psst: we target 90th percentile salaries and post total comp directly in the job description.)

Amazon Elastic Container Service (Amazon ECS) is a fully managed container orchestration service that helps you easily deploy, manage, and scale containerized applications. It deeply integrates with the rest of the AWS platform to provide a secure and easy-to-use solution for running container workloads in the cloud and now on your infrastructure with Amazon ECS Anywhere. Amazon ECS leverages serverless technology from AWS Fargate to deliver autonomous container operations, which reduces the time spent on configuration, patching, and security. Instead of worrying about managing the control plane, add-ons, and nodes, Amazon ECS enables you to rapidly build applications and grow your business.

At Modern Treasury, we are building payments infrastructure to power $750 trillion in bank transfers every year. Before Modern Treasury there has never been a universal API into the global banking system. Our ambition is to be the de facto standard for money movement for the world’s most innovative and fastest growing companies. Our customers use our APIs to automate payouts, direct debits, balance tracking and other payments use cases at scale. Join our engineering team at Modern Treasury to help build the new foundation of business and finance.


Last Week in AWS: Conducting the AWS Billing Train

Last Week in AWS: Google Cloud Alters the Deal

Last Week in AWS: Is Okta Gone?

Screaming in the Cloud: Cribl Sharpens the Security Edge with Clint Sharp

Screaming in the Cloud: The Multi-Colored Brick Road to the Cloud with Rachel Dines

Screaming in the Cloud: Throwing Houlihans at MongoDB with Rick Houlihan

Choice Cuts

While AWS doesn’t like to talk about it, this multi-cloud thing is…well a thing. This is where MinIO comes in. MinIO’s high performance, Kubernetes-native object store works on every cloud – literally all of them from AWS to Zayo. This means you can build S3-like data infrastructure anywhere. The world’s fastest object store with READ/WRITE speeds in excess of 325 GiB/sec/165 GiB/sec respectively, MinIO can handle any workload – from modern databases to AI/ML and advanced analytics. Couple that with a suite of enterprise features for ILM, IAM, security and resilience and organization can architect consistency for their data persistency – across and between clouds. Don’t take our word for it, see for yourself at

Amazon Chime SDK now supports sessions with up to 10,000 live participants – …and 40 dead ones.

Amazon EC2 Auto Scaling instance lifecycle states are now available via the Instance Metadata Service – It’s now apparently a best practice to spam the crap out of the IMDS endpoint every five seconds on all of your nodes.

Amazon RDS supports itemized billing for RDS Storage, IOPS and backup features – I’ve been continually bemused that this wasn’t a thing until now. This is going to force a reckoning in some quarters, I suspect.

AWS Cost Anomaly Detection now supports resource and tag based access management – I’ve never been much of a fan for keeping cost information hidden from folks, but okay; I guess this is a good thing?

AWS Panorama applications now support receiving inbound messages over the local area network – …oh no, this thing runs containers, doesn’t it.

AWS Support streamlines cases via Connector for Jira Service Management – Honestly I’d buy JIRA just for better AWS Support case management functionality, particularly cross-account.

Migrating petabytes of data from on-premises file systems to Amazon FSx for Lustre – It’s counterintuitive, but the inverse of this post would absolutely exude confidence. "Here’s how you migrate a workload out of AWS. We’re confident we’re the best place for it to live, but if you disagree we certainly won’t stand in your way." Of course, they don’t do that. In fact, they make inbound data transfer free, but outbound incredibly expensive. It’s a choice, but not the one that speaks to a level of confidence one would probably expect from a market leader…

Migration updates announced at re:Invent 2021 – The irony of the "migrating to cloud" group’s round-up announcement being four months after the fact is not at all lost upon me.

AWS Lambda Now Supports Up to 10 GB Ephemeral Storage – I wonder at which point Lambda and EC2 instances become basically indistinguishable from one another.

What to consider when migrating data warehouse to Amazon Redshift – "Cost" is not called out as an explicit concern, which does not in any way match the experience of any customer to whom I have ever spoken.

