Good Morning!

Another week has come and gone, and with it a bunch of surprisingly defensive Amazonian rhetoric at the suggestion that their status page could ever be anything other than highly accurate. I’m going to have more to say about that this week.

I’m also still reading an awful lot of Techmeme, and based upon feedback from some of you folks I’m very far from alone. Good work!

From the Community

This issue is sponsored in part by my friends at ChaosSearch! As you know, running log analysis with Elasticsearch at scale can be unstable, relentlessly time-sucking and surprisingly expensive. Now try ChaosSearch – a fully managed log analytics platform that delivers the Elasticsearch API you love, with built-in Kibana, but with No ElasticSearch under the hood! ChaosSearch activates your Amazon S3 as a true data lake, for analytics at scale, with no data movement, no data retention limits and savings of up to 80% vs an ELK Stack. In fact with ChaosSearch, you can start with 3 easy steps: Store, Connect & Analyze. So start experiencing insights at scale from ALL of your data (and tell them I sent you)!

It’s wild to me to read something that Lydia Leong wrote and discover that not only is Gartner fielding the same kinds of questions that I get, but we’re also giving effectively the same answers. If I’m wrong, at least I’m in good company.

An innovative approach to saving on AWS Lambda Amazon CloudWatch Logs costs. This is highly relevant to my interests. It incenses me when a Lambda function costs more to log than it does to run.

I’m always a fan of posts on doing intricate things with DynamoDB that aren’t authored by people who are selling DynamoDB to people.

Another week, another disgustingly excellent post on developer experience from RedMonk, this time from their co-founder James Governor.

I’m thrilled to pieces that my article on The Trials and Travails of AWS SSO has resulted in people learning more about the service. I’ve also learned some things that I’m frankly embarrassed not to have already known about it. This almost certainly speaks to a messaging / documentation improvement opportunity.

I was quoted at length in The Register’s article on why cloud service status pages fail. Fun fact, The Register has been indirectly responsible for my choice of career and been a near-daily web visit of mine for over 20 years.


Aptible is building a multi-cloud PaaS with powerful security and compliance guardrails baked in. Our platform is used every day by thousands of developers across hundreds of startups in order to ship complex architectures without needing to stop and think about security, compliance, or IaaS best practices. Help us build the future of cloud deployment! We’re hiring principal and senior software engineers, DevRel, and more. (Psst: we target 90th percentile salaries and post total comp directly in the job description.)

The AWS User Experience Products & Platform team is responsible for products that enable AWS users to manage their applications and infrastructure on AWS. Our mission is to deliver an effective, efficient, and loved user experience that makes it easy for all users to discover, learn, and build on AWS. Today, we own the AWS Management Console, the AWS Console Mobile App, the AWS Chatbot, as well as the User Experience Platform used by 175+ AWS service teams to develop and deliver their user experience across multiple channels (web, mobile, chat).

At Modern Treasury, we are building payments infrastructure to power $750 trillion in bank transfers every year. Before Modern Treasury there has never been a universal API into the global banking system. Our ambition is to be the de facto standard for money movement for the world’s most innovative and fastest growing companies. Our customers use our APIs to automate payouts, direct debits, balance tracking and other payments use cases at scale. Join our engineering team at Modern Treasury to help build the new foundation of business and finance.

Choice Cuts

While AWS doesn’t like to talk about it, this multi-cloud thing is…well a thing. This is where MinIO comes in. MinIO’s high performance, Kubernetes-native object store works on every cloud – literally all of them from AWS to Zayo. This means you can build S3-like data infrastructure anywhere. The world’s fastest object store with READ/WRITE speeds in excess of 325 GiB/sec/165 GiB/sec respectively, MinIO can handle any workload – from modern databases to AI/ML and advanced analytics. Couple that with a suite of enterprise features for ILM, IAM, security and resilience and organization can architect consistency for their data persistency – across and between clouds. Don’t take our word for it, see for yourself at

Amazon RDS for MariaDB now supports Delayed Replication – Delayed Replication is one of my favorite DR strategies. If you drop the wrong table you have however many seconds you’ve configured to panic-login and break replication before you’re doomed.

