Issue #46 | 14 November – 20 November 2022
🔖 Part #1

▪️ Amplify Flutter Web and Desktop support for API, Analytics, Storage | Preview
▪️ Amplify In-app messaging notifications for React and React Native | GA
▪️ AppFlow Glue Data Catalog integration
▪️ Application Load Balancers turning off cross zone load balancing per target group
▪️ AppSync JavaScript support for GraphQL API resolvers
▪️ Athena
| Apache Iceberg table operations and file format support
| IBM Db2 connector
| Lake Formation fine-grained access control
▪️ Audit Manager search-based filtering and grouping
▪️ AWS re:Post community leaderboard
▪️ AWS SDK SAP ABAP | Preview
▪️ Billing Conductor billing entity pricing rules
▪️ Catalog API Tag-Based Authorization of resources
▪️ Chatbot command aliases
▪️ Chime SDK Alexa skill calling | new console experience
▪️ CloudFormation AWS Organization resource management
▪️ CloudFormation StackSets event notifications via EventBridge
▪️ CloudFront JA3 fingerprint headers
▪️ CloudWatch Application Insights SAP NetWeaver apps
▪️ CloudWatch RUM custom events
▪️ Connect
| multiple search terms through the profile search API
| manage saved reports
| monitoring live contacts API
▪️ Console Home new Applications widget
▪️ Contact Lens real-time email notifications
▪️ Database Migration Service IPv6 support
▪️ EC2
| Controllers for Kubernetes (ACK) is GA
| increases size limit for AMI store and restore operations 1TB->5TB
| preserve customer created tags during image copy
▪️ ECS/EKS centralized logging support for Windows containers
▪️ EKS Blueprints App2Container Support
▪️ EKS/EKS Distro Kubernetes version 1.24
▪️ ElastiCache
| IAM Authentication for Redis clusters
| simplifies password rotations with Secrets Manager
▪️ Elemental MediaConnect high-fidelity color workloads
▪️ EMR on EKS Controllers for Kubernetes (ACK) controller | GA
▪️ EventBridge enhanced filtering capabilities
▪️ Fargate storage utilization monitoring
▪️ FinSpace
| access data from other AWS Analytics Services
| connections to customer networks
▪️ Forecast predictions for products with no historical data
▪️ HealthLake enhanced analytics feature
▪️ IAM multiple MFA devices
▪️ Incident Manager
| incident coordination
| PagerDuty
▪️ Interactive Video Service Stream Chat logging
▪️ IoT Device Defender Security Hub integration

Issue #46 | 14 November – 20 November 2022
🔖 Part #2

▪️ IoT Device Management
| browser-based SSH via Secure Tunneling
| up to 12 query terms for more granular search and monitoring
▪️ IoT ExpressLink Technical Specification v1.1 released
▪️ IoT TwinMaker
| Athena data connector
| camera view and sub-model selection
| Knowledge Graph | GA
▪️ Lake Formation cross-account sharing to direct IAM principals
▪️ Lambda
| native AOT tooling support for .NET apps
| Node.js 18 support
▪️ Lex DTMF slot settings
▪️ Managed Service for Prometheus 200M active metrics per workspace
▪️ Managed Workflow
| container, queue, and database metrics
| Apache Airflow (MWAA) is now HIPAA eligible
▪️ MemoryDB for Redis is now System and Organization Controls (SOC) compliant
▪️ Microservice Extractor for .NET
| AI-powered automated refactoring recommendations
| Web Forms, WCF to .NET on Linux
▪️ Migration Hub
| Refactor Spaces is now integrated with CloudHedge OmniDeq
| Refactor Spaces now automatically handles DNS changes
▪️ NAT Gateway select Private IP for Network Address Translation
▪️ Nitro System now supports previous generation of instances
▪️ OpenSearch Service OpenSearch version 2.3
▪️ Personalize measure the recommendations impact
▪️ Polly Polish and Arabic TTS
▪️ Pricing Calculator modernization cost estimates for Microsoft workloads
▪️ Proton
| CDK through CodeBuild provisioning
| launches dashboard
▪️ QuickSight
| launches Textbox
| line and marker customization options for line charts
| Small Multiples for line, bar and pie charts
▪️ RDS Custom for Oracle Oracle Multitenant
▪️ RDS events now include attributes for filtering with SNS
| RDS for Oracle EFS integration
| RDS for SQL Server Cross Region Read Replica
| RDS for SQL Server linked server to Oracle
▪️ Redshift
| CONNECT BY SQL construct
| concurrency scaling for write workloads | GA
▪️ Resilience Hub integration with SNS & Trusted Advisor
▪️ S3 ACLs usage (at the request-level) coming to S3 server access logs and CloudTrail
▪️ S3 Glacier 10x restore throughput when retrieving large data volumes
▪️ S3 Storage Lens organization-wide visibility with 34 new metrics
▪️ SageMaker Autopilot SageMaker Studio batch inference
▪️ SageMaker JumpStart AlexaTM 20B model
▪️ SAM CLI Terraform support for Lambda local testing and debugging

