In Cloud Computing This Week [Apr 29th 2022]

Amazon Polly is a service that turns text into lifelike speech. This week, AWS were excited to announce the general availability of a neural version of Vitória, Polly’s Brazilian Portuguese female text to speech (TTS) voice.

TTS voices simplify the way you can create, implement, update, and maintain your speech-enabled applications and products. You can use Amazon Polly to enhance the user experience and improve the accessibility of your text content with the power of voice. Common use cases include interactive voice response (IVR) systems, audiobooks, newsreaders, eLearning content, and virtual assistants.

Amazon Polly launched the Brazilian Portuguese voice Vitória using standard technology in 2016, and as of today a neural version of Vitória is also available. The new voice offers a more natural sounding rhythm, intonation, and sound articulation. In addition to Vitória, Polly also offers a second Brazilian Portuguese neural voice, Camila.

AWS Network Firewall now supports AWS Managed Threat Signatures to detect threats and block attacks against known vulnerabilities so you can stay up to date on the latest security threats without writing and maintaining your own rules.

AWS Network Firewall’s flexible rules engine lets you define firewall rules that give you fine-grained control over network traffic. Starting today, you can enable stateful managed rules for intrusion detection and prevention signatures that protect against threats such as malware, botnets, web attacks, and emerging events. You have full visibility into managed threat signature rule content across 11 categories. You can select managed rule groups to add to your AWS Network Firewall policies, or you can copy and modify rule groups to meet your specific needs. AWS Network Firewall provides notifications of managed rule group updates through Amazon Simple Notification Service (SNS).

AWS Launch Wizard now allows you to clone the inputs when you deploy an SAP system for use in future deployments. In most cases, the majority of these parameters will remain the same across deployments. Today’s launch eliminates the need to re-enter every parameter manually for subsequent deployments, allowing you to save time and reduce error by instead focusing on the few that make each deployment unique.

For instance, when you deploy your production system, you can clone the parameters from your pre-production system also deployed with AWS Launch Wizard. Launch Wizard will pre-populate those parameters, and all you have to do is change the few that are unique to the production system like SAPSID, instance numbers, and host name, while keeping common components like the SAP software and infrastructure the same.

Amazon Relational Database Service (Amazon RDS) for PostgreSQL, version 11 and higher, now supports M6i and R6i instances. M6i instances are the 6th generation of Amazon EC2 x86-based General Purpose compute instances, designed to provide a balance of compute, memory, storage, and network resources. R6i instances are the 6th generation of Amazon EC2 memory optimized instances, designed for memory-intensive workloads. Both M6i and R6i instances are built on the AWS Nitro System, a combination of dedicated hardware and lightweight hypervisor, which delivers practically all of the compute and memory resources of the host hardware to your instances.

M6i and R6i instances are powered by 3rd generation Intel Xeon Scalable processors with an all-core turbo frequency of 3.5 GHz, delivering up to 20% better transaction throughput over equivalent M5 and R5 instances. To meet customer demands for increased scalability, M6i and R6i instances provide a new instance size of 32xlarge with 128 vCPUs and 33% more memory than the largest M5 and R5 instances. M6i.32xlarge has 512 GiB of memory and R6i.32xlarge has 1,024 GiB of memory. They also provide up to 20% higher memory bandwidth per vCPU compared to the previous 5th generation instances. These instances give customers up to 50 Gbps of networking speed and 40 Gbps of bandwidth to the Amazon Elastic Block Store (Amazon EBS), 2x that of M5 and R5 instances.

This week, AWS announced the general availability of Amazon Rekognition Streaming Video Events, a fully managed service for camera manufacturers and service providers that uses machine learning (ML) to detect objects such as people, pets, and packages in live video streams from connected cameras. Amazon Rekognition Streaming Video Events sends them a notification as soon as the desired object is detected in the live video stream. With these event notifications, service providers can send timely and actionable smart alerts to their users such as “Pet detected in the backyard,” enable home automation experiences such as turning on garage lights when a person is detected, build custom in-app experiences such as a smart search to find specific video events of packages without scrolling through hours of footage, or integrate these alerts with Echo devices for Alexa announcements such as “A package was detected at the front door” when the doorbell detects a delivery person dropping off a package – all while keeping cost and latency low. Learn more about Amazon Rekognition Streaming Video Events.

