Last Week in AWS Logo

Good morning!

Welcome to issue number 79 of Last Week in AWS.

The AWS world caught fire this week with Bloomberg BusinessWeek's explosive announcement about an alleged chip covertly planted onto motherboards destined for US companies’ data centers. Apple, Amazon, and SuperMicro all deny the allegations, leaving the rest of us wondering what the hell is going on. For my money, I've seen a lot from Amazon, but they've never lied to me. More to come this week, I suspect.

DigitalOcean's Spaces product is similar to S3-- but now it supports a built-in CDN. Picture this as "S3 + a CloudFront that isn't terrible." True, it lacks some of the CloudFront features, such as taking 40 minutes to update a distribution, eighty distinct controls that will break your site if they're not set perfectly, or a pricing model that'll surprise you with the GDP of a small country at month-end. Thanks to DigitalOcean for their ongoing support of this newsletter.

Community Contributions

I helped edit this article on development workflows in serverless environments. I think it came out rather well.

I wrote this post on Disaster Recovery Considerations in AWS, just because it seems like there's a lot of stuff "everyone knows" that wasn't written down anywhere.

While built around GCP, this article talks about load testing for cloud migration; the concepts map pretty well to any provider you care to use.

Midway through my own implementation of this pattern, A Cloud Guru has a post about using Amplify and the Serverless Framework together.

I got to speak with Ernesto Marquez on Screaming in the Cloud: How to Compete with Amazon.

This week GoCD by Thoughtworks highlights their free 30 day trial of Enterprise Support. If you'd like someone to call with all of your continuous delivery questions (possibly right after your deploy pipeline exploded!), consider GoCD; their open source product is free, but they also offer a streamlined support offering. Their reasonable flat-rate pricing means you're not going to get ambushed by salespeople, and their support is no joke. Thanks to ThoughtWorks for their ongoing support of this newsletter.

Choice Cuts From the AWS Blog

Amazon API Gateway adds support for multi-value parameters - The Swiss Army Knife that is API Gateway now gets the equivalent of a pebble sharpener and a third nail file.

Amazon CloudWatch Launches Client-side Metric Data Aggregations - "You can cut your ridiculous CloudWatch costs by batching the data you send us" is what this is getting at.

Amazon WorkDocs new Web UI - "No matter what we do, Google Docs keeps beating WorkDocs." "Hmm. Let's do what they do, and arbitrarily change the UI on users every time the whim strikes us."

Amazon Redshift announces Query Editor to run queries directly from the AWS Management Console - Giving a web interface to business users looking to query Redshift rather than forcing them to install a SQL client goes a long way towards making those users feel they're not being told to go screw themselves.

AWS Cloud9 Now Supports TypeScript - I'm not sure why a dialect of Javascript is such a big deal, but here you go.

AWS CodeBuild Now Supports Building Bitbucket Pull Requests - I'm not sure that "we let you target another git remote" is a headline feature, but okay-- if you say so.

AWS Systems Manager Announces Enhanced Compliance Dashboard - Another subcomponent of Systems manager, this one's aimed at compliance folks. If you're using Systems Manager in a regulated environment, you'll love this.

How to Test and Debug AWS CodeDeploy Locally Before You Ship Your Code | AWS DevOps Blog - I'm not a fan of this approach. It's throwing away a decade of cloud advancement and sending us back to the dark days of "WORKS ON MY MACHINE," closed WONTFIX.

Using Federated Identities with AWS CodeCommit | AWS DevOps Blog - This is a great way to use your federated identity with your Git repository, in only forty simple steps.

AWS Service Operator for Kubernetes Now Available 🚀 | AWS Open Source Blog - This is somewhat nifty; you can now speak to AWS services directly using kubectl.

How to clone an AWS CloudHSM cluster across regions | AWS Security Blog - "Clone your HSM" is one of those phrases that will get your compliance-focused infosec people to perk up in terror three buildings away.

Setting the Record Straight on Bloomberg BusinessWeek’s Erroneous Article | AWS Security Blog - AWS came out swinging last week in a specific, stinging rebuke of the Bloomberg article referenced above.


While I'm increasingly less of a fan of local development, iam-docker-run lets you run Docker containers within the context of an IAM role, helping you sort out permissions issues earlier in the process.

…and that’s what happened Last Week in AWS.

I’m Corey Quinn. I help people significantly reduce and understand their AWS bills and speak broadly on the conference circuit. I advise companies doing interesting things in the cloud space, such as ReactiveOps.

If you’ve enjoyed reading this, tell your friends to sign up at (or post a link in your company Slack team!) about it. As always, if you’ve seen a blog post, a tool, or anything else AWS related that you think the rest of the community should hear about, send them my way. You can either hit reply– or join the #lastweekinaws channel on the og-aws Slack team.

List archives are always available at