Ep#111 AWS Services Flashcards Challenge: Can Corey Quinn Define Them All?

Host: Jon

Hi everybody. My name's Jon Myer. Welcome to the Jon Myer podcast. Joining me today is Cloud Economist, Corey Quinn. Corey, thanks so much for joining me.

Guest: Corey

No, thank you, Jon. It's a pleasure to be here. Super awesome coincidence that this is the Jon Myer podcast and your name is Jon Myer. It's like you were almost born for the job. It would've been awkward if it had been someone else's name on the front of it, but here we are.

Host: Jon

I know., I had just taken the Jon Myer podcast label, and I made myself Jon Myer or vice versa, wherever it is, but I don't have to change my name. I don't have to change the podcast, and we're always doing; I can't say the same stuff, something weird, but it's labeled under Jon Myer. Thank goodness I have it back there. I can remember my name.

Guest: Corey

You joke about changing names and whatnot, but I have it on good authority that when Andy Jassy took over for Jeff Bezos, it would've been orders of magnitude easier to, for a bunch of hard-coded internal systems if he had just simply legally changed his name to Jeff. I don't know why he wasn't game for it.

Host: Jon

<laugh>. Why did he just give him an alias for it? Right, <laugh>.

Guest: Corey

Exactly. Andy. Jeff. Why not

Host: Jon

<laugh>? That one actually works better for some of those automated systems. We're going to talk about some automated systems, so everybody, today we're going to have a little bit of fun. Corey has a set. I have a set, thanks to Corey. I have a set, if you haven't seen it on social media, check it out. We literally have a full onset of AWS services and cards, but unfortunately, as of today, they're outdated because there are probably more services to be added. Sorry, Corey, I had to take that from you.

Guest: Corey

No, since the start of this recording, I'm sure they've launched no fewer than three more, most of which can probably run containers.

Host: Jon

<laugh>, you never know. We're going to talk about their services today. So today's episode is all about learning AWS and its services. By the way, this is a disclaimer. Please do not use any of this information for their certifications or exams because you might get it wrong. Considering that I'm going to challenge Corey on some of the AWS services and what they're used for.

Guest: Corey

Excellent. I I'll, I'll play that game. And you should also probably not use them too confidently sounding in work discussions, because when I say that Route 53 is a database, which it is, it comes across as quirky and endearing. Whereas when you try and say that to someone in a job interview or to your boss, when you suggest that for a problem, they look at you like you've just popped a circuit somewhere.

Host: Jon

<laugh>, actually, that would should be one of the loop questions. What is Route 53? And when they say, well, I used it as a primary database for my stuff, they're intrigued by the bar raises on how they used it.

Guest: Corey

Exactly. How did you disagree and commit to that one? Yeah, I disagree in commit. That's how I code passive aggressively goes well

Host: Jon

And have a backbone, right?

Guest: Corey

Oh yes.

Host: Jon

All right, so Corey, you

Guest: Corey

Use backbone. Although I think Angular was the hotness at one point too. Now it's all React

Host: Jon

<laugh>, but bum <laugh>. So Corey, are you ready to get started?

Guest: Corey

I'm always ready to make fun of AWS services, kind of my stock and trade.

Host: Jon

All right, we're going to have a little fun. Corey, I have a deck. Literally, I feel like I'm going to slide out on all these cards, which are pretty cool. Huge shout out to the team. And by the way, I reach out to the team because the website doesn't exist. AWS flashcards.io. How did I give you credit for it? People want these comments down below on how do we get ahold of you. Adrian, James, and Kyle, can you, thanks for the cards.

Guest: Corey

All right, and I want to be clear as well, do not play poker with AWS service cards because you can that win and still go broke. In fact, you will lose all your money, especially if you win.

Host: Jon

I'm, I'm going to die laughing already on this show. Okay, ready? Corey, do you want the service, or do you want me to read the description? You know what? I'll give you the service. Either choice,

Guest: Corey

I'm easy.

Host: Jon

All right, <laugh> sounds better. Is that too much? Okay, are you ready? Corey? Cloud nine.

Guest: Corey

Ah, Cloud9. Effectively it's AWS code spaces. It's more or less an early arrival to the idea of desktop that lives in a browser, and runs on, of course, billable AWS services. So you can now do all of your codings inside of Google Chrome, which is increasingly everyone's operating system of choice. The problem, from my perspective, is that they announced it, but it had a few bugs. I was looking forward to seeing them get fixed, and then it was frozen like a mosquito trapped in amber for 10 million years, and I don't know a lot of movement around it. I like the concept; I like the approach. I didn't like the glacial pace of feature advancement in that space until GitHub got into it, and then suddenly, oh wait, are we driving here? I fell asleep at the wheel again. Oops. I should probably pay more attention. That's a little unfair, but not by much

Host: Jon

Very

Guest: Corey

Close run containers. <laugh>,

Host: Jon

That's very close to the description. AWS Cloud9 is a cloud base integrated AWS Cloud N. Wait, why are they? Okay, this is a typo. On your card, by you say “deAWS” duplicate thing. No. All right, let me correct that one. Integrated

Guest: Corey

I have no idea how normal people would frame this stuff if you're expecting me to quote chapter and verse from how they're described by people trying to teach folks things.

