Keeping the Cloud Reasonable with Shlomo Dubrowin

Episode Summary

After years of trying, Corey has finally convinced a TAM to come on the show! In this lively episode, AWS Senior Technical Account Manager Shlomo Dubrowin takes the mic to share his fascinating experiences dealing with cloud complexities. Listen in as Shlomo recounts building AWS Reasonable Account Defaults from scratch, stresses the importance of writing a solid application, and shares the benefits of leveraging GenAI to help maintain his work. Don't miss this entertaining and insightful conversation that could save you a few bucks!

Episode Show Notes & Transcript


Show Highlights:
(0:00) Intro
(0:42) Chronosphere sponsor read
(1:15) Finally getting a TAM on the show
(2:24) Providing quality customer service as a TAM
(5:31) AWS Reasonable Account Defaults
(11:01) What went into crafting AWS Reasonable Accounts Defaults
(12:20) Chronosphere sponsor read
(12:54) Writing a program that won't break easily
(17:25) Optimizing billing data
(19:53) Transparency in costs
(21:27) Expanding AWS Reasonable Account Defaults
(23:34) Further optimizing AWS Reasonable Account Defaults in the future
(26:18) Building with GenAI
(29:01) Where you can find more from Shlomo


About Shlomo Dubrowin
Shlomo Dubrowin has been a TAM for over 6 years supporting AWS customers from startups through to Fortune 100 companies. He has spoken at re:Invent twice and has specialized in Cost Optimization. Shlomo has been in the tech industry since 1994. And he lives with his wife, son and 2 dogs.


Links


Sponsor

Transcript

Shlomo Dubrowin: I'm trying to protect you kind of in both places. So whether you get a spike or whether you've got this gradual increase, you'll hear about it. It's up to the user to actually do something about those budgets. When you get the notifications,

Corey Quinn: Welcome to Screaming in the Cloud. I'm Corey Quinn. I've been talking to Shlomo Dubrowin, who is a Senior Technical Account Manager, or TAM as the kids say, at AWS for years and somehow I have never been able to get him onto the show until now. Shlomo, thank you for agreeing to talk with me. I can only imagine the internal machinations that must have led to this.

Shlomo Dubrowin: Thanks, Corey.

Sponsor: Complicated environments lead to limited insight. This means many businesses are flying blind instead of using their observability data to make decisions, and engineering teams struggle to remediate quickly as they sift through piles of unnecessary data. That’s why Chronosphere is on a mission to help you take back control with end-to-end visibility and centralized governance to choose and harness the most useful data. See why Chronosphere was named a leader in the 2024 Gartner Magic Quadrant for Observability Platforms at chronosphere.io.

Corey Quinn: I want to start off because I've been trying to get a technical account manager on the show for a while. And to my recollection, 600 episodes in, I believe this is the first time I have a current TAM at AWS. So let me begin by first saying thank you for the amazing work that you folks do, and I'm sorry for the things that we as customers tend to inflict upon you on a nearly constant basis.

Shlomo Dubrowin: Thanks for all of the TAMs around the world. We appreciate you.

Corey Quinn: All the TAMs appreciate it, except Stephen. Stephen can't stand you. Yeah, it's great. There's always that one exception there, but no, you folks do hard work. There's a, you're sort of the face of every technical question that people have about AWS, particularly when something isn't working correctly.

And there's a, there's a common pattern where people get annoyed that you don't instantly know what is going on with a particular service in a particular availability zone or fraction of availability zone, specific to their account, off the top of your head given that you folks generally don't make things up from whole cloth.

Shlomo Dubrowin: That's true. And we also don't know the status of every case and every question that you haven't asked us yet.

Corey Quinn: It's always felt to me on some level at the job is that of a traffic router, where you are, you're taking questions from customers in the, in the reactive sense that you do a bunch of proactive stuff too, but then the reactive side, something's going on.

The response is great. Let me check on that, which is. The right answer when you don't know. And I found that the response time, uh, for let me dig into that has gotten progressively shorter over the years. So I sense the hand of automation at work.

Shlomo Dubrowin: As I've gone through this journey and I've become, I personally have become more efficient.

