In Cloud Computing This Week [June 3rd 2022]

Amazon SageMaker JumpStart now supports model tuning with Sagemaker Automatic Model Tuning from its pre-trained model, pre-built solution templates, and example notebooks. This means AWS customers can automatically tune their machine learning models to find the hyperparameter values with highest accuracy within the range customers provide through SageMaker API.

SageMaker JumpStart allows AWS customers to fine-tune and deploy a wide variety of pre-trained models across popular ML tasks, as well as a selection of end-to-end solutions that solve common business problems. These features remove the heavy-lifting from each step of the ML process, making it easier to develop high-quality models and reducing time-to-deployment. Customers can access JumpStart via APIs in notebook, and UI in SageMaker Studio with just few clicks.

Amazon Kendra is an intelligent search service powered by machine learning, enabling organizations to provide relevant information to customers and employees, when they need it. Starting this week, AWS customers can use the Amazon Kendra Github OnPrem connector to index and search documents from GitHub Enterprise Server data source.

Many organizations use GitHub as a code hosting platform for version control and to redefine collaboration of open-source software projects. A GitHub account repository can include many content types, such as files, issues, issue comments, issue comment attachments, pull requests, pull request comments, pull request comment attachments, and more. This data is scattered across multiple locations and content repositories (public, private, and internal) within an organization. Organizations can now use the Github OnPrem connector to index these documents and provide search results and answers to their users about this project content using Amazon Kendra intelligent search.

NoSQL Workbench for Amazon DynamoDB  is a client-side application to help visualize and build scalable, high-performance data models. Starting today, NoSQL Workbench adds support for table and global secondary index (GSI) control plane operations such as CreateTable, UpdateTable, and DeleteTable.

Previously, you could use NoSQL Workbench to build and perform data plane operations on tables and GSIs. However, for control plane operations, you had to use tools such as the AWS Management Console or AWS Command Line Interface (AWS CLI). With the new updates in NoSQL Workbench, you can perform all data plane and control plane operations from one convenient application.

You can now update the storage and IOPS capacity on your Amazon FSx for OpenZFS file systems with the click of the button, making it even easier to adapt to your evolving storage and performance needs.

Amazon FSx for OpenZFS provides fully managed cost-effective shared file storage powered by the popular OpenZFS file system. When you create an FSx for OpenZFS file system, you can specify its storage capacity, its throughput capacity, and its disk IOPS capacity. Until today, FSx for OpenZFS only supported updating the throughput capacity of an active file system. Now, you can also increase the storage capacity or change the disk IOPS capacity on your file system in seconds, without disrupting your end users or applications. With this capability, you can now dynamically update all of the primary aspects of your FSx for OpenZFS file system configuration.

Amazon Kendra is an intelligent search service powered by machine learning, enabling organizations to provide relevant information to customers and employees, when they need it. Starting today, AWS customers can use the Amazon Kendra Github SaaS connector to index and search documents from GitHub Enterprise Cloud data source.

Many organizations use GitHub as a code hosting platform for version control and to redefine collaboration of open-source software projects. A GitHub account repository can include many content types, such as files, issues, issue comments, issue comment attachments, pull requests, pull request comments, pull request comment attachments, and more. This corpus data is scattered across multiple locations and content repositories (public, private, and internal) within an organization. Organizations can now use the Github SaaS connector to index these documents and provide search results and answers to their users about this project content using Amazon Kendra intelligent search.

Amazon Braket, the quantum computing service from AWS, adds support for Borealis, a new photonic quantum processing unit (QPU) from Xanadu. The Borealis device is the first publicly available quantum computer that is claimed to have achieved quantum advantage: the technical milestone when a quantum computer outperforms the world’s fastest supercomputers on a well-defined task, in a peer-reviewed study published in the journal of Nature. Until now, none of the devices that have been claimed to demonstrate quantum advantage have been accessible to the public, but for the first time, customers can test a quantum advantage claim for themselves on Amazon Braket while also exploring potential applications for this technology.

