In Cloud Computing This Week [May 13th 2022]

AWS Single Sign-On (AWS SSO) now supports centralized administration and API access from an AWS Organizations delegated administrator account for all member accounts in your organization. This means you can designate an account in your organization that can be used to centrally administer all member accounts. With delegated administration, you can adhere to best practices by reducing the need to use your management account.

AWS SSO is where you create, or connect, your workforce identities in AWS once and manage access centrally across your AWS organization. After enabling AWS SSO in your management account, you can designate a member account from the AWS SSO console. Administrators can sign in to the delegated member account to assign users and groups to applications and to your organization's member accounts. No additional set-up is required within the organization’s individual member accounts.

Amazon CloudWatch Synthetics now supports deletion of underlying canary resources along with the canary deletion. When you delete a canary you can choose whether to also delete related resources created by the canary, thus making canary resources management easier and efficient. Synthetics canaries that run on a defined frequency to monitor the health and performance of your endpoints and APIs creates these resources as part of canary creation step.

CloudWatch Synthetics helps you to discover issues before your customers do, by checking for page load errors, load latencies for user interfaces (UI), and broken links or UI navigation flows in your applications. With CloudWatch Synthetics, you can isolate issues and map them back to your underlying infrastructure. You can also use CloudWatch Synthetics to easily monitor internal endpoints in addition to public-facing endpoints.

AWS Lambda now supports Node.js 16 as both a managed runtime and a container base image. Developers creating serverless applications in Lambda with Node.js 16 can take advantage of new features such as support for Apple silicon for local development, the timers promises API, and enhanced performance. For more information on Lambda’s support for Node.js 16, see our blog post at Node.js 16.x runtime now available in AWS Lambda.

To deploy Lambda functions using Node.js 16, upload the code through the Lambda console and select the Node.js 16 runtime. You can also use the AWS CLI, AWS Serverless Application Model (AWS SAM) and AWS CloudFormation to deploy and manage serverless applications written in Node.js 16. Additionally, you can also use the AWS-provided Node.js 16 base image to build and deploy Node.js 16 functions using a container image. To migrate existing Lambda functions running earlier Node versions, review your code for compatibility with Node.js 16 and then update the function runtime to Node.js 16.

Amazon Virtual Private Cloud (Amazon VPC) Traffic Mirroring now supports sending mirrored traffic to monitoring appliances behind a Gateway Load Balancer. This feature enables Amazon VPC Traffic Mirroring customers to centralize the out-of-band monitoring and inspection of network traffic across AWS accounts and VPCs.

Amazon VPC Traffic Mirroring allows customers to replicate network traffic from an EC2 instance and forward it to security and monitoring appliances for use cases such as content inspection, threat monitoring, and troubleshooting. Until now, customers could send mirrored traffic to monitoring appliances either directly using an Elastic Network Interface or through a Network Load Balancer. With this new capability, customers can forward mirrored traffic from their subnet, VPC, or account to the Gateway Load Balancer backed monitoring appliances via Gateway Load Balancer Endpoints deployed in the subnets containing their workloads. This helps simplify the monitoring of network traffic across AWS accounts and VPCs in a highly scalable and operationally efficient manner by removing routing complexity and operational overhead.

You can now connect over IPv6 to your services hosted in AWS using AWS PrivateLink. AWS PrivateLink is a highly available, scalable technology that enables you to privately connect your VPC to supported AWS services, services hosted by other AWS accounts (VPC Endpoint Services), third-party SaaS services and supported AWS Marketplace partner services.

With this launch, you can now easily enable IPv6 access to your existing IPv4-based or IPv6-based services via AWS PrivateLink by updating flags in your VPC Endpoint Service and Network Load Balancer (NLB) configurations. If you are a PrivateLink Endpoint owner, you can now access IPv6-enabled PrivateLink services by upgrading your existing IPv4-based endpoints to dual-stack or creating new PrivateLink endpoints in IPv6-only subnets.

This week, Amazon Web Services announced the general availability of two new security and compatibility features, NitroTPM, a Trusted Platform Module (TPM) 2.0 and Unified Extensible Firmware Interface (UEFI) Secure Boot in Amazon EC2. These features make it possible for customers to use TPM-dependent applications in their EC2 instances.

NitroTPM conforms to the TPM 2.0 specification, making it easier to migrate existing on-premises workloads that use TPM functionalities to EC2. A TPM is a security device that allows you to gather and attest system state, store and generate cryptographic data, and prove platform identity. Using the AWS Nitro System, the NitroTPM allows EC2 instances to generate, store, and use keys without having access to them. NitroTPM can also attest to the integrity of customers' instances by providing cryptographic proof via attestation mechanisms.