Issue #46 | 14 November – 20 November 2022
🔖 Part #3

▪️ Service Catalog
| AppRegistry support for automatic associations based on tags
| sharing of principal names
▪️ Service Management Connector
| Incident Manager with JSMC Incidents
| provisioning Service Catalog products in JSMC
| Security Hub bidirectional integration JSMC
▪️ SQS attribute-based access control
▪️ Step Functions simplify cross-account access
▪️ Systems Manager OpsCenter managing OpsItems across accounts
▪️ Transcribe Thai and Hindi languages for streaming audio
▪️ Transfer Family Drummond Group AS 2 Pre-Certification
▪️ Translate Tagging Support for Parallel Data and Custom Terminology
▪️ Trusted Advisor Resilience Hub new checks
▪️ WorkDocs Delete Previous Versions
▪️ WorkSpaces
| certificate-based authentication
| Integration with SAML 2.0 | GA
| Multi-Region Resilience
| WorkSpaces Streaming Protocol 2.0
| Zoom Meeting Media Plugin for Windows | GA

Новый AWS Region — Хайдерабад, Индия: 🎉

https://aws.amazon.com/blogs/aws/now-open-the-30th-aws-region-asia-pacific-hyderabad-region-in-india/

Девятый на текущий момент в регионе Asia Pacific, идентификатор ap-south-2. Как и в подавляющем большинстве других регионов, имеет 3 AZ.

✅ Итого на теперь всего — 30 регионов.

#AWS_Regions

На правах самопиара. Начал новую серию блогов.
https://neurons-lab.com/blog/aws-ai-to-advance-business-part-one/

​​🍎 Open source client for container development — Finch:

https://aws.amazon.com/blogs/opensource/introducing-finch-an-open-source-client-for-container-development/

At launch, Finch is a new project in its early days with basic functionality, initially only supporting macOS (on all Mac CPU architectures). Once you have installed Finch from the project repository, you can get started building and running containers.
The core Finch client will always be a curated distribution composed entirely of open source, vendor-neutral projects.

#containers #delopment

Уже меньше недели осталось до re:Invent 2022! В течение недели будет длиться одна из самых больших cloud конференций в мире и это самая горячая пора анонсов в AWS! Совместно с командой архитекторов мы проведем 3 стрима после каждого большого keynote.

- Часть 1 – Обзор анонсов от Adam Selipsky (CEO of Amazon Web Services). Ссылка на стрим https://www.youtube.com/watch?v=dZyDPAZZ_CY
- Часть 2 – Обзор анонсов от Swami Sivasubramanian (Vice President of AWS Data and Machine Learning). Ссылка на стрим: https://www.youtube.com/watch?v=cbxNxHIkd8M
- Часть 3 – Обзор анонсов от, Dr. Werner Vogels (Amazon.com Vice President and Chief Technology Officer). Ссылка на стрим: https://www.youtube.com/watch?v=pNL_uvH_BFU

Будем рады ответить на ваши вопросы во время трансляции, а также совместно обсудить все новинки
#reinvent2022. Также вы можете самостоятельно посмотреть многие сессии онлайн

​​📓 AWS Fault Isolation Boundaries:

https://docs.aws.amazon.com/whitepapers/latest/aws-fault-isolation-boundaries/abstract-and-introduction.html

Очень полезный для понимания работы AWS на глобальном уровне документ. Важный при проектировании архитектуры и принципиально важный при построении Disaster Recovery схемы.

Основная мысль такая. Если падает us-east-1, где располагается control plane большинства глобальных сервисов, то операции по их созданию, изменению, удалению перестанут работать (могут перестать, полагаться на это нельзя). При этом сервисы в регионах с нагрузками будут работать. Поэтому нужно планировать Disaster Recovery схему так, чтобы она не зависела от control plane.

В переводе на сервисы это означает следующее.


