Last Week in AWS Logo

Good morning!

Welcome to issue number 54 of Last Week in AWS.

AWS Evangelist and reluctant friend-of-the-newsletter ("AHH! STOP CALLING ME THAT! WE'RE NOT FRIENDS!") Randall Hunt is leaving sunny Los Angeles to go spend more time with his Cloud in Seattle, writing blog posts. We'll miss him on the speaking circuit, but enjoy being able to read his work over our morning coffee.

This week has me in Denver for DevOps Days Rockies where I'm giving two talks, followed by a fun event on Thursday where I talk about the Myth of Cloud Agnosticism at the Boulder Kubernetes Meetup. If you're in the greater Denver area, stop by / hit reply and let me know you're around. I'll have Last Week in AWS stickers for you.

Community Contributions


Last week I got to chat with Nell Shamrell-Harrington of Chef, talking about Habitat and other cloudy things, in Screaming in the Cloud Episode 5: The Last Mainframe with a Kickstart and a Double Clutch.

I missed this when it first came out-- it's a thorough dive into the revamped AWS Spot Pricing Model's benefits and drawbacks.

A great resource for those of us who feel lost and confused when confronted by IAM concepts.

Eric Hammond thinks deep thoughts-- and shares them, this time about AWS Secrets Manager.

The application of Lambda functions to fight back against lazy GitHub practices is a great idea, and is likely to replace my current model of "screaming at people when they get it wrong."

Ken Hui goes into depth on a first look at AWS Secrets Manager. I've heard a fair bit of shade being thrown at it over the past week, so let me be very clear: if you've already got Vault / Chamber / SSM/Parameter Store / something else up and working for you, terrific-- AWS Secrets Manager isn't for you. It's for folks who don't want to spend a month or six of engineering time to securely manage passwords and such.

I find the idea of deleting old tweets with Lambda to be interesting. In my case, it's not for privacy protections or other high-minded reasons, but because most of my old tweets are garbage.

An interesting take on Lessons Learned using AWS Lambda as Remediation System. I take some issue with a few of the caveats pointed out, but overall it's not only a great dive into how to use Lambda in the real world for an interesting use case, but how folks outside of the Serverless bubble perceive these platforms.

Holy crap. If I told you to put this newsletter down right now and add a wildcard domain to all of your CloudFront distributions immediately, would you think I was out of my tree? What if I told you it was a severe security issue?

Amazon has significantly expanded their Best Practices page for DynamoDB (motto: "It's not a database, despite the name!"). There are some handy tidbits here if you're using that particular datastore.

A well written introduction to managing AWS with Terraform. If you're curious about managing your environment via infrastructure as code, but are too embarrassed to ask how that can be done, this is a great onramp.

A great dive into a service that I maintain most folks aren't paying enough attention to-- AWS Greengrass .

On the one hand, I find that Lambda cost optimization articles explore interesting areas. On the other, most folks I talk to aren't seeing Lambda as being sufficiently large as a percentage of their bill to be worth an optimization deep dive yet.

Werner Vogels reflects on 10 years of compartmentalization at AWS. Unfortunately from where I sit, it's got more to do with technical compartmentalization of things like Availability Zones, and less to do with the organizational compartmentalization that leads to entire services being launched without CloudFormation support.

Werner Vogels pontificates on the "why" behind Fargate. I'm not sure I agree with him entirely, but it's at least a glimpse into how AWS leadership sees these things.

Using Fargate and Kubernetes together is a fascinating idea; "burst capacity" to Fargate while your EC2 nodes spin up and configure is also a really neat concept.

As much fun as it is to poke fun at the machine learning hype, Slalom customer Veripad uses Sagemaker to identify fake prescription drugs. This isn't just lifechanging-- it's life saving in many parts of the world. I'm very interested in similar use cases if anyone sees any.

This week's S3 Bucket Negligence award goes to TrueMove H, Thailand's largest 4G mobile operator.

Choice Cuts From the AWS Blog

Amazon Aurora with PostgreSQL Compatibility Supports Fast Database Cloning - Fast cloning comes to Postgres/Aurora a while after it came to MySQL. "Give me a copy of the production database for testing" has never been simpler / more dangerous.

Amazon ECS provides ECS-Optimized AMI metadata via SSM Parameters - Scratching beneath the surface of that meaningless headline, what it means is that you can tell AWS to spin up an ECS cluster using, in plain English, "the latest AMI for that workload." Virtually every shop out there has a pile of code to identify which AMI to use; this hints at a brighter future of being able to just say "use the one I've blessed."

Amazon ElastiCache for Redis Introduces New CPU Utilization Metric For Better Visibility Into Redis Workloads - If you're a sad Redis user on AWS, you're still going to be sad-- but at least now you'll have a better idea exactly why.

Amazon WorkMail Introduces New Ways to Share Mailboxes - In my first Linux admin job I had to set stuff like this up. I'm terrified that it's still a common enough pattern that AWS has to support it over a decade later.

AWS AppSync now Generally Available (GA) with new GraphQL Features - AppSync is worth take a quick look at; it's got some handy features built in, regardless of whether or not you need GiraffeQL support.

AWS Glue now supports Timeout Values for ETL jobs - Wait. People have been complaining about Lambda's hard limit of 300 seconds for a while now, but Glue would cheerfully run stuck jobs until the earth crashed into the sun? Who can keep up with all of this?!

Replicate AWS CodeCommit Repositories between Regions using AWS Fargate | AWS DevOps Blog - If you're annoyed by a feature gap in an AWS service, rest assured there's at least a consistent answer from AWS: "Sucks to be you, go write it yourself in Lambda / Fargate." While I appreciate the flexibility that these services provide, I'm a little less keen on turning a weakness into an attempted marketing win.

Tools

This handy tool removes the wordy crap from your CloudWatch logs. Be careful-- it'll blow away things you care about if you're not judicious with it. You may wish to consult with your compliance people.

awless had a new version come out last week. It's worth a gander if you appreciate things like offline support for queries, useful ssh wrappers, and other treats that the official awscli doesn't support.

...and that's what happened Last Week in AWS.

I’m Corey Quinn. I help people significantly reduce and understand their AWS bills and speak broadly on the conference circuit. I advise companies doing interesting things in the cloud space, such as ReactiveOps.

If you've enjoyed reading this, tell your friends to sign up at lastweekinaws.com (or post a link in your company Slack team!) about it. As always, if you've seen a blog post, a tool, or anything else AWS related that you think the rest of the community should hear about, send them my way. You can either hit reply-- or join the #lastweekinaws channel on the og-aws Slack team.

List archives are always available at https://snarkive.lastweekinaws.com/