AWS Transfer Family now supports login banners – ALERT! You are entering into a secured area! Your IP, Login Time, and Username have been noted and sent to the server administrator! This service is restricted to authorized users only. All activities on this system are logged. Unauthorized access will be fully investigated and reported to the appropriate law enforcement agencies.

Announcing the general availability of AWS Backup for Amazon S3 – Using this service means you can back up your data in S3 to AWS Backup, where the backup copy of your data alone will cost you over twice as much per gigabyte to keep around.

Imagine the AWS transfer family, the SFTP end points and whatnot. Imagine if it had easy, predictable pricing and didn’t charge you on gigabytes coming or going just because they could as a premium on top of the actual service itself. Your dream exists! Thorn Technologies LLC offers a product called SFTP Gateway via the AWS marketplace for a known fee (in advance) that makes SFTP access between whatever needs to speak SFTP and S3. SFTP Gateway can also speak to other cloud storage providers like Azure and GCP. It has a web interface that is solid. It can be configured for HA and has a REST API that means you get to rest easy and it makes just for a better outcome than anything you’re going to be able to cobble together yourself. Check out SFTP Gateway, visit

Automate your Data Extraction for Oil Well Data with Amazon Textract – "We need a good specific use case for a data extraction story around Textract’s admittedly nifty capabilities. Let’s pick something non-controversial, like an oil well."

Achieve better performance on Amazon DocumentDB with AWS Graviton2 instances – I don’t get the marketing excitement around things like this. Customers really don’t care what the processor powering Amazon Basics MongoDB is; they care that the API they’re talking to responds with a certain degree of performance at a given price point. However AWS does that under the hood is entirely AWS’s problem.

Control formality in machine translated text using Amazon Translate – This article is an exemplary view in automated adjustment to formality in translated text / click the link to see some bullshit.

Couchbase Capella DBaaS is flexible, full-featured, and fully managed with built-in access via K/V, SQL, and full-text search. Flexible JSON documents align to your applications and workloads. Build faster with blazing fast in-memory performance and automated replication and scaling, while reducing costs. Try it today for free and be up and running in 3 minutes—no credit card required.

Why you should develop a correction of error (COE) – You should definitely do something after an incident, but Amazon’s COE process is definitely an artifact of their culture. I worry that this specific process wouldn’t do nearly as well without that cultural context. After all, you are not Amazon.

Design your firewall deployment for Internet ingress traffic flows – I’m so old that I remember when "firewall engineering" was a role and this blog post would be the full time job of someone who cost a couple hundred grand a year.

Using AWS SSO with AWS Client VPN for authentication and authorization – Ooh, someone at AWS broke NDA and is talking about their excellent SSO service again. More like this please.


Configuring a VPN server is hard due to their complexity and vast knowledge of certificate and networking required. You can spend the next 6 months setting up an OpenVPN server and fine tuning it. Or you can just use our solution and be up and running within 3 min. Not to mention that we have built in reliability into the product – it mimics the Serverless ideology. 0x4447 VPN Server using OpenVPN® on the AWS Marketplace

I stumbled across aws-service-tagger, a pretty quick utility to let me bulk tag a bunch of Lambda functions programmatically.

If you’re tired of waiting for AWS to support a specific version of node.js within its Lambda runtimes, everynode is for you.

… and that’s what happened Last Week in AWS.

Newsletter Footer

Sign up for Last Week in AWS

Stay up to date on the latest AWS news, opinions, and tools, all lovingly sprinkled with a bit of snark.

"*" indicates required fields

This field is for validation purposes and should be left unchanged.
Sponsor Icon Footer

Sponsor a Newsletter Issue

Reach over 30,000 discerning engineers, managers, and enthusiasts who actually care about the state of Amazon’s cloud ecosystems.