Lower My AWS Bill

Newsletter

Issue No. 400

A Return to Greatness, or Degenerate Day 3?

12.09.2024
LinkedInReddit
Corey Quinn Headshot About the Author

Corey is the Chief Cloud Economist at The Duckbill Group, where he specializes in helping companies improve their AWS bills by making them smaller and less horrifying. He also hosts the "Screaming in the Cloud" and "AWS Morning Brief" podcasts; and curates "Last Week in AWS," a weekly newsletter summarizing the latest in AWS news, blogs, and tools, sprinkled with snark and thoughtful analysis in roughly equal measure.

Search Newsletter

Good Morning!

That was… a week.

Some highlights:

  • I live-skeeted the Matt Garman keynote, for those who missed it.
  • I made an appearance on the AWS Developer podcast.
  • I do not know who held whose pets hostage, but AWS somehow got Apple on stage to talk about their chip offerings. Understand that Apple will, under extreme duress, admit that they do some of their work on computers. Nobody has any friends who work at Apple–we all just used to know some folks we lost touch with.
  • I gave a talk about Cloud Financial Management with two AWS friends, didn’t get tackled off the stage, and am told that the video recording should be posted later this week.
  • Corrected a previous assumption that the Managed NAT Gateway pricing was the most customer-hostile thing AWS has done; instead it’s this floor.
  • I inadvertently laid down a challenge for AWS around Q Developer–and it got tantalizingly close.

Please don’t ask me about anything cloud for the next few days; I need to decompress.

From the Community

Huh, 1Password’s stack is built atop AWS Nitro Enclaves. That’s fascinating!

My notes from deciding against AWS Lambda – Pursuit Of Laziness is well thought out.

Friend-of-my-nonsense Fathom Analytics has been acquired by its own founder. A jolly good read!

The perpetually eloquent MIke Norton (VP of Cloud Technologies at PBS) gives a deeply nuanced perspective on Cost-Aware Architectures for Viewers like You.

Podcasts

Last Week In AWS: re:Invent Begins

Screaming in the Cloud: Helping Securing the Python with Mike Fiedler

Screaming in the Cloud: Replay – Serverless Hero, Got Servers in His Eyes with Ant Stanley

Choice Cuts

AWS announces access to VPC resources over AWS PrivateLink – It increasingly feels like AWS’s networking enhancements serve to "flatten" the network–take this feature for example. It no longer matters whether a resource is in a VPC or on-premises, it can be accessed the same way, exposed to partners, etc. This is a glimpse of (hopefully) a simpler future in how computers talk to one another.

Announcing Amazon Aurora DSQL (Preview) – This kind of release is AWS at its best. Solving hard engineering problems in ways that aren’t straightforward or simple, wrapped up and delivered as a functional service, ready for your workloads. It was refreshing to see the keynote last week start with this kind of focus on real solutions that will solve hard problems for new and existing customers alike.

Announcing Amazon Bedrock IDE in preview as part of Amazon SageMaker Unified Studio – There were also a lot of announcements like this one: a bunch of machine learning integrations and enhancements in a snake-eats-itself ecosystemic sprawl. I’m sure these are important to someone, and AWS sure seemed awfully excited about them–but I’m not seeing customers getting worked up about these releases at all. Are those specific customers hiding? If you’re out there, please press your call button so I know you’re there…

AWS announces Amazon CloudWatch Database Insights – Now I’m sure someone at AWS is going to reach out to correct the record here about how "Database Insights" is the feature, and it gives insights into your databases, but I won’t hear it: this is something that gives Insights into your CloudWatch Database. Remember: anything can be a database if you hold it wrong.

Amazon DynamoDB global tables previews multi-Region strong consistency – This is really neat, but I’m going to quote from the documentation, because it absolutely belongs front and center: "Global tables with MRSC are available in preview only. You shouldn’t use them for production workloads." If you use things marked "Preview" for production workloads, I hope you know what you’re doing–because from the outside what you’re doing looks negligent.

Amazon EC2 introduces Allowed AMIs to enhance AMI governance – I sure hope there wasn’t a talk about this last week, because I don’t think I can stand the existence of a video that no doubt had hundreds of cases of Amazonians mispronouncing "AMI" with two syllables as opposed to its proper three.

Announcing Amazon EC2 I8g instances – We’re up to 8 now?! Wait… "…60% better compute performance compared to previous generation I4g instances." What the HELL is this generational numbering scheme? We’re teetering on the edge of instance names becoming less "useful indicator of generation" and more "a marketing opportunity."

Announcing Amazon EKS Auto Mode – This thing charges roughly 10% of not just your control plane costs, but your EC2 worker nodes–just to run managed Karpenter for you? Really? That is an absurd amount of money for something customers can trivially do for themselves. I don’t care about the rest of this service, I already hate it due to the pricing being this predatory.