UEFI Secure Boot builds on EC2's existing secure boot process and provides additional defense-in-depth that helps customers secure software from threats that persist across reboots. It helps ensure that your EC2 instances run authentic software by verifying the digital signature of all boot components, and halts the boot process if signature verification fails.

Amazon FSx for NetApp ONTAP is now SAP-certified for workloads including S/4HANA, Business Suite on HANA, BW/4HANA, Business Warehouse on HANA, and Data Mart Solutions on HANA.

Amazon FSx for NetApp ONTAP is a fully managed shared storage service built on NetApp’s popular ONTAP file system. Customers commonly use ONTAP as a storage solution for SAP HANA because of its data management features, such as snapshots, clones, and SnapMirror replication. Starting today, you can use Amazon FSx for NetApp ONTAP to simplify and accelerate your SAP HANA deployments in AWS. For example, with Amazon FSx for NetApp ONTAP, you can easily create application-consistent snapshots and space-efficient clones of your databases in seconds, allowing you to create savepoints during an SAP HANA system upgrade or rollback, or refresh your development and test systems, without needing to manually copy your data. With Amazon FSx for NetApp ONTAP’s support for SnapMirror replication, you can also quickly and easily migrate your SAP HANA workloads from on premises to AWS, and you can configure automatic replication of your database across AWS Regions for additional data resiliency.

This week, AWS announced the Developer Preview of the Amplify Android library that has been rewritten for Kotlin. This initial release enables Android developers to add cloud-based app features, including Auth, Storage, DataStore, and APIs for their Kotlin-based Android projects. Developers will benefit from Kotlin-based language features like coroutines.

This release also includes re-architected Auth (sign-up/sign-in), now completely written in Kotlin, which provides better debuggabilty and visibility into underlying state management. Finally, we have layered the new library on the new AWS SDK for Kotlin that was released as Developer Preview last year. This allows developers to use Amplify’s use case-centric APIs—like Auth and DataStore—and access the AWS SDK for Kotlin for a breadth of AWS service APIs.

Amazon Elastic File System (Amazon EFS) has increased the maximum number of file locks per NFS mount, enabling customers to use the service for a broader set of workloads that leverage high volumes of simultaneous locks, including message brokers and distributed analytics applications.

Amazon EFS is a serverless, fully elastic file system that makes it easy to set up, scale, and cost-optimize file storage in the AWS Cloud. It can be accessed from any AWS compute service (including Amazon EC2, Amazon EKS, Amazon ECS, and AWS Lambda), and it supports access from up to tens of thousands of compute instances, containers, and function invocations at the same time. Applications spanning multiple compute resources commonly use NFS file locks to manage concurrent updates to individual files. This Amazon EFS update increases the number of simultaneous file locks an NFS mount can acquire to 65,536 (from 8,192 previously), enabling Amazon EFS to be used for a broader set of applications that heavily leverage file locking (including message broker and distributed analytics applications).

You can now use Amazon Athena to query views stored in your self-managed Apache Hive metastores. Hive views are defined using the Hive Query Language (HiveQL) which is not fully compatible with Athena's standard SQL. With this new capability, Athena automatically handles HiveQL syntax differences so you can query Hive views without changing your view definitions or maintaining a complex translation layer. 

A view is a logical table created using the results of a query that executes against a physical table each time the view is referenced. Views are commonly used to focus, simplify, and optimize access to underlying data. They can provide users with an isolated subset of curated data, combine disparate tables with optimized JOIN operations, or hide the complexities of data partitioning. With Athena’s new Hive views support, you can bring these same benefits and use cases that you’ve developed for your Hadoop users directly to your Athena users. Views can be listed and examined from the Athena console to provide your analysts with a more complete picture of your Hive metastore. Views can be queried using the Athena drivers, API, or console and are available in all supported regions.

AWS GameKit is now extended to support Android, iOS, and macOS games developed with Unreal Engine. AWS GameKit, launched on March 23, 2022, gives game developers a powerful tool set to quickly and easily build AWS powered game features directly from the Unreal Editor. With today's update, the AWS GameKit plugin for Unreal Engine now supports developers who are building games for Win 64, Android, iOS, and macOS.

