Welcome to issue number 56 of Last Week in AWS.
You know what’s hard to get right? That’s right– calendars. I’m in Seattle next week, not this week, for Microsoft Build. I’ll be coordinating an event on Sunday evening via Twitter; follow me there for details / depressing levels of snark.
This week’s issue of Last Week in AWS is sponsored by a former client of mine, Sharethrough. Their infrastructure (and culture, if I may say so) is awesome; consider helping make it even better!
Sharethrough is hiring our first Site Reliability Engineer. We believe SRE should be integrated into the product execution pipeline. So you’ll be embedded into the core engineering team, which is a team of developers skilled in DevOps. Don’t worry, you won’t be cleaning up a mess brought by no ops. Instead you’ll work collaboratively, paving the way for scaling our already-solid infrastructure to at least 10x its existing throughput. We have 5PB of data and a multi-million dollar AWS bill, so it’s safe to say you’ll have some interesting challenges! You’ll be walking into a welcoming and diverse environment that is built around action, optimism, purpose, and transparency. We have a fun, supportive culture that welcomes being challenged. Read more about what it’s like working at Sharethrough and apply via our site.
Community Contributions
Here’s one for the business-oriented contingent of my readership: CapitalOne’s VP of Cloud Strategy Bernard Golden writes about the CapEx spend strategy of the large cloud providers. His analysis is indeed Golden.
re:Invent registration opens May 15th. There are a lot of good reasons to go, and I’ll be there. Other folks strongly disagree. I see where they’re coming from; the logistics were a poop carnival, it’s spread across too many locations, and you never get to see all of the people you want to see. Then again, where else can you randomly bump into Jeff Barr that isn’t Seattle / profoundly creepy of you?
I did a double take when I saw an article called the Five Worst Things in AWS CloudFormation; it sounds like something I’d write, but I had no recollection of writing it. Fortunately, I didn’t.
A discussion and tutorial around AWS Lambda custom authorizers. I still maintain these are more complex than they should be; client certificates please. I’m going to keep asking until I get them.
Pairing Redshift with Lambda has some uses past “winning at AWS Service Bingo.” Who knew?
After a BGP hijack last week, I wrote a somewhat impassioned blog post: Put Down the Pitchfork, AWS Didn’t Steal Your Dunning-Krugerrands. It’s not Amazon’s fault that the internet is pretty much built from popsicle sticks.
Epsagon takes us on a tour of Lambda Internals; it goes deeper than most of these articles do. I like what they’re putting out.
A Cloud Guru has the missing manual for Greengrass, one of AWS’s most overlooked services. I still want to put Greengrass inside of a container, schedule it with Fargate, slap it behind an NLB, and boom: I’ve built a Lambda equivalent without vendor lock-in. Somewhere in Seattle, someone just blacked out as a self-protection mechanism.
When Admiral Kirk finds your platform too complicated, it’s time for some soul-searching.
And finally, I was cornered and coerced into giving my thoughts on hiring engineers last week. Yes, I used to build and run ops teams. I don’t miss having to self-censor.
Choice Cuts From the AWS Blog
Amazon Aurora Supports Encrypted Migration from Self-Managed MySQL Databases – Encryption is great for keeping secrets– such as the fact that you were using self-managed databases in the first place.
Amazon Polly Achieves HIPAA Eligibility – A chatbot that tells you out loud that you’ve got cancer is now apparently within the realm of the possible.
Announcing Enhancements to AWS Auto Scaling – This announcement is light on details and long on possibility. “Discover scalable resources” sounds promising, but has the potential to be implemented disastrously.
AWS Config Adds Support for AWS Elastic Beanstalk – Huh, other service teams are finally learning that Beanstalk exists. Better late than never?
AWS Config Adds Support for AWS Lambda – You can now validate that permissions are set correctly via Lambda. I feel like there are a few other use cases here that I’m just not seeing yet…
AWS Database Migration Service Supports IBM Db2 as a Source – How… how long did your database migration take if it started off in DB2?! That thing’s from the 80s!
AWS Fargate now available in Ohio, Oregon, and Ireland Regions – Fargate becomes more of a NearGate with every region brought online.
Easier way to control access to AWS regions using IAM policies | AWS Security Blog – This is a terrific way to start restricting where people can provision resources. I would still prefer to see this in the form of an account level restriction; being able to say that nothing will ever live in us-tirefire-1 has significant value for some companies.
Enhanced Domain Protections for Amazon CloudFront Requests | AWS Security Blog – This translates from “there was a serious vulnerability in certain CloudFront configurations that we just fixed.”
How to centralize DNS management in a multi-account environment | AWS Security Blog – This is a post that you’ll only realize you need after you’ve already royally screwed it up the first time. It still feels like “hey, every customer should have multiple AWS accounts” is a memo that only recently made it to some services.
Tips for Success: GDPR Lessons Learned | AWS Security Blog – While a great list of GDPR tips, it was published a month before the law takes effect. If you’re finding useful guidance now, you’re more than a little bit screwed.
…and that’s what happened Last Week in AWS