Announcing Amazon EKS Hybrid Nodes – What is going on with the EKS team and their exorbitant pricing?! Are they broke? Do we need to open a GoFundMe for them or something? This is going to charge 2¢ an hour per vCPU on hardware that you own just to let EKS manage it for you. To give you some context, if I applied it to the M1 Macbook Pro that I’m writing this on (back up your laptop skippy, it’s going to production! Also, yes I know–it’d need to be running Ubuntu or Amazon Linux, but work with me here), it would cost me $150 a month. When did EKS go from "decent Kubernetes control plane" to "chocolate bar stuffed with hideously expensive razor blades?"

Announcing Amazon Elastic VMware Service (Preview) – This is a great offering for companies who haven’t managed to migrate away from VMware yet, fools, and nobody else. After the dumb games Broadcom has been playing with VMware pricing, I really don’t understand who’s gonna stick around for more rounds of "Pantsed By My Vendor Yet Again."

Announcing Amazon FSx Intelligent-Tiering, a new storage class for FSx – This should come as no surprise to anyone reading this, but I soundly endorse this. No per-file monitoring fee, it automatically stages files in and out of its tiers, and it compresses on the backend for you. Use this unless you’ve got good reason not to–and let me know what that reason is please, because I’m not seeing it.

Amazon Q Developer can now automate code reviews – Amazing! Amazon has somehow taught a robot to see a 30K line pull request, then comment "LGTM, ship it."

Amazon Q Developer announces automatic unit test generation to accelerate feature development – I spent a bit of time last week with GitHub Copilot, attempting and failing to write unit tests for a Lambda function. It kept messing up one key thing–failing to mock the AWS services properly. Either Q Developer is going to solve this for me, or I’m going to be freaking insufferable about how crap the product is later this month.

Amazon S3 adds new default data integrity protections – Put this one under the "I would have bet and lost money that the SDKs were already calculating whether what was received matches what was sent across the wire" for S3 transfers. I’m very glad that this is now the case, but also very concerned that I was apparently unreasonably confident about something I really, really should have investigated more deeply.

Announcing Amazon S3 Metadata (Preview) – Easiest and fastest way to manage your metadata – AWS at its best: getting rid of undifferentiated crappy metadata sidecar systems customers have built all over the place, usually with DynamoDB. I am VERY excited about what this is going to be used for, and can’t wait to see what you all do with it.

Amazon S3 launches storage classes for AWS Dedicated Local Zones – Is no one else deeply and profoundly curious about just what the inside of a Dedicated Local Zone looks like? It’s "bigger than a colo," "smaller than a region," and now apparently is spacious enough to have multiple tiers of S3 objects at at least somewhat significant scale.

Announcing Amazon S3 Tables – Fully managed Apache Iceberg tables optimized for analytics workloads – A subcomponent here is called "Bucket Tables," which is just a disgusting term. We’re rebranding it as "bucketables" (pronounced BUCK-it-a-bulls) just for my own peace of mind. That said: this is reasonably priced, and provides a decent exposure to Iceberg for folks who haven’t already built out massive systems to make it work already. I’m very curious to get the opinion of other folks-but ones who aren’t a disaster waiting to happen when it comes to data.

AWS announces Amazon SageMaker Lakehouse – I nodded off during the Star Trek technobabble that AWS’s AI talks inevitably descend into, but congratulations are apparently due to the SageMaker product owner on their new vacation home.

AWS Control Tower launches managed controls using declarative policies – Okay, this is going to inspire me to dive into the rats nest that is my current Control Tower configuration.

AWS announces AWS Data Transfer Terminal for high-speed data uploads – Your data shouldn’t live in your data center, it should live in an AWS data center, but you have lots of data. So you can now drive your data to an AWS data center but not the AWS data center it should live in, where AWS will copy your data and then send it to the right AWS data center. Do I have that right?

Amazon Web Services announces declarative policies – "Today, AWS announces the general availability of declarative policies, a new management policy type within AWS Organizations." And we know it’s declarative because it ends with a period, not a question mark.

Introducing AWS Glue 5.0 – It’s up to 5.0 now? How many iterations of AWS Horse were sacrificed to get here? (Look, I’m self-aware. I know that this recurring joke is so, so stupid–but I can’t help myself. My jokes are, as always, primarily for my own amusement.)

