Good Morning!

From the department of "oh, right; that’s a thing" I’ve revised the Last Week in AWS referral program. I tossed in some new rewards, most notably the high tier "I will fly you to San Francisco, put you up in the city for a day, and take you out for an out-of-this-world dinner to talk about whatever your heart desires" option. [See the revised tiers here.]({{ subscriber.rh_subid }}) Plus, because I’m feeling plucky, the first 5 people to make a new referral will get a shout out in next Monday’s newsletter.

From the Community

You’ve heard of March Madness – now experience March Chaos as ChaosSearch brings you three great March events, including a chance to win $1000 – whoohoo! Join us, along with Constellation Research’s Doug Henschen, for our March 8th webinar: Choosing the Right Cloud Data Platform. Put your Kibana skills to the test and join us for the Kibana Challenge on March 9th. This 1-hour online event will allow you to test out your application troubleshooting and anomaly detection skills as you hunt through ChaosSearch’s data lake platform. Multiple Visa gift cards will be awarded! Join us for our virtual AWS Immersion Day on March 23rd for a hands-on instructor-led workshop that will show you how to rapidly process and analyze logs, enabling data-driven decisions.

I’m annoyed at the answer to How to create a security group allowing traffic from CloudFront only. I really, really want to be able to restrict traffic more easily.

This dive into serverless patterns and various AWS options is fascinating; I didn’t expect it to come from Goldman Sachs. Everyone knows that’s a credit card company!

I find myself really digging this Better Structlog Processor for Python for CloudWatch Logs. The way that Lambda outputs to CloudWatch Logs really, really doesn’t work well for me as it stands.

I’m a big believer in ClickOps, but you’ve gotta know it’s happening. I was delighted to see ClickOops, a Lambda that tells you when people use the console.

A dive into Organization Design at Amazon. It explains a fair bit about why some of their services are the peculiar way that they are.

I saw a rant about Just say no to :latest and it really resonated since I was having a problem with a build I couldn’t easily reproduce due to this precise problem.

Amazon has announced a 20-for-1 stock split, along with a $10 billion buyback. It’s been a long time since something like this happened over there. At the same time, AWS has announced a 20-for-1 services split, meaning there are now 340 services that all run containers on AWS.

I know I periodically drag Amazon for creating crappy knock-offs of things customers actually want, like DocumentDB. I’ve gotta say, the US congress is better at it than I am.

My post on Handling Secrets with AWS apparently didn’t get me yelled at for a change. I’m stunned!

El Reg has an article summarizing a bunch of anecdata of the form of a number of non-profits saying AWS cut their free credit grants this year. Honestly the surprising part to me was that they offered such a thing at all; it’s DEEPLY buried.


Amazon API Gateway is a fully managed service that makes it easy for developers to create, publish, maintain, monitor, and secure APIs at any scale. APIs act as the "front door" for applications to access data, business logic, or functionality from your backend services. Using API Gateway, you can create RESTful APIs and WebSocket APIs that enable real-time two-way communication applications. API Gateway supports containerized and serverless workloads, as well as web applications.

Aptible is building a multi-cloud PaaS with powerful security and compliance guardrails baked in. Our platform is used every day by thousands of developers across hundreds of startups in order to ship complex architectures without needing to stop and think about security, compliance, or IaaS best practices. Help us build the future of cloud deployment! We’re hiring principal and senior software engineers, DevRel, and more. (Psst: we target 90th percentile salaries and post total comp directly in the job description.)

Amazon Web Services provides a highly reliable, scalable, low-cost infrastructure platform in the cloud that powers hundreds of thousands of organizations in 190 countries around the world. As part of AWS, The Government Transformation Team (GTT) has the exciting opportunity to influence and innovate products harnessing the power of the cloud that will be used around the world by our public sector customers. This team is building products that governments will drive the digital transformation journey of tomorrow for public sector customers.

At Modern Treasury, we are building payments infrastructure to power $750 trillion in bank transfers every year. Before Modern Treasury there has never been a universal API into the global banking system. Our ambition is to be the de facto standard for money movement for the world’s most innovative and fastest growing companies. Our customers use our APIs to automate payouts, direct debits, balance tracking and other payments use cases at scale. Join our engineering team at Modern Treasury to help build the new foundation of business and finance.

