In Cloud Computing This Week [Feb 24th 2023]

Amazon CloudWatch Real User Monitoring (RUM) adds the ability for customers to define custom metrics that will be sent to CloudWatch Metrics. Customers can define metrics based on data in customer-defined events (Custom Events), pre-defined RUM events and customer- defined metadata attributes (Custom Attributes).

The customer-defined metrics gives customers flexibility to monitor specific parts of their application, troubleshoot end user impacting issues unique to their application, and get alerted for anomalies. For example, a customer could define a metric on the number of dropped calls in a video application sending customer defined events that capture details like call duration, wi-fi or cellular network, network bandwidth etc of a dropped call.

CloudWatch RUM gives customers visibility into their web application’s client side performance by helping them to collect performance and error data in real time. RUM can reduce MTTR (Mean Time To Recovery) by providing visualizations that allow customers to troubleshoot and debug issues such as high page load times, error messages and stack traces. Customers can define custom metrics by using RUM APIs.

Amazon Forecast now supports holidays from 251 countries as a built-in featurization, improving the accuracy of your Forecast. Amazon Forecast uses machine learning (ML) to generate more accurate demand forecasts with just a few clicks, without requiring any prior ML experience.

Often times, external factors like holidays and weather changes impact the demand and supply of goods. This results in either surplus inventory or shortage causing disruption. Amazon Forecast provides you with an option to include built-in featurization like “holidays” and “weather” for your model training.

With this launch, when selecting “Holidays”, you can now choose a country from a list of 251 countries whose holiday data will be leveraged to improve your forecast results. This feature is available in all Regions where Forecast is publicly available.

AWS Systems Manager for SAP is now generally available, with initial support for backing up SAP HANA databases using AWS Backup.

AWS Systems Manager is a secure end-to-end management solution for resources on AWS, on premises, and on other clouds. AWS Systems Manager for SAP helps AWS services understand SAP-specific nuances around landscape topology and identify the components of an SAP landscape, such the SAP NetWeaver application server, SAP HANA database, and their interdependencies. It provides automation capabilities to help customers manage and operate their SAP applications on AWS more efficiently. The service enables customers to capture this specific metadata via registration and is able to reflect system state before and after execution of workload automation and also record evidence that an activity was performed properly.

With this launch, customers can use Systems Manager to automate backup and restore processes using AWS Backup to protect data in SAP HANA databases on AWS, including the use of AWS Backup vaults. This feature leverages AWS Backint Agent to connect to AWS Backup via the Systems Manager APIs. We’ve also released a new version of AWS Backint Agent; you will need to install it take advantage of this feature.

AWS Transit Gateway is now available in the Europe (Zurich) AWS Region. AWS Transit Gateway enables customers to connect thousands of Amazon Virtual Private Clouds (Amazon VPCs) and their on-premises networks using a single gateway.

As you grow the number of workloads across multiple AWS accounts, you need the ability to scale your networks, better control your policies, and effectively monitor your resources. With AWS Transit Gateway, you only have to create and manage a single connection from a central gateway to each Amazon VPC, on-premises data center, or remote office.

AWS Transit Gateway acts as a hub where traffic is routed to all the connected networks, the spokes. The hub and spoke model significantly simplifies management and reduces operational costs because each network only has to connect to the AWS Transit Gateway.

With routing policies on the Transit Gateway, you have centralized control over how your Amazon VPCs and on-premises networks connect to each other. This model simplifies how you scale and monitor your networks.

AWS Resilience Hub has added application change capabilities and new APIs to streamline and simplify use of the service and improve the precision of its recommendations. Resilience Hub provides a single place to define, validate, and track the resilience of your applications so that you can avoid unnecessary downtime caused by software, infrastructure, or operational disruptions.

Following today’s launch, you can now view, update, or delete import sources to more effectively manage your Resilience Hub applications, including AWS CloudFormation stacks, AWS Resource Groups, Terraform state files, and AWS Service Catalog AppRegistry.