One of the limiting factors slowing down research in quantum computing today is access to diverse quantum hardware. With this launch, Amazon Braket expands the hardware available on the service to include a photonic quantum computer, in addition to the existing superconducting, ion trap, and quantum annealing-based quantum hardware. The Borealis device is designed to support continuous-variable (CV) quantum computing, a paradigm of quantum computing that uses continuous quantum states known as qumodes, instead of discrete two-level systems (often called qubits).

The 216-qumode Borealis device is not a universal quantum computer, capable of arbitrary computations, but rather implements a specific protocol known as Gaussian Boson Sampling (GBS). With this launch, researchers anywhere can access and experiment with a state-of-the-art CV device with the same familiar pay-as-you-go pricing model as other devices on Amazon Braket. 

The Amazon Chime SDK now lets developers centrally control each participant’s ability to send and receive audio, video, and screen share within a WebRTC session. Amazon Chime SDK lets developers add intelligent real-time audio, video, and screen share to their web and mobile applications. Enforcement of attendee capabilities is centralized in the WebRTC session, so developers do not have to rely on logic within client applications, which may be outdated in older versions.

Developers can align each participant’s capabilities with their role within their application use case and dynamically adjust them as needed. For example, an attendee in a webinar can only listen to audio and view webcam video and screen share. If an attendee wants to ask a question, they can be granted permission to share only audio. However, suppose the presenter needs to interrupt and stop the attendee from talking - the attendee’s audio can be immediately cut off by revoking their permission to share audio.

AWS Panorama customers can now use AWS PrivateLink to access AWS Panorama from their Amazon Virtual Private Cloud (Amazon VPC) without using public endpoints, and without requiring the traffic to traverse the Internet. Using AWS PrivateLink, you can access AWS Panorama endpoints easily and securely by keeping your traffic within the AWS network, while simplifying your internal network architecture. You no longer need to use an internet gateway, Network Address Translation (NAT) devices, or firewall proxies to connect to AWS Panorama.

AWS Panorama is a collection of machine learning (ML) devices and a software development kit (SDK) that brings computer vision (CV) to on-premises internet protocol (IP) cameras. With AWS Panorama, companies can use compute power at the edge (without streaming video to the cloud) to improve their operations, by automating visual inspection tasks like improving supply chain logistics, optimizing traffic management, and evaluating manufacturing quality. AWS PrivateLink provides private and encrypted connectivity between customer VPCs and AWS services (such as AWS Panorama), without requiring your traffic to ever leave the Amazon network.

Amazon CloudWatch now supports AWS Elemental MediaTailor logs as part of Vended Logs. Vended logs are specific AWS service logs natively published by AWS services on behalf of the customer and available at volume discount pricing.

AWS Elemental MediaTailor logs now takes advantage of volume-based tiered pricing for Vended logs. Please visit the Amazon CloudWatch pricing page to learn more about Vended logs pricing available in all public regions. Please visit our documentation to learn more about Amazon CloudWatch.

Amazon S3 on Outposts now supports AWS PrivateLink, providing direct access to manage your S3 on Outposts storage capacity via a private endpoint within your virtual private network. This allows you to simplify your internal network architecture and perform management operations on your S3 storage by using private IP addresses in your Virtual Private Cloud (VPC), eliminating the need to use public IPs or proxy servers.

AWS customers today connect on-premises applications with Amazon S3 on Outposts using private IP addresses within their VPC, privately transferring object data in and out of S3 on Outposts. Many AWS customers, however, also want to manage their S3 on Outposts capacity without configuring public IPs or proxy servers. With full S3 on Outposts support for PrivateLink, you can now provision interface VPC endpoints for the S3 on Outposts Control API in your VPC. This allows you to seamlessly create buckets, manage endpoints, and apply security policies from within your own VPC via the AWS Command Line Interface (CLI) or programmatically via AWS Software Development Kits (SDKs). Interface VPC endpoints are private endpoints that are assigned private IPs from your VPC.

Amazon Relational Database Service (Amazon RDS) can now publish events to Amazon Simple Notification Service (Amazon SNS) topics that have server-side encryption (SSE) enabled, for additional protection of events that carry sensitive data. Amazon RDS groups events into categories that you can subscribe to so that you can be notified when an event in that category occurs, enabling routing and automation.

