Week 49, 2017 - re:Invent 2017; macOS root bug

By (4 minutes read)

It was re:Invent week which means that AWS announced many new toys for us to play with, of which I’ll discuss the containers and serverless parts today. Oh, and there was a major security issue in macOS.


Let’s start with the obvious one. Following AWS joining the CNCF earlier this year it was suspected that they would introduce a Kubernetes service sooner rather than later. So, they did just that with the Elastic Container Service for Kubernetes (EKS). Unfortunately it is currently in preview only and I haven’t received access yet, so I can’t say much more than what can be found in the pretty sparse product description.

I can’t find anything about pricing there which is a little annoying, especialy considering that GCP just removed the cluster management fees. Additionally, while it says that it will run the latest version of Kubernetes it is only running 1.7 at the moment. On the other hand, it is running a vanilla version of Kubernetes but offers good integration with AWS services for things like access control. Once I get access, I’ll have a closer look to see how well it all works.

But EKS was not the only thing, as they also introduced Fargate1. Similar to Azure’s Container Instances, this is a managed container instance where you don’t need to worry about the underlying EC2 instances. I did give this one a brief spin, although it’s only available in us-east-1 at the moment, and it definitely looks interesting. As it stands, you can spin it up completely standalone so a public IP is automatically assigned to the ENI it attaches to the container2, or using an ALB or NLB.

The pricing is pretty good as it has per-second billing3, which will make it excellent for things like running CI/CD builds, stateless micro services, or even as a temporary bastion instance. Obviously as you don’t have access to the underlying infrastructure there are some limitations to what you can do, but in general it seems to work well and I’m looking forward to it coming to Australia so I can use it in projects. If you want to know more, have a look at the product page, or just give it a spin.


Several new features for Lambda and the API Gateway were announced, with personally the most important for me being one that didn’t make the slides: support for Go. Unfortunately this won’t be available until 2018, but it won’t surprise anyone who knows me that I’m excited about this.

VPC endpoints for API Gateways is another big change, as it finally allows you to make private calls to your API Gateways. Setting it up isn’t completely straightforward though as it requires a Network Load Balancer, but if you want this functionality that’s a minor hurdle.

Additionally we can now set concurrency limits on functions and a new Serverless Application Repository is coming, which sounds a bit like the serverless equivalent to the EC2 marketplace. This is still in preview though, so I haven’t seen it in action yet.

Cloud9 is the only other thing I want to quickly mention. This is their new cloud based IDE and they have immediately integrated it with Lambda so you actually get a proper editor when you try to edit it online. This is a big improvement, but unfortunately it still doesn’t work well on an iPad4.

macOS root bug

Originally I was only going to talk about re:Invent, but this bug was so bad it deserves some criticism. In High Sierra, it was possible to log in as root using an empty password. At least Apple fixed it within 24 hours of it becoming publicly known5 and pushed the fix to everyone, but this is the kind of bug that should never have been released in the first place.

  1. I can’t be the only one who thinks this sounds like a fanfic where John Crichton discovers a Chappa’ai. [return]
  2. Makes it pretty obvious why they introduced that particular feature. [return]
  3. With a minimum of 1 minute. [return]
  4. I can write code but, with either the onscreen keyboard or a separate one, it scrolls to the top of the page when I type a character, completely hiding the editor. [return]
  5. Let’s assume that’s when they found out. [return]
comments powered by Disqus