Resilience Hub has also introduced new APIs that help manage applications with complex resource relationships and application component groupings. This makes it easier to maintain resource and application component groupings in single-Region and cross-Region workloads by using simplified create, read, update, and delete capabilities.

In addition, Resilience Hub has improved its integration with AWS Elastic Disaster Recovery. You can now designate a failover Region for cross-Region resilience assessments and recommendations. This allows Resilience Hub to provide more precise recommendations for your applications.

The new capabilities are available in all of the AWS Regions where Resilience Hub is supported. See the AWS Regional Services List for the most up-to-date availability information.

Starting this week, Amazon Compute Cloud (Amazon EC2) C6in, M6in, M6idn, R6in, and R6idn instances are available in Asia Pacific (Singapore), Asia Pacific (Tokyo), and AWS GovCloud (US-West) regions. These instances are powered by 3rd Generation Intel Xeon Scalable processors with an all-core turbo frequency of up to 3.5 GHz. They are the first x86-based Amazon EC2 instances to offer up to 200 Gbps network bandwidth, and 2x higher packet performance over comparable fifth-generation instances. 

These instances are built on the AWS Nitro System, a collection of AWS designed hardware and software innovations that enables the delivery of efficient, flexible, and secure cloud services with isolated multi-tenancy, private networking, and fast local storage. You can take advantage of the higher network bandwidth to scale the performance of applications, such as network virtual appliances, Telco 5G User Plane Function (UPF), high performance computing (HPC), CPU-based AI/ML workloads, in-memory databases (SAP HANA), distributed web scale in-memory caches, caching fleets and real-time big data analytics.

These instances deliver up to 80 Gbps of Amazon Elastic Block Store (Amazon EBS) bandwidth and up to 350K input/output operations per second (IOPS), the highest Amazon EBS performance across Amazon EC2, benefiting workloads such as relational and non-relational databases, high-performance file systems, enterprise applications, and media workflows. They are available in 9 different instance sizes with up to 128 vCPUs, and offer Elastic Fabric Adapter (EFA) networking support on 32xlarge sizes. 

Starting this week Amazon Relational Database Service (Amazon RDS) for MariaDB supports Cross-Region Automated Backups. This feature extends the existing Amazon RDS backup functionality, giving you the ability to setup automatic replication of system snapshots and transaction logs from a primary AWS Region to a secondary AWS Region. 

The Amazon RDS Cross-Region Automated Backups feature enables additional disaster recovery capabilities for mission critical databases by providing you the ability to restore your database to a specific point in time within your backup retention period. This allows you to quickly resume operations in the event that the primary AWS Region becomes unavailable. 

Cross-Region automated backup pricing is comprised of the storage for snapshots and the data transfer of the snapshots and the transaction logs. Data transfer between the primary AWS Region to a secondary AWS Region is billed based on the data transfer pricing of the applicable AWS Regions. See Amazon RDS for MariaDB pricing for up-to-date pricing of instances, storage, data transfer and regional availability.

We are excited to announce that Amazon EMR on EKS is now available in AWS GovCloud (US-East, US-West) Regions. These regions are in addition to the existing Asia Pacific (Beijing, Mumbai, Ningxia, Seoul, Singapore, Tokyo), Australia (Sydney), Canada (Central), Europe (Frankfurt, Ireland, London, Paris, Stockholm), South America (São Paulo) and US (Northern California, N. Virginia, Ohio, Oregon) regions.

Amazon EMR on EKS allows customers to automate the provisioning and management of open-source big data frameworks on EKS. With EMR on EKS, customers can now run Spark applications alongside other types of applications on the same EKS cluster to improve resource utilization and simplify infrastructure management.

Customers can deploy EMR applications on the same EKS cluster as other types of applications, which allows them to share resources and standardize on a single solution for operating and managing all their applications.

Customers get access to the same EMR capabilities on EKS that they use on Amazon EC2 today, such as access to the latest performance optimized Spark runtime, EMR Studio for application development, and a persistent Spark UI for debugging.

