Keeping Kosher at re:Invent 2018

So we are a little more than a month away from the yearly ascent to all things AWS - re:Invent 2018.

Last year one of my most useful posts was the Kosher perspective on the event Keeping Kosher at re:Invent 2017.

So this year - nothing much has changed - there is still no kosher food.. #boo

No Kosher Food #boo

(This is not last years graphic but taken from the current site)

So again - no Kosher food throughout the day.

Last year, I went on Sunday to one of the Kosher supermarkets, and did some shopping. Every morning I made myself lunch for every day. Better than standing in lines or going out looking for food.

Hot and cold drinks throughout the day are available at the various venues, sometimes there are fresh fruit - and some snacks here and there that have a Kosher certification (OU, OK, Star-K, and many more - depending on what are comfortable with eating)

The Supermarkets were great and they had a wonderful selection of Kosher food

There is The Jewish Visitor's Guide to Las Vegas guide (downloadable here) which has accurate information as of June 2018.

Here is a list of the Kosher restaurants as of today (please check the sites for up to date information before you go)
  • Ace of Steaks (5825 W Sahara Ave Unit M. - +1 702-899-4223). Open till 23.00 Sun.-Thurs.
    It is about a 17 minute drive from the Venetian
  • Anise Tapas and Grill (3100 S Durango Dr. - +1 702-586-4088). Open till 22.00 Sun-.Thurs.
    It is about a 20 minute drive from the Venetian

    Last year a group of us sat down for a late dinner - the restaurant was empty - but the food was good

  • King Solomon’s Table (4561 W Flamingo Rd. - +1 725-244-4034). Open till 22.00 Sun.-Thurs.
    It is about a 10 minute drive from the Venetian
  • Haifa Restaurant (900 E Karen Ave # H102 - +1 702-940-8000). Open till 21.00 Sun.-Thurs.
    It is about a 11 minute drive from the Venetian

    Place is in the middle of nowhere - was practically empty - and the food was nothing special

  • Jerusalem Grill & Bar (4825 W Flamingo Rd. Suite 10 - +1 702-341-5555).
    Open till 22.30 Sun.-Thurs. It is about a 11 minute drive from the Venetian.

    I had dinner there (twice) - and the food was really good!

  • Sababa Grille & Restaurant (3220 South Durango Dr. - +1 702-547-5556).
    It is about a 20 minute drive from the Venetian
  • Shawarma Vegas (2521 S Fort Apache Rd. - +1 702-703-7700). Open till 21.00 Sun.-Thurs.
    It is about a 25 minute drive from the Venetian

    Shawarma Place - Fast food - was great for a quick meal

  • Simon & Joe’s (3720 W Tropicana Ave. - +1 702-759-0333). Open till 21.30 Sun.-Thurs.
    It is about a 10 minute drive from the Venetian.

If you are looking for a list of Kosher products - the list from the Ahavas Torah Center has a substantial amount of information.


The conference ends on Friday at around 12:00 which means for most of us that are visiting from outside of the States - that you either leave early - to get back home on time, or fly to family / friends somewhere else in America, or you stay in Vegas for Shabbat.

The Strip is of course not a Shabbat-friendly atmosphere - and there are a number of Jewish Orthodox (I am sure there are other denominations as well - I will only list the ones that I would go to) communities in the area.

If you so wish - many of them have some option of Shabbat hospitality as well

(I have personally spent a Shabbat in at the Young Israel community a good number of years ago) There is a hotel that is quite Shabbat friendly - literally 200 meters from the shul La Quinta Inn - not the best of hotels - but OK for Shabbat, and the community was very nice to invite me for meals.

Last but not least - there is also an Eiruv - http://www.lasvegaskollel.org/las-vegas-west-side-eruv

As we did last year - we have a WhatsApp group with those who are interested in meeting up for meals after a long day, or perhaps organizing a Minyan for Mincha - or just even to say hello.



Currently there are about 20 people (mostly Israelis - open to all!)

Looking forward to see some old faces and new ones as well next month!


How Long Until you Get the New Shiny Toys from re:Invent?

re:Invent is coming - and the frenzy of releases that will build up to the event is just around the corner.

I have always had in the back of my mind that all the products announced at re:Invent are great for the press releases and the small digs at other vendors, but sometimes it takes a while until we actually get what was announced on stage in front of ~20,000 people and the rest of the world.

And I went out to look for some data. It is obvious that not everything that we heard about on stage was baked and ready for production use.

