Good morning!

Welcome to issue number 131 of Last Week in AWS.

EYEBALLS HERE, PLEASE: You’ve got just a bit over 12 hours to get your 2019 “AMI or AMI?” Charity T-Shirt before they’re gone forever. Donate to a great cause while you tell the world, “I’m a hep cat in the know!” or “I work for AWS and don’t know any better.” Get yours now, or forever hold your peace. We’ll be seeing these puppies selling at 400x markup on eBay by next year if Amazon doesn’t drive them out of business and into the sea before then.

From the Community

Making your logs easy to query, filter, and visualize is the first step on the path to observability. Check out our guide, The Path from Unstructured Logs to Observability, to learn how to instrument logs a little at a time and make useful progress. With Honeycomb, on-call teams have the knowledge they need to make the best decisions for themselves and the business. Everyone wins. Sponsored

A delightfully exciting failure mode in CloudFormation causes all manner of issues if you didn’t know about it.

When someone picks a product from AWS–say, Redshift–and writes an article about their experiences, I’m interested. When they title it “The Redshift Hate Log,” I’m riveted and of course I’m including it here.

A study into the effects of AWS traffic engineering and how that presents to customer applications.

Terraform or CloudFormation? “After using both, I regretted switching from Terraform to CloudFormation.”

$100K monthly bill – A story of a company who launched an MVP on top of AWS, incurred a , and now is apparently migrating to Azure as if that will somehow make things better.

The re:Invent schedule builder is so bad that someone had to build Re: re:Invent instead to make it something a human could actually use. It’s pretty clear that “Frugality” won the day when it comes to the existing re:Invent session finder.

A handy guide on how to ruin someone’s day if they’re using API Gateway and haven’t taken some significant steps to set rate limits per method.

A deep dive into blowing your hands off with Firecracker.

An explanation of AWS Transfer for SFTP, along with a VPC use case.

A security company used persistent AWS API keys instead of instance roles and posted a very thorough post-mortem. They kinda have to if they ever want to get another customer.


If you’ve got an interesting job for this newsletter’s eminently employable subscribers, get in touch!

While this week’s AWS team is super new it is run by AWS veterans out of Berlin, Germany. Gesundheit! The team explores uncharted ways on how software teams will turn their ideas into well working and deployed source code at scale. If you want to join a new, fun, and inclusive team, they look for a product manager, backend, and frontend developers.

Choice Cuts

Originally my plan for this week was to tell you how difficult it was to run ElasticSearch yourself, and recommend CHAOSSEARCH( Then on Friday this brutal takedown of Amazon ElasticSearch came out and it tells the story far, far better than I could. Using CHAOSSEARCH means that none of that applies to you. An ElasticSearch compatible API, with data that lives in S3. Check them out; my thanks to them for sponsoring this issue. Sponsored

Amazon Cognito Increases CloudFormation Support – It freaking needed to.

Amazon EventBridge now supports AWS CloudFormation – Just shy of three months after going GA, EventBridge becomes something you can use for responsible Serverless deployments instead of just screwing around with it in the console.

Amazon Pinpoint Adds Support for Message Templates – It’s nice to see Pinpoint come out of its long hibernation. Someday people might even read these LWIA updates about it without having to click the link to see if it’s real, or a service I made up to see who’d call me on it.

Amazon RDS Enables Detailed Backup Storage Billing – Tying backups back to the RDS instance from which they came is important enough that I’m surprised it took this long to launch.

Amazon Redshift introduces AZ64, a new compression encoding for optimized storage and high query performance – BREAKING: AWS develops compression algorithm for experience!

AWS Chatbot Now Supports Notifications from AWS Config – “Do you ever wonder about the ephemeral nature of reality? About what it all means? And why we only ever have these deep conversations at times like this, in the middle of the night? By the way, you have an unencrypted EBS volume in your AWS account.” “For God’s sake, Slackbot; it’s 3AM. GO TO SLEEP!”

AWS Console Mobile Application Launches Federated Login for iOS – I’ve tested it, and it works. Unfortunately there are maybe six services you can do a couple of things with from the app, so I’d sooner see a mobile-friendly redesign of the AWS Console.

AWS Direct Connect Announces Resiliency Toolkit to Help Customers Order Resilient Connectivity to AWS – You can now easily have multiple connections to your single server in a rack with a dodgy power supply. Box checked!

AWS IoT Core Adds the Ability to Retrieve Data from DynamoDB using Rule SQL – “NO!” shrieks the DynamoDB team.” “It’s called NoSQL for a reason! This is heresy!” Meanwhile I’m over here running Route 53 as a database and chortling.

AWS Snowball Edge now supports offline software updates for Snowball Edge devices in air-gapped environments – To begin the process of updating your Snowball Edge, please insert floppy disk 1 of 67,000.

New AWS Public Datasets Available from Audi, MIT, Allen Institute for Cell Science, Finnish Meteorological Institute, and others – This is neat enough that I won’t even snark about it. Good job, AWS.

New Training Courses Teach New APN Partners to Better Help Their Customers – These are great! I love that these courses cover important topics such as “not spitting on customers,” “only insult the customer behind their back,” and “If AWS didn’t see it, you didn’t do it.”

Now Available: Amazon EC2 High Memory Instances with up to 24 TB of memory, Purpose-built to Run Large In-memory Databases, like SAP HANA – I struggle to imagine a world in which needing 24TB of memory for a single application makes that application seem even slightly appealing.

Now Available: Bare Metal Arm-Based EC2 Instances | AWS News Blog – Finally, some respect for our right to Bare Metal ARM EC2 Instances.

Updated whitepaper available: “Navigating GDPR Compliance on AWS” | AWS Security Blog – Somehow this is only 32 pages, so I assume it’s a relatively quick read on how to change your identity and flee the country if the GDPR folks come knocking.

Our Positions – Amazon finally draws out its lines in the sand around their positions around a variety of compelling topics important to modern society. It’s worth a read.


It’s 2AM and your site just broke. Are you awake? No–at best you’re “awakish.” This week’s issue is sponsored by Awakish, a website monitoring tool that tells you when your site or application is down. It’s got an internal collector that lets you get HTTP/S monitoring for service within your environment, at a compelling pricepoint. Check them out with a credit-cardless free trial at([]. Sponsored

LambdaGuard brings security to AWS Serverless. Whether it’s needed or not is the subject of some debate.

… and that’s what happened Last Week in AWS.

Newsletter Footer

Sign up for Last Week in AWS

Stay up to date on the latest AWS news, opinions, and tools, all lovingly sprinkled with a bit of snark.

"*" indicates required fields

This field is for validation purposes and should be left unchanged.
Sponsor Icon Footer

Sponsor a Newsletter Issue

Reach over 30,000 discerning engineers, managers, and enthusiasts who actually care about the state of Amazon’s cloud ecosystems.