Starting this week Amazon Relational Database Service (Amazon RDS) for MySQL supports Cross-Region Automated Backups. This feature extends the existing Amazon RDS backup functionality, giving you the ability to setup automatic replication of system snapshots and transaction logs from a primary AWS Region to a secondary AWS Region. 

The Amazon RDS Cross-Region Automated Backups feature enables additional disaster recovery capabilities for mission critical databases by providing you the ability to restore your database to a specific point in time within your backup retention period. This allows you to quickly resume operations in the event that the primary AWS Region becomes unavailable. 

Cross-Region automated backup pricing is comprised of the storage for snapshots and the data transfer of the snapshots and the transaction logs. Data transfer between the primary AWS Region to a secondary AWS Region is billed based on the data transfer pricing of the applicable AWS Regions. See Amazon RDS for MySQL Pricing for up-to-date pricing of instances, storage, data transfer and regional availability.

Amazon Lex is a service for building conversational interfaces into any application using voice and text. With Amazon Lex, you can quickly and easily build conversational bots (chatbots), virtual agents, and interactive voice response (IVR) systems. Amazon Lex is further enhancing the developer experience by providing eight pre-built bot templates, containing 50+ intents, that can be deployed in minutes. 

Amazon Lex’s pre-built bots provide real-life solutions that reduce the time it takes to deploy conversational AI solutions. Developers can simply modify existing intents, slots, and utterances to best fit their specific use case. In addition to showcasing different conversational flows, bot templates help developers learn and discover new Lex features by providing working examples of intent and slot-specific capabilities.

Bot templates are available for five industry specific verticals: Financial Services, Insurance, Retail, Telecom, and Travel. To get started, log into the Lex Console, select the option for “Bot templates,” choose the appropriate business vertical, and follow the prompts. The new bot templates are available in all AWS regions where Amazon Lex V2 operates. To learn more about the real-life customers that have used these bot templates, go to “Use Cases” from the Amazon Lex homepage. 

AWS Transfer Family now allows you to send Applicability Statement 2 (AS2) messages using HTTPS. AS2 offers security features like encryption and non-repudiation by default. With the ability to send AS2 messages over HTTPS, you can now benefit from an additional layer of in-transit encryption for your most sensitive EDI payloads and further compatibility with trading partners that require SSL/TLS communications.

Customers across verticals such as healthcare and life sciences, retail, financial services, and insurance that rely on AS2 for exchanging business-critical data use AWS Transfer Family’s highly available, scalable, and globally available AS2 endpoints to more cost effectively and securely exchange transactional data with their trading partners.

Exchanged data is natively accessible in AWS for processing, analysis, and machine learning, as well as for integrations with business applications running on AWS.

You can now use AWS CloudFormation templates to create and manage AWS Transfer Family resources for AS2 including servers, connectors, partner profiles, and certificates. AWS CloudFormation makes it easy to configure the entire stack of AS2 resources required to initiate and test an end-to-end AS2 message exchange.

Additionally, you can now access Amazon CloudWatch metrics for AS2, such as number of successful and failed AS2 messages, in the AWS Transfer Family Management Console. These metrics enable you to more effectively monitor your AS2 activity using a centralized dashboard.

Customers across verticals such as healthcare and life sciences, retail, financial services, and insurance that rely on AS2 for exchanging business-critical data use AWS Transfer Family’s highly available, scalable, and globally available AS2 endpoints to more cost effectively and securely exchange transactional data with their trading partners.

Exchanged data is natively accessible in AWS for processing, analysis, and machine learning, as well as for integrations with business applications running on AWS.

This week, AWS are announcing an update for Amazon CloudWatch Synthetics canaries to use the Synthetics NodeJS runtime version 3.9. This update updates dependency packages and addresses the planned deprecation of Synthetics NodeJS runtime versions 3.5, 3.6, 3.7, and 3.8.

Canary runs continue indefinitely after the runtime version reaches end of support. However, AWS strongly recommends that you migrate canaries to a supported runtime version so that you continue to receive security patches and remain eligible for technical support. Please refer to the runtime support policy for additional deprecation details.