Many camera manufacturers and security service providers offer home security solutions that include doorbells, indoor and outdoor cameras, and value-added notification services to help their users understand what is happening on their property. Cameras with built-in motion detectors are placed at entry or exit points of the home to notify users of any activity in real time, such as “Motion detected in the backyard.” However, motion detectors are noisy, can be set off by innocuous events like wind and rain, creating notification fatigue, and resulting in clunky home automation setup. Building the right user experience for smart alerts, search, or even browsing video clips requires ML and automation that is hard to get right and can be expensive.

Amazon Rekognition Streaming Video Events lowers the costs of value-added video analytics by providing a low-cost, low-latency, fully managed ML service that can detect objects (such as people, pets, and packages) in real time on video streams from connected cameras. The service starts analyzing the video clip only when a motion event is triggered by the camera and sends a notification as soon as the desired object is detected.

AWS are pleased to announce the general availability of Amazon MSK Serverless, a type of Amazon MSK cluster that makes it easier for developers to run Apache Kafka without having to manage capacity. MSK Serverless automatically provisions and scales compute and storage resources and offers throughput-based pricing, so you can use Apache Kafka on demand and pay for the data you stream and retain.

With a few clicks in the AWS management console, you can set up secure and highly available clusters that automatically scale as your application I/O scales. MSK Serverless is fully compatible with Apache Kafka, so you can run existing applications without any code changes or create new applications using familiar tools and APIs. With pay-as-you-go pricing, there are no upfront commitments or minimum fees. You pay an hourly rate per cluster and an hourly rate for each partition that you create. Additionally, you pay per GB of data throughput and storage. MSK Serverless also provides private connectivity via AWS PrivateLink, secure client access via AWS Identity and Access Management (IAM), serverless stream processing and analytics via Amazon Kinesis Data Analytics and AWS Lambda, and schema evolution control via AWS Glue Schema Registry. In addition to these features, MSK Serverless is compliant with GDPR and provides a 99.9% availability SLA.

Amazon Relational Database Service (Amazon RDS) for MySQL version 8.0 now supports M6i and R6i instances. M6i instances are the 6th generation of Amazon EC2 x86-based General Purpose compute instances, designed to provide a balance of compute, memory, storage, and network resources. R6i instances are the 6th generation of Amazon EC2 memory optimized instances, designed for memory-intensive workloads. Both M6i and R6i instances are built on the AWS Nitro System, a combination of dedicated hardware and lightweight hypervisor, which delivers practically all of the compute and memory resources of the host hardware to your instances.

M6i and R6i instances are powered by 3rd generation Intel Xeon Scalable processors with an all-core turbo frequency of 3.5 GHz, delivering up to 20% better transaction throughput over equivalent M5 and R5 instances. To meet customer demands for increased scalability, M6i and R6i instances provide a new instance size of 32xlarge with 128 vCPUs and 33% more memory than the largest M5 and R5 instances. M6i.32xlarge has 512 GiB of memory and R6i.32xlarge has 1,024 GiB of memory. They also provide up to 20% higher memory bandwidth per vCPU compared to the previous 5th generation instances. These instances give customers up to 50 Gbps of networking speed and 40 Gbps of bandwidth to the Amazon Elastic Block Store (Amazon EBS), 2x that of M5 and R5 instances.

Amazon Web Services (AWS) announces the general availability of Amazon EC2 I4i instances. Designed for storage I/O intensive workloads, I4i instances are powered by 3rd generation Intel Xeon Scalable processors (code named Ice Lake) with an all-core turbo frequency of 3.5 GHz, offer up to 30% better compute price performance over I3 instances, and always-on memory encryption using Intel Total Memory Encryption (TME).

I4i instances offer up to 30 TB of NVMe storage from AWS Nitro SSDs. Nitro SSDs are NVMe-based and custom-designed by AWS to provide high I/O performance, low latency, minimal latency variability, and security with always-on encryption. I4i instances provide up to 60% lower storage I/O latency, and 75% lower storage I/O latency variability compared to I3 instances. These instances deliver the highest local storage performance within Amazon EC2 and are designed for databases such as MySQL, Oracle DB, and Microsoft SQL Server, and NoSQL databases such as MongoDB, Couchbase, Aerospike, and Redis where low latency local NVMe storage is needed in order to meet application service level agreements (SLAs). I4i instances are built on the AWS Nitro System, a combination of dedicated hardware and lightweight hypervisor, which delivers practically all of the compute and memory resources of the host hardware to your instances.

