Welcome to issue number 86 of Last Week in AWS.Good morning, and welcome to re:Invent Week in Las Vegas. I’ve been here for two full days now, and will remain until Saturday due to a series of incredibly poor life choices. I’ll be on Twitter livetweeting the conference (@Quinnypig, my DMs are open), active in the Community Slack‘s #awsevents channel, and generally around throughout the week if you’d like to say hello. I have Last Week in AWS swag on me at all times, making this the worst scavenger hunt we’ve seen in years.

I’ll also be giving three talks on the expo floor, for which you don’t need to wait in line, make a reservation, etc; just show up! To wit:

The first is on Wednesday, at the Dev Theater at 3PM. I’m reprising my “The Myth of Multi-Cloud” talk, discussing why approaching a new environment with a multi-cloud mindset is one of the dumber things you could do. If you disagree, come argue with me during the Q&A!

The second is on Wednesday at 4PM at the CloudCheckr booth, where I’ll be giving a summary of the keynote announcements from that morning in the style of this newsletter. That runs from 4PM until AWS hurls me out the back door into a dumpster full of broken glass.

The third is on Thursday at the Stackery booth at 2PM, where I round up the announcements that didn’t make the keynote that you otherwise may have missed. By this time the AWS security folks will be recharging their tasers, and should leave us alone.

This week’s issue is sponsored by Cloudability. It turns out that cost optimization in AWS is a rapidly evolving field. As a result, they’re releasing the third edition of their book, Cloud Control. Newly updated for 2018, it covers recent enhancements to AWS’s tooling, RI options, and other minutae. They’re giving copies away at their booth, or you can grab a free ebook version. My thanks to them for their support of this newsletter.

Community Contributions

Last week I learned that there are differences between S3 signed URLs and CloudFront signed URLs. This week it can be your turn to learn that if you didn’t already know it.

An overview of Elastic Block Store makes for a nice refresher.

I wrote some thoughts on how I prepare for a conference talk. Warning: there’s no snark in this one. I figured I’d demonstrate versatility…

Hunting vanity IP addresses on AWS sounds like a fun exercise to play around with some of these concepts, but you’re going to need a good lie ready for when your friends and family ask you what you spent the week doing.

If you have a petabyte scale Elasticsearch cluster, optimal shard placement is a concern. My approach is generally to talk to CHAOSSEARCH instead…


Amazon CTO Werner “DJ Distributed” Vogels opines on the art of optimization with regard to Redshift.

Jeremy Daly, author of the excellent Off-By-None newsletter to which you should subscribe immediately, gives us a rapid-turnaround on a first look at the new Aurora Serverless Data API. I’m in awe of how quickly he got that out.

A great demo of using AWS to send a text message from a website. Note that I said “demo.” Don’t actually do this. Good lord…

I somehow missed this when it came out last month, but “let us buy the .amazon TLD and we’ll give you $5 million in Kindles and AWS credits” as a sincere offer to a sovereign nation reads like a joke I’d write, and then throw out because it was too farfetched.

There’s a community meetup later today (Monday!) at the Venetian. It’s at 10AM at spot number 11 on this map. I’ll be there. Will you?

This week’s issue is sponsored by DigitalOcean. This week, they’ve got a useful tip for those of us looking to shove an ELK stack into a Ubuntu image. As always, their technical tips are provider agnostic; use them on DigitalOcean, on AWS, or on… huh. I can’t think of a third. Thanks as always to DigialOcean for their support of this newsletter.

Choice Cuts From the AWS Blog

Amazon AppStream 2.0 Now Supports Dual Monitors and USB Peripherals through a Windows Client – At first I viewed this announcement in the same light as “DynamoDB now offers free 2-day shipping” or “t3 instances don’t include batteries when they arrive,” but then realized I was thinking of AppSync instead. If you’re streaming Windows applications, you can now do more with them.

Amazon CloudFront announces support for Origin Failover – After ten years of CloudFront, you can now fail over to a secondary origin when the first one goes down. That’s the kind of forward-thinking rapid iteration that customers have come to–I’m sorry, I can’t do this anymore. TEN YEARS?! For a feature that three junior engineers whiteboarding what a CDN might look like would throw up in the first ten minutes on the Kanban board?! For context, ten years ago the iPhone 3G had just been announced, netbooks were just becoming a thing, and Google Chrome was announced!

Amazon CloudFront announces support for the WebSocket protocol – You likely fall into one of two buckets here: “HOLY CRAP THAT’S INCREDIBLY HANDY” or “what’s a WebSocket?” Please be sure to enact sane permissions policies around those two buckets.

Amazon CloudWatch Introduces Automatic Dashboards to Monitor all AWS Resources – CloudWatch is apparently doing its level best to sunset all of the harsh truths I wrote about it last month. Great feature!