I definitely answer faster and I definitely find myself. Either, either knowing the answer off the top of my head, not always, but obviously, you asked me a question, I might've encountered that before. And so I can give you either, this is, this is what happened last time I had this question, or this is what I think is going on, but let me get the details.

And yes, uh, we have more mechanisms internally to route these things or, or to get the answers quicker.

Corey Quinn: What I have found that has gone surprisingly well, I suppose, has been just the, the way that. That you have been able to, you collectively, not you personally, for better or worse, I've not yet encountered you on a client engagement, but it turns out there's kind of a lot of TAMs and kind of a lot of customers as well.

But it's always been interesting just watching how well you field questions that, you know, without context come across as wildly unhinged. And if there's one thing that I could improve the customer base across the board, and I guess the industry across the board, it's asking questions in a way that makes it easier for people to help.

Whereas I'm doing a thing, I expect it to do X, instead I'm seeing Y, can you help me understand what's going on? That's a, that's the form of a good question. Whereas this thing is broken. Terrific and almost totally unactionable. So if this entire global service were down, I get the sense I would know because everyone would be running around screaming.

That's not happening. So can you be more specific, please?

Shlomo Dubrowin: Yeah, for sure. So I definitely have spent some time working with my customers, where they ask a question that when it gets to the other side, to the human on the other side, who's trying to decipher it and answer it, Either they don't have enough details.

They don't, they don't know what's going on. They're not, they're not, they don't have any of the background. So if I have that background, because I know the customer and I know the whatever workload is having the issue, then I can give that to the support folks, kind of behind the scenes, having your, your TAM knowledgeable of what you're doing and what's going on.

Oh, they're doing a migration for whatever service this week. Then having that knowledge ahead of time, then we can help them. Smooth things along and get you answers faster. There are times where I have to go back to the customer and find them. Uh, often my, my customers are available on some kind of messaging platform, whether it's, you know, I don't want, I don't need to mention all of the 50 different messaging platforms, but.

Knowing how to get a hold of Bob on Messaging Platform 3, then I can go and ask them, okay, I saw this case, this is what, is this what's going on or is it this? And I can get some of those details and provide them to the support folks so they can actually go and do the digging that they need to do to get real answers.

Corey Quinn: One thing that you've done that really brought this to a head, which is why we're having this conversation now, is you've created something that is so awesome I can only assume that it was proposed as an internal AWS service and was rejected by the SVP of bad decisions, whoever that may be. It's something called AWS Reasonable Account Defaults.

Which is a very AWS-ian name that you built as best I can tell in what amounts to spare time.

Shlomo Dubrowin: Uh, yeah, basically I was interested in this. So I spoke twice at reInvent, uh, Chalk Talks on ways to avoid cost surprises. And when I came back from reInvent last year, a friend of mine said, look, my child's going to university and they're going to start learning AWS and they're worried about cost overruns.

So what do I have to do in order to protect my credit card? And so I was like, Oh, I just gave a talk about this. You need to go over here and do this. You need to go over here and do that and do this and do this. And I had nothing concrete to give them. Recently I put this together. Like you said, uh, kind of in my spare time, I've actually used this myself.

Uh, I've had versions of this personally, but I wanted this to be super easy for a free tier new user to use. So I made it into. No,

Corey Quinn: that is, you are getting spot on to exactly where I want to dig in because it's when you say reasonable defaults, reasonable for whom? One of the failure modes I found about AWS historically and a number of large companies, a number of companies across the board, is they try to keep to treat every customer the same, but you, you functionally can't.

And this is a perfect example of how. If I'm spinning up a new account at a bank. Yeah, I don't really care about whatever your cute little free tier might be. Money, ha, we are money versus I'm a student in my dorm room. I absolutely want you to turn my website off rather than charging me $50,000 by surprise.

And it's not just about money. It's about reasonable approaches to spend to, to governance. I, I just want this thing to work. Everything within my AWS account should be able to talk to everything else is reasonable for someone getting started as an independent learner. Very unreasonable if you're a bank and there's a continuum between those things and where those where a negative in customer lands, it leads to different outcomes and answers.

So who is this built for?

Shlomo Dubrowin: I kept in mind the free tier new user that is, I mean, I remember when I started and I was afraid of what was going to happen. That's who it was built for. And that's who the defaults of this CloudFormation template were built for, but it's configurable. So if you are that bank and this is a project account, then you can change those defaults.

