Good Morning!

Today marks the first day at the Duckbill Group for our new Principal Cloud Economist Tim Banks! If you think he’s fun now, wait until what happens after we show him the Deep Secrets…

From the Community

With cyberattacks becoming more frequent and sophisticated, proactive Threat Hunting is increasingly critical. And here’s the good news: you can significantly improve your Threat Hunting game with existing staff & analytics tools (including the popular Open Distro Kibana). To learn more,Download The Threat Hunter’s Handbook from ChaosSearch, an amazing guide that covers: the 6 common stages of a sophisticated attack; how to adopt the mindset of an attacker; how to find the hidden clues of an attack in your log data; how to conduct a hunt using standard log analytics tools; and a detailed real-world example of combatting an advanced persistent threat. So check out The Threat Hunter’s Handbook from ChaosSearch and get a blueprint for identifying the clues in your log data that will stop cybercriminals in their tracks. Sponsored

An opinionated piece that asserts you should always use DynamoDB global tables now, but please read the article to capture the nuances of the point being made before you do this.

I’ve been keeping a loose eye on the various Service Meesh for a while, and this teardown of Istio’s operational complexity by someone very familiar with it is riveting.

There’s “improve your application’s performance,” and then there’s “Extreme HTTP Performance Tuning: 1.2M API req/s on a 4 vCPU EC2 Instance.”

Some recruiting company leaked 20K people’s personal information and scored an S3 Bucket Negligence Award in the process.

I’m clearly not a fan of “only use primitive generics so you can multi-cloud someday” architectures, but I’m also uneasy about the other extreme of Commonwealth Bank of Australia building core applications around AWS-specific offerings. You are a bank. Mistakes will show.

My New CEO Onboarding at AWS article has thus far failed to get me ejected from the AWS ecosystem by force.

The Last Week in AWS blog has a guest post up with a detailed introductory guide to AWS Glue.

I spent ~7 years as freenode network staff, so watching the network self destruct last week has been a bit of a sad event in my life. Not particularly AWS-focused, and the world has collectively moved on from IRC in many respects, but this is my newsletter; you get to read about things that resonate with me.


If you’ve got an interesting job for this newsletter’s eminently employable subscribers, get in touch!

Some combinations won’t ever play nice. Cats and dogs. Water and a keyboard. Fire and ice. But physicians and engineers? 98point6, a mission-driven company that’s making primary care more accessible and affordable, it’s the dynamic duo that’s leading the change in a much-needed digital health revolution. They’re hiring engineers and engineering managers across several disciplines to enhance the practice of medicine—relentlessly improving a platform, built on AWS, that helps reimagine the patient and physician experience.They’re looking for engineers to further their efforts, build critical systems for on-demand care at scale and collaborate across the organization while expanding the types of care they provide. Interested in being a part of healthcare innovation? Check out their open roles and apply now.

The AWS User Experience Products & Platform team is responsible for products that enable AWS users to manage their applications and infrastructure on AWS. Our mission is to deliver an effective, efficient, and loved user experience that makes it easy for all users to discover, learn, and build on AWS. Today, we own the AWS Management Console, the AWS Console Mobile App, the AWS Chatbot, as well as the User Experience Platform used by 175+ AWS service teams to develop and deliver their user experience across multiple channels (web, mobile, chat).

Think “GitHub for marketing teams” and you’d be pretty close to describing Loomly. They’re looking for someone to take ownership of and lead their DevOps/SRE efforts–and that person might well be you. They’re fully remote, post their salary ranges, and using a bunch of AWS services. I’m a fan of what I’ve seen from them so far; see if this role is up your alley.

Choice Cuts

Cloud-native monitoring–wait get back here! This is legitimate. I’ve often derided Observability as “hipster monitoring,” but Chronosphere takes a great approach to it. The billing is predictable, the insight is penetrating, and the open source is free range and cruelty free. If you’ve outgrown your current monitoring stack, or find that Prometheus doesn’t go far enough in the ways you want it to, consider Chronosphere today–and be sure to tell them I sent you. Sponsored

Amazon CloudWatch Application Insights now supports container monitoring – The CloudWatch Application Insights team discovers that customers like to run their applications inside of containers.

Amazon EC2 Auto Scaling Introduces Predictive Scaling as a Native Scaling Policy – You don’t want to partake in a drinking game of “drink every time machine learning is referenced in an AWS feature or service,” because regardless of what it is you’re drinking you will die.