Host: Jon

Yeah, it lets you run right and debug your code into a browser. And speaking of Chrome, I'll tell you what, it's the best browser operating system. You said operating system before of choice.

Guest: Corey

That surveillance platform

Host: Jon

<laugh>. It is. Okay. The challenging question for you. How many tabs do you have open?

Host: Jon - AD

Hey, this looks like a good place to jump in and talk about today's sponsor. Veeam, how would you like to own control and protect your data in the cloud? Are you using Salesforce? Veeam has you covered with Veeam Backup for Salesforce, backing up your Salesforce data Everly, whether it's on-premise or in the cloud. Honestly, why wouldn't you back up your most critical CRM data from loss or corruption? Now, imagine your sales team coming in and not be able to recover all their information, their notes, their pipeline because it's the one thing you didn't think you needed to back up. How about doing it effortly with Beam backup for Salesforce? While there nine reasons that you should back up your Salesforce data? How about just two data loss and data corruption being backup for Salesforce eliminates the risk of you losing your data and metadata due to human error integration or other Salesforce data loss scenarios? Check out Bean bag up for Salesforce today. How about we get you back to that podcast?

Host: Jon

Okay, the challenging question for you. How many tabs do you have open

Guest: Corey

Right now? Very easy. I have two, one of which is for the podcast I was just on, one of which is for this, and I've closed everything else because that would be cheating otherwise.

Host: Jon

Wow.

Guest: Corey

But usually, I have hundreds of tabs open because I am a pack rat.

Host: Jon

What are the features?

Guest: Corey

I have multiple windows, too, because, of course, I do

Host: Jon

<laugh>. What are the features they should do for Chrome is dump the texts or something. Dump all your tabs to texts. Then I can start fresh. Instead of going, they have

Guest: Corey

Extensions to do exactly that, which is do they in the best tradition of the open source world, huh? Patch is welcome. You worry about it. We're not going to build anything like that because we don't know a good way to display ads in that part yet.

Host: Jon

<laugh>. All right, next one. This one's going to be near and dear to your heart. AWS budget. Sorry. No, pretty pitcher.

Guest: Corey

AW S budget lets you set a budget. I dunno if you're allowed to use the term itself to describe the thing, but roll with it where you can say, I expect that this should be under $50 a month, let's say for something, and alert me when I hit certain thresholds on it, on a particular cadence week, daily, weekly, monthly, or just when you hit certain thresholds, and that's great. Somewhat recently. It's also started doing some deviation monitoring slash integration with the cost anomaly detection functionality, if memory serves. The problem is, is it's driven, of course, by the AWS billing system, which alerts you on cost data a couple of days after you did the thing that just completely blew the budget. It's the evolution of billing alerts.

Host: Jon

I literally just got a budget alert this morning that I was over in one of my test environments because I'm building a workshop. I'm like, oh, shoot. Got to turn that down. All right, so the definition is that AWS budgets give you the ability to set custom budgets. Look, they use budgets in the definition as well. All right? When your costs are used, usage exceeds or a forecast to exceed your budgeted amount. Wow, three budgets in that sentence.

Guest: Corey

They tried to change the definition, but they couldn't budget.

Host: Jon

They had a limited budget for changing it. All right? Exactly. Okay, got to there. There's got to be one. Oh here. Oh, here we go. AWS Cost explorer. I love the face <laugh>.

Guest: Corey

It's a somewhat limited visualization tool around what factors have driven your spend over arbitrary time periods. It on larger accounts, it takes an awfully long time to render. It fails to do multi-variate analysis super well, but it lets you filter and group upon a variety of different cost axes, be it linked account, be it region, be it service, be it usage type. It can exclude or include things like credit supplied to your account. It can take a look at raw costs. It can amortize it out for things like pre-purchase agreements for reserved instances and savings plans. Mostly it is a source of eternal sadness when you're poking through it.

Host: Jon

So everybody, I a little recap on what we're doing here. Corey Quinn and I always feel like I need to pronounce your full name. It just rolls off of your tongue. I don't know why

Guest: Corey

It does. Oh, one caveat as well, since I am, of course, a cloud economist, cost explorer itself is free. The API for cost explorer costs one penny per query.

Host: Jon

Okay. I could see a lot of queries happening and what you're doing, yes,

Guest: Corey

You can, depending on what you have linked up to it, that's grabbing data. It feels like an amateurish attempt at rate limiting on some level, but if you can make money by charging people to do it, that makes sense. I also kind of suspect it's to keep automated systems from just hammering that endpoint to death.

