Image




 

Welcome to the 33rd issue of Last Week in AWS.

This week has me in Israel, speaking at DevOps Days Tel Aviv. My keynote, “Musings of an Assistant Regional Thought Manager” is supposedly being recorded. We’ll see!

Last week I mentioned that AWS Chief Evangelist Jeff Barr stated that he “would rather eat live frogs than honor an AWS team’s request”. I ran a contest to figure out what that request was. 


The best suggestions were:

  • Refer to your blog post marathon as a "Barr crawl." 
  • Explain what Kubernetes is using LEGO.
  • "We’re not sure which of these were going to release, can you write fifteen versions of this blog post for us to pick from?"
Poor Jeff. Thanks to those who chimed in.

This week’s issue is sponsored by CloudHealth.

ImageWhile cost is often cited as the reason why people move to the cloud, it’s not always that simple. Have you achieved your expected savings? This eBook provides 10 best practices for reducing spend in AWS, including several pro-tips from cloud experts. Read today and better manage your cloud costs.​

 

Community Contributions

A gripping tale about how a real-life company tackled AWS cost optimization– without throwing me at the problem.

If your response to being told that your Lambda function might execute twice is “wait, what?!” then you need to read Cloudonaut’s latest.

Duo Security found potential gaps in AWS’s MFA policies. I’ve gotta hand it to the AWS security team— they’re a class act start to finish.

Today I’m urging you to submit a post idea to AWS Advent. It’s a great blog series that gathers tips, tricks, guides, and how-to advice from the AWS community. If you’re reading this, I promise– you have an AWS story to tell. Submit today!

Kate Turchin is a marvel. My version of the S3 Bucket Song involves a lot more profanity and screaming than hers does.

LightSail briefly became AWS’s most profitable service last week. You may want to check to see if your finance people are still breathing.

Choice Cuts From the AWS Blog

Updated AWS SOC Reports Are Now Available with 19 Additional Services in Scope | AWS Security Blog - If your life revolves around compliance reports, new SOC reports are available. Ask your account manager to buy you an adult beverage while you read these– they’re dense.

Crowdsource Database Migration—Let’s Do It Together | AWS Database Blog - This is a handy set of tools and templates for migrating your database via DMS. I hope “crowdsourcing my database migration” turns out better than my “crowdsourcing my architecture from HackerNews” experiment– my network diagrams look like a Boston street map now.

Amazon ElastiCache for Redis introduces dynamic addition and removal of shards while continuing to serve workloads - A crappy version of Autoscaling has come to ElastiCache for Redis, wherein you have to build the scale-in / scale-out logic yourself. Hey, at least it won’t slam to a halt while resizing this way?

Amazon Inspector adds security findings data enhancements and operating system support - Good news– there are now still more security alerts that nobody will ever look at until it’s too late.

Amazon Polly Releases New Timbre Effect - SHIVER ME TIMBRES, IT WOULD SEEM THAT “TIMBRE” DOESN’T MEAN WHAT I THOUGHT IT DID, MATIES!

New – AWS PrivateLink for AWS Services: Kinesis, Service Catalog, EC2 Systems Manager, Amazon EC2 APIs, and ELB APIs in your VPC | AWS News Blog - PrivateLink lets you access a raft of AWS services from inside of a VPC. Huzzah! This is a good thing. The only part about it that irks me is the pricing model– at 1¢ per hour, and 1¢ per gigabyte sent through it, it’s inflating the untaggable section of AWS bills, it’s adding a not-generally-worthwhile amount of money to the bill, and further obfuscates an already densely complex area of cloud economics.

Introducing Amazon EC2 C5 Instances, the next generation of Compute Optimized instances - After a long wait, C5 Instances are here. Optimized for CPU intensive applications, these are roughly 15% less expensive than the previous C4 generation. Also, they run a completely new custom hypervisor that AWS wrote.

Amazon CEO Jeff Bezos slapped a squirrel so hard that he - Wait. What did you just say? A custom hypervisor?! The thing that makes the instances go in the first place? You just drop that in there after a decade of Xen with no fanfare, no warning, no rigorous testing of my existing workloads?! And you included this as a footnote, and mentioned it’s going to be rolling out to future instance types!? Are you out of your tree?!

Access detailed product pricing information using the AWS Price List API - “Wait, what do you mean people might want to use the pricing API to figure out how much their specific workloads would cost. Don’t be ridiculous, Johnson!” Today Johnson is vindicated.

Amazon S3 Adds New Features for Data Security and Compliance - AWS has mobilized to stop my S3 Bucket Negligence awards. There’s not a new one to award this week, so okay– let’s see how it goes.

Amazon EC2 Convertible RIs - Now Available for a 1 Year Term and supports Splits & Merges - “…and bless Mommy, and Daddy, and little Patches. Oh, and please make RI purchases even more complex and choice-ridden than they already are. Amen.”

Customize your organization’s AWS credit and Reserved Instance (RI) discount sharing using new billing preferences - You can now let other departments in your organization suffer the consequences of their poor Reserved Instance choices. To heck with those people— you’ve got yours!

Monitor your Amazon Redshift, Amazon RDS, and Amazon ElastiCache reservations using AWS Cost Explorer’s RI Utilization report - And Amazon lands the hat trick with the third RI enhancement last week. Chalk up another “wait, you mean it didn’t do that already” feature enhancement.

Amazon CloudFront opens its 101st Point of Presence by launching its first Edge Location in Palermo, Italy. - Okay, the pins in my AWS locations wall map are becoming clear. “CloudFront Edge Locations” are pretty much “some AWS VP’s company-subsidized vacations.”

Tools

This is nifty– CloudZero Reactor lets you understand your AWS account activity, and rapidly query relationships between services and AWS resources.

This handy script detects stale AWS security groups. It’s just a hop, skip, and a jump from being turned into a Lambda function…

Log automation is something I’ve been grousing about a fair bit this week. sqs-s3-logger is a decent approach to serverlessly logging to S3 via SQS.

You can now host PHP sites in Lambda, because Nietzsche was right: God is dead.

Tip of the Week

Today’s tip is going to sound a little strange, but bear with me.

Do not make any architectural decisions that aren’t trivial to reverse about AWS from now until re:Invent.

Constraints that apply today won’t apply in three weeks, new products and features will (presumably!) be launched, pricing models may alter, and the things that you care about may not look exactly the same after Werner Vogels takes the stage to taunt Larry Ellison.

This tip will likely look ridiculous if this is the year that AWS announces nothing new, and every keynote and breakout session is just AWS employees and customers showing slide shows from their summer vacations.

…and that’s what happened Last Week in AWS.

I’m Corey Quinn. I’ve helped people significantly reduce their AWS bills and spoken broadly on the conference circuit, but what I’m good at and passionate about is strategic and tactical decision-making roles at growing startups. If your company is making strides in the tech industry and wants help thinking through these things, get in touch and let’s have a conversation,

If you’ve enjoyed reading this, tell your friends to sign up at lastweekinaws.com (or post a link in your company Slack team!) about it. As always, if you’ve seen a blog post, a tool, or anything else AWS related that you think the rest of the community should hear about, send them my way. You can either hit reply– or join the #lastweekinaws channel on the og-aws Slack team.

List archives are always available at https://snarkive.lastweekinaws.com/