Welcome to the 14th issue of Last Week in AWS.

When I started Last Week in AWS, it was a temporary experiment– I wasn’t sure I would get more than a half dozen readers. Now that I’m closing in on 2000 subscribers, I’m willing to declare this newsletter successful. Thank you all for reading what I write.

The single most common reader request over the past three months has been for an archive of past issues and their snark. That “snarkive” is now available on a two week delay at https://snarkive.lastweekinaws.com. Thanks to everyone who requested this– please let me sleep in peace now.

If you’re not sure what this subject line is referring to, see this week’s tip below for an explanation.

My thanks again go to Datadog for sponsoring this issue:

Cloud-scale monitoring, from AWS to ZooKeeper - Ever wish you could graph all your AWS metrics, correlate them with 150+ other techs, and set up sophisticated alerts? There’s a monitoring service for that: It’s called Datadog. Here’s a free trial.

If you’d like to sponsor Last Week in AWS, please hit reply and let me know!

Community Contributions

Cloudonaut returns, with a Lessons Learned post on building a chatbot for passing alerts from AWS to Slack.

While this ostensibly takes you step by step through building a serverless React application from nothing, what struck me is that an introductory tutorial ties together Lambda, Cognito, S3, IAM, DynamoDB, CloudFront, Route53, Certificate Manager, and API Gateway. That’s not a learning curve– for a beginner, it’s a cliff.

If you’re going to re:Invent, take a look at this survival guide. This will be my first re:Invent– I’m looking forward to seeing some of you there.

Microsoft has acquired cloud management company Clouddyn, in a move sure to turn up the heat on competitors CloudHealth, Cloudability, CloudConformity, CloudCheckr, CloudBandsaw, CloudNowI’mJustMakingTheseUp, etc. There’s no word yet as to whether CloudDyn will discontinue support for non-Azure providers.

A popular post this week asks the question “Is it possible to host Facebook on AWS?” My answer is “no, because their lawyers will sue you back to the stone age if you try it,” but apparently that isn’t what they’re talking about here.

Choice Cuts From the AWS Blog

Introducing Our NEW AWS Community Heroes (Summer 2017 Edition) | AWS Blog - A new batch of AWS Community Heroes have been named. Congratulations in particular to Josh Levy and Thanos Baskous– their work on the Open Guide to AWS is standout. No word yet on nominations for AWS Community Villains.

AWS GovCloud (US) and Amazon Rekognition – A Powerful Public Safety Tool | AWS Blog - I hate to sound like an anti-government whack-a-doo, but this blog post highlights what is arguably the only non-creepy application of facial recognition to government work. Every other “government gets access to facial recognition tool” story is likely to open a giant civil liberties can of worms.

New – Cross-Account Delivery of CloudWatch Events - You can now toss CloudWatch events into other AWS accounts, much like you’d toss a dead animal into your neighbor’s yard for them to worry about, turning alerting into the very best kind of problem: somebody else’s.

Tools

The venerable ICE AWS usage tool has been transferred from Netflix (where it languished unmaintained) to Teevity, who is restarting development. This is worth keeping an eye on if you care about deep-dives into your AWS bill.

At $50 a pop, Route53 policy records get expensive quickly. If you need that functionality but don’t want to pay for the privilege, take a look at Zinc; it may fit your needs without breaking the bank.

Finally– a reasonable way to alarm on missing CloudWatch metrics. Building a sane “deadman’s switch” functionality has been surprisingly challenging until a couple new configuration settings for CloudWatch came out earlier this year.

Think you understand common security failure modes with AWS? Take the flAWS challenge and find out…

Tip of the Week

Last week AWS quietly added a new availability zone to us-east–1. This new AZ (us-east–1f) differs from other AZs in a few ways.

  • It’s consistent between accounts. Other AZs are not– my us-east–1c might be your us-east–1a.
  • It only supports the latest generation of EC instances– namely the C4, M4, R4, I3, T2, D2, and X1 instance families.
  • If your code expects 5 AZs in us-east–1 and is now receiving 6, you may have discovered some fun new failure modes last week.

As a result, this week’s tip is to question the assumptions you have about regions– not all AZs are equal, and their numbers aren’t static.

…and that’s what happened Last Week in AWS.

I’m Corey Quinn, a consultant specializing in helping companies fix their horrifying AWS bills. If you’ve enjoyed reading this, tell your friends to sign up at lastweekinaws.com (or post a link in your company Slack team!) about it. As always, if you’ve seen a blog post, a tool, or anything else AWS related that you think the rest of the community should hear about, send them my way. You can either hit reply– or join the #lastweekinaws channel on the og-aws Slack team.

List archives are now available at https://snarkive.lastweekinaws.com/.