AWS Snowball customers can now remotely monitor and operate their devices from AWS OpsHub or the AWS Command Line Interface (CLI). This enables customers to manage one or thousands of Snowball Edge devices, even when they are geographically dispersed. For Snowball Edge devices connected to the network, customers can remotely view a central dashboard to see whether a device is online, is unlocked, and monitor usage metrics such as available storage and compute capacity. Additionally, customers can now remotely unlock or reboot devices deployed in the field.

Before this launch, customers were able to manage Snowball Edge devices that were physically present and on the same local network. As customers expand the number of sites they deployed Snowball Edge devices to, they want a scalable way to manage all their devices from one central place without having to be physically present with the devices. With this launch, Snowball Edge devices can now be securely connected to an AWS region to enable customers to view information about all their devices in a single dashboard and to remotely reboot or unlock devices.

You can now use Amazon Route 53 Resolver endpoints for hybrid cloud configurations in the Asia Pacific (Jakarta) Region.

Amazon Route 53 is a highly available and scalable cloud Domain Name System (DNS) service. Amazon Route 53 Resolver endpoints make hybrid cloud configurations easier to manage by enabling seamless DNS query resolution across your entire hybrid cloud. Create DNS endpoints and conditional forwarding rules to allow resolution of DNS namespaces between your on-premises data center and Amazon Virtual Private Cloud (Amazon VPC).

You can now use data tiering for Amazon ElastiCache for Redis as a lower cost way to scale your clusters to up to hundreds of terabytes of capacity in the Asia Pacific (Mumbai), Canada (Central), and South America (Sao Paulo) Regions. Data tiering provides a new price-performance option for Redis workloads by utilizing lower-cost solid state drives (SSDs) in each cluster node in addition to storing data in memory. It is ideal for workloads that access up to 20% of their overall dataset regularly, and for applications that can tolerate additional latency when accessing data on SSD.

When using clusters with data tiering, ElastiCache is designed to automatically and transparently move the least recently used items from memory to locally attached NVMe SSDs when available memory capacity is completely consumed. When an item that moves to SSD is subsequently accessed, ElastiCache moves it back to memory asynchronously before serving the request. Assuming 500-byte String values, you can expect an additional 300µs latency on average for requests to data stored on SSD compared to requests to data in memory.

ElastiCache data tiering is available when using Redis version 6.2 and above on Graviton2-based R6gd nodes. R6gd nodes have nearly 5x more total capacity (memory + SSD) and can help you achieve over 60% savings when running at maximum utilization compared to R6g nodes (memory only).

Amazon SageMaker Data Wrangler reduces the time it takes to aggregate and prepare data for machine learning (ML) from weeks to minutes. With SageMaker Data Wrangler, you can simplify the process of data preparation and feature engineering, and complete each step of the data preparation workflow, including data selection, cleansing, exploration, and visualization from a single visual interface. With SageMaker Data Wrangler’s data selection tool, you can quickly select data from multiple data sources, such as Amazon S3, Amazon Athena, Amazon Redshift, AWS Lake Formation, Amazon SageMaker Feature Store, Databricks Delta Lake, and Snowflake.

This week AWS announced the general availability of random sampling of data when importing from S3 and new transforms to create random or stratified samples of your datasets with Amazon SageMaker Data Wrangler in Amazon SageMaker Studio. Previously, you would have to write code to create random samples or stratified samples of their data when preparing data for ML applications. Today, with the random sampling option on import, you can now create a random sample of your data on S3 when importing your data into Data Wrangler. Additionally, with our new transforms for random and stratified sampling, you can create the following types of samples for your data set:

• Random sample. Random samples are helpful when you have a data set that is too large to prepare interactively. With the random sampling transform you can randomly sample a proportion of your data set to prepare it for machine learning.
• Stratified sample. Stratified samples are helpful when your data contains a rare event (such as fraudulent credit card transactions which occur much less than one percent of all credit card transactions) and you want to preserve the proportion of the rare event in your sampled data set.
• First K sample. First K samples create a sample using the first K rows of your data set where K is some number. For example, if K is 1,000 then a sample of would be created containing the first 1,000 rows of your data set. First K sampling are helpful when you only need the correct column schema to prepare your data. An additional benefit of First K sample is that it is an extremely time-efficient operation.

This week, AWS Snow Family launched Large Data Migration Manager, a new feature that enables you to plan, track, and manage your large data migrations when using multiple Snowball Edge service products. You can now easily plan and monitor your jobs from a minimum of 500 Terrabytes to petabyte scale data migrations. Using Large Data Migration Manager eliminates the need for you to manually track all of your Snow jobs and the status of their data ingestion.  

