Good Morning!

I joke about backups, restores, and a bunch of other boring sysadmin things. Fortunately, everyone was safe, but an OVH data-center burned down last week, leaving a bunch of folks in the unenviable situation of discovering their backups weren’t what they thought they were. Hugs to the team over there; these moments are tough on everyone. Remember the people behind the usernames; a bit of empathy goes a long way.

From the Community

Ah… the ELK Stack – so much initial promise, yet ultimately so unstable at scale – not to mention the unending time and opportunity costs of maintaining the beast! For those of you still shepherding an ELK Stack along – I can’t urge you strongly enough to put down your Advil, and take a look at ChaosSearch today. They’ve really engineered something amazing – a fully managed data analytics platform, with NO ElasticSearch under the hood, that leverages your own Amazon S3 as a data store. Imagine no more data movement, no more data retention limits and all at a fraction of the cost of running your ELK Stack. Definitely check out ChaosSearch today – you won’t be sorry! Sponsored

This is a thoughtful and nuanced dive by friend-of-the-newsletter Brian Scanlan over at Intercom. In this post he talks about the lengths they go to to optimize EC2 costs. They’re on the right track!

A curated selection of link s for the Python serverless framework “Chalice.” Because it’s an open source project backed by the full marketing muscle of AWS, you have of course never heard of it until this moment.

Another open source project (this one called ConsoleMe, and it’s used to centrally manage AWS accounts and regions) has come from Netflix. You know what that means: an engineer is about to quit, and is passing the thing they built to themselves as they scamper to their next job. Expect a few weeks of activity on this repo before it falls into neglected disrepair.

Netflix talks about how they do remote workstation management for content creation. Apparently they use Saltstack as a component which means that 41 lines of code that I wrote in ~2012 now help power Netflix. Their stock has plunged 40% on the news.

Serverless is a fascinating technology / neat architecture / obnoxious hype-driven fad. This article explores its limitations with respect to online gaming.

I’ve long said that there’s a crappy Availability Zone in us-east-1 because there absolutely is. Someone tracked it down.

This week’s S3 Bucket Negligence Award goes to the iOS app Automatic Call Recorder. Smooth!


If you’ve got an interesting job for this newsletter’s eminently employable subscribers, get in touch!

Senior Software Development Manager / Engineer (two roles, not one psychotic one!)

I used to make fun of CloudFront for a variety of things. I don’t do it nearly as much anymore–not because I got tired of the joke, but because it very quietly became a lot better. It’s borderline impressive at this point. Help continue to shift my loud dumb opinion by considering becoming a Senior Software Development Manager in the CloudFront Edge Computing group. Manage the Lambda@Edge team! Work on global scale problems! Make Corey shut his mouth! What’s not to love? Managing people?

Well okay! Same team, same challenges, but work on code instead of wrangling humans. They’re also hiring for a Senior Software Engineer

Is software development your thing? If so, check us out! We’re hiring a DevOps Eng who wants to learn a ton and who wants to work with a smart, cool team at our rapidly growing, agile, and cloud-native technology company.

Choice Cuts

Honeycomb’s approach to observability helps you resolve incidents faster, make your services performant, and reliably ship features quickly. Gain confidence in your code by clearly seeing and understanding all the dark hidden corners of production.

To learn how it works, join our Weekly Live Demo and ask our real live humans. Or schedule Observability Office Hours for 1:1 advice on tackling the specific problems most relevant to you. Stop guessing. Start knowing. Sponsored

Amazon Elasticsearch Service now publishes events to Amazon CloudWatch and Amazon EventBridge for service software updates – Meanwhile Elastic publishes events via press release and court filings. Don’t get me started on the license drama again please.

Amazon Kinesis Video Streams updates media playback API service quotas to enable up to 10x more simultaneous consumers – Your bill can now be 10x higher before you have to open a ticket with AWS Support asking for the privilege of being permitted to pay them even more money than that.

