Last Week in AWS Logo

Good morning!

Welcome to issue number 89 of Last Week in AWS.

Stockholm is a wonderful place; I was fortunate enough to visit seven years ago for a job interview with Spotify. Now AWS has launched a region there, and I'm starting to suspect that maybe I didn't get the job after all. I'm back from London and finishing out the year with as few disasters as possible. I've got some things in the works for Q1, including more AWS bill consulting. We'll see what the new year holds for the newsletter. If you have any thoughts, suggestions, want to thank or threaten me, please hit reply. It's good to hear from folks out there; I read every message I get!

DigitalOcean's managed Kubernetes service went live last week. I've been on vacation and haven't had time to do a hands-on dive into it yet, but given how DigitalOcean tends to bias for simplicity and ease-of-use, I expect good things. Thanks as always to them for their continuing support of this newsletter.

Community Contributions

If you want to access multiple AWS accounts (hi, fellow consultants!) with a single set of credentials, using OpenID isn't the worst plan.

https://cloudonaut.io/eat-your-own-dog-food-how-aws-leverages-serverless/ - Cloudonaut writes about how AWS uses API Gateway to run API Gateway. That feels terrifying, but I'm certainly no expert.

AWS quietly updates its documentation about read/write capacity concerns for DynamoDB on-demand. Because, y'know, this isn't the sort of thing that matters to enough people to focus on, when you've got to write blog posts about how a service nobody uses comes to a region nobody wants to use.

You can run a lot of things as a Lambda function. For your sins, here's how to do it with vim. At least it's guaranteed to quit in fifteen minutes.

It didn't take long for someone to take the new Lambda custom runtimes and talk about how to use Haskell.

I've been playing with Amplify a bit; it's got a learning curve to it. Fortunately, A Cloud Guru is here to make me feel ridiculous about how they use it with multiple Serverless environments.

A former boss of mine (no, not the one who only spoke in metaphor; Josh is solid) writes up his experiences playing with AWS's new a1 instances with awless. This is worth the read, and the approximately 30 cents you'll spend following along at home.

A fun writeup of how a company managed to speed up CI in AWS significantly. Some great performance tuning lessons in here.

Once-and-future Last Week in AWS sponsor Datadog releases some survey results about 8 emerging trends in container orchestration. Worth a read...

This is fascinating; AWS has released a public road map for its cloud container services. They've done this on GitHub, using Issues, and instead of announcing it in their blog, I have to link to an article on GeekWire. This feels like someone swimming strongly against the tide. I'd love to see more things like this; decisions AWS is making about its roadmap are meaningful to what customers choose to do today.

There are S3 Bucket Negligence Awards that compromise a lot of users, but this one affected 120 million Brazilian citizens. Yes, I phrased it that way intentionally.

Amazon engineer Tim Bray does a deep dive into serverless latency. This one's got something for everyone; deep content made accessible to humans. I love this article.

Choice Cuts From the AWS Blog

Amazon EKS Adds Managed Cluster Updates and Support for Kubernetes Version 1.11 - I'm slightly miffed that this is the most exciting container news to come out of AWS during KubeCon week.

Amazon Neptune Now In-Scope for PCI DSS and ISO Compliance Programs - Giraffe database compliance is now yours for a song.

Amazon SageMaker Automatic Model Tuning Now Supports Early Stopping of Training Jobs - I'm not one for car analogies, but you'd kinda thing "brakes" wouldn't be something you'd hold off on until Car v1.2...

Amazon SQS now Supports Amazon VPC Endpoints using AWS PrivateLink - Amazon Web Services - This is one of those "housekeeping" updates that means everything to folks who care about it. I wish there were a way to highlight more of these, and less of "AWS CatScratch Now Supports Siamese Cats in eu-north-1!" So far, this ridiculous newsletter is all we've got.

Announcing the AWS Europe (Stockholm) Region - If you're in Sweden, some data regulation requirements mean you can't host some things outside of the country. That changed last week. This was pre-announced a year or so ago, but went live last week.

AWS Certificate Manager Now SOC & PCI Eligible - It never occurred to me to check, but this apparently wasn't done until last week. Whoops.

Automate AWS IAM Permissions Analysis Using the New IAM Access Advisor APIs - IAM Access Advisor gets APIs finally. Meanwhile a good portion of AWS customers are still unaware that this is a thing.

Introducing AWS Resource Access Manager - Huh. This went live before re:Invent, but didn't get a blog post until now. I guess it wasn't able to get RAMmed through.

How to use the new Amazon DynamoDB key diagnostics library to visualize and understand your application’s traffic patterns | AWS Database Blog - I'm about to irritate some of my DynamoDB friends; the service is impressive, and one of my favorites. That said... look at this for a second. If I want to know "which items in my table are getting the bulk of the traffic," I get to install a Java library, pump its output to Kinesis Data Streams, piped over to Kinesis Data Analytics, then either a Lambda function outputting to CloudWatch, or Kinesis Data Firehose to an S3 bucket, then query it via Athena and display it in QuickSight. How... what... there's absolutely got to be something I'm missing here, because right now "install New Relic and call it a day" beats the crap out of this pattern--even with the New Relic "enthusiastic" pricing model.

New SOC 2 Report Available: Privacy | AWS Security Blog - I've thrown more than my share of arrows at AWS, and have a laundry list of service complaints I'll inflict upon everyone from product GMs to Twitter to random unfortunate strangers who happen to be sitting next to e on a bus--but I've never found anything to criticize in AWS's approach to privacy. This new SOC2 report showcases what they do in a way auditors can digest.

Tools

This is wonderful; flAWS2.cloud is now live, and gives you a hands-on tutorial about Lambda security. Go play and destroy things you care about!

AWS offers a neat Lightsail Workshop; if you're new to AWS, this is a terrific starting point.

…and that’s what happened Last Week in AWS.

I’m Corey Quinn. I help people significantly reduce and understand their AWS bills and speak broadly on the conference circuit. In addition to this newsletter, I host the Screaming in the Cloud podcast about the business of cloud computing, featuring me talking to folks who are good at things; it's a nice contrast.

If you’ve enjoyed reading this, tell your friends to sign up at lastweekinaws.com (or post a link in your company Slack team!) about it. As always, if you’ve seen a blog post, a tool, or anything else AWS related that you think the rest of the community should hear about, send them my way. You can either hit reply– or join the #lastweekinaws channel on the og-aws Slack team.

List archives are always available at https://snarkive.lastweekinaws.com/