Good Morning!

Welcome to issue 161 of Last Week in AWS. This week sees the AWS Online Summit, in which we see if AWS goes for a bewildering array of new service releases, a more modest set of improvements to existing offerings, or something else entirely.

I’ll be around for it!

From the Community

“[there are] a lot of steps in maintaining compliance and adhering to requirements… [for] managing data around personal health information and personal identification information… obviously we want to provide the lowest cost solution for our customers…” – Josh Hull, SRE Lead, Clover Health

System optimization, improved resiliency and stability, affordability—all key reasons Clover Health relies on Honeycomb for observability. In Get Started: Build One SLO, SRE Lead Josh Hull shares how easy it was to get started and see right away where they could optimize, improve user experience, and solve incidents faster. Watch the webcast (and demo!) or read the transcript. Sponsored

An introduction to AWS Networking 101. I learned some things–it’s deeper than the “101” title would have you believe.

A passwordless server run by NSO Group sparks contact-tracing privacy concerns | TechCrunch – empty

“It’s very important to AWS that the world know and understand that Zoom’s deal with Oracle is net new, NOT a replacement of their existing AWS workloads. Also, please pay no attention to the disparity in data transfer pricing for a service that does realtime video for half the planet.”

HPE (motto: “It’s all been downhill since we stopped making the good LaserJet printers”) launched a “Cloudless” marketing campaign last year. The internet successfully cyber-bullied them over it so hard that their #2 fled to go run AWS in APAC. I count that as a win.

Trek10 (motto: “We’re Trek9 now that Forrest Brazeal changed companies”) has a post on three guiding principles for building SaaS products on AWS.

AWS engineer Samuel Karp takes us on a video deep dive into madness with Linux Container Primitives: cgroups, namespaces, and more.


If you’ve got an interesting job for this newsletter’s eminently employable subscribers, get in touch!

No one likes managing EC2 instances, so you might like managing the team that replaces them with containers. That’s right, the Fargate team is hiring three Software Development Managers. People-focused servant-leaders are encouraged to apply. Help bring about an end to the Serverless vs. Containers war that doesn’t need to be fought in the first place. One last point: every team at AWS has internal principles that embody their culture, but this team publishes theirs on GitHub. I wonder how they’d take pull requests?

Choice Cuts

Blue Matador is the easiest way to start fully monitoring your AWS infrastructure. Getting AWS Cloud monitoring set up for the first time is manual and cumbersome, requiring significant time and toil with a typical infrastructure monitoring tool. Blue Matador removes the burden of a complicated setup—just hand it your AWS read-only credentials, and in minutes, it tracks resources, detects baselines, manages thresholds, and sends you insights. Try Blue Matador free for 14 days. We’re so confident you’ll love it that we’re giving $100 to try it. Sponsored

Add enriched metadata to Amazon VPC flow logs published to CloudWatch Logs and S3 – “What the hell is my app doing” is no longer the same, now that it doesn’t require a scavenger hunt through four separate AWS service consoles to isolate what a particular flow includes.

Amazon Chime adds new policies to govern meeting access – I’m sad to report that my days of sneaking in to online AWS meetings and pretending that I belong there have come to an end.

Amazon CloudWatch Logs Insights now allows you to save queries – Another opportunity presents itself to mess with your coworkers. These queries are account-wide, so amuse and delight them by making them ask “what on earth is this query,” then horrify them when they figure out what data it’s pulling up.

Amazon CloudWatch now monitors Prometheus metrics – Now in Beta – If you use this, please be remarkably careful with how you set it up to avoid some billing… unpleasantness; otherwise it won’t just be Prometheus chained to a rock while an eagle tears out his liver…

Amazon CodeGuru Reviewer announces pull request dashboard – There’s a spectrum of customer respect. There’s customer obsession, then there’s ignoring your customers, then there’s actively insulting your customers, and then all the way at the far end we have this line from the release announcement: “To contact the team visit the Amazon CodeGuru developer forum.”

Amazon Comprehend Medical is now available in the AWS GovCloud (US-West) Region – empty

Amazon EC2 now supports aliases for Amazon Machine Images (AMIs) – And of course some of you sadists have already started naming some of those AMIs “Amy.”

