Good Morning!

I made it back from the Chicago AWS summit alive; thanks to the folks who said hi during the trip.

We’re approaching "early re:Invent" season here; expect to see more around that in the weeks ahead.

From the Community

What can happen when you copy Lambda function code from the Internet and deploy it to your AWS account? Read the Sysdig blog that walks you through a real attack scenario from a black box and white box angle to uncover a vulnerable AWS Lambda function and learn the best practices to mitigate this vector attack.

This Guide to AWS Lambda Function URLs is worth the read, just so you can stop messing around with APIs Gateway for some use cases.

I stumbled over this disturbingly fast speedup option for JavaScript Lambda functions.

Stumbled across this post from July about Amazon’s "Degenerate Leadership Principles." Oof.

A bake-off between GitHub Copilot vs. Amazon CodeWhisperer went basically how I would have predicted it would.

AWS switched from using gzip to zstd and resulted in a roughly 30% reduction in how much data they were storing in S3 as a result for the relevant workloads. Pay attention; this will save you money.

To everyone’s credit, my assertion that Amazon SageMaker Is Responsible for My Surprise Bill resulted in a grand total of 0 snide retorts telling me that I should have done something differently. Good work.

I saw this article in The Register talking about how managed document-based data stores are all the rage that specifically mentioned DocumentDB ("Amazon Basics MongoDB"). That seemed weird to me, given that nobody I talk to who’s tried it seems to like it much. Then I noticed that this was a sponsored feature from AWS and it all made sense. Bonus points for the first referenced customer to be HP’s reviled "ink subscription" program. Great job there folks, that’ll turn the tide of public opinion.


Introducing DevCycle, a feature management suite that helps product engineering teams deploy code faster, reduce release complexity, and maximize impact. Our cloud-based solution is easy to use, and with a feature management suite like DevCycle in place, any bugs that make it into production can be resolved quickly and easily. So if you’re a feature flag developer looking for a new challenge, come join our team and help support modern engineering teams that are shifting to continuous deployment. With DevCycle, they can shorten release timelines from 1-2 months to deploying code to production multiple times per day.


Last Week In AWS: Amazon SageMaker is Responsible for My Surprise Bill

Last Week In AWS: Low Tech Earthquake Detection

Last Week In AWS: Rumors All Atwitter

Screaming in the Cloud: How to Leverage AWS for Web Developers with Adam Elmore

Screaming in the Cloud: Understanding CDK and The Well Architected Framework with Matt Coulter

Choice Cuts

The worst time to find out that you can’t recover from an accidental deletion or insider threat is after it’s already happened. In account snapshots and replication are vulnerable to bad actors, and even if the data is there, it can take you hours to find the right data to restore. Recover quickly and restore granularly with Clumio.

Amazon GameLift now supports AWS Local Zones – It makes sense; Local Zones are designed for customers with borderline-absurd latency requirements, and gaming companies are exactly that.

Designing a Multi-Tenant SFTP Server with AWS Transfer Family – No, no, no, no, no! The only reason to use an SFTP endpoint for AWS storage is because you’re working with a legacy customer who insists upon it. Those are generally large banks and similar institutions; the exact same kind of customer who will absolutely throw a tantrum to rival my two-year-old as soon as the phrase "multi-tenant" enters the conversation. You stand this up just for them, you get the data the hell into something sensible, and then you never talk about or think about it again.

Know Before You Go: 5 Reasons to Join AWS at VMware Explore 2022 – I suppose it tracks that I’ve heard nothing about this conference from VMware, and had to hear about it instead from AWS.

Announcing the latest AWS Heroes – August 2022 – Particular congratulations to longstanding client, friend, and periodic moral compass of mine: Liz Fong-Jones.

Happy 10th Anniversary, Amazon S3 Glacier – A Decade of Cold Storage in the Cloud – The data usage patterns that AWS must see are fascinating to me. For example: what percentage of data is written, and then never read again? Note that you don’t have enough context to say that this is inherently a bad thing; think "audit logs you’re required to keep" or "images customers pay you to store and trust will be there should they ever need them."

New – AWS Support App in Slack to Manage Support Cases – This is awesome if you have Business tier or higher AWS support. If not, you sound poor and AWS has zero interest in making your interaction with support issues any easier for you.

New — Fine-Grained Visual Embedding Powered by Amazon QuickSight – Amazon Basics Tableau fixes none of its underlying issues but does strive to at least be prettier. Good. You understand your ultimate target market at least.

Reduce network traffic costs of your Amazon MSK consumers with rack awareness – Okay, this is big. It’s the first tacit admission that I can recall seeing from AWS that cross-AZ traffic costs are a significant burden to customers. More like this please–and then fix it!

Conduct what-if analyses with Amazon Forecast, up to 80% faster than before – "What if" Amazon’s retail store recommendations were actually germane to your lifestyle rather than whatever Amazon was trying to push as a sponsored product? Well, I’d imagine that Amazon Forecast would have a heck of a lot more credibility based upon the Earned Trust that would result…

Transformation journeys: Creating and delivering amazing content experiences in the cloud at IBC 2022 – Nimble Studio is a blast to play around with in my experience, but I can’t for the life of me figure out why they’re talking about it at a root beer conference.

Simplifying Active Directory domain join with AWS Systems Manager – Wait– THIS is what it takes to have a Windows server automatically join a domain?! This blog post rivals "getting your application deployed onto Kubernetes from scratch" with regard to complexity. Who on earth would make this (by which I mean, Windows Server as a part of a domain) a part of their production environment other than under duress?!

Analyzing AWS WAF Logs in Amazon CloudWatch Logs – The fact that this post isn’t "they’re both AWS services; of course the service teams talk to one another so it’s simply a button click in the console away" encapsulates one of my greatest fears for the future of AWS as the de facto platform of relevance.

Amazon CloudFront introduces Origin Access Control (OAC) – Three reads of this post and I absolutely do not understand what makes this in any way different from or superior to the long-existing Origin Access Identiy (OIC) functionality.


Cut what you’re paying for cloud GPU instances by more than 73% by choosing Lambda Cloud. Access 1x NVIDIA A6000 (48GB) instances for $0.80/hour and 1x NVIDIA A100 (40GB) for $1.10/hour, compared to $4.10/hour for equivalent instances from AWS –kind of. In fact, AWS only offers one-size-fits-rich-kid instances starting at $32/hour to kick the tires. Imagine a world where the pricing was more accessible, transparent, and has no hidden fees. Sign up is free with no commitments.

My beloved aws is now getting unicode support. Yes, I realize that I sound like I’m a thousand years old; click the link and learn about the magic.

… and that’s what happened Last Week in AWS.

Newsletter Footer

Sign up for Last Week in AWS

Stay up to date on the latest AWS news, opinions, and tools, all lovingly sprinkled with a bit of snark.

"*" indicates required fields

This field is for validation purposes and should be left unchanged.
Sponsor Icon Footer

Sponsor a Newsletter Issue

Reach over 30,000 discerning engineers, managers, and enthusiasts who actually care about the state of Amazon’s cloud ecosystems.