The first thing it does is it's going to start to, but it's going to create two budgets for you. It's going to create a budget, a fixed budget, forecasted. I learned the minimum that you can set for a budget is a penny. So at 80 percent and 90 percent of a penny, it's going to send you an email saying,

Corey Quinn: and I get that email.

Every month, generally two or three days in, because there's some lag time behind it, and the name of that budget is, and I'm not kidding, Shriek Like Hell If I Owe Money.

Shlomo Dubrowin: Okay, so mine's not called that, but that, that works.

Corey Quinn: It's my credit dump account, which is why I want it to shriek if I actually owe real money.

There's the, for most people, this is not their actual concern, but I start there. To be very honest with you, it's sort of a smoke test of, is the budget system working this month? Because if not, do I care about a penny? Not more than is reasonable. Do I care about $50,000? Yeah, I do. That does put a bit of a crimp in the Christmas at the Quinn's most weeks.

But yeah, those things in between there tend to be a sort of graduated study. I just want to make sure that it's working and is this thing on.

Shlomo Dubrowin: Uh, that works for you. So, so some people really would get upset if they hit that penny limit. So that's the first budget that gets created. The second one is an auto adjusting budget, because what ends up happening is as you start using stuff, you might blow past that penny budget.

And so, okay, you're going to get into the 3 range or the $4 range or, or what have you. I created also an auto adjusting budget. So as you get past that and you get that, you hit the penny, the shriek range, On the first day, there's another one that's auto adjusting. So over the last six months, whatever your average usage was, your average cost, that will keep adjusting.

It tells you at the beginning of the month. And so that's another budget. It's another way to, you kind of keep your, your eye on the ball so that, you know, okay, I'm about to get, Costs are increasing. I'm about to get somewhere where I don't want to be. So that's the second one. Uh, you know, so there's, I'm really like worried about free tier.

And then there's the, no, I'm spending a little bit, but it's okay. Um, without having to do anything, those two will get set up. And then there's, uh, and then I also set up a cost anomaly detection. The cost anomaly detection, uh, again, you can set the threshold. The default is again, a penny. So. Any spikes that the cost anomaly detection will find, it will notify you about.

And so I'm trying to protect you kind of in both places. So whether you get a spike or whether you've got this gradual increase, you'll hear about it. It's up to the user to actually do something about those budgets. When you get the notifications, if you get into it or the, or the cost anomaly detection, if you get a notification saying, Hey, there's something fishy going on, you should go look at it and you should go determine what's going on or so that you can look into it and understand.

So those are the first, that's kind of where I started and I built these using the infrastructure as code generator, which is part of CloudFormation because I'm a ClickOps person. I'm actually a Bash programmer.

Corey Quinn: Oh, excellent. I was wondering about that because looking at it at the moment is just under 1800 lines.

When my brother visits from Israel, he would always speak to my dogs in Hebrew and I would say, Yossi, why are you doing that? They don't speak Hebrew. And his response is, "Oh, they understand it. It's God's language." Now, I don't know what the exact, I don't know exactly what God's language is or is not, but I know the exact opposite is YAML, and that's what is written in 1800 lines here.

I was going to ask, did you sit here and painstakingly write this entire thing by hand, because I would be clawing my eyes out by, eh, line 800 or so.

Shlomo Dubrowin: I took piece by piece, I took this budget, This, Lambda, this, which we'll get into in a minute. I took each piece, I kind of got it working in one account, ran the infrastructure, infrastructure as code generator, got all of the IAM permissions and everything I needed for that.

And then, but then I needed to modify it because if you, if you run the same YAML, you run the same CloudFormation again, It won't work because you've already got something named A, B, C, or, or whatever you've named them. That's where you'll see there's all kinds of funky stuff that I do in there in order to grab part of the stack ID, the, the invocation ID.

Um, so I've got some randomness in the name, so I can actually run this over and over again, and it will create more and more and more resources. And so, you know, which one is which they're all, they're all separate.

Sponsor: Complicated environments lead to limited insight. This means many businesses are flying blind instead of using their observability data to make decisions, and engineering teams struggle to remediate quickly as they sift through piles of unnecessary data. That’s why Chronosphere is on a mission to help you take back control with end-to-end visibility and centralized governance to choose and harness the most useful data. See why Chronosphere was named a leader in the 2024 Gartner Magic Quadrant for Observability Platforms at chronosphere.io.

