Last Week in AWS Logo


Good morning!

Welcome to issue number 53 of Last Week in AWS.

Last week was a zoo-- a lot of announcements at the SF Summit, while I appeared on the CUBE as well as AWS on Air. Grab a cup of coffee-- this issue is going to be lengthier than normal.

Next week's issue of Last Week in AWS could be sponsored by you! Last Week in AWS goes to  over 5,000 people-- and its newly launched companion podcast Screaming in the Cloud gets over 6500 listens per episode and is rapidly growing. If you've got an offering that our discerning readership may find interesting, hit reply and let's chat.

Community Contributions

I like thoughtful deep-dive pieces as much as anyone else, but every once in a while I like finding gems like this one. It doesn't purport to do anything other than teach you how to easily delete large S3 buckets.

Jennine Townsend guest posts on Alestic.com to discuss AWS Documentation.

Even by my standards, How F'd is AWS CLI/API is a bit salty. Good lord...

A great story about securing AWS access keys intelligently from the Grofers engineering blog. I like the idea of restricting IP ranges for key usage...

A description of AWS DR concepts in the context of a zombie apocalypse. Unfortunately it goes in a different direction than "which AWS service is likeliest to be patient zero." Hit reply and tell me which service that would be.

A great reference to what AWS (and by extension, cloud computing) is for beginners. It's one of the better basic introductions to AWS I've found.

Last week I was fortunate enough to have Kyle Rankin of Puri.sm as my guest on Screaming in the Cloud, in Episode 4: It's a Data Lake, not a Data Public Swimming Pool.

Choice Cuts From the AWS Blog

Amazon Connect Automated Outbound Calling is Now Generally Available - Normally I don't give a toss about Amazon Connect, but I had to stop and marvel at the wording of this announcement. Look at how carefully worded every sentence is to avoid the base-case for this application: "we built you a telemarketing spam cannon."

Amazon QuickSight Adds New Data Connectors to Popular Business Apps and JSON - Quicksight is one of those weird services that feels like the least-favorite stepchild that got locked in the cupboard for too long and someone forgot to feed. "Oh crap!" exclaims Amazon, and quickly updated it to support a lot of handy tools last week.

Amazon CloudWatch Metric Math - Hey, what the heck Amazon?! I WAS TOLD THERE WOULD BE NO MATH

Amazon EBS Adds Support for Tagging EBS Snapshots Upon Creation and Resource-Level Permissions - Tag-on-create is huge, and sunsets a bunch of janky code that applies tags to EBS volumes after the fact. Finally.

Amazon EFS Now Supports Encryption of Data in Transit - ♪ ♫ ♬ Encrypt your fie chunks / Go home EFS you're drunk / You're still NFS to me... ♪ ♫ ♬

Amazon S3 Select Is Now Generally Available - You can now return partial results from large S3 objects-- this is a big win for speed and cost.

Amazon Transcribe is Now Generally Available - With Transcribe being GA and fairly inexpensive, I don't get why more podcasts aren't offering full transcriptions. (In the interest of transparency, while Transcribe is awesome, Screaming in the Cloud still features human transcription for the time being.)

Amazon Translate is Now Generally Available - Translate lets you translate between a handful of languages at very low cost. Unfortunately, most YouTube comments are still written in no language known to humankind.

Announcing S3 One Zone-Infrequent Access, a New Amazon S3 Storage Class - A new low priced tier to replace the deprecated reduced redundancy storage tier. This is a great fit for data you infrequently access, for which "part of a major city is now a smoking crater" is a valid excuse for data loss.

AWS Batch Adds Support for Automatic Termination with Job Execution Timeout - Batch jobs can now self-terminate when their work done. This isn't generally something employees should aspire to.

AWS Lambda Supports Node.js v8.10 - "We'd love new Lambda runtimes" isn't generally interpreted to mean "a newer version of Node," but that's why it's important to clearly articulate your wishes so the genie / monkey-paw can't screw with you.

AWS Serverless Application Model (SAM) Implementation is Now Open-source | Amazon Web Services - Well I feel ridiculous; I thought the Serverless Application Model defined a spec-- but it goes beyond that. I may have to do a bake-off between SAM and the Serverless Framework. Now that SAM is open source, expect to see other players in this space begin to weigh in.

Introducing AWS Certificate Manager Private Certificate Authority - You can now pay AWS to help you inflict browser certificate warnings on your userbase.

Introducing AWS Firewall Manager | Amazon Web Services (AWS) - There's now a (second) AWS service with the word "Firewall" in its name-- meaning you're allowed to talk about it at next week's RSA conference.

Introducing AWS Secrets Manager | Amazon Web Services (AWS) - This service is awesome, not only because it's a great answer to how to handle rotation of sensitive credentials fleet-wide, but because the name of the service is also somebody's job title. Somewhere in Seattle someone misinterpreted "AWS Secrets Manager now generally available" as "you're fired" and had a minor heart attack.

New Multi-Account, Multi-Region Data Aggregation Capability in AWS Config - AWS Config finally has an answer to "what's going on in other regions" besides "new phone, who dis?"

Classify sensitive data in your environment using Amazon Macie | AWS Security Blog - Macie is a great attempt at helping to stem the tide of S3 Bucket Negligence awards. I really wish they'd run this automatically for publicly exposed buckets, but alas... That said, my biggest problem with Macie is its pricing model; at $5 per gigabyte processed, I think I can implement this more cost effectively by underpaying college students.

Tools

Ben Kehoe has released faas-form, a command line tool that invokes self-describing Lambda functions.

Perhaps you use CloudFormation or Terraform to manage AWS resources. Perhaps you should get off my lawn and use Makefiles like we did back in my day.

Annoyed that you can't inline Python code in CloudFormation when it exceeds the 4K limit? Use lambda-smush-py to get around that problem, and horrify your friends,

Okay, I'm impressed. I get that the community iterates rapidly, but releasing Summon the same day as the service it's integrated with was released is nothing short of astonishing.

Terrible Tip of the Week

...and that's what happened Last Week in AWS.

I’m Corey Quinn. I help people significantly reduce and understand their AWS bills and speak broadly on the conference circuit. I advise companies doing interesting things in the cloud space, such as ReactiveOps.

If you've enjoyed reading this, tell your friends to sign up at lastweekinaws.com (or post a link in your company Slack team!) about it. As always, if you've seen a blog post, a tool, or anything else AWS related that you think the rest of the community should hear about, send them my way. You can either hit reply-- or join the #lastweekinaws channel on the og-aws Slack team.

List archives are always available at https://snarkive.lastweekinaws.com/