Amazon CloudWatch Launches Ability to Add Alarms on Metric Math Expressions – “Alexa, translate this headline to English.” “I’m sorry, I don’t speak ‘Wing Lish.'” “ENGLISH!” “CloudWatch now alerts you if your metrics exhibit sudden spikes or valleys without you having to crunch the numbers on your side.” “Thanks, Alexa.” “Adding Lamb Shanks to your Amazon Fresh cart.”

Amazon EC2 Elastic GPUs is now Amazon Elastic Graphics – What is Amazon doing with their attachable GPUs that referring to them as discrete GPUs is no longer tenable? AWS renames services post-release approximately never… I turned this line of inquiry into a deep-dive blog post into my view of AWS’s strategy; I suspect I’ll be proven right this week.

Amazon Neptune Now Supports HTTPS for Encrypted Client Connections – Wait. Neptune went GA back in May of this year. Did… did a service get released this year that communicates in cleartext?! I’m too flabbergasted to even snark about this. How does that happen?

Amazon Redshift announces Deferred Maintenance and Advance Event Notifications – I’m not sure why this is a big deal; I’ve been deferring maintenance on my car for a decade.

AWS CloudTrail Adds Support for AWS Organizations – Setting up CloudTrail between organizations is no longer a Sisyphean task–but it appears to still be one between regions. Maybe next time… For some unknowable reason, this feature isn’t deployed to all regions, either. I’m trying and failing to imagine the architectural restrictions that dictate this…

Celebrating the 10 year anniversary of Amazon CloudFront by launching six new Edge locations – Let’s pretend you want to celebrate the 10 year anniversary of a new service. Doesn’t “there are now 150 Points of Presence” make for a better round number headline than “we’ve added six new Edge locations about which virtually nobody cares?” That said, don’t feel bad CloudFront team; I have a large map on my office wall with a pin in every location just for you. I’m not kidding. I care.

Introducing AWS Systems Manager Distributor – You’re now no longer allowed to buy Systems Manager from AWS directly. Now, you need to find a local Systems Manager Wholesaler, who get it from Systems Manager Distributor.

Introducing Predictive Scaling for Amazon EC2 in AWS Auto Scaling – So there’s two ways to look at this. Either it works, and they’ve achieved something that’s borderline magical, or it doesn’t work and they’re released something that will damage AWS’s credibility. Both seem equally implausible to me. Can someone please take a look and let me know which it is?

Fall 2018 SOC reports now available with 73 services in scope | AWS Security Blog – More services are now in SOC scope. If you think this doesn’t matter, you’re not watching large company service adoption.

Simplify granting access to your AWS resources by using tags on AWS IAM users and roles | AWS Security Blog – An update to last week’s IAM support for tagging, this post explains why you might actually want such a thing. Thanks for slowing that one down for me, AWS Security Blog folks; I didn’t quite understand it the first time. (That’s sincere, incidentally. No sarcasm this time.)

Use AWS Secrets Manager client-side caching libraries to improve the availability and latency of using your secrets | AWS Security Blog – Secrets Manager’s core value proposition is in automatically rotating credentials for you. It now supports client-side caching, so you can hurl that benefit directly into the dumpster and make credential rotation inconsistent again.

This week’s issue is sponsored by GoCD from ThoughtWorks. Their open source community edition is fantastic; once you’ve started to run into exciting edge cases, it may be time to consider their enterprise edition as well. Take a free thirty day trial of GoCd Enterprise Support and see what value they can unlock for you. My thanks to them for their support of this newsletter.


If you want to upload multiple files to S3 at once, make them public (BE CAREFUL GOOD LORD PUBLIC MEANS EXACTLY WHAT YOU THINK IT DOES!), and get their URLs all in one command, then s3upload is what you want.

If you need to clean out your AWS account so you can finally stop getting that 22¢ a month bill for nobody-even-knows, consider awsweeper.

Amazon Transcribe is a lot of fun to play around with. For instance, it tells me that in his keynote last month Larry Ellison used the word “Amazon” exactly 100 times, without me having to sit through that insufferable thing. If you’d like to play with it, there’s now a simple serverless UI you can use to get started.

faas_measure is a framework for measuring cold start latency, IO/network throughput, and more in Lambda.

…and that’s what happened Last Week in AWS.

Newsletter Footer

Sign up for Last Week in AWS

Stay up to date on the latest AWS news, opinions, and tools, all lovingly sprinkled with a bit of snark.

"*" indicates required fields

This field is for validation purposes and should be left unchanged.
Sponsor Icon Footer

Sponsor a Newsletter Issue

Reach over 30,000 discerning engineers, managers, and enthusiasts who actually care about the state of Amazon’s cloud ecosystems.