AWS announces Invoice Configuration – I’ve known about this release for months–it was featured in the session I talk I gave (COP218, video recording reportedly forthcoming). For those who aren’t aware, when you’re briefed on AWS services in advance, some aspects generally aren’t shared with you. Usually these are irrelevant details, or for a variety of excellent reasons aren’t firmly set in stone yet–an example is exact pricing information. I bring this up because unfortunately there’s a hiccup in my genius plan to use this feature to pay my AWS bill with the digital equivalent of a wheelbarrow full of nickels. Unfortunately, there’s a service quota of "500 invoices per account." I’m going to request a quota increase, but I confess I’m having some significant trouble coming up with a justification that has a snowball’s chance in hell of passing muster. For actual legitimate use cases, this is a great change for some large sophisticated customers; almost like "financial shitposting" wasn’t the intended use case for the feature.

AWS Marketplace now offers EC2 Image Builder components from independent software vendors – Joke’s on the EC2 Image Builder team; I’ve already been using "shitty scripts I found on GitHub" as a third-party AMI pipeline component for years.

AWS announces AWS Security Incident Response for general availability – The pricing may be offputting to some folks, but from what I’ve seen of this service I really like its premise. Remember: the AWS Customer Incident Response Team has been and remains available, for free, to every customer–they get tagged in via support ticket. My primary concern about this tooling isn’t necessarily the price, but rather that it necessitates that customers get religion around GuardDuty, third party instrumentation, or some combination of both. That has the potential to be very expensive. As is so often the case, the cost of doing something in AWS goes well beyond the sticker price, and into the secondary and tertiary expenses that the product triggers downstream.

Announcing AWS Transfer Family web apps – Okay, I know–I’ve been lamenting the lack of an easy upload / download webapp for uploading files into S3 that I can toss business users for years. But when I asked for this, I do confess: I was expecting something more along the lines of "here’s a link you can give people and not think about anymore," and less "when the webapp is enabled it costs you 50¢ an hour." I’m very skeptical of the pricing here. I get and endorse the endpoint costs for enabling SFTP to S3 gateways–they’re for use cases where the $300 or whatnot a month is irrelevant. But this is something that could be relevant for an awful lot of users, and you’re going to have to do some convincing to get me around to the idea that "a static website that supports large file transfers" requires $300 a month of infrastructure in its own right.

Buy with AWS accelerates solution discovery and procurement on AWS Partner websites – I smell a rat. I’m not sure how it’ll show up or what it’s going to gnaw on when it does, but this is going to either lead to third party software ads on vendor sites, or else it’ll be an attempt to pay for your entire IT budget by way of your AWS bill. I trust I don’t need to explain why you would most definitely not wish to do that.

Oracle Database@AWS is now in limited preview – Also in preview this year was a modest Oracle booth on the expo floor. FOR SOME UNKNOWN REASON they weren’t driving a fleet of Teslas around the event with signage dunking on the AWS bill this year.

PartyRock improves app discovery and announces upcoming free daily use – Originally Party Rock was "free for a limited time," and that timeframe was never disclosed. That time is apparently meow, and it’s remarkably reasonable / sustainable for AWS. I’m of the increasing conviction that AWS isn’t even slightly Sorry For Party Rocking.

Announcing the preview of Amazon SageMaker Unified Studio – "Okay, we’ve got 50 or more capabilities under the SageMaker umbrella; how do we want to address that?" It’s a good question! Messaging is hard! Unfortunately they solved it in the most AWS way possible: slapping a "Unified" label on it and calling it a day.

VPC Lattice now includes TCP support with VPC Resources – Reminder: Lattice replaces rather than adds to AWS data transfer pricing. I keep forgetting that it exists, and grows ever more capable.

Announcing the 2024 Geo and Global AWS Partners of the Year – Are you one of the partners on this list? If so, congratulations: you are quite literally the only people on the planet who give a badger’s ass about this.

Amazon MemoryDB Multi-Region is now generally available – Given the timing of this release, either MemoryDB is using DynamoDB under the hood or else its twin brother.

Top announcements of AWS re:Invent 2024 – If you want to appreciate what I live through every week when building this newsletter, scroll down the list and look at how many of these there are. Then ask yourself which ones you find relevant to your job, or at least interesting. Careful! Don’t get too close–that’s the abyss gazing back into you.

… and that’s what happened Last Week in AWS.

You might also like

More Newsletter Issues
Newsletter Footer

Sign up for Last Week in AWS

Stay up to date on the latest AWS news, opinions, and tools, all lovingly sprinkled with a bit of snark.

"*" indicates required fields

This field is for validation purposes and should be left unchanged.
Sponsor Icon Footer

Sponsor a Newsletter Issue

Reach over 30,000 discerning engineers, managers, and enthusiasts who actually care about the state of Amazon’s cloud ecosystems.

Sponsorship Opportunities
footprint-orange
© 2025 The Duckbill Group. All Rights Reserved.
Privacy Policy Cookie Policy