When you publish messages to encrypted topics, Amazon SNS immediately encrypts your messages. The encryption takes place on the server, using a 256-bit AES-GCM algorithm and an encryption key managed by the AWS Key Management Service (AWS KMS). Amazon SNS encrypted topics work with both customer managed keys and AWS managed keys. The messages are stored in encrypted form, in multiple Availability Zones (Multi-AZs), and decrypted only as they are delivered to subscribing endpoints, such as Amazon Simple Queue Service (Amazon SQS) queues, AWS Lambda functions, and HTTP/S webhooks.

This week AWS announced the general availability of Geofences for Amplify Geo. Amplify Geo enables frontend developers to add location-aware features to their web applications. Developers looking to display geometric boundaries or Geofences on a map, can now implement a complete Geofence management solution in minutes using the cloud-connected UI widget and APIs from Amplify Geo, powered by Amazon Location Service. Geofences are geometric boundaries that can be drawn around places of interest or areas on a map.

With this release, developers can add an interactive Geofence management UI widget to view, create, and edit Geofences on a map. This UI widget is built on top of the popular MapLibre open-source library and developers can choose from the wide array of community-contributed plugins to further customize their Geofence UI components. Amplify Geo also provides developers with client APIs powered by Amazon Location Service to manage Geofences programmatically from their frontend web application. Developers can use the guided workflow in the Amplify Command Line Interface (CLI) to provision all the necessary cloud resources to create Geofences, or they can use existing Geofence resources.

AWS Storage Gateway is expanding the ways you can purchase the AWS Storage Gateway Hardware Appliance, and for the first-time enabling resellers to offer the appliance. Now you can procure the hardware appliance through the reseller of your choice, and leverage your existing purchasing agreements.

AWS Storage Gateway is a hybrid cloud storage service that provides on-premises applications access to virtually unlimited storage in the cloud. You can use AWS Storage Gateway for backing up and archiving data to AWS, providing on-premises file shares backed by cloud storage, and providing on-premises applications low latency access to data in the cloud. The AWS Storage Gateway Hardware Appliance provides you with a simple out-of-the-box experience to deploy storage gateway on-premises. The hardware appliance is a physical, standalone, validated server configuration that comes pre-loaded with Storage Gateway software, and provides all the required compute, memory, network, and storage resources for creating and configuring the gateway for on-premises hybrid cloud storage deployments, and is managed from the AWS Console. The hardware appliance supports Amazon S3 File Gateway, Amazon FSx File Gateway, Tape Gateway, and Volume Gateway.

AWS are excited to announce that AWS Elastic Disaster Recovery (DRS) has added support for multiple staging and target accounts. Today you can replicate and protect up to 300 source servers per AWS Region. By using multiple staging and target accounts, you can now also recover up to 3,000 replicating source servers into any target AWS account. This feature makes disaster recovery setup, implementation, and monitoring easier and more efficient, especially for large-scale projects.

You can use multiple staging and target accounts to separate your staging accounts (where replication is managed) from your target accounts (where you can recover your source servers). With the new capability, you can recover source servers from multiple staging accounts into a single AWS target account. This provides a separation that can be useful for many purposes, including security, billing, and project management. You can also recover any single source server into multiple target accounts, and this can be used for many purposes, including testing, sandboxing, development, and production.

Amazon Pinpoint journeys now include the ability to pass data into a custom channel, and be able to perform a yes/no or multivariate split based on the response. Journeys in Amazon Pinpoint were designed for customers who want to send targeted communications that drive high-value user actions. Journeys can include custom channel activities, which can be used to send messages through channels that Amazon Pinpoint doesn’t support natively, such as WhatsApp or Signal.

Custom channel activities use AWS Lambda functions to call external APIs or perform other operations. AWS customers can now pass the custom channel activity a message intended for an end user, or other data to customize the send. In addition, Journey yes/no and multivariate splits can now listen to the response from the AWS Lambda function, and use that response to determine the next action in the journey. For example, you could design a custom channel activity to send a message through WhatsApp, and the Lambda function could return a value of “Success” if the message is successfully delivered, or “Failure” if it wasn’t. Your journey can then be split based on this success or failure response, and recipients who weren’t able to receive the message through WhatsApp could then be sent a communication through another channel, such as SMS.

