Last Week in AWS Logo

Good morning!

Welcome to issue number 99 of Last Week in AWS.

The internet seems to have lost its mind this week with the news that Lyft is paying $300 million over three years for AWS services. "They could save a lot of money if they just--" is the rallying cry of a lot of these takes, and they're almost universally wrong. I have a threadtwoot on the topic and I'll draft something longer form about it at some point, but the takeaway here is that there's nothing simple at this scale, and that's not a ludicrous amount of money for what Lyft does. Perhaps assume that the folks savvy enough to build Lyft and take it public maybe did some rudimentary cost/benefit analysis on a nine-figure line item before it wound up in their S-1?

I'll be at SCaLE17x this week; if you're in Pasadena, let me know. I'm giving at least two talks and making a fairly large nuisance of myself...

This week’s issue is sponsored by DigitalOcean - the cloud platform for those who aren’t fans of being blindsided by their cloud bills every month. They’ve got a fantastic guide up on their community section about the pros and cons of database sharding. If you don’t know what that is yet or if it’s something you’ve been thinking about doing you should absolutely check it out. It’s nice that they include some database optimization tips in there that you should be doing anyway. Thanks again to DigitalOcean for continuing to sponsor this newsletter and sharing the knowledge.

Community Contributions

Maish Saidel-Keesing has launched ami-has-3-syllables.online. The name is confusing, I don't understand the point of it, and the design of the page is atrocious--in other words, he's built a perfect representation of an initial launch of an AWS service. Well done.

I don't often write about .NET and other Microsoft technologies here for the simple reason that I neither know nor care about them. That said, here's a great writeup on AWS Lambda for .NET Developers.

A Reddit post led to a discussion of AWS service limits. Everything at this scale needs limits or randos with weird use cases will take your service down. Relatedly, if you pay $100 a month for business support you can open AWS support cases via API. That API is rate limited to ten an hour the last time I checked, but that's still 7,440 in a 31 day month if someone's got a point to prove.

This week's winner of the PEST (Public ElasticSearch Trophy) is Dow Jones. At least it wasn't a S3 Bucket Negligence award...

A post on using Lambda to test web performance in parallel on a budget

A guide to Frugal AWS Usage: Saving Money while using AWS, with an eye towards cost containment.

AWS has moved beyond delegating product announcements to "the forums" and into "telling folks about changes and having them tweet about it." The short version is that you don't have to ask permission to pen test on AWS anymore.

Huawei Frightens Europe's Data Protectors. America Does, Too - Bloomberg - Bloomberg* talks about Amazon's potential regulatory troubles on the horizon in Europe after the passage of the US CLOUD act.

    * Bloomberg, of course, is the publication that published “The Big Hack” in October — a sensational story alleging that data centers of Apple, Amazon, and dozens of other companies were compromised by China’s intelligence services. The story presented no confirmable evidence at all, was vehemently denied by all companies involved, has not been confirmed by a single other publication (despite much effort to do so), and has been largely discredited by one of Bloomberg’s own sources. By all appearances “The Big Hack” was complete bullshit. Yet Bloomberg has issued no correction or retraction, and seemingly hopes we’ll all just forget about it. I say we do not just forget about it. Bloomberg’s institutional credibility is severely damaged, and everything they publish should be treated with skepticism until they retract the story or provide evidence that it was true. (Ed: My thanks to John Gruber for writing this well-researched blurb on Daring Fireball; it's pitch-perfect.)

A guide that takes you by the hand and hurls you into the dumpster of encrypting secrets with KMS.

Are you a DBA? Of course you aren't, you'd have rage-unsubscribed from this newsletter ages ago if you were. Pass this RedShift guide for DBAs to a DBA that you love, tolerate, or simply know.

I got to speak with a GM and a VP at AWS about DocumentDB. All three of us were in the same room, and I didn't even get my nose broken in the process. Listen to our shenanigans on Screaming in the Cloud Episode 50: If You Lose Data, Your Company is Having a Very Bad Day.

Jobs

Put down your coffee before you do a spit take on this one--have you considered working for AWS? No, I'm serious. Take a look at the AWS AI team; they're hiring smart people all over the place to help build the future. I talk a lot of smack about most AWS service teams, and the AI team more than most, but they've got hard problems, they're good people, and most of them aren't robots bent on dominating the world; that's the team in subbasement 6 of their LowFlyingHawk building. Watch out for those folks. My thanks to AWS Recruiting for suspending their better judgement and sponsoring this ridiculous newsletter.

