Issue #45 | 7 November – 13 November 2022

▪️ Amazon Time Sync public NTP service | guide
▪️ AppConfig achieves FedRAMP High Authority To Operate
▪️ Athena Query Result Reuse to accelerate queries
▪️ Aurora logical replication cache
▪️ Aurora Serverless v2 is now available in 20 regions
▪️ Backup VMware to EC2 workloads restore
▪️ Billing Conductor recurring custom line items
▪️ Certificate Manager ECDSA P-256 TLS certificates support
▪️ CloudTrail delegated administrator account
▪️ CloudTrail Lake Customer Managed KMS Keys (CMK) encryption
▪️ CloudWatch Logs export to SSE-KMS encrypted S3 buckets
▪️ Config 14 new resource types
▪️ EC2
| attribute-based instance type selection for ASG, EC2 Fleet, and Spot Fleet
| macOS Ventura support
| placement groups cross-account sharing
| price and capacity optimized allocation strategy for Spot Instances
▪️ ECS task scale-in protection | blog
▪️ ElastiCache IPv6 support | Redis 7 support
▪️ EventBridge New Scheduler | new
▪️ Firewall Manager import existing Network Firewall resources
▪️ Ground Station Customer Provided Ephemeris | in preview
▪️ IoT Device Defender audit check of revoked intermediate CA
▪️ Kendra is now FedRAMP High Compliant
▪️ Keyspaces Murmur3Partioner support
▪️ Lambda new Telemetry API | blog
▪️ Lightsail domain registration and DNS autoconfiguration
▪️ OpenSearch Service cross-VPC connectivity with PrivateLink
▪️ Polly Swedish, Norwegian and Finnish | VPC Support | GA
▪️ Private 5G multiple radio-units support
▪️ QuickSight send SPICE consumption metrics to CloudWatch
▪️ RDS for SQL Access to Transaction Log Backups
▪️ RDS new GP3 storage volumes support: no multi-az
▪️ Resource Explorer resource search and discovery service | GA
▪️ SageMaker Canvas
| correlation matrices for advanced data analysis
| customer managed keys for time series forecast models
| Stable Diffusion and Bloom models
| TensorFlow Text Classification algorithms
▪️ Secrets Manager API RPS limit increase
▪️ Security Hub CIS Benchmark 1.4.0
▪️ SNS subscription filter policies quota increase by 50x
▪️ VPC IPv6 Subnet default GR now supports multiple addresses
▪️ Wavelength Zone in Manchester
▪️ Well-Architected Tool speed up reviews with workload discovery
▪️ WorkSpaces WSP protocol API

Хорошие комментарии от Андрея Девяткина по AWS Startup Security Baseline:

https://fivexl.io/blog/fivexl-reaction/

Особенно солидарен по пункту Enforce a password policy, ведь IAM users в идеале быть не должно вообще, потому этот пункту заведомо ущербный.

📓 AWS Prescriptive Guidance — AWS Startup Security Baseline (AWS SSB)

#security

​​🆕 AWS SAM CLI Terraform support: 👍

https://docs.aws.amazon.com/serverless-application-model/latest/developerguide/terraform-support.html

# Using sam build with Terraform
sam build --hook-name terraform --beta-features
# Using sam local invoke with Terraform
sam local invoke --hook-name terraform --beta-features
# Using sam local start-lambda with Terraform
sam local start-lambda --hook-name terraform --beta-features

#SAM #Terraform

​​Kubernetes 1.24 для EKS и EKS Distro

https://aws.amazon.com/blogs/containers/amazon-eks-now-supports-kubernetes-version-1-24/

Спустя официального релиза 1.24 прошло меньше 6 месяцев, то есть задержка поддержки очередной версии сократилась, что радует. Сделанный в прошлый раз прогноз на эту версию был не самым точным — ошибся больше, чем на две недели.

https://docs.aws.amazon.com/eks/latest/userguide/kubernetes-versions.html#kubernetes-1.24

Отставание по версиям по-прежнему не радует, т.к. почти три месяца назад вышла версия 1.25. 😐 В качестве прогноза этой версии на AWS поставлю на 15 апреля 2023 года.

Отдельно стоит отметить, что 1 ноября закончилась поддержка версии EKS 1.20, а окончание поддержки версии 1.21 будет уже этой зимой — 15 февраля.

#EKS

Новый AWS Region — Испания: 🎉

https://aws.amazon.com/blogs/aws/now-open-aws-region-in-spain/

Восьмой (!!) на текущий момент в Европе, идентификатор eu-south-2. Как и в подавляющем большинстве других регионов, имеет 3 AZ.

Итого на теперь всего — 29 регионов.

