Okay, a bit of a busy personal update this week– here we go!
Today I’m in in Boston to speak at DevOps Days shortly after this email goes out– “The Silence of the Lambdas: Terrible Ideas in AWS Lambda” is a new talk. For fun, I’ll be attempting to livetweet my own talk. If you manage to catch it, please be sure to tell me how I can improve it for next time.
If you’re in Seattle (“Cloud City”), I’ll be hosting an impromptu meetup / gathering / party at 7PM this Thursday at Zocalo; hit reply and let me know if you’ll be dropping by so we know how many to expect.
This week’s issue is sponsored by Cloudify:
Cloudify and IOD Cloud Technologies are excited to share the first ever State of Enterprise Multi-Cloud report. This global survey of 683 IT professionals reveals remarkable diversity of cloud infrastructure, tooling, and culture. The survey shows some very interesting results, for example, nearly one in ten organizations has deployments across five clouds or more. Attend the Sep 19 webinar hosted by IOD Cloud Technologies Research for a deep dive into the survey results.
Also, read about how one engineer created an Alexa skill in conjunction with AWS Lambda to communicate with Cloudify.
Community Contributions
And lastly in personal news, I was named Community Lead for the excellent Open Guide to AWS. I’m humbled and honored to be a part of this amazing resource; thank you to everyone who’s read, contributed, and offered suggestions for how to improve it.
AWSgeek did a deep dive into the AWS Web Application Firewall with a sketchnote style drawing. This is just gorgeous, and makes me wish I knew how to draw.
Last week saw the release of a clever way to debug Lambda functions live. A bit of infrastructure is required to use this, but it’s a great step forward towards getting realtime debug information from your serverless environments.
A thoughtful article on what Dropbox migrated away from AWS to their own datacenters. Migrations at that scale are always difficult– and the business challenges make the technical issues look simply adorable.
AWS can now host the US Department of Defense’s most sensitive data. I presume this is also how they store other highly sensitive data such as their 3 year product roadmap, the master passwords for every AWS service, and the documentation that makes CloudFormation understandable.
A wonderful post by a Lyft summer intern about how they worked around AWS complexity issues with SaltStack patterns. The tooling is less important here than the approach– biasing for simplicity opens many opportunities.
The us-east–1 (“standard region” or “us-tirefire–1” depending upon nomenclature) S3 service took a (partial outage)[https://www.theregister.co.uk/2017/09/15/aws_brownout/?utm_source=lastweekinaws&utm_medium=email] for over an hour this week.
This step by step guide shows how to send SMS messages via SNS and Python instead of the more commonly used Twilio integrations. A handy walkthrough to a service that’s increasingly omnipresent; SNS is the piping in the “AWS-as-Plumbing” analogy. The billing system is of course the metaphorical toilet; state law requires that AWS employees wash their hands before continuing.
Remind Engineering explains how they use CloudTrail to debug IAM permission issues– just in time for AWS to make this easier themselves (see below).
The Time I Got Drunk On S3 is a glorious title for a glorious article about the sharp edges and gotchas behind S3. Watch out for the hangover…
Some people say that SQL is the chess of the programming world. Michael Burge has no time for your idle observations– he’s been busy injecting a chess engine into RedShift to play games with your production database. Maybe this isn’t the thing you demo when the auditors are visiting…
Choice Cuts From the AWS Blog
AWS IAM Policy Summaries Now Help You Identify Errors and Correct Permissions in Your IAM Policies – Now IAM Policy Summaries tell you what’s broken about your IAM policies, rather than giggling to themselves and waiting for your attempt to fail. Casualties so far include Remind’s blog post linked above.
Amazon API Gateway Now Supports Enhanced Request Authorizers – I was going to build out a new dingus with API gateway (and then blog about it; you’ll see it here sooner or later), and in typical fashion AWS built a thing I was going to have to write. Fortunately, I’m wise to their ways and escaped the trap by procrastinating irresponsibly.
Monitoring Amazon Aurora Audit Events with Amazon CloudWatch | AWS Database Blog – You can now send Aurora audit events to CloudWatch, which then gets sent to a veritable Rube Goldberg assortment of various metric consumers and alerting subsystems. Ideally you’ll eventually be notified of events to be aware of. Maybe. Provided none of 15 components break or delay your messages.
Prime Day 2017 – Powered by AWS – Jeff Barr gives his annual statistical breakdown of what traffic volumes various AWS services handled to service Prime Day. These numbers are boggling– it’s incredible what goes in to letting me order drink umbrellas on a whim.
AWS BUILD ON – Amazon has launched a new “Build On AWS” campaign, and begun advertising it all over the place– including Chicago’s Union Station in what appears to be a doomed effort to attempt to… teach Americans how to queue.
Agenda | AWS re:Invent – The re:invent agenda has gone live. Time to begin aspirationally planning which sessions you want to attend but will skip at the last minute in favor of getting a cup of coffee.
Tools
Programmatically draw designs of your AWS architecture with AWS-PlantUML. It takes a bit to get the hang of this, but I like the potential for building current architecture diagrams automatically on CloudFormation or Terraform runs– or inversely building configurations based on dragging and dropping icons.
S3tk is a lightweight and extensible security scanner for S3 bucket permissions. This would be an excellent thing to shove into a Lambda function to run periodically, or on S3 bucket creation.
Here’s a fun Slack integration that lets you query resources in your AWS account from the convenience of a Slack channel. Documentation is pretty sparse at the moment, so I’d suggest being extremely careful with the permissions you grant this integration.
It’s Spot Pricing’s turn to have some machine learning buzzword magic sprinkled on top of it. Spot Price Machine Learning identifies “deals” in the Spot Market, and makes recommendations for bid prices.
Tip of the Week
Fernando Miguel asked a thought-provoking question on Twitter last week: “Who backs up their SaaS data?” This leads to a few great questions to ask yourself. Dropbox, Github, a single S3 bucket, an entire AWS account, Salesforce, etc… if any one of these things suffers a data loss incident, how hard would it be for your organization to recover? “Well every git checkout is a full copy of the history so I’m set” covers your source code, but what about PRs and Issues, discussions about features, and any wiki pages you have set up?
It may be worth exploring these questions.
…and that’s what happened Last Week in AWS.