Good Morning!

Welcome to issue number 153 of Last Week in AWS.

To be serious for a moment, I hope you’re all staying safe, washing your hands, and keeping in touch (remotely) with people. If you need someone to talk to, hit reply; I’m here.

We’re growing our Cloud Engineering team here at the Duckbill Group, and looking for full time, fully remote employees. (US only, unfortunately; Legal insists…) Come tilt the windmills of AWS billing; we have such stories to share with you!

From the Community

In the beginning open source solutions are great. You can’t beat free… especially when OS gives devs flexibility & helps the community. But that’s the beginning… how much will free cost as you scale?

In The Open Source Observability Landscape, see the costs & benefits of popular tools Jaeger, Prometheus, & ELK. Learn how Honeycomb coexists with these to provide critical observability when you scale. Sponsored

Forrest Brazeal has penned the remarkably poignant Tech in the time of COVID-19. Stay safe out there.

S3 Infrequent Access has a little-known Holy Hand Grenade of Antioch awaiting you, hidden in the bill…

They’ve closed the complaining about Cognito GitHub thread. I’m torn on this one. On the one hand, the thread had run its course; on the other, Cognito’s developer experience is abysmal and hasn’t materially improved in a long time. I want this service to work, but until then it makes developers feel dumb, and that’s not okay.

Some code terrorist has released a distributed cache on top of Lambda functions. This is absolutely what you should be using to cache query lookups from Route 53 DB.

A guide to understanding AWS traffic mirroring; specifically its malicious use.

Four considerations to keep in mind when managing an AWS VPC. We can all do with a reminder of these things from time to time.

Two important AWS security rules. There are many more, but can we just start with these two?

Instacart talks about how they terraform RDS. It’s not as straightforward as you’d think…

Amazon’s ElasticSearch offering isn’t nearly as bad as I describe, or so I’m told frequently. Fair, fair–so here instead have a postmortem of an outage it caused.

Alex DeBrie (“Mr. DynamoDB”) talks about how to model one-to-many relationships in DynamoDB.

AnandTech does a first impressions writeup of Graviton2, Amazon’s new custom built ARM chip.

CockroachDB talks about the feedback they received from all three cloud providers, and is a terrific example of why running benchmarks is a fool’s errand; you’ll get nibbled to death by ducks every time someone feels they weren’t given a result that favors them.

I wrote a thorough AWS bill analysis of an AWS engineer’s side project. This is a glimpse of how I spend my time most days…

You moved your webapp into AWS? Good for you! Here’s a story of someone doing that for aircraft communications.


If you’ve got an interesting job for this newsletter’s eminently employable subscribers, get in touch!

No one likes managing EC2 instances, so you might like managing the team that replaces them with containers. That’s right, the Fargate team is hiring three Software Development Managers. People-focused servant-leaders are encouraged to apply. Help bring about an end to the Serverless vs. Containers war that doesn’t need to be fought in the first place. Every team at AWS has internal principles that embody their culture–but this team publishes theirs on GitHub.

Choice Cuts

Running a business is hard. Your cloud doesn’t have to be. DigitalOcean is the cloud that offers transparent, predictable pricing – even for Kubernetes clusters, which you’d have thought was impossible! You also won’t need 12 weeks of cloud school to absorb a zillion ancillary services just to be able to SSH into an instance. Is this the kind of simplicity you need out of your cloud provider? Check out DigitalOcean today. Sponsored

Amazon Athena adds support for managing Athena Workgroups using AWS CloudFormation – Fun fact: Athena Workgroups aren’t a real thing, but the folks on CloudFormation couldn’t possibly keep track of it all. It’s MadLibs for AWS release announcements…

Amazon Aurora with PostgreSQL Compatibility supports Amazon Aurora Global Database – The glorious part of CAP theorem is that all of the large cloud providers love to release database options that pretend that you can now ignore CAP theorem. Magical thinking now comes to PostgreSQL!

Amazon Data Lifecycle Manager (DLM) Adds Support For 1 hour Backup Interval – I do not for the life of me understand why every incremental option for backup frequency requires a separate release. Make it a freeform field and be done with it already!