#AWS_Regions

​​OpenSearch — не только AWS, но и Яндекс.Облако!

https://cloud.yandex.ru/services/managed-opensearch

OpenSearch — хороший продукт, это не просто клон ElasticSearch, у OpenSearch есть собственные крутые фичи и появление managed решения у Яндекс это лишь подтверждает. В любом случае, конкуренция — это хорошо. 😀

#OpenSearch #Yandex

Не изобретайте велосипед — просто используйте контейнеры и запускайте проект!

#курсы #devops #пятничное

В сегодняшнем выпуске подкаста Software Serverless Consultant и AWS Community Builder Игорь Сорока рассказал о роли консультанта в проекте. Может ли проект, построенный на AWS Lambda, быть монолитом с легаси? Конечно, может! Можно ли избежать ошибок в работе с Lambda в самом начале разработки? Конечно, можно, и Игорь поделился с нами самыми распространенными ошибками и вариантами их обхода.

Почему использование VPC для Lambda может увеличить холодный старт? Как его уменьшить? Какие еще могут быть нюансы работы с serverless в AWS? Так много вопросов и пока там мало ответов:) Заканчиваем читать пост и включаем подкаст

#podcast
Послушать можно тут:
- Apple Podcasts
- Google Podcasts
- Spotify
- PodBean
- YandexMusic

#машины_aws

Теперь, когда у нас есть AWS SDK для SAP ABAP, какой язык будет следующим?

Ставлю на COBOL.

🆕 Lambda + Node.js 18.x: 🎉

https://aws.amazon.com/blogs/compute/node-js-18-x-runtime-now-available-in-aws-lambda/

🔹 Node.js 18 is now supported by Lambda. When building your Lambda functions using the zip archive packaging style, use a runtime parameter value of nodejs18.x to get started building with Node.js 18.
🔸 For existing Node.js functions, review your code for compatibility with Node.js 18, including deprecations, then migrate to the new runtime by changing the function’s runtime configuration to nodejs18.x.

#Lambda

​​Создание AWS аккаунтов через CloudFormation: 🎉

https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/AWS_Organizations.html

Не прошло и... эээ... 6... Что ж, лучше поздно, чем никогда.

Type: AWS::Organizations::Account
Properties:
AccountName: String
Email: String
ParentIds:
- String
RoleName: String
Tags:
- Tag

⚠️ Important
▪️ If you include multiple accounts in a single template, you must use the DependsOn attribute on each account resource type so that the accounts are created sequentially. If you create multiple accounts at the same time, Organizations returns an error and the stack operation fails.
▪️ You can't modify the following list of Account resource parameters using CloudFormation updates.
▫️ AccountName
▫️ Email
▫️ RoleName

#CloudFormation #Organizations

​​The Security Design of the AWS Nitro System

https://docs.aws.amazon.com/whitepapers/latest/security-design-of-aws-nitro-system/the-nitro-system-journey.html

The AWS Nitro System is a combination of purpose-built server designs, data processors, system management components, and specialized firmware which provide the underlying platform for all Amazon EC2 instances launched since the beginning of 2018.

Three key components of the Nitro System achieve these goals:
◻️ Purpose-built Nitro Cards — Hardware devices designed by AWS that provide overall system control and input/output (I/O) virtualization independent of the main system board with its CPUs and memory.
◻️ The Nitro Security Chip — Enables a secure boot process for the overall system based on a hardware root of trust, the ability to offer bare metal instances, as well as defense in depth that offers protection to the server from unauthorized modification of system firmware.
◻️ The Nitro Hypervisor — A deliberately minimized and firmware-like hypervisor designed to provide strong resource isolation, and performance that is nearly indistinguishable from a bare metal server.

This paper provides a high-level introduction to virtualization and the fundamental architectural change introduced by the Nitro System.

#Nitro #security

​​AWS Container Day — KubeCon, October 25, 2022:

https://www.youtube.com/playlist?list=PLehXSATXjcQFD6ZUH4o0hwoH6gmGHvqQe

1️⃣ Keynote
2️⃣ Behind the curtain - How AWS operates Kubernetes workloads at cloud scale
3️⃣ Reduce your pager pain: How to design for failure
4️⃣ Well architected and secure Kubernetes manifests with cdk8s
5️⃣ Cut your cluster costs - How to monitor and reduce your compute costs
6️⃣ EKS keynote
7️⃣ EKS everywhere - Demystifying EKS deployment options
8️⃣ Multi-cluster management
9️⃣ Running compute-intensive, high-scale batch workloads on EKS
🔟 Building an incident response plan for your Amazon EKS workloads