🔹 Route 53

Route 53 задействован под капотом самого AWS при создании многих сервисов, которым он должен сделать DNS собственные записи, в том числе хелсчеки, поэтому при проблемах в us-east-1 у Route 53 может не быть возможности создать нужные записи и потому запросы на создание большинства популярных ресурсов вернут ошибку. Это верно как минимум для следующего списка (список не полный):

▪️ API Gateway
▪️ CloudFront
▪️ DynamoDB Accelerator (DAX)
▪️ Global Accelerator
▪️ ECS with DNS-based Service Discovery
▪️ EKS Kubernetes control plane
▪️ ElastiCache
▪️ ELB load balancers
▪️ Lambda URLs
▪️ MemoryDB for Redis
▪️ Neptune
▪️ OpenSearch
▪️ PrivateLink VPC endpoints
▪️ RDS/Aurora

👉 Рекомендация: для критичных Disaster Recovery схем нужно создавать ресурсы заранее. Не получится во время проблем в us-east-1 поднять RDS базу данных из бэкапа. Не получится создать балансеры, Redis или CloudFront.


🔸 S3

S3 региональный сервис, но из-за того, что у S3 все имена должны быть уникальные, то не получится создать или удалить бакет во время проблем в us-east-1. Кроме того все операции по изменению конфигурации бакета (bucket policy, настройки CORS, ACL, шифрования, репликации, логирования и др.) тоже зависят от us-east-1.

👉 Рекомендация: для критичных DR схем создавать S3 бакеты заранее. Не получится во время проблем в us-east-1 создать новый S3 бакет или срочно прикрутить к нему репликацию.


🔹 CloudFront

CloudFront используется для API Gateway with edge-optimized endpoints.

👉 Рекомендация: создавать заранее все нужные API Gateway with edge-optimized endpoints.


🔸 AWS STS

IAM сервис глобальный, получить временные credentials через STS можно из любого региона. Если у вас захардкожен us-east-1, то когда у него проблемы, вы получите ошибки, в то время как региональный STS будет работать.

👉 Рекомендация: изменить в AWS CLI / AWS SDK захардкоженный us-east-1 на регион с нагрузкой.


🔹 IAM Identity Center (AWS SSO) / Federated SAML

SSO может пострадать, если в том регионе, где он настроен, проблемы.

👉 Рекомендация: создайте IAM юзеров на случай, если вы, как я, слишком уж стараетесь соблюдать security best practices. По-другому зайти в систему во время проблем с SSO не получится, потому для критических случаев нужно создать рабочекрестьянского IAM user-а.

Ужас какой. Короче, типа — WiFi это конечно очень круто, но бухту кабеля и обжим всё-таки пока не выбрасывайте.


🔸 S3 Storage Lens

Дефолтная борда и её метрики располагаются в us-east-1, поэтому при проблемах они могут быть не доступны.

👉 Рекомендация: если для вас критичны S3 Storage Lens, то нужно создать свои собственные дашборды, указав при создании свой регион.

#design

​​От создателя AWS CDK:

https://www.winglang.io/

Ещё одна попытка похоронить Terraform запилить настоящий devops по-настоящему облачный язык.

#multicloud #alpha

Контейнерное окружение.

Добавьте свой вариант названия.👇🏼

#пятничное

​​💡 My predictions for re:Invent 2022.

🆕 New EC2 instances:
▫️ T5g on Graviton 3 💥
▫️ T4i on Intel Xeon Scalable Gen 3 💥
▫️ T4a on AMD Zen 3 💥

🆕 New services:
▫️ AWS AMT (Amazon Managed Terraform)
▫️ AWS KSDN (Kuiper Satellites Delivery Network)
▫️ AWS QKD (Quantum Key Distribution)

♦ IPv6 support for Private endpoints.

♦ HTTP/3 support for AWS ALB.