You can update a canary’s runtime version by using the CloudWatch console, AWS CloudFormation, the AWS CLI or the AWS SDK. You can bulk update canaries by:

1. Using an upgrade script. For more information, see Canary runtime upgrade script.
2. Selecting up to five canaries at a time on the canary list page on the CloudWatch console, and then choosing Actions, Update Runtime.

Starting today, Amazon EC2 Hpc6id instances are available in additional AWS Region Europe (Stockholm). These instances are optimized to efficiently run memory bandwidth-bound, data-intensive high performance computing (HPC) workloads, such as finite element analysis and seismic reservoir simulations. With EC2 Hpc6id instances, you can lower the cost of your HPC workloads while taking advantage of the elasticity and scalability of AWS.

EC2 Hpc6id instances are powered by 64 cores of 3rd Generation Intel Xeon Scalable processors with an all-core turbo frequency of 3.5 GHz, 1,024 GB of memory, and up to 15.2 TB of local NVMe solid state drive (SSD) storage. EC2 Hpc6id instances, built on the AWS Nitro System, offer 200 Gbps Elastic Fabric Adapter (EFA) networking for high-throughput inter-node communications that enable your HPC workloads to run at scale.

The AWS Nitro System is a rich collection of building blocks that offloads many of the traditional virtualization functions to dedicated hardware and software. It delivers high performance, high availability, and high security while reducing virtualization overhead.

With this regional expansion EC2 Hpc6id instances are available in the following AWS Regions: US East (Ohio), AWS GovCloud (US-West) and Europe (Stockholm). To optimize EC2 Hpc6id instances networking for tightly coupled workloads, you can access EC2 Hpc6id instances in a single Availability Zone in each Region.

Amazon Elastic Container Services (Amazon ECS) has increased the “Tasks in PROVISIONING state per cluster“ service quota to deliver a faster Cluster Auto Scaling experience. Customers who need to launch a large number of tasks (>300) in their Amazon ECS clusters will now see their cluster infrastructure scale faster.

Amazon ECS is a fully managed container orchestration service that makes it easier for you to deploy, manage, and scale containerized applications. ECS Capacity Providers is the infrastructure management capability designed to perform Cluster auto scaling by automatically scaling Amazon Elastic Compute Cloud (EC2) Auto Scaling groups on your behalf, so that you can focus on just running your tasks.

ECS performs the scale-out operation iteratively for tasks being provisioned that require additional EC2 instances for placement. ECS can now increase capacity for 500 provisioning tasks in a single step, up from the previous 300 tasks, which translates to fewer scaling iterations, faster cluster autoscaling performance, and speedier task launches.

This week, Amazon Fraud Detector (AFD) announced the launch of Smart Data Validation, a new feature which helps customers streamline their data preparation process for a successful batch import. Smart Data Validation helps customers save time and resources by validating data at the time of import. This new feature reduces the time to validate and fix customer’s data from days to minutes.

Before this launch, data preparation in AFD could be a complex and time-consuming process for customers. It required manual effort to identify, clean, and validate the data before importing it to AFD for training a ML fraud model. It also required customers to follow carefully after data guidelines, as each of Amazon Fraud Detector fraud models has unique requirements on the quality and format of the data. Previously, this process resulted with customers making a few attempts before successfully importing data into AFD. 

Smart Data Validation now automates the process of data validation during data import. It identifies abnormalities in your data and provides with a simple and effective data validation report to help ensure that each data point is formatted properly and ready for training a ML fraud model. It also helps clear up ambiguities around data requirements and formatting. Starting today, customers can ensure their data is accurate and complete in a fraction of the time. 

Amazon QuickSight now enables you to add role-based access policies to QuickSight data sources that connect to Amazon S3 and Amazon Athena. With this launch of the Run-as IAM Role for S3 and Athena, QuickSight account administrators will be able to provide an IAM Role to individual S3 or Athena data sources in their QuickSight account, rather than enabling account-wide access to connect from QuickSight to S3 or Athena.