Corey Quinn: What I like about this approach, and, and let's be clear, there have been a number of tools, scripts, half-ass bash script, et cetera, that have been thrown up onto the internet over the years, and they all tend to make a.

More or less different versions of the same error that is best I can tell you have very neatly sidestepped in that You're envisioning the use case of someone starting out on AWS for the first time with an account great Go ahead and implement these things But as soon as you start implementing it into an account that's been around for any period of time It will either conflict and fail, or it will stomp on something that really should have been there already, or was there, which deleted a bunch of logs because we've decided you don't need those anymore.

What you've built takes into consideration that, oh, if there's an existing CloudWatch log group that has an existing retention policy, don't touch it. It is presumed that that is there for a reason. So I haven't done the full analysis on this, but I suspect there aren't. Any accounts I can think of in which if I were to deploy this, it would cause data loss or break someone's application.

Shlomo Dubrowin: Right, so those are two other pieces that you're, that you're kind of referring to. And yes, I tried very much, so I, I deployed this in account, in my account that I've been using for quite a while, and I've deployed it in new accounts as tests. So there's two, there's two lambdas. That, that I created and I did this, uh, like I said, I'm a bash programmer, right?

So when I write, when I first started doing lambdas, I used a custom runtime of bash and someone nicely created a layer.

Corey Quinn: I, I have the exact same boat. I have, I have done crappy lambda layers that are hooking, uh, bash scripts through Python executes, then wind up running proxy servers on, uh, Uh, Socksproxy locally to wind up doing weird things with tail scales and lambda layer.

I, but all my stuff is crappy bash and then I somewhere along the way managed to graduate to crappy Python. Speaking of crappy approaches, I appreciate you're taking the approach of running it in your various test accounts and not that crappy TAM Steven that we talked about mythically as I'm going to run it in just my customers accounts and see how that works.

That's okay. I think they're a hospital, but what does that matter? Yeah, you test things where the blast radius is constrained and the failure mode doesn't make the headlines.

Shlomo Dubrowin: For sure. So I definitely tested in my own accounts. I created new accounts. I even created a new account with a credit card, which I hadn't done in many, many years, because I wanted to make sure that like Cost Explorer was enabled by default and what things were enabled or not enabled by default.

And yes, I write in, I write in Bash. Recently, I guess about a year or so ago, I started writing Bash containers. I've got a little script that does the compiling for me, the Docker compiling and pushing it to ECR and then telling the Lambda to use the latest one. That's on my GitHub as well. Anyway, so I, so I have, uh, and I have two instances that I do this on.

I've got one Intel based and one Graviton based, so I can do ARM or Intel based Lambdas for whatever, if I need If I need it to be one or the other. So that's how, that's how I would write this for myself, but I'm not writing it for myself. I'm writing it for the audience. I used Bedrock and a front end that we have here internally for Bedrock.

So I could, I basically asked it, I need a Lambda Python that does this. And it helped me. It put together a framework, and I had to iterate over it, and I can read Python, but it's hard for me to write, and it helped me generate it, so instead of taking me, say, a week to write a Lambda, it took me about an afternoon.

There's two important Lambdas that I'm running there, and one you mentioned, where it's going to, it's trapping CloudWatch log group creation, it's using EventBridge to do that. it'll set a default retention policy. And you can choose the retention policy, it's one of the options you choose when you first start up.

Mine is like 30 days. And the other, lambda, is um, s3, multi part upload lifecycle policy. And I set that for

Corey Quinn: Yes.

Shlomo Dubrowin: a week. And I didn't make it configurable, I Quit if we needed to. Those two lambdas are mostly there. Those are kind of very low hanging fruit, and they're there to protect the user, because when you create new lambdas, then it's often that you end up with these log groups, and they're just going to keep growing and growing and growing, and the multi part upload fragments, which are kind of invisible unless you turn on S3 storage lens, but for a new user, They're not going to know about that.

I set it for a week. If you're going to continue your upload, your big upload within a week, you're good to go. If not, it'll quietly go away. Now, there was some other, there were some other things that I had to do in order to get those to work, which might be interesting to some, uh, to some folks on a technical level.