Game developers can use the AWS GameKit plugin for Unreal Engine to integrate the following cloud-based game features: Identity and Authentication, Achievements, Game State Cloud Saving, and User Gameplay Data. AWS GameKit includes complete solution for each game feature and an architecture design based on the AWS Well-Architected Framework. Each feature comes with an AWS CloudFormation template for the backend architecture, plugin controls to manage the backend from the Unreal Editor, and sample C++ code and Blueprint assets to help you integrate the feature into your game. AWS CloudFormation templates provision all of the AWS resources needed to power each game feature and can be set up with just a few clicks and no prior experience with AWS tools and services. After the game backend is configured, simply add cloud-based feature functionality to the game client by calling the AWS GameKit API.

New upgrades are now available for AWS customers using Amazon SageMaker Notebook Instances, including the availability of the ml.g5 GPU instance family, and Python 3.8 support.

Amazon SageMaker customers can now select ml.g5 instances powered by NVIDIA A10G Tensor Core GPUs, when creating an Amazon SageMaker Notebook Instance using the Amazon Linux 2 (AL2) operating system. ml.g5 instances feature up to 8 NVIDIA A10G Tensor Core GPUs and 2nd generation AMD EPYC processors. They also support up to 192 vCPUs, up to 100 Gbps of network bandwidth, and up to 7.6 TB of local NVMe SSD storage. Customers can choose the most appropriate instance size from eight options, offering between one and eight GPUs. To read more about ml.g5 instances, visit the AWS news blog or visit the G5 instance page to learn more.

This week, AWS announced the availability of AWS X-Ray in the AWS Asia Pacific (Jakarta) Region. X-Ray helps developers analyze and debug distributed production applications, such as those built using a microservices architecture. With X-Ray, you can understand how your application and its underlying services are performing to identify and troubleshoot the root cause of performance issues and errors.

You can start collecting traces from your applications in a few steps using the AWS X-Ray console, from the AWS CLI or SDK.

AWS IoT SiteWise now supports batch data retrieval from multiple asset properties with the launch of three new APIs that allow you to retrieve current values (BatchGetAssetPropertyValue), historical values (BatchGetAssetPropertyValueHistory), and aggregated values (BatchGetAssetPropertyAggregates) from AWS IoT SiteWise in a single API request.

The new APIs will help developers when creating industrial applications that need to retrieve data from multiple sensors. To use the new BatchGet APIs, you will need to include in your API request a list of asset property entries with parameters of the data to be retrieved, such as assetID, propertyID, time range, and aggregate type. The APIs will then return data points from all the asset properties that meet your specified API parameters.

Customers can use the BatchGet APIs for a number of use cases including retrieving property data for hundreds of asset in order to create dashboards showing historical trends from multiple machines in a single screen, exporting data from multiple sensors to be used in analytics applications, or retrieving the latest values from all sensors of the same machine in a single API request.

Amazon EC2 now emits notifications to Amazon CloudWatch Events for a variety of Amazon Machine Image (AMI) actions such as creation, registration and de-registration. With CloudWatch Events (CWE), you can establish rules that initiate programmatic actions in response to these changes.

This feature delivers a near real-time stream of AMI system events and enables push notifications. Customers can use CloudWatch Events to initiate actions for intended next steps after AMI actions, such as updating their AMI inventory, sharing the AMI, making copies or launching instances using the AMI. Using rules, these events can be routed to various targets including AWS Lambda functions, Amazon SNS topics, Amazon SQS queues, Amazon Kinesis streams, and other built-in targets.

AWS Step Functions now provides a new console experience for viewing and debugging your workflow executions that makes it easier to search, filter, and root cause issues in your executions.

AWS Step Functions is a low-code, visual workflow service that can be used to connect over 220 AWS services and 10,000 API actions to build applications using workflows. AWS Step Functions stores a detailed history for every execution so that you can view the path of execution, audit each transaction, and debug failures. 

Now, Step Functions makes it easier to navigate through the details of your workflow executions in the AWS Console to identify issues, dive deeper into the context of a failure, and visually present information in a way that makes sense for you. You can select from three different views for your workflow execution including a navigable workflow graph, a state transition table, and a revamped events table. You can search and filter based on unique attributes such as state name and error type. Errors are now easier to root cause as the experience highlights the reason for failure in a workflow execution and you can reverse sort the execution history to see the events that led to a failure. Customers use map state to optimize the performance and efficiency of their workflows as a set of steps are run for each element of an input array. Now, you can easily navigate through each map iteration to identify its status and any errors.

Eventarc for Google Kubernetes Engine (GKE) is now available in Preview.