AWS Proton introduces service components, a new feature that allows developers complement the standard infrastructure of Proton templates with additional resources for their services. Platform engineers use Proton to define the core infrastructure of their services and keep it consistent and updated across services, and now with components developers can complement that core infrastructure with the additional resources they need to meet the needs of their particular application. Proton components enable platform engineers to expand the use cases they support without having to drastically increase the number of templates that they manage.

AWS Proton is a managed service for platform engineers to increase the pace of innovation by defining, vending, and maintaining infrastructure templates for self-service deployments. With Proton, customers can standardize centralized templates to meet security, cost, and compliance goals. Proton helps platform engineers scale up their impact with a self-service model, resulting in higher velocity for the development and deployment process throughout an application lifecycle.

Amazon Pinpoint journeys now include the ability to pass data into a custom channel, and be able to perform a yes/no or multivariate split based on the response. Journeys in Amazon Pinpoint were designed for customers who want to send targeted communications that drive high-value user actions. Journeys can include custom channel activities, which can be used to send messages through channels that Amazon Pinpoint doesn’t support natively, such as WhatsApp or Signal.

Custom channel activities use AWS Lambda functions to call external APIs or perform other operations. Customers can now pass the custom channel activity a message intended for an end user, or other data to customize the send. In addition, Journey yes/no and multivariate splits can now listen to the response from the AWS Lambda function, and use that response to determine the next action in the journey. For example, you could design a custom channel activity to send a message through WhatsApp, and the Lambda function could return a value of “Success” if the message is successfully delivered, or “Failure” if it wasn’t. Your journey can then be split based on this success or failure response, and recipients who weren’t able to receive the message through WhatsApp could then be sent a communication through another channel, such as SMS.

This week, AWS are announcing support for Amazon Elastic Compute Cloud (EC2) Dedicated Hosts on AWS Outposts, which makes it easier for AWS customers to bring their existing software licenses and workloads that require a dedicated physical server to their Outpost Racks. In addition, customers now have greater flexibility in instance type deployment and more granular placement control, all with consistent hybrid experience on AWS Outposts.

Amazon EC2 Dedicated Hosts allow customers to use their eligible software licenses that are bound to VMs, sockets, or physical cores on EC2 instances, so that customers get the flexibility and cost effectiveness of using their own licenses. While Outposts has always been a single tenant environment eligible for Bring Your Own License (BYOL) workloads, Dedicated Hosts allows customers to limit licenses to a single host as opposed to the entire Outpost.

You can now learn to use AWS Step Functions with a new workshop called The AWS Step Functions Workshop. This self-paced tutorial teaches you how to use the primary features of Step Functions through a series of interactive modules. Each module contains lesson materials you can deploy to your AWS account, covering topics such as coordinating and orchestrating application workflows, managing workflow states, creating SDK integrations with other AWS services, and more.

AWS Step Functions is a low-code, visual workflow service that you can use to connect to over 220 AWS services and 10,000 API actions. Developers use Step Functions to build distributed applications, automate IT and business processes, and create data and machine learning pipelines. With this launch you now can get hands-on experience building resilient workflows with robust error handling using Step Functions in a workshop environment.

AWS are excited to announce the following price reductions for Amazon EC2 instances running SLES. When you run SLES on Amazon EC2, you are charged one combined price for the Amazon EC2 infrastructure and the SUSE OS.

