Good Morning!

It would appear that I’m not the only person who has lost patience with AWS’s free tier scaring the crap out of newcomers with large bills. Some student is one day going to receive a large surprise bill on their test account because they misconfigured something, not realize that AWS will wipe the bill if you open a support ticket, and do something profoundly tragic as happened with Robinhood. It’s rare that AWS billing is a life-or-death situation; the day that changes is a watershed moment that there’s no coming back from. If I’m AWS I’d be treating this as a raging fire in the building. I hope they are.

From the Community

With cyberattacks becoming more frequent and sophisticated, proactive Threat Hunting is increasingly critical. And here’s the good news: you can significantly improve your Threat Hunting game with existing staff & analytics tools (including the popular Open Distro Kibana). To learn more,Download The Threat Hunter’s Handbook from ChaosSearch, an amazing guide that covers: the 6 common stages of a sophisticated attack; how to adopt the mindset of an attacker; how to find the hidden clues of an attack in your log data; how to conduct a hunt using standard log analytics tools; and a detailed real-world example of combatting an advanced persistent threat. So check out The Threat Hunter’s Handbook from ChaosSearch and get a blueprint for identifying the clues in your log data that will stop cybercriminals in their tracks. Sponsored

A newsletter has launched–a weekly view into systems design. I’m looking forward to seeing how it shapes up.

Wait, do you mean to tell me that over 40 Apps have hard-coded AWS credentials into the mobile app that gets pushed out to customers? That’s just… oh my stars.

This is probably the cloud service launch video I’ve seen yet, and it was apparently developed entirely internally at AWS. How on earth is the last sentence possible?

It’s pretty clear that an article titled How We Kept Datadog From Blowing Up Our AWS Bill is going to wind up linked here.

Over at The Duckbill Group we have a post on a deeper dive into Spending Money to Save Money with Savings Plans and Reserved Instances.

I got Some Letters about my assertion that Developer Portals Are an Anti-Pattern, but overall I think I have the right of it.

The Last Week in AWS blog has a post up explaining / exploring what an AWS edge location is.

AWS’s VP of Identity Jim Scharf takes a break from suffering my attacks on Twitter to pen a thinkpiece reflecting on the last decade of IAM. This really resonated with me, specifically the bit about the plastic Macbooks. I miss those.

Former VP, DE, and conscientious objector Tim Bray weighs in on Amazon’s phenomenal first quarter..

Jobs

If you’ve got an interesting job for this newsletter’s eminently employable subscribers, get in touch!

Chronosphere — an industrial-scale software-as-a-service observability platform — is hiring like mad. This week we’re highlighting their Senior Infrastructure Engineer opening. This person will help ensure all components in the platform are optimized and battle-tested. This person also has a passion for developing internal tools and platforms simple and easy to use, to better improve developer productivity throughout the company.

Some combinations won’t ever play nice. Cats and dogs. 98point6, a mission-driven company that’s making primary care more accessible and affordable, it’s the dynamic duo that’s leading the change in a much-needed digital health revolution. They’re hiring engineers and engineering managers across several disciplines to enhance the practice of medicine—relentlessly improving a platform, built on AWS, that helps reimagine the patient and physician experience.They’re looking for engineers to further their efforts, build critical systems for on-demand care at scale and collaborate across the organization while expanding the types of care they provide. Interested in being a part of healthcare innovation? Check out their open roles and apply now.

AWS is building something new and refreshingly different–and may I say, it’s certainly ambitious! It’s still very, very early days–and the service needs to get from where it is today all the way to general availability, otherwise I won’t get to make fun of it. Help me entertain you– if you’re a senior engineering manager with a penchant for assembling really large engineering teams in a very early stage product, you want to talk to AWS about this “manager of managers” role.

Think “GitHub for marketing teams” and you’d be pretty close to describing Loomly. They’re looking for someone to take ownership of and lead their DevOps/SRE efforts–and that person might well be you. They’re fully remote, post their salary ranges, and using a bunch of AWS services. I’m a fan of what I’ve seen from them so far; see if this role is up your alley.

Choice Cuts

Cloud-native monitoring–wait get back here! This is legitimate. I’ve often derided Observability as “hipster monitoring,” but Chronosphere takes a great approach to it. The billing is predictable, the insight is penetrating, and the open source is free range and cruelty free. If you’ve outgrown your current monitoring stack, or find that Prometheus doesn’t go far enough in the ways you want it to, consider Chronosphere today–and be sure to tell them I sent you. Sponsored

The realities of the past year have forced businesses of all kinds to turn the volume on cloud adoption up to 11. But handling this shift is easier said than done. CloudLIVE 2021 is your chance to get a behind-the-scenes look at proven strategies for FinOps and comprehensive multi-cloud management.Don’t miss out the industry-leading multi-cloud management conference—grab your free ticket today. Sponsored

Amazon CloudWatch Synthetics supports cron expression for scheduling – …only 46 years after cron itself (along with its syntax) was invented. Good hustle, team.

