Stack Overflow — AWS Collective:

https://stackoverflow.com/collectives/aws

Issue #49 | 5 December – 11 December, 2022

▪️ Billing Conductor Global Free Tier Pricing Rules
▪️ Braket adjoint gradient computation, runtime improvements, cost savings
▪️ CloudFormation Hooks wildcard config
▪️ CloudShell is now System and Organization Controls (SOC) compliant
▪️ Config drift detection in Config Recorder
▪️ Contact Lens manage rules with Connect APIs
▪️ Cost Anomaly Detection alerts include account name
▪️ Cost Management refresh Savings Plans
▪️ EC2 Auto Scaling Metric Math for Target Tracking Policies
▪️ ECS Service Connect Fargate on Graviton support
▪️ FSx for NetApp ONTAP
     ▫️ extends NVMe read cache support to Single-AZ file systems
     ▫️ new ease-of-use features
     ▫️ Nitro-based encryption of data in transit
     ▫️ receives DoD Impact Level 4 and 5 authorization
▪️ Glue sensitive data detection is available in 18 additional Regions
▪️ IAM Identity Center FedRAMP High authorization in GovCloud
▪️ IoT Device Defender Audit potential misconfiguration in IoT Policies
▪️ IoT TwinMaker asset synchronization with IoT SiteWise
▪️ Kinesis Data Firehose now delivers to Logz.io
▪️ Lex Arabic, Cantonese, Norwegian, Swedish, Polish, and Finnish
▪️ Location Service is now HITRUST CSF certified
▪️ Managed Grafana CloudFormation support
▪️ NoSQL Workbench DDB
     ▫️ creating data models directly from sample data model templates
     ▫️ DynamoDB Local
▪️ QuickSight billion-row dataset with SPICE
▪️ RDS Proxy Aurora Global Database primary and secondary regions
▪️ SageMaker Data Wrangler EMR Presto as a big data query engine
▪️ SageMaker Feature Store Apache Iceberg table format
▪️ SageMaker Model Training support for ml.p4de instances | Preview
▪️ SageMaker Studio Fine-grained DAC with Lake Formation/EMR
▪️ Security Hub Control Tower integration
▪️ Systems Manager change request CloudTrail events
▪️ Transcribe Custom Language Models for German/Japanese

​​HardenEKS allows you to make sure that EKS cluster provides EKS Best Practices:

https://github.com/aws-samples/hardeneks

python3 -m venv /tmp/.venv
source /tmp/.venv/bin/activate
pip install hardeneks
hardeneks

#EKS

Свежий Cloud DBMS Quadrant

Issue #50 | 12 December – 18 December, 2022

▪️ Amplify Library for Android v2.0 | Javascript v5.0
▪️ AppFlow
     ▫️ 4 new connectors
     ▫️ Microsoft SharePoint Online as a source
▪️ Athena new connector for AWS MSK and Kafka
▪️ Backup
     ▫️ schedule-based network throttling for VMware
     ▫️ VMware vSphere tags
▪️ Chime SDK launches pre-built CodeSandbox developer experience
▪️ Cloud WAN simplify security inspection with Appliance Mode support
▪️ CloudWatch Metrics Insights alarms
▪️ Connect
     ▫️ bulk user import now includes agent hierarchy and tags
     ▫️ resource tags access controls for routing profiles, users
▪️ Control Tower concurrent account provisioning operations
▪️ Copilot ECS Service Connect
▪️ Cost Anomaly Detection percentage-based thresholds
▪️ DataSync tags usage in task executions
▪️ DevOps Guru for RDS detects SQL load changes
▪️ EBS direct APIs now supports IPv6
▪️ EC2 Calculator dedicated instance pricing
▪️ ECS container port ranges for port mapping
▪️ EKS
     ▫️ add-ons now supports advanced configuration
     ▫️ automated provisioning and lifecycle management for Windows containers
▪️ EMR new Console
▪️ EMR on EKS Nvidia RAPIDS Accelerator for Apache Spark
▪️ EMR Serverless jobs CloudWatch metrics
▪️ Fraud Detector Data Models Explorer
▪️ Gateway Load Balancer IPv6 traffic
▪️ IQ public profiles for companies
▪️ Kinesis Video Streams edge recording and scheduled cloud streaming | Preview
▪️ Location Service Open Data Maps | Preview
▪️ Marketplace
     ▫️ free trials for SaaS usage-based pricing products
     ▫️ notify sellers and customers when a private offer is created
▪️ Neptune “Concise Bounded Description” queries for SPARQL query language
▪️ Neptune ML Real-time inductive inference
▪️ Personalize new limits: more users and longer histories of interactions
▪️ Pricing Calculator bulk estimation of EC2 instances
▪️ QuickSight Q Topic migration APIs | Preview
▪️ RDS for Oracle copying option groups during in-region cross-account snapshot copy
▪️ RDS Proxy PostgreSQL major version 14
▪️ Route 53 threat intelligence sourced from Recorded Future
▪️ S3 Block Public Access and disable ACL for all new buckets in April 2023
▪️ SageMaker Canvas Bring ML Models built anywhere
▪️ SageMaker Data Wrangler now auto-generates feature-level visualizations
▪️ SageMaker Experiments new capabilities to manage ML experiments
▪️ SageMaker Feature Store offline store Python SDK
▪️ SageMaker Ground Truth synthetic data now supports dynamic 3D environments
▪️ Storage Gateway S3 File Gateway Terraform modules
▪️ Timestream AWS Backup support
▪️ Translate
     ▫️ batch translation language detection
     ▫️ S3 nested folders files
▪️ Trusted Advisor new fault tolerance checks