Host: Jon

So they charge you money to look at your cost. That's costing you money to

Guest: Corey

Query it programmatically. Yes.

Host: Jon

Yes. Query it. Programmatic everybody. Just to let you know, Corey and I are working together and learning AWS through the AWS cards. It's AWS flashcards by the way. He's got a set. I got a set Where we're challenging Corey on what these are. He does not know what I've picked. Not at all, and in fact, I can roll through all these cards and pick some of them for 'em. We're just talking about AWS cost explorer, and it's an easy-to-use interface that lets you visualize, understand and manage your AWS cost and usage over time, and I'm just the only reason in the first sentence because we don't have time to read all of it. This card,

Guest: Corey

I would not call it easy to use, but again, that's why I will never get the wording precise on these.

Host: Jon

Well, I knew you would get a kick out of the easy-to-use part. All right. Oh, here's a good one. AWS Trusted advisor

Guest: Corey

Plausible advisor, more like it. It's a series of checks that look across the various pillars of the well-architected framework. As best I can tell, it's the alignment they're going for and figuring out which things you can do in your account that it sees when it refreshes the analysis. To get the full suite of checks, you have to pay a minimum of a hundred dollars a month per account in support, which means business tier or higher. And at that point, they start unlocking things like how to save money on it. Their cost analysis is particularly laughable. It tells me that I can save a grand total of, I think $70 by turning off an idle instance and then buying a then rightsizing that same instance I just turned off and then buying a savings plan or reserved instance for that thing that I just turned off to save the money. Then they add all those things together. Welcome to AWS budget land, and from my understanding, an awful lot of their recommendations along other axes are equally unhelpful because I never see customers talking about it in any meaningful sense. They have, they've gated themselves with a paywall, and then once you get through that paywall and you start using it, the recommendations are largely crap. But I'm betting that's not what the card says.

Host: Jon

I think I'm very intrigued by the definition. Is that short by the way, on the card? So there's two. I don't understand the top and the bottom part. It says an online resource to help you reduce cost increase performance, and improves security by optimizing your AWS environment. The other sentence is the definition, I guess says Trusted advisor provides real-time guidance to help you provision your resources following AWS best practices. Well-architected review,

Guest: Corey

I strongly push back on the real-time analysis aspect of it. It takes at least a few days after you make changes and then refresh the checks for it to start seeing it

Host: Jon

Near real-time. All right,

Guest: Corey

Real time-ish. Real ish time. Yeah.

Host: Jon

Oh, okay. Oh, I found an, oh my God, I'm getting a kick out of these. I just sent your response. S3 Glacier

Guest: Corey

Not to be used with Glacier, which was originally a service. Then, oh, we're going to make that a storage class for s3. The goal being that you can use this for archival purposes now, they've recently expanded it to instant retrieval, which just means that you wind up storing this data for less money and then when you retrieve it, it it's there instantly. As opposed to the traditional glacier and a course, glacier Deep Archive, in which case re retrieving data is usually measured with a calendar rather than a stopwatch. Now you can be sarcastically mean to your customers and have that spinning dial on the webpage, go on for 12 hours, but usually most people don't. It's great for audit approaches and the deep archive component of it is terrific. If you'd never wanted to have to delete anything ever again, that works out to a thousand dollars a month per petabyte, which is basically who cares about Money.

Host: Jon

I don't think they should put a cost on these cards at all. They can put durability 11 nine s durability, but it says customers not

Guest: Corey

Every AWS service, with the exception of reduced every S3 storage class has 11 nines of durability except the no longer used and mostly deprecated reduced redundancy storage, which had three, even infrequent access one zone in a single availability zone still has 11 nines of durability because disaster recovery metrics do not factor into that durability figure.

Host: Jon

Well, that's actually interesting because it says customers can store data for as little as 0.004 per gigabyte per month as it cost savings and it's a secure doorbell. You got it right on. Secure, durable, and extremely low-cost cloud service for data archiving and long-term backup.

Guest: Corey

I don't believe deep archive is anywhere near that expensive, but I'd have to check and that would be cheating. That's why you don't put cost on these things. One price update and suddenly you don't have a story anymore.

Host: Jon

Yeah, I don't think so. There's a little bit of that feedback and in fact, you can put this into your enhancement request. Leave cost out of it, cost changes so frequently durability is actually usually around forever. All right, your next one. AWS IAM

Guest: Corey

The service AWS IAM didn't find a way to charge for direct identity and access management. Are you allowed to do a thing yes or no? Default deny across the board as opposed to Azure, which is sure seems plausible. Why not? Effectively now, assuming we're not included with the service formerly known as AWS SSO, but it's effect is a way of handling of controlling access requests for humans, for other accounts, for services, what is allowed to operate on certain resources with certain actions. It's basically a checkbox Wonderland is usually expressed as either YAML or as JSON because people are sad all the time.