Choice Cuts

While AWS doesn’t like to talk about it, this multi-cloud thing is…well a thing. This is where MinIO comes in. MinIO’s high performance, Kubernetes-native object store works on every cloud – literally all of them from AWS to Zayo. This means you can build S3-like data infrastructure anywhere. The world’s fastest object store with READ/WRITE speeds in excess of 325 GiB/sec/165 GiB/sec respectively, MinIO can handle any workload – from modern databases to AI/ML and advanced analytics. Couple that with a suite of enterprise features for ILM, IAM, security and resilience and organization can architect consistency for their data persistency – across and between clouds. Don’t take our word for it, see for yourself at

Amazon Aurora supports Multi Major Version Upgrade to Aurora PostgreSQL 11 and higher – Holy hell. "Skipping multiple major version upgrades as you bring your production database up to current after six years of neglect" is the kind of stuff that still gives me the cold sweats a decade or two after the last time I was foolhardy enough to try such a thing.

Amazon DynamoDB increases default service quotas to simplify use of large numbers of tables – Being able to spin up 2500 DynamoDB tables before requesting a quota increase is of course a fundamental part of AWS’s vaunted Single Table Design philosophy.

Amazon EC2 adds new AMI property to view timestamp of the latest instance launch using the AMI – Finally, an end to the bad old days of "worrying that you’re about to delete old data and inadvertently destroy an autoscaling group that depends on a particular ancient AMI."

Amazon Genomics CLI adds the Snakemake workflow management system – "Snakemake" and "Genomics CLI?" NO THANK YOU SIR OR MA’AM.

Amazon S3 account-level block public access now extends to Lightsail buckets – Lightsail (motto: "DigitalOcean for AWS") finally gets a sorely needed bit of feature parity with AWS (motto "DigitalOcean for Rocket Scientists").

A 10-Step Approach to Mainframe-to-AWS Modernization and Migration – I’m particularly partial to step 2 ("update your resume"), step 6 ("negotiate the offer letter"), and step 10 ("enjoy your new job where there isn’t a mainframe") myself.

Software powers the world. LaunchDarkly empowers all teams to deliver and control their software. DevOps and feature management are reimagining how businesses build and release new products. Get control of your code to ship fast, reduce risk, and reclaim your nights and weekends. Learn how your team can reap the rewards of Continuous Delivery without all of the risk. Check out LaunchDarkly.

AWS attempts to validate my market for me with the relaunch of AWS Week in Review after a brief five year hiatus.

Amazon SageMaker Autopilot now supports time series data – Wow, SageMaker barely lost out to Neptune (AWS’s timeseries database offering that took years between launch and availability) on timeline for supporting time series data.

How The Barcode Registry detects counterfeit products using object detection and Amazon SageMaker – This sounds awesome! Maybe they can sell this solution to the underpants store side of Amazon so they stop sending me counterfeit Fruit of the Looms?

Secure Amazon S3 access for isolated Amazon SageMaker notebook instances – The VPC Endpoint mentioned here for S3 is key. Without it (and I assure you, it is in fact free!) you’re instead shoving traffic through the dreaded Managed NAT Gateway. You don’t want to do that.

Gaining more control over Multi-Regional AWS CloudFormation deployments – …okay hold the phone. Step Function state machines to do multi-region deployments are potentially the answer to something rather vexing that I’ve been struggling with for a while. More to come on this…


Configuring a VPN server is hard due to their complexity and vast knowledge of certificate and networking required. You can spend the next 6 months setting up an OpenVPN server and fine tuning it. Or you can just use our solution and be up and running within 3 min. Not to mention that we have built in reliability into the product – it mimics the Serverless ideology. 0x4447 VPN Server using OpenVPN® on the AWS Marketplace

I was gobsmacked to see a tweet telling me that git switch is now a thing that walks the world. It’s amazing; "oh no I’m on the wrong branch" migrates all of your new work to the branch you switch to, saving you a few extra commands and frantic googling.

… and that’s what happened Last Week in AWS.

Newsletter Footer

Sign up for Last Week in AWS

Stay up to date on the latest AWS news, opinions, and tools, all lovingly sprinkled with a bit of snark.

"*" indicates required fields

This field is for validation purposes and should be left unchanged.
Sponsor Icon Footer

Sponsor a Newsletter Issue

Reach over 30,000 discerning engineers, managers, and enthusiasts who actually care about the state of Amazon’s cloud ecosystems.