Last Week in AWS Logo

Good morning!

Welcome to issue number 70 of Last Week in AWS.

Another week, another issue of Last Week in AWS lands in your inbox. Last week had a fair number of announcements,

This issue is sponsored by GoCD this week with their open source and free to use continuous delivery software from ThoughtWorks. Get out-of-the-box CD without the frustration of plugins and dependencies, while still having access to an ecosystem of extensions for your project. Check out GoCD's native integrations for Kubernetes, Docker, and AWS. Easily visualize and model your complex workflows, manage permissions, and move efficiently and reliably to production. Download and use for free at gocd.org.

Community Contributions

"Our data structures got simpler when we migrated to DynamoDB" is always true, just because you can't have complex relationships between data without a relational model.

Why, why, why can't I use my Yubikey to log into the AWS console without having to go through using a separate software package?

Lambdas creating Lambdas can lead to a faster dev loop, but it can also lead to horrifying madness where inventory management is concerned.

"ARN" or "Arn?" Ed Anderson reached out to me about this pair of PRs, asking if staking out this petty and small issue was a hill I endorsed dying on-- and if so, would I like to link to it. No, Ed; this is exactly the kind of petty battle I wholeheartedly endorse waging, and you don't just get a link-- you get this week's issue title.

Reader Marc Roussy sent in his recently updated introduction to Lambda for .NET developers.

The excellently-named CloudGoat sets up a "vulnerable by design" AWS environment for learning how security works, but you shouldn't use it to-- ah, crap, too late. Some company already used this to host production while I was writing this paragraph. Oh, and they're a bank. Lovely.

Summit Route has a rollup of updates to AWS's security pillar whitepaper.

This week's issue is once again sponsored by DigitalOcean. It's easy to forget that not everyone's cloud native, or migrating to a cloud service from another cloud service. This week I'd like to tell you how Content Ignite migrated from a managed hosting provider to DigitalOcean. Look at that glorious architecture diagram. LOOK AT IT! It's understandable! It doesn't have 60 different services that are all named confusingly similar things. It's simple, it's pristine, and it is glorious.

I got to catch up with Lance Albertson of the Oregon State University's Open Source Lab in last week's episode of Screaming in the Cloud: Remember when RealNetworks used to-- BUFFERING.

Fascinating, eerie, and not particularly tenable, an extension that blocks anything hosted in AWS shows how much the internet is becoming something of a monoculture. Note of course that this only works on things that have user-facing endpoints hosted by AWS.

This week's issue is once again sponsored by DigitalOcean. It's easy to forget that not everyone's cloud native, or migrating to a cloud service from another cloud service. This week I'd like to tell you how Content Ignite migrated from a managed hosting provider to DigitalOcean. Look at that glorious architecture diagram. LOOK AT IT! It's understandable! It doesn't have 60 different services that are all named confusingly similar things. It's simple, it's pristine, and it's glorious.

Events

The inaugural REdeploy conference (exploring the intersections of resilient technology, organizations, and people) is coming to San Francisco this August. Last Week in AWS is proud to be a media sponsor. Coupon code LASTWEEK will get you 10% off of any ticket.

Choice Cuts From the AWS Blog

Amazon EC2 Nitro System Based Instances Now Support Faster Amazon EBS-Optimized Instance Performance - "You can now write to disks faster" is far too simple of a headline. No, you need at least three specific terms of art...

CloudHSM Cross-Region Redundancy - Huh, I'm sort of astounded that they were able to get CloudHSM working cross-region without losing a pile of certification compliance certificates...

The Amazon Chime Web Application Now Supports Video Conferencing in Google Chrome - The it's-like-Slack-only-crappier Amazon service now starts to take on whatever the hell Google is calling Hangouts this week.

AWS IoT Device Defender - Now Generally Available - General Availability captures IoT Device Defender; vows end to Colonel Panics.

AWS News - AWS Storage Gateway Expands Support of AWS Key Management Service, Improving Encryption Capabilities - You can now shove all of your precious data into the cloud more securely.

Stream data 65% faster with 5x higher fan-out using new Kinesis Data Streams features - Screaming/streaming data just got faster on Kinesis.

Amazon ElastiCache for Redis now PCI DSS compliant, allowing you to process sensitive payment card data in-memory for faster performance | AWS Security Blog - "We can now store financial transactions in Redis" is both wonderful and horrifying at the same time.

How to use Amazon GuardDuty and AWS Web Application Firewall to automatically block suspicious hosts - This is an elegant solution that nonetheless fails to rival the simplicity of my preferred approach, "blocking all access to everything from everywhere via a single rule in a Security Group."

Tools

AWS has released the Cloud Development Kit, as a compelling answer to "what if I don't like Terraform or CloudFormation or SAM or Serverless Framework or Troposphere or..."

A nifty Lambda function that backstops a contact form for a website. Unfortunately you'll have to use SES as it's currently written...

If you need to figure out what the heck's in your S3 buckets, s3-meta isn't a half-bad place to start.

If you want to shove all of your EC2 hosts into a hosts file, maybe don't do that in the first place. I worked somewhere that operated like this once; I still have the scars.

…and that’s what happened Last Week in AWS.

I’m Corey Quinn. I help people significantly reduce and understand their AWS bills and speak broadly on the conference circuit. I advise companies doing interesting things in the cloud space, such as ReactiveOps.

If you’ve enjoyed reading this, tell your friends to sign up at lastweekinaws.com (or post a link in your company Slack team!) about it. As always, if you’ve seen a blog post, a tool, or anything else AWS related that you think the rest of the community should hear about, send them my way. You can either hit reply– or join the #lastweekinaws channel on the og-aws Slack team.

List archives are always available at https://snarkive.lastweekinaws.com/