Официальный клиент для монтирования S3 бакета в файловую систему — Mountpoint for Amazon S3

https://aws.amazon.com/blogs/storage/the-inside-story-on-mountpoint-for-amazon-s3-a-high-performance-open-source-file-client/

Отличия от других клиентов:

1️⃣ Использует те же библиотеки, что и AWS SDK
2️⃣ Написан на Rust
3️⃣ Автонастройка как для S3

Репозиторий:

GitHub 🔗 https://github.com/awslabs/mountpoint-s3
Roadmap 🔗 https://github.com/orgs/awslabs/projects/84

p.s. Альфа версия, у меня не заработало на ARM 😐 .

#S3

​​Project Kuiper (Starlink от Амазона) показал пользовательские терминалы:

https://www.aboutamazon.com/news/innovation-at-amazon/heres-your-first-look-at-project-kuipers-low-cost-customer-terminals

Три размера:
▪️ Компактный — 100 Mbit/s (на картинке)
▪️ Средний — 400 Mbit/s
▪️ Большой — 1 Gbit/s

Стоимость терминалов планируется в районе 400-500 долларов.

На уровне железа используется собственная разработка — 5G-чип "Prometheus", который способен работать на скоростях вплоть до 1 Tbit/s.

#Kuiper

​​☁️ AWS Survey 2023

https://answersforaws.com/2023/

• This is a yearly survey to collect data on the the state of AWS and related services.
• 331 people who responded
• Most people have 6-10 years of experience with AWS
• Most people complete the survey in under 5 minutes
• Every question of the survey is optional and can be skipped
• Ran from January 16 to February 15, 2023
• This survey is in not supported, sponsored or endorsed by AWS (it's unofficial and is entirely community made)

#survey

​​Будьте вежливы!

#пятничное

☁️ Issue #63 | 13 Mar 2023 – 19 Mar, 2023

▪️ Amazon Linux 2023 is GA
▪️ Application Auto Scaling Metric Math for Target Tracking policies
▪️ Backup VMware vSphere 8 and multiple virtual NICs
▪️ Chatbot now available in Microsoft Teams
▪️ Chime SDK Amazon Voice Focus for carriers
▪️ CloudWatch Logs VPC Flow Logs metadata
▪️ CodeBuild small GPU machine type
▪️ Connect Wisdom Microsoft SharePoint Online
▪️ Database Migration Service
     ▫️ Glue Data Catalog when migrating to S3
     ▫️ S3 data validation
▪️ Data Exchange S3 is now generally available
▪️ EC2 in-place OS updates on M1 Mac instances
▪️ EMR fine-grained access controls with Lake Formation
▪️ GameLift updated console UX
▪️ GuardDuty RDS Protection for Amazon Aurora is GA
▪️ Kendra
     ▫️ Confluence Cloud Connector
     ▫️ Confluence Server Connector
     ▫️ Microsoft SharePoint Cloud Connector
     ▫️ SharePoint OnPrem Connectors
▪️ Keyspaces client-side timestamps
▪️ Migration Hub Strategy Recommendations binary analysis
▪️ Neptune
     ▫️ graph summary API
     ▫️ R6i instances
     ▫️ Slow Query Logs
▪️ OpenSearch Service
     ▫️ introduces security analytics
     ▫️ OpenSearch version 2.5
▪️ QuickSight hide collapsed columns control for Pivot table
▪️ S3
     ▫️ Mountpoint a high performance open source file client
     ▫️ Multi-Region Access Points cross-account support
     ▫️ Object Lambda CloudFront to tailor content for end users
     ▫️ Outposts local S3 Replication on Outposts
     ▫️ simplified private connectivity from on-premises networks

​​Свой собственный Former2 для получения CloudFormation и Terraform кода из накликанного окружения:

https://github.com/aws-samples/ec2-former2

Вводить, пусть даже на проверенном сайте, ключи доступа к AWS аккаунту, от неприятно до невозможно. Former2 же работает лишь на собственном домене либо на localhost. Второй способ и реализует этот скрипт.

С помощью готового CloudFormation шаблона поднимается t3.medium (по умолчанию) виртуалка с обычным Amazon Linux 2, туда автоматом водружается GUI (чтобы работать с ней удалённо), амазоновский NICE DСV (сервис для реализации рабочего стола), ставятся популярные браузеры (Firefox, Chrome, Edge), а также VS Code — главное нужное для работы.

Всё ставится в существующую VPC. После запуска нужной зайти через SSM Session Manager (виртуалка ставится без SSH ключа), чтобы поменять пароль для ec2-user (sudo passwd ec2-user), который будет использоваться для доступа через NICE DСV.

