Good morning!

Welcome to issue number 114 of Last Week in AWS.

As always, you can listen to an audio version of this issue at the AWS Morning Brief. Last week was the Public Summit in DC, so a lot of releases from years ago made it to GovCloud last week. Next week I’ll be in Boston for the inaugural reInforce conference; I hope to see some of you there.

This issue is sponsored in part by Site24x7, a full-stack monitoring service by Zoho.

Site24x7’s powerful features not only enables you to gain insight into the resource usage of your AWS hosted infrastructure but can also tell you how much they are costing your organization. So you get to kill two birds in one stone, without blowing your IT budget. Give it a try.

This week’s issue is sponsored in part by LightStep.

With distributed systems, the current state of most monitoring rounds down to “Observerless.” Meet LightStep. LightStep offers complex APM for modern applications. Designed with modern, high-scale, high-traffic architectures in mind, LightStep makes it easy to spot, diagnose, and solve performance issues.

From the Community

A handy cheatsheet for how to think about Reserved Instances.

Cloudonaut has an alarmist yet interesting article titled AWS SSM is a trojan horse: fix it now!. It’s worth perusing if you care about security–but you probably don’t.

A mostly accurate list of AWS costs every programmer should know. It’s great back-of-envelope calculation fodder.

A list of undocumented Amazon S3 APIs and third-party extensions. This can be very handy for some tools work, but beware–you can’t necessarily depend on these continuing to work.

This is a fascinating how-to on deduplicating SQS messages. That’s more work than you probably think it is…

A dive into the proper way to implement various failover strategies with Route53.

This is a cheat-sheet style blog post about what various AWS networking elements do, and what you should know about them.

I was quoted in a blog post about Azure Front Door. While I was talking about Azure, the things I allude to map to every provider. Plus, it’s my newsletter, so you’ll have to tolerate me linking to things that mention me.

A basic integration between Amplify and Cognito. It’s a bit sad that articles like this need to be written third party.


If you’ve got an interesting job for this newsletter’s eminently employable subscribers, get in touch!

Amazon has an on-demand call center offering. While it sounds like something I’d make up to screw with people, it does in fact exist, and it’s called Amazon Connect–and they’re hiring in Seattle, Vancouver, and NYC. If you’re interested in working on the future of modern telephony, check out what the Amazon Connect team is up to. Somewhat suspiciously, you can’t apply via telephone…

Choice Cuts

New AWS Partner Network Program, Authority to Operate on AWS – This is huge for government contractors, huge for governmental customers, and irrelevant to just about everyone else. Not all news is for everyone…

Amazon CloudWatch Launches Dynamic Labels on Dashboards – Didn’t various MRTG implementations and a bunch of other viz tools support this back in 2008 or so? Welcome to the party, CloudWatch. I’d say we’ve been waiting for you, but then I look around at the sheer number of large monitoring companies whose entire business model is “consuming you and making you understandable to humans” and realize that no–we really haven’t been waiting at all.

Amazon DynamoDB now supports tagging tables when you create them in the AWS GovCloud (US) Regions – This feature finally comes to GovCloud after a lengthy wait of–less than two months?! Are you kidding me?! You couldn’t tag on create DynamoDB tables until April of 2019?!

Amazon ElastiCache launches reader endpoints for Redis – Fascinating; they’ve had unified write endpoints for years now. I still prefer my approach: one giant machine with a single IP for reads and writes. What could possibly go wrong with that architecture?

Amazon MQ is Now Available in the Canada (Central) Region – In a stunning turn of events stereotypes get turned on their head as Canadians find AWS about to have to do a lot of apologizing to them.

Amazon Personalize Now Generally Available – Brought to you by the same folks who give those excellent product recommendations. “Hey, you just bought a TV; it’s time for a new TV perhaps?”

Amazon QuickSight launches multi-sheet dashboards, new visual types and more – But continues to fail to gain any traction whatsoever in the market as best we can tell from the outside. Meanwhile the big player in this space, Tableau, is in the midst of an attempted acquisition by Salesforce for $15.7 billion. It’s not that there’s no market for the product, it’s that QuickSight isn’t a great offering.

