Good Morning!

I will be launching a new newsletter/podcast focused on cloud security for folks who aren’t full time security people; the first issue goes out March 4th. It’s called Meanwhile in Security and if you want to receive it be sure to go sign up. My long-time friend and go-to security person Jesse Trucks will be writing it, so it’s almost certain to be less sarcastic and more informative than this publication.

From the Community

Honeycomb’s approach to observability helps you resolve incidents faster, make your services performant, and reliably ship features quickly. Gain confidence in your code by clearly seeing and understanding all the dark hidden corners of production.

To learn how it works, join our Weekly Live Demo and ask our real live humans. Or schedule Observability Office Hours for 1:1 advice on tackling the specific problems most relevant to you. Stop guessing. Start knowing. Sponsored

An honest review of Amazon Managed Workflows for Apache Airflow (MWAA). Short version: it needs some work.

I’m not sure if I agree with these 5 reasons not to get AWS certified, but they’re at least worth considering. For some folks, certification absolutely makes sense; don’t let others tell you any differently.

A walkthrough for AWS SAM Lambdas using TypeScript.

A tale of exploiting an AWS-owned website via its lack of build pipeline security. This one’s worth paying attention to.

My business partner wrote a blog post on how we align incentives to protect our clients at the Duckbill Group. I obviously endorse the message.

AWS employees often think I’m not funny. The New York Times formally disagrees as the paper of record: This Cloud Computing Billing Expert Is Very Funny. Seriously. AWS when asked to particpate in the article: That’s not funny.

AWS has won a contract with the UK’s tax authority. Apparently they prefer to pay taxes via AWS credits.


If you’ve got an interesting job for this newsletter’s eminently employable subscribers, get in touch!

Perhaps you’ve had trouble with the Amplify framework. Perhaps you’d like to help others avoid the challenges you’ve overcome. Perhaps you really like talking louder and louder because you misunderstand what “Amplify” is all about.Consider applying to become a Developer Support Engineer for the Amplify Framework. Work directly with open source users via GitHub issues – help reproduce customer issues, and answer their questions. Work with developers where they hang out, including Discord, Twitter, GitHub (as always it’s pronounced Jith-Ubb), Stack Overflow, and more. Note that this is a highly technical role – you should ideally have some front end knowledge (JS + 1 framework (React, vue, flutter, react native, etc..) is preferred. Note that this is NOT a typical “support” role–it reports through the Amplify service team itself.

Choice Cuts

Have you checked out our friends at FireHydrant? They’re helping the likes of CircleCI and LaunchDarkly master the mayhem. What does that mean? Well, they’re an incident management platform founded by SREs who couldn’t find the tools they wanted – so they built one. I mean, why not? Their platform allows teams to create consistency for the entire incident response lifecycle – from alert handoff to retrospective, and everything in between – tracking, communicating, reporting – FireHydrant will automate processes so you can focus on resolution. Visit to get your team started today. Sponsored

Amazon CloudWatch Synthetics supports canary events with Amazon EventBridge – Just when you thought the world couldn’t get any cheaper or more made of plastic, Amazon releases synthetic canaries.

Amazon DynamoDB Accelerator (DAX) now supports next generation, burstable general-purpose Amazon EC2 T3 instance types – Meanwhile t4g instances exist, so how is t3 “next generation?”

Amazon EKS now supports Kubernetes version 1.19 – The Kubernetes people follow these things like they’re Grateful Dead fans, except that those people aren’t grateful for anything.

Amazon RDS Publishes New Events for Multi-AZ Deployments – Well this is a harsh blow to the “push the button and assume the deploy worked” brigade.

Amazon Redshift Query Editor now supports clusters with enhanced VPC routing, longer query run times, and all node types – You can reframe this and a few thousand other AWS enhancements as “once we release something we never turn it off, but somehow we launch them without features we KNOW customers are going to need and only begrudgingly fill them in later.”

Amazon S3 on Outposts adds a smaller storage tier – Not to be confused with the rack-mountable smaller Outposts, which are called “the smaller Outposts” because sometimes the Crap Service Namers at AWS just give up entirely.

Amazon SNS now supports sending SMS messages to US destinations using ten-digit long codes and toll-free numbers – How many ways does AWS offer to send text messages again? Of course, you can’t use those as a second factor for AWS account logins…

Download today: Kubernetes security ebook – tips, tricks, best practices

The rapid adoption of Kubernetes to manage containerized workloads is driving great efficiencies in application development, deployment, and scalability. However, when security becomes an afterthought, you risk diminishing the greatest gain of containerization – agility. Download this ebook to learn how to (1) build secure images and prevent untrusted/vulnerable code, (2) configure RBAC, network policies, and runtime privileges, (3) detect unauthorized runtime activity, and (4) secure your Kubernetes infrastructure components such as the API server. Sponsored

AWS Direct Connect Announces Native 100 Gbps Dedicated Connections at Select Locations – At $22.50 an hour, plus prices starting at 2¢ per GB, at saturation these links cost just shy of a thousand bucks an hour. Bring money!

AWS Fargate increases default resource count service quotas to 1000 – AWS has service quotas to protect services from being overwhelmed by requests, and to protect you from a runaway bill that you weren’t expecting. The dollar figure for “how much can you run up the bill in an AWS account with default settings before you have to talk to support to increase quotas” just jumped again.

Mergers and Acquisitions readiness with the Well-Architected Framework – AWS cares very much that you keep your company acquisition-ready in case you can’t pay your AWS bill one month.

Watch the re:Invent 2020 Sessions for the Advertising and Marketing Technology Industry – These videos had better be interrupted every few minutes for a sponsored ad that’s unskippable.

Reviewing online fraud using Amazon Fraud Detector and Amazon A2I – This solution stubbornly refuses to trigger on Managed NAT Gateways in infrastructure diagrams.

CloudFormation StackSets delegated administration – Finally you can have an account that isn’t the Organization root account manage the config that gets deployed to other accounts. Or you can read this and feel bad because you’re doing all of this by hand like the rest of us are.

Integrating EC2 macOS workers with EKS and GitLab – The first stories of using the macOS EC2 instances start to emerge into the wild.

Reliability, constant work, and a good cup of coffee – This new entry to the Builders’ Library reinforces that you can indeed visualize Route 53 as a database. I adore Colm MacCárthaigh’s writing style along with the technical depth.


Software powers the world. LaunchDarkly is a feature management platform that empowers all teams to safely deliver and control software through feature flags. By separating code deployments from feature releases at scale, LaunchDarkly enables you to innovate faster, increase developer happiness, and drive DevOps transformation. To stay competitive, teams must adopt modern software engineering practices. LaunchDarkly enables teams to modernize faster. Intuit, GoPro, IBM, Atlassian, and thousands of other organizations rely on LaunchDarkly to pursue modern development and continuously deliver value. Visit us at to learn more. Sponsored

GitHub Actions meet AWS resources best practices. Honestly, this is the kind of thing that’s going to pose a longer term threat to AWS than anything else I can see.

re:Web lets you run classic web applications like WordPress on AWS Lambda. I’m very interested to hear feedback on this one.

… and that’s what happened Last Week in AWS.

Newsletter Footer

Sign up for Last Week in AWS

Stay up to date on the latest AWS news, opinions, and tools, all lovingly sprinkled with a bit of snark.

"*" indicates required fields

This field is for validation purposes and should be left unchanged.
Sponsor Icon Footer

Sponsor a Newsletter Issue

Reach over 30,000 discerning engineers, managers, and enthusiasts who actually care about the state of Amazon’s cloud ecosystems.