Good Morning!
re:Invent session registration opens tomorrow. Might I humbly suggest COP218, which I’m giving with some AWS friends? I promise it’ll be… enlightening.
From the Community
An adorable Reddit user asks how other people pronounce AWS.
Handy trick of the week I learned about: using an SCP to block people from registering domains with Route 53 in member accounts where you don’t want them to. That’ll fix the proliferation of domains throughout various hidden orgs. My fix instead: migrate the registrations to CloudFlare.
Podcasts
Last Week In AWS: The HPC Team Starts a War
Screaming in the Cloud: How Revenue Heals All Sins with Xe Iaso
Screaming in the Cloud: Replay – Security Challenges and Working for President Biden with Jackie Singh
Choice Cuts
AWS CloudShell extends most recent capabilities to all commercial Regions – All commercial regions with an asterisk, you mean. There’s no CloudShell in Hyderabad, Calgary, Tel Aviv, or any of the China regions.
Amazon Aurora Serverless v2 now supports up to 256 ACUs – But it still won’t let you scale down to zero, as AWS frantically rewrites the "scales to zero" historical aspect of serverless that they used to mention on their website. Now it just means "managed service."
Amazon S3 adds Service Quotas support for S3 general purpose buckets – What the heck is an "Amazon S3 general purpose bucket?" A bit of documentation poking later, it turns out that "general purpose buckets are the original S3 bucket type." I’d call it "S3 Classic" except that at this point it encompasses all buckets except those used for S3 Express One Zone storage class buckets.
AWS announces Reserved Nodes flexibility for Amazon ElastiCache – It figures. We just released our Duckbill Guide to AWS Reserved Instances, so after years of nothing changing they went ahead and updated ElastiCache RIs to behave more like RDS RIs. The guide has already been updated.
Deprecation of Lake Formation’s Governed Tables Feature – The Deprecation of the Week is, for a change, called a deprecation in the subject line, and is a good change. I just do not understand why they keep dribbling these out. If you do it all at once, it makes a news cycle. Doing it this way, over months? It means that people keep talking about AWS killing stuff.
Announcing AWS Neuron Helm Chart – Yes, the AWS Neurotic Helm Chart, now featuring:
- Constant self-checking
- Overprovisioning
- Indecisive auto-scaling, and
- Overzealous error handling
What’s not to love?
Leverage IAM Roles for email sending via SES from EC2 and eliminate a common credential risk – This is my big problem with IAM these days. This post showcases two paths to victory: an EC2 instance role approach, and an assumed role approach if it’s between two accounts. Simple, right? Not so much; the post is 3000 words. This has to be dramatically simplified if you want customers to stop stuffing credential files full of IAM keys onto EC2 boxes…
Issue with NVIDIA Container Toolkit (CVE-2024-0132, CVE-2024-0133) – A security update for EKS and Bottlerocket in some configurations awaits you, if you’ve not patched already.
Tools
This Lambda that uses LetsEncrypt as a Custom TLS Provider is fascinating.
Last year AWS took down a couple community re:Invent session planners the night before registration for sessions opened up. Let’s see if this Unofficial AWS re:Invent Session Planner 2024 fares better this year.
Daily updated IP address stats for all the major cloud providers is probably going to be useful to someone.
… and that’s what happened Last Week in AWS.
