AWS переводит европейские датацентры на биодизель.

https://www.theregister.com/2023/03/20/aws_wants_to_cook_its/

#news

​​Cfnctl — Terraform cli experience for AWS Cloudformation

https://github.com/rogerwelin/cfnctl

With cfnctl, you write Cloudformation templates as usual but use the cli workflow that you are already used to from Terraform, including:

▪️ apply
▪️ plan
▪️ destroy
▪️ output
▪️ validate
▪️ version

#CloudFormation

​​ALB + TLS 1.3: 🎉

https://docs.aws.amazon.com/elasticloadbalancing/latest/application/create-https-listener.html#describe-ssl-policies

🔹 ELBSecurityPolicy-TLS13-1-2-2021-06 security policy is the default policy for HTTPS listeners created using the AWS Console. This security policy includes TLS 1.3, which is optimized for security and performance, and backward compatible with TLS 1.2.
🔸 ELBSecurityPolicy-2016-08 policy is the default security policy for listeners created using the AWS CLI.

#ALB

🌥 Issue #64 | 20 Mar 2023 – 26 Mar, 2023

▪️ Application Auto Scaling resource tagging
▪️ Application Load Balancer TLS 1.3
▪️ Aurora cross-region disaster recovery capabilities | Melbourne
▪️ Backup for Amazon S3 is now available in Jakarta anв UAE
▪️ Batch configurable Ephemeral Storage on  Fargate
▪️ Clean Rooms general availability
▪️ CloudFormation language extensions transform +5 regions
▪️ Connect
     ▫️ multiple SAML 2.0 identity providers
     ▫️ Tasks custom task templates in flows
▪️ Corretto 20 | GA
▪️ Detective increased quota limits for data volumes
▪️ Direct Connect location in Muscat, Oman
▪️ DocumentDB Elastic Clusters +3 regions
▪️ EC2 C6in, M6in, M6idn, R6in, and R6idnmetal instances
▪️ ECS contextual failure reasons for task launches with capacity providers
▪️ Edge location in Peru
▪️ EMR EC2 C7g (Graviton3) instances
▪️ EMR on EKS
     ▫️ EG pod placement for managed endpoints
     ▫️ managed and self-managed node groups
▪️ GameLift per-second billing
▪️ IAM Listing tool for testing new Billing, Cost Management and Account console permissions
▪️ IVS multiple hosts in live streams
▪️ OpenSearch Service log patterns, metrics and Jaeger traces
▪️ RDS Proxy PostgreSQL major version 15
▪️ Redshift new getting started UX
▪️ Resilience Hub EKS support
▪️ S3 Event Notifications  EventBridge `GovCloud Regions`
▪️ SageMaker Data Wrangler OAuth based access to Snowflake
▪️ Security Hub +3 regions
▪️ Security Lake +3 additional regions | Preview
▪️ Service Catalog availability | Middle East (UAE) Region
▪️ SNS set content-type request headers for HTTP/S notifications
▪️ Thinkbox Deadline 10.2
▪️ VPC
     ▫️ DNS Query Logging now available in Jakarta region
     ▫️ Reachability Analyzer Gateway Load Balancers, Network Firewalls and PrivateLink
▪️ WorkDocs Search Resources API
▪️ WorkSpaces BYOL Windows 11

Всем привет,вдруг кому-то будет интересно https://filia-aleks.medium.com/measuring-cold-start-time-of-aws-lambda-functions-with-java-and-snapstart-5c0fd994614

SnapStart не всегда так сильно помогает,нужно еще уметь готовить)

​​The illustrated guide to S3 pre-signed URLs:

https://fourtheorem.com/the-illustrated-guide-to-s3-pre-signed-urls/

🔹 S3 pre-signed URLs are a great way to authorize operation on S3.
🔸 They are generally used to implement upload and download functionality.
🔹 The signature is created client-side, so you can sign anything (even actions you don’t even have the right to perform).
🔸 AWS will validate at request time whether the request itself is still valid and not forged, but also that the credentials used for signing the request are actually authorized to perform the given action.
🔹 There are two different methods to perform uploads: PUT and POST. POST is more complex but also much more flexible. POST is less used in the wild, but you should consider using it!
🔸 S3 pre-signed URLs are not the only option and they come with their own set of tradeoffs. Always evaluate what’s the best solution for the problem at hand.

#S3

Как выбрать правильную базу-данных в AWS?

