Good Morning!
This week will have a particularly interesting announcement for many of you; you’re going to want to pay attention to Wednesday’s issue for sure. It may be the best announcement of this entire re:Invent season!
From the Community
Not another hack! Looking to delegate access to your AWS cloud infrastructure resources in a secure and easy way?
Learn how you can reduce the risk of human error and manage permissions with Teleport Access Plane for your AWS IAM in Teleport’s webinar on October 13th with Benjamin Gardiner, Sr. Partner Solutions Architect at AWS Startups. Register here.
On the lighter side, another go at More Favorite Obscure AWS Service Names.
The Terrible Orange Website has an observation that Google Cloud uptime checks can cost you more than running what they are checking. If accurate (I’m not a GCP Cloud Economist) then running this in a pile of VMs as cron jobs is far more economical.
RedMonk (who is celebrating its 20 year anniversary; amazing company with amazing people) analyst Rachel Stephens has a glorious piece out titled Kindness, Tech Staffing and Resource Allocation; you want to read it.
The Unlimited Leave Newsletter is a newsletter for AWS Architects focused on building and designing for Governance, Scalability, & Automation. I like it for its personality; it’s not a bland rehashing of stuff I’d already seen elsewhere. I recommend subscribing.
I did successfully teach you how to re:invent with the exception that it’s apparently super hard to change your registered email address after the fact. This is sad.
Podcasts
Last Week In AWS: AWS re:Invent: What You Actually Need To Know Before You Go
Last Week In AWS: Azure Makes it Worse
Last Week In AWS: The pre:Invent Drumbeat Starts
Screaming in the Cloud: Computing on the Edge with Macrometa’s Chetan Venkatesh
Screaming in the Cloud: How To Effectively Manage Your Co-Founder with Mike Julian
Choice Cuts
So you want the sweet, sweet benefits of encapsulating your auth logic into a Lambda custom authorizer without the performance hit that comes with more database calls—but you hate the thought of spinning up and maintaining a remote cache for your Lambdas to share? Have your caching cake and eat it, too—with Momento Serverless Cache.
Amazon MSK now offers a new low-cost storage tier that scales to virtually unlimited storage – This is just a weird framing. I’ve never seen AWS use the term "virtually unlimited storage" before; usually it’s either up to a cap (as in, EBS volumes cap out at 64TB) or they refer to it as unlimited (as in, S3 will not run out of storage space before you run out of budget). I can’t figure out what the limits are here… Service Quotas claim a limit of "maximum of 16384 GiB of storage per broker" but it’s unclear whether that maps to this new low cost storage tier…
Amazon Virtual Private Cloud (VPC) now supports the transfer of Elastic IP addresses between AWS accounts – This is huge news for folks who until now couldn’t migrate that one, highly specific thing into their modernized account structure from the old legacy "omnibus" AWS account…
AWS IoT Core announces Location Action to route location data from IoT devices to Amazon Location Service – This is a huge deal. Not the specifics so much as "two AWS service teams finally got to talk to one another long enough to integrate what they’ve built."
Amazon Connect Customer Profiles now surfaces additional customer information in the Amazon Connect Agent Application – Looking forward to my "difficult customer" profile annotation the next time I call AWS for support…
Keeping Pace with FinServ Regulatory Compliance Demands with Smarsh and AWS – Hey, I remember Smarsh and its compliance stuff back when I worked at a startup that got acquired by a big financial services company. They sent a very businesslike request to link my social media accounts to Smarsh so it could read my DMs / private messages, and I sent back an equally businesslike framing of the sentiment "get f*cked." For some reason I wasn’t much of a culture fit…
How USAA built an Amazon S3 malware scanning solution – Hey, my bank / insurance company / arguably most beloved vendor for the last 25 years is in the AWS blog this week! This is interesting; it appears similar to the (apparently defunct) BinaryAlert malware scanning project out of AirBNB. BinaryAlert uses Lambdas to scan objects while USAA’s solution makes use of an EC2 autoscaling group; without more detail than this blog post provides it’s impossible to say whether that’s the right or wrong decision (context matters!); I’d be super interested in learning more about this if anyone at USAA is reading this; please hit reply.
Use Alexa devices to initiate customer service with Amazon Connect – "Alexa, open an AWS support ticket" and suddenly every person working in AWS’s (awesome) support org just felt their blood run cold at the idea.
We can’t promise it’ll help you make sense of AWS service names, but Pluralsight and A Cloud Guru’s AWS Certified Cloud Practitioner course can at least help you understand what those services do. It’s accessible to practitioners of all levels in technical, product, sales, marketing, and finance roles. Best of all, it’s free until the end of the year. Sign up now.
Vela Games Cuts Game Build Times by 60% Using Infrastructure on AWS – "By using AWS we realized X% improvement" is usually a direct shot to "well, what were you doing before?" But this one is via using the best launch of re:Invent 2021: Amazon FSx for OpenZFS, so I’m going to simply shut up and cheer about the improvement.
Amazon Simple Email Service (SES) helps improve inbox deliverability with new features – This is a very interesting release. SES has historically been a pretty bare-bones "it sends email" service; higher level stuff that you’d want for business use consumes SES via Amazon Pinpoint. This feels like SES is starting to move "up the stack" in ways it previously hadn’t. I’ll be keeping an eye on this…
Increasing sustainability for your Microsoft workloads on AWS – The Microsoft angle is almost irrelevant; read this blog post for insights into how AWS thinks about sustainability responsibility in the cloud. It’s similar to the shared responsibility model, and this is the first time I’ve seen their position articulated quite so clearly. Authors Rodney Underkoffler, Chase Lindeman, John Stasick, and Marcio Morales should be rightly proud of this piece; it’s important, well written, and incredibly interesting.
How Nomad uses Amazon IVS to scale public court livestreams – Given data egress fees, you’d really think that a video streaming provider would view the list of Amazon IVS reference customers as a prospecting list.
Export historical Security Hub findings to an S3 bucket to enable complex analytics – This initially scared me; I think of S3 as a place for huge data volumes, while Security Hub is designed to deliver signal from the noise of your chattering logs. Fortunately that’s not at all what it’s about.
How to control non-HTTP and non-HTTPS traffic to a DNS domain with AWS Network Firewall and AWS Lambda – This is incredibly clever, and apparently responsive enough for production use. I just wish I had an architecture that could benefit from it.
Tools
The LAN was a magical place to learn about computers. You could do things that would be unthinkable on today’s internet: permission-less file sharing, experimental servers with no security, shared software where one machine could easily bring down the network, and surly network admins who somehow didn’t get ejected from companies due to their toxic attitudes. Can we have a 90’s LAN-like experience again, along with the best parts of the 21st-century internet? Tailscale thinks we can, and I’m inclined to agree with them. Try now – it’s free forever for personal use with up to 20 devices. I’ve been using it for over a year personally, and am moderately annoyed that they haven’t attempted to charge me for what’s become an essential-to-my-workflow service.
My current GitHub Actions runner on Lambdas take a couple of minutes to run, mostly due to the setting up of all the NPM dependencies; using this AWS CDK GitHub Action will likely shave a solid minute off of each run.
… and that’s what happened Last Week in AWS.