Sponsors:

• Foghorn Consulting
• Blue Medora

Your co-hosts are back from Thanksgiving and Re:Invent, and we’re running through all of it for you. In this episode, we cover the lead-up to opening day. Next week, we’ll release an episode fully devoted to Re:Invent coverage. 

This week’s highlights

• CloudWatch has been growing quietly into a much more robust tool with 11 updates since the last episode.

• Attribute-based access control comes to AWS. This should allow a finer control over your security privileges.

• CloudTrail Insights launches with machine learning to help you separate the signal from the noise in your user activity and API usage.

Amazon EC2 introduces new API 

We’re one step closer to actually paying for what we use with the announcement that EC2 T2 instances will support Unlimited Mode at the account level. If your workload is spread out among multiple accounts, this will be something you should look at. But if you’re looking for load balancer updates, there’s a new batch of those for you too. We especially like the Weighted Target Groups, which have been needed for blue/green deployments for a while now.

Restores and Replicas

Migrating to the cloud has gotten a bit easier with differential and log restores on RDS for SQL servers. Like a lot of the recent announcements, simplicity was highlighted in the announcement of increased availability of DynamoDB tables using global table replicas. 

“It’ll only take a few clicks” makes it sound like Amazon thinks clicking things must be very taxing on us.

Secrets and Cents

CloudTrail Insights will alert you to unusual activity at a cost of 35 cents per 100,000 write management events analyzed. It’s hard to know yet whether how expensive that will end up being, but it sounds cheap. AWS Single Sign-On will connect to Azure AD, making it easier to migrate to Amazon, and AWS Secrets Manager will make it easier to rotate your secrets by handling it at the API level.

AWS is moving from role-based to attribute-based access control and will be implementing Tag Policies to allow you to control the standardization of your tags. Implementing these should serve to become better organized with less pain. WAF has grown up, having gained a number of improvements. With a threat research team maintaining the rules, you’ll have protection even before you customize your rules.

Devops and Devtools

AWS Service Catalog Connector for Service Desk has been announced, and it’s nice that it isn’t 10$ per user per month. Debugging got a little less painful with the new beta for visualizations in CodeBuild, and another beta for “Cloud Debugging” with JetBrains IDE. CDK now features Java and .Net, which will help developers most comfortable in those languages join CDK. CDK also has a new Toolkit to visualize CDK apps in a native sidebar. And speaking of native, Correto is now supported natively in Beanstalk.

Eye on CloudWatch

You now have access to a preview of Amazon CloudWatch that includes a way to set up automatic analysis of the top contributors to systems performance. Another preview for CloudWatch is Synthetics, a way to test for customer experience even when no customers are having experiences.

You’ll no longer have to poll an API to receive an event for ECS tasks and instances now those events are available as CloudWatch events. Another way CloudWatch has grown into a strong aggregation point.

Orderly by Default

Redshift will now automatically and by default sort tables where a sort key is specified.

SlackBots

AWS Chatbot can now run commands in Slack for you, and we’ll be happy to use it to generate support cases.

Other headlines mentioned: 

Infrastructure and Platform

• Amazon EC2 Auto Scaling, Application Auto Scaling, and AWS Auto Scaling now support AWS PrivateLink
• Introducing AWS Cost Categories
• Inter-Region VPC Peering Now Supports IPv6 traffic
• Amazon SES Announces Account-Level Suppression List
• Application Load Balancer now supports Least Outstanding Requests algorithm for load balancing requests
• VPC Traffic Mirroring Now Supports Amazon CloudWatch Metrics
• Access your AWS Regions faster using the AWS Management Console
• You can now run fully managed Apache Flink applications with Apache Kafka

Databases

• Amazon RDS for SQL Server now Supports Outbound Network Access
• New for Amazon Aurora – Use Machine Learning Directly From Your Databases
• Amazon RDS for Oracle Now Supports Managed Disaster Recovery and Data Proximity with Cross-region Read Replicas
• Amazon RDS Performance Insights Supports SQL-level Metrics on Amazon Aurora with PostgreSQL Compatibility

Security

• Now Publish Log files from Amazon RDS for SQL Server to Amazon CloudWatch
• New partner integrations available for AWS Security Hub
• Digital signing with the new asymmetric keys feature of AWS KMS
• Amazon Cognito now supports account recovery method prioritization
• Improve the Security Between AWS Applications and Your Self-Managed Active Directory with Secure LDAP using AWS Managed Microsoft AD

Developer Operations and Tools

• AWS X-Ray offers improved trace analysis and identification of service disruption
• AWS Tools for PowerShell is Now Generally Available with version 4.0
• Safe Deployment of Application Configuration Settings With AWS AppConfig

Operations/SRE

• Visualize and Monitor Highly Distributed Applications with Amazon CloudWatch ServiceLens
• Debugging with Amazon CloudWatch Synthetics and AWS X-Ray
• CloudWatch Application Insights for .NET and SQL Server Now supports Windows Performance Counters, SQL Server on Linux, and more
• New Amazon CloudWatch Contributor Insights for Amazon DynamoDB (Preview) helps you identify frequently accessed keys and database traffic trends
• AWS X-Ray launches support for Amazon CloudWatch Synthetic Canaries

Containers

• EventBridge Support in Amazon Elastic Container Registry

Serverless

• AWS SAM CLI simplifies deploying serverless applications with single-command deploy
• AWS Lambda adds support for percentiles on Amazon CloudWatch Metrics
• AWS Lambda Now Supports Maximum Event Age and Maximum Retry Attempts for Asynchronous Invocations

Big Data/ML

• Amazon Redshift announces support for spatial data
• Amazon Redshift now supports elastic resize scheduling
• Amazon Athena adds four new query-related mechanics
• Amazon Athena adds support for invoking machine learning models in SQL queries
• Amazon Athena adds support for running SQL queries across relational, non-relational, object, and custom data sources
• Amazon Athena Adds support for User Defined Functions (UDF)

IOT

• Welcome to AWS IoT Day – Eight Powerful New Features
• New – AWS IoT Greengrass Adds Container Support and Management of Data Streams at the Edge

Other

• AWS Marketplace Now Offers Syndicated Product Reviews
• AWS announces Amazon Chime SDK for embedding real-time communications in applications
• 15 additional AWS services receive DoD Impact Level 4 and 5 authorization
• 8K Resolution Encoding Now Available with AWS Elemental MediaConvert
• 22 New Languages And Variants, 6 New Regions For Amazon Translate
• Introducing Amazon WorkSpaces Streaming Protocol (beta)
• Amazon WorkSpaces Introduces WorkSpaces 3.0 Client for Linux