Amazon Rekognition Now Available in Four Additional AWS Regions – Note that long after Rekognition launched, it’s just now becoming available in a number of AWS regions–including us-west-1, Northern California. As a general rule, don’t use that region unless you absolutely must. It’s more expensive, it’s slow to get new features, and it’s generally not a terrific environment.

Amazon MSK is Now Integrated with AWS CloudFormation and Terraform – Whoa. Terraform support gets the headline? Is AWS growing as frustrated with CloudFormation’s haphazard approach to service support as the rest of us have been for ages? Fascinating!

AWS Amplify Console now supports AWS CloudFormation – I’ve been saying Amplify is a glimpse of the future for a while. “Oh yeah?!” sneers the CloudFormation team. “We’ll fix its little red wagon by tarring it with our service from the past!”

AWS CloudFormation updates for Amazon EC2, Amazon ECS, Amazon EFS, Amazon S3 and more – What, “CloudFormation now has some more stuff added” wasn’t a good enough headline? Someone’s phoning it in last week…

AWS CodeCommit Supports Two Additional Merge Strategies and Merge Conflict Resolution – Sadly my “YOLO-SLAM” merge strategy remains unsupported for another round of feature releases. I’m an absolute blast to work with if you’re an engineer.

Amazon Chime Achieves HIPAA Eligibility – Oh good. Amazon’s “it’s like Slack but without the customers” can now be used to share medical information. I can only imagine what some doctors’ offices internal chat system gossip must be filled with…

CloudEndure Migration is now available at no charge – CloudEndure was an AWS acquisition, and while I like that they’re making it free (it certainly aligns with their mission!), I have two issues here. First, is “enduring” a cloud migration really the marketing angle they want to go with? I mean, yes, it’s incredibly accurate, but it’s also a bit on the nose. Secondly, when contrasted with the cost of a cloud migration, any migration tool’s fee rounds down to “and nobody cared” territory.

Network Load Balancer is Now Available in Asia Pacific (Osaka) – Okay, what’s the deal with the Osaka-local region? Most AMs haven’t heard of it, you need special permission to turn it on in your AWS account, and I don’t pretend to understand the nuances. Help, please?

Amazon S3 Update – SigV2 Deprecation Period Extended & Modified | AWS News Blog – We’re approaching a point where deprecation dates are written by the Boy Who Cried Wolf. This makes three sunset date pushbacks in the past six weeks by my count… This isn’t doing anything good for AWS’s credibility when it announces a deprecation.

Understanding AWS Lambda behavior using Amazon CloudWatch Logs Insights | AWS Management Tools Blog – Unfortunately for everyone, understanding AWS Lambda Architecture remains out of reach for virtually all of us. I swear, those diagrams are like looking at a Boston street map.

Using AWS Cost Explorer to analyze data transfer costs | AWS Management Tools Blog – Of course the first step is “tag everything and then wait a while.” Every time I see a post like this I hope that they’ve fixed something with the billing system–and then I read it, and am disappointed anew.

Definitely not an AWS Security Profile: Corey Quinn, a “Cloud Economist” who doesn’t work here | AWS Security Blog – In which a new era dawns, and AWS’s security blog publishes an interview with me. I’m somewhat flabbergasted that they didn’t kill this idea long before publication. This was a lot of fun to do…


This handy thing dismisses dismisses those annoying AWS console notifications after about five seconds.

It’s worth mentioning Cloud Custodian again. It’s an automated rules engine for cloud accounts, letting you implement a variety of policies to cut costs, improve governance, and automatically remediate virtually anything you want.

This week’s issue is sponsored in part by GitPrime.

GitPrime’s new book draws together some of the most common software team dynamics, observed in working with hundreds of enterprise engineering organizations. Actionable insights to help you debug your development process with data. Get Your Copy.

… and that’s what happened Last Week in AWS.

Newsletter Footer

Sign up for Last Week in AWS

Stay up to date on the latest AWS news, opinions, and tools, all lovingly sprinkled with a bit of snark.

"*" indicates required fields

This field is for validation purposes and should be left unchanged.
Sponsor Icon Footer

Sponsor a Newsletter Issue

Reach over 30,000 discerning engineers, managers, and enthusiasts who actually care about the state of Amazon’s cloud ecosystems.