Corey Quinn: Yeah, that was going to be one of my next questions. Uh, for example, I don't believe that you can have CloudFormation enable IAM access to billing data. I think that has to be done in the account via mouse click, but I confess it's been a few years since I've looked into that.

Shlomo Dubrowin: You're talking about for the budgets?

Corey Quinn: Uh, budgets may be separate from this. I remember that there's a, by default, IAM users cannot look at spend data in accounts until the root user clicks a checkbox, historically. I, it is entirely possible I'm misremembering this. Again, it has been years.

Shlomo Dubrowin: I don't know, but I didn't touch that.

Corey Quinn: Wonderful. And it, in a brand new account, you spun up and it just worked okay.

It is entirely possible that events have, once again, outpaced me, which is kind of a good thing if I, if I can't keep up with the pace of innovation, that's positive ,

Shlomo Dubrowin: so Cost Explorer was enabled by default and I was able to get to it inside the account. I didn't have to, I didn't have to enable it there.

Uh, I did have to enable Cloud Trail. And I know that CloudTrail can, can be dangerous because it can, it, it logs stuff and it can, and it can get expensive. And especially if you have more than one, right? The first one is free.

Corey Quinn: And in a lot of cases get even more dangerous by not enabling it, but yes, right.

Shlomo Dubrowin: So, so what I've done there is, is I have a Lambda that the CloudFormation pushes. And by the way, you know, you talked about YAML being dangerous because of the spacing. So I did Python in, in CloudFormation. So it's Python Which is whitespace specific in YAML, which is whitespace specific.

Corey Quinn: Wow, you must really hate yourself.

Shlomo Dubrowin: It took me a few iterations to get that working. Things were like not aligned and not working. So that was quite entertaining for a while.

Corey Quinn: I'm impressed it took only a few. That's wild.

Shlomo Dubrowin: Yeah, that was a little frustrating. So I have a Lambda that gets deployed by the CloudFormation. And what it does is it looks in all of your enabled regions for CloudTrail.

And if there's a CloudTrail enabled, it stops. It doesn't do anything. If there is not a CloudTrail enabled, then it's going to go and create a bucket for you. And it's going to enable a CloudTrail and log to that bucket. So I'm creating the resources for you. Now this is the only place in my account where I've seen expense.

And that's from the CloudTrail requests of the pushing the logs into the S3 bucket. And in my account, where I'm using it, You know, periodically here and there for building my website. It was like one or two cents per day, 30, 60 cents a month, I thought was reasonable for this. And I put a note in the, in the GitHub that I want people to know that there is this possibility, but, but I needed that in order to be able to trigger the lambdas on the creation of the bucket and the creation of the, uh, of the group,

Corey Quinn: people often think that my perspective is, Oh, AWS should never charge money at the end.

That is far from true. I think it needs to be transparent upfront. If you say, I'm going to cost you 0. 36 a month, and then you cost them 0. 36 a month, no one is angry or upset, unless they're a lunatic. The problem I have is, oh, I assume this is going to cost me nothing. Why did it just cost me $200? That is, that is concerning what, what gives, what didn't I understand.

It's the predictability and transparency aspect, more so than it is the never spend money for these services for which I am receiving. That's not a help, that's not a sustainable model.

Shlomo Dubrowin: So I try to be very upfront and I talked about, you know, where I tested this and where I saw the, the costs and the other thing, the other thing that, that I also do is there's another Lambda that gets deployed because you mentioned, uh, I'm in Israel and we, we launched a region like a year or so ago.

And so. It could be that someone's going to launch a new region if you're sitting out in Taiwan and Taiwan launch launches next week or next year, and you turn it on, you're going to want those benefits of this of these lambdas that you deployed somewhere. There is a another lambda that gets run, it gets run by CloudFormation when you first set up the system, and it gets run again periodically, you choose how often you want it to run once a day, once a week, once an hour.

You choose, and it goes out, it goes to all of your enabled regions, and it makes sure that you have those event bridge rules to forward the CloudWatch group creation and the S3 bucket creation to those lambdas. And that's it.

