Virtual appliance within the Amazon EC2
POPULARITY
Getting ISO 27001 certified is not just boring paperwork. We discuss what we've learned and how we improved information security for our customers. Also, Michael shares how to run Amazon Linux 2023 on small machines like t3.nano.
Learn how to work around missing resources in Terraform by using the Cloud Control API and the awscc Terraform provider. Also, Michael shares what he learned from migrating a workload from Amazon Linux 2 to Amazon Linux 2023. Last but not least, Andreas reviews the fwd:cloudsec Europe conference. ☁️ Cloud Control API + Terraform awscc ☁️ Migrating to Amazon Linux 2023 ☁️ fwd:cloudsec Europe in Review
Las Vegas Las Vegas Las Vegas Florida Florida North Carolina North Carolina Wales Wales Wales sugar loaf sugar loaf sugar loaf Scotland Scotland Scotland Skiing Retirement Retirement Retirement Retirement Retirement Star Labs StarBook StarLite StarFighter Dual-boot Linux and Windows Dual-boot Linux and Windows fosdem: fosdem: autism autism Ménière's Disease Ménière's Disease Wayland X Window System What is ADHD What is ADHD myth of vaccination and autism spectrum myth of vaccination and autism spectrum Space debris Space debris Space debris hpr3904 :: How to make friends hpr3942 :: RE: How to make friends. hpr3961 :: RERE: How to make friends. hpr3971 :: RERERE: How to make friends. Asperger syndrome Stigma for disabled individuals and their family: A systematic review. Stigma research in the field of intellectual disabilities... Python (programming language). Python Python Docs Beginner's Guide to Python Managing Application Dependencies. Sweden visitsweden: Currency, credit cards and money in Sweden. United Kingdom - The World Factbook United Kingdom United Kingdom wikipedia: Brexit (a portmanteau of "British exit") was the withdrawal of the United Kingdom (UK) from the European Union (EU) at 23:00 GMT on 31 January 2020 (00:00 1 February 2020 CET). The UK is the only sovereign country to have left the EU or the EC. Brussels Brussels Stockholm Arlanda Airport Swedish passport. Sweden International Travel Information Welcome to the website of Sweden's embassies and consulates. Travelling in the EU. Automated border control system. Turkey - Wikipedia Turkey (Turkiye) Turkey (Turkiye) Mainland China Hong Kong Beijing Shenzhen Spain - Wikipedia Snow globe List of museums in Brussels Atomium Atomium Never Go Barefoot Through Airport TSA Checkpoints! Here's Why You Should Never Go Barefoot on a Plane. TSA PreCheck TSA PreCheck How do I apply for TSA PreCheck Second Annual International Copyleft Conference Copyleft Copyleft Copyleft The Free Software Foundation Software Freedom Conservancy Mark Shuttleworth Mark Shuttleworth stallman: Richard Stallman's Personal Site. Duck Duck Go: Bradley Coon Ubuntu Summit 2023 Redhat Rocky Linux AlmaLinux Centos ubuntu: Ubuntu is a Linux distribution based on Debian and composed mostly of free and open-source software. ubports: We are building a secure & private operating system for your smartphone. Ubuntu Touch Ubuntu Touch Ubuntu Touch Apps Firefox OS Firefox OS Firefox OS Firefox OS Features Guide sailfishos: The mobile OS with built-in privacy. Fairphone We are Fairphone. An Amsterdam-based electronics company. Fairphone Fairphone is a Dutch electronics manufacturer that designs and produces smartphones and headphones. Hello World magazine by educators for educators One hundred pages of in-depth discussion, project ideas, lesson plans, news, and reviews. Fire TV Sticks, Streaming Devices, Smart TVs & More | Amazon Amazon Linux 2023, a Cloud-Optimized Linux Distribution with Long-Term Support Every generation of Amazon Linux distribution is secured, optimized for the cloud, and receives long-term AWS support. We built Amazon Linux 2023 on these principles, and we go even further. Deploying your workloads on Amazon Linux 2023 gives you three major benefits: a high-security standard, a predictable lifecycle, and a consistent update experience. Linux from AWS Whether you are looking for an operating system to host your general-purpose workloads or a purpose-built operating system to host containers, AWS offers you a portfolio of security-focused, stable, and high