Well, two months in a row! This is off to a good start. Let’s see if I can keep this up. Lord knows AWS still is. As before, my list will be more Managed Services/operations focused and just on what I consider the Top 9 (plus some Honourable Mentions). For the full list of August updates, check out: https://aws.amazon.com/about-aws/whats-new/2020/08/
Faster EBS (io2)
At the end of August,
AWS announced the new Elastic Block Store (EBS) Provisioned IOPS volume: io2. This new volume type gives up to 10x higher IOPS at a maximum of 500 IOPS/GB. Along with the increased IOPS, the new volume type also gives 99.999% durability. For anyone needing high-performance disks, this is a great release.
The announcement can be found here: https://aws.amazon.com/about-aws/whats-new/2020/08/aws-announces-gerneral-availability-of-new-provisioned-iops-volume-io2-for-amazon-ebs/
Better info for anomalies
CloudTrail Insights is an addition to CloudTrail logs that provides insights into anomalous activity. This update provides a new “Attributions” tab that gives information into what was happening at that time.
For a view of the new UI, and details on the sections, check out: https://docs.aws.amazon.com/awscloudtrail/latest/userguide/logging-insights-events-with-cloudtrail.html#insights-understanding-attributions
Simplify your TGW management
In June, AWS announced Prefix Lists (a collection of CIDR blocks) to simplify management of security groups and route tables. This announcement extends the usage of Prefix Lists to Transit Gateway route tables.
Information on Prefix Lists: https://docs.aws.amazon.com/vpc/latest/userguide/managed-prefix-lists.html
ELB Billing is easier
This one isn’t a substantial technical change, but AWS billing isn’t the easiest to navigate. Beginning this month, AWS will move the ELB charges out from the Elastic Compute Cloud section and into their own area. Anything that makes your bill easier to understand is a good thing.
Announcement info here: https://aws.amazon.com/about-aws/whats-new/2020/08/elastic-load-balancing-simplifies-aws-bill/
Fixing things with Security Hub
This announcement is not so much new Security Hub functionality, but a solution based around Security Hub. AWS has provided an architecture using Security Hub & CloudWatch to detect and alert then Systems Manager and Service Catalog to remediate.
Architecture solution is here: https://aws.amazon.com/solutions/implementations/aws-security-hub-automated-response-and-remediation/
Updated VPC Flow Logs via CFN
VPC Flow Logs are a great tool to find what’s happening with traffic flow within a VPC. Custom formats can enhance this information or restrict what you want to see. These custom formats can now be configured within CloudFormation templates.
Information on custom formats: https://docs.aws.amazon.com/vpc/latest/userguide/flow-logs.html#flow-logs-custom
CloudFormation resource information: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ec2-flowlog.html
CFN for Application Insights
CloudWatch Application Insights provides extra monitoring insight for various applications, e.g. .Net, SQL Server & IIS. Configuration of this service can now be done via CloudFormation.
Application Insights info: https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/appinsights-what-is.html
CloudFormation templates: https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/appinsights-cloudformation.html
Join Linux instances to AWS Directory Service
The announcement says, “seamlessly join”, but there’s actually a bit of initial work shown in the documentation. None of the configurations looks incredibly tricky and once done will allow new instances to seamlessly join the configured AD domain.
It will be interesting to play with this. I’m just about to roll out something similar with a customer including getting around their hostnames being greater than NetBIOS limits … stay tuned for a future blog.
Configuration documentation: https://docs.aws.amazon.com/directoryservice/latest/admin-guide/seamlessly_join_linux_instance.html
PrivateLink for ACM Private Certs
PrivateLink endpoints are now available for AWS Certificate Manager Private Certificate Authority. I much prefer keeping internal traffic internal, rather than having to go over the public internet to access AWS services.
The following are announcements that I also found interesting, but I won’t go into too much detail.
EKS quotas managed via Service Quotas.
Update quotas without having to log a ticket.
AWS Wavelength in Boston & San Francisco Bay Area
Wavelength is mobile edge computing for 5G. This could be really interesting.
Quantum computing by the hour
Amazon Braket was announced mid-August. If you’ve wanted to explore Quantum computing, now’s your chance.
Savings Plans for EKS Fargate
Compute Savings Plans are the new(ish) companion to Reserved Instances. If you are running AWS Fargate for EKS, this is worth a look.
Data protection for Tape Gateway
AWS Storage Gateway now has support for WORM and Tape Retention with Tape Gateway.
More metadata fields
EC2 instances now have five new metadata fields.
Manage WorkSpaces tagging
Tag Editor can now be used to manage tags on WorkSpaces.