Good Morning!

Welcome to issue number 138 of Last Week in AWS, as well as Hell Week: that’s right, it’s re:Invent time.

I’ll be speaking later today, then again on Wednesday in SEC212-R, telling the story of how I reported an AWS security vulnerability and somehow turned it into a conference talk.

If you’re here, I have stickers at the CHAOSSEARCH booth; go find them in the Venetian expo hall, booth #307. I think you’ll enjoy them.

From the Community

The issue is sponsored in part by Site24x7, a comprehensive full-stack monitoring solution from Zoho. If you are like everyone else, you are not just combining the latest innovations from AWS with on-premise components but are also leveraging other cloud providers to power your applications. With Site24x7, you gain operational insights about your infrastructure regardless of wherever it’s deployed. So, you can resolve issues quickly, make informed decisions about scaling and improve system reliability and more without navigating across multiple tools. Learn more. Sponsored

My five minute lightning talk The Cloud is a Scam was posted. Enjoy!

A deep and exploratory dive into the meaning of the new version of the EC2 Instance Metadata service.

There’s a new unconference; consider attending fwd:cloudsec the day before re:Inforce in Houston this summer.

My client Scribd announced a $58 million funding round. They’re currently migrating all-in to AWS, hiring like mad, and doing fascinating things. If this is interesting to you, hit reply and let’s chat (though I warn you, it may take me a week or two to get back to you. We’re entering a Large Week).

Elastic the company expands its lawsuit, adds a bunch of folks to it including AWS, and pens a letter that closes with a sales pitch, proving that SCO isn’t dead, it just has a new name. CHAOSSEARCH isn’t even sponsoring the newsletter this week and I want to drive people to them just on the basis of “they don’t threaten their own customers.”

Infoworld has an article that talks about how Open Source changed everything. It’s important because I’m cited in it.

This fantastic analysis of the fraught relationship between Cloud and Open Source slipped through my net last week, but don’t worry; I’ve got it this time!

If you’re at re:Invent, a decent talk is the Cloud Information Overload Survival Guide. It’s a problem near and dear to my heart…

I get that Amazon wants to sue the government in the wake of their JEDI loss, but I have to ask: what outcome do they expect to achieve?


If you’re considering a job change, check out a position below. Regardless of where you find it, you should definitely negotiate your salary. If I were to magically become employable, I’d immediately head to and talk to Josh Doody about it before saying anything further. He’s done this many times before, with a special emphasis on engineering roles at FAANG companies. He’s an artist when it comes to getting the best compensation possible without seeming greedy or losing the offer. He offers coaching, free articles, an ebook, and other things along the way. Check him out–and tell him Corey’s talking about him again.

If you’re interested in contributing to a fascinating and fast growing service, check out this selection of jobs available at AWS Systems Manager You could be a developer, a designer, or a Systems Manager People Manager. They’re working on a number of big challenges and cutting edge technologies like building a low latency messaging framework that scales to millions of nodes, large scale data processing back-end services, a cross-platform/extensible instance agent platform and security services to enable instance agents to securely communicate with AWS’s various back-end services. Check them out and make fun of their terrible naming convention, because it’s really my only beef with their offering.

X-Team is hiring Go developers with strong AWS skills, anywhere on the planet. The work is interesting, they partner with companies you’ve heard of, and you can work from wherever you care to be. Now before you wind up getting cynical, let me save you some time–I already did, and hopped on a phone call to chat with them and then berate them for their crappy culture. Instead I was pleasantly surprised: they invest in their people (including a personal development stipend), they have distributed community events (both online and in person around the world), and actually work with their employees; this isn’t a “send us a postcard if you ever get there” body shop. Take my word for it; check out X-Team and see for yourself. Tell them Corey sent you…

Choice Cuts

Did you know that in some regions, the INTERNET outperforms Global Accelerator? Or that in Asia, AWS performance predictability improved nearly 50% last year, but Azure and GCP still beat out AWS in performance predictability? Yeah, didn’t think you did. Those nuggets are just the tip of the iceberg. Read ThousandEyes’ fascinating Cloud Performance Benchmark report here. Sponsored

Amazon EC2 T instances now support Unlimited Mode at AWS account level – It feels like this is a necessary prerequisite for upgrading the currently weak and arguably misleadingly-named “free tier” to support t3 instances instead of merely t2.

Amazon ECS Service Events Now Available as CloudWatch Events – Scale in! Scale out! Fire off an event to wake your SREs!

Amazon Polly launches Conversational Speaking Style voices – Unfortunately, Condescending Speaking Style voices are still a feature release or two away.

Amazon Redshift introduces Automatic Table Sort, an automated alternative to Vacuum Sort – It’s an alternative because just like Vacuum sort, it sucks too.

Amazon SES Announces Account-Level Suppression List – “I don’t ever want to hear from you, you, you, or especially YOU ever again” now becomes easier to implement. Please do so, marketers.