Задав пароль, можно логиниться и работать прямо через браузер (на картинке). Такой функционал реализует NICE DСV. А если скачать его бесплатный клиент, то получится вполне годный рабочий стол. Сделав нужное, машинку можно потушить и поднимать по необходимости.

Навороченная (может ставиться минут двадцать), но проверил — рабочая конструкция. Из минусов — будет долго висеть (и не заработает), если в VPC есть IPv6 (нужно прямо по ходу добавить IPv6 в egress для создаваемой security group и успешно установится).

В общем, хорошая штука, применима не только для Former2, но и как заготовка для собственной реализации удалённого рабочего стола.

p.s. У кого аллергия на CloudFormation, могу переделать под Terraform — пишите, если нужно. 😃

#cloudfromation #terraform

​​Planning to take the AWS certification exam?

Now it would be a little less stressful as you would get free retake if you fail.

Promo code needs to be applied during checkout. Exam must be scheduled and taken between March 15 and May 31, 2023. Free retake must be taken before August 1, 2023.

More info and get your promo code here:

https://home.pearsonvue.com/aws/free-retake

#AWS_Certification

Beginning on March 20th, all traffic targeting the legacy k8s.gcr.io registry will be redirected to the new image container registry at the registry.k8s.io endpoint. Then on April 3, 2023, the old registry will then be frozen, preventing any images for Kubernetes and its sub-projects from being pushed to the k8s.gcr.io registry.

https://aws.amazon.com/blogs/containers/changes-to-the-kubernetes-container-image-registry/

All images in the k8s.gcr.io registry will be impacted by this change, including other sub-projects such as dns/k8s-dns-node-cache and ingress-nginx/controller.

To find images from k8s.gcr.io:

▫️ OPA Gatekeeper
▫️ Kyverno
▫️ kubectl community-images plugin
▫️ run
kubectl get pods --all-namespaces -o jsonpath="{.items[*].spec.containers[*].image}" | tr -s '[[:space:]]' '\n' | sort | uniq -c | grep "k8s.gcr.io"

#Kubernetes #EKS

AWS переводит европейские датацентры на биодизель.

https://www.theregister.com/2023/03/20/aws_wants_to_cook_its/

#news

​​Cfnctl — Terraform cli experience for AWS Cloudformation

https://github.com/rogerwelin/cfnctl

With cfnctl, you write Cloudformation templates as usual but use the cli workflow that you are already used to from Terraform, including:

▪️ apply
▪️ plan
▪️ destroy
▪️ output
▪️ validate
▪️ version

#CloudFormation

​​ALB + TLS 1.3: 🎉

https://docs.aws.amazon.com/elasticloadbalancing/latest/application/create-https-listener.html#describe-ssl-policies

🔹 ELBSecurityPolicy-TLS13-1-2-2021-06 security policy is the default policy for HTTPS listeners created using the AWS Console. This security policy includes TLS 1.3, which is optimized for security and performance, and backward compatible with TLS 1.2.
🔸 ELBSecurityPolicy-2016-08 policy is the default security policy for listeners created using the AWS CLI.

#ALB

🌥 Issue #64 | 20 Mar 2023 – 26 Mar, 2023

▪️ Application Auto Scaling resource tagging
▪️ Application Load Balancer TLS 1.3
▪️ Aurora cross-region disaster recovery capabilities | Melbourne
▪️ Backup for Amazon S3 is now available in Jakarta anв UAE
▪️ Batch configurable Ephemeral Storage on  Fargate
▪️ Clean Rooms general availability
▪️ CloudFormation language extensions transform +5 regions
▪️ Connect
     ▫️ multiple SAML 2.0 identity providers
     ▫️ Tasks custom task templates in flows
▪️ Corretto 20 | GA
▪️ Detective increased quota limits for data volumes
▪️ Direct Connect location in Muscat, Oman
▪️ DocumentDB Elastic Clusters +3 regions
▪️ EC2 C6in, M6in, M6idn, R6in, and R6idnmetal instances
▪️ ECS contextual failure reasons for task launches with capacity providers
▪️ Edge location in Peru
▪️ EMR EC2 C7g (Graviton3) instances
▪️ EMR on EKS
     ▫️ EG pod placement for managed endpoints
     ▫️ managed and self-managed node groups
▪️ GameLift per-second billing
▪️ IAM Listing tool for testing new Billing, Cost Management and Account console permissions
▪️ IVS multiple hosts in live streams
▪️ OpenSearch Service log patterns, metrics and Jaeger traces
▪️ RDS Proxy PostgreSQL major version 15
▪️ Redshift new getting started UX
▪️ Resilience Hub EKS support
▪️ S3 Event Notifications  EventBridge `GovCloud Regions`
▪️ SageMaker Data Wrangler OAuth based access to Snowflake
▪️ Security Hub +3 regions
▪️ Security Lake +3 additional regions | Preview
▪️ Service Catalog availability | Middle East (UAE) Region
▪️ SNS set content-type request headers for HTTP/S notifications
▪️ Thinkbox Deadline 10.2
▪️ VPC
     ▫️ DNS Query Logging now available in Jakarta region
     ▫️ Reachability Analyzer Gateway Load Balancers, Network Firewalls and PrivateLink
▪️ WorkDocs Search Resources API
▪️ WorkSpaces BYOL Windows 11

