Good Morning!

Another week is upon us! Here at The Duckbill Group we’ve posted open roles for both a Head of Consulting and an Account Executive; should you know anyone who fits the (Duck)bill, please send them our way.

From the Community

The best way to get someone to completely ignore you is to alert them about things that are completely irrelevant. (This is clearly news to the AWS Marketing team that handles feature announcements.) DisruptOps helps you find and fix cloud security issues rapidly by filtering out the noise so you just get the alerts you want to receive. DisruptOps gives security and DevOps teams prioritized findings and routes relevant alerts to Slack, Microsoft Teams, or JIRA — with automated response options that save you both time and your own rapidly decaying patience. Finally, security is inside your workflow, instead of in your way. Get to know DisruptOps, and tell them I sent you for a free 30-day trial. Sponsored

Cloudonaut demonstrates some multi-region AWS architectures.

An analysis of the last six years of EC2 hardware trends.

My post on the Lessons of AWS Infinidash talks about everyone’s favorite imaginary service that doesn’t really exist since Google Customer Support.

The Pentagon’s JEDI project has been cancelled in a win for AWS and a loss for basically everyone else.


If you’ve got an interesting job for this newsletter’s eminently employable subscribers, get in touch!

In case you missed the intro, be sure to check out the careers page for two roles we’re hiring for here at The Duckbill Group.

Choice Cuts

Cloud Operations… it just sounds smart – but it can be even smarter! “How?” you say? Join this webinar THIS Wednesday, July 14th, for an exciting conversation on how log analytics can make your cloud operations smarter. Hosted by Kevin Petrie, VP of Research at Eckerson Group, and Thomas Hazel, CTO & Founder of ChaosSearch – during the webinar, they’ll discuss: the role of log analytics in CloudOps; the requirements, challenges, and benefits of log analytics for CloudOps; case studies, pitfalls, and lessons learned! You know I’m a longtime fan of ChaosSearch, and I highly recommend you attend this webinar on Wednesday (or at least sign up so you can get the replay!) Sponsored

Amazon CloudFront announces new APIs to locate and move alternate domain names (CNAMEs) – This is AWS dancing around calling this what it is: a mitigation for a clever hijacking method.

Amazon Kendra releases Web Crawler to enable web site search – Amazon Kendra supports a search engine from 1994. That reference is old enough to not only drink, but also get a sizeable discount on its car insurance.

Announcing the General Availability of AWS Local Zones in Dallas and Philadelphia – Good news this week both for y’all and youse guys.

AWS Lambda now supports Amazon MQ for RabbitMQ as an event source – Just like most of their customers who know better, AWS Lambda rolls out support for RabbitMQ in a manner that can only be described as “begrudging.” I get it. I hate that queue too.

AWS lowers data processing charges for AWS PrivateLink – After your first $10K of PrivateLink charges in a region in a month, AWS starts giving you a discount. Managed NAT Gateways could not be reached for comment at press time as they were too busy skiing down their mountain of money.

Automate Amazon ES synonym file updates – I’m not entirely clear why Elasticsearch needs to automate adding cinnamon, but too many chefs and all that…

Migrate Amazon QuickSight across AWS accounts – This blog post is one of the best sales brochures I’ve ever seen for Tableau, because migrating an AWS service like this between accounts is clearly an overly complicated hellish nightmare.

Integrating Amazon API Gateway private endpoints with on-premises networks – The previous solution of “use an NLB and a hammer” wasn’t quite satisfying enough to meet customer demands.

Persistent Storage using EFS for EKS on Bottlerocket – Let me retitle that for you. “Using AWS services in order to use other AWS services.”

Extending an AWS CodeBuild environment for CPP applications – You’d really think they’d make a point to highlight that “cpp” in this context is C++, the venerable programing language. Not everyone has that in their glossary.

Rethinking low latency trading using AWS Local Zones – The engineer working at a high-frequency trading firm who suggests this to their employer will suddenly find their boss rethinking the decision to hire them in the first place. These companies do not want to host their algorithms in the cloud, full stop.

Generate a jazz rock track using AWS DeepComposer with machine learning – This blog is a great primer on using Machine Learning® to disappoint each and every one of your musical idols. Miles Davis is unimpressed.

“The Crown” in the cloud – “Netflix did a thing; Netflix is an AWS customer, so via the transitive property of cloud billing we did a thing!”

Getting Started with AWS Amplify DataStore Multi-Auth for iOS – This uses a bunch of complex technical jargon to explain to iOS developers how to avoid Cognito in some situations.

How to build secure data lakes to accelerate your nonprofit’s mission – How to help AWS profit from your nonprofit. Unlike many vendors, AWS does not offer a discount to registered nonprofits as a matter of course.

How one Caribbean university digitally transformed and saved money by migrating to the cloud – As always, the saving money figure of (in this case) 50% is derived via some hand-wavy TCO analysis. Once again, you don’t save money by moving to the cloud; you enhance capabilities. Any other rationalization is a sales pitch.

Automate resolution for IAM Access Analyzer cross-account access findings on IAM roles – This automated solution manages IAM (a service you don’t understand) via clever use of several other AWS services (which you also don’t understand).

Announcing our newest Twitch series, AWS Power Hour: Architecting – Clearly this series belongs in Twitch’s “Fantasy Role Playing” genre.


Developer secrets can provide access to entire cloud platforms, databases, source code, and more. Recently, there have been cases of such secrets being stolen by ransomware and used in follow-up attacks. Register for the upcoming webinar on Thursday, July 29 to learn how to automate data classification to restore visibility and control of sensitive data with Open Raven. Sponsored

Leapp is a tool to grant access only via temporary credential sets. I think all storage lives locally only, but an affirmative statement to that effect in the README wouldn’t be remiss.

This tool highlights EC2 instances that are scheduled for retirement. Now I’d like one that highlights all the AWS VPs who are scheduled for same please.

… and that’s what happened Last Week in AWS.

Newsletter Footer

Sign up for Last Week in AWS

Stay up to date on the latest AWS news, opinions, and tools, all lovingly sprinkled with a bit of snark.

"*" indicates required fields

This field is for validation purposes and should be left unchanged.
Sponsor Icon Footer

Sponsor a Newsletter Issue

Reach over 30,000 discerning engineers, managers, and enthusiasts who actually care about the state of Amazon’s cloud ecosystems.