The AWS Snow Family Large Data Migration Manager feature collects information about your data migration goals such as the data size to be moved to AWS, and the number of Snow devices you need in order to migrate data simultaneously. The Large Data Migration Manager then creates a projected schedule for your data migration project and recommends a job ordering schedule for your Snow jobs to meet your goals. The projected schedule is automatically adjusted as the project proceeds based on the amount of data ingested and the average time taken to complete a Snow job. Large Data Migration Manager’s projected job schedule allows you to focus on moving your data to AWS without having to worry about manually planning for or creating new Snow job orders. With Snow Large Data Migration Manager, you can now plan and track all your data migration needs and monitor the progress of the data ingestion in a single, centralized dashboard.

Amazon Chime SDK lets developers add intelligent real-time audio, video, screen share, and messaging to their web applications. Media Pipelines allow developers to capture the contents of Amazon Chime SDK WebRTC media sessions to the Amazon Simple Storage Service (Amazon S3) bucket of their choice. Starting today, the Amazon Chime SDK now has media pipeline API endpoints in US West (Oregon), Europe (Frankfurt), and Asia Pacific (Singapore) AWS Regions.

Customers can now use API endpoints in the same AWS Region for both media pipelines and WebRTC media session. This simplifies application architecture, and enables high availability architectures that use API endpoints in multiple AWS Regions. Customers who require endpoints with FIPS 140-2 validated cryptographic modules, now have a choice of US East (Northern Virginia) and US West (Oregon) AWS Regions.

This week, AWS Identity and Access Management (IAM) introduced a new way that you can control access to your resources based on the account, Organizational Unit (OU) or organization in AWS Organizations that contains your resources. AWS recommends that you set up multiple accounts as your workloads grow. Using a multi-account environment has several benefits including flexible security controls by isolating workloads or applications that have specific security requirements. With this new IAM capability, you now can author IAM policies to enable your principals to access only resources inside specific AWS accounts, OUs, or organizations.

The new capability includes condition keys for the IAM policy language called aws:ResourceAccount, aws:ResourceOrgPaths, and aws:ResourceOrgID. The new keys support a wide variety of AWS services and actions, so you can apply similar controls across different use cases. For example, you can now easily prevent your IAM principals from assuming any IAM roles outside of your own AWS account, without needing to list any specific IAM roles in your policies. To accomplish this, configure an IAM policy to deny access to AWS Security Token Service (AWS STS) assume role actions unless aws:ResourceAccount matches your unique AWS account ID. With the policy in place, when an AWS STS request is made to an account not listed in the policy, this access is blocked by default. You can attach this policy to an IAM principal to apply this rule to a single role or user, or use service control policies in AWS Organizations to apply the rule broadly across your AWS accounts.

You can now build scalable stream chat rooms with built-in moderation options designed to accompany live streaming video using the new Amazon Interactive Video Service (Amazon IVS) stream chat feature. With this feature, streamers and viewers can build community relationships by asking questions and participating in discussions. Amazon IVS chat provides chat room resource management and a messaging API for sending, receiving, and moderating chat messages. Visit the Amazon IVS chat feature page to learn more.

Amazon Interactive Video Service (Amazon IVS) is a managed live streaming solution that is designed to be quick and easy to set up, and ideal for creating interactive video experiences. Send your live streams to Amazon IVS using the IVS mobile broadcast SDK or standard streaming software such as Open Broadcaster Software (OBS) and the service is designed to provide everything you need to make low-latency live video available to any viewer around the world, letting you focus on building interactive experiences alongside the live video.

This week AWS are launching the ability for AWS Snowball Edge customers to update device certificates for Snowball Edge devices deployed at edge locations. Customers, Solutions Architects, or Account Managers can open a support case with AWS Snow team to request software update package with new device certificate. Customers then use the existing software update process to apply the new device certificate to their Snow devices. This enables customers to deploy Snowball Edge devices for multiple years without having to replace devices to update their operating certificates.

Prior to this launch, AWS customers had to replace their Snowball Edge devices when the device certificate expired in 360 days. Customers could not update the device certificates on Snowball Edge devices deployed in the field. Replacing an existing Snow device with a new replacement snowball edge every 360 days caused disruption to customer’s continued operations in the field. With this launch, customers do not have to replace their devices due to device certificate expiry and can offline update the device certificate in the field.

This week, AWS announced an update to AWS Control Tower that includes a change to the Notification Forwarder Lambda to use the Python version 3.9 runtime. This update addresses the planned deprecation of Python version 3.6 runtime. Function invocations continue indefinitely after the runtime version reaches end of support. However, AWS strongly recommends that you migrate functions to a supported runtime version so that you continue to receive security patches and remain eligible for technical support. Please refer to the runtime deprecation policy for additional deprecation details.

