AWS Top 10 August 2020

Well, two months in a row! This is off to a good start. Let’s see if I can keep this up. Lord knows AWS still is. As before, my list will be more Managed Services/operations focused and just on what I consider the Top 9 (plus some Honourable Mentions). For the full list of August updates, check out: https://aws.amazon.com/about-aws/whats-new/2020/08/

 

Faster EBS (io2)

At the end of August,
AWS announced the new Elastic Block Store (EBS) Provisioned IOPS volume: io2. This new volume type gives up to 10x higher IOPS at a maximum of 500 IOPS/GB. Along with the increased IOPS, the new volume type also gives 99.999% durability. For anyone needing high-performance disks, this is a great release.

The announcement can be found here: https://aws.amazon.com/about-aws/whats-new/2020/08/aws-announces-gerneral-availability-of-new-provisioned-iops-volume-io2-for-amazon-ebs/

 

Better info for anomalies

CloudTrail Insights is an addition to CloudTrail logs that provides insights into anomalous activity. This update provides a new “Attributions” tab that gives information into what was happening at that time.

For a view of the new UI, and details on the sections, check out: https://docs.aws.amazon.com/awscloudtrail/latest/userguide/logging-insights-events-with-cloudtrail.html#insights-understanding-attributions

Announcement details are at https://aws.amazon.com/about-aws/whats-new/2020/08/aws-cloudtrail-now-provides-relevant-user-statistics-to-act-on-anomalies-detected-by-cloudtrail-insights/

 

Simplify your TGW management

In June, AWS announced Prefix Lists (a collection of CIDR blocks) to simplify management of security groups and route tables. This announcement extends the usage of Prefix Lists to Transit Gateway route tables.

Information on Prefix Lists: https://docs.aws.amazon.com/vpc/latest/userguide/managed-prefix-lists.html

Announcement information: https://aws.amazon.com/about-aws/whats-new/2020/08/amazon-transit-gateway-customers-use-own-prefix-lists-simplify-ip-management/

 

ELB Billing is easier

This one isn’t a substantial technical change, but AWS billing isn’t the easiest to navigate. Beginning this month, AWS will move the ELB charges out from the Elastic Compute Cloud section and into their own area. Anything that makes your bill easier to understand is a good thing.

Announcement info here: https://aws.amazon.com/about-aws/whats-new/2020/08/elastic-load-balancing-simplifies-aws-bill/

 

Fixing things with Security Hub

This announcement is not so much new Security Hub functionality, but a solution based around Security Hub. AWS has provided an architecture using Security Hub & CloudWatch to detect and alert then Systems Manager and Service Catalog to remediate.

Architecture solution is here: https://aws.amazon.com/solutions/implementations/aws-security-hub-automated-response-and-remediation/

The announcement is here: https://aws.amazon.com/about-aws/whats-new/2020/08/aws-security-hub-automated-response-and-remediation-solution-is-generally-available/

 

Updated VPC Flow Logs via CFN

VPC Flow Logs are a great tool to find what’s happening with traffic flow within a VPC. Custom formats can enhance this information or restrict what you want to see. These custom formats can now be configured within CloudFormation templates.

 Information on custom formats: https://docs.aws.amazon.com/vpc/latest/userguide/flow-logs.html#flow-logs-custom

 CloudFormation resource information: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ec2-flowlog.html

Announcement: https://aws.amazon.com/about-aws/whats-new/2020/08/amazon-vpc-flow-logs-improves-cloudformation-support/

 

CFN for Application Insights

CloudWatch Application Insights provides extra monitoring insight for various applications, e.g. .Net, SQL Server & IIS. Configuration of this service can now be done via CloudFormation.

Application Insights info: https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/appinsights-what-is.html

 CloudFormation templates: https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/appinsights-cloudformation.html

Announcement: https://aws.amazon.com/about-aws/whats-new/2020/08/cloudwatch-application-insights-support-cloudformation-templates/

 

Join Linux instances to AWS Directory Service

The announcement says, “seamlessly join”, but there’s actually a bit of initial work shown in the documentation. None of the configurations looks incredibly tricky and once done will allow new instances to seamlessly join the configured AD domain.

 It will be interesting to play with this. I’m just about to roll out something similar with a customer including getting around their hostnames being greater than NetBIOS limits … stay tuned for a future blog.

Configuration documentation: https://docs.aws.amazon.com/directoryservice/latest/admin-guide/seamlessly_join_linux_instance.html

Announcement: https://aws.amazon.com/about-aws/whats-new/2020/08/seamlessly-join-amazon-ec2-for-linux-instance-to-aws-directory-service/

 

PrivateLink for ACM Private Certs

PrivateLink endpoints are now available for AWS Certificate Manager Private Certificate Authority. I much prefer keeping internal traffic internal, rather than having to go over the public internet to access AWS services.

Announcement details: https://aws.amazon.com/about-aws/whats-new/2020/08/aws-certificate-manager-private-certificate-authority-now-supports-private-link-endpoints/

 

Honourable Mentions

The following are announcements that I also found interesting, but I won’t go into too much detail.

 

EKS quotas managed via Service Quotas.

Update quotas without having to log a ticket.

Announcement: https://aws.amazon.com/about-aws/whats-new/2020/08/amazon-eks-quotas-can-now-be-managed-through-aws-service-quotas/

 

AWS Wavelength in Boston & San Francisco Bay Area

Wavelength is mobile edge computing for 5G. This could be really interesting.

Announcement: https://aws.amazon.com/about-aws/whats-new/2020/08/announcing-the-general-availability-of-aws-wavelength-in-boston-and-the-san-francisco-bay-area/

 

Quantum computing by the hour

Amazon Braket was announced mid-August. If you’ve wanted to explore Quantum computing, now’s your chance.

Announcement: https://aws.amazon.com/about-aws/whats-new/2020/08/quantum-computing-available-aws-through-amazon-braket/

 

Savings Plans for EKS Fargate

Compute Savings Plans are the new(ish) companion to Reserved Instances. If you are running AWS Fargate for EKS, this is worth a look.

Announcement: https://aws.amazon.com/about-aws/whats-new/2020/08/amazon-fargate-aws-eks-included-compute-savings-plan/

 

Data protection for Tape Gateway

AWS Storage Gateway now has support for WORM and Tape Retention with Tape Gateway.

Announcement: https://aws.amazon.com/about-aws/whats-new/2020/08/aws-storage-gateway-adds-data-protection-features-for-tape-gateway/

 

More metadata fields

EC2 instances now have five new metadata fields.

Announcement: https://aws.amazon.com/about-aws/whats-new/2020/08/amazon-ec2-instance-metadata-service-supports-additional-fields-improved-automation-operability/

 

Manage WorkSpaces tagging

Tag Editor can now be used to manage tags on WorkSpaces.

Announcement: https://aws.amazon.com/about-aws/whats-new/2020/08/amazon-workspaces-enables-aws-resource-groups-tag-editor/