Andy Jassy - re:invent 2017 keynote

Here are some examples from last years re:Invent

re:Invent 2017

EKS (188 days)

https://aws.amazon.com/blogs/aws/amazon-eks-now-generally-available/ (June 5, 2018)

Bare Metal (170 days)

https://aws.amazon.com/about-aws/whats-new/2018/05/announcing-general-availability-of-amazon-ec2-bare-metal-instances/ (May 17, 2018)

Serverless App repo (83 days)

https://aws.amazon.com/blogs/aws/now-available-aws-serverless-application-repository/ (Feb 21, 2018)

Neptune (183 days)

https://aws.amazon.com/blogs/aws/amazon-neptune-generally-available/ (May 30, 2018)

Aurora Multi-master (Still not released)

Yet to be released (Oct 14, 2018)

Aurora Serverless (254 days)

https://aws.amazon.com/blogs/aws/aurora-serverless-ga/ (Aug 9, 2018)

IOT 1-click (169 days)

https://aws.amazon.com/about-aws/whats-new/2018/05/aws-iot-1-click-generally-available/ (May 16, 2018)

Translate (127 days)

https://aws.amazon.com/blogs/aws/amazon-translate-now-generally-available/ (Apr 4, 2018)

Transcribe (127 days)

https://aws.amazon.com/blogs/aws/amazon-transcribe-now-generally-available/ (Apr 4, 2018)

Appsync (137 days)

https://aws.amazon.com/about-aws/whats-new/2018/04/aws-appsync-now-ga/ (Apr 13, 2018)

S3 Select (126 days)

https://aws.amazon.com/about-aws/whats-new/2018/04/amazon-s3-select-is-now-generally-available/ (Apr 3, 2018)

re:Invent 2016

Lex (141 days)

https://aws.amazon.com/blogs/aws/amazon-lex-build-conversational-voice-text-interfaces/ https://aws.amazon.com/blogs/aws/amazon-lex-now-generally-available/ (Apr 19, 2017)

PostgreSQL for Aurora (329 days)

https://aws.amazon.com/blogs/aws/now-available-amazon-aurora-with-postgresql-compatibility/ (Oct 24, 2017)

GreenGrass (190 days)

https://aws.amazon.com/blogs/aws/aws-greengrass-run-aws-lambda-functions-on-connected-devices/ (Jun 07, 2017)

X-Ray (140 days)

https://aws.amazon.com/blogs/aws/aws-x-ray-update-general-availability-including-lambda-integration/ (Apr 19, 2017)

Batch (36 days)

https://aws.amazon.com/about-aws/whats-new/2017/01/aws-batch-now-generally-available/ (Jan 5, 2017)

Lambda Edge (229 days)

https://aws.amazon.com/about-aws/whats-new/2017/07/lambda-at-edge-now-generally-available/ (Jul 17, 2017)

At a glance it looks like the average amount of time from the list above was about 5 months.

Now don’t get me wrong. For all of the above items that were not actually available at re:Invent - I would estimate that there were the same number of products (if not more) that were available (at least in a limited number of regions) the same day they were announced. Above and beyond - the problems that AWS is trying solve and really complex - and a almost all of them have never been done before - so please AWS take your time in developing the game changing technology that you have been giving to the world.

So when Andy Jassy and Werner Vogels get up on stage at the end of November, and announce whatever wonderful stuff they are going to announce - we should all take into account that it could take anything from 1 day to almost a year until we can actually use it in all the AWS regions that we are consuming today.

Werner Vogels - re:invent 2017 keynote

How can this / does this affect you? I can give an example from the EKS announcement. We were actively looking at a kubernetes deployment on AWS and were contemplating whether we should deploy our own or wait for the managed solution that was announced at re:Invent.

Since we did not have an official release date - we decided to roll our own - and not wait for some some unknown time in the future.

It is nice to know what is coming. You will need to evaluate how long you can wait - are you ready to go with a version one product (that could / will probably have a good number of limitations) or come up with a contingency plan to solve your issues.


#AWS PrivateLink vs. NAT Gateway from a Pricing Perspective

A customer came to me with a request. They do not want to use a NAT gateway from their VPC to access the AWS API's. They had a number of security concerns regarding the use of a NAT gateway (no control, logs, auditing - but that is a for a different post) and they asked for a solution.

The AWS API's that they needed access to were:Endpoints

  • S3
  • KMS
  • SSM
  • Cloudwatch
  • Cloudformation

Last year at re:Invent AWS announced the option to create VPC Interface endpoints using PrivateLink and have steadily been adding more endpoints over the past year.