Starting May 28th 2022, there will be a:

1. Price reduction on SLES On-Demand EC2 instances which can result in savings of up to 24% vs. the current On-Demand rates. For example, running a c5.large SLES EC2 instance in US East (N.Virginia) region could save you 24%, m5.large 22%, and r5.xlarge 18%. If applicable, these savings would be reflected in your next billing cycle.
2. Price reduction on Savings Plans when running SLES OS EC2 instances can result in savings of up to 52% vs. the current Savings Plans rates. With this price reduction, SLES OS Savings Plans customers will not only benefit from the same significant savings as Reserved Instances but also benefit from the flexibility and ease of use of Savings Plans. For example, running a m5.xlarge SLES OS EC2 instance in US East (N.Virginia) region with shared tenancy can result in 52% savings on a 3-year term and 44% on a one-year term vs. the current Compute Savings Plans rates for the same SLES OS EC2 instance. With a Compute Savings Plan, you will get the flexibility to change instance type (e.g. from M5 to C5), or shift a workload from one AWS Region to another (e.g. US East (N.Virginia) to Europe (Ireland)) and continue to benefit from the applicable lower prices up to your Savings Plans commitment. This pricing change will apply to all new Savings Plans.

AWS Well-Architected Tool now features direct access to AWS re:Post, a community-driven, questions-and-answers service designed to help AWS customers remove technical roadblocks, accelerate innovation, and enhance operation. AWS re:Post has 40+ topics including a community specific to AWS Well-Architected.

To get started, from AWS Well-Architected Tool select “Ask an Expert” and access the AWS re:Post community dedicated to AWS Well-Architected. In this community, customers can ask questions related to designing, building, deploying, and operating workloads on AWS. During workload reviews with the AWS Well-Architected Tool, customers can reference AWS re:Post for questions related to specific topics, or ask questions to start a discussion and get answers. The re:Post community includes AWS customers, partners, and employees. The topics and posts within this community are monitored by AWS Well-Architected subject matter experts.

Amazon Timestream is now in scope for FedRAMP Moderate in the following AWS Regions: US East (Ohio), US East (N. Virginia), US West (Oregon). You can now use Amazon Timestream to collect, store, query, and visualize time series data in various applications within your Amazon Virtual Private Clouds (Amazon VPC) to help you meet FedRAMP Moderate controls.

Amazon Timestream is a fast, serverless, secure, and purpose-built time series database for analytics, DevOps, and IoT applications that can scale to process trillions of time series events per day. Amazon Timestream simplifies data lifecycle management through the use of data tiers and user-defined data retention policies. The purpose-built query engine lets you access and analyze recent and historical data across these tiers. Additionally, visualizing your data is simple with integration and connector support through Amazon Quicksight, Grafana, and JDBC. Amazon Timestream also automatically scales up or down to adjust capacity and performance, so you don’t need to manage the underlying infrastructure, freeing you to focus on building your applications.

You can now use Elastic Volumes to dynamically increase the capacity and tune the performance of your io2 Block Express volumes with no downtime or performance impact, in the same manner as other EBS volumes. Additionally, you can now create a fully initialized io2 Block Express volume from a Fast Snapshot Restore (FSR) enabled snapshot. Volumes that are created from FSR-enabled snapshots instantly deliver their provisioned performance. These features add to the capabilities of the highest-performance EBS volume type - io2 Block Express.

Launched in July 2021, io2 Block Express volumes deliver up to 4x higher throughput, IOPS, and capacity than io2 volumes, and are designed to deliver sub-millisecond latency and 99.999% durability. io2 Block Express refers to io2 volumes that run on the EBS Block Express architecture. You can provision a single io2 volume that delivers up to 256,000 IOPS, 4000 MB/s of throughput, and storage capacity of up to 64 TiB for running mission-critical deployments of Oracle, SAP HANA, Microsoft SQL Server, and SAS Analytics. With Elastic Volume support, you can dynamically increase the volume size and change the performance (IOPS), providing you greater flexibility to right-size the volume for your workload. In addition, with FSR you can get predictable performance from an io2 Block Express volume created from a snapshot without the need to initialize volumes yourself. This improved and predictable performance helps with various use cases, such as bringing up VDI environments, backup & restore, and creating test/development volume copies.

AWS Lookout for Metrics announces the launch of the Athena connector, a new connector in Lookout for Metrics that allows you to query data from various data sources such as Data Lake on AWS, Amazon S3, Amazon Redshift to ingest into Amazon Lookout for Metrics for anomaly detection. The Athena connector reduces the need to setup complex ETL jobs and data preparation time for anomaly detection. You can query large datasets using standard SQL and analyze it before ingesting in an anomaly detector. The Athena connector supports data formatted in CSV, JSON, ORC (Optimized Row Columnar), Parquet, XML, plain text and AVRO.