Говорим о довольно сложном выборе, а именно как выбрать базу данных. Иногда наш выбор обусловлен тем с чем мы уже работали и знаем как начать, но не всегда оптимально подходит под приложение. Или изначальный выбор был идеальным, но нагрузка слишком быстро выросла и теперь стоит дилемма, что делать дальше. В этом выпуске совместно с Aleksandr Iziumov, нашим экспертом по базам данных и Mikhail (Mike) Golubev мы прошлись по всем категориям. А именно

* Key-value DB:
* Amazon DynamoDB
* Amazon Keyspaces (for Apache Cassandra)
* Amazon DocumentDB
* RDBM)
* Amazon RDS
* Amazon Aurora + Serverless v2
* Graph: Amazon Neptune
* In-Memory:
* Amazon ElastiCache for Redis/Amazon ElastiCache for Memcached
* Amazon MemoryDB for Redis
* Other:
* Amazon Timestream Database
* Amazon Quantum Ledger Database (QLDB)
* Full-text-search:
* Amazon OpenSearch Service


#podcast
Послушать можно тут:
- Apple Podcasts
- Google Podcasts
- Spotify
- PodBean
- YandexMusic

​​⭐ Top 20 AWS 2023.Q1 updates

The ranking is based on public data — the popularity of announcements on Reddit and Twitter.

1️⃣ Amazon Linux 2023
2️⃣ S3 SSE by default starting in January 5, 2023
3️⃣ S3 Block Public Access + disable ACLs by default starting today
4️⃣ ALB + TLS 1.3
5️⃣ RDS + Secrets Manager
6️⃣ ECS + deletion of inactive task definitions
7️⃣ Lambda + maximum concurrency for SQS
8️⃣ VPC Resource Map
9️⃣ Mountpoint for Amazon S3
🔟 NAT Gateway’s + concurrent connections
11 AWS Clean Rooms + GA
12 VPC Lattice + GA
13 DynamoDB + table deletion protection
14 Network Firewall + ingress TLS inspection
15 Enable SSM by default across all EC2 instances in an account
16 Changes to AWS Billing/Cost Management/Account Permissions
17 Cost Anomaly Detection + automatically configured
18 GuardDuty + threat detection across all AWS accounts
19 M7g and R7g EC2 Instances
20 RDS for PostgreSQL 15

Bonus:

▫️ AWS Modular Data Center for DoD
▫️ New AWS Region — Melbourne, Australia
▫️ In the Works – AWS Region in Malaysia
▫️ AWS Cost CLI: CLI tool for AWS cost analysis
▫️ EC2 t4g.small is free (again) until the end of the year!

#Top

AWS Service Catalog + Terraform:

https://aws.amazon.com/blogs/aws/new-self-service-provisioning-of-terraform-open-source-configurations-with-aws-service-catalog/

#ServiceCatalog #Terraform

On April 6 we invite you to a webinar “Protecting Your Organization with AWS WorkSpaces: From Security Perimeter to Business Continuity"

Whether you're looking to protect your organization's security perimeter or prepare for unexpected disruptions, AWS WorkSpaces can help.


Join us for this informative session to learn more and discuss two use cases:
1. Protecting the security perimeter of your organization
benefits of using AWS WorkSpaces to enforce security policies and manage devices;
best practices for securing your organization's data with AWS WorkSpaces.

2. Supporting business failover scenarios
benefits of using AWS WorkSpaces for disaster recovery and business continuity;
best practices for ensuring that your critical business functions remain operational, even in the face of unexpected disruptions.

Speaker: Vadym Kovalenko, Cloud Architect at Triangu
Date: April 6, 6:00 (GMT+3)
Format: online
100% free of charge

Register 👉 https://bit.ly/3lORzvs

See you!

Terraform + RDS & Secrets Manager:

В terraform-provider-aws v4.61 добавили поддержку секретов для пароля RDS:

https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/db_instance

Свои секреты использовать нельзя, их создаст RDS при manage_master_user_password = true, параметр password при этом должен отсутствовать.

Для секретов RDS пароля можно указать свой KMS ключ.

resource "aws_db_instance" "postgres15" {
...
storage_encrypted = true
kms_key_id        = var.kms_key_id

manage_master_user_password = true
master_user_secret_kms_key_id = var.kms_key_id
}

Получить созданный RDS секрет с паролем:

data "aws_secretsmanager_secrets" "postgres15" {
  filter {
    name   = "owning-service"
    values = ["rds"]
  }
  filter {
    name   = "tag-value"
    values = [aws_db_instance.postgres15.arn]
  }
}

data "aws_secretsmanager_secret" "postgres15" {
  arn = tolist(data.aws_secretsmanager_secrets.postgres15.arns)[0]
}

output "rds_master_password_secret" {
  description = "RDS master user secret details"
  value       = aws_db_instance.postgres15.master_user_secret
}

output "rds_master_password_secret_data" {
  description = "RDS master user secret data resource in Secrets Manager"
  value       = data.aws_secretsmanager_secret.postgres15
}

#RDS #Terraform

​​EKS + Grafana Operator to manage Amazon Managed Grafana:

https://aws.amazon.com/blogs/mt/using-open-source-grafana-operator-on-your-kubernetes-cluster-to-manage-amazon-managed-grafana/

The grafana-operator is a Kubernetes operator built to help you manage your Grafana instances inside Kubernetes. Grafana Operator enables you to create and manage Grafana resources such as dashboards and data sources, declaratively between multiple instances in an easy and scalable way.

