Last Week in AWS Logo

Welcome to issue number 75 of Last Week in AWS.

This week I'm in Boston to speak about cloud bills at CloudHealth's Connect user summit. If you're around, let me know. Next week, I'll be in Birmingham to attend an AWS user group.

Instrumenting your CD system with Kubernetes is a great thing to build yourself, provided you've got a half dozen engineers who aren't doing anything else for the next few months. For the rest of us, there's GoCD's native Kubernetes integrations. Thanks to GoCD / ThoughtWorks for their sponsorship of this newsletter.

Community Contributions

This deep dive and fairly technical post discusses how to build a Data Continuity Service for DynamoDB. Effectively it answers the question "how do you keep your data in the event of a total account compromise." For some of you, that's got to be incredibly useful.

There are a few ways to make Lambda packages. This article explores doing it with Docker.

A quick tutorial on hooking Lambdas together via SNS. They're good patterns, Brent.

Using S3 as a scheduler is interesting, but be aware that you're going to cost yourself $17.52 a month in S3 API request charges by using this pattern. You generally want to use 'at' on a server for an "execute once at a given point in the future" pattern.

I wrote a blog post that's fairly meta-- it explores how I use AWS CodeBuild as a Publishing Platform.

Landing Zone is a good first party system for managing multiple accounts. This analysis goes into some depth on the offering-- but the consensus seems to be to wait until it improves a bit before seriously rolling it out, if you can afford to wait.

A fairly technical deep dive into escalating privileges in the cloud.

Runbook talks about how they were able to reduce their Lambda bill by using Go. Some of these lessons apply beyond specific languages...

If you’ve ever accidentally desecrated an ancient gravesite, you may be forced to use WorkMail and SES for the rest of your natural life. This blog post tells you how to get that working across multiple regions.

A neat approach to recovering images at significant scale via the magic of S3 versioning.

If I said "Amazon is looking to potentially build a region in Chile to mine astronomical images so that they can better deter shoplifters," you could be forgiven for assuming I'd been taken over by a chatbot, but that's what this Reuters article says.

In a sign that I've finally "made it," Jeff Barr mentioned me in his weekly video roundup. These new S3 bucket rules must be working; we aren't seeing nearly as many S3 Bucket Negligence Awards in recent months...

This week sponsor DigitalOcean points us to a serverless story--specifically, a walkthrough of deploying OpenFaaS with Kubernetes and Ansible This is something I may have to give a try soon...

Choice Cuts From the AWS Blog

AWS CodeBuild Adds Ability to Create Build Projects with Multiple Input Sources and Output Artifacts - "So your CodeBuild project grabs sources from CodeCommit, GitHub, and S3, then runs the build and stores artifacts in multiple S3 buckets? What the hell is it building?" "The digital equivalent of a SuperFund site."

Amazon API Gateway Adds Support for AWS X-Ray - Being able to peer inside of API Gateway is like peering into a finely made Swiss watch. It's incredibly intricate, defies mortal understanding, and has an instruction manual written entirely in Swiss-German.

Amazon EKS Available in Ireland - The "luck of the Irish" has run out, as EKS arrives to darken Irish shores.

Amazon S3 Announces New Features for S3 Select - S3 Select goes beyond CSV and JSON and now supports Parquet, which is similar to free-running except that--oh I'm sorry, that's parkour.

AWS Batch Now Supports z1d, r5d, r5, m5d, c5d, p3, p3d, and x1e Instance Types - I've edited this headline and added an instance family that doesn't really exist. Can you spot it without clicking?

Compute Abstractions on AWS: A Visual Story | AWS Architecture Blog - Massimo Re Ferre knows two things with crystal clarity-- everyone responds differently to different representations of AWS abstractions, and that Starbucks will never, ever spell his name correctly on a cup of coffee. It's always a question which he'll write about-- find out which in this article on the AWS architecture blog.

Extending AWS CloudFormation with AWS Lambda Powered Macros - As best I'm able to surmise, this means you can transform your wordy CloudFormation templates with inscrutable Lambda functions to generate something you can't reproduce that apparently escaped from the Lake of Fire.

AWS Compliance Center for financial services now available - "You know what our biggest problem is here at AWS?" "Financial companies have to search high and low for our compliance documents because they're all in one place?" "Sure, okay. I was going to say 'we don't have anything named Atlas like Hashicorp, Stripe, Boston Dynamics, Lawrence Livermore National Lab, Netflix, O'Reilly, CERN, Facebook, RIPE, or Greek Mythology do,' but we can kill two birds with one stone here." "Can we call its rollout 'Project Phoenix?'"

Visualizing Amazon GuardDuty findings | AWS Security Blog - And it's so easy-- only 32 distinct steps for you to implement by my count!

Tools

Could you use an arsenal of AWS security tools? Of course you could. Please wield them responsibly.

If you need to work with a bunch of AWS accounts at once and don't relish the thought of building for loops, mac isn't a half bad starting point.

Flywheel is an HTTP proxy for starting and stopping AWS instances. Handy for cost control purposes.

A handy HTTP basic auth Lambda for use on API Gateway. I'm torn between liking this and annoyed that it's not built in to API Gateway in the first place.

There are a lot of calculators out there for various AWS services. The Lambda Scaling Calculator is a bit different-- it tells you how likely you are to run out of Lambda capacity based upon various metrics you input.

…and that’s what happened Last Week in AWS.

I’m Corey Quinn. I help people significantly reduce and understand their AWS bills and speak broadly on the conference circuit. I advise companies doing interesting things in the cloud space, such as ReactiveOps.

If you’ve enjoyed reading this, tell your friends to sign up at lastweekinaws.com (or post a link in your company Slack team!) about it. As always, if you’ve seen a blog post, a tool, or anything else AWS related that you think the rest of the community should hear about, send them my way. You can either hit reply– or join the #lastweekinaws channel on the og-aws Slack team.

List archives are always available at https://snarkive.lastweekinaws.com/