Good Morning!

I’m gone this week on vacation for parts unknown; try not to burn down the cloud while I’m away.

My annual reader survey is still open until the end of this week. I’d appreciate it if you took a few minutes to give me your thoughts!

Now here’s what happened last week:

From the Community

Logs, events and traces… oh my!! The continuing growth in data has engineering and devops teams scrambling to control costs while meeting demands for more insights. Longer data retention drives improved observability, security and application  insights – so not keeping data creates real risks. Join ChaosSearch for our webinar on June 22nd, as we share insights from a recent audience poll on data growth challenges, the impact of Generative AI and more!

DNSocial is a social feed that uses that most magical of databases, DNS TXT records.

Because AWS egress is horrible, Aidan Steele wrote freedata to possibly give you free 10mb egress by using Systems Manager Session Manager and Tailscale as an end run around AWS’s poor choices.

Well okay; I didn’t pick this fight but I will absolutely wade into it. A company called "Statusgator" penned an analysis that asks and answers the rhetorical question "Is Northern Virginia Really the Least Reliable AWS Region And Why?" When you have a name like that I kinda assume you’ve got a couple of neurons to bang together to reason about uptime reporting being a Hard Problem. Their "methodology," if you want to be generous and call it that, is they counted the number of outages on the official AWS status page and said that since the most happened in us-east-1, it was therefore the least reliable region. This is a poor approach. us-east-1 is ~100 distinct facilities or so, and outages in one part of the environment leave some customers impacted, but many more completely untouched. At AWS scale, the question is really "how down is this service," rather than treating it as a binary pass/fail. Reporting on this stuff on a dashboard is a Hard Problem. I promise you, all of the regions listed as having 0 outages in 2022 absolutely had outages. Further, there are still services that single-track through us-east-1, so outages there cause control plane issues that are felt disproportionately. Lastly, any service can have issues that impact YOU, but leave my workloads in the same availability zone completely unaffected. This post makes a series of very common status monitoring errors, and while I can forgive it coming from engineers and journalists, I do expect more from companies who purport to do status monitoring as their core business.

put out a big strutting press release – As a patient, I fled to Carbon Health when Amazon bought One Medical, because if I wanted to talk about my genitals with Amazon employees I would simply take a job as one of their crappier, more problematic managers. I do not. A number of other people have done the same thing. So of course Carbon Health talking about how they’re using Amazon Transcribe on the backend for sending doctors’ notes to The Cloud. I used to think I was good at Public Relations, but I’m not; it’s just that so many of these companies are so incredibly eye-poppingly bad at it that I look great by comparison.

Amazon is pursuing ‘too many ideas,’ Bernstein says in open letter, forgetting that they wanted Jeff Bezos to stop messing around with this "AWS" thing in 2006. Now they want Amazon to focus on finding the next AWS, forgetting exactly how they achieved that the first time. And of course, there’s nothing that says "I am a person of influence and power" like having to resort to writing an open letter rather than having the access needed to just call Andy Jassy directly to share your thoughts.

AWS Says It’s Never Seen a Whole Data Center Go Down says this article from 2018, as AWS apparently felt the need to stand atop a mountain during a thunderstorm holding a large metal pole while cursing God.

It brings me no joy (okay, some small amount of joy) to release what is hopefully the last installment in my 17 Ways to Run Containers series–but one of you already sent me a service the previous three have missed so perhaps not.

I had a few drinks with Xe at Tailscale Up last week. They are exactly my type of cynical nerd, "one thing led to another," and now they’ve decreed anything can be a message queue if you use it wrongly enough and thus devised a way to use S3 as a form of TCP transport in order to evade cross-AZ and Managed NAT Gateway charges. Is this horrifying? Yes. Is it intensely disappointing that AWS’s data transfer posture causes people to resort to this kind of thing? Also yes.


Last Week In AWS: 17 Final Ways to Run Containers on AWS

Last Week In AWS: A Hole in the S3 Buckets

Last Week In AWS: Rated R for Ridiculousness

Screaming in the Cloud: Centralizing Cloud Security Breach Information with Chris Farris

Screaming in the Cloud: Getting Paid What You’re Worth with Josh Doody

Choice Cuts

Auth. Built for devs, by devs. FusionAuth is the customer authentication and authorization platform that makes developers’ lives awesome. You’ll get all the features your app needs like login, registration, SSO, and MFA, plus a customizable, scalable solution you can run on any computer, anywhere in the world. Get started for free.

AWS CloudTrail Lake now supports selective start or stop ingestion of CloudTrail events – Ooh, this just got a lot more cost effective for some folks. I love this service.

AWS Glue for Ray is now generally available – AWS increases its micro-segment service targeting. Route 53 for Corey is great, but Systems Manager Parameter Store for Sharon is just goofy.