Host: Jon

<laugh>, Jason, and so wait I saw SSO in here since. This is why cards

Guest: Corey

Aren't technically, but not speaking YAML directly. Most of the tools I work with do translate back and forth because no one is happy.

Host: Jon

No one's happy with which one they're using. And you are very correct as I am featured for your AWS account offered at no additional charge, you'll be only charged for the use of other AWS services by your users. Well, that's an interesting ad, for it enables you to manage AW services and resource security. Wow. Corey, I'm looking at like 3, 4, 6 of them you got right. It's very tough to stump you.

Guest: Corey

The real fun to start making 'em up and seeing if I call it out or not.

Host: Jon

Well, I'd have to get a fake card and make up a service and you'd be like,

Guest: Corey

Exactly. And who has time for

Host: Jon

That? Infinite. I could have got a card for that. Damnit. There should be a card for it. <laugh>. All right. Dun dun da. You knew I couldn't resist this one. You're famous AWS Route 3 53.

Guest: Corey

It's a database. They're going to say it's a DNS service. They're wrong. It's a database. Curiously, the last two in a row, IAM and Route 53 are the only two services that AWS has that I'm aware of with a 100% SLA. Route 53 s is public. IAM is implicit because, realistically, if security stops, you don't have a cloud anymore.

Host: Jon

Does most of it? Why does it seem like, I know I am supposed to be global, but I know in US East one if that usually has a hiccup global, does it ever have an issue?

Guest: Corey

They have. I have not seen one to be clear. Okay, and they wind up having differentiation. They talk about this in their regional durability white paper that came out late last year or earlier this year. Time is a fleeting thing and they talk explicitly about how control plane and data plane are separated. So when US East one had problems, route 50 threes, sorry, sorry. When Route 50, yes, when US East one has problems, S3 had trouble provisioning new buckets, but you could still use existing buckets in other regions when Route 53 was impaired, creating and managing zones was a problem, but existing zones would still resolve and return data for as long as in some cases that they would age out. Not gracefully, but it would work. Whereas making changes to things when US East One is having trouble means you might not be going to space today.

Host: Jon

<laugh>. All right, so Blue Origin, here we come. Amazon Route 53 is a highly available database, no, I'm sorry, domain name server. I couldn't resist. Web service is designed to give developers and business extremely reliable, cost-effective way to route end users to the internet. I noticed that on

Guest: Corey

Those. Yeah, that's DNS. I mean that there is nothing differentiating there between that and any other DNS provider that is at a significant scale

Host: Jon

Except

Guest: Corey

This one. Take out the highly available and durable part and that's your local DNS server too. If you want to spend one of those up.

Host: Jon

I actually tried, I did one of those. It's nice to manage locally, but a pain

Guest: Corey

If it does two things too, it's also, it's a resolver and it's also an authoritative server for zones that are delegated to it.

Host: Jon

Can you use Route 53 externally and internally for AWS? Like internal resolution can, all right,

Guest: Corey

Just turn. You can do split view slash split horizon DNS or solution with IT as well. They're also private only zones. You can have a public and a private zone for the same thing. Depending on where you come from, you get different results when querying it. Since everyone loves to talk about cost on these cars, I'm surprised they didn't mention it there. Lookups are generally free if it's to an alias in record for an AWS service and charge per million or billion. I forget the exact numerical breakdown on that publicly. Usually if Route 53 is a significant cost driver, there's something else going on. Not that doesn't get somewhat expensive, but to do that, you're usually getting other things to be really expensive.

Host: Jon

I did notice that on both of these, you hinted that they have, they're the only two that have 100% uptime. Mm-hmm.

Guest: Corey

One, only one, sorry. 100% SLAs. Oh,

Host: Jon

Sla.

Guest: Corey

An explicit public SLA of 100% for about 53 on the date of layer and they do not make an explicit public SLA statement, of which I'm aware, but it down for five seconds a year is still going to cause widespread and massive disruption.

Host: Jon

All right. I have

Guest: Corey

Too fun. Now uptime is just a question of how successful has a thing been.

Host: Jon

All right, my next one, we're going to do a couple more because this is, I'm having too much fun challenging you on some of these though. You get are getting 'em all right according to the cards or at least you're a little off on the definition on the back, but that's all right. We can skate

Guest: Corey

Around. Yeah, I don't speak marketing

Host: Jon

<laugh>. All right. AWS outpost

Guest: Corey

Yes. It solves a age old problem where you have workloads that you want to run on premises but can't figure out a way to do it. That doesn't include paying AWS by the hour for it. So what this is is a rack that they ship out to you that they stuff chock full of servers. Historically they have small one and two U server options also called outpost because that's confusing that run a subset of AWS services. They do need to be connected to a region. Things start going wonky. If they're disconnected for too long, they're effectively a way of broadening AWS into your very own home. That is not quite accurate. You do need a loading dock and enterprise support. I've checked,

Host: Jon

Wait a second. Have you tried to get one delivered to your house?