Issue #51 🎄 | 19 December – 25 December, 2022

▪️ Athena enhances read support for Delta Lake table format
▪️ Batch adds visibility for terminated and cancelled jobs
▪️ Compute Optimizer Fargate support
▪️ Connect
     ▫️ allows contact center managers to join ongoing calls
     ▫️ Edge Chromium support
     ▫️ enhanced controls for redacting PII Contact Lens
     ▫️ JSON content-type in chat messages
▪️ Console Home
     ▫️ new Security widget
     ▫️ Systems Manager widget
▪️ EC2 DescribeImages API now supports pagination
▪️ ECS CloudWatch alarms integration to improve safety for deployments
▪️ EKS Anywhere
     ▫️ cluster lifecycle automation with GitOps and IaC tools
     ▫️ on Nutanix
     ▫️ single-node clusters on bare metal
▪️ EKS PrivateLink
▪️ EMR Serverless account-level vCPU-based per-region quotas
▪️ FinSpace web and data access events now available in CloudTrail
▪️ Glue Crawlers Delta Lake Tables
▪️ IoT Core Rules Engine supports Protobuf
▪️ IoT Device Client new V1.8 via ECR with enhanced functionality
▪️ Kinesis Video Streams ingestion and storage support WebRTC | Preview
▪️ License Manager commercial Linux subscriptions discovery and governance
▪️ Lookout for Equipment label feedback API
▪️ Managed Prometheus VPC endpoint policies
▪️ Migration Hub Orchestrator importing virtual machine images
▪️ Migration Hub Refactor Spaces enables Lambda aliases as service endpoints
▪️ Neptune Workbench JupyterLab notebooks
▪️ Nimble Studio
     ▫️ configurable persistent storage and new EBS volumes
     ▫️ EBS Snapshots with Auto Backup
▪️ Open-Source
     ▫️ Fortuna a library for uncertainty quantification of ML models
     ▫️ Organizations centrally manage region opt-in settings on AWS accounts
     ▫️ Renate a python library for automatic model re-training
▪️ ParallelCluster Multi-AZ support and other important features
▪️ RDS Custom for SQL Server CloudFormation Templates
▪️ RDS
     ▫️ integration with Secrets Manager
     ▫️ renaming Multi-AZ deployments with two readable standbys
▪️ RDS on AWS Outposts read replicas for MySQL and PostgreSQL
▪️ RDS Optimized Writes R6g, and R6gd instances
▪️ Rekognition adds labels and improves accuracy of existing labels for video
▪️ Rekognition improves accuracy of content moderation for images
▪️ Resource Scheduler Systems Manager Quick Setup
▪️ ROSA Management Console experience for satisfying ROSA prerequisites
▪️ SageMaker Automatic Model Tuning better reproducibility
▪️ Security Hub +9 new security best practice controls
▪️ Transcribe Speech to Text: Swedish and Vietnamese
▪️ Transfer Family built-in PGP decryption for file uploads

— А давайте воткнём на эту неделю всё, что не успели за год?
— А давайте!

