Good Morning!

Welcome to issue number 134 of Last Week in AWS.

On Thursday I kicked off a twelve week networking feature on the AWS Morning Brief podcast. Every Thursday I’ll delve into an aspect of networking in the cloud; check it out if that sounds appealing. Be sure to give it 5 stars on iTunes, regardless of whether or not you enjoyed it. That’s how promotion works, right?

From the Community

Manifold allows you to sell your API-first products to the fast-growing communities on the planet. Whether you’re building a single SaaS product or you have a thriving cloud platform, Manifold has you covered. Find out how you can add your products to our catalog today. Learn more. Sponsored

I’m not quite sure what to make of AWS Database Decision; it’s a one page feature matrix between Aurora and DynamoDB.

An approachable walkthrough of just what AWS Lambda is for folks who aren’t quite sure.

QLDB now gets a Python driver, but no blog post to herald the feature. Shame…

A brief introduction to AWS Cloudformation.There’s no sensible way to avoid it…

Leave it to AWS to reInvent the wheel

A twelve minute read on how to aggregate logs between multiple AWS accounts. It’s a good plan.


If you’re considering a job change, check out a position below. Regardless of where you find it, you should definitely negotiate your salary. If I were to magically become employable, I’d immediately head to and talk to Josh Doody about it before saying anything further. He’s done this many times before, with a special emphasis on engineering roles at FAANG companies. He’s an artist when it comes to getting the best compensation possible without seeming greedy or losing the offer. He offers coaching, free articles, an ebook, and other things along the way. Check him out–and tell him Corey’s talking about him again.

Have you always wanted to improve and enhance the AWS console? Now you have a better way to get this done than just hitting the feedback button – the team behind Resource Groups & Tag Editor is hiring both engineers and a manager for their console team, based in Berlin, Germany.

This week sees a new series of roles from ThousandEyes. I’ll have more to announce on my Twitter feed about ThousandEyes this Thursday, but having been to their office and talked with their staff, a few things stood out. Most notably, they’re a startup (so each person has massive impact) while focusing on global-scale problems. Notably, their retention rate is sky-high and people don’t have that dead look in their eyes that so many startup employees seem to. Check them out; they’d make my short-list of places to work if I were employable.

Choice Cuts

Ever wonder if AWS Global Accelerator actually out-performs the internet? ThousandEyes has run the tests and they’ve got the data. Sign up for this livestreamed launch event to hear the findings of the second annual Public Cloud Benchmark where you’ll learn how AWS, Azure, GCP, Alibaba Cloud or IBM stack up. Oracle Cloud wasn’t included due to ThousandEyes’s onerous “you must have actual customers” requirement. Sponsored

Amazon Chime now supports an in-room experience on Dolby Voice Room – We learn from this that Amazon uses Dolby Voice Rooms, since we at the Duckbill Group do not, and we’re Chime’s only other customer.

Amazon ElastiCache announces support for modifying Redis authentication tokens – Pfft, that’s nothing. With the insecure Redis cluster I manage myself anyone on the internet can modify my Redis authentication tokens.

Amazon ElastiCache now supports online data migration from Redis on Amazon EC2 – …but why would I do that, in light of the previous item?

Amazon RDS for PostgreSQL Supports User Authentication with Kerberos and Microsoft Active Directory – If your answer to “what stack do you use” is horrifying enough to awaken an elder god from the bottom of the sea, this release is for you.

Amazon RDS for Oracle adds support to invoke EMCTL commands for Oracle Enterprise Manager Cloud Control – One Oracle product can now communicate with another Oracle branded product and that’s apparently newsworthy.

Amazon SES is Now Available in Three Additional AWS Regions – Doubling the region number to six! It might be worth mentioning that SES launched in beta in January of 2011.

Announcing Image Scanning for Amazon ECR – This leverages the open source CoreOS Clair project. If your entire business was built around doing exactly this but nothing else and now finds itself in trouble, I have sympathy–but I also have to wonder how you didn’t see this coming.

