--- title: "Systems Manager Rip-Off Manager" id: "15031" type: "newsletter" slug: "systems-manager-rip-off-manager" published_at: "2025-05-12T14:30:00+00:00" modified_at: "2025-05-12T14:30:00+00:00" url: "https://www.lastweekinaws.com/newsletter/systems-manager-rip-off-manager/" markdown_url: "https://www.lastweekinaws.com/newsletter/systems-manager-rip-off-manager.md" excerpt: "Good Morning! Last week I pointed out a new capability in Systems Manager: Just In Time node access. A couple of you pointed out something that I, in my naïveté, missed completely: it’s also terrifyingly expensive. I confess, I’d have..." --- About the Author Corey is the Chief Cloud Economist at Duckbill, where he specializes in helping companies improve their AWS bills by making them smaller and less horrifying. He also hosts the "Screaming in the Cloud" and "AWS Morning Brief" podcasts; and curates "Last Week in AWS," a weekly newsletter summarizing the latest in AWS news, blogs, and tools, sprinkled with snark and thoughtful analysis in roughly equal measure. Sign up for the Newsletter Stay up to date on the latest AWS news, opinions, and tools, all lovingly sprinkled with a bit of snark. "*" indicates required fields ## [Good Morning](https://bsky.app/profile/quinnypig.com/post/3lojtp6dcgv2o) ! Last week I pointed out a new capability in Systems Manager: [Just In Time node access](https://aws.amazon.com/about-aws/whats-new/2025/04/aws-systems-manager-just-in-time-node-access) . A couple of you pointed out something that I, in my naïveté, missed completely: it’s also terrifyingly expensive. I confess, I’d have assumed this would be free, or close to it. How silly of me! No, it starts at $10 a node per month, which is frankly absurd. Even if you have a use case for this, I suggest not using this implementation until somebody on the Systems Manager team takes the clown nose off and prices it in a way that makes it clear they’re trying to help the customer, not fleece them. ## From the Community Apparently you can use AWS Backup to [enumerate services](https://hackingthe.cloud/aws/enumeration/enumerate_services_via_aws_backup/) . Apparently [IAM roles have IDs beyond their names](https://hackingthe.cloud/aws/general-knowledge/why_recreating_an_iam_role_doesnt_restore_trust_a_gotcha_in_role_arns/) . Ooh, there’s a great community tool now available at [cloud-instances.info](https://leanercloud.beehiiv.com/p/forking-ec2instances-info-as-a-vendor-neutral-alternative-at-cloud-instances-info) ; check out the backstory. Just like Mark Twain’s "A Connecticut Yankee in King Arthur’s Court," my nemesis Rachel Stephens dives into [Heroku in 2025](https://redmonk.com/rstephens/2025/05/02/heroku/) in a man-out-of-time story. My colleague dives into the pleasant reality that [Lambda Logs Just Got a Whole Lot Cheaper*](https://www.duckbillgroup.com/blog/lambda-logs-just-got-cheaper/) . This [study on GenAI](https://www.geekwire.com/2025/generative-ai-tops-cybersecurity-in-2025-tech-budget-priorities-new-aws-study-finds/) is of course sponsored by AWS, and is crap. I [had some thoughts](https://bsky.app/profile/quinnypig.com/post/3lokd4svx5c2dP) on reading through it; save your time and don’t bother. I missed this absolutely brutal [Introduction to the Fundamentals of Amazon Redshift](https://www.redshift-observatory.ch/white_papers/downloads/introduction_to_the_fundamentals_of_amazon_redshift.html) . It’s worth the read. Not having thought their cunning plan all the way through, [Redis ‘returns’ to open source with the AGPL license](https://www.theregister.com/2025/05/01/redis_returns_to_open_source/?td=rt-3a) in the forlorn hope that I’ll stop referring to it as "a proprietary fork of Valkey." The community interest and inertia has gathered behind the one that’s not beholden to a single for-profit corporation, and I don’t see that pendulum swinging back any time soon… Apparently [human error and power glitches are to blame for most outages](https://www.theregister.com/2025/05/07/human_error_a_factor_in/) . Remember, it’s always a Blame Someone Else postmortem. ## Podcasts Last Week In AWS: [How AWS Raises Prices](https://www.lastweekinaws.com/podcast/aws-morning-brief/how-aws-raises-prices/) ## Choice Cuts [Amazon Connect external voice pricing changes](https://aws.amazon.com/about-aws/whats-new/2025/05/amazon-connect-external-voice-pricing-changes) – Will you miscreants please stop announcing pricing changes retroactively? This took effect a full week before this was posted. [AWS Marketplace now supports SaaS products from all