#AMG #EKS

☁️  Issue #66 | 9 April 2023

▪️  Amazon Aurora PostgreSQL 15
▪️  Amplify Library for Swift macOS Support is GA
▪️  App Runner +7 new compute configurations
▪️  Athena external data sources
▪️  Aurora PostgreSQL 14.7, 13.10, 12.14, and 11.19 versions
▪️  Billing Conductor pricing change
▪️  CDK policies validations during synthesis
▪️  CloudFront S3 Object Lambda Access Point origin
▪️  CodeCatalyst Dev Environments GitHub repositories support
▪️  Competency Partners Cloud Operations
▪️  Config 23 new resource types
▪️  Controllers for Kubernetes (ACK) for Amazon MemoryDB
▪️  EC2
      ▫️  EPYC3 instances now support EBS-optimized
      ▫️  Graviton2-based instances are available in additional regions
      ▫️  On-Demand Capacity Reservations – Utilization Notifications
▪️  ElastiCache for Redis new cluster creation UX
▪️  EMR on EKS Spark with Java 11
▪️  Glue  available in AWS Europe (Spain) and AWS Europe (Zurich)
▪️  Kendra Microsoft OneDrive Connector
▪️  Lambda introduces response payload streaming
▪️  Migration Hub High Availability SAP HANA systems
▪️  Monitron extends data stream with closure codes and status from sensors
▪️  MWAA Shell Launch Scripts
▪️  Network Firewall IPv6-only subnets
▪️  NICE DCV DCV and DCV Extension SDK | GA
▪️  Proton Git management of service configurations
▪️  RDS
     ▫️  add ElastiCache cache from Console
      ▫️  Custom for SQL Server Multi-AZ deployments
      ▫️  MySQL up to 15 read replicas for RDS Multi-AZ with 2 readable standbys
▪️  Resource Explorer export Search Results in csv
▪️  S3
      ▫️   beginning to apply two security best practices to all new buckets by default
      ▫️  object replication status
▪️  SageMaker
      ▫️  is now available in Asia Pacific (Hyderabad) Region
      ▫️  sharing predictions with QuickSight
      ▫️  Canvas 45+ data sources for no-code ML
      ▫️  Feature Store hard deletion in online store
▪️  Security Hub +4 new security best practice controls
▪️  Service Catalog Terraform open source
▪️  Supply Chain general availability
▪️  SWF PrivateLink support
▪️  Systems Manager Distributor New Relic Infrastructure Monitoring agent
▪️  Textract
      ▫️  AnalyzeDocument - Tables feature
      ▫️  Bulk Document Uploader
▪️  Trusted Advisor
      ▫️  fault tolerance checks for ECS
      ▫️  introduces Engage for Enterprise On-Ramp Support customers | Preview
▪️  VPC bring your own IP in 2 additional AWS Regions
▪️  WorkSpaces Core introduces MS Office 2019 Professional Plus bundle

​​Kubernetes 1.26 для EKS и EKS Distro 🎉

https://aws.amazon.com/blogs/containers/amazon-eks-now-supports-kubernetes-version-1-26/

Спустя официального релиза 1.26 прошло чуть более 4 месяцев, то есть задержка поддержки очередной версии сократилась настолько резко, что выйди эта версия на день раньше, то на AWS даже была бы актуальная версия, ведь версия 1.27 вышла буквально вчера. 😃Сделанный в прошлый раз прогноз на эту версию снова был очень неточным — ошибся почти на полтора месяца.

https://docs.aws.amazon.com/eks/latest/userguide/kubernetes-versions.html#kubernetes-1.26

Теперь отставание по версиям сократилось до одной версии, в качестве прогноза версии 1.27 на AWS поставлю на 19 июня 2023 года.

Отдельно стоит отметить, что окончание поддержки версии EKS 1.22 будет в самом начале лета — 4 июня.

#EKS

Можно ли ускорить базу данных в 6-7 раз?

Продолжаем говорить про базы данных. В этот раз обсудим из чего базы данных состоят, где узкие горлышки, и какие продукты приходят на смену устоявшимся Postgres, MongoDB, Redis, Neo4J. И в этом мне помог разобраться - основатель https://www.unum.cloud/ Ashot Vardanian

Например, знали ли вы, что большая часть современных БД хранит данные в Log Structured Merged Tree структуре, а если точнее - в одной ее реализации - RocksDB от Facebook? А что Postgres не умеет работать с асинхронными интерфейсами Linux, и уже на этом уровне в 10 раз медленнее чем новые аналоги построенные на io_uring и SPDK? Или что можно отправить данные с диска на видеокарту в обход процессора?
Заходите на подкаст чтобы узнать больше.

#podcast
Послушать можно тут:
- Apple Podcasts
- Google Podcasts
- Spotify
- PodBean
- YandexMusic

​​RDS + db.m7g & db.c7g:

https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/Concepts.DBInstanceClass.html#Concepts.DBInstanceClass.Support

db.m6g.large $0.159
db.m7g.large $0.168

db.r6g.large $0.225
db.r7g.large $0.239

#RDS