😳 AWS Organizations:
▫️ Automating account deletion / temporary accounts — you have to do it, we've been waiting for five years! 😀

#predictions #reInvent

Issue #47 | 21 November – 27 November 2022

▪️ Backup SAP HANA databases on EC2
▪️ CloudFront continuous deployment support
▪️ Connect configurable Lex timeouts
▪️ Control Tower Config rules compiance status
▪️ EBS Rule Lock for Recycle Bin
▪️ EC2 SQL Server 2022 AMIs
▪️ EMR
     ▫️ long running fault-tolerant SQL queries and checkpointing on S3 or HDFS
     ▫️ Manage Table metadata in Glue Data Catalog when running Flink workloads
▪️ EMR on EKS Jupyter Notebooks Spark properties configuration
▪️ EMR Serverless
     ▫️ cross-account S3 access
     ▫️ DynamoDB reading and writing data
     ▫️ Graviton2 support
▪️ EventBridge new capabilities that make it simpler to build rules
▪️ Glue Crawlers Snowflake support
▪️ IAM Identity Center session management capabilities for CLI/SDK
▪️ IoT RoboRunner is now generally available
▪️ Kinesis Data Analytics Flink version 1.15
▪️ Managed Grafana
     ▫️ visualizing Prometheus Alertmanager rules
     ▫️ VPC hosted data sources
▪️ QuickSight
     ▫️ cluster points for Geospatial Visual
     ▫️ connectivity to Databricks
     ▫️ dashboards now available for seller reporting and insights in Marketplace
     ▫️ launches admin asset management console
     ▫️ NULL in parameter
▪️ RDS Custom for Oracle Oracle Home customization
▪️ Rekognition new pre-trained labels, and introduces color detection
▪️ S3 Select improves query performance by up to 9x when using Trino
▪️ SageMaker Autopilot additional metrics for Ensemble training mode
▪️ Secrets Manager every 4 hours secrets rotation
▪️ Service Catalog syncing IaC templates from GitHub/Bitbucket
▪️ SNS payload-based message filtering
▪️ Textract any document signatures detection
▪️ X-Ray SQS + Lambda traces

🆕 ECS Service Connect — get the power of a service mesh built natively into ECS itself:

https://aws.amazon.com/blogs/aws/new-amazon-ecs-service-connect-enabling-easy-communication-between-microservices/

▦ ECS Service Connect provides an easy network setup and seamless service communication deployed across multiple ECS clusters and virtual private clouds (VPCs). You can add a layer of resilience to your ECS service communication and get traffic insights with no changes to your application code.

#ECS #mesh

​​🆕 Automated in-AWS Failback for AWS Elastic Disaster Recovery:

https://aws.amazon.com/blogs/aws/automated-in-aws-failback-for-aws-elastic-disaster-recovery/

Failover vs. Failback
⋙ Failover is switching the running application to another Availability Zone, or even a different Region, should outages or issues occur that threaten the availability of the application.
⋘ Failback is the process of returning the application to the original on-premises location or Region. For failovers to another Availability Zone, customers who are agnostic to the zone may continue running the application in its new zone indefinitely if so required. In this case, they will reverse the recovery replication, so the recovered instance is protected for future recovery. However, if the failover was to a different Region, its likely customers will want to eventually fail back and return to the original Region when the issues that caused failover have been resolved.

#DRS

​​🆕 CloudWatch Internet Monitor:

https://aws.amazon.com/blogs/aws/cloudwatch-internet-monitor-end-to-end-visibility-into-internet-performance-for-your-applications/

● Internet Monitor uses the connectivity data that we capture from our global networking footprint to calculate a baseline of performance and availability for internet traffic. This is the same data that we use at AWS to monitor our own internet uptime and availability. With Internet Monitor, you can gain awareness of problems that arise on the internet experienced by your end users in different geographic locations and networks.
● There is no need to instrument your application code. You can enable the service in the CloudWatch section of the AWS Management Console and start to use it immediately.

#CloudWatch

​​RDS Blue/Green Deployments:

https://aws.amazon.com/blogs/aws/new-fully-managed-blue-green-deployments-in-amazon-aurora-and-amazon-rds/

■ You can use Blue/Green Deployments to create a separate, synchronized, fully managed staging environment that mirrors the production environment. The staging environment clones your production environment’s primary database and in-Region read replicas. Blue/Green Deployments keep these two environments in sync using logical replication.
■ In as fast as a minute, you can promote the staging environment to be the new production environment with no data loss. During switchover, Blue/Green Deployments blocks writes on blue and green environments so that the green catches up with the blue, ensuring no data loss. Then, Blue/Green Deployments redirects production traffic to the newly promoted staging environment, all without any code changes to your application.
■ With Blue/Green Deployments, you can make changes, such as major and minor version upgrades, schema modifications, and operating system or maintenance updates, to the staging environment without impacting the production workload.

RDS Blue/Green Deployments is available on:
🔹 RDS/Aurora MySQL 5.6+
🔸 RDS/Aurora MariaDB 10.2+

#RDS #Aurora