Good morning!

Welcome to issue number 85 of Last Week in AWS.

Well this has been a hectic week. It started with Amazon announcing the HQ2 winners, a topic about which I steadfastly refuse to opine, as I’m a big believer in staying in my lane. Next, a pile of enhancements to some services near-and-dear to my heart were released; I was expecting some of these at re:Invent, and the fact that they’re out sooner tells me that there’s more to come than I had previously anticipated.

I’ll be at re:Invent (Saturday through Saturday), speaking on the expo floor on Wednesday and Thursday. Wednesday I’ll be giving a “keynote response” at the CloudCheckr booth; Thursday I’ll be at Stackery’s booth talking about some of the non-keynote releases that may have gotten overlooked. Come say hello! This is a longer issue, so let’s dive into it. But first…

In my recent travels I was struck by how frequently DigitalOcean came up in conversation. They’re a lot bigger than I initially thought! For example; in two years, they’ve supported over 2,000 startups via their Hatch program, to the tune of 20 million droplets. It might be time for you to consider looking into what DigitalOcean has been up to lately. My thanks to them for their ongoing support of this newsletter.

Community Contributions

Cloudonaut returns with a view into his mental model of AWS, one that curiously mirrors my own. Either we’re both on to something here, or we both have the same misunderstandings.

A great primer on the various AWS and GCP networking differences. Not mentioned: “Google implies it’s your fault for being an idiot if something doesn’t work, while AWS takes your report seriously.”

I’ve done a bit of work with Glue lately, but this case study is a much better narrative of how the tool can be used.

A great review of the upcoming CDK, in the aptly-titled “the last thing that I missed in CloudFormation.”

A walkthrough covering creating custom CloudWatch Event alarms for Lambda.

Changing up the S3 Bucket Neglience awards for this week, Voxox (motto: “VCs will fund anything with a stupid name, just watch!”) instead left its ElasticSearch database full of password reset links and two-factor codes open to the world.

This week I took to Twitter to share a glimpse of a world yet to come. These are #theWernerProphecies.

Cloud9 is still a disaster on an iPad, but this trick makes working with it on a desktop a whole lot nicer.

I’m increasingly enjoying reading the TLDR Newsletter; it’s a handy roundup of what’s going on in tech beyond the AWS world. Please don’t ask me to summarize the rest of tech too; I have a life. Kinda.

This week’s issue is also sponsored by GoCD from ThoughtWorks. This week, they’ve got a blog post on why it’s important to measure your continuous delivery process. This is a GREAT resource to have when you’re starting your journey to CI/CD; it’s important to know what you’re measuring. Thanks again to GoCD for their support of this newsletter, continuously delivered.

Choice Cuts From the AWS Blog

Synchronously Provision Instances with Amazon EC2 Fleet – EC2 Fleet now supports AutoScaling groups, and changes the game for a lot of workloads already using ASGs. Pay attention to this one!

Easily Tag Secrets and Configure Rotation of Secrets from the Secrets Manager Console – This is super handy, and a healthy step towards me one day being able to rotate all of my passwords that are simply ‘Kitty!’

Amazon DynamoDB encrypts all customer data at rest – While this is awesome for folks who need this box checked for regulatory purposes, the idea of “encryption at rest” in large cloud providers always struck me as focusing on the wrong things. If someone breaks into an AZ, steals the drives, escapes alive with them, reconstitutes them all and gets my data, I kinda think they deserve it?

Amazon ECS and AWS Fargate now allow resources tagging – This is amazing, both from the perspective of being able to allocate nodes fractionally to various cost codes, as well as showcasing just how far behind the curve EKS is as a product that people should consider for serious workloads.

Amazon RDS Automated Backups Can Now Be Retained After Database Deletion – Finally, a behavior so user-hostile I’d expect to see it in Oracle Cloud gets corrected.

Amazon RDS for PostgreSQL supports Outbound Network Access using Custom DNS Servers – “Good news, boss! I just finished configuring the production database server to establish outbound network connections across the internet. Should I clean my desk out now, or will the security folks handle that after they finish hurling me onto the street?”

Amazon Redshift announces Elastic resize – Another well deserved “finally.”

Amazon SNS Adds Server-Side Encryption (SSE) – Amazon Web Services – Regulated folks take note, this checks a box you didn’t realize was missing.

Amazon Transcribe now supports speech-to-text in British English, Australian English, and Canadian French – This is awesome. Perhaps someday I’ll be able to go back to Australia or the UK and not require a translator.

Analyze Your Budget Performance Using New AWS Budgets History Functionality – Hooray, you can look at the previous financial performance of your AWS environment! Introducing AWS BlameStick, a product you’ll really, really wish had never seen the light of day.

Announcing Support for DNS Resolution over Inter-Region VPC Peering – This is awesome–just awesome. It’s part of a few other Route53 things I’m seeing coming live. I’ll hold off a week to opine on the rest of it; I try to report the news, not make it myself!

Announcing the New AWS Cost Explorer Console – As someone who spends days staring into the sad abyss of AWS bills for a living, this has the potential to be transformative. Keep an eye on this space.

Announcing the AWS GovCloud (US-East) Region – A number of people were surprised to learn that GovCloud wasn’t near us-east-1, but rather us-west-2. Until last week, anyway; welcome to the family, you slow regulated region that’s a good 4 years behind the commercial regions we’d all be using if we can even potentially get away with running our workloads there.

AWS Amplify adds support for Authentication and Data access for iOS and Android developers – I SAID, AWS AMPLIFY ADDS SUPPORT FOR AUTHENTICATION AND DATA ACCESS FOR IOS AND ANDROID DEVELOPERS!

AWS CloudFormation coverage updates for Amazon Secrets Manager, Amazon API Gateway, Amazon RDS, Amazon Route53, Amazon Cloudwatch alarms and more – “CloudFormation shocked to discover people have used it since 2015, rushes to implement relevant services.”

AWS CloudFormation Now Supports Drift Detection – ♪ ♫ ♬ Give me the beat boys / I’m not mistaken / describe my infrastructure in JSON / Don’t let it drift away… ♪ ♫ ♬

AWS Console Mobile Application Launches a New iOS Version – I’ve been hoping for an update to the iOS console app for a while. This one gets the “at least you tried” award I guess? It’s really a long way from what I was hoping for…

AWS Cost & Usage Reports Add Amazon Athena Integration, Apache Parquet Output, and Report Overwrite – “BREAKING: AWS Cost and Usage Reports now plausibly useful for something!”

AWS Lambda Doubles Payload Size for Asynchronous Invocations – This removes a whole host of crappy workarounds to get Lambdas processing full SNS events…

AWS Launches Secrets Support for Amazon Elastic Container Service – This is awesome, but does have some unfortunately low API rate limits; I love the concept, but hate having to exponentially back off when I’m spinning a bunch of containers at the same time.

AWS Serverless Application Repository Supports Amazon Route 53, Amazon SQS, AWS Glue, AWS IAM, AWS Step Functions and More – The Serverless Application Repository edges closer and closer to being something someone will someday use for something.

AWS Storage Gateway Virtual Tape Library Expands Support of Common Backup Applications – Don’t laugh–tape is still a central technology to an awful lot of companies. This is another example of AWS meeting customers where they are, no matter if “where they are” feels like “thirty years in the past.”

AWS Systems Manager Now Supports Multi-Account and Multi-Region Inventory View – While terrific, this shows what instances and software you have installed on them across regions. Theres still only one place to see all of your AWS resources across regions: the bill.

Introducing Amazon Corretto (Preview) – This new service pours up a lovely cup of coffee, then tosses it directly into the unsuspecting eyes of Oracle. WELL DONE.

Amazon S3 Block Public Access – After finally having enough of my S3 Bucket Negligence Awards, Amazon is attempting to do an end run around my sarcasm. Really, AWS? You’re going to bet on people suddenly doing smart things with S3 buckets containing their company jewels? I’ll take that bet!

Memcached 1.5 now available on Amazon ElastiCache – I don’t really have a horse in this race, but if I make a joke about a new Redis version without also acknowledging the new memcached version I’ll get a bunch of email from the memcached fans. THERE ARE DOZENS OF YOU.

Now Clone a Hyperparameter Tuning Job through the Amazon SageMaker Console – I missed this one last week, and some wit pointed out that apparently the “What’s New” blog is stealing headlines from old “Star Trek” scripts. They’re not wrong…

Redis 5.0 now available on Amazon ElastiCache for Redis – 5?! How many more Redis movie sequels are we going to get here? (In before the obligatory “It’s Redis; there will be no sequel” joke.)

Amazon Joins the W3C | AWS Open Source Blog – I missed this when I first came out. This is either an indicator that Amazon is taking a new approach to community collaboration, or that someone mistyped “EC2” as “WC3” and was too embarassed to admit it.

Add Tags to Manage Your AWS IAM Users and Roles | AWS Security Blog – This is awesome. You can now make sure that the right users have access to Project Stairfall resources without actually having to add them to a group, a special AWS account, or actually shove the IAM administrator down the stairs.

Deploy IBM Blockchain Platform for AWS with New Quick Start – That’s it. Shut it down. Shut everything down. I’m done.


AWS ParallelCluster is a framework that deploys and maintains HPC clusters on AWS.

If you need to receive SNS webhooks in go, consider snshttp.

The next time you need a contact form on your website, consider going serverless as a quick experiment that dips your toes in the water…

Last week I asked for help writing a new AWS Pricing API. A bunch of you responded (and I owe you emails back! I haven’t forgotten you!), but it turns out that there are a host of things that already exist that work super well–like this one from Lyft.

…and that’s what happened Last Week in AWS.

Newsletter Footer

Sign up for Last Week in AWS

Stay up to date on the latest AWS news, opinions, and tools, all lovingly sprinkled with a bit of snark.

"*" indicates required fields

This field is for validation purposes and should be left unchanged.
Sponsor Icon Footer

Sponsor a Newsletter Issue

Reach over 30,000 discerning engineers, managers, and enthusiasts who actually care about the state of Amazon’s cloud ecosystems.