Guest: Corey

Yes, <laugh>. I'm not prepared to pay the $180,000 a year enterprise support fee for this,

Host: Jon

So if there wasn't, I

Guest: Corey

Can fake a loading dock. That's the easy part.

Host: Jon

So if there wasn't 180,000 enterprise thing, you'd have one at your house.

Guest: Corey

Oh, absolutely. But now to do that, I've basically have to hijack a truck and who has that kind of energy?

Host: Jon

<laugh> say energy. That money. Did you see the recent, before I read the definition, did you see the recent release that happened two days ago for the AWS modular data center?

Guest: Corey

It's basically an AWS Outposts. It's going to be dropped from orbit onto something. In other words, it's a military-grade equivalent of outposts that meets snowball edge devices, and of course is yet another entry in the pantheon of AWS services that can be used to run containers.

Host: Jon

Well, speaking of that, it ships in a container.

Guest: Corey

Oh, it absolutely does. It also ships to my understanding along with a few paratroopers.

Host: Jon

It does though. I think it, so it's dubbed a W S mdc. I'm thinking they missed the mark on here and it should be AWS mc for mc in your data center that that's just me, but I'm bumped.

Guest: Corey

That's for you that it is me.

Host: Jon

<laugh>. All right. AWS Outposts is brings native AWS services and infrastructure and operating modules to virtually any data

Guest: Corey

Center pricing

Host: Jon

<laugh> in collocation space on premise seamless hire. AWS removes the complexity of hybrid cloud.

Guest: Corey

Spoiler. It does not. I knew some of that complexity.

Host: Jon

I knew you were going to get that. Oh, wait, I got two cards. Wait, wait. I got two outpost cards. Is there one second? Outpost

Guest: Corey

The same thing on your side. Well, they have two implementations of it. One is the rack and one is the small individual box services.

Host: Jon

They're the same runs. Hybrid. Hybrid. Hey, I got to double the pleasure here. All right. Oh, no, those are not too, okay, wait, I had another one. Ah, what about Amazon Virtual private cloud?

Guest: Corey

Yes. It's a networking abstraction that effectively lets you define a series of subnets with particular addressing in an AWS style environment. Once upon a time, everything was just public and had a public floating IP and could theoretically talk to almost anything else in the bad old days. Now that was called EC two classic, which was then put out to pasture, yada yada. Now it is effectively the networking equivalent of your data center in the cloud, which is a great way to think about things if you want to effectively worsen your cloud experience to improve your data center experience. For some folks, that's a fair trade. I consider it more of a transitional step, but context is always going to be king by default. It does not cost anything directly, but okay, other ways to fix that.

Host: Jon

I have to touch on that because I know I dropped you a note probably a month ago. I started seeing in my cost used to explore VPC was part of it, and yes, there

Guest: Corey

Will be three the charges under the umbrella of VPC, specifically for endpoint hours, for managed NAT Gateways, for unattached elastic IP addresses, for data transfer in a few different arcane ways and a few other pieces here and there, but I don't recall offhand all the different charge codes.

Host: Jon

Why wouldn't they break that out into those individual items and not group it under VPC? It's kind of a misnomer that or mist the where else would you put

Guest: Corey

Charges in there as well? Otherwise, you wind up with them scattered. All four wins there. There's no rhyme or reason to where they put things on the AWS bill. They used to have a miscellaneous category that for some reason they like to call EC two other.

Host: Jon

What did they

Guest: Corey

Group in there? That's where managed neck gateway chargers show up.

Host: Jon

I'm missing that car. I know that would've been a good one, but it got too many services to find out that card <laugh>. All right, so Amazon virtual private Cloud, also known as VPC, lets you provision a logical isolated selection of AWS cloud where you can launch AWS rec. There's a lot of AWS in this definition, okay, and virtual that you someone just paid by the word. Well, there's a lot of words on the back of this. All right, everybody, real quick, I just want quick recap. Cory Quinn has given his best knowledge and definition of AWS services now. He's very close. He has rounded out we'll just say about 10 of them. We're going to do about five more before we wrap things up. This is fun and humorous and I think I'm going to bring these the next time Corey and I are together and I'm going to pull them out and be like, all right, Corey, what's this? And we're going to see and challenge him. I'll give you the deck and you pull it out and you ask Corey, what is this server? You're going to be amazed at some of the things he said. All right, Corey, you ready for the next few?

Guest: Corey

Hit me with it.