AWS Application Cost profiler – I have strong opinions about the entire cost optimization space, and this service (implemented correctly) would be something my customers would adore. Unfortunately, I kicked the tires on it and it just completely falls down. It’s difficult to get set up, the flows are extremely non-intuitive, and then you have to instrument your applications to report usage back to this thing somehow. I don’t know how this thing was released in its current (clearly unfinished) state, much less why it’s listed in the AWS console as a top level service. I really want something in this space to exist as a first-party offering from AWS, but unfortunately this one is just simply not anywhere even remotely close.

AWS Compute Optimizer Now Supports Exporting Amazon EBS and AWS Lambda Recommendations to Amazon S3 – “Save a CSV file to S3” is apparently worth an announcement now. I’m not kidding, that is all that this thing does.

AWS customers can now self opt-in to AWS Wavelength Zones – Real customer obsession would allow AWS customers to self opt-out of periodic console redesigns, ridiculous services appearing in the console without prior approval, and Managed NAT Gateways being available within their accounts.

Announcing enhancements to Amazon Rekognition text detection – support for more words, higher accuracy, and lower latency – The last time AWS taught people new words, they included nonsense like “Trainium,” and “Fargate.”

How AWS Partners Can Get Started with AWS Outposts – By Knowing What it’s Not – When your product’s value proposition is so poorly articulated that you have to define what you’re selling by what it isn’t, you’ve got more marketing work to do.

How to Connect Legacy Machines and Devices to AWS Using the ConnectSense Smart Power Cord – This answers the question “what if a WEMO smart plug cost $130 and required a bunch of wiring Lambdas together to do anything useful?”

Introducing AWS App Runner – I kicked the tires on getting App Runner working in my environment, and it was surprisingly straightforward. My only beef with it is the now ~17 different ways to deploy containers to AWS without much formal guidance as to which ones are appropriate for which use case.

Improve Aircraft parts provenance using Amazon Managed Blockchain – You know Managed Blockchain is a real thing that customers use because this entire article is written in the abstract without a single named customer reference that I can spot.

Amazon Lookout for Vision Accelerator Proof of Concept (PoC) Kit – AWS sells hardware via a lengthy blog post that ends with the rousing call to action “you must talk to our partner’s sales team to order one.”

Speed up YOLOv4 inference to twice as fast on Amazon SageMaker – “Tell me you’re just making things up with random words crowdsourced from Twitter without actually telling me.”

Introducing AWS CloudFormation Guard 2.0 – “2.0” is AWS-speak for “we have completely missed on this service, so we’re doing a reset.” So far I haven’t yet seen someone disagree and commit a 3.0 release tag.

Getting started with Bottlerocket on AWS Graviton2 – Using an AWS-specific Linux distribution on an AWS-specific processor has never been easier! Or a smart move.

A new whitepaper has been released on best practices for organizing your AWS environment with multiple accounts.


Flying blind in the cloud? Lacework provides a flight recorder for your user, API, and container activity – all organized into behaviors that deliver answers in seconds and takes you out of the analysis paralysis game. Whether you’re ready to take the red pill or the blue pill, Lacework bridges the gap between DevOps and Security. Lacework makes it easy with everything from compliant service configurations to container app topologies – no rules required. Got doubts? Challenge accepted. See for yourself at Sponsored

As IT becomes decentralized, the gulf between operations and applications teams keeps getting wider, putting your application performance at risk. In my session at the Apps ON Cloud Summit, hosted by Turbonomic, I’ll share what I’ve learned from being in the room for far too many heated arguments and give you my best tips for addressing cultural silos.

In other sessions you’ll hear from Kelsey Hightower, Ned Bellavance, and Jo Peterson, who are sure to have different opinions about problem solving than I do.

Register now to get a swag box and enter to win a getaway for two. You probably need it. Sponsored

AWS Data Transfer Cost Explorer does what it says on the tin; explores data transfer in your AWS environment and represents it visually.

iam-floyd is an IAM policy statement generator with interfaces and syntactic sugar for common programming languages.

… and that’s what happened Last Week in AWS.

Newsletter Footer

Sign up for Last Week in AWS

Stay up to date on the latest AWS news, opinions, and tools, all lovingly sprinkled with a bit of snark.

"*" indicates required fields

This field is for validation purposes and should be left unchanged.
Sponsor Icon Footer

Sponsor a Newsletter Issue

Reach over 30,000 discerning engineers, managers, and enthusiasts who actually care about the state of Amazon’s cloud ecosystems.