To implement the updated Notification Forwarder Lambda, you can perform a landing zone update by going to the Landing Zone Settings page in your AWS Control Tower dashboard, selecting the 2.9 version and clicking the Update button. After updating your landing zone, you must then update all accounts that are governed by AWS Control Tower.

Amazon Relational Database Service (Amazon RDS) for MariaDB, version 10.4 and higher, now supports M6i and R6i instances. M6i instances are the 6th generation of Amazon EC2 x86-based General Purpose compute instances, designed to provide a balance of compute, memory, storage, and network resources. R6i instances are the 6th generation of Amazon EC2 memory optimized instances, designed for memory-intensive workloads. Both M6i and R6i instances are built on the AWS Nitro System, a combination of dedicated hardware and lightweight hypervisor, which delivers practically all of the compute and memory resources of the host hardware to your instances.

M6i and R6i instances are powered by 3rd generation Intel Xeon Scalable processors with an all-core turbo frequency of 3.5 GHz, delivering upto 20% better transaction throughput over equivalent M5 and R5 instances. To meet customer demands for increased scalability, M6i and R6i instances provide a new instance size of 32xlarge with 128 vCPUs and 33% more memory than the largest M5 and R5 instances. M6i.32xlarge has 512 GiB of memory and R6i.32xlarge has 1,024 GiB of memory. They also provide up to 20% higher memory bandwidth per vCPU compared to the previous 5th generation instances. These instances give customers up to 50 Gbps of networking speed and 40 Gbps of bandwidth to the Amazon Elastic Block Store (Amazon EBS), 2x that of M5 and R5 instances.

Amazon Polly is a service that turns text into lifelike speech. This week, AWS are excited to announce the general availability of a Neural version of Inês, Polly’s European Portuguese female text to speech (TTS) voice.

TTS voices simplify the way you can create, implement, update, and maintain your speech-enabled applications and products. You can use Amazon Polly to enhance the user experience and improve the accessibility of your text content with the power of voice. Common use cases include interactive voice response (IVR) systems, audiobooks, newsreaders, eLearning content, and virtual assistants.

Inês, the European Portuguese TTS voice, has been available as a Standard voice. Neural Inês offers a more natural sounding voice with better rhythm, pausing, and sound articulation. With this launch, Amazon Polly now supports Standard and Neural voices in Brazilian and European Portuguese.

Amazon Lightsail has added two new security features for the Lightsail load balancer: the ability to automatically redirect HTTP requests to HTTPS and the ability to configure the security policy used for TLS termination of the HTTPS requests. With these features, you can easily make your websites more secure, meet compliance goals, achieve better search ranking and high SSL/TLS scores just by configuring a Lightsail load balancer with the Lightsail instances hosting your websites.

With just a click, the automatic redirect feature forces all load balancer HTTP traffic on port 80 to HTTPS on port 443. This ensures all requests to your load balancer are served securely over HTTPS. Further, with this update you now have the flexibility to pick from predefined security policies for your TLS listener, including a TLS 1.2 only policy (security policy defines a combination of protocols and ciphers used for TLS termination). Both of these features can be configured on existing and new Lightsail load balancers, either via the Lightsail console, AWS CLI, and AWS SDKs. There is no additional cost for using these features with your load balancers.  

This week, AWS are announcing the general availability of AWS Wavelength on the Bell 5G network in Toronto. Enterprises, application developers, and Independent Software Vendors (ISVs), can now use the AWS Wavelength Zone in Toronto to build ultra-low latency applications for mobile devices and end-users in Canada.

Wavelength Zones embed AWS compute and storage services at the edge of communications service providers’ 5G networks while providing seamless access to cloud services running in an AWS Region. By doing so, AWS Wavelength minimizes the latency and network hops required to connect from a 5G device to an application hosted on AWS. With AWS Wavelength and Bell 5G, applications developers can now build the ultra-low latency applications needed for use cases like autonomous robots, drone-based deliveries, video analytics and machine learning inference at the edge, and augmented and virtual reality-enhanced experiences.

With V2 of Amazon Simple Email Service (SES), you can now send and receive emails of up to 40MB message size (including the email text, images, attachments, and the MIME encoding).

With this launch, the default message size limit in Amazon SES V2 increases from 10MB for email sending and 30MB for email receiving, to 40MB for both sending and receiving .