In Cloud Computing This Week [Mar 19th 2021]

Amazon Relational Database Service (Amazon RDS) for MySQL now offers rollback protection for major version upgrades.

Amazon Quantum Ledger Database (Amazon QLDB) launches increased performance and latency reduction for control plane verification APIs. With this improvement, QLDB customers will experience an average latency reduction of up to 70% and the ability to scale at least 10 times from the current call volumes in many scenarios.

The Amazon EC2 Auto Scaling Instance Refresh feature enables customers to update the EC2 instances in their Auto Scaling groups on a rolling basis. Now, Instance Refresh gives customers more control over the update process by letting them configure Instance Refresh checkpoints to phase their deployments. An Instance Refresh checkpoint specifies what percent of the Auto Scaling group’s instances should be replaced and how long to wait before continuing with the rolling update. This gives AWS customers time to perform any necessary validation or testing steps at various checkpoints.

With S3 Object Lambda you can add your own code to S3 GET requests to modify and process data as it is returned to an application. For the first time, you can use custom code to modify the data returned by standard S3 GET requests to filter rows, dynamically resize images, redact confidential data, and much more.

Starting this week, AWS Launch Wizard deployments support the ‘No Rollback on Failure’ feature for all Launch Wizard applications. Now, when a Launch Wizard deployment fails, resources that were created as part of the deployment will not be immediately deleted/rolled back.

 

The new AWS Single Sign-On (SSO) app, found in the Azure Active Directory app gallery, makes it easier to use your Azure AD identities for sign-in across multiple AWS accounts and AWS SSO integrated applications. Customers who want a centralized way to manage Azure AD users and groups across AWS can use the app to connect Azure AD to AWS SSO once. Customers can then manage permissions to AWS centrally in AWS SSO, and enable users to sign in using Azure AD to access assigned AWS accounts and applications, such as Amazon SageMaker Studio Notebooks.

 

AWS introduces the Developer Preview of its opinionated deployment tool for .NET cloud-native applications. Using this tool, developers can now deploy their .NET applications in just a few easy steps from the .NET CLI.  

 

AWS Identity and Access Management (IAM) Access Analyzer makes it easier to implement least privilege permissions by analyzing resource policies to provide provable security and help you identify unintended public or cross-account access. A recent update allows you to validate public and cross-account access before deploying permissions changes. Now, we are extending policy validation in IAM Access Analyzer by adding over 100 policy checks with actionable recommendations. These checks use static analysis to help you proactively validate your permission policies during policy authoring to set secure and functional permissions. The checks include functional validation like developers might expect from a linter, and go beyond that to evaluate best practices in granting access. These checks analyze your policy and report security warnings, errors, general warnings, and suggestions based on their impact. They provide actionable recommendations that guide you to set secure and functional permissions. For example, IAM Access Analyzer reports a security warning when your policy grants access to pass any role to any service, which is overly permissive. The security warning includes a recommendation that you scope down the permissions to pass specific role(s) instead.

Amazon RDS Proxy now lets you create additional endpoints each with their own VPC settings, enabling access to your Aurora or RDS databases from applications in a different VPC.

Amazon RDS Proxy now lets you create an additional read-only endpoint to connect your application to Amazon Aurora Replicas. In some cases, RDS Proxy helps improve application scalability, resiliency, and security. These benefits can extend to your Aurora Replicas when connected through the RDS Proxy. 

 

AWS IoT SiteWise is a managed service that makes it easy to collect, store, organize and monitor data from industrial equipment at scale to help you make better, data-driven decisions.

Amazon SageMaker now supports deploying multiple containers on real-time endpoints for low latency inferences and invoking them independently for each request. This new capability enables you to run up to five different machine learning (ML) models and frameworks on a single endpoint and save up to 80% in costs. This option is ideal when you have multiple ML models with similar resource needs and when individual models don't have sufficient traffic to utilize the full capacity of the endpoint instances. For example, if you have a set of ML models that are invoked infrequently or at different times, or if you have dev/test endpoints.

Amazon Corretto 16 is now generally available. This version supports the latest Java feature release JDK 16 and is available on Linux, Windows, and macOS. You can download Corretto 16 from the AWS GitHub Releases .

 

Starting today, the next generation of memory optimized Amazon EC2 X2gd instances are available. These instances are built on the AWS Nitro System and are powered by AWS-designed, Arm-based AWS Graviton2 processors. They deliver up to 55% better price performance compared to current generation x86-based X1 instances and provide high memory per vCPU at the lowest cost per GiB of memory in Amazon EC2.

The higher performance and additional memory of X2gd instances enable customers to run memory-intensive workloads such as in-memory databases (Redis, Memcached), relational databases (MySQL, PostGreSQL), electronic design automation (EDA) workloads, real-time analytics, and real-time caching servers.

AWS customers running containerized workloads can also use X2gd instances to optimize their infrastructure by consolidating more containers on a single instance. X2gd instances also feature local NVMe-based SSD storage for applications that need high speed, low latency access to data.

 

 

Amazon S3 is reducing the cost to move data to Amazon S3 Glacier by lowering PUT and Lifecycle request charges by 40% for all AWS Regions. You can use the S3 PUT API to directly store compliance and backup data in S3 Glacier that does not require immediate access. You can also use S3 Lifecycle  policies to move data from S3 Standard, S3 Standard-Infrequent Access, or S3 One Zone-Infrequent Access to S3 Glacier to save on storage costs when data becomes rarely accessed.

AWS Cost Anomaly Detection now supports provisioning cost monitors and alert subscriptions via AWS CloudFormation templates . You can now set up Cost Anomaly Detection via JSON or YAML commands, enabling quick, consistent, and scalable configurations across AWS accounts.

Amazon WorkSpaces bundle management APIs are now available for customers to perform WorkSpaces bundle operations via command-line interface (CLI). The new set of APIs supports creation, deletion, and image association operations for WorkSpaces bundles. These APIs are intended for use by WorkSpaces administrators who want to automate WorkSpaces management workflows.

 

AWS Config now supports three new AWS Config managed rules to help you verify that your secrets in AWS Secrets Manager are configured in accordance with your organization’s security and compliance requirements. AWS Config records and evaluates configurations of your AWS resources. AWS Config managed rules are predefined rules that AWS Config uses to evaluate whether your AWS resource configurations comply with common best practices. AWS Secrets Manager helps easily rotate, manage, and retrieve database credentials, API keys, and other secrets through their lifecycle.

Amazon Elastic Container Service (Amazon ECS) introduces Amazon ECS Exec - a simple, secure, and auditable way for customers to execute commands in a container running on Amazon Elastic Compute Cloud (Amazon EC2) instances or AWS Fargate. ECS Exec gives you interactive shell or single command access to a running container making it easier to debug issues, diagnose errors, collect one-off dumps and statistics, and interact with processes in the container.

 

 

 

New digital course: AWS Cloud Technical Essentials

Four new AWS digital training offerings for AWS End User Computing