When a specific business team needs to access certain data via S3 or Athena, Amazon QuickSight administrators can run an API and assign an AWS Identity and Access Management (IAM) role to specific QuickSight data sources while preventing other business teams from accessing S3 via QuickSight. With the role in place, you can ensure that QuickSight runs with the least-privileged permissions necessary to connect to S3 or run queries in Athena.

Kubernetes 1.25 introduced several new features and bug fixes, and AWS is excited to announce that you can now use Amazon EKS and Amazon EKS Distro to run Kubernetes version 1.25. Starting today, you can create new 1.25 clusters or upgrade your existing clusters to 1.25 using the Amazon EKS console, the eksctl command line interface, or through an infrastructure-as-code tool.

Some things to note in this release are the removal of PodSecurityPolicy (PSP), the graduation of Pod Security Admission to stable, and enhancements to cluster authentication. If you are using PSP in your cluster, then before upgrading your cluster to version 1.25, you must migrate your PSP to the built-in Kubernetes Pod Security Standards or to a policy-as-code solution to avoid interruptions and to protect your workloads.

You can learn more in the PSP removal FAQ page and in  the EKS Best Practices Guide. For detailed information on major changes in Kubernetes 1.25, see the Amazon EKS blog post and the Kubernetes project release notes.

Kubernetes 1.25 support for Amazon EKS is available in all AWS Regions where Amazon EKS is available, including the AWS GovCloud (US) Regions.

AWS App Runner now redirects incoming HTTP based requests to an App Runner service endpoint to HTTPS. Until now, incoming requests to an HTTP endpoint failed with timeout status response. Now, you can use both HTTP and HTTPS endpoints from your client to access your application running on App Runner.

App Runner will redirect the incoming request to an HTTPS endpoint with 301 “Moved Permanently” status code. You do not need to make any configuration change to your App Runner service to enable HTTP to HTTPS redirect.

App Runner makes it easier for developers to quickly deploy containerized web applications and APIs to the cloud, at scale, and without managing infrastructure. By default, App Runner supports HTTPS endpoints. With App Runner, you do not need to configure TLS cipher suites or any other parameters. App Runner manages the TLS termination for you. 

Amazon Relational Database Service (Amazon RDS) Custom for Oracle, a managed database services for legacy, custom, and packaged applications that require access to the underlying operating system and database environment, is now available in the AWS Regions of Canada (Central) and South America (São Paulo).

By using Amazon RDS Custom for Oracle, you can benefit from the agility of a managed database service, with features such as automated backups and point-in-time recovery, and also meet database application’s customization requirements.

By allowing more applications to move to a managed database service, you can save time on the undifferentiated heavy lifting of database management and focus on higher level tasks.

AWS Lake Formation is a service that allows you to set up a secure data lake in days. A data lake is a centralized curated, and secured repository that stores all your data, both in its original form and prepared for analysis.

A data lake enables you to break down data silos and combine different types of analytics to gain insights and guide better business decisions.

Creating a data lake with Lake Formation allows you to define where your data resides and what data access and security policies you want to apply. Your users can then access the centralized AWS Glue Data Catalog which describes available data sets and their appropriate usage.

Your users then leverage these data sets with their choice of analytics and machine learning services, like Amazon EMR for Apache Spark, Amazon Redshift Spectrum, AWS Glue, Amazon QuickSight, and Amazon Athena.

Amazon Detective now supports the ability to export data from Summary page panels and search results in comma-separated values (CSV) format. You can use this new capability to export data from the Detective management console and enrich your security investigations by manipulating the data using other AWS services, third-party applications, or spreadsheet programs that support CSV import.

Detective’s Summary page has panels that can help you identify unusual activity like IAM roles with high API call volume or EC2 instances with the most traffic. You can use these panels as starting points for your security investigations and can now export data from the panels Roles and users with the most API call volume, EC2 instances with the most traffic volume, and EKS clusters with the most Kubernetes pods.

Detective’s search allows you to look for specific Amazon GuardDuty findings or entities like AWS accounts, S3 buckets, or EC2 instances. You can use search to get an overview of specific entities and review new behavior that may present risk like communicating with malicious IP addresses or multiple failed API calls.

