From the Community

Rubrik thinks your cloud data deserves better than crossing your fingers and hoping ransomware doesn’t find you. They protect data across AWS, Azure, Google Cloud, and even Oracle Cloud, because someone has to. While you’re busy explaining to leadership why that S3 bucket was public for six months, Rubrik makes sure you can actually recover. Learn how to protect your cloud before things go sideways. SPONSORED

Turns out X-Ray's telemetry stream makes a delightful covert channel for command-and-control traffic, because we live in a stupid future that features attackers hiding in your observability tools. AWS charges you per trace while bad actors get free C2 infrastructure, so at least someone's optimizing their cloud spend.

This article on using S3 to Slashing Data Transfer Costs in AWS by 99% - Bits and Cloud was passed to me last week, along with "I'm surprised you didn't link to this." False! I linked to it in issue 354, but here it is again.

It's bad if a fire destroys your "cloud" storage system and you have no backups, but it's worse if you're a government.

A benchmark analysis delves deeper into the specifics of processor architecture: 2x Faster Hashes on AWS Graviton: NEON → SVE2.

My beloved Granted now (with Chrome at least) clicks through the annoying "prove your numbers match" part of the AWS identify flow. Now to get it to do the same for the crappy "are you SURE you want to grant PERMISSIONS?!" nonsense timewasting interstitial page.

Choice Cuts

Turn Dyna"No" into Dyna"Yes"!

StatelyDB is the first database built for change. Traditional databases force painful migrations every time your data model evolves. We lived this pain at Amazon and Snap, where a “small” schema change could halt teams for quarters. StatelyDB fixes this with Elastic Schema, automatic versioning and backwards compatibility. You keep Dynamo’s scale, but schema changes become safe, instant, and risk-free. It’s the “no regrets” database for teams who want to move fast without breaking prod. Free to try. SPONSORED

Introducing AWS Pricing Capabilities in Amazon Q Developer: Ask Questions, Get Instant Cost Insights - This isn’t gonna work out the way AWS or its customers hope. Precision matters here, and small inaccuracies compound wildly. I suppose “make the pricing tools simple enough that you don’t need to use AI to understand them” wasn’t on the table?

Amazon Location Service Updates for Vietnam's New Administrative Boundaries - Mr. Garman’s Geography Class continues to teach us new things about our world.

Part 6: Effective sunset of the legacy data platform in BBVA: the migration methodology - AWS publishes a six-part epic about BBVA's data platform migration like it's the Lord of the Rings of cloud migration. Spoiler: they moved stuff to AWS and turned off old systems. You're going to have to go read a bunch of separate background lore to figure out much consulting revenue got generated writing this novel when "lift and shift, then optimize" would've fit in a BlueSky skeet.

Amazon Q Developer and Kiro – Prompt Injection Issues in Kiro and Q IDE plugins - AWS just patched prompt injection flaws in their AI coding tools that could've let attackers manipulate your IDE through malicious code suggestions. Nothing says "trust us with your codebase" quite like discovering your AI assistant takes orders from random GitHub repos. Surely we will all learn a valuable lesson here and change our behaviors.

Amazon DynamoDB now supports Internet Protocol version 6 (IPv6) - DynamoDB has gotten around to catching up to 1998's networking standards in 2025. At this point it's less a capability than it is an admission of being very slow to iterate.

AWS ranks #1 in Forecasting and Estimation Use Case in Gartner Critical Capabilities for Cloud Financial Management Tools report - AWS wins an award for helping you forecast costs in a pricing model they deliberately made incomprehensible. It's like arson investigators giving the fire department a trophy. I wonder if Gartner's methodology accounted for how many customers need third-party tools because AWS's native forecasting still can't predict next month's bill within 40%? On a more serious note I want to go into this in more depth soon; watch for it.

Introducing Amazon Quick Suite: your agentic AI-powered workspace - AWS just slapped "agentic AI" on what sounds like another productivity suite because apparently we needed a sixth way to organize our work. This is more or less a rebrand of Amazon Q Business, and I misheard it as QuickSlap, which will never be replaced in my mind.

