Image

Welcome to issue number 35 of Last Week in AWS.

We’re going to start off today’s special “Pre:Invent” issue by thanking our sponsor, CloudCheckr.


Image




Download the Cloud Management Report 2017 to learn how leading organizations take a strategic approach to the cloud across departments. This report shows surprising insights into the ways organizations are bringing together leaders from finance, IT, DevOps and security to establish a cloud center of excellence (CCoE) that can dramatically improve their public cloud deployments.

Thanks to them for their support!

Today’s issue is packed with a LOT of releases. I’ve pared out the crappy ones I don’t care about, but there’s going to be many, many more things to announce next week. Expect next week’s issue to follow a completely different format, for my own sanity.

If you’d like to help with next week’s issue, join the og-aws Slack team and help me track down re:Invent announcements in #the-wheel. I’ll also be livesnarking on Twitter as @QuinnyPig if you’d like to catch my re:Invent sarcasm in realtime.

A lot of re:Invent “predictions” are, to be polite, overly simplistic. “I predict Amazon is going to launch some new machine learning service!” “We predict that there will be enhancements made to AWS Lambda!” “Here at Gartner we’re positive companies will continue to hurl money at us for no apparent reason!”

As a result, I’m going to make some of my own predictions here, based upon no inside information:

  • AWS Lambda will support Ruby and/or Go.
  • Larry Ellison will say something mean-spirited and woefully inaccurate about AWS at some point over the next week.
  • A managed Kubernetes service will be announced. Amazon will misspell the word “Kubernetes” much as they do “Rekognition,” but nobody can spell it correctly in the first place so it’ll fly entirely beneath the radar.
  • People will be wildly excited about an artist I’ve never heard of performing at re:Play.
  • Cross-Region VPC peering will continue to taunt us, but will not be announced.
  • Lambda timeouts will be increased.
  • Yet more features will roll out that are aimed at stopping the spread of S3 Bucket Negligence Awards. They will all be unsuccessful because you can’t fix people.
  • I’ll be able to run Lambda functions on my idle EC2 instances. (Technically, I already can with GreenGrass.)
  • I will be politely asked by re:Invent security to “stop causing a scene” by giving very direct feedback about the abysmal re:Invent mobile app at the Mobiquity booth.
  • The SimpleDB product team will be mistaken for gamblers who’ve lost it all and are drinking to forget in their hotel bar, conveniently located just seventeen short miles from the Strip and the rest of re:Invent.
  • At least one service in us-east–1 will fail spectacularly during the conference. The status page may or may not reflect this accurately.
  • At least one additional region will be announced.
  • Amazon will announce a blockchain service aimed at cryptocurr— I’m sorry, I can’t even finish typing that ridiculous sentence.
  • Roughly 300 people will have their hair dyed purple as per Chief Evangelist Jeff Barr’s request.
  • AWS employees will continue to mispronounce “AMI” as “ah-mee” on stage.
  • Werner Vogels and/or Andy Jassy will trumpet the latest Database Migration Service statistics, without mentioning how many of those migrations broke data in arcane ways.
  • You will need to get a new phone number and email address because you let the wrong vendor scan your badge.
  • You can upload full containers to Lambda or its equivalent. I mean in a supported way, not one of the several horrifying hacks that enable this behavior today.
  • Someone is going to collect two dozen Fidget Spinners from the vendor hall before questioning their life choices. That person may well be me.
  • An Amazon marketplace seller is going to see “Amazon” in the conference name, show up, and be completely baffled by what everyone is talking about.

Community Contributions

A number of folks emailed me to let me know that Uber was in contention for an S3 Bucket Negligence award this week. Sadly, they don’t qualify. While they’re arguably one of the least ethical companies on the planet, and reportedly still rife with terrible people working there, this breach didn’t come from an unsecured S3 bucket.

Werner discusses some of the intricacies of resizing and scaling ElastiCache for Redis. A fascinating look into what’s going on underneath the hood…

This one snuck past me. This in-depth discussion of getting FreeBSD on C5 instances mentions almost in passing that there’s now EBS-via-NVMe hardware in place. EBS continues to be astounding technologically.

New Relic gives its State of Serverless report. A lot of good info in here— it seems like people are still being somewhat cautious about putting serverless patterns in-line for critical use cases, but that may be me reading my own biases into the data.

HackerNoon shows us a quick intro into the infuriatingly-spelled AWS Rekognition and its recently updated capabilities.

Eric Hammond and Jennine Townsend put together this kinesis diagram showing the various inputs and outputs available for Kinesis. I find these types of diagrams to be incredibly helpful.

It’s no longer annoying to copy values from the EC2 console. Ideally other services follow suit shortly.

AWSgeek returns with a visual service summary of the sneakily-renamed Amazon Elastic Container Service (it used to be EC2 Container Service). This one’s gorgeous.

Some press have fallen victim to a hilarious misinformation campaign saying that Cerner is going to be in a re:Invent keynote. Sorry, folks— his name is “Werner.”

This week’s S3 Bucket Negligence award goes to DJI. This drone manufacturer exposed copies of people’s drivers licenses, passports, other forms of ID, and flight logs. Personally, I’m mostly just miffed that a company with a name like “DJI” makes drones, while a company named “Crowdstrike” does not.

Choice Cuts From the AWS Blog

Amazon API Gateway Supports Access Logging - The black box of API Gateway is becoming a dark grey box, but you’ll pay for the privilege.

Amazon Connect Adds Automated Outbound Calling, Now Available in Limited Preview - You can feel how much workshopping went into this blog post to avoid saying “we built a robocalling spam cannon for some of the worst companies in the world.” I never, ever want to receive a phone call from a robot; send me a SMS message instead.