Amazon Transcribe supports word-level confidence scores for streaming transcription – Frankly, if I’m judging them on their terrible service names AWS would benefit from a hell of a lot less word-level confidence.

Announcing General Availability of Amazon Redshift Data Sharing – Along with cross-database queries, Amazon Redshift is boldly releasing new features / crying in the corner begging Snowflake to just take their lunch money and leave them alone already.

AWS Backup adds support for continuous backup and point-in-time recovery of Amazon RDS instances – I’m a huge fan of enhancements to AWS Backup. On the other hand, “wait, you mean that thing wasn’t being backed up” is a terrifying realization for anyone to have.

AWS Lambda adds four Trusted Advisor checks – While these are welcome changes, I just want to highlight the inherent hypocrisy in having a service called “Trusted Advisor” apply to a service whose inherent use case is “screw off, we won’t fix service problems, do it yourself and pay us for the privilege.”

Introducing a new API allowing you to stop in-progress workflows in Amazon Forecast – 90% of AWS features and enhancements come from customer requests. Clearly the customer request that sparked this feature was “holy hell, how do I stop using this awful thing IMMEDIATELY?!”

Get to know the first new AWS Heroes of 2021! – Another quarter, another batch of AWS Heroes eagerly signing up to do volunteer work for a $1.6 trillion company. As the resident AWS Community Villain, I wish them luck!

New – Lower Cost Storage Classes for Amazon Elastic File System – EFS offers storage tier that’s cheaper, crappier. Contrary to what you might expect from that assessment, this is a wonderful thing.

Safely reduce the cost of your unused Amazon DynamoDB tables using on-demand mode – Alternately, you can unsafely reduce the cost of your unused DynamoDB tables by turning them off completely, then waiting to see who calls you in a screaming rage. This is an actual concern; we wound up writing an analyzer at the Duckbill Group to determine whether a given table should be converted to provisioned capacity or on-demand based upon CloudWatch metrics for the table. AWS hasn’t provided such a thing; just random code snippets in blog posts like this one.

The Amazon Lumberyard Build System – AWS talks about how awesome the Lumberyard build system is in a blog post. Bloomberg talks about how terrible Lumberyard is in an exposé. You get to decide which you find more credible.

2020 in Review for AWS CloudFormation – This would have been written months ago except the stack for the post was stuck in ROLLBACK_FAILED state since January.

Validate access to your S3 buckets before deploying permissions changes with IAM Access Analyzer – Alternately you can validate access to your S3 buckets after deploying permission changes by checking the front page of the New York Times for news of a data breach involving your company.


Download today: Kubernetes security ebook – tips, tricks, best practices

The rapid adoption of Kubernetes to manage containerized workloads is driving great efficiencies in application development, deployment, and scalability. However, when security becomes an afterthought, you risk diminishing the greatest gain of containerization – agility. Download this ebook to learn how to (1) build secure images and prevent untrusted/vulnerable code, (2) configure RBAC, network policies, and runtime privileges, (3) detect unauthorized runtime activity, and (4) secure your Kubernetes infrastructure components such as the API server. Sponsored

In “that’s such a good idea I’m annoyed someone else had to think of it rather than it being built in” news, AWS Compass is a Chrome extension that sorts AWS console tabs by region.

I rail frequently against the data processing charges for NAT Gateways. cfn-cheapest-nat is a good way to avoid those charges for low-traffic environments.

… and that’s what happened Last Week in AWS.

Newsletter Footer

Sign up for Last Week in AWS

Stay up to date on the latest AWS news, opinions, and tools, all lovingly sprinkled with a bit of snark.

"*" indicates required fields

This field is for validation purposes and should be left unchanged.
Sponsor Icon Footer

Sponsor a Newsletter Issue

Reach over 30,000 discerning engineers, managers, and enthusiasts who actually care about the state of Amazon’s cloud ecosystems.