Some notes on Lambda MicroVMs
AWS launched Lambda MicroVMs earlier today. They're quite cool, and I imagine they'll become quite popular quite quickly. Here are some notes on things I've discovered about them today.
2026¶
CloudTrail in CloudWatch isn't very good
Amazon has deprecated CloudTrail Lake as of 1st June 2026 for new customers. I assume this is due to lack of uptake. I never got around to properly using it, and I'm a CloudTrail fan! So I can only imagine not many others used it. In its place, Amazon recommends that we "explore CloudWatch". I explored CloudWatch and came away quite disappointed.
Micro-transactions and the first AI-native fax service
I've been interested in micro-transactions for about as long as I can remember. I've wanted to sell something for a tiny amount of money ever since I learned about PayPal's micro-transaction support via NearlyFreeSpeech, the hosting provider. I've finally done it, by combining some of the oldest and newest tech I can think of: faxes and AI.
Step Function execution name format
I was looking at the execution history for a Step Functions state machine that is triggered daily by an EventBridge Scheduler schedule. The execution names caught my eye — they look like UUIDs, they're not UUIDv7, but there's clearly a pattern. It got me excited in the same way that noticing AWS access key IDs were similarly-formatted back in 2020. So of course I had to dig in.
unofax.com
I've been writing software for 25 years, and been getting paid for the last 20. My AWS account will be turning 18 this September, and it should be quite the celebration. If I may toot my own horn: I've got pretty good at writing and deploying software in that time - to the point that you're actually spending your time reading this blog. All this, and the release of Opus 4.5 in November 2025 hit me like a tonne of bricks. My value-add (as I knew it) would soon be over.
Locking down AWS principal tags with RCPs and SCPs
AWS principal tags are useful for fine-grained access control. As an organisation administrator, you can craft service control policies (SCPs) that only allow tagged roles to call sensitive APIs. The problem then becomes: how do you guarantee that the tags are legitimate? This is where resource control policies (RCPs) come in handy - I provide a demonstration of them in this blog post, and an example of what you can achieve with the trustworthy tags in place.