Welcome to the 32nd issue of Last Week in AWS.

For a change of pace, let’s play a game. Noted AWS Chief Evangelist Jeff Barr stated that he “would rather eat live frogs than honor an AWS team’s request”. It’s contest time— hit reply and tell me what you think that request was. I’ll publish the best answers.

This week’s issue is sponsored by CloudHealth.


Reserved Instances (RIs) can appear complicated, but this eBook will ease that. Learn all about: 1) how to make effective RI purchases, 2) new instance types and general usage, 3) planning, managing, and optimizing your purchases, and 4) modifying existing reservations.

Read today to learn how to simplify reservation management

Reserved Instances (RIs) can appear complicated, but this eBook will ease that. Learn all about: 1) how to make effective RI purchases, 2) new instance types and general usage, 3) planning, managing, and optimizing your purchases, and 4) modifying existing reservations.

Read today to learn how to simplify reservation management

Community Contributions

Slalom Consulting talks about the rash of S3 Negligence Awards. Lest you think last week’s lack of one was the start of a new trend, here’s this week’s winner.

Elizabeth Krumbach Joseph gives a nice wrap-up of All Things Open. While not strictly AWS related, she says nice things about my AWS cost control talk, and I’m a sucker for self-promotion.

When academics start talking about AWS best practices, they’re extraordinarily thorough. “Here’s what you need to know about EC2 for neuroinformatics” isn’t a sentiment I trip over very often…

It’s time again for everyone’s favorite murder mystery: figuring out what’s driving the data transfer cost in this month’s AWS bill.

This title is just too good– the fear and frustration of migrating a simple web app to serverless expresses a sentiment that a lot of us hesitate to voice publicly. This stuff is complex!

Ben Kehoe talks about the Serverless Spectrum.

Cloudonaut gives good advice on how to stop ignoring your CloudWatch alarms, and start blowing up your Slack channels instead.

Life360’s engineering blog goes on a technical deep dive into Kinesis Streams. Try to keep your head above water…

A great dive into how to get to centralized logging for AWS Lambda is something that those of us with a pile of ridiculous Lambda functions can well appreciate.

This articule on password protecting a static website in an AWS S3 bucket got me thinking. Does anyone know if there’s a good way to overwhelm Lambda@Edge functions? If you can boost the execution time to half a second, it’ll fail uncompleted– and I believe it would fail open in this case. Can someone confirm or deny that?

If you get paid by the buzzword, check out this TensorFlow setup on AWS, now with GPUs.

Ben Kehoe and I collaborated on cynically explaining serverless concepts. All errors are mine; all insight is his.

“Hey, is there any other content you can put in this week from Ben Kehoe?” Well, he did write this piece on Lessons learned experimenting with an AWS Lambda orchestration engine.” “SHIP IT!”

AWSgeek has done another visual service summary– this time of the Elastic File System.

For those of us who care about security (say, anyone who’s recently received an S3 Bucket Negligence award), Taking Security a Step Further with VPC Endpoints is worth perusing. It makes sense to use VPC endpoints if you can– just be aware it does have some edge cases to it.

Choice Cuts From the AWS Blog

Hide your CloudWatch alarms that you use for Auto Scaling actions – “Silencing the alarms” is a feature that I kinda didn’t expect to be rolled out first-party. I like it!

AWS Marketplace announces the availability of Seller Private Offers – The AWS Marketplace boldly teps forward to solve the problem of “my company charges people as much as we possibly can, how do we keep them from knowing they’re being ridden like a pony?”

Amazon ECS Allows Containers to Directly Access Environmental Metadata – This is huge. Previously telling processes that they were running inside of a Docker container would drive them to the far reaches of existential crises.

Amazon ElastiCache for Redis is now HIPAA Eligible to help you power secure Healthcare Applications with sub-millisecond latency – Rejoice, as still more services are added to the Compliance Juggernaut.

Amazon API Gateway Supports Regional API Endpoints – This is one of those feature announcements that makes you stop for a second to wonder how the heck things worked before now. “Wait… you mean I was injecting trans-continental latency with API Gateway and didn’t realize it?”

Now You Can Monitor DDoS Attack Trends with AWS Shield Advanced | AWS Security Blog – Ooh, a global perspective on DDOS attack trends comes with AWS Shield Advanced. What product is going to display realtime global error rates in different regions for various AWS services? Y’know, the thing that the AWS status page should do but doesn’t?

AWS OpsWorks Now Supports Chef Automate With Integrated Compliance – What a long way we’ve come from auditors rocking up to your office and then asking where all of the servers are, so they can go look at them.

AWS Direct Connect Enables Global Access – This one’s not entirely clear yet. It appears to be a significant restructuring / simplification of how Direct Connect works, but there are many questions remaining.

AWS HIPAA Eligibility Update (October 2017) – Sixteen Additional Services | AWS Blog – If your first question upon learning that Amazon has 100PB of drives built into a tractor trailer is “is it HIPAA compliant?” then is this the post for you.

Amazon CloudFront now has 100 Points of Presence with the launch of its fifth Edge Location in Tokyo, Japan. – Now that’s a milestone. It’s incredible to be able to stand up a global network with 100 points of presence without placing a single one of them in Africa.

AWS Storage Gateway is now HIPAA eligible – Now companies charged with securing Private Health Information can join the rest of us in saying “what the hell is a Storage Gateway?”

How to Prepare for AWS’s Move to Its Own Certificate Authority – 99 out of 100 of you won’t have to change a thing when AWS changes to its own CA soon– but for that 100th of you, here’s AWS stealthily setting the stage for a “well, we warned you” defense. Check your code, or prepare for breakage.


This is amazing— precompiled packages for Lambda environments, including TensorFlow. This stands to become far more powerful if Lambda gains the ability to attach to GPUs someday.

An encrypted filesystem for the cloud; because if your data were leaked, it would indeed be a major cryfs.

Editor’s Corner

I got to catch up with Jerry Hargrove recently– better known as AWSgeek. He was gracious enough to let me interview him, with a tape recorder hidden on my person. Here’s how our chat went.

…and that’s what happened Last Week in AWS.

Newsletter Footer

Sign up for Last Week in AWS

Stay up to date on the latest AWS news, opinions, and tools, all lovingly sprinkled with a bit of snark.

"*" indicates required fields

This field is for validation purposes and should be left unchanged.
Sponsor Icon Footer

Sponsor a Newsletter Issue

Reach over 30,000 discerning engineers, managers, and enthusiasts who actually care about the state of Amazon’s cloud ecosystems.