Starting this week Athena connector for Lookout for Metrics is available in all regions where Amazon Lookout for Metrics is supported. To learn more, see this blog. You can use this capability in all Regions where Amazon Lookout for Metrics is publicly available. For more information about Region availability, see AWS Regional Services.

AWS Control Tower now gives you the capability to enroll and update member accounts individually, from within your AWS Control Tower landing zone, with a single click. You can update your landing zone, remediate account drift, or enroll an account into a registered organizational unit (OU), in a few streamlined steps.

When you update an account, there’s no need to include an account’s entire OU in each update action. As a result, the time required to update an individual account is greatly reduced. You can more easily ensure that your existing accounts include the latest configurations.

You can bring accounts under AWS Control Tower governance quickly, in fewer steps. The Enroll account button is now also separated from the Create account workflow in account factory, to create more distinction between these similar processes, and help avoid setup errors when you’re entering account information.

AWS Identity and Access Management (IAM) now supports the Web Authentication (WebAuthn) standard for strong and phishing-resistant authentication across all supported browsers. WebAuthn is part of the FIDO2 set of specifications that succeed FIDO U2F API, enabling secure multi-factor authentication with security keys based on public key cryptography.

This capability extends the existing multi-factor authentication (MFA) functionality to ensure compatibility with the latest internet browsers and FIDO-compliant authenticators. The Safari browser is also now supported for authentication and registration of security keys, in addition to other major browsers such as Mozilla, Opera, Firefox, and Chrome. Users that already have FIDO-compliant authenticators, such as FIDO U2F security keys, will be able to continue to use these authenticators.

AWS AppSync is a fully managed service that makes it easy to create and manage GraphQL and Real-time APIs, allowing developers to securely access, manipulate, and combine data from one or more data sources via a single API endpoint. With GraphQL, special functions called Resolvers are used to implement business logic linking or “resolving” types, fields, or operations defined in the GraphQL schema with the data in data sources such as Amazon DynamoDB, AWS Lambda, HTTP APIs, and more.

Resolvers in AppSync support flexible integrated utilities that allow developers to automatically generate identifiers ($util.autoId and $util.autoUlid), parse ($util.parseJson) or convert JSON ($util.toJson), perform URL/base64 encoding ($util.urlEncode) or decoding ($util.base64Decode), generate and convert timestamps ($util.time.nowISO8601), convert XML to JSON ($utils.xml), perform authorization checks, validate formatting and conditions, and much more, all directly in the AppSync API layer. There is no need to create your own logic to perform these tasks in AppSync resolvers

AWS Marketplace introduces free trials for SaaS contracts so you can try products before you buy them. Previously, customers would either need to commit to a contract before trying the product, or go to third-party websites for free trials offered by software vendors directly.

With this release, you can discover SaaS contract products that offer free trials, review usage terms and trial duration, and start a free trial in a few clicks directly in AWS Marketplace. SaaS contract free trials do not require an upfront payment, allowing you to evaluate software without a commitment. During the trial period you can choose to subscribe to the available public offer, or negotiate a private offer with the seller. SaaS contract free trials won’t automatically convert into paid agreements, so if you decide that the product is not the right fit, you can simply let the free trial expire.

The new Dart Signature V4 client allows developers to securely integrate with all 200+ AWS services using signed HTTP requests. This functionality enables Dart developers to make native calls to AWS backends in their Flutter or Dart applications, to make changes to the data or configurations of AWS services.

Developers can add the Signature V4 client as a dependency to their Flutter or dart application, and use it to interact with AWS services. For example, using the Dart Signature V4 client, a developer can interact with the Amazon Simple Storage Service (Amazon S3) using signed HTTP requests to create a new S3 Bucket. Developers can then choose to upload files to their S3 buckets and also manage the read/write permissions for the files within these buckets.

