Welcome to issue number 103 of Last Week in AWS.
The Santa Clara summit dropped a lot of product announcements, Lyft went public at $72 a share, and I continue to rant like a lunatic on Twitter. Onward!
This week’s issue is sponsored in part by DigitalOcean, the simplest cloud platform for developer teams. They have a handy new security tutorial on setting up Vuls, an open source, agentless vulnerability scanner written in Go. If you want to learn how to automate vulnerability reporting for Linux packages with Slack notifications to your team, don’t miss this excellent step-by-step guide. Thanks again to DigitalOcean for supporting Last Week in AWS and the open source community.
A great how-to on sensible notifications around compromised AWS credentials. That said, it highlights the very real fact that CloudTrail has a 15-20 minute latency delay--which is still WAY better than the billing system. The billing system, of course, is the way most of us find out about credential compromises.
For the computer scientists among you, here's a deep read about Aurora: design considerations for high throughput cloud-native relational databases. For those of you who are in no way computer scientists, here's a shallow read about a much easier to understand Aurora.
I inadvertently sparked an article worth reading-- Security by Happenstance is worth the time, and not just for self-aggrandizing reasons.
A tale of how Comic Relief load tests Serverless with Serverless.
Someone asked me this week how I'd go about importing Google BigQuery tables to AWS Athena. As it turns out, someone wrote exactly that recently. Here you go...
This terrifying post about Serverless without Lambda is brought to you by Richard Boyd, iRobot Cloud Data Engineer and someone worth following.
My version of how and why to use CloudFormation macros would be "don't," but this article has more in-depth answers.
Oracle customers continue to fear Oracle licensing gotchas if they migrate to non-Oracle clouds--but they also want to pick a cloud provider that doesn't actively hate its customers, and also... y'know. Works.
I finally got to catch up with longtime friend of the newsletter and Human EMP Silvia Botros--Principal Engineer at Twilio Sendgrid and the reason this newsletter arrives in your inbox every Monday instead of your spam folder. Screaming in the Cloud Episode 53: Company Migration On Two Fronts: AWS and the Career Paths of Software Engineers.
AWS has been chosen as the Industrial Cloud of choice by <em>Lying Sack of Crap Magazine</em>’s carmaker of the year, Volkswagen. I still can't fathom how "outright cheating / lying to regulators about emissions" didn't destroy their business, but I for one will never buy another Volkswagen again.
“But wait!” cries MongoDB. “It’s a cheap shot to claim that MongoDB is prone to losing data! We’re also criminally insecure!” While it's better now, I'm not sure I'll ever forgive them for shipping with default "open to the world, no authentication" settings for years.
If you have a job to share with this newsletter's discerning, thoughtful, all-above-average readers, hit reply so we can chat. This week I have two companies to tell you about--both of whom foolishly trusted me to write their job copy for them. Here we go!
Would you like to work on my favorite database? Well, you can't--Microsoft Excel + VBA didn't hit reply and chat. Instead, consider working on Amazon DynamoDB. With 43 open roles in the US and Ireland, you can help finish what Werner and Swami started--or join the dark side and begin work to sabotage DynamoDB from the inside so that Secrets Manager can rise to take its rightful place in the universe!
Do you want to work in the Bay Area? Almost certainly not; the people are insufferable here. Consider instead staying wherever the hell in the US you happen to be and talking to Truss, a software consultancy. Picture all of the advice that I'd give you, and now envision that wrapped in something you could tell a customer without getting punched right in your sarcastic mouth. That's what Truss does, but they for some unknown reason don't describe it that way. Currently, they are seeking stellar Infrastructure engineers anywhere in the US (yes, even the crappy parts) to help them with commercial and government contracts. Seriously, read this thing--they tell you what levels they're looking to hire at AND THEN THEY EXPLAIN THEM SO YOU DON'T FEEL LIKE A MORON FOR NOT KNOWING THEIR INTERNAL RUBRIC! Virtually any other hiring manager who happens to be reading this should look at their job descriptions and feel comparatively ashamed.
Choice Cuts From the AWS Blog
This issue is sponsored in part by GoCD, from Thoughtworks. If you're running workloads in Azure, good for you--it's rapidly improving by all accounts. With GoCD’s new Azure plugin, you can run your CI/CD pipelines on Azure virtual machines, and let GoCD scale up on-demand agents based on your need. To learn more, check out their Microsoft Azure Elastic Agent Plugin. My thanks to them for their continued support.
Amazon Redshift announces Concurrency Scaling: Consistently fast performance during bursts of user activity - I'm still salty that they didn't go with the far superior headline, "Amazon Redshift Gains Automatic Transmission."
