Reminded for the 395147th time that any changes you make to AWS API Gateway settings do not take effect until you re-deploy. This time it was resource policy (again). It would be super-keen if there were a "looks like you made a change, do you want to deploy it?" experience. #awswishlist

@filmaj I’ve been overseeing some replication projects and a shard/partition sequence number would go a loooong way too. I know it’s in there! It’s present but not explained in the stream api but I don’t think it’s in the rest api! #awswishlist

@loige I do wish Rust would become a first class lambda language, especially seeing as there’s AWS buy in and sdk development #awswishlist

YAY! We now have two ways to connect to EC2 instances without a bastion host:
- SSM Session Manager (existing)
- EC2 Instance Connect (new): https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/Connect-using-EC2-Instance-Connect-Endpoint.html

But still no way to connect to a non-public databases/caches such as RDS/ElastiCache/DocumentDB etc. #awswishlist

TIL #aws API Gateway HTTP APIs are not yet available in Osaka region.

#awswishlist

Hey @AWSCloudFormer , I'd like to see the stack template for a given point in time (and compare it with prev/next updates).

Example:
Update (v1) -> Update (v2) -> Update (v3/latest)
Let me compare how v2 looked like and what were the changes coming with v3

#awswishlist

The fascinating thing is that AWS open sourced firecracker and outside a few companies nobody seems to care.
---
RT @brianleroux
I doubt they would but Amazon should open source DynamoDB #awswishlist
https://twitter.com/brianleroux/status/1647638028515676161

@sebsto I just tried it with a hard-coded VPC ID like this:

```
" "StringNotEquals": {
"aws:ec2InstanceSourceVPC": "vpc-12345678"
},
```

This still works when using the credentials (which have been vended on the EC2 instance) outside the VPC.

So, the entire thing does not work without VPC endpoints.
Such basic security as preventing EC2 instance credentials from being used elsewhere should not cost extra money and complexity, IMHO. #awswishlist

AWS ControlTower is not a service, but a solution (but sold as service).
Unbelievable how much time I've to deal with things that actually AWS should care about.
Either protect the stuff properly, or, better, just don't show me all the resources. #rant #awswishlist

Managed prefix lists support security groups and route tables. My wish: add support for Network ACLs as well.

#awswishlist

It's the little things that matter. 🙈

Pro Tip: When setting up ControlTower enable all regions you might need before creating accounts.
Because if you do that later you have some fun with deleting all the default VPCs that AWS has created for you (for whatever reason) #awswishlist #notfun

😡 The CloudFormation resource AWS::EC2::VPC creates a default security group, which does not comply with the AWS Foundational Security Best Practices. The issue was reported 2.5 years ago. Still no workaround …

Don't tell me security is job 0, AWS. I doubt it!

#awswishlist #awscommunity #amazonwebservices

Why on earth does the AWS CLI use last modified time and file size as criteria when running “aws s3 sync”? Don't we have checksums?

#awswishlist #awscommunity

Hey @AWSCloudFormer can you publish drift events also for stack sets, please? #awswishlist

Node 18 just landed in Lambda but will only be considered "active" until October 2023 - while Node 12 is still offered on Lambda, yet stopped receiving active support 2 years ago and hasn't received security updates for 9 months.

Users are forced to create custom images which introduce more build chain complexity and room for errors; which shouldn't be acceptable for a managed compute service.

#AWS #AWSWishlist

#awswishlist

@michael And they're probably not listening to #awswishlist on Mastodon either.

@esh WAF is currently the only way to limit access to an AppSync API to a particular source IP, since private VPC AppSync isn’t a thing. #awswishlist

Maybe @nickcoult can do something here? Also Lambda has a free tier...
---
RT @mikefiedler
#awswishlist AWS Fargate Free Tier, so that I can more easily experiment with ECS, and not worry about launching an EC2 Free Tier instance.
https://twitter.com/mikefiedler/status/1617615182234292226

Bonus:

Allow defaults for the parameter values in the config file, as in:

role_arn=arn:aws:iam::{{acct=123456789012}}:role/{{role=readonly}}

#aws #awsWishlist #awscli