Aurora Supports In-Place Conversion to Global Database – and multiple secondary regions! I think but haven’t checked that you can turn it back into a single region database. Confirm that one–after all, you can’t ever scale storage down from its high water mark with Aurora. “Elastic storage” just means it can expand seamlessly.

AWS Chatbot now supports running commands from Slack (beta) – AWS Chatbot now supports adding Slack and anyone with access to either your Slack workspace or Slack-the-company’s infrastructure a path into running arbitrary commands within your AWS account.

AWS Key Management Service supports asymmetric keys – Just in time for you to do the famous AWS dance at a wedding, “the symmetric slide.”

AWS Lambda Supports Destinations for Asynchronous Invocations – Your Lambdas are now dead dogs you can cast into your neighbor’s yard for them to worry about.

AWS Lambda Supports Failure-Handling Features for Kinesis and DynamoDB Event Sources – How many Lambda functions and assorted queue checking logic can now be consigned to the dustbin of history? At least mine…

AWS launches Tag Policies – This is a legitimately awesome release. I’ve started playing with it and immediately went careening into the trees as is my pattern–but check this out. It’s a great governance tool.

Amazon CloudFront announces 10 new Edge locations including its first Edge location in Rome, Italy – I still have no idea what standing up a CloudFront POP actually entails, other than a whole lot of waiting.

Encrypt your Amazon DynamoDB data by using your own encryption keys – Note that if you misconfigure this (say, by doing it yourself, or with a buggy SDK) this can kick your KMS bill into the stratosphere. Done correctly, it results in one KMS query every five minutes, instead of “many hundreds per second.”

Inter-Region VPC Peering Now Supports IPv6 traffic – Ooh, IPv6 is finally something that doesn’t die at the AWS network boundary?

Introducing Amazon WorkSpaces Streaming Protocol (beta) – Awesome feature, but it fails to highlight the encryption story around it. Ideally that gets fixed before it goes GA. I’m waiting until it supports Linux Workspaces personally.

Introducing AWS Cost Categories – This is massive to my world, and almost irrelevant to most engineers. It’s a fantastic tool, with a story that’s told incredibly poorly to date. I may have to tackle this one after re:Invent.

Announcing AWS Managed Rules for AWS WAF | AWS News Blog – I love when someone asks me the best way to do something in AWS, and the answer comes in the form of a feature release a couple of hours later. Nice timing, WAF team.

AWS DeepRacer Update – New Features & New Racing Opportunities | AWS News Blog – The robot car that’s still backordered a year after release now has an upgraded version you can’t get yet.

AWS Load Balancer Update – Lots of New Features for You! | AWS News Blog – A bunch of new features. My personal favorite is “Least Outstanding Requests,” an award which my #awswishlist items have previously won for the last three years.

New for Amazon Aurora – Use Machine Learning Directly From Your Databases | AWS News Blog – It’s a longstanding tenet of systems design that you separate your code and your data model. This release is the exact opposite of that; have fun, Full Stack Overflow developers!

Safe Deployment of Application Configuration Settings With AWS AppConfig | AWS News Blog – You can predict a lot of what AWS is going to do next by looking at what companies in the technology space are widely beloved. In this case, it’s LaunchDarkly.

The Next Evolution in AWS Single Sign-On | AWS News Blog – Okay, I need a grown-up to weigh in here. Why does every SSO integration I see make aws-vault look like it’s twenty years in the future? Is there something obvious I’m missing?

Welcome to AWS IoT Day – Eight Powerful New Features | AWS News Blog – A metric crapton of IoT features. If you’re using IoT, take a look; if not I won’t burden you with the massive listing. Secure Tunneling, and message delivery via HTTP are two of them; look further if you care/dare!

Notifying 3rd Party Services of CodeBuild State Changes | AWS DevOps Blog – Historically third parties were notified of CodeBuild state changes via telegram, or else via AWS announcing a competing product to those third parties.


The recipe for observability has two main ingredients: tools that provide so much more than metrics dashboards, and an engineering culture of software ownership. Honeycomb’s latest e-guide, Developing a Culture of Observability, lays out why observability culture and tools go hand-in-hand. Learn how observability culture reduces business risk, makes developers happy, and increases site reliability – all for the benefit of your customers. Happy devs – happy customers, with Honeycomb. Sponsored

A custom DynamoDB Query Language sounds either awesome or terrifying. It’ll be both once I get it to work with Route 53.

You can now figure out what region an AWS IP is coming from.

… and that’s what happened Last Week in AWS.

Newsletter Footer

Sign up for Last Week in AWS

Stay up to date on the latest AWS news, opinions, and tools, all lovingly sprinkled with a bit of snark.

"*" indicates required fields

This field is for validation purposes and should be left unchanged.
Sponsor Icon Footer

Sponsor a Newsletter Issue

Reach over 30,000 discerning engineers, managers, and enthusiasts who actually care about the state of Amazon’s cloud ecosystems.