Good Morning!

Welcome to issue number 113 of Last Week in AWS. As always, you can hear the podcast companion to this newsletter at AWS Morning Brief.

This week I’m in Washington DC for AWS’s Public Sector Summit. If you’re around, let me know; I’m giving no talks, so I should have time to grab a coffee on the expo floor at some point over the next couple of days.

From the Community

If you misconfigure Amazon Cognito, you might get an entire whitepaper written about it. Ouch. I’m sympathetic; Cognito isn’t exactly the most straightforward thing to learn..

Juniper’s Director of Open Source Strategy, former VP of the Open Source Initiative, and longtime friend VM Brasseur opines on Amazon and Open Source. Read this.

It’s depressing that we need a AWS Reserved Instances cheatsheet, but it exists now.

A great explainer for AWS Config. I must confess that I haven’t been keeping up with this service as well as I probably should be. That stops now!

A dive into how Nike improved their AWS velocity by creating an event stream database.

A fun weekend project: making a smarter smart thermostat with Go, Lambda, and SAM.

This week’s S3 Bucket Negligence goes to–an election?! Are you kitten me?!

A twitter thread, of all things, from Jeremy Daly talking about migrating workloads to DynamoDB. This deserves to be a blog post.

I got to chat with Emily Freeman, author of the upcoming “DevOps for Dummies” on last week’s episode of Screaming in the Cloud.

The Cloud Pod reflects on their first 25 episodes. I even guested on one of them!

This issue is sponsored in part by NetApp.

Yes, NetApp! Not everyone’s environment is a born-in-the-cloud startup that sprang fully formed into the world a year ago. Some of us have on-premises data centers, which give rise to hybrid cloud environments. How do you monitor those? Consider NetApp’s Cloud Insights to grant insight into all of your infrastructure—not just the parts that live in a public cloud somewhere. Thanks to NetApp for their support of this newsletter.

This week’s issue is sponsored in part by LightStep.

With distributed systems, the current state of most monitoring rounds down to “Observerless.” Meet LightStep. LightStep offers complex APM for modern applications. Designed with modern, high-scale, high-traffic architectures in mind, LightStep makes it easy to spot, diagnose, and solve performance issues.


If you’ve got an interesting job for this newsletter’s eminently employable subscribers, get in touch!

Amazon has an on-demand call center offering. While it sounds like something I’d make up to screw with people, it does in fact exist, and it’s called Amazon Connect–and they’re hiring in Seattle, Vancouver, and NYC. If you’re interested in working on the future of modern telephony, check out what the Amazon Connect team is up to. Somewhat suspiciously, you can’t apply via telephone…

Choice Cuts

Amazon ECS Improves ENI Density Limits for awsvpc Networking Mode – This is huge for folks trying to pack additional containers into ECS. Historically this was causing limit issues, latency, all kinds of bad stuff. Instead of headlining with that, they instead talk about this like it’s some trivial enhancement.

Amazon EC2 announces Host Recovery – This lets you recover dedicated hosts without manual intervention. You probably shouldn’t be using dedicated instances; HIPAA no longer requires them, for instance.

Amazon EC2 X1 and X1e Instances are Now Available in Additional AWS Regions – Spend extortionate piles of money in additional far away places. In some of those places, the instances are possibly the most expensive thing in the entire country.

Amazon ECS Support for Windows Server 2019 Containers is Generally Available – Now you can run Windows containers on top of ECS and… I’m sorry, do what exactly? Are people running Windows workloads in containers at any scale? Is this a thing I’ve somehow missed? Am I the idiot? Is this thing on?

Amazon Elasticsearch Service announces support for Elasticsearch 6.7 – Between the OpenDistro for Elasticsearch political angle, the “managed Elasticsearch service is… not terrific” angle, the “is this managed service still tracking upstream Elasticsearch or their own fork” angle, and the “why do minor version bumps get trumpted” angle, I’ve successfully built a strange looking quadrilateral.

Amazon Pinpoint now includes support for AWS CloudFormation – …Pinpoint launched on December 1st, 2016. Why is this release not phrased in the form of an apology?

AWS DataSync is now SOC compliant – If you wash your SOCs in the Data Sink, it turns out that you get yelled at by other adults in the house, no matter how much you protest that it’s a work requirement.

AWS KMS is now available in the AWS China (Beijing) Region, operated by Sinnet and the AWS China (Ningxia) Region, operated by NWCD – Along with EBS encryption there as well, I’m left wondering how the heck they did that. As a general rule, strong encryption is heavily regulated within mainland China. They’ve either managed to work around those requirements, or they’re not doing anywhere close to a good enough job caveating that the KMS you’ve built your entire business upon is something very different in Mainland China.

AWS Organizations Now Supports Tagging and Untagging of AWS Accounts – What does this mean? All resources in the account? Just the free account bits? Once again the details of this release are left to the reader to discover. It’s a magical journey except terrible.

AWS Glue now provides an VPC interface endpoint – It’s amusing, since it’s supporting a service called Glue, but feels like it’s been slapped together with duct tape.

Amazon ElastiCache for Redis launches self-service updates – Only in the world of modern cloud does “we let you do a thing yourself!” become a feature rather than something to be eliminated, but good for them.

Introducing AWS Systems Manager OpsCenter to enable faster issue resolution – It’s good to see that Tom Clancy continues to write books from beyond the grave. His “Systems Manager” series continues to sell well.

Launch: Variable budget targets for cost and usage budgets | AWS Cost Management – Missed this last week; this release should be sponsored by Advil. Enjoy the pounding headache as you start imagining a large enterprise’s variable budget model for on-demand cloud spend throughout an 18 month planning cycle, and what this (admittedly handy) release says about those processes.

Meet the Newest AWS Heroes! June 2019 | AWS News Blog – The latest group of AWS Heroes have been anointed. I could snark, but these folks do incredible work for the ecosystem. Good job!

How to securely provide database credentials to Lambda functions by using AWS Secrets Manager | AWS Security Blog – Tune in next week, when the AWS Database Blog posts a followup article on how to quickly scale up your database clusters when your Lambda functions reduce them to smoking craters.


This simple Chrome extension updates the AWS console Favicon so you can see which service a given browser tab belongs to. Why it requires a third party extension rather than being done natively is anybody’s guess.

Another tool to mock AWS that isn’t me, Moto seems interesting.

A CloudFormation template and accompanying blog post that talks you through sensible video encoding on AWS.

A free tool to let you draw AWS Diagrams. I’m partial to paid options myself, but I get that’s not for everyone.

[20 Patterns to Watch for in Engineering Teams](

GitPrime’s new book draws together some of the most common software team dynamics, observed in working with hundreds of enterprise engineering organizations. Actionable insights to help you debug your development process with data. Get Your Copy.

… and that’s what happened Last Week in AWS.

Newsletter Footer

Sign up for Last Week in AWS

Stay up to date on the latest AWS news, opinions, and tools, all lovingly sprinkled with a bit of snark.

"*" indicates required fields

This field is for validation purposes and should be left unchanged.
Sponsor Icon Footer

Sponsor a Newsletter Issue

Reach over 30,000 discerning engineers, managers, and enthusiasts who actually care about the state of Amazon’s cloud ecosystems.