Corey Quinn: That's a good approach. It's solid. Are you looking at expanding this down the road to encompass things beyond cost of the The basic things to do when you first set up an account, setting up, for example, OICD relationships between this and GitHub, hypothetically, or more importantly, and a prerequisite for that, IAM Access Identity Center.

The, so instead of using IAM users themselves, use, use, effectively what used to be called AWS SSO, now with a crappier, harder to remember name.

Shlomo Dubrowin: So I'm definitely open to ideas. I wanted to keep this simple, and I didn't want to Force people to do this or do that, uh, especially so like if, if, if you're, if you're a free tier user and you're getting started, I didn't want to make it too complicated.

You grab a YAML, you go over here, you answer five questions. Right now it can only take one email address. There is a method to get it to take more. There is a method to get CloudFormation to iterate over multiple things in a list. I haven't gotten it to work yet.

Corey Quinn: I think that this is the, I think you're in the right direction on this.

I could see a scenario in which it becomes one of a number of nested stacks where you can effectively turn this into almost a mini application of sorts, where check the boxes on the things you want, like cost surprises. Yes, I definitely want to be, uh, I want to have that set up in my new account.

Security! Ah, that's job zero. And I give zero craps about it. Great. People are gonna people. That's what they do. And being able to pick and choose between those things that they want starts to be handy. On the other side of that coin, though, it turns into analysis paralysis. It's great. Sometimes I want two or three choices.

When I have two or 300 choices, I sort of freeze and give up and it's too much decision fatigue.

Shlomo Dubrowin: Right, for sure. So again, I wanted this to be, you know, to be super simple for a new user. The defaults are there for the new user. If I was a corporate user or, you know, someone that has a TAM, I could imagine that this same CloudFormation could get used during account vending and you would use different defaults.

You would have a distribution list for the notifications and you could use, instead of a penny here and a penny there, it could be, I don't know, 100 or 50 or 500, whatever, whatever's important to you.

Corey Quinn: One thing that I find odd is that most of the documentation on this is how to go ahead and install it via ClickOps, which, sure, I get it, that's my approach too, but there's no quick and easy way for several fascinating and valid reasons to be able to just take, here's a CloudFormation template, go ahead and apply it as the root user in your account, go.

You have to talk people through the various, uh, clicks and where to do these things. I, I can't shake the feeling that there is a. Better way to vend something like this to a cloud account. But I'm not aware of anything that resembles that these days, other than maybe some of the quick start click buttons and it opens up in the cloud formation window, almost ready to go.

But even that, as I recall, seemed a little heavy friction compared to some other approaches. This Honestly starts to sound less like a bug about what you're doing and more a, I guess, an issue or feature request for the AWS console of make it easier for me to take something external and apply it to my account.

Shlomo Dubrowin: Yeah, no, it's an interesting idea. Like, you know, the, when, when AWS launches, launches CloudFormation based things, right, there's a, that launch button. So you just click on that and it takes you automatically to probably Virginia to the Virginia region. Launches it in CloudFormation.

Corey Quinn: Part of the reason too is I'm trying to save you work down the future because I, one of the reasons I don't tend to do videos, especially, and also mostly blog posts where I have screenshots of what's going on in the console as an instructional

Shlomo Dubrowin: Because it'll change next week.

Corey Quinn: Is that every once.

Oh, every once in a while someone on the console team apparently decides to try and get promoted by doing a redesign of something or altering the way something works. And on the one hand, yes, this is usually an improvement and better for customers. On the other, that's a whole lot of material I have to go ahead and adjust.

I'm sure someone Who is very bloody minded is going to file an issue next week or so on yours, because at the moment on one of the screenshots is shows the search bar and there are 16, 724 results for CloudFormation, the documentation, and when there are now 16, 725 next week, someone's going to want to update the screenshot, at which point you close the issue and block them, but when they completely redo the CloudFormation console at some point, who knows when that happens?

Great. You're back to, Oh no, Oh no, now I have to redo the screenshots or it looks dated. And that's one of the biggest problems I think AWS has with updating things and making improvements is that there's such a corpus of community work on how to go ahead and do a thing. But if you follow a how to set up a static website on AWS tutorial from 2012, you're gonna have a bad time 12 years later.

Shlomo Dubrowin: Yeah, for sure. I can see that.