AWS Announces the General Availability of the Amazon S3 Glacier Deep Archive Storage Class in all Commercial AWS Regions and AWS GovCloud (US) - Deep Archive is fascinating to me. Roughly $12K a year to store a petabyte is transformative, and with a 12-hour response to data requests it's ideal for data you don't need immediately. Virtually everyone who argues with me about how incredibly this is apparently works for a storage company and has something to sell.
Amazon API Gateway Improves API Publishing and Adds Features to Enhance User Experience - Enhancing the user experience and level of understanding is critical. API Gateway is dramatically improving in this regard; for a while I was worried that they took Amazon's famous "we're willing to be misunderstood for long periods of time" credo and applied it to documentation.
Amazon EKS Opens Public Preview of Windows Container Support - A 2-and-change hour keynote at the Santa Clara summit, and this somehow didn't get announced?! I mean, I don't care about it, but most of the rest of the world very much does!
Amazon Transcribe enhances custom vocabulary with custom pronunciations and display forms - "Huh, what if we're the bad guys? What if AMI really does have three syllables?"
Announcing the Ability to Pick the Time for Amazon EC2 Scheduled Events - The time I'd have picked for this feature is circa 2014.
Application Load Balancers now Support Advanced Request Routing - ALBs have apparently gone from "weird broken ELBs" to something that's incredibly capable, and giving me no real reason to run HAproxy myself other than spite.
AWS App Mesh is now generally available - App Mesh slots neatly into the huge addressable market that exists between "I don't know what a service mesh is or why I would need one" and "I needed a service mesh so I deployed Envoy." Dozens of customers are thrilled to pieces.
AWS Key Management Service Increases API Requests Per Second Limits - The key word missing here is "default;" you've been able to request considerably higher limits for ages.
AWS Makes it Easier for You to Discover Relevant Products in AWS Marketplace - It's now far easier for you to discover relevant products in a largely-irrelevant Marketplace. I kid; there's a lot of good stuff in the Marketplace, but it's done a fairly poor job of promoting itself to date. If that comment makes you bristle, please hit reply; I'd love to talk to you.
AWS Transfer for SFTP supports AWS Privatelink - This is a great example of AWS releasing things that are transformative for some workloads, and then utterly failing to weave a narrative about why you might care about such a thing. I'm quite serious--this is huge for internal facing apps, cross-company integrations, and other workloads that are massively important, but you get effectively none of that nuance from this write-up.
Introducing AWS Deep Learning Containers - Either I'm missing something truly profound (quite likely!) or this is an entire service announcement wrapped around a handful of INSTALL commands in Dockerfiles...
AWS Event Fork Pipelines – Nested Applications for Event-Driven Serverless Architectures - So let me translate this for you. AWS has done two incredible things here. 1) They've found a way for click-to-deploy serverless applications to talk to each other natively without you having to wire them all together, and 2) describe this in such a way that 90% of folks will miss what it does on the first pass.
New Local Testing Tools Now Available for Amazon ECS - If you prefer local development, I want you to know that first, I believe in my bones that you're wrong. That's okay, though--Amazon is wildly successful but is also dead wrong in how they pronounce AMI. Secondly, you can now test those applications locally a lot more easily.
The AWS Toolkit for IntelliJ is Now Generally Available - This is either going to result in people immediately running for the potty with excitement, or a "what's IntelliJ?" There is no wrong answer there, but there's also no third option apparently.
The AWS Toolkit for Visual Studio Code (Developer Preview) is Now Available for Download from in the Visual Studio Marketplace - If you use Visual Studio Code, this is great news. I admit I use it myself from time to time when I'm unable to make vim consume all of my RAM on its own, and it's pretty snazzy.
The connections between logs, containers and orchestration have never been more evident or important. Sylvia Fronczak and Dave McAllister discuss this in the Scalyr insights recording, "Contain Yourself, the Devs guide to CaaS". My thanks to Scalyr: providing both fast and agile insights into your logs.
Bitbucket has released its indexer sidecar for Elasticsearch to enable better searching of DynamoDB.
Lyft has, on the same day as they went public at $72 a share, open sourced Cartography. It helps show infrastructure assets as well as the relationships between them.
…and that’s what happened Last Week in AWS.
I’m Corey Quinn. I help people significantly reduce and understand their AWS bills and speak broadly on the conference circuit. In addition to this newsletter, I host the Screaming in the Cloud podcast about the business of cloud computing, featuring me talking to folks who are good at things; it's a nice contrast.
If you’ve enjoyed reading this, tell your friends to sign up at lastweekinaws.com (or post a link in your company Slack team!) about it. As always, if you’ve seen a blog post, a tool, or anything else AWS related that you think the rest of the community should hear about, send them my way. You can either hit reply– or join the #lastweekinaws channel on the og-aws Slack team.
List archives are always available at https://snarkive.lastweekinaws.com/