Amazon Simple Notification Service (SNS) Introduces Message Filtering - Filtering SNS messages obsoletes an awful lot of parsing code, and will reduce costs for people consuming SNS topics via Lambda. If only AWS published service updates via SNS, tagged with whether or not they’re interesting…

Announcing a new pricing plan for AWS IoT - Not only is IoT pricing now lower for most workloads, it’s oodles more complex to calculate. Rejoice!

AWS CodeCommit Supports Pull Requests - CodeCommit is rapidly catching up to 2012 GitHub.

AWS Mobile introduces a new CLI and redesigned console to simplify building quality Web and React Native apps - For those of us who struggle with writing applications, this is a godsend. I’m just a few dozen clicks away from relaunching Twitter for Pets.

AWS Trusted Advisor Adds Service Limit Dashboard and CloudWatch Metrics - It’s now easier to find out service limits before you smack into them, and for AWS support to be condescending when you trip over them regardless.

Amazon CloudFront adds six Edge Locations and expands into four new cities - ♪ ♫ ♬ Well they’re scattered ‘round the world from Madrid to Philadelphia / Speeding static content delivery from Chennai down to Sydney / They’re cropping up like weeds to encircle mainland China / Tell me who in the world gives a crap about CloudFront Edge locations? ♪ ♫ ♬

Identify opportunities for cost savings using AWS Cost Explorer’s new Amazon EC2 Reserved Instance purchase recommendations - AWS now provides Reserved Instance recommendations, in what looks an awful lot like a direct shot across the bow of a number of cost optimizing platform as a service companies. AWS’s use of the term “Partners” sounds an awful lot like “Companies we haven’t gotten around to crushing yet.”

Introducing the AWS Connected Vehicle Cloud - “We route our traffic through us-east–1” is a statement that just became orders of magnitude more terrifying to everyone on the road.

Introducing the AWS Cost Explorer API - Cost Explorer now has a public API, which is great. What’s a lot less great is the “charge 1¢ per query to explain our convoluted bill to you” model. If you called up Verizon and asked for clarification on your phone bill, you’d be incensed if they charged you for the privilege. I’m hard pressed to imagine a world where the revenue from this API offsets the damage the charge does to the goodwill AWS has built up; the bill continues to be the asterisk next to the “we’re customer focused” Amazon leadership principle.

Lambda@Edge Now Supports Content-Based Dynamic Origin Selection, Network Calls from Viewer Events, and Advanced Response Generation - You can write full-on applications now with these changes to Lambda@Edge, which I still don’t know how to pronounce. Meanwhile I’m still just using it to set static headers on CloudFront…

Sync Files to Amazon Elastic File System Quickly, Easily and Securely with EFS File Sync - It’s now up to five times faster to get files into the AWS storage system that you shouldn’t be using in the first place.

Amazon Rekognition Announces Real-Time Face Recognition, Support for Recognition of Text in Image, and Improved Face Detection | AWS AI Blog - While this is definitely fascinating, did they have to include the Orwellian use cases for law enforcement in the writeup?

Access Resources in a VPC from AWS CodeBuild Builds | AWS DevOps Blog - “Maybe we can use the re:Invent flood of news to quietly release a bunch of features we get yelled at for not including originally?” “GENIUS! GET YOURSELF A PROMOTION!”

Announcing the New AWS Secret Region | AWS Government, Education, & Nonprofits Blog - ██████████ ████ ██ ████ ████████ Secret Region ████. ████ ████████████ squirrel uprising ████████ █████ ███████ ████ Top Secret Region ████ ████ ███ classified data.

Easier Certificate Validation Using DNS with AWS Certificate Manager | AWS Security Blog - You can now validate domain ownership via DNS instead of email, leaving more room in your inbox for copies of Last Week in AWS to take up residence.

How to Encrypt and Decrypt Your Data with the AWS Encryption CLI | AWS Security Blog - This is a terrific walkthrough of the new AWS encryption CLI, but for some reason the example stops short before showing how to store the unencrypted file in a publicly accessible S3 bucket, as is all the rage these days.

Tools

AWSweeper can help you sensibly clean out stale resources in your AWS account. This is a great approach to getting rid of the cruft that always seems to accumulate…

Strongbox has some interesting advantages over Vault and Parameter Store for managing secrets. Unfortunately, Java is a prerequisite, so it may not be suitable in many environments.

Tip of the Week

This week’s tip is simply to relax. There’s about to be a deluge of announcements about new features and services that make what you’re currently doing look old ‘n busted. What you’ve built (presumably) works for your environment, and your challenges. Be happy with that; don’t rush out to throw away something working just because a new nifty toy came out. More importantly, don’t feel bad about your existing environment— you’re not Netflix (my apologies to my subscribers from Netflix); you don’t need to build to solve their problems.

…and that’s what happened Last Week in AWS. See you next week.

I’m Corey Quinn. I’ve helped people significantly reduce their AWS bills and spoken broadly on the conference circuit, but what I’m good at and passionate about is strategic and tactical decision-making roles at growing startups. If your company is making strides in the tech industry and wants help thinking through these things, get in touch and let’s have a conversation,

If you’ve enjoyed reading this, tell your friends to sign up at lastweekinaws.com (or post a link in your company Slack team!) about it. As always, if you’ve seen a blog post, a tool, or anything else AWS related that you think the rest of the community should hear about, send them my way. You can either hit reply— or join the #lastweekinaws channel on the og-aws Slack team.

List archives are always available at https://snarkive.lastweekinaws.com/