Welcome to the fifth issue of Last Week in AWS.

This week’s issue is a doozy; AWS dumped a lot of updates last week at their SF Summit. Grab a cup of coffee / tea, and let’s get to it:

Community Contributions

A post on the Threat Stack Blog discusses how 73% of companies have critical AWS security misconfigurations. I’m locking down my web-serving S3 buckets to only permit CloudFront to access it as a direct result of this post.

Mapbox discusses how they cut costs dramatically by switching to ECS in conjunction with the use of spot instances, in the well-written but unfortunately titled We Switched to Amazon ECS and You Won’t Believe What Happened Next.

Statuspage has a comprehensive roundup of how to monitor AWS service availability. They offer a very handy overview of key concepts, including when you can and can’t trust AWS’s own status page; read more at AWS Status: The Complete Guide to Monitoring Status on the Web’s Largest Cloud Provider.

Choice Cuts From the AWS Blog

AWS X-Ray Update – General Availability, Including Lambda Integration - X-Ray (AWS’s application request tracer) is now “Generally Available,” which is either a good thing for people looking to use it, or a really crappy SLA statement.

Introducing an Easier Way to Delegate Permissions to AWS Services: Service-Linked Roles - Because IAM permissions weren’t complex enough, AWS now has a way to further confuse you with Service-Linked Roles.

Release: AWS Lambda on 2017–4–18 - Lambda now supports both tagging and Python 3.6; most folks care only about one of those, but it’s an even split as to which.

Amazon Redshift Spectrum – Exabyte-Scale In-Place Queries of S3 Data - Scratching beneath the surface of this exciting new announcement, it’s not at all clear what distinguishes this from Athena; both let you use SQL queries against unstructured data that live in S3. Indeed, when creating an IAM role for Spectrum, it requires full access to Athena services. I give up, Amazon: what am I missing?

Amazon DynamoDB Accelerator (DAX) – In-Memory Caching for Read-Intensive Workloads - 10x performance improvement to DynamoDB reads. If you’re read constrained on your DynamoDB workloads, take a look. With latencies now measured in microseconds instead of milliseconds, there’s never been a better time for you to brush up on the metric system.

New- Introducing AWS CodeStar – Quickly Develop, Build, and Deploy Applications on AWS - A template driven soup-to-nuts system to get projects from the idea phase to “start coding” across a wide variety of different stacks. So far the biggest concern from users has been the hidden commitment you’re making; the project you’re left with heavily leverages many of AWS’s services. If you want to use Travis or Jenkins instead of CodeDeploy, or GitHub instead of CodeCommit, then this service isn’t for you.

Amazon Lex – Now Generally Available - Amazon has released their conversational interface service. If you miss the days of arguing with Microsoft Clippy, happy days are indeed here again.

Announcing the AWS Chatbot Challenge – Create Conversational, Intelligent Chatbots using Amazon Lex and AWS Lambda - Now that Lex is generally available, Amazon is launching a contest to get folks using it. Be sure to sign up to participate in the AWS Platform Lock-In Invitational.

EC2 F1 Instances with FPGAs – Now Generally Available - Debuting in us-east–1, these offer huge performance boosts to some workloads, albeit at a price: programming FPGAs is non-trivial. As a rule of thumb here, “fascinating for what implies for the future, but if it’s a fit for your workload today, you probably know it already.”

Amazon Rekognition Update – Image Moderation - AWS’s image detection and recognition service has gained a new feature: the ability to determine whether images are inappropriate across a variety of subcategories. Sadly for readers who are either Puritans or joining us from that town in Footloose, “Dancing” is not one of those subcategories.

Amazon Polly – Announcing Speech Marks and Whispering - AWS’s text-to-speech platform gains both the ability to sync up specific words with specific actions (think “syncing an avatar’s animation so its mouth aligns with what it’s saying”), as well as offering a “whispering voice” that’s the most disturbing thing Amazon has announced to date…

Sign up Today – Preview of Amazon Aurora with PostgreSQL Compatibility - …unless you’re an Oracle executive. It’s hard to interpret this as anything other than a direct shot across Oracle’s bow in light of the Summit keynote’s emphasis on how straightforward the Oracle to Postgres migration process was.

Announcing SaaS Contracts, a Feature to Simplify SaaS Procurement on AWS Marketplace - Here’s one for the business folks. Now you can buy or sell SaaS products in models other than “by the hour.” With monthly, 1 year, and 3 year options, buying software through the AWS Marketplace now offers all the ease, simplicity, and easy predictability of purchasing a few million dollars’ worth of Reserved Instances.

Announcing VPC Endpoints for Amazon DynamoDB, Now in Public Preview - Two years after AWS debuted VPC endpoints for S3, a second service now offers them in a limited preview. At this rate, Amazon’s rollout of VPC endpoints for all its service offerings should be completed roughly three weeks after the Earth crashes into the Sun.

Tools

OpsDash offers up some custom “glue” tools for monitoring size and object counts of S3 buckets in Using CloudWatch to Monitor AWS S3 Buckets. This nicely ties together existing monitoring solutions around an area that most people largely ignore.

If you write a lot of custom resources in CloudFormation, take a look at this python wrapper; it takes a lot of the drudgery out of the process.

Tip of the Week

It’s not clear whether this is a permanent change or a temporary aberration, but for the time being it’s half as expensive to transfer data back and forth between us-east–1 (N. Virginia) and us-east–2 (Ohio) than it is to transfer between two AZs in the same region. It’s a bit of work to tease out of the Data transfer section of the EC2 pricing page, but a quick breakdown distills as follows:

Scenario Outbound Cost Inbound Cost Total cost
Same region, different AZs $0.01 / GB $0.01 / GB $0.02 / GB
Different regions $0.02 / GB $0 $0.02 / GB
Ohio <--> Virginia $0.01 / GB $0 $0.01 / GB

As a result you can thus get large scale data transfer between regions at half the cost of either same region multi-AZ, or multi-region elsewhere.

…and that’s what happened Last Week in AWS.

I’m Corey Quinn, a consultant specializing in helping companies fix their horrifying AWS bills. If you’ve enjoyed reading this, tell your friends (or post a link in your company Slack team) about it! As always, if you’ve seen a blog post, a tool, or anything else AWS related that you think the rest of the community should hear about, send them my way– just hit reply.