Share this page!

Corey Quinn Profile picture
Twitter logo
5 Jan, 44 tweets, 16 min read
Ask me no questions, I'll tell you no lies--but that's super boring. Instead, ask me your @awscloud questions.

Go!
I don't have any particular roadmap insight, but it's probably something like "Service X now supports Feature-You-Thought-It-Had-Already" and *should* be called AWS Housekeeping.
In baseball, sometimes it feels like you sprint to third base and then just hang out there for the rest of the inning.

That's kinda how AWS services go from launch to maintenance mode to my mind. CloudWatch is vast and complicated, and there's no one right answer.
Because you're mistaking Cognito for an actual service that customers would use instead of what it really is: a brilliantly executed marketing stunt by Auth0.
Yes, but the usage pattern is going to matter a lot. You'll lose money if the provisioned concurrency is sitting idle for protracted periods of time.
You're familiar with "what color should we paint the bikeshed" as an engineering parable?

200 distinct service teams are each tasked with painting four square feet of the bikeshed apiece.
The last time I answered this it became a security vulnerability report and then a re:Invent talk. 2019 SEC-212R.
Aside from a couple of rough edges, "a couple of weeks ago." Seeing something odd?
Because your "dev environment" includes (for some godforsaken reason) a half-petabyte partial copy of the data warehouse.
Because "CSV" doesn't render as valid YAML.
This is the second time I've heard this complaint today. It's not something dumb like "your perf measurements on gp2 don't account for the burst performance when you first provision it" or something, right?
Because @awscloud is a big supporter of open source projects. In this case, @iann0036's.
github.com/iann0036/aws-p…
That's... a hard question. "Stop rolling out new features" is never something customers want--but they also want technical debt cleaned up. The debt is whatever keeps AWS from being able to walk and chew gum at the same time...
"You don't know how to run containers better than @awscloud engineers. Do you agree or disagree with that statement?"
I dropped a DynamoDB table by mistake once and discovered that "Point In Time Restores" do exactly what they claim to do on the tin.
The EC2 section was talking about a 10 tag per resource limit many months after that limit was raised to 50 across the board.
False! Step 1 is always "construct an IAM role / user / policy."

This is what happens when you have an interdepartmental meeting to talk about hitting everyone's adoption metrics and forget to invite someone like me to ask "are you out of your tree" at the proper moment.
I would never say I "knew AWS." Nobody has it all in their heads.

That said: for the common use case? EC2, IAM, S3, VPCs and maybe RDS are enough to get started. Anything beyond that, we're all learning together more often than not.
"Throwing it in the face of people who claim S3 isn't a database."

Had you said "Redshift" instead I'd have responded with "playing chess."
michaelburge.us/2017/09/10/inj…
There are way more efficient ways of blowing $10K a month on AWS bills. From a governance perspective? Organizations, yes; Control Tower, only as a counterexample.
Because XML hasn't gained critical mass yet. #awswishlist
I recommend Route 53 as a relational database.
I don't think anyone's suggesting you run a Docker container in Lambda. The recent changes mean that you can package and ship Lambda functions the same way you do Docker containers, but that's not the same thing.
So far, so good. I'm sure I'll get hired as the AWS Ombudsperson any day now!
All your (data)base are belong to us.
AWS Proton is currently in early preview, so I'm not convinced you can use it as anything other than a learning opportunity at present.

Beanstalk is tainted by the "that thing is old" prejudice which will scare folks away from it, I suspect.
Because they want to vacate old hardware, not "buy more of it." The price cuts take the form of improved price/performance numbers on newer generations.

Then they can use the old ones for Lambda, Fargate, groundwater pollution, etc.
Easy, 100 IBM "Cloud" sized ducks. Ducks only live for a decade at most, so they'd keel over by the time they realized what was happening.
Cynically, I'd say they already have. Otherwise it'd be easy to blow away test accounts without a phone call, payment instrument, and a bunch of manual steps.
AWS makes $46 billion or so a year at last count.

The global IT industry is a few trillion.

You can be right, or you can offer things to capture a mountain of money.
Four monkeys, twenty minutes before the keynote introducing the service in question.

The monkeys would soon be politically driven from the company by the @awscloud Service Namers for making them look bad.
No matter how you slice it, the answer remains the same: @awscloud's strength is in their employees. Destroy morale, lure their staff away through various means, or limit their ability to be effective.

We would also accept "challenge API rate limits."
The one you're not currently in, while the one you're in is taking an outage.
No clue, but what's "next" is not having to think about underlying infrastructure. "Here's a data structure, hold it somewhere for me. Now, transform it like so..."

Some call this "conversational programming."
When you're using HPC *AND* (this is the tricky bit!) know you're using HPC.
Understand the failure modes. Lambda@Edge has to be deployed via us-east-1, but it doesn't live there. If us-east-1 is down, you won't be able to deploy new Lambdas @ Edge, but your existing ones will continue to function.
No, serverless models / principles are the future. Containers are a way for existing workloads to drift in that direction, which is important; if you want to herald in the future, you can't do it by making the present feel ashamed of itself.
By choosing one I'd hurt / annoy all the rest. I have some social skills; I'm not the AWS partner network. Give me some credit!
It's not that simple. There's a use case for every service, it just may not be yours. "Every service is for someone, no service is for everyone."

