Well, it’s Friday again and that can only mean one thing…. It’s time again for my weekly update on all things AWS. Last week was a big week for developers and while this week has also seen a number of new features for our developer friends, Amazon Web Services has also brought us new instance types, storage options and functionality to what’s becoming a favourite of mine, Amplify. This article continues our weekly series on the happenings in the world of Amazon Web Services. It’s not meant to be an exhaustive list of all the updates and changes to the AWS Eco-system, but simply a summary of changes that might have an impact on the business and trends we at Kloud are seeing within the industry. As always, if you would like to talk to somebody about how you might be able to leverage some of these new technologies and services, please feel free to reach out using the contact link at the top of the page.
The key take away’s from this week are:
- Amazon Corretto 11 is Now in Preview
- Amplify Framework Adds new features
- Five New Amazon EC2 Bare Metal Instances
- Amazon EFS Introduces Lower Cost Storage Class
- Amazon GuardDuty Adds Three New Threat Detection’s
Amazon Corretto 11 is Now in Preview
As I mentioned last week, AWS Corretto has recently reached General Availability for Corretto version 8 and that AWS are planning to release version 11 before April of this year. Well, on Wednesday AWS announced that Corretto version 11 has now reached preview and is available for download from the Corretto product page here. Amazon Corretto is a no-cost, multi-platform, production-ready distribution of the Open Java Development Kit (OpenJDK). For an introduction to Amazon Corretto, you can visit the announcement page here. We will be keeping an eye on the progression of version 11 and will update you on its progress.
Amplify Framework Adds new features
And while we’re on the topic of new features that will delight the AWS developers among us, this week also saw an update to AWS Amplify. The Amplify CLI, part of the Amplify Framework, now supports multiple environments and teams by offering a Git style workflow for creating and switching between environments for your Amplify project. When you work on a project within a team, you can create isolated back-ends per developer or alternatively share back-ends across developers, including to those outside your organisation. This week’s announcement sees the introduction of several new features for the Amplify framework including:
- support for IAM roles and MFA (Multi-Factor Authentication)
- Custom resolvers for AWS AppSync
- Increase in support for 150 Graphql transformer models, up from 15
- Support for multiple environments
These new announcements really open up some of the possibilities that Amplify can solve within enterprise and large team environments. The addition of support for IAM roles and MFA means it now supports standard best practise deployments (everybody should have MFA enabled on their IAM accounts and if you don’t, do it now… I’ll wait), while the added support for multiple environments is going to greatly simplify the workflows within larger teams keen to leverage Amplify’s capabilities. The addition of custom resolver support (such as Amazon DynamoDB tables, Amazon Elasticsearch Service domains, or HTTP endpoints that were provisioned independently of the Amplify GraphQL Transformer) from within your Amplify project and the increase in the number of supported transformer models already has my mind racing with possibilities, so don’t be surprised if you see more Amplify focused articles from me in the future.
Five New Amazon EC2 Bare Metal Instances
Did somebody say new instance? I think they did. Another announcement on Wednesday saw the Bare Metal team release 5 new instances in a range of regions throughout the world, and yes… Sydney is in the list (or at least is in the list for some of them). The release sees the addition of five (5) new instances within the Bare Metal family, including:
- Metal, a 48 physical/96 logical core instance with 384 GB of RAM, 25Gbps of available network bandwidth and 14,000 Mbps of EBS Bandwidth.
- Metal, the same as it’s M5 counterpart only with the addition of 4 x 900GB NVMe SSD local drives.
- Metal, a 48 physical/96 logical core instance with 796 GB of RAM, 25Gbps of available network bandwidth and 14,000 Mbps of EBS Bandwidth.
- Metal, the same as it’s R5 counterpart only with the addition of 4 x 900GB NVMe SSD local drives.
- Metal, a 24 physical/48 logical core instance with 384 GB of RAM, 25Gbps of available network bandwidth, 14,000 Mbps of EBS Bandwidth and 4 x 900GB NVMe SSDs.
For a full listing on where these new instances are available, you can visit the announcement here, but both the M5.Metal and M5D.metal are available in Sydney and are ready for deployment.
Amazon EFS Introduces Lower Cost Storage Class
Next cab off the rank is yet another announcement on Wednesday (Wednesday was a busy day in Seattle), this time from our storage friends with the release of a lower cost storage class for Elastic File Service. This one is exciting as I always like announcements that can save me money. In case you’ve not heard (and you might not have if you live in the windows world), EFS provides a simple, scalable, elastic file system for Linux-based workloads for use with AWS Cloud services and on-premises resources. With this new feature, you can create a new EFS file system and configure it as Infrequently used storage (S3 users should see where we are going here) and apply Life-cycle management policies to automatically move infrequently accessed files to the new storage tier. Much like the S3 equivalent, Infrequently Accessed storage comes at a much cheaper price (at the time of writing, Standard EFS is $0.36 per GB for standard and $0.054 per GB for IA in the Sydney region) however you must also pay a charge for access requests (currently $0.12 per GB transferred) when that IA data is transferred off the storage.
Why am I so excited about this, well if we configure a new File System and a Life-cycle Management policy to automatically migrate any data that hasn’t been accessed in 30 days to it, we instantly start saving money without having to change anything at the server end (no changes to workflow or application settings). Guess I know what I’ll be doing over the weekend.
Amazon GuardDuty Adds Three New Threat Detection’s
And finally, for this week’s roundup, we have three (3) new features from our friends over in GuardDuty. GuardDuty has very quickly become an “on by default” service for us here at Kloud as the benefits you gain from its insights are invaluable and these three new additions only make it more attractive for anybody running workloads in AWS. As stated in the product documentation “Once enabled, Amazon GuardDuty continuously monitors for malicious or unauthorised behaviour to help protect your AWS resources, including your AWS accounts and access keys. GuardDuty identifies unusual or unauthorised activity, like cryptocurrency mining or infrastructure deployments in a region that has never been used. When a threat is detected, you are alerted with a GuardDuty security finding that provides detail of what was observed, and the resources involved. Powered by threat intelligence and machine learning, GuardDuty is continuously evolving to help you protect your AWS environment.”
These three new features add the ability to alert when access requests are identified as coming from penetration testing focused operating systems (such as Parrot and Pentoo Linux. Kali has been identified for a while) as they are unlikely to be legitimate traffic. The third new feature is a new policy violation detection policy that alerts you to any request in which AWS account root credentials are used. This one makes monitoring of your root account a tick box on the audit checklist as nobody should EVER be using their Root account to perform tasks (and if you are, please call us and we’ll help you fix it), so any requests originating from the root account should be treated as suspicious.
And that’s it for the AWS update for Friday the 15th of February 2019. Please keep an eye out for our weekly updates on the happenings within the AWS Eco-system and for the continuation of my upcoming blogs on new AWS products and features.