Corey Quinn: Not sure what the answer is, but it's one of those areas that I think would, uh, would benefit further down the road. I suppose we're going to find out one of the topic

I want to talk to you about as well that you started to get into and I cut you off is you built this partially with the assistance of generative AI.

Normally, I flinch when people start talking about gen AI and their email address ends in amazon. com, but what you're talking about is exactly the way that I think gen AI should be used. I've used a number of tools myself to make up for the fact that I'm a terrible programmer, but I'm enthusiastic about it.

And iterate on this piece of it and help me build the thing out. It really is a force multiplier. That's a great use.

Shlomo Dubrowin: Yeah, it was really great. Looking at a blank page and saying, okay, I need to write this in Python, which is not my first language of choice, was a little intimidating. And I, you know, really thought, okay, how can I, how can I do this?

And so I went to the Gen AI and I said, give me a lambda that does this. You know that does the CloudWatch Log Group retention policy and it gave it to me. And there were a few other pieces. There was a, another interesting nuance in the Lambdas that get run by the cloud formation. You know, those are running as a custom resource if you're familiar with that.

And cloud formation is expecting an answer, and if it doesn't get the answer it expects, it kind of just sits there and waits now. Some of those lambdas need to also run as a regular lambda. And so the, the response needs to be different for CloudFormation than it needs to be for when you're running it as a regular lambda.

I wanted to kind of trap that in the event data, so I needed to set a variable to trap that. And I, but if you don't, if you have a variable that's not set in Python, it complains, the Gen AI is the one that came up with the one liner that basically said, if this gunk is in the, is in the event data, then set it this way.

And if it's not set it that way. And it was a beautiful one liner in Python, and I could understand it as soon as it came up with it, but me writing, it would have taken a long time.

Corey Quinn: Oh, that one liner would have been 15 lines if I had done it at best, and I would have gone the tossing a frisbee to yourself across the street and running across to catch it pattern that I tend to fall into when I start attempting badly to do distributed systems.

Yeah, it, it really is elegant at distilling things like that down. Now, the challenge I run into on the one hand is that When you have it write applications and pitch in, it starts coming up with different approaches for every question you ask it. So it looks like a bunch of spaghetti code. But honestly, am I any better when I'm searching in Stack Overflow?

No, in fact, I'm arguably worse. So it's just an evolution of the same old problem. This way is just a lot more efficient slash faster.

Shlomo Dubrowin: Yeah, and not only that is you can actually give it the errors, right? So I, it gave me something, I tried it, I got an error, and I said, I got this error and it gave me a fix.

Corey Quinn: I think you win the gold star of first conversation I've had with an AWS employee who suggested a use for Gen AI that was awesome. Good work.

Shlomo Dubrowin: Go TAMS.

Corey Quinn: Exactly.

I really want to thank you for taking the time to speak with me. If people want to learn more, where's the best place for them to find you?

Shlomo Dubrowin: Hi, so the best place to find me is probably the website that I mentioned that I just launched.

It's clouded tora. org. So it's clouded tora. org. Torah, T O R A H dot org, and you have to use the www because it's CloudFront.

Corey Quinn: There are sneaky ways around it, but those are fun and exciting and hashtag dot all op, some restrictions reply, void where prohibited. Yeah, I will of course put a link to that in the show notes, which is probably easier for people to just do the clicky clicky with the draggety pokey finger stick.

But thank you very much once again for taking the time. I really do appreciate it.

Shlomo Dubrowin: Thanks, Corey. It's been great. Shlomo

Corey Quinn: Dubrawin, Senior Technical Account Manager, or TAM, at AWS. I'm Cloud Economist Corey Quinn, and this is Screaming in the Cloud. If you've enjoyed this podcast, 5 star review on your podcast platform of choice.

Whereas if you hated this podcast, please leave a 5 star review on your podcast platform of choice, along with an angry, insulting comment that I'm not going to have time to read because I didn't apply this, and I have a big AWS bill to go deal with.

Newsletter Footer

Get the Newsletter

Reach over 30,000 discerning engineers, managers, enthusiasts who actually care about the state of Amazon’s cloud ecosystems.

"*" indicates required fields

This field is for validation purposes and should be left unchanged.
Sponsor Icon Footer

Sponsor an Episode

Get your message in front of people who care enough to keep current about the cloud phenomenon and its business impacts.