Host: Jon

Oh, AWS managed services AWS. I love your facial

Guest: Corey

Reactions specifically to compete against that class of company that will go ahead and manage and run your AWS environment for you. It's a team of people that will curate a subset of AWS services because even AWS themselves doesn't want to be responsible for the full gamut, and to my understanding, are more of a longer-term ongoing maintenance approach than AWS pro serve. It's, it's a little weird to think of that in the context of being an AWS service because it's more of an AWS team and an offering built around humans rather than computers, which is a bit off the beaten path

Host: Jon

AWS,

Guest: Corey

And every time I see amms is an acronym, I think someone flipped a glyph somewhere.

Host: Jon

I gotcha. Hey, well, you know what? It actually worked out pretty good because AWS managed services provides ongoing management of your a s infrastructure so you can focus on your applications. All right, we're going to do four more. I'm just having too much fun like figuring out, oh, AWS Cloud front.

Guest: Corey

It's a CDN built from first principles and usually, it was an exercise in teaching customers patience because you could update a CloudFront distribution that would scatter to all four corners of the world in more time than it would take to hit one of those cities with a ballistic missile. It was basically go out to lunch, come back and find out that you screwed up a character somewhere. Try it again. Functionally, it acts as getting your content closer to where end users are. It's also, of course, a service you need if you want to have a website served out of an S3 bucket with a custom domain, it's a treasure and a joy picture, CloudFlare, if it were worse and you're pretty close.

Host: Jon

I know the pain that you mentioned. I've deployed it out a bunch of times. Notice that the images and stuff were very stale. You go and void all of you.

Guest: Corey

You do a manual passion validation,

Host: Jon

So you do like an asterisk and it just clears it all or whatever, but you have to wait like 30 minutes to an hour and then you got to check, and if you check too soon or check too quick, you'd see the old images.

Guest: Corey

I've recently had some significant performance improvements as far as updates go, but it's still frustrating when doing a Lambda Edge function, for example, to wait for the deploy to go through and populate that ever before you can test the thing. So iterative development in that sense just becomes annoying.

Host: Jon

AWS Cloudfront is a content delivery network CDN, that service, okay, that securely delivers data, video applications, and APIs to customers globally with low latency, high transfer transfer speeds, all within a developer-friendly environment

Guest: Corey

That's developer friendly.

Host: Jon

I knew you'd like that. Oh man.

Guest: Corey

This try and claim was low cost because the cost is variable depending upon where the requests are coming from, where are your customers sitting? That will impact what it costs per gigabyte to deliver content to them via front. It somehow makes AWS's usurious egress pricing even less deterministic.

Host: Jon

I found the card for AWS SSO. Does that still exist? Ah,

Guest: Corey

It does. Just renamed a WS I m Access identity center because someone is paid by the word. It's a federation approach for humans to get somewhat temporary credentials into an environment either in the console or as environment variables. You can stuff into things. It replaces the idea of long-lived IAM creds that people get careless with in the fullness of time. It winds up working across multiple accounts simultaneously within an organization. You can wind up having a different source of truth for the identity aspect of it. Most people use Okta or something like that, and then it spits out accounts and roles within those accounts that you can assume it's for humans, not for programmatic interaction. Those instead should be using role assumption or instance based execution roles or something similar to that in that vein. And the advent of IM anywhere somewhat recently means all you need to get an IM role assigned to something. Is a SSL certificate signed by the correct ca?

Host: Jon

Do you want to know L? Look at the back of this card. Do you want to know how many times SSO appears take?

Guest: Corey

I'm guessing they didn't you to do it.

Host: Jon

12 times. 12 times SSO. Okay, that's, that's a lot of SSO.

Guest: Corey

The documentation for the service even before and after the rename is garbage. You have to basically stumble your way through setting it up the first time to really understand it and then the light goes on. But ugh, that's some gnarly brambles you're waiting through beforehand.

Host: Jon

Speaking of the light going on, I'm going <laugh>, I'm laughing before I show you <laugh>. I'm sorry. Amazon chime.

Guest: Corey

Okay. Amazon chime divides into two things and people misconstrue it. The Amazon Chime SDK is a communications SDK platform for video chat, et cetera. It is what Slack uses under the hood for its video calling, for example, and that service is awesome. Then you have Amazon Chime, the desktop application that nobody likes and everyone says that it's awful, terrible, et cetera, but it makes more when you realize for what it is, which is fundamentally a test bed application for the CHIME SDK, it is the one saving grace that application has, and I will give it credit for this one minute before your scheduled call. It calls you to join the bridge. It doesn't mean you can't be passive-aggressively late to a meeting. You just have to be a little bit more proactive about that.

Host: Jon

I actually missed that. That was one of the things where I liked it, that it called me for any meetings that it would happen, and I use Chime to chat with various Amazonians, but Amazon Chime is a communication service that transforms online meetings with a secure, easy to use application that you can trust.

Guest: Corey

It transforms online meetings. Is that what it says?

Host: Jon

Transforms online meetings.