#Kubernetes #EKS #video

Issue #46 | 14 November – 20 November 2022
🔖 Part #1

▪️ Amplify Flutter Web and Desktop support for API, Analytics, Storage | Preview
▪️ Amplify In-app messaging notifications for React and React Native | GA
▪️ AppFlow Glue Data Catalog integration
▪️ Application Load Balancers turning off cross zone load balancing per target group
▪️ AppSync JavaScript support for GraphQL API resolvers
▪️ Athena
| Apache Iceberg table operations and file format support
| IBM Db2 connector
| Lake Formation fine-grained access control
▪️ Audit Manager search-based filtering and grouping
▪️ AWS re:Post community leaderboard
▪️ AWS SDK SAP ABAP | Preview
▪️ Billing Conductor billing entity pricing rules
▪️ Catalog API Tag-Based Authorization of resources
▪️ Chatbot command aliases
▪️ Chime SDK Alexa skill calling | new console experience
▪️ CloudFormation AWS Organization resource management
▪️ CloudFormation StackSets event notifications via EventBridge
▪️ CloudFront JA3 fingerprint headers
▪️ CloudWatch Application Insights SAP NetWeaver apps
▪️ CloudWatch RUM custom events
▪️ Connect
| multiple search terms through the profile search API
| manage saved reports
| monitoring live contacts API
▪️ Console Home new Applications widget
▪️ Contact Lens real-time email notifications
▪️ Database Migration Service IPv6 support
▪️ EC2
| Controllers for Kubernetes (ACK) is GA
| increases size limit for AMI store and restore operations 1TB->5TB
| preserve customer created tags during image copy
▪️ ECS/EKS centralized logging support for Windows containers
▪️ EKS Blueprints App2Container Support
▪️ EKS/EKS Distro Kubernetes version 1.24
▪️ ElastiCache
| IAM Authentication for Redis clusters
| simplifies password rotations with Secrets Manager
▪️ Elemental MediaConnect high-fidelity color workloads
▪️ EMR on EKS Controllers for Kubernetes (ACK) controller | GA
▪️ EventBridge enhanced filtering capabilities
▪️ Fargate storage utilization monitoring
▪️ FinSpace
| access data from other AWS Analytics Services
| connections to customer networks
▪️ Forecast predictions for products with no historical data
▪️ HealthLake enhanced analytics feature
▪️ IAM multiple MFA devices
▪️ Incident Manager
| incident coordination
| PagerDuty
▪️ Interactive Video Service Stream Chat logging
▪️ IoT Device Defender Security Hub integration

Issue #46 | 14 November – 20 November 2022
🔖 Part #2

▪️ IoT Device Management
| browser-based SSH via Secure Tunneling
| up to 12 query terms for more granular search and monitoring
▪️ IoT ExpressLink Technical Specification v1.1 released
▪️ IoT TwinMaker
| Athena data connector
| camera view and sub-model selection
| Knowledge Graph | GA
▪️ Lake Formation cross-account sharing to direct IAM principals
▪️ Lambda
| native AOT tooling support for .NET apps
| Node.js 18 support
▪️ Lex DTMF slot settings
▪️ Managed Service for Prometheus 200M active metrics per workspace
▪️ Managed Workflow
| container, queue, and database metrics
| Apache Airflow (MWAA) is now HIPAA eligible
▪️ MemoryDB for Redis is now System and Organization Controls (SOC) compliant
▪️ Microservice Extractor for .NET
| AI-powered automated refactoring recommendations
| Web Forms, WCF to .NET on Linux
▪️ Migration Hub
| Refactor Spaces is now integrated with CloudHedge OmniDeq
| Refactor Spaces now automatically handles DNS changes
▪️ NAT Gateway select Private IP for Network Address Translation
▪️ Nitro System now supports previous generation of instances
▪️ OpenSearch Service OpenSearch version 2.3
▪️ Personalize measure the recommendations impact
▪️ Polly Polish and Arabic TTS
▪️ Pricing Calculator modernization cost estimates for Microsoft workloads
▪️ Proton
| CDK through CodeBuild provisioning
| launches dashboard
▪️ QuickSight
| launches Textbox
| line and marker customization options for line charts
| Small Multiples for line, bar and pie charts
▪️ RDS Custom for Oracle Oracle Multitenant
▪️ RDS events now include attributes for filtering with SNS
| RDS for Oracle EFS integration
| RDS for SQL Server Cross Region Read Replica
| RDS for SQL Server linked server to Oracle
▪️ Redshift
| CONNECT BY SQL construct
| concurrency scaling for write workloads | GA
▪️ Resilience Hub integration with SNS & Trusted Advisor
▪️ S3 ACLs usage (at the request-level) coming to S3 server access logs and CloudTrail
▪️ S3 Glacier 10x restore throughput when retrieving large data volumes
▪️ S3 Storage Lens organization-wide visibility with 34 new metrics
▪️ SageMaker Autopilot SageMaker Studio batch inference
▪️ SageMaker JumpStart AlexaTM 20B model
▪️ SAM CLI Terraform support for Lambda local testing and debugging