Unlock real-time advertising insights with Amazon Marketing Stream and AWS - AWS wants your advertising data flowing through their pipes so you can pay Amazon to analyze how much you're paying Amazon to advertise on Amazon. It's vertical integration dressed up as "insights," and the only guaranteed winner is AWS's revenue stream. I do trust that they won't peek at customer data, but I don't trust that they won't make everything worse as the enshitification continues.

IMDS impersonation - AWS aptly demonstrates that IMDS v1 is a dumpster fire by documenting how attackers can impersonate it. The fix? Use IMDSv2, which they've been begging you to enable since 2019. If you're still on v1, congratulations—you're the vulnerability.

Reduce Docker image build time on AWS CodeBuild using Amazon ECR as a remote cache - AWS just discovered that caching Docker layers speeds up builds, a revelation that's only been standard practice since 2015.

Understanding Amazon Chime SDK costs in AWS Cost Explorer - AWS published a guide to understanding Chime SDK costs in Cost Explorer, which tells you everything about how confusing their billing is. This feels like Stockholm syndrome with extra steps.

AWS Introduces self-service invoice correction feature - Finally admitting their billing is so Byzantine that even they can't get it right the first time, this "feature" is just AWS outsourcing invoice QA to customers who've already spent hours deciphering line items. At least you can fix their mistakes yourself now instead of waiting three billing cycles for support to respond. We'll ignore the part where "you misspelled my name but sure, the bill is probably correct" is the reaction of probably zero customers.

Bridging data silos: cross-bounded context querying with Vanguard’s Operational Read-only Data Store (ORDS) using Amazon Redshift - Vanguard built an entire "Operational Read-only Data Store" because microservices made simple queries impossible, then wrote a case study celebrating the workaround. This is AWS saying "congratulations on solving the problem our architecture patterns created" while Redshift quietly racks up query costs across your newly unified silos.

Beyond Bootstrap: Bootstrapless CDK Deployments at GoDaddy - GoDaddy discovered they could skip CDK's bootstrap stack and save on S3/ECR costs across thousands of accounts. Turns out the "required" infrastructure AWS insists you need isn't actually required—just convenient for AWS to bill you for storing deployment artifacts you'll never look at again, with no lifecycle policy. Now, as always, obey the ancient sysadmin wisdom: never put a company with "Daddy" in its name into your production critical path.

Amazon EKS and Amazon EKS Distro now supports Kubernetes version 1.34 - AWS conveniently drops K8s 1.34 support right as Extended Support pricing kicks in for older versions. Nothing perfectly says "customer choice" quite like like a financial cattle prod. Upgrade now or watch your bill balloon while they generously keep your ancient clusters on life support, then surprise upgrade you in a year to a similarly expensive behind-the-curve version.

Amazon SageMaker notebook instance now supports Amazon Linux 2023 - This headline right here shows the problem with naming the Linux distro after the year: it demonstrates just how far out of step various AWS service teams are with their OS support.

Your Ultimate Guide to Cloud Financial Management sessions at re:Invent 2025: Know Before You Go - AWS created an entire guide to help you navigate their re:Invent sessions about controlling AWS costs, which from a certain point of view is like an arsonist hosting a seminar on fire safety. The real session you need isn't on the schedule: "Why Your Bill Quintupled After Implementing Our Best Practices," but fear not: I'm trying to pivot my talk (COP203: What’s New with AWS Cost Management) to come around to that point.

Automatic quota management is now generally available for AWS Service Quotas - If you're tired of filling out permission slips like a middle schooler, you'll like this. Now they'll auto-increase limits, but only after you've already hit them and your app faceplanted.

CVE-2025-11462 AWS ClientVPN macOS Client Local Privilege Escalation - AWS's macOS VPN client had a privilege escalation bug. They've patched it, but this is why security teams insist on keeping client software updated.

CVE-2025-11573 - Denial of Service issue in Amazon.IonDotnet - AWS just patched a DoS vulnerability in their .NET Ion library that nobody knew existed because nobody uses Ion.