With the use of these endpoints you can actually have a VPC with instances that will not have any internet access (at least not through AWS) and still be able to interact with all the AWS API's.

This is technically possible - and can easily be automated, but I wanted to look at the cost perspective.

The VPC in us-east-1 has 2 Availability Zones (you should always have at minimum 2).

That would mean deploying 2 NAT gateways in your VPC (Pricing)

I am going to assume that you have the same amount of data going through both options - so I will not factor this into the price.

Usually you have 730 hours in a month.

Each NAT gateway will cost you 0.045*730 = ~$33.

Total for 2 NAT Gateways would be $66 per month (not including traffic).

What does this look like for Interface Endpoints? (Pricing)

Each Endpoint will need to be deployed in both AZ's in pairs.

Each Interace Endpoint will cost 0.01*730*2 = ~15

Total for all the endpoints above (4 Interface Endpoints - KMS, SSM, CloudWatch and Cloudformation) would be $60 per month.
The S3 endpoint is a Gateway endpoint - and therefore does not cost you any extra.

As you can see - it is not that much cheaper.

Take into account the following scenario - you need API access to 15 out of the 21 possible interface Endpoints

This would run you the steep amount of $225 per month - which is a lot more than just a NAT Gateway.

Design decisions always have tradeoffs - sometimes you prefer security and other times it will be cost. I hope that this will enable you to make an informed decision in your VPC design.


Bastardizing #DevOps

I have come across two separate discussions this past week where it became clear that some people have no idea what DevOps is.

The first one was an Israeli company here in Israel - https://devopsexperts.co.il/. Here is the proposed syllabus:


They are offering this course - for a fee (of course), selling the hope that if someone would graduate the course - then they would be able to get a position as an DevOps engineer.

Someone asked on a channel - "Was this course worthwhile?".

I would like to share with you my answer.

I do not want to take away anyone's livelihood but there is no such a thing a "teaching/learning" DevOps. There is no single course that can encompass all the capabilities that one would need to become a successful DevOps professional. Above and beyond that - in each and every organization - the term DevOps will mean something completely different.

There are a number of basic topics that one can learn - and with them build up a strong foundation of skills in order help your specific company. If I would evaluate a potential candidate - and their education was based mainly on this course - I would not hire such a candidate.

The demand for talented professionals is high , everyone wants DevOps engineers - and there are not many people that have enough experience or the know how. Of course with a demand - people identify an opportunity to make money.

Looking at syllabus - it has so many flaws. The course was 45 hours (which means about 1 work week)

  • Scripting - what language are they going to teach you? Python? But who says that the company you might work for - could be using something completely different.
  • Version Control - so this is basically git.
  • Linux fundamentals - basic Linux course
  • Provisioning Resources - with what? Terraform? Ansible? something else?
  • Build Automation - Building a pipeline - with which tools?
  • Continuous Monitoring - is that even a concept?
  • Working with containers - docker run, docker build, docker pull/push
  • Configuration Management - use which technology - I can name at least 3 CM tools that you might use

As you can see, this is a 50,000 ft. view of what you might do in your day to day work as a DevOps engineer - but in no way or form can you learn any of these things in a course - and definitely not in 45 hours.

For me a good candidate would be someone that has the ability to learn, understands the big picture of how software is built, deployed and managed on a regular basis. There is no list of technologies that could be checked off a list that would qualify a candidate. Does someone know Jenkins? That might be great - but if we use something else - CircleCI, Electric Commander? What will the specific Jenkins knowledge help?

DevOps is not something that you can learn in school, or in a course. It is a collection of technologies that you collect during the years, it is a state of mind that you become accustomed to as you grow, it is a set of organizational practices that you pick up on your journey.

Not something you can learn in school.

Next one was Microsoft - who decided to rebrand VSTS into Azure DevOps. Again a shiny buzzword which Microsoft assumes will attract people to the product and their offering.

“Azure now has a new set of five DevOps services,” Jamie Cool, Microsoft’s newly retitled director of product management for Azure DevOps, told The New Stack. “They’re going to help developers be able to ship faster, [with] higher quality. Oftentimes when I have conversations, ‘DevOps’ can mean different things to different folks. So to us in this context, we really think of DevOps as the people, the process, and the products for delivering constant value to customers.”

Here in the statement above is the problem (the emphasis is mine). Products do not deliver DevOps, at least not what Azure is offering. I do agree with the part about the people and the process - but not the products. Maybe the tools - but not products.

If they would have branded the product Azure CI/CD  then I would have been all for it - but to me it seems that this is marketing play - trying to catch a goal that today everyone is trying to achieve.