Guest: Corey

I would not accuse it of doing that

Host: Jon

With a secure easy to use application that you can trust.

Guest: Corey

Well, it has almost no features, so easy to use could mean that there are no buttons to click, so that's nice.

Host: Jon

Okay, 1, 2, 3. I threw SSO as an extra one. Two more. All right, two more, Corey, and we're going. We'll wrap things up. I'm just having too much fun at this. Oh, AWS Lambda.

Guest: Corey

What was the line I used in my first issue of the newsletter? Mary had a little Lambda S3 source of truth, and every time that Lambda ran, her bill went through the roof. Yeah, it effectively is right code package it up these days via container, but once upon a time, with this custom arcane interface that required manual zipping of files and the rest, it turns into an event-based architecture when a thing happens, be it the passing of time that fires off an event bridge rule, an HTTP request, et cetera, et cetera, it runs the code on whatever input it has been given and then does whatever that code says to do. It has some constraints around that have been expanded over time. Now it's up to 15 minutes maximum possible run time, which is an innovative solution to the halting problem. I will say, how do we know this loop will terminate well after 15, then it's, it will terminate the end, a very Gordian knot style for solution that we taken there.

Guest: Corey

It also has constraints as far as the amount of RAM you can allocate to it. 10 gigs last night checked and CPU power number VCPUs scale linearly with RAM allocated. So if you want it to run faster, give it more ram. Not the most intuitive thing in the world, but there you have it used to have slash temp limited to 512 megabytes, so now you can get ephemeral storage attached for up to 10 gigs on that, and the rest of the file system is read-only. So if your application isn't expecting that, expect tears before bedtime. Have I nailed the salient points?

Host: Jon

You're very close on the definition. I'm going to give this one to you as a point. You haven't missed a single one. AWS Lambda will let you run code without provisioning or managing servers. You pay for only the compute time you consume. There's no charge when your code is not running. That's a clear definition. All right. All right, one

Guest: Corey

More charge for the storage of the idle function code, which is power to them. That means every account has up to 75 gigs of free storage, so you can build a database out of that sucker.

Host: Jon

There's some tips that you've come across that you've highlighted for everybody on how to use or get some additional storage. I like that. I'm trying to find, well, this is an old one. I haven't heard of that one. Wait, didn't we do? Oh, no. Oh, we're going to do this one. This is a good one. I'm fighting the one I'm going to get the most kick out of pretty much. All right, so as a cloud economist, Corey, I know you'll probably get this one correct, but just in case you don't, I have a secondary card that will pop up and just in case it is AWS cost and usage report.

Guest: Corey

Oh, Christ. These are the long form AWS billing data. It lands in s3. You pay for storage, you can request it in multiple formats very often. If you want to do something even slightly useful with it, you'll use something like Glue or another ETL process to wind up transforming them. Athena being an obvious target, but there are many others, and it winds up giving you an hour by hour resource by resource deep dive breakdown into a sarcastic amount of information regarding the AWS bill fund tip. They are never actually finalized. There can be changes made to cost and usage reports after the month has ended and the new one has begun, in fact, back several months. There are occasionally changes just to keep us all on our toes. It is the most complete and thorough billing data available publicly to AWS customers.

Host: Jon

You're right on to it. The AWS Cost and Usage Report, also known as what Corey?

Guest: Corey

The CUR

Host: Jon

List AWS for each service category used by the account and it's IAM users in hourly or daily line items. By the way, there is hourly costs associated with it, so just note there's always a cost of that as well as tags that you have activated for cost allocation purposes. Well, Corey, you are 20 for 21. 10

Guest: Corey

Bit on that is the cost allocation. Let's be clear. The cost allocation tags need to be enabled, and once that is done, those tags are visible going forward. They do not show up retroactively, so you have to figure out what fun questions finance is going to ask you about the bills six months from now and start allocating a tagging strategy for cost allocation tags that will be responsive to those requests. Does it sound like a pain in the ass? That's because it is.

Host: Jon

Hey, so what you're saying is tags are important.

Guest: Corey

Yeah, so now that you can have 50 tags per resource, it can also beat That's right. A database

Host: Jon

<laugh>, but not every resource accepts tagging though. Correct.