AWS WAF and AWS Shield Advanced are now available in the Asia Pacific (Jakarta) Region.

AWS WAF is a web application firewall that helps protect your web applications from common web exploits that could affect application availability, compromise security, or consume excessive resources. AWS WAF gives you control over which traffic to allow or block to your web applications by defining customizable web security rules. AWS WAF can be deployed on Amazon CloudFront, Application Load Balancer, and Amazon API Gateway. To learn more about AWS WAF, visit the AWS WAF product page.

This week, AWS were excited to announce that the Amazon Genomics CLI v1.5.0 has added support for workflows written in the Common Workflow Language (CWL) using the Toil workflow engine. In addition to CWL, the Amazon Genomics CLI supports workflows written with Workflow Definition Language (WDL), Nextflow, and Snakemake enabling customers to run a wide variety of genomics data analyses like joint calling of genome variants and single-cell RNAseq.

The Amazon Genomics CLI simplifies and automates the deployment of cloud resources like workflow engines and compute clusters, providing genomics and life science customers with an easy-to-use command line to quickly setup and run genomics workflows on Amazon Web Services (AWS).

Amazon Elastic Container Services (Amazon ECS) provides a Cluster Auto Scaling (CAS) capability to dynamically manage the scaling of your Amazon Elastic Compute Cloud (EC2) Auto Scaling groups (ASG) on your behalf, so that you can focus on running your containers. Capacity Providers is the compute interface that links your Amazon ECS cluster with your ASG. With Capacity Providers, you can define flexible rules for how containerized workloads run on different types of compute capacity, and manage the scaling of the capacity. Capacity Providers improve the availability, scalability, and cost of running tasks and services on ECS. Starting today, we are simplifying the integration mechanism between Capacity Providers and ASGs by directly integrating with target-tracking scaling policy instead of relying on AWS Auto Scaling scaling plan.

Capacity Providers automatically scale the infrastructure capacity within your ASG, based on your target capacity configuration. Previously, Amazon ECS created an AWS Auto Scaling scaling plan containing a singular target-tracking scaling policy to manage the target capacity for the associated ASG. The target-tracking scaling policy ensured that your ASG had the requisite number of Amazon EC2 instances to support your workloads. With today’s launch, we have simplified the Capacity Provider-ASG integration by removing the additional layer of scaling plan, such that Capacity Provider will now directly create the same target-tracking policy for managing CAS. This change will automatically apply to all new Capacity Providers you create. You do not need to take any action to update your existing Capacity Providers. They will continue to function as before, with a scaling plan that contains the target-tracking scaling policy.

AWS customers in India and Taiwan can now purchase an AWS Panorama Appliance through the AWS Elemental purchase order process, a streamlined sales assisted ordering experience through the AWS Console that matches your corporate procurement workflow with the ability to pay via purchase order. With the expansion, customers can purchase Panorama through AWS Elemental in 49 countries, including United States, Canada, Mexico, Australia, New Zealand, Singapore, Malaysia, United Kingdom, and countries in the European Union.

AWS Panorama is a machine learning (ML) appliance and software development kit (SDK) that brings computer vision (CV) to on-premises internet protocol (IP) cameras. With AWS Panorama, companies can use compute power at the edge (without streaming video to the cloud) to improve their operations, by automating visual inspection tasks like evaluating manufacturing quality, finding bottlenecks in industrial processes, and assessing worker safety within their facilities.

AWS Systems Manager announces support for port forwarding to remote hosts using Session Manager. AWS Systems Manager is the operations hub for your AWS applications and resources, providing a secure end-to-end management solution for hybrid cloud environments. Session Manager, a capability of Systems Manager, provides secure access to managed instances in your cloud, on-premises, or edge devices, without the need to open inbound ports, manage Secure Shell (SSH) keys, or use bastion hosts.

Session Manager port forwarding is used to tunnel communications between a client machine and a Systems Manager managed instance. Starting today, Session Manager supports forwarding connections from a client machine to ports on remote hosts. With remote port forwarding, you can now use a managed instance as a “jump host” to securely connect to an application port on remote servers, such as databases and web servers, without exposing those servers to outside network.