When you complete the search, Detective displays a list of matching results and you now have an Export option to download the list of results.

AWS announces the general availability of AWS Telco Network Builder to help communications service providers (CSPs) automate the deployment and management of telco networks on AWS. CSPs want to take advantage of the cost efficiencies, agility, and elasticity of the cloud, but it’s complicated to map traditional network requirements to a cloud environment.

To set up a large network, you need to deploy hundreds of compute, storage, and networking components on AWS across thousands of locations. You also need to set up and maintain secure networking between locations, then manage and scale ongoing network operations.

AWS Telco Network Builder is a network automation service that makes it easier and faster to deploy and manage telco networks on AWS while still using telecom industry standards. With AWS Telco Network Builder, you define network requirements by using telecom industry standards.

AWS Telco Network Builder maps the requirements to a cloud architecture and provisions the right compute, storage, and networking resources automatically. AWS Telco Network Builder simplifies network lifecycle management by allowing you to deploy, update, and upgrade network functions and services.

The service also provides a centralized dashboard so that you can monitor and manage your network functions and AWS services from one place.

Torn Write Prevention (TWP) is a feature that ensures 16KiB write operations are not torn in the event of operating system crashes or power loss during write transactions. Starting this week, this feature is available for AWS customers using instance store on AWS Nitro SSD based EC2 Im4gn and Is4gen storage optimized instances, and in additional Amazon Elastic Block Store (EBS) regions, a block storage service, when attached to all EC2 Nitro-based instances.

TWP enables customers running databases such as MySQL or MariaDB on EC2, EBS, and managed services like Amazon RDS, to turn off the double write operation, thereby accelerating database performance Transactions per Second (TPS) without compromising the resiliency of their workloads. 

For customers using AWS EC2 I4i, Im4gn and Is4gen instances, they can use TWP in the regions where those instances are available. For customers with EBS volumes attached to Nitro instances, TWP is available in all public AWS Regions, including the AWS GovCloud (US) Regions and AWS China Regions. 

Amazon Relational Database Service (Amazon RDS) for Oracle now supports early notifications of Auto minor Version Upgrades (AmVU) for instances via Pending Maintenance Actions (PMA), enhancing usability of AmVU. 

Customers with AmVU enabled for their Amazon RDS for Oracle instances will benefit from the early notification of AmVU, which will give them more time to prepare and take downtime during patches.

While the exact amount of notice may vary, customers will receive at least 3 weeks prior notice for an impending AmVU in any region. Customers will be able to manage their own fleets, testing minor versions in pre-production environments before applying them in production environments. To learn more, read Maintaining a DB instance documentation.

Amazon OpenSearch Service now lets you schedule service software and auto-tune updates during off-peak hours, helping you plan deployments to your domain better. In addition, with improved notifications through EventBridge events, and notifications on the OpenSearch Service console, you have better visibility of scheduled updates, when the updates start, and complete.

With the new off-peak hours feature, you can define a ten-hour daily window when you experience comparatively lower traffic load, and choose to schedule service software updates or auto-tune updates to your domain during these hours, helping you reduce the risk of any potential disruption to your cluster operations.

In addition, you can optionally choose to automatically schedule software updates once they are available during off-peak hours. You will receive a notification with the exact date and hour of the update, which you can reschedule if required, as per your preference.

The off-peak hours feature is available across 31 regions globally. Please refer to the AWS Region Table for more information about Amazon OpenSearch Service availability.

Amazon Connect Cases can now be used by Amazon Connect customers in the Europe (Frankfurt), Asia Pacific (Singapore), Asia Pacific (Sydney), Canada (Central), and Europe (London) AWS regions.

Amazon Connect Cases provides built-in case management capabilities that make it easy for your contact center agents to create, collaborate on, and quickly resolve customer issues that require multiple customer conversations.

Agents can follow-up tasks, all without having to build custom applications or integrate with third-party products. Amazon Connect Cases is available in US East (N. Virginia), US West (Oregon), Europe (Frankfurt), Asia Pacific (Singapore), Asia Pacific (Sydney), Canada (Central), and Europe (London) AWS regions.