Guest: Corey

The list of resources that are not taggable gets smaller all the time. I don't recall the last time there was a generally available service that was launched that did not support tagging, but there's been an effort to for go back and retroactively fix some of the lack of ability to tag on creative resources. Some used to be you'd create the resource and then you'd have to make a separate call to tag them. It's been a bit of a mixed bag

Host: Jon

Way back then. When I originally started out in AWS, tagging was important. Not all services accepted, and I think we had 10 tags per each one at a developer who created his own tagging system and tagging application to go back and tag all the services being utilized. There was actually some open source stuff. What was it? Tag monkey that went around and kind of tagged any of those resources. Very critical time consuming, but very important when you want to allocate things and reduce stuff. Not only security through service control policies, but like Corey mentioned through the cost oxygen usage report,

Guest: Corey

Someone recently in the last few years, you can use tag-based access control, which I thought was a recipe for disaster, but those predictions have not come to pass much, which is, yeah, I like being wrong in the right direction. The IT is also worth mentioning that they have use that goes beyond just cost. I like to tag data based upon its applicability to various compliance controls. Is this HIPAA controlled data? Is this pii? What is the sensitivity of this? And people can start making policies and controls based upon that as well. Also, let's face it, humans are never going to tag things effectively. It requires rote adherence to doctrine and a lot of busy work computers have to do it. They did. People do the good citizen efforts, although now there's a lot of flow that winds up doing this automatically. You're going to tag the EC2 instance. Good for you. Gold star. Did you remember to also tag the elastic IP address you attached to it? The EBS volume, backing it, the snapshots of those E B S volumes, the data that winds up getting spat out of that, and of course the entrance, the entries that show up in cloud trail and in CloudWatch logs from those applications running on those things. How do you wind up attributing those things back, and it becomes a dizzying rats nest nightmare very quickly?

Host: Jon

Even the data that you house within S3 and the classifications of it, tagging that for not only usage later, but archiving as well. I mean, tagging is critical. Life

Guest: Corey

Cycle policies can take effect based upon tagging. Well,

Host: Jon

Yeah, actually, so I did a course on that and I talked about DLM and how important it was to tag your instances only for the civil fact is that you can do lifecycle policies based off of tags. No tags, no lifecycle policy, which actually translated to back to the snapshots automation is key because what'll happen is you'll spell something with a lowercase, I'll spell it with an uppercase, and you might spell it one way. I might spell it another way, and it's just like prod versus production, and you have to do it automated so that it's spelled the same way everywhere and that you tag it throughout the entire lifecycle of the application or service.

Guest: Corey

Yeah, it's you need something automatic that's going to wind up addressing that. Oh, for fun. Just because people sometimes get surprised by this at scale, every API in AWS, including the tagging API has rate limits. So if you're running something across 10,000 resources, build a queue and then drain that queue. Don't just run a shell script in a loop and then wonder why everything exploded.

Host: Jon

I wonder why it all stopped. Corey, I have cards galore all over my desk. This is a huge mess. Corey, before I wrap things up, I want to share with everybody, we got something awesome coming up in Seattle here the second week of March, full first week, we're doing something awesome with Chief Evangelist, Jeff Barr also Steven Barr. We're going to do a sit-down recording at Jeff's house. Are you looking forward to this?

Guest: Corey

I am too. My, I'm assuming, just for sake of argument here that Jeff has absolutely no idea we're coming. It's going to be half podcast video recording, half bungled home invasion, from my understanding of it. So giddy up. I'm here for

Host: Jon

It. We're going to show up knocking on his door. Jeff, we're here.

Guest: Corey

Can Jeff come out and play

Host: Jon

<laugh>? That's what he do though. I heard he has a pizza oven. I think we're going to dive into some of that home-style pizza. Sit on a chat. We're going to look at his recording set up. It's

Guest: Corey

A testament to Jeff and his reputation and just what a nice person he is that I will eat food that he prepares for me. There are very few AWS VPs that I will give a straight shot to poisoning me. So yeah, Jeff is a real one.

Host: Jon

So this is the first time in the only time, and I hope you can have all your documents updated.

Guest: Corey

Oh, yeah. It'll be fun. I'm looking

Host: Jon

Forward to it. I love that. Pause right there. All right, Corey, this has been awesome. Thank you. So <laugh>, I'm going to dial off. All right. This has been awesome. Thank you so much for doing this with me and going through the AWS services from this awesome book and flashcards provided by AWS flashcards.io, Adrian, James, Kyle Yin. Thanks for sending me these. We're going to have a lot more fun with them in the future, by the way.

Guest: Corey

Oh, I expect so. It'll be the world's saddest taro card reading if nothing else,

Host: Jon

But

Guest: Corey

Boom. Wind up doing the layout, the spread, look at all the services and Oh no, your startup is going to die. Yeah, almost matter what the cards say.

Host: Jon

I have another idea. Okay, so you just set me up for another idea that I we're, we're going to do with these cards next time around. In fact, I might bring them with me and I might lay down. All right, I'm not going to spoil that. We're going to have a lot of funds. I'm bringing this to Seattle.

Guest: Corey

I'll see you there.

Host: Jon

All right, everybody. Corey Quinn, Cloud Economist. Corey, thank you so much for joining me.

Guest: Corey

Thank you for having me. It's always a pleasure to indulge my love affair with the sound of my own voice.

Host: Jon

Well, I'm glad you enjoy it, everybody. My name's Jon Myer. Don't forget to hit that, like subscribe in, notify, because guess what? We're out of there.