Всем привет,вдруг кому-то будет интересно https://filia-aleks.medium.com/measuring-cold-start-time-of-aws-lambda-functions-with-java-and-snapstart-5c0fd994614

SnapStart не всегда так сильно помогает,нужно еще уметь готовить)

​​The illustrated guide to S3 pre-signed URLs:

https://fourtheorem.com/the-illustrated-guide-to-s3-pre-signed-urls/

🔹 S3 pre-signed URLs are a great way to authorize operation on S3.
🔸 They are generally used to implement upload and download functionality.
🔹 The signature is created client-side, so you can sign anything (even actions you don’t even have the right to perform).
🔸 AWS will validate at request time whether the request itself is still valid and not forged, but also that the credentials used for signing the request are actually authorized to perform the given action.
🔹 There are two different methods to perform uploads: PUT and POST. POST is more complex but also much more flexible. POST is less used in the wild, but you should consider using it!
🔸 S3 pre-signed URLs are not the only option and they come with their own set of tradeoffs. Always evaluate what’s the best solution for the problem at hand.

#S3

Как выбрать правильную базу-данных в AWS?

Говорим о довольно сложном выборе, а именно как выбрать базу данных. Иногда наш выбор обусловлен тем с чем мы уже работали и знаем как начать, но не всегда оптимально подходит под приложение. Или изначальный выбор был идеальным, но нагрузка слишком быстро выросла и теперь стоит дилемма, что делать дальше. В этом выпуске совместно с Aleksandr Iziumov, нашим экспертом по базам данных и Mikhail (Mike) Golubev мы прошлись по всем категориям. А именно

* Key-value DB:
* Amazon DynamoDB
* Amazon Keyspaces (for Apache Cassandra)
* Amazon DocumentDB
* RDBM)
* Amazon RDS
* Amazon Aurora + Serverless v2
* Graph: Amazon Neptune
* In-Memory:
* Amazon ElastiCache for Redis/Amazon ElastiCache for Memcached
* Amazon MemoryDB for Redis
* Other:
* Amazon Timestream Database
* Amazon Quantum Ledger Database (QLDB)
* Full-text-search:
* Amazon OpenSearch Service


#podcast
Послушать можно тут:
- Apple Podcasts
- Google Podcasts
- Spotify
- PodBean
- YandexMusic

​​⭐ Top 20 AWS 2023.Q1 updates

The ranking is based on public data — the popularity of announcements on Reddit and Twitter.

1️⃣ Amazon Linux 2023
2️⃣ S3 SSE by default starting in January 5, 2023
3️⃣ S3 Block Public Access + disable ACLs by default starting today
4️⃣ ALB + TLS 1.3
5️⃣ RDS + Secrets Manager
6️⃣ ECS + deletion of inactive task definitions
7️⃣ Lambda + maximum concurrency for SQS
8️⃣ VPC Resource Map
9️⃣ Mountpoint for Amazon S3
🔟 NAT Gateway’s + concurrent connections
11 AWS Clean Rooms + GA
12 VPC Lattice + GA
13 DynamoDB + table deletion protection
14 Network Firewall + ingress TLS inspection
15 Enable SSM by default across all EC2 instances in an account
16 Changes to AWS Billing/Cost Management/Account Permissions
17 Cost Anomaly Detection + automatically configured
18 GuardDuty + threat detection across all AWS accounts
19 M7g and R7g EC2 Instances
20 RDS for PostgreSQL 15

Bonus:

▫️ AWS Modular Data Center for DoD
▫️ New AWS Region — Melbourne, Australia
▫️ In the Works – AWS Region in Malaysia
▫️ AWS Cost CLI: CLI tool for AWS cost analysis
▫️ EC2 t4g.small is free (again) until the end of the year!

#Top

AWS Service Catalog + Terraform:

https://aws.amazon.com/blogs/aws/new-self-service-provisioning-of-terraform-open-source-configurations-with-aws-service-catalog/

#ServiceCatalog #Terraform