Well, it’s Australia Day weekend once again and our friends over at Amazon Web Services have been keeping themselves very busy this last week with several key announcements and releases that have a special place in the heart of us Australians. This article continues the weekly series we are doing this year to help customers with a brief overview of the happenings within the AWS world over the last week to try and help surface some of the more important announcements. This is not meant to be an exhaustive list of all the updates and changes to the AWS eco-system, but simply a summary of changes that might have an impact on the business and trends we at Kloud are seeing within the industry. As always, if you would like to talk to somebody about how you might be able to leverage some of these new technologies and services, please feel free to reach out using the contact link at the top of the page.
The key take away’s from this week are:
- Amazon WorkLink – Secure, One-Click Mobile Access to Internal Websites and Applications
- TLS termination on Network Load Balancers
- PROTECTED Status for Australia
- Update to AWS Trusted Advisor
As always, first cab off the rank for the week are the product announcements, and this week we have the release of Amazon WorkLink. The AWS Product page states that ” With Amazon WorkLink, employees can access internal web content as easily as they access any public website, without the hassle of connecting to their corporate network. When a user accesses an internal website, the page is first rendered in a browser running in a secure container in AWS. Amazon WorkLink then sends the contents of that page to employee phones as vector graphics while preserving the functionality and interactivity of the page. This approach is more secure than traditional solutions because internal content is never stored or cached by the browser on employee phones, and employee devices never connect directly to your corporate network.”
This product is a potential game changer for several really common use cases. You could potentially even replace your whole VPN with this solution, not only reducing your operational footprint, but also providing a more secure, easier to use solution for your users. Unfortunately, it’s only currently available in AWS US East (N. Virginia), AWS US East (Ohio), AWS US West (Oregon), and AWS EU (Ireland) but will no doubt be coming to AWS AP Southeast (Sydney) in the future. Look out for our upcoming article where we take a closer look at how Amazon Worklink actually operates and how you can go about setting it up, but in the meantime for those wanting more details you can visit the official product page here and as always there is a fantastic blog article written by Jeff Barr available on the AWS blog https://aws.amazon.com/blogs/aws/amazon-worklink-secure-one-click-mobile-access-to-internal-websites-and-applications/
While we are on the topic of product announcements and changes, AWS announced on Thursday that you can now make use of TLS (Transport Layer Security) connections that terminate at a Network Load Balancer. Not only does this allow for simplified management improved compliance, but also results in cleaner access logs (as your NLB logs can now contain TLS termination details) as well as Source IP preservation as it will allow you to pass the Source IP address all the way through to your backend servers. For a detailed write up on the future feature as well as a step by step guide on getting started, see Jeff Barr’s Blog available https://aws.amazon.com/blogs/aws/new-tls-termination-for-network-load-balancers/
The next announcement is a big one for Australia, with Amazon Web Services and the Australian Cyber Security Centre (ACSC) announcing on Wednesday that the ACSC has awarded AWS PROTECTED certification. This is currently the highest data security certification available in Australia for cloud provided on the Certified Cloud Services List (CCSL). What’s really exciting about the announcement is that AWS have managed to get 42 services included within the certification (including but not limited to Lambda, Key Management Services and GuardDuty) and that there is no additional prices or charges for PROTECTED certification. As always when it comes to certifications on AWS, visit your AWS Artifact page (available here) to get the specific details around the certification.
And finally for this week’s roundup, is an update that’s going to make validating the health of your AWS environment a little bit easier, the announcement that AWS Trusted Advisor has expanded functionality with new Best Practices checks. For those who are not aware, “AWS Trusted Advisor is an application that draws upon best practices learned from AWS’ aggregated operational history of serving millions of AWS customers. Trusted Advisor inspects your AWS environment and makes recommendations for saving money, improving system performance, and closing security gaps. AWS recently announced that they have added a range of new checks to validate best practices within your AWS environment including, DynamoDB, Route53 and Driver versions for windows instances. For detailed information on the Trusted Advisor Best Practice Checks, you can look them up here. As always, please feel free to reach out to us directly (via the “Contact Us” link at the top of the page) if you would like assistance in benchmarking or managing your AWS environment.
And that’s it for the AWS update for Friday the 25th of January 2019. Please keep an eye out for our weekly updates on the happenings within the AWS eco-system and for the continuation of our blog series on developing and deploying a serverless SPA environments on AWS using Static Site Generators.