Amazon Lightsail firewall now supports source-IP based rules and PING – I… wait, why is AWS capitalizing “PING” like it’s an acronym? It isn’t. In fact Wikipedia states “The acronym Packet InterNet Groper for PING has been used for over 30 years, and although Muuss says that from his point of view PING was not intended as an acronym, he has acknowledged Mills’ expansion of the name.” So ping’s author states it’s not an acronym, but chooses not to fight it (I don’t understand some people’s lifestyle choices). So… why is AWS spelling it this way? If they wanted to be pedantic they’d instead refer to it as “ICMP type 8 echo requests” and alienate everybody, but no. They’re just picking a very esoteric spelling that nobody accepts and working into feature releases solely to mess with me. Well I’m onto your game AWS, I see you! You won’t fool me that easily– BBZZZRT

Amazon S3 Batch Operations adds support for S3 Object Lock – By the time you’re applying legal holds to individual S3 objects in bulk, your day has just been absolutely ruined.

Announcing higher EBS and Networking performance and 1-year reservation purchase option on Amazon EC2 High Memory Instances – “High Memory Instances” is a charitable term for these multi-TB monstrosities. Their names are just long random strings that feel like dumps of their collective firmware, so even AWS gave up on mispronouncing them.

Announcing new query monitoring capabilities in the Amazon Redshift console – It’s great that the RedShift console now flags the expensive queries you’re running, but the “Please run more like this one so I can buy a boat!” tooltip is a bit much.

Announcing Route Analyzer in AWS Transit Gateway Network Manager – “Why is TCP terminating on the floor” is now presumably answered without four hours on the phone speaking to an overworked professional.

AWS Elemental MediaLive adds content delivery flexibility with three new capabilities – empty

AWS Step Functions now supports AWS CodeBuild service integration – …wherein your crappy CI/CD practices turn them instead to AWS Stomp Functions.

AWS Systems Manager Explorer now provides a multi-account summary of Trusted Advisor checks – Once again a terrible name within Systems Manager. I’d call this rough roundup of Trusted Advisor checks “Plausible Advisor” if it were up to me.

AWS Trusted Advisor adds 5 Cost Optimization checks – …and they all come down to reserved capacity recommendations at a time when nobody knows what next week is going to look like.

Introducing Amazon RDS Ready Partners – A major problem with RDS gets fixed: vendors weren’t able to sell you things easily to bolt onto it.

Introducing AWS Elemental Media Event Management – empty

Introducing AWS Trusted Advisor Explorer – Last year AWS signed a partnership with Ford; it was unclear what Ford got in return. Now we know: naming rights to an AWS service.

Introducing the new AWS SaaS Competency – There are now additional boxes to check for all of those AWS Consulting Partners left twiddling their thumbs during the downturn.

Neptune Streams feature is now available outside of lab mode – This is a forward-looking feature for the day when someone will need a graph database outside of a test lab.

NoSQL Workbench for DynamoDB adds support for Linux – Amazon releases a Linux desktop application that doesn’t support Amazon Linux.

EC2 Price Reduction – For EC2 Instance Saving Plans and Standard Reserved Instances | AWS News Blog – empty

General Availability of UltraWarm for Amazon Elasticsearch Service | AWS News Blog – I made fun of ChaosSearch for spelling their company name CHAOSSEARCH and they fixed it. I make fun of AWS for their naming foibles and they double down with terms like “UltraWarm.”

New – AWS Elemental Link – Deliver Live Video to the Cloud for Events & Streams | AWS News Blog – Live Video now comes with free two-day shipping.

90%+ price reduction for AWS IoT Jobs, Globally Available | AWS News Blog – Price cuts are great things, but it’s hard to read “a 90%+ price reduction” as anything other than a tacit admission that they biffed it on the pricing model.

Manage your Oracle JDK licenses with AWS License Manager | AWS Management & Governance Blog – empty

How to optimize assessment of cloud services | AWS Management & Governance Blog – empty


Running a business is hard. Your cloud doesn’t have to be. DigitalOcean is the cloud that offers transparent, predictable pricing – even for Kubernetes clusters, which you’d have thought was impossible! You also won’t need 12 weeks of cloud school to absorb a zillion ancillary services just to be able to SSH into an instance. Is this the kind of simplicity you need out of your cloud provider? Check out DigitalOcean today. Sponsored

An IAM policy generator sounds like something AWS should build, so of course a third party had to do it instead.

A tool that explains what the hell your permissions allow comes from SalesForce (motto: “Proud sponsor of the San Francisco SalesForce Bus Station!”) and is appropriately named cloudsplaining.

… and that’s what happened Last Week in AWS.

Newsletter Footer

Sign up for Last Week in AWS

Stay up to date on the latest AWS news, opinions, and tools, all lovingly sprinkled with a bit of snark.

"*" indicates required fields

This field is for validation purposes and should be left unchanged.
Sponsor Icon Footer

Sponsor a Newsletter Issue

Reach over 30,000 discerning engineers, managers, and enthusiasts who actually care about the state of Amazon’s cloud ecosystems.