Last Week in AWS Logo

Good morning!

Welcome to issue number 59 of Last Week in AWS.

First, before we start: If anyone's in Seattle this week, I'm hosting another meetup on Wednesday evening. Details and RSVP at TonightInAWS.com. (Yes, I own a lot of these domains...)

Last week I inadvertently started a firestorm on Twitter-- twice. The first was with my almost-accidental creation of the #awsdrinks hashtag. The second was by calling out an official AWS tweet about the inherent danger of using local timezones in RDS-- or within any database. My apologies to all those whose weeks I ruined.

But first, this week's issue is sponsored by DigitalOcean:
Digital Ocean Logo 
Looking for a high-performance cloud platform with no billing surprises? Always know what you'll pay each month on DigitalOcean with monthly caps and flat pricing across regions. Get started with a $100 credit. https://do.co/lastweek
 

Community Contributions

Cevo talks us through the recently released and incredibly handy Resource Tagging API. If you're doing creative work with cost allocation, this is required reading.

Cloudonaut talks about using Athena to clean up an S3 bucket. The fact that it's a really good approach to a very common problem instead of "look at this ridiculous idea!" should perhaps give the product roadmap people at AWS some food for thought.

Scott Piper gazes into the future of the S3 Bucket Negligence Awards and discusses what other AWS services are likely to become security flashpoints.

There's no facility inside of Xen hypervisor guests to expose memory usage, so collecting custom metrics from EC2 instances is the only way to sensibly expose that data. This article offers one approach to this.

Epsagon continues its exploration of Lambda internals. If you care about how Lambda function runtime environments are constructed, this is worth the read.

The inaugural REdeploy conference (exploring the intersections of resilient technology, organizations, and people) is coming to San Francisco this August. Last Week in AWS is proud to be a media sponsor. More to come on that in coming weeks...

Every once in a while I find an article that eloquently puts into words a thought that's been rattling around in my head. This week's puts a polite spin on my often-wondered WTF even is "Edge" computing...

Friend of the newsletter Datadog is having their Dash conference in New York on July 11-12. If it works for your schedule, I strongly suggest attending; AWS is a platinum sponsor, and longtime readers know how finicky they are about putting their logo on any conference that doesn't have the word "Amazon" in the title somewhere. Use the code "DASHLAST" to get 20% off of registration. 

The ever-snarky Cloud Opinion opines on Serverless, and predicts that it will grow faster than the cloud did. We shall see.

Choice Cuts From the AWS Blog

Amazon WorkSpaces Introduces Mouse Support on iPad Devices - When I travel, I generally only bring my iPad Pro with me. I'm tempted to play with Workspaces now that it supports a mouse-- the only trouble is that I haven't touched Windows in anger in the past twelve years, and I fear I'll have some trouble figuring it out...

Amazon Chime brings Meetings and Chat to Your Browser with a New Web Application - Amazon's "it's like Slack, only crappy" product now at least demonstrates improvement to the "it's like Slack" part.

Quickly Identify When Your IAM User Last Used An Access Key in AWS GovCloud (US) - GovCloud is often the last region to receive feature enhancements; any change to that environment comes with strict regulatory control concerns. It's darkly humorous to me that there's probably an incredibly frustrated team at AWS who had to lobby to get this one through-- being able to audit user activity. "You've got regulated workloads! You really really want this! Please help us help you!" I feel for that group.

Amazon RDS Supports Outbound Network Access from PostgreSQL Read Replicas for Commercial Regions - Your read replica databases can now speak to the internet, enabling three helpful use cases and many thousands of terrible ones.

Amazon Sumerian is Generally Available - At long last, our future computer overlords now have faces.

Announcing General Availability of Amazon EC2 Bare Metal Instances -
Image

AWS CodeBuild Supports VPC Endpoints - People have been clamoring for new VPC endpoint support for years. I'm not sure anyone was clamoring for the service in question to be CodeBuild, though-- I had to look up what this service actually did. Let me save you a click: it's managed Jenkins, more or less.

AWS CodeCommit Supports Branch-Level Permissions - "Don't let this group of people merge code to master" is one of those controls organizations generally implement right after they really, really needed it.

Higher Throughput Workflows for AWS Step Functions - That's right-- Step Functions have been upgraded to Jog Functions.

Introducing Amazon EC2 C5d Instances - Another entry in the alphabet soup of instance type options-- this one bolts NVME storage directly attached to C5 instances. Preliminary experimentation shows blazing fast I/O when you RAID these together.

Lambda@Edge Adds Support for Node.js v8.10 - Node v8 is now an option for ridiculous request manipulation at the edge. Time for me to update the Javascript function I'm forced to use to inject static headers for LastWeekinAWS.com...

The AWS Secrets Manager Console Is Now Available in Italian and Traditional Chinese - I'm incredibly excited to see Secrets Manager gain features. It's probably my favorite AWS database. ("Wait. Did he just call Secrets Manager a DATABASE?!" Yes. Yes I did. I think of it as an expensive version of DynamoDB.)

Easier Way To Control Access To AWS Resources By Using The AWS Organization of IAM Principals - "How do we make IAM controls easier?" "Well it'd be literally impossible to make them any harder to understand, so let's start there..."

The AWS Shared Responsibility Model and GDPR | AWS Security Blog - A nuanced and thoughtful approach to telling us exactly how boned we're all going to be when GDPR takes effect this week.

Tools

Desole.io is worth keeping an eye on, even if for no other reason than "how many open source projects apologize in the name?"

Odin is Coinbase's tool for safely deploying 12-factor apps to AWS. It's built on Lambda and Step Functions; if nothing else it's a great exploration into how to work in such a world.

If you want to benchmark S3 and Google Cloud Storage, cloud-bench is a great first stop. And then pick S3 like a sensible person.

If you're required to perform OpenSCAP scans, this project can help ease the pain of managing its results. If the previous sentence means nothing to you, rejoice at your own good fortune.

...and that's what happened Last Week in AWS.

I’m Corey Quinn. I help people significantly reduce and understand their AWS bills and speak broadly on the conference circuit. I advise companies doing interesting things in the cloud space, such as ReactiveOps.

If you've enjoyed reading this, tell your friends to sign up at lastweekinaws.com (or post a link in your company Slack team!) about it. As always, if you've seen a blog post, a tool, or anything else AWS related that you think the rest of the community should hear about, send them my way. You can either hit reply-- or join the #lastweekinaws channel on the og-aws Slack team.

List archives are always available at https://snarkive.lastweekinaws.com/