⭐️Here are a few Free selected Hand-on AWS


1. Replicate Data within and between AWS Regions Using Amazon S3 Replication

https://aws.amazon.com/getting-started/hands-on/replicate-data-using-amazon-s3-replication

2. Build a Basic Web Application

https://aws.amazon.com/getting-started/hands-on/build-web-app-s3-lambda-api-gateway-dynamodb


3. Build a Serverless Web Application

https://aws.amazon.com/getting-started/hands-on/build-serverless-web-app-lambda-apigateway-s3-dynamodb-cognito

4. Launch and Configure a WordPress Instance with Amazon Lightsail

https://aws.amazon.com/getting-started/hands-on/launch-a-wordpress-website

5. Deploy a LAMP Stack Application to Amazon Lightsail

https://aws.amazon.com/getting-started/hands-on/launch-lamp-web-app

6. Deploy a Web App on AWS Elastic Beanstalk

https://aws.amazon.com/getting-started/guides/deploy-webapp-elb

7. Deploy a Container Web App on Amazon EKS

https://aws.amazon.com/getting-started/guides/deploy-webapp-eks

8. Deploy a Container Web APP on Amazon ECS

https://aws.amazon.com/getting-started/guides/deploy-webapp-ecs

9. Connecting a WordPress website to an Amazon Lightsail bucket and distribution
with Amazon Lightsail

https://aws.amazon.com/getting-started/hands-on/object-storage-cdn

10. Host a Static Website
Host your simple marketing website or web application on AWS

https://aws.amazon.com/getting-started/hands-on/host-static-website

11. Deploy Docker Containers on Amazon ECS

https://aws.amazon.com/getting-started/hands-on/deploy-docker-containers

11. Set Up a CI/CD Pipeline on AWS ( must do )

https://aws.amazon.com/getting-started/hands-on/set-up-ci-cd-pipeline

12. Build a WordPress Website

https://aws.amazon.com/getting-started/hands-on/build-wordpress-website

13. Create a Load Balanced WordPress Website
in Amazon Lightsail

https://aws.amazon.com/getting-started/hands-on/launch-load-balanced-wordpress-website/

14. Run Kubernetes clusters for less
with Amazon Elastic Kubernetes Service and Spot Instances

https://aws.amazon.com/getting-started/hands-on/amazon-eks-with-spot-instances

15. Migrate a Git Repository to AW

https://aws.amazon.com/getting-started/hands-on/migrate-git-repository

(C) Ann Felix

​​🔐 Взлом RSA 2048 с помощью квантовых компьютеров ⁉️

🇨🇳 22 декабря 2022-го года было опубликовано исследование китайских учёных, где говорится о возможности взлома RSA 2048 с применением квантовых компьютеров, доступных уже сейчас, а не лет через 10, как до этого предполагалось.

🔑 С помощью предложенного алгоритма удалось вычислить 2048-битный ключ на компьютере с 372 кубитами, в то время, как ранее для такого предполагалось, что потребуется 4000-8000+ кубитов, из чего и делалось предположение NIST, что такая технологическая возможность будет достигнута лишь к тридцатым годам.

📌 Известный гуру по безопасности Bruce Schneier
написал в своём блоге, что к этому нужно относиться очень серьёзно:

https://www.schneier.com/blog/archives/2023/01/breaking-rsa-with-a-quantum-computer.html

📚 Roger Grimes, автор книги Cryptography Apocalypse: Preparing for the Day When Quantum Computing Breaks Today's Crypto, нагнетает ещё больше в своей заметке «Has the Quantum Break Just Happened?»:

https://community.spiceworks.com/topic/2472644-has-the-quantum-break-just-happened

💻 Где говорится, что 432 кубита ломают RSA 2048, в то время как IBM уже в этом году грозится выпустить 1000-кубитный компьютер. В частности про этот прогноз было на слайдах re:Invent 2020 — Building post-quantum cryptography for the cloud.

⚠ Он также отмечает, что данное исследование делает уязвимым все Lattice-based алгоритмы, которые были совсем недавно приняты NIST в качестве защиты для Post Quantum эпохи шифрования.

🔒 Со своей стороны отмечу, что уже доступный в AWS KMS алгоритм BIKE, который попал в NIST PQC Round 4, принадлежит к Code-based типу алгоритмов и потому не попадает под этот вектор атаки. Если, конечно, всё это подтвердится (исследование будет доказано). 😀

🔺Но даже если и не подтвердится, то, всё равно — тема обеспечения безопасности во "внезапно" наступившей эпохе квантовых компьютеров — резко возрастёт, когда все осознают, что чуть меньше, чем всё, базирующееся на привычном ассиметричном шифровании (HTTPS, WiFi, Auth etc), может быть взломано.

🎄 С новым квантовым годом! 😁

#security #KMS