Welcome to the ninth Issue of Last Week in AWS.
This week we’re off to the races, as a horse named “Cloud Computing” won the Preakness Stakes. Now more than ever, it feels like moving things to the cloud is betting on the right horse.
A followup to their post a couple of months ago, Segment goes into deep detail around their approach to going far beyond what AWS’s native metrics expose.
An alarming wake-up call comes from Rhino Security, where they demonstrate just how many S3 buckets have improper permissions. GovCloud appears to be particularly prone to misconfiguration.
A demonstration of how to autoscale DynamoDB with Lambda came out last week, because everything’s better with a little Lambda sprinkled on top.
A good quick-fix for going multi-region for S3 failover. I like this one, as it includes CloudFront.
Planning continues for the AWS Community Day in San Francisco next month. I’ll be there, as well as speakers you’d actually want to listen to. If you’re in the area, make sure to stop by and say hello.
AWS HIPAA Program Update – Removal of Dedicated Instance Requirement - You no longer need to spend extra for dedicated tenancy to comply with HIPAA in EC2. You still have many other compliance obligations, as you’ll find… HIPAA bottomless.
Introducing Auto Scaling Resource-Level Permissions - IAM permissions for autoscaling groups just got a lot more granular; you can now limit different people to specific instance types, limit how far they’ll scale, and keep that one troublesome engineer from blowing things up accidentally. We all remember what happened the last time you tried to “fix” an autoscaling group, Chris. Yes, I’m talking to you.
Announcing New CloudWatch Metrics for VPN Tunnels - If you’ve ever had to have a three way conference call between AWS support and your flaky telecom provider, this is your moment. (In fairness to AWS’s technical acumen, those calls always seem to devolve into AWS Support taking the ISP rep to Networking School.) You now have metrics to point at to help convince your ISP that the problem isn’t on AWS’s end– but you can still expect to spend four hours on hold proving it.
EC2 Instances with 4–16 TB of Memory are on the Roadmap - I’m not even sure what to do with that much RAM, other than deploying SAP HANA, some very large in-memory database work, or running the Slack desktop client.
Updated AWS SOC Reports Include Three New Regions and Three Additional Services - Updated SOC reports are either fantastically useful to your business, or about as interesting as watching linoleum curl. For those in the former group, AWS has some light reading available for you. For those in the latter group, tuck this one away. Someday you may be asked to justify using someone else’s environment to host things you care about; these reports are great to throw at auditors to make them leave you alone.
A handy toolkit and step-by-step to running Go inside of Lambda; this one’s a bit older, but it was new to me.
CloudWatch logs are great, once you translate them into something a bit more readable. Take a look at CloudWatch for Humans.
If you’ve been using AWS for a while, you likely are still using legacy tools, like the RDS CLI, or the Java
ec2 binaries. Don’t do that; they’ve both been deprecated by the unified awscli tool, which supports new features. I thought I’d migrated all of my tooling over, but tripped over an exception last week; ideally this helps someone else out there.
…and that’s what happened Last Week in AWS.
I’m Corey Quinn, a consultant specializing in helping companies fix their horrifying AWS bills. If you’ve enjoyed reading this, tell your friends to sign up at lastweekinaws.com (or post a link in your company Slack team!) about it. As always, if you’ve seen a blog post, a tool, or anything else AWS related that you think the rest of the community should hear about, send them my way. You can either hit reply– or join the #lastweekinaws channel on the og-aws Slack team.