Welcome to issue number 39 of Last Week in AWS.

Happy Holidays. I recited an AWS version of “The Night Before Christmas” if you’re into that sort of thing. There may or may not be an issue next week-- it depends upon whether or not this week throws off enough AWS content. 

This week’s issue is sponsored by your white-hot rage at the various things I’ve said over the past year. Techtonica is a non-profit that partners with tech companies to provide free tech training, living stipends, and job placement to women and non-binary, feminine-adjacent adults in need in the Bay Area. If I’ve said something in the past few dozen issues that’s annoyed you, offended you, or just plain made you want to deck me, hit me where it hurts– in my wallet. I’ll be matching the first $2,000 of donations made by December 31st; send a copy of your receipt to and I’ll double your tax-deductible donation.

It’s a good cause, it’s a tax deduction, and it forces me to give away money I’d otherwise spend on a production run of AWS-mocking holiday ornaments next year:

AWS Ornament

Community Contributions

This well-curated list of Lambda resources is an incredible source of knowledge, and is sure to give rise to the growing consensus that everyone else is doing things incorrectly. We’re not quite at a place where best practices have emerged– but we’re getting closer!

Stripe Engineering weighs in on their journey towards learning to operate Kubernetes reliably. There’s a lot of good stuff buried in here!

We end this year’s run of company-shaming with arguably the most egregious S3 Bucket Negligence Award yet. Nobody– Alteryx, Experian, or AWS comes out of this one looking good.

Choice Cuts From the AWS Blog

Amazon API Gateway Supports Content Encoding for API Responses - This is a fancy way of saying “We support gzipping your responses now!”

Amazon API Gateway Supports Tagging API Stages - Big news for those of you using API Gateway– you can now allocate costs to different API stages. Like so many things in costing, this is a double edged blamesword.

Amazon CloudWatch Now Supports Service-Linked Roles for EC2 Actions in Alarms - That wordy title distills down to “AWS can now restart or stop instances when error thresholds are met.” This opens the door to both fascinating remediation actions and hilarious failure modes that in retrospect were obvious.

Amazon Kinesis Data Analytics can now Output Real-Time SQL Results to AWS Lambda - It’s good to know that hurling database output across the internet at random is still a modern architectural choice. I was worried.

Amazon Redshift Introduces Late Materialization for Faster Query Processing - “Late materialization” sounds like a problem with a Star Trek transporter.

Amazon Virtual Private Cloud (VPC) now Allows Customers to Tag Their Elastic IP Addresses - At long last you can tag elastic IP addresses. Don’t worry– you can’t allocate cost based upon them, like a human being might want to do. Maybe next year…

Announcing the AWS EU (Paris) Region - The Paris region has officially launched, marking the first time where I won’t rant like a lunatic over a word pronounced “ah-mee.”

AWS OpsWorks is Now Available in Nine Regions - OpsWorks becomes increasingly OpsWorkable, with more regions and Puppet Enterprise support.

AWS Organizations Enhancements - Now you don’t need to contact AWS support to remove an account from your AWS Organization. I like to imagine that this feature was championed by an AWS Support employee who after hundreds of these tickets finally snapped and started taking hostages until their demands were met.

AWS Support Center Redesigned to Offer Consolidated Support Resources - Another week, another web console redesign– this time of the support center. While badly needed, most users are likely to only discover this in a blind panic while attempting to fix an outage and confronted with an unfamiliar UI.

Circuit Breaking Logic for the Amazon ECS Service Scheduler - ECS now supports the “Circuit Breaker pattern,” which is developer-speak for “constant retry requests won’t beat your application to death.”

Lambda@Edge now Allows you to Customize Error responses From Your Origin - You can now dynamically craft error pages, personalizing your message to Sandra telling her that you’ve broken her request specifically.

Over-the-Air Updates for Amazon FreeRTOS Now in Beta - This is huge for those of you in the IoT space. Now you can update your Smart Things over the air, meaning it may be another financial quarter before my light switches suddenly stop working and start attacking random DNS servers.

Using Amazon CloudWatch and Amazon SNS to Notify when AWS X-Ray Detects Elevated Levels of Latency, Errors, and Faults in Your Application | AWS DevOps Blog - empty


This handy script tells you what public AWS IPs you have facing the internet.

A great pair of Lambda functions copy Redshift and RDS snapshots elsewhere, to better protect them from mistakes you might make.

Encrypt your local on-prem drives using KMS. It’s not for everyone, but it lets you tell a great compliance story for a few edge cases, in kms-cryptsetup.

…and that’s what happened Last Week in AWS.

I’m Corey Quinn. I’ve helped people significantly reduce their AWS bills and spoken broadly on the conference circuit, but what I’m good at and passionate about is strategic and tactical decision-making roles at growing startups. If your company is making strides in the tech industry and wants help thinking through these things, get in touch and let’s have a conversation,

If you’ve enjoyed reading this, tell your friends to sign up at (or post a link in your company Slack team!) about it. As always, if you’ve seen a blog post, a tool, or anything else AWS related that you think the rest of the community should hear about, send them my way. You can either hit reply– or join the #lastweekinaws channel on the og-aws Slack team.

List archives are always available at