But I wouldn't trust AWS Budget Alarms to save my bacon from a bill overage.
They'll all become more capable for sure--but the same API calls that work today will work in five years. APIs are considered promises by AWS.

As far as what to recommend? Whatever best solves the customer need / pain, full stop. There's no "wrong" answer from that perspective.
1. It might not be; take a look at DAX.
2. If DynamoDB did everything flawlessly they'd have a much harder time pushing Aurora now wouldn't they.
Pricing model, license bundling, positioned in a way that resonates with corporate IT, custom performant desktop sharing protocol.
Unfortunately the company to yell at is @nvidia. AWS is using their 8-GPU cards for p4d instances. I suspect they'd have a problem making these smaller and still guaranteeing throughput to all tenants, but that's a stab in the dark.

Elastic Inference?

Benjamin Franklin once said “beer is proof that God loves us and wants us to be happy.” Lambda@Edge is argument by counter-example.

• • •

Missing some Tweet in this thread? You can try to force a refresh
 

Keep Current with Corey Quinn

Corey Quinn Profile picture

Stay in touch and get notified when new unrolls are available from this author!

Read all threads

This Thread may be Removed Anytime!

PDF

Twitter may remove this content at anytime! Save it as PDF for later use!

Try unrolling a thread yourself!

how to unroll video
  1. Follow @ThreadReaderApp to mention us!

  2. From a Twitter thread mention us with a keyword "unroll"
@threadreaderapp unroll

Practice here first or read more on our help page!

More from @QuinnyPig

Corey Quinn Profile picture
6 Jan
New game, Twitter.

Find me a job posting that vaguely resembles "what you think I do" and then I will mock it.

It's gotta be at a big company, though; I don't want to crap on some overloaded 5 person startup for a bad req.
I will pick... this one!

What does it mean to work at IBM? A bunch of things that absolutely don't apply to a corporate comms role. Get any thoughts of being valued right the hell out of your non-coding head immediately. Image
Read 11 tweets
Corey Quinn Profile picture
6 Jan
Uhhhh this is not how I understood @goserverless's security model to work.
If I scroll to the very end of a 55KB text file I find this defensive wording: Image
That sure is a lot of words to say "@goserverless will copy up your @awscloud API credentials to their service and execute things on your behalf."
Read 4 tweets
Corey Quinn Profile picture
5 Jan
Great question! A thread.
You're always going to need a piece of paper that says you know things. Eventually it becomes a list of jobs in which you've solved hard problems.
At the start of your career it's a different story. You've got a degree; that's more than I had.

Certifications aren't a bad step. They demonstrate that I can talk about cloud concepts with you and expect you to understand them at a high level.
Read 6 tweets
Corey Quinn Profile picture
5 Jan
Who does @awscloud think they are, Google? Charging for a beta, my god...

aws.amazon.com/about-aws/what…
That said, I will take the beta exam cold and report back if AWS finds a voucher / wants to drum up publicity.

I'll even turn it into a fundraising drive.
If @PearsonVUE decides that an infant or toddler in the next room being noisy voids the exam, I will rain fire and brimstone down upon @awscloud for it.

Sure, it's a Pearson requirement--but it's being done in AWS's name. Image
Read 12 tweets
Corey Quinn Profile picture
5 Jan
Spent the morning setting up @JamfSoftware to manage our company Macs. I've spent so long working with cloud computing that it's unnerving to encounter an interface that doesn't actually hate its users.
Given that I'm a few clickety-pokes away from blowing away a workstation at any point in this thing, I'd want two factor auth to:
1. Support Yubikeys
2. Not be optional
3. Not be buried deep in a sub-menu I had to hunt down.
They all have the red dot in the corner since I haven't enabled app provisioning. I just want to mandate disk encryption, strong passwords, screensaver timings, and remote wipe (AFTER ANOTHER 2FA FOR GOD'S SAKE JAMF)! I can't view those things in the dashboard though. Image
Read 5 tweets
Corey Quinn Profile picture
5 Jan
Screw it, I've got a few minutes. I'm starting a new imaginary corp, "Facebook for Ethics." We're based here in California. I'll walk through many of the ways we'll serve our core mission: absolutely screwing over our staff.

Any resemblance to real companies is coincidental.
We'll start with "unlimited PTO." We very carefully will avoid giving guidance as to what is "appropriate." Is it really unlimited? Try taking six months off and find out!

We need pay none of it out when you leave (voluntarily or otherwise).
We're VC backed and privately held, so we'll pay below market salaries and offer equity. Folks have gotten wise to the "options" game so we're forced to give RSUs to attract talent.
Read 38 tweets

Did Thread Reader help you today?

Support us! We are indie developers!

This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3/month or $30/year) and get exclusive features!

Become Premium

Too expensive? Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal Become our Patreon

Thank you for your support!

Follow Us on Twitter!

Like this author's thread?

Get emails when @QuinnyPig has new unrolls!

Check out other threads from @QuinnyPig!

Read all threads by @QuinnyPig