Lower My AWS Bill

Newsletter

Issue No. 415

Google Takes Wiz

03.24.2025
LinkedInReddit
Corey Quinn Headshot About the Author

Corey is the Chief Cloud Economist at The Duckbill Group, where he specializes in helping companies improve their AWS bills by making them smaller and less horrifying. He also hosts the "Screaming in the Cloud" and "AWS Morning Brief" podcasts; and curates "Last Week in AWS," a weekly newsletter summarizing the latest in AWS news, blogs, and tools, sprinkled with snark and thoughtful analysis in roughly equal measure.

Search Newsletter

Good Morning!

I’m giving a talk at SREcon in Santa Clara this week; if you’re on the fence about going, please attend; "For the AWS Bill is Dark and Full of Terrors" is well worth seeing. Okay, FINE, I suppose the actually informative talks are good, too…

And of course, our marketing guy has convinced me to take my turn answering questions on our webinar series; come heckle, ask AWS billing / contract / service questions, and receive both snark and insight in roughly equal measure.

From the Community

Google has put out a record $32 billion to buy Wiz, presumably because they sponsor this newsletter occasionally. This is going to be huge for Google until a VP changes companies and their replacement deprecates it–but it’s also causing some concern for AWS customers, wondering if their Wiz usage is suddenly going to be used as a wedge to get sales teams bugging them with entirely too much of their own confidential data. It’s a fair concern.

This article showcasing an Interactive AWS NAT Gateway is freaking amazing for two reasons. First, it’s highly interactive, which means the lesson is likely to stick. Secondly, it closes out with "This is my first blog post" and I’m just sitting here gobsmacked. Check this out, it’s unlike anything I’ve seen before. I’m so blown away that I can’t even make a job about how expensive this must have been to create.

The Real Failure Rate of EBS is put out by PlanetScale and speaks to a bunch of uncomfortable failure modes people really don’t like to think about for highly sensitive workloads. Looking away doesn’t mean they aren’t there…

The ability to address The Missing Tier in AWS Network Controls by adding a layer 7 outbound filter would be challenging, but I love the security posture it potentially opens up. It’d have to be first party; no way I’m gonna shove this through some rando Marketplace vendor.

I made fun of AWS’s hamfisted answer to a reporter ("fill out our abuse reporting form") last week, so this week it’s only fair I drag Microsoft for refusing to accept a vuln report that doesn’t have an attached video.

Podcasts

Last Week In AWS: NoDaddy

Screaming in the Cloud: The Current State of Cloud Security with Crystal Morin

Choice Cuts

AWS Client VPN increases authorization rules and route quotas – I don’t like this. No, not the feature enhancement–what it’s used for. Specifically, I don’t like a whole bunch of complicated logic stuffed into the VPN; it tends to mean there’s a culture of "if you’re on this network, you’re trusted," and I really dislike that pattern for a variety of established reasons. Every call should be authenticated!

Announcing the New AWS Wickr Admin Console – It would be amazing if the rebuilt console looked exactly like the now-deprecated Amazon Chime.

AWS announces the next generation of Amazon Connect where powerful AI improves every customer interaction – Fortunately this is less "an amazing capability story" than it is "you can bundle a bunch of Connect services together for a price break." Otherwise this would have presented very much as "your Amazon Connect pricing just doubled," which is cloud economist nightmare fuel.

Manage SLO exclusion time windows using CloudWatch Application Signals – Because remember kids, "it’s not an SLO breach if the downtime is scheduled" remains the rallying cry of antiquated enterprises with nightly downtime trying to pretend they’re cloud native, despite speaking with a thick on-prem accent while eating data center borscht.

Handling billions of invocations – best practices from AWS Lambda – This article is legit wonderful. More glimpses behind the scenes like this, please; I learned some things that’ll be useful in how I approach systems design with Lambda.

Visually build telephony applications with AWS Step Functions – "Just use Step Functions" is this decade’s replacement for AWS’s old rallying cry, "just use Lambda Functions!" This is progress?

Tools

This cloudexit is interesting to me. It purports to tell you about the service lock-in you’re exposed to. It’s obviously not gonna be comprehensive, but it neatly addresses the "where do I even start" question.

… and that’s what happened Last Week in AWS.

You might also like

More Newsletter Issues
Newsletter Footer

Sign up for Last Week in AWS

Stay up to date on the latest AWS news, opinions, and tools, all lovingly sprinkled with a bit of snark.

"*" indicates required fields

This field is for validation purposes and should be left unchanged.
Sponsor Icon Footer

Sponsor a Newsletter Issue

Reach over 30,000 discerning engineers, managers, and enthusiasts who actually care about the state of Amazon’s cloud ecosystems.

Sponsorship Opportunities
footprint-orange
© 2025 The Duckbill Group. All Rights Reserved.
Privacy Policy Cookie Policy