deployment locations](https://aws.amazon.com/about-aws/whats-new/2025/05/aws-marketplace-saas-products-deployment-locations/) – This is a bit weaselly. If SaaS products don’t have the "Deployed on AWS" badge, they’re apparently now ineligible for discounting under AWS discount contracts. [Amazon Q Developer elevates the IDE experience with new agentic coding experience](https://aws.amazon.com/blogs/aws/amazon-q-developer-elevates-the-ide-experience-with-new-agentic-coding-experience/) – If any company is going to elevate a user-facing experience, I’ve seen zero evidence that it’s going to be Amazon. Look at the last thirty years and identify a single example where they’ve built a good user interface. You can’t; it’s impossible. [Amazon Q Developer in GitHub (in preview) accelerates code generation](https://aws.amazon.com/blogs/aws/amazon-q-developer-in-github-now-in-preview-with-code-generation-review-and-legacy-transformation-capabilities/) – Amazon Basics Dependabot is now available in preview. Not sure why you’d use this instead of a bunch of other first and third party alternatives that’re superior, but it exists now… [In the works – AWS South America (Chile) Region](https://aws.amazon.com/blogs/aws/coming-soon-aws-south-america-chile-region/) – Hopefully unlike São Paulo, data transfer in this region won’t cost a Brazilian dollars. [Monitoring network traffic in AWS Lambda functions](https://aws.amazon.com/blogs/compute/monitoring-network-traffic-in-aws-lambda-functions/) – Why is it always VPC Flow Logs with these people? I just want to know what’s blowing up my bill this week. [Announcing the end of support for AWS DynamoDB Session State Provider](https://aws.amazon.com/blogs/developer/announcing-the-end-of-support-for-aws-dynamodb-session-state-provider/) – This is a weird deprecation. It’s a library, that’s being replaced by a different library? Odd. I don’t know; I don’t play around with .NET… [WordFinder app: Harnessing generative AI on AWS for aphasia communication](https://aws.amazon.com/blogs/machine-learning/wordfinder-app-harnessing-generative-ai-on-aws-for-aphasia-communication/) – Honestly, I feel like differentiating between AWS service names leads to its own form of aphasia. Tell me you’ve never confused CloudWatch/Trail/Front before… [Accelerating government efficiency with AWS Enterprise Support](https://aws.amazon.com/blogs/publicsector/accelerating-government-efficiency-with-aws-enterprise-support/) – It’s really hard not to read this as the kids over at DOGE taking a whack at AWS’s support charges… [Introducing the AWS Zero Trust Accelerator for Government](https://aws.amazon.com/blogs/security/introducing-the-aws-zero-trust-accelerator-for-government/) – I dunno, feels like in the last few months the US government has done a great job of eroding trust all on its own. ## Tools This is glorious: locally hosted LLM to power your very own [Clippy Desktop Assistant](https://felixrieseberg.github.io/clippy/) . It’s wild to me that Microsoft themselves never leaned into this in any way; it demonstrates the company has absolutely no sense of whimsy, or ability to laugh at itself. … and that’s what happened ***Last Week in AWS.*** ## You might also like [More Newsletter Issues](https://www.lastweekinaws.com/newsletter/) Issue No.468 ### [Multicloud Interconnect and the Great CVE Hunt](https://www.lastweekinaws.com/newsletter/multicloud-interconnect-and-the-great-cve-hunt/) [Read More about Multicloud Interconnect and the Great CVE Hunt](https://www.lastweekinaws.com/newsletter/multicloud-interconnect-and-the-great-cve-hunt/) Issue No.467 ### [S3 Files and an AI-Powered Singing Rat Trap](https://www.lastweekinaws.com/newsletter/s3-files-and-an-ai-powered-singing-rat-trap/) [Read More about S3 Files and an AI-Powered Singing Rat Trap](https://www.lastweekinaws.com/newsletter/s3-files-and-an-ai-powered-singing-rat-trap/) Issue No.466 ### [S3 Gets Vectors, CloudFront Gets SHA-256, You Get the Bill](https://www.lastweekinaws.com/newsletter/s3-gets-vectors-cloudfront-gets-sha-256-you-get-the-bill/) [Read More about S3 Gets Vectors, CloudFront Gets SHA-256, You Get the Bill](https://www.lastweekinaws.com/newsletter/s3-gets-vectors-cloudfront-gets-sha-256-you-get-the-bill/) Issue No.465 ### [Aurora PostgreSQL: Now Free Enough to Be Dangerous](https://www.lastweekinaws.com/newsletter/aurora-postgresql-now-free-enough-to-be-dangerous/) [Read More about Aurora PostgreSQL: Now Free Enough to Be Dangerous](https://www.lastweekinaws.com/newsletter/aurora-postgresql-now-free-enough-to-be-dangerous/)