AWS Lambda adds support for Ruby 3.2 – Whoa, they’re ahead of the game; this version has almost three years before it goes EOL!

AWS Mainframe Modernization service is now HIPAA eligible – If your medical workload is running on a mainframe in 2023 I have to assume your treatment protocol includes leeches, and has compliance concerns centered around avoiding accusations of witchcraft.

(Note that some modern medical protocols do in fact include leeches for limb reattachment; it’s called hirudotherapy. Those people probably aren’t on mainframes.)

Announcing AWS Snowblade for U.S Department of Defense JWCC customers – And only those customers, because this thing is either plutonium powered or is priced as if it were.

AWS Trusted Advisor adds new checks for Amazon EFS – Oh good, a computer can give inane and possibly harmful contradictory advice about a service I really like. In case you missed it, I neither like nor respect Trusted Advisor ever since it recommended I buy a RI for an EC2 instance, rightsize it to be smaller, and turn it off entirely–then counted the savings for all three of those different mutually exclusive options.

Announcing the general availability of AWS Database Migration Service Serverless – "Service Serverless" you say? I wish AWS would stop using the word since it very clearly doesn’t care what it means to customers and are weakening it massively.

Announcing Live Tail in Amazon CloudWatch Logs, providing real-time exploration of logs – Announcing tail -f as a service, wherein it costs you a penny per minute to use after a fairly generous 1800 minutes a month perpetual free tier. I’m unreasonably happy about this; it’s how I use CloudWatch Logs myself at least 95% of the time.

AWS announces scripts to bulk updates policies per new AWS Billing and Cost Management permissions – Oh you… you’ve been screaming about these permissions for ages, making people migrate them manually, and only now do you release an automated tool to make this easy on us? I need a minute or I’m going to say something uncharitable here.

Drug Analyzer on AWS Provides Analytics That Inform Treatment Decisions and Support New Therapies – This is your brain. This is your brain on drugs. This is your brain on an AWS bill. I bet you miss the drugs now.

A New Set of APIs for Amazon SQS Dead-Letter Queue Redrive – This is your brain. This is your brain on drugs. This is your brain on an AWS bill. I bet you miss the drugs now.

Selecting cost effective capacity reservations for your business-critical workloads on Amazon EC2 – Okay, I read this article twice and I still do not understand why someone would purchase an on-demand capacity reservation. It costs the same as the running instance charge, so why not have the instance up and running on-demand?

Announcing Container Image Signing with AWS Signer and Amazon EKS – All of my containers are signed with "STOP" because my code is atrocious.

How to deploy workloads in a multicloud environment with AWS developer tools – If you’re using multiple clouds for the same workload (don’t), you’re presumably using the best each cloud has to offer. If you’re doing that, then why in creation would you use AWS’s CI/CD tooling instead of either Google’s or Azure’s?

How businesses can gain ecommerce capabilities to increase sales – Did you know you can sell things on the internet now?! Thanks AWS; I had no idea!

A Guide to Maintaining a Healthy Email Database – I’ve gotten the same email from AWS 30 times, and am frequently referred to as working for "Duckbill Group – DND Ring Fence" in emails from my account team, but please, go off.

Using Amazon IVS for turnkey town halls – Democracy is very, very far from free when you get IVS in the mix.

AWS’s long-term commitment to Virginia – Well you have over $50 billion invested there so far in terms of hardware that you can’t exactly stuff into a shipping container and move elsewhere, so anyone who thinks AWS isn’t committed to Virginia is a fool. Enter the local politicians who are convinced you’ll pull out if you aren’t given enormous tax breaks…

How AWS data centers reuse retired hardware – Huh, this is fascinating. There are several more steps than I thought between "time to decommission this hardware" and AWS throwing the server chassis into the ocean as if it were a car battery.


One view to see them all! Kentik provides Cloud and NetOps teams with complete visibility into hybrid and multi-cloud networks. Ensure an amazing customer experience, reduce cloud and network costs, and optimize performance at scale — from internet to data center to container to cloud. Learn how you can get control of complex cloud networks at

I like Tailscale and Lambda, so using Lamby to combine the two for a live development proxy is awesome. This largely sunsets my historical Tailscale Lambda Layer that I built and open sourced.

… and that’s what happened Last Week in AWS.

Newsletter Footer

Sign up for Last Week in AWS

Stay up to date on the latest AWS news, opinions, and tools, all lovingly sprinkled with a bit of snark.

"*" indicates required fields

This field is for validation purposes and should be left unchanged.
Sponsor Icon Footer

Sponsor a Newsletter Issue

Reach over 30,000 discerning engineers, managers, and enthusiasts who actually care about the state of Amazon’s cloud ecosystems.