Amazon EKS now supports Kubernetes version 1.15 – Congratulations to the EKS team for supporting 1.15, which goes End of Life in another eight days. Welcome to the worst Hanukkah of them all.

Amazon RDS Performance Insights Supports Amazon RDS for MySQL Version 8.0 – Oh, great. They’ll support a new MySQL engine, but continue to pass over Route 53. Database analytics really shouldn’t be this hard for a database you’ve basically taken hostages to implement.

Amazon Redshift introduces support for materialized views (Generally Available) – If you’re struggling to wrap your head around what a materialized view might be, don’t worry; I’ve got you. Think of it as a cached DNS result.

Amazon Redshift launches pause and resume – You can now turn your RedShift clusters off at night while your data science teams slumber in their beds.

Amazon VPC NAT Gateway Now Supports Tag-on-Create – I’m holding out for the Managed NAT Gateway to support terminate-on-create due to its horrific pricing model. To wit: passing data through it to store in S3 costs the same as storing that data in S3 for two entire months.

Announcing Bottlerocket, a new open source Linux-based operating system purpose-built to run containers – Bottlerocket joins the pantheon of “Amazon sponsored open source projects named after things that will blow your hands off when you screw them up.” Think of it as an optimized Linux distro for running containers. In other words, “the thing I want Amazon to handle for me.”

Announcing the AWS Game Tech Learning Path – To get started on this Learning Path, please go talk to the cat standing up with an exclamation point hanging over their head.

API Gateway Offers Private Integrations with AWS ELB and AWS CloudMap as Part of HTTP APIs GA Release – “Huzzah, thanks to the release of a completely unrelated feature-set, load balancing of non-public APIs is available! Please don’t ask us why we had to sneak this through.”

AWS CloudFormation Drift Detection and Resource Import now available in seven additional AWS regions – Some services varying by region makes intuitive sense to me. CloudFormation varying by region is freaking terrifying.

AWS adds the ability for customers to enable AWS Local Zones themselves – So… the Los Angeles Local Zone is now GA, but only if you choose to enable it in your account? Is it launched? Is it not? Are they trying to avoid a sudden inrush of demand?

AWS Elastic Beanstalk Launches Docker on AL2 Platform (Beta) – The fact that this took over a year to be supported makes me suspect that Amazon Linux 2 isn’t the most well-supported service across various AWS teams.

AWS Security Hub adds new fields and resources to the AWS Security Finding Format – Yay, new fields in a CSV are always appreciated! Nobody ever builds tooling around CSVs, so this is just something for humans to read. No automated scripts just broke.

Introducing Amazon Personalize Optimizer Using Amazon Pinpoint Events – Huzzah! There’s now a solution to tie their machine learning recommendation service to their user engagement service. Because it’s AWS, they take those services aimed at two very different audiences, disregard both, an market it to infrastructure engineers instead.

New AWS Certification validates expertise in AWS databases – Good luck, DBAs! It’s time for you to brush up on your zone transfers…


This issue is sponsored in part by my friends at CHAOSSEARCH! You know, Mom always said “Log analytics shouldn’t break the bank!” and finally someone has listened! CHAOSSEARCH is a fully managed log analytics platform that leverages your AWS S3 as a data store. Their revolutionary technology radically lowers costs for analyzing log data at scale, and they pass those savings on to you! If you are tired of your ELK Stack falling over, or tired of paying over-the-top prices to the current litany of ho-hum log analytics vendors out there, try CHAOSSEARCH today! So check them out and tell them Corey sent you so they can sigh exasperatedly and ask you what I said this time… Sponsored

A selection of AWS integrations for GitHub Actions. We’re really seeing a lot of interest in integrating these two lately!

The handy Checkov tool now supports CloudFormation as well as Terraform.

… and that’s what happened Last Week in AWS.

Newsletter Footer

Sign up for Last Week in AWS

Stay up to date on the latest AWS news, opinions, and tools, all lovingly sprinkled with a bit of snark.

"*" indicates required fields

This field is for validation purposes and should be left unchanged.
Sponsor Icon Footer

Sponsor a Newsletter Issue

Reach over 30,000 discerning engineers, managers, and enthusiasts who actually care about the state of Amazon’s cloud ecosystems.