Choice Cuts From the AWS Blog

This issue is sponsored in part by N2WS. Good news AWS users! Our latest release allows you to switch off groups of EC2/RDS instances like you'd switch off the lights —because saving your AWS is kinda our thing (you're welcome 😊). Download our free (newly-updated) AWS Cost Optimization guide to find out more!

Amazon DocumentDB (with MongoDB compatibility) now supports new features for aggregations, arrays, and indexing - DocumentDB grows ever more webscale. You can determine the import of these feature enhancements by the volume of shrieking coming from the official MongoDB corporate blog about them.

Amazon RDS for Oracle Now Supports Amazon S3 Integration - Well this is one to remember. At some point someone's gotta tell the AWS folks that it's not "firing warning shots" at Oracle when you're aiming right between the eyes.

Amazon Connect Simplifies Adding AWS Lambda Functions to Contact Flows - "Yeah Robin, but what if instead of fixing the problems we just hook the thing up to Lambda and then customers can solve the problems themselves?"

Amazon DynamoDB adds support for switching encryption keys to encrypt your data at rest - Super difficult to pull this off, super irrelevant for any real-world use case, absolutely necessary for some compliance checkboxes.

Amazon MQ is Now Available in the Europe (London) Region - It would appear that Brexit may not be the only calamity to befall the UK this month.

AWS CloudFormation Coverage Updates for AWS RAM, AWS Robomaker, Amazon ApiGateway, and more - Once upon a time as a teenager I overslept for a job's 9AM start time. I set an alarm, it didn't go off, and I woke up at 3PM. That's just a delightful personal anecdote, and not a ham-fisted metaphor for these very delayed CloudFormation updates.

AWS Single Sign-On is Now Available in Seven More Global Regions - Introducing AWS Septuple Sign-On.

Cypress CYW943907AEVAL1F and CYW954907AEVAL1F are Now Qualified for Amazon FreeRTOS - Well there's concrete proof that there are in fact companies worse than AWS is at naming things.

Resource Groups Tagging API Supports Additional AWS Services - At some point, the Tagging team is going to wake up to the grim reality that "hey, maybe customers would want this other service to support tags, too!" is the wrong way to go about things.

Using AWS Lambda and Amazon SNS to Get File Change Notifications from AWS CodeCommit | AWS DevOps Blog - I like this approach. Usually the way I'm notified that a particular file has changed in git is by my boss shrieking at me in terror when it's discovered.

AWS Developer Forums: Now add upto 1000 security group rules per network interface - This is a super handy change that got missed last week, largely because the AWS Developer Forums are about as heavily trafficked as the hallway leading to Facebook's Ethics Office.

Tools

Learn Kubernetes in one hour (and then spend a lifetime trying to forget it!) with this on-demand workshop hosted by Christian Meléndez (Cloud Architect at Equinix) and Dave McAllister (Community Guy at Scalyr). They show live code, command examples and K8s puns during the workshop, and share the most common challenges organizations face when running containers with Kubernetes. They also highlight common areas to consider when monitoring Kubernetes. Get the recording..

Kira Hammond has built a AWS Solutions Update Feed, which is exactly the kind of thing you'd expect Amazon to have launched themselves until you get to know Amazon a little bit better and then realize it's time to build it yourself from spit, bailing wire, and duct tape.

A Common Lisp Lambda runtime seems pretty uncommon to me.

The sheer spelling of Knative Lambda Sources should be enough to turn most of you off.

This is a nifty tool that displays AWS latency between regions based upon the previous 24 hours of collected data. Fascinating.

…and that’s what happened Last Week in AWS.

I’m Corey Quinn. I help people significantly reduce and understand their AWS bills and speak broadly on the conference circuit. In addition to this newsletter, I host the Screaming in the Cloud podcast about the business of cloud computing, featuring me talking to folks who are good at things; it's a nice contrast.

If you’ve enjoyed reading this, tell your friends to sign up at lastweekinaws.com (or post a link in your company Slack team!) about it. As always, if you’ve seen a blog post, a tool, or anything else AWS related that you think the rest of the community should hear about, send them my way. You can either hit reply– or join the #lastweekinaws channel on the og-aws Slack team.

List archives are always available at https://snarkive.lastweekinaws.com/