Welcome to the seventh issue of Last Week in AWS.

Last week a few things surfaced in Lambda related news, including an AMI search, increased concurrency limits, and someone figuring out how to get an active SSH session into the Lambda environment:

Community Contributions

A concise guide to speeding up your velocity is summarized at AWS Velocity Summary; while it’s still being written, what’s there so far is spot on.

A truly disturbing look at how deeply compromised an AWS account can be comes to us from last year’s Backdooring an AWS Account. Feel free to pause reading here to burn your existing AWS accounts to the ground.

Dedicated host types in EC2 now expose Performance Monitoring Counters; this is a fairly deep technical dive that I don’t pretend to fully grasp, but if you care about cloud performance analysis, take a look at Brendan Gregg’s The PMCs of EC2: Measuring IPC.

Some things are so horrifying that they come back around into being awesome again. In that vein, someone found a way to SSH into a Lambda Function. Please don’t do this in production.

Choice Cuts From the AWS Blog

Event: AWS Community Day in San Francisco - A free AWS sponsored event in San Francisco is now open for registration. A number of talks will be presented, including my own “And the CFO Wept: AWS Cost Control.” If you can attend the event, I highly suggest it.

EC2 Price Reductions – Reserved Instances & M4 Instances A modest price cut to RIs, as well as a few instance family specific enhancements (no upfront payment option for 3 year RIs, for instance) to the RI model. If any of these RI price cuts apply to instances you’ve purchased in the last three months, remember that it never hurts to reach out to your TAM and ask politely for a service credit. Bribery is also reputed to get great results.

AWS CodeDeploy now integrates with Elastic Load Balancer - Fresh from the department of “wait– you mean it didn’t do that already?” comes an integration that’s likely to relieve a lot of pain for a lot of people.

Roundup of AWS HIPAA Eligible Service Announcements - AWS announced a raft of additional services now support HIPAA. If you’re US based and suffered a massive heart attack when the AWS bill showed up last week, rest assured that there’s a good chance that any of your healthcare providers using AWS had proper privacy safeguards in place.

CoreOS and Ticketmaster Collaborate to Bring AWS Application Load Balancer Support to Kubernetes. I haven’t found the part where every new ALB charges you a convenience fee, but I’m sure it’s buried in there somewhere.

AWS Lambda Raises Default Concurrent Execution Limit - with Lambda now defaulting to limiting you to 1000 concurrent executions instead of 100, there’s never been a better time to claim to be a 10x engineer.

Tools

There’s a fantastic AWS API Overview available that lets you sort out the intricacies of every call you might want to make. Top right lets you pick the service; it defaults to S3. Unfortunately it appears not to have been updated recently; I’m hoping it comes out of hibernation.

Have a Lambda function that lets you search for AMI IDs by different criteria; great for ensuring you’re not using an ancient AMI.

Tip of the Week

S3 supports multi-part uploads. This is a great thing when you’ve got a large file to upload. However, if that upload fails, the multi-part uploads:

  • Won’t show up in any S3 object listing
  • Won’t be useful for anything
  • Will cost you money at normal S3 rates

It’s a good practice to set a lifecycle policy on any buckets that may have multi-part uploads sent their way that purges multi-part objects after a period of time, such as 7 days.

…and that’s what happened Last Week in AWS.

I’m Corey Quinn, a consultant specializing in helping companies fix their horrifying AWS bills. If you’ve enjoyed reading this, tell your friends (or post a link in your company Slack team!) about it. As always, if you’ve seen a blog post, a tool, or anything else AWS related that you think the rest of the community should hear about, send them my way– just hit reply.