Well, it’s been over a month since my last AWS Weekly Update, so we’ve got quite a lot to cover in this weeks update. There have been quite a few releases over the last month that help to solve a wide array of issues and provide more functionality for cloud architects. From New AWS Lambda support to new features in the world of EC2 management. And let’s not forget one of the big announcements I’ve personally been waiting for, the Transit Gateway support for Direct Connect.
As always, this list is not meant to be an exhaustive list of all the updates and changes to the AWS eco-system, but simply a summary of changes that might have an impact on the business and trends we at Kloud are seeing within the industry. As always, if you would like to talk to somebody about how you might be able to leverage some of these new technologies and services, please feel free to reach out using the contact link at the top of the page.
The key takeaways from this week are:
- AWS Lambda adds support for Node.JS v10
- AWS AppSync Now Supports Configuring Multiple Authorization Types for GraphQL APIs
- Share encrypted AMIs across accounts to launch instances in a single step
- AWS Systems Manager Patch Manager Supports Microsoft Application Patching
- AWS Direct Connect Support for AWS Transit Gateway
AWS Lambda adds support for Node.JS v10
First off in this week’s rundown is the announcement coming out of the Lambda Team. You can now develop your AWS Lambda functions using Node.JS v10. These new v10 functions run on “Amazon Linux 2” which provides additional benefits in addition to those available by leveraging the new features available in version 10 of Node.JS. The NodeJS 10.x runtime is available in all regions where Lambda is available and is also supported through the CLI and the AWS Serverless Application Model (SAM).
For those wanting to upgrade their existing NodeJS functions to the 10.X runtime, please note that you may be required to make code changes to ensure compatibility, but you can test this by simply changing the runtime version to “nodejs10.x” on the function. This is also a good time to remind people to keep an eye on the AWS Lambda Runtime support policy (available here) which outlines the deprecation schedule of different programming languages. Node.js 6.10 hit “End of Life” and “deprecation (create)” on April 30th and will hit “Deprecation (Update)” on June 30th of this year. This means that you can no longer create Node.js 6.10 Lambda functions and that soon, you will no longer be able to update them. If you still have 6.10 functions in your environment, it’s advisable to update them as soon as possible.
Launch encrypted EBS backed EC2 instance from unencrypted AMIs in a single step
This one I probably wouldn’t put in the list of “Most exciting updates of 2019” but it’s definitely going to be a time saver for people managing EC2 instances. As of May 10th, you can now launch an encrypted Amazon Elastic Block Store (EBS) backed Amazon Elastic Compute Cloud (EC2) instance from any unencrypted AMI.
The process of launching an encrypted EBS backed instance from an unencrypted AMI was a drawn out and time-consuming process whereby you needed to create an encrypted version of the AMI first. Now you can (with a single API call) launch an encrypted instance without having to go through all the additional effort first. In addition, you can also create encrypted EBS volumes directly from unencrypted snapshots by specifying encryption properties in the “CreateVolume” request. Those who have had to go through this process before can see how this is going to save people a lot of time in the future, particularly when you want to leverage a community-backed AMI that may not be encrypted by default. More information can be found on the documentation page available here.
Share encrypted AMIs across accounts to launch instances in a single step
And while on the topic of managing your EC2 AMIs, there was another announcement made on the same day around the ability to now share AMIs encrypted with “Customer-Managed Customer Master Keys” (CMKs) across AWS accounts. Up until now, it has only been possible to share unencrypted AMIs meaning that you had to have an unencrypted version of your workload (or create one if need be) and share that across accounts and then re-encrypt it before it went into production. This was a time-consuming process and resulted in unencrypted copies of AMIs within your environment. With this new feature, you can have all of your workloads encrypted and simply share the encrypted versions. This makes activities such as managing centralised Service Catalogs much easier than it was before.
AWS Systems Manager Patch Manager Supports Microsoft Application Patching
For those who may not have heard of it, AWS Systems Manager is a tool that engineers can use to orchestrate admin tasks that need to be conducted across the AWS and On-Premise instances. One of the most useful features is the Patch Manager which helps keep your environment patched and up-2-date via the use of Software Patch baselines that allow you to define preset times (or even on an ad-hoc basis) to perform the updates. This works really well and is a part of our internal management process for all of our environments.
The problem has been that it only supported patching of the operating systems, which meant you had to write custom logic to handle the Microsoft applications installed on the instance. Well, not anymore. On the 7th of May, AWS announced that Systems Manager Patch Manager now allows you to select and apply Microsoft application patches automatically across your Amazon EC2 or on-premises instances. This means that your Microsoft Applications can now be managed the same way as your Operating System Updates. To get started, simply create an application patch baseline in the same manner as you do “operating system patch baselines” from the Patch Manager console, CLI or API. For those after more information on this, you can see the official announcement here or take a look at the product documentation available here. Watch our blog as we will no doubt have an article on this coming in the not too distant future.
AWS Direct Connect Support for AWS Transit Gateway
And last but definitely not least for this weeks roundup is the announcement from the networking team back at the beginning of the month that AWS Direct Connect now supports AWS Transit Gateway. More and more organizations are using AWS Direct Connects to provide secure, reliable ways into their AWS environment and with the recent changes to the AWS Direct Connect landscape, this number is only going to increase. Up until this announcement, you could only connect VPC attachments and site-to-site VPN’s to your Transit Gateway. With this announcement, it is now possible to have your Direct Connect link directly to your Transit Gateway and centrally control which resources in your AWS environment the connection has access to.
With this announcement comes a new type of virtual interface called a “Transit Virtual Interface” which supports connectivity between the Direct Connect and the Transit Gateway. Through this new Interface, you can connect up to three Transit Gateways to each of your Direct Connects allowing for some very flexible networking options. As with a lot of things in the AWS space, it’s going to be helpful if you review the updated Direct Connect documentation as they have added a number of new Best Practises including adding multiple “Transit Virtual Interfaces” per Direct Connect to provide increases redundancy. Direct Connect Documentation can be found here and a Direct Connect Recommendations article can be found here. It’s important to note that this functionality is not yet available in all regions and you should always check the AWS Regions table (available here) before designing your solution.
And that’s it for the AWS update for Friday the 17th of May 2019. Please keep an eye out for our weekly updates on the happenings within the AWS eco-system (they will be going back to weekly from now on). We post updates every Friday as well as detailed tutorials and deep dives on products throughout the week. If there something you’d like to see on the Kloud Blog, please feel free to drop a comment below.