Amazon DevOps Guru now generally available with additional capabilities – They include a “cost estimator” which takes several hours to figure out just how much this thing is going to cost us. Unfortunately it did not return a result before publication time, much like an actual DevOps person badly in need of firing.

Amazon VPC Announces Pricing Change for VPC Peering – This is a huge deal for me and the rest of the Duckbill Group, because this materially changes the economics of when to use VPC Peering over Transit Gateway. You won’t see me complain about a price cut to something that most customers don’t really foresee being expensive, though!

AWS announces a price reduction for Amazon Managed Service for Prometheus (AMP) – It turns out that when “maybe it’d be cheaper to let the site fall over without telling us” becomes a viable strategy, the service is priced far too high. Enjoy a whopping 84% price cut here.

Amazon CloudFront announces price cuts in India and Asia Pacific regions – This might be good for you but you won’t know without waiting–you’re billed for CloudFront accesses based upon where the requestor is. You can’t really predict that in advance.

Complexities and Best Practices for AWS Lambda Logging – They tiptoe around talking about the incredible cost of CloudWatch Logs unless you’re careful to configure a bunch of stuff juuuuuuuust right.

Warming Amazon EC2 Instances Using AWS Lambda to Improve Application Availability – I wish I could get away with writing posts that started from the premise of “our autoscaling sucks, so how about you fix it yourself with Lambda functions?” I further wish I could get away with writing such a thing without once referencing last month’s EC2 Auto Scaling Warm Pools announcement which is a first-party approach to solving this precise problem.

New Amazon FinSpace Simplifies Data Management and Analytics for Financial Services – I’m not entirely clear who the target customers for this service are. That’s okay–it’s not me. The more worrisome thing is that a quick straw poll of my Financial Services clients show that they’re not sure who this is for either–because it’s not solving problems that they experience today. While I like the approach of targeting specific verticals, I’m not sure that they spoke to enough customers before starting to build this thing.

Introducing CloudFront Functions – Run Your Code at the Edge with Low Latency at Any Scale[email protected] has its problems, so AWS did what it does best: completely ignore those shortcomings, launch a new service that’s got a whole other set of primitives, disclose that those hideously expensive “Edge” functions were in fact running within 13 AWS regions all along but still took what felt like days to deploy, and then positions this whole thing as a net positive for customers.

How JPMorgan Chase built a data mesh architecture to drive significant value to enhance their enterprise data platform – Amazon FinSpace makes zero appearances in this article because JPMorgan Chase is here to conduct business, not be new service guinea pigs.

Securing Apache Kafka is easy and familiar with IAM Access Control for Amazon MSK – NO THE HELL IT IS NOT. Even without reading the article itself I know that this headline is lying to my face.

Improving daemon services in Amazon ECS – Honestly I’d prefer they improve the “run this task once every twelve hours” story; getting ECS services on Fargate to NOT run consistently is an exercise in frustration the last time I attempted it; a Thought Leader Best Practice is to use CodeBuild for that instead. I am not kidding.

Create a serverless pipeline to translate large documents with Amazon Translate – Have an overcomplicated architecture looping in additional services in order to make it easier for you to spend more money on an AWS service. Who would possibly mind?

How to deploy Spinnaker Keel on Amazon EKS – “Kubernetes Kustomization files” is so cutesy I want to immediately tear it out of any environment to which I have access.

How to monitor expirations of imported certificates in AWS Certificate Manager (ACM) – “You mean you couldn’t just email me automatically that a cert was going to expire” is the only logical response to this post.

IAM makes it easier for you to manage permissions for AWS services accessing your resources – I think this makes it easier, but I need to drink about three cups of coffee in order to dive into something this technically complex.

Four tips to help you build a future in the AWS Cloud – “…and fifth, when we make a lowball offer to acquire you, best accept it.”

Tools

As IT becomes decentralized, the gulf between operations and applications teams keeps getting wider, putting your application performance at risk. In my session at the Apps ON Cloud Summit, hosted by Turbonomic, I’ll share what I’ve learned from being in the room for far too many heated arguments and give you my best tips for addressing cultural silos.

In other sessions you’ll hear from Kelsey Hightower, Ned Bellavance, and Jo Peterson, who are sure to have different opinions about problem solving than I do.

Register now to get a swag box and enter to win a getaway for two. You probably need it. Sponsored

DiggyDB remains the best way to leverage Route 53 as a database today.

… and that’s what happened Last Week in AWS.

Newsletter Footer

Sign up for Last Week in AWS

Stay up to date on the latest AWS news, opinions, and tools, all lovingly sprinkled with a bit of snark.

This field is for validation purposes and should be left unchanged.
Sponsor Icon Footer

Sponsor a Newsletter Issue

Reach over 30,000 discerning engineers, managers, and enthusiasts who actually care about the state of Amazon’s cloud ecosystems.