You can now use AWS PrivateLink to privately access Amazon Connect Cases from your Amazon Virtual Private Cloud (Amazon VPC) without using public IPs, and without requiring the public internet.

AWS PrivateLink provides private connectivity among VPCs, AWS services, and your on-premises networks, without exposing your traffic to the public internet. Now, you can manage your Amazon Connect Cases agents and admins without requiring an internet gateway in your VPC. AWS PrivateLink comes with private internet connectivity, security groups, and VPC endpoint policies to help meet your compliance requirements.

Amazon Connect Cases provides built-in case management capabilities that make it easy for your contact center agents to create, collaborate on, and quickly resolve customer issues that require multiple customer conversations and follow-up tasks, all without having to build custom applications or integrate with third-party products.

To use AWS PrivateLink, create an interface VPC endpoint for Amazon Connect Cases in your VPC using the Amazon VPC console, EC2 SDK, or CLI. You can also access the VPC endpoint from on-premises environments or from other VPCs using AWS VPN, AWS Direct Connect, or VPC Peering.

AWS ParallelCluster 3.5 is now generally available and expands your choices and flexibility by adding the graphical user interface for AWS ParallelCluster to help you set up, monitor, and manage High Performance Computing (HPC) clusters on AWS. Other important features in this release include:

• Enhancements designed to improve visibility for cluster errors during compute node bootstrap, execution of pre and post install script
• Enhancements designed to improve reliability for compute node reboot
• Support of long cluster names up to 40 characters
• Programmatic interface you can use to access AWS ParallelCluster via a Python library

For more details on the release, review the AWS ParallelCluster 3.5 release notes. 

You can now learn to use Amazon Detective with a new self-paced workshop in AWS Workshop Studio. AWS Workshop Studio is a collection of self-paced tutorials designed to teach practical skills and techniques to solve business problems.

Amazon Detective Workshop is designed to teach you how to use the primary features of Detective through a series of interactive modules that cover topics such as security alert triage, security incident investigation, and threat hunting.

Together with an updated Amazon GuardDuty Workshop, you can learn how to identify security findings and more quickly analyze and determine the nature and extent of those security issues.

Detective makes it easier to analyze, investigate, and quickly identify the root cause of potential security issues or suspicious activities. Once enabled, Detective automatically collects log data from AWS resources and uses machine learning, statistical analysis, and graph theory to build interactive visualizations to run faster and more efficient security investigations.

Detective analyzes events from multiple data sources such as Amazon Virtual Private Cloud (VPC) Flow Logs, AWS CloudTrail logs, Amazon GuardDuty findings, and Amazon Elastic Kubernetes Service (EKS) audit logs to create a unified, interactive view of your resources, users, and the interactions between them.

With this unified view, you can visualize all the details and context in one place to identify the underlying reasons for security findings, drill down into relevant historical activities, and quickly determine root cause.

Authorized stored procedures are now in preview. This feature lets you share stored procedures with users or groups without giving them direct access to the underlying tables.

Discovery for Media

Preview recommendations is now available in Preview mode.

Use this feature to preview and evaluate what documents your serving configs will recommend to your users. This allows you to test models and serving configs quickly before you go into production.

For information about this feature, see Preview Recommendations.

This launch upgrades the lifecycle stage of the Custom Document Extractor (CDE) component of the DocAI Workbench from Public Preview to Generally Available (GA). CDE covers essential workflows for developing custom document extraction processors with end-to-end UI support:

• Data import
• Schema creation and annotation
• Processor model training
• Evaluation and troubleshooting
• Model deployment and version management
• Human-in-the-loop (HITL) integration for "last-mile" processor quality assurance

Notable new Generally Available Custom Document Extractor (CDE) features include:

• Public APIs
• Automatic schema label creation from pre-labeled documents
• Schema label data type and occurrence editable pre-training
• New DocAI Toolkit with a labeled document converter

The following features have been upgraded:

• Processor Gallery
• Schema editor
• Labeling UI
• Training pipeline
• Manage versions table