performance Linux-based operating systems. Windows Phone Windows Phone (WP) is a discontinued mobile operating system developed by Microsoft for smartphones as the replacement successor to Windows Mobile and Zune. Microsoft’s Samsung action After becoming the leading player in the worldwide smartphone market, Samsung decided late last year to stop complying with its agreement with Microsoft. In September 2013, after Microsoft announced it was acquiring the Nokia Devices and Services business, Samsung began using the acquisition as an excuse to breach its contract. Samsung Galaxy S III Mini The Samsung Galaxy S III Mini (stylized as Samsung GALAXY S III mini, model number: GT-I8190) is a touchscreen-based, slate-sized smartphone designed and manufactured by Samsung. Samsung Galaxy S III Mini Like its big brother Galaxy S III, Galaxy S III mini delivers a world of possibilities for sharing, interaction, and entertainment-but in a smaller package. See your content look more brilliant and vivid with a Super AMOLED™ display and enjoy the premium Galaxy camera modes and intuitive user interface. spectrum Switch to Spectrum for incredible savings and seamless connectivity with... spectrum Sign up for Spectrum Internet® and get Advanced WiFi and an Unlimited Mobile... ZX Spectrum Vega+ The ZX Spectrum Vega+ is a handheld game console based on the ZX Spectrum and designed by Rick Dickinson as a follow-up to the ZX Spectrum Vega handheld TV game which was released in 2015. Only a small number of Vega+ machines were released, before Retro Computers (who manufactured the devices) was wound up. youtube.com: Sinclair ZX Spectrum Vega+ Handheld - Review & Overview wikipedia: Accelerated Graphics Port (AGP) is a parallel expansion card standard, designed for attaching a video card to a computer system to assist in the acceleration of 3D computer graphics. wikipedia: Hardware acceleration is the use of computer hardware designed to perform specific functions more efficiently when compared to software running on a general-purpose central processing unit (CPU). Any transformation of data that can be calculated in software running on a generic CPU can also be calculated in custom-made hardware, or in some mix of both. wikipedia: ZX Spectrum Next is an 8-bit home computer, initially released in 2017, which is compatible with software and hardware for the 1982 ZX Spectrum. It also has enhanced capabilities. wikipedia: The ZX Spectrum 128 is similar to the ZX Spectrum+, with the exception of a large external heatsink for the internal 7805 voltage regulator added to the right hand end of the case, replacing the internal heatsink in previous versions. wikipedia: In Sweden, the standard time is Central European Time (CET; UTC+01:00; Swedish: centraleuropeisk tid). Daylight saving time is observed from the last Sunday in March (02:00 CET) to the last Sunday in October (03:00 CEST). Sweden adopted CET in 1900. wikipedia: Lapland, also known by its Swedish name Lappland (Northern Sami: Sápmi, Finnish: Lappi, Latin: Lapponia), is a province in northernmost Sweden. raspberrypi: single board computers. mxlinux: MX Linux is a cooperative venture between the antiX and MX Linux communities. raspbian: Raspbian is not affiliated with the Raspberry Pi Foundation. Raspbian was created by a small, dedicated team of developers that are fans of the Raspberry Pi hardware, the educational goals of the Raspberry Pi Foundation and, of course, the Debian Project. raspberrypi: Many operating systems are available for Raspberry Pi, including Raspberry Pi OS, our official supported operating system, and operating systems from other organisations. joeress: I’m Joe Ressington. I’m a freelance podcast producer, host, and editor. I’m the head of the Late Night Linux Family of podcasts. linuxacademy: Error: can’t connect to the server at linuxacademy.com wikipedia: Cunt: In informal British, Irish, New Zealand, and Australian English, and occasionally but to a lesser extent in Canadian English, it can be used with no negative connotations to refer to a (usually male) person. In this sense, it may be modified by a positive qualifier (funny, clever, etc.). For example, "This is my mate Brian. He's a good cunt. debian: Debