Welcome to the nineteenth issue of Last Week in AWS.
I spoke a bit about how Last Week in AWS came to be on The Cloudcast. If you’re interested in my thoughts on the cloud / a newsletter origin story, give it a listen.
The Onion’s send-up of Jeff Bezos last week serves as a helpful reminder that the only business model safe from being taken over by Amazon is teasing Amazon itself. Sponsor Last Week in AWS if you’d like to invest in this exciting opportunity!
Community Contributions
A benchmark bake-off of Lambda’s implementation of both the Java and Node.js runtimes. The short takeaway: Node.js stomps Java into the dirt. I’m sure this won’t lead to angry emails…
This guide to S3 failover between regions works very well for a scenario in which S3 in an entire region has destroyed itself, but Lambda functions are still working perfectly. I’m somewhat skeptical about solutions that depend upon intricate AWS services working together in order to route around AWS service failures.
DNSPerf gives a benchmarked global perspective on the performance of various DNS providers. They really put the boots to Route53– I’ll be very curious to compare numbers today versus what they look like six months from now. AWS isn’t generally content to come in last place on things like this.
A dive into how Clevertap modernized their AWS infrastructure. I like the “we replaced X with Y” explanations– it makes it very straightforward to map from old approaches to new.
Ticketea takes us on a tour through how they’ve structured their environment across multiple AWS accounts. It may not be a perfect fit for your needs, but I’m a big fan of seeing what’s worked well for others when I’m trying to figure out the best path forward.
Choice Cuts From the AWS Blog
The First AWS Regional Financial Services Guide Focuses on Singapore – AWS has come out with a new Financial Services guide that takes you start to finish through providing financial services on AWS, while abiding by the complex financial regulations that are inherent to Singapore. I’m looking forward to seeing similar work for other regions; their current guidance of “it’s probably fine, go ahead and trust people’s life savings to these services” doesn’t go quite far enough.
New – Amazon Connect and Amazon Lex Integration – “Thirty Lambda Functions Disguised in a Hoodie” Randall Hunt has built an amazing ballot-bot to help demonstrate vim’s natural superiority. Feel free to call in to register your vote in this utterly pointless poll! There are many possible entries, but only vim is the right answer…
AWS CodeCommit Now Sends State Changes to Amazon CloudWatch Events, Saves User Preferences, and Adds Tag Details View – This is exactly the type of blog post that led me to create this newsletter in the first place. “AWS CodeCommit now sends repository state changes to Amazon CloudWatch events” is a dry and boring retelling of the actually-exciting story, “Hey, what if working with git hooks wasn’t a giant pain in the ass anymore?”
Announcing Third Edge Location in Paris, France for Amazon CloudFront – By the time a city gets its third CloudFront location, even the people who live there couldn’t possibly care less about it.
Announcing the New Customer Compliance Center – AWS has a new Compliance Center, which is absolutely fantastic for the fantasy world I want to live in where an auditor doesn’t request a physical walk-through of us-east-1 and can accurately describe what a Lambda function is.
Newly Updated: Example AWS IAM Policies for You to Use and Customize – AWS provides us a boatload of example IAM polices that have no bearing upon what we’re actually trying to achieve. Now they’re providing new example policies that may do a better job of illustrating real-world problems. Any bets on whether this one hits closer to the mark?
Amazon SES Introduces Open and Click Metrics for Tracking Customer Engagement – SES takes some steps towards being a more full-service email platform. Speaking as someone who runs a mailing list, they’ve still got a ways to go before they’re going to be a first-tier option in this space. I have loud, angry opinions around this entire area– and today, they start with “don’t use SES.”
Now available–Lumberyard Beta 1.10 – A new beta release of Amazon Lumberyard has been released, reaffirming Amazon’s strong and unwavering commitment to placing random nouns after the word “Amazon.”
Tools
AWSBucketDump automatically finds “interesting” files in a list of S3 buckets it’s provided. As with so many tools, this has implications both good and evil.
KeyMe lets you leverage STS for short term AWS credentials, backed by Google’s authentication provider. It takes a lot of finnicky bits out of making these systems play well together, while reducing the potential scope of a credential compromise.
Transform your old sad legacy perl scripts into new sad legacy perl scripts that are AWS-aware, with Paws, the AWS SDK for Perl that dozens ofseveral people have been clamoring for.
BinaryAlert is one of the most overengineered methods to solve a problem I’ve seen in recent memory. I love every part of this architecture, from “leveraging seven AWS services to replace ClamAV” to “submitting files into this is left as an exercise for the reader” to the architectural diagram that turns you cross-eyed to unwind. This is an amazing proof of concept that has serious practical concerns for almost any use case, but I can’t stop marveling at the cleverness of it all.
Terraboard is a web dashboard to let you inspect Terraform states. Great if you want to compare between states, and don’t want to jump onto the Terraform Enterprise train. If you’re using CloudFormation, this is of course useless to you.
Tip of the Week
There are a lot of ways to handle getting secrets (passwords, private keys, etc) into EC2 instances. One of the lesser known is the Parameter Store service tucked away under EC2 Systems Manager.
To that end, while don’t normally link to slide decks, this talk from Segment about how they do secrets management is worth making an exception for. Take a look at what Parameter Store enables you to do before you go haring off after a bespoke solution that unnecessarily complicates things.
…and that’s what happened Last Week in AWS.