Choosing the right solution for AWS Lambda external parameters – My article on managing secrets with AWS offerings nailed all of these except AppConfig. I don’t really think that’s what it’s intended to do, so thumbs up; I endorse this post.

Couchbase Capella DBaaS is flexible, full-featured, and fully managed with built-in access via K/V, SQL, and full-text search. Flexible JSON documents align to your applications and workloads. Build faster with blazing fast in-memory performance and automated replication and scaling, while reducing costs. Try it today for free and be up and running in 3 minutes—no credit card required.

AWS Proton Terraform Templates – A question for you, dear reader: does this count as a second way to run containers within Proton, or should "multiple ways within AWS Proton" still only count as one? This is IMPORTANT.

Streaming Kubernetes Events in Slack – Good thing Slack doesn’t charge by the message. Of course, if they’re serverless or adjacent, they absolutely get billed by AWS by the message–but that’s their problem, not yours. Right?

Deploy Amazon RDS databases for applications in Kubernetes – One thing AWS has always gotten right is to use a managed database service for your Kubernetes adventures. "You can run databases inside of Kubernetes!" exclaim people who will absolutely not be around when that inevitably implodes.

AWS Announces AWS GameKit for Unreal Engine – This is really interesting, not least because as best I can tell there’s no direct way to use this thing to run containers.

Optimize customer engagement with reinforcement learning – I’m going to pretend that this has nothing whatsoever to do with Machine Learning® and is instead predicated on the truth that customers will engage more or less with your offering depending upon the lessons they learn when doing so.

Launch Microsoft Windows Server instances on Amazon EC2 up to 65% faster than before – Many, many years ago I was a Windows admin. Those things took forever to boot up. Almost twenty years later I’m dismayed to learn that they still take an average of 282 seconds, but this solution can get that down to just over a minute.

Migrating Microsoft Azure SQL DB to Amazon Aurora MySQL-Compatible Edition – If I were migrating a Microsoft SQL database from Azure into Aurora MySQL on AWS, the absolute last thing I would do is attempt both of those simultaneously. It’d spend some time first as either MS SQL on AWS, or as MySQL on Azure.

Running multicast-enabled containers on AWS – I didn’t realize that Transit Gateway spoke multicast and now my entire understanding of VPC networking once again lies in tattered ruins.

Available now: The 2022 AWS IMAGINE Grant opens funding for nonprofits – AWS is making credits and actual money (wait, REAL money?!) available to select non-profits. Just remember: AWS resources never turn themselves off, and credits and real money alike do eventually run out.

New beta exam: AWS Certified Advanced Networking – Specialty – On the one hand, I’m tempted to take this. On the other I’m not a huge fan of getting my own butt handed to me by standardized tests. Decisions, decisions.


Introducing the DevSecGuide to Infrastructure as Code! In this developer’s pot of security automation gold, you’ll find research on the state of IaC security, practical steps for embracing a DevSecOps culture, and key tips for embedding frictionless security throughout the entire development lifecycle. Don’t rely on luck to keep your code secure. Download the DevSecGuide for free!

eksctl is a CLI tool to make it easier to run containers via EKS on AWS. It’s not really "another way to run containers on AWS" as such, it just makes an existing one way less crappy.

Configuring a VPN server is hard due to their complexity and vast knowledge of certificate and networking required. You can spend the next 6 months setting up an OpenVPN server and fine tuning it. Or you can just use our solution and be up and running within 3 min. Not to mention that we have built in reliability into the product – it mimics the Serverless ideology. 0x4447 VPN Server using OpenVPN® on the AWS Marketplace

… and that’s what happened Last Week in AWS.

Newsletter Footer

Sign up for Last Week in AWS

Stay up to date on the latest AWS news, opinions, and tools, all lovingly sprinkled with a bit of snark.

"*" indicates required fields

This field is for validation purposes and should be left unchanged.
Sponsor Icon Footer

Sponsor a Newsletter Issue

Reach over 30,000 discerning engineers, managers, and enthusiasts who actually care about the state of Amazon’s cloud ecosystems.