AWS Certificate Manager (ACM) Private Certificate Authority (CA) now enforces name constraints in imported CA certificates – This means you can restrict certain names for your internal certs. So if you issue a cert internally at Amazon for, you can ensure that nobody within that corporate domain can ever speak to

AWS CodeStar Enables Automating Toolchain Setup Through CloudFormation – You can now do in CloudFormation what you previously had to do by hand. You can also create the initial commit for your repository through CloudFormation, which means that CloudFormation can now commit to git. Just let the horror of that possibility sink in.

AWS Elastic Beanstalk Adds Support for PHP 7.3 and .NET Core 3.0 – Remember the days of using PHP and .NET? Feels like a long time ago. Remember back to those halcyon days, when Beanstalk was also a product that mattered.

AWS for WordPress plugin now available and with new Amazon CloudFront workflow – You’ve gotta be kidding me. WordPress hasn’t been cool technology since… since… since the start of this CloudFront distribution update. Ohhh. Latency is a killer.

AWS Global Accelerator Now Supports EC2 Instance Endpoints – …and should be turned off due to its contributions to climate change. I assume. I’m just going off the name here, which sounds about as dangerous as the Microsoft Reactor.

AWS Secrets Manager now supports larger size for secrets and resource polices and higher request rate for GetSecretValue API – My favorite replacement database for DynamoDB now supports larger records and more!

AWS Service Catalog enables transfer of provisioned product ownership – Someday maybe we can transition other products to AWS accounts too. EC2 instances, S3 buckets, responsibility for a data breach, etc.

AWS Snowball Edge now supports volume sizes of up to 10 TB – I’d make a dirty joke here, but everything I can think of is just too Snowball Edgy.

Amazon AppStream 2.0 adds support for embedding streaming sessions within websites – A terrific enhancement for AppStream, but a terrific blow for websites now that even more crap can be shoved into them.

Amazon S3 Inventory now reports the Intelligent-tiering access tier for objects – The opaque black box of S3 objects becomes ever so slightly less opaque. It comes at a cost, albeit a manageable one: every 4 million objects costs a penny.

Amazon CloudFront in China announces support for AWS CloudFormation and real-time metrics in Amazon CloudWatch – I do get that China is a completely modern country, but from their AWS service announcements I can’t shake the feeling that it’s a bit like traveling into the past.

In the Works – AWS Region in Spain | AWS News Blog – The rain in Spain will soon fall mainly on the control plane.

Setting up a CI/CD pipeline by integrating Jenkins with AWS CodeBuild and AWS CodeDeploy | AWS DevOps Blog – “Integrate our tooling with its much better known competitor” isn’t really a sign that the service is seeing huge uptake to my mind…


It’s 2AM and your site just broke. Are you awake? No–at best you’re awakish. This week’s issue is sponsored by Awakish, a website monitoring tool that tells you when your site or application is down. It’s got an internal collector that lets you get HTTP/S monitoring for service within your environment, at a compelling pricepoint. Check them out with a credit-cardless free trial at Sponsored

A handy way to track down the crappy Availability Zones in various regions. You know exactly what I’m talking about, AWS–the ones without modern instance family availability.

A Ruby on Rails provisioner for containers has been made available by AWS themselves.

If you need to switch between accounts using a Yubikey / two Y’allbikey / everyone’s using All Y’allbikey, awsu is a good way to do it.

A handy tool to paper over a service gap, this Lambda function copies newly-confirmed users from Cognito over to DynamoDB where you can actually do something with them.

A one-node ECS cluster for less than $5.

… and that’s what happened Last Week in AWS.

Newsletter Footer

Sign up for Last Week in AWS

Stay up to date on the latest AWS news, opinions, and tools, all lovingly sprinkled with a bit of snark.

"*" indicates required fields

This field is for validation purposes and should be left unchanged.
Sponsor Icon Footer

Sponsor a Newsletter Issue

Reach over 30,000 discerning engineers, managers, and enthusiasts who actually care about the state of Amazon’s cloud ecosystems.