Good morning!

Welcome to issue number 72 of Last Week in AWS.

A few interesting releases from the CloudFormation team last week– I’m pleased. This week I’ll be in Anaheim for the AWS Summit. If you’re around, let me know– I’d love to meet you! If you have better places to be than Southern California, watch for my sarcastic livetweeting of the keynote– and I’ll be in Germany next week.

It’s 3 in the morning, and you’re fast aslee– WAKE UP, CHUCKLES! One of your 50 web servers failed a health check, so it’s time to wake up, log in, and manually pull it out of the rotation. If this is a familiar story for you, take a look at new sponsor OpsGenie. If you’re deluged by alerts, but ignoring them and hoping they stop isn’t viable due to pesky reasons such as “not wanting to get fired,” you owe it yourself to see if their model might work for your operations. Thanks to OpsGenie– because being on-call shouldn’t be inhumane.

Community Contributions

Cloudonaut has a good writeup on Encrypting sensitive data stored on S3 | cloudonaut. Unfortunately his chart is missing the “who sets the permissions improperly and exposes your data to the world” column.

A look into how Quora manages converting their Reserved Instance purchases. Look at this a minute. “First we define a new metric” is how this always goes. Then they acknowledge they’re losing money on the transaction. Plus, look at how much work went into this post, let alone the system it describes. Lastly, consider that this is economically viable, and you start to get a glimpse into just how complex and confusing AWS economics can be.

If you’ve ever set up OpenVPN so you could connect into a VPC, you likely found that there wasn’t a great way to do it programmatically. This article takes a stab at building a fault-tolerant OpenVPN installation, but it still feels overly engineered.

Someone has gone on a deep dive into the ins and outs of Amazon’s preview of Bring Your Own IP. This is handy since the official documentation of how this all works doesn’t exist.

I put keyboard to blog and wrote a finance-side perspective for engineers around multiple AWS accounts, in The Post AWS’s Billing Team Could Have Written But Didn’t. I’d like to hear what you think of it; if this type of content is useful to you I’ll write more of it.

CFripper serves as a static code security analyzer for CloudFormation scripts. I’m interested; what do other folks think?

A thorough dive into the sharp edges of using Amazon SQS as a Lambda event sourcemeans that maybe you won’t have to figure out the painful parts yourself.

A Cloud Guru has an interview with Tim Allen Wagner as he attempts to explain the unexplainable: why he left running AWS Lambda to take a role at Coinbase. COME BACK TIM!

A tale of what happened when someone published their AWS credentials to GitHub. If you’re too lazy to click, the takeaway is “don’t do that.”

Jay Gordon has left MongoDB to go work for Microsoft doing we-know-not-what. Before he left, I got to catch up with him on Screaming in the Cloud Episode 23: Most Likely to be Misunderstood: The Myth of Cloud Agnosticism.

A nice roundup of ten distinct Lambda Use Cases for those just dipping their toes into the swirling maelstrom that is Serverless.

Vanity Fair has an article discussing how the Pentagon’s JEDI contract feels custom built for Amazon. I’m torn; while I think there’s a problem with any one company amassing too much power, I’m unsure who else would be able to deliver as well as AWS for a project like this.

Perhaps you’re secretly wondering what the point of a CDN is– I know I spend time musing that particular question whenever the power goes out. After all, there are a few points against them: isn’t most content dynamic in 2018? Isn’t managing SSL with them a nightmare? Why would I use CloudFront when it’s often faster just to book and take a trip to the city I’m trying to deploy to? Returning sponsor DigitalOcean answers these questions and more in this vendor agnostic guide to CDNs and their modern uses. I learned a lot from this, and I suspect you will too. Thanks again to DigitalOcean for their continuing support of this ridiculous newsletter.

Choice Cuts From the AWS Blog

Amazon Aurora with PostgreSQL Compatibility Supports Auto Scaling Replicas – Aurora’s Postgres engine continues to feel like it’s a bit of an afterthought compared to MySQL.

Amazon ECS Now Supports Docker Volumes and Volume Plugins – If this works for Fargate as well, it may become a use case for EFS that isn’t horrifying. Can anyone confirm whether it does?

Amazon Elasticsearch Service now supports zero downtime, in-place version upgrades– Unfortunately you’ll still have to suffer downtime to upgrade off of Amazon ElasticSearch and onto something that actually meets your needs, including your own ElasticSearch cluster.

AWS CloudFormation Supports AWS Systems Manager Secure String Parameters in CloudFormation Templates – I’ve been using SSM for most of my secure variables such as API tokens already; it’s nice that CloudFormation supports this now. I’ll have to migrate the rest of my sensitive variables over from the open S3 bucket in which they currently reside.

AWS Direct Connect now in Kansas City, MO – I too will be in Kansas City come October, but you don’t see me writing a blog post about it.

How Amazon DynamoDB adaptive capacity accommodates uneven data access patterns (or, why what you know about DynamoDB might be outdated) | AWS Database Blog – After Segment’s Million Dollar Engineering Problem blog post, it feels as if AWS is struggling how to articulate that the problem is now fixed without calling undue attention to the fact that the problem existed in the first place.

What is Continuous Delivery? I’m simple and loud noises scare me, so I always figured this was something that everyone else already knew. It turns out that there’s a lot of confusion around what “CD” is and when it’s appropriate. Sponsor GoCD (from ThoughtWorks) has a video series that explains the concept better than any other resource I’ve ever seen, and gives you a decent on-ramp to CD concepts. I recommend taking a few minutes to see if you agree. Go now; I’ll wait here. Thanks again to GoCD for their continuing support of this newsletter.


Serverless Observability (Observerlessibility) company Epsagon has open sourced a Lambda function cost forecaster that tells you what your function is likely to cost you.

Yet another CloudFormation JSON and YAML Validator.

A Lambda function that manages your volume snapshots is a depressing thing to need in 2018, but here you go just the same.

…and that’s what happened Last Week in AWS.

Newsletter Footer

Sign up for Last Week in AWS

Stay up to date on the latest AWS news, opinions, and tools, all lovingly sprinkled with a bit of snark.

"*" indicates required fields

This field is for validation purposes and should be left unchanged.
Sponsor Icon Footer

Sponsor a Newsletter Issue

Reach over 30,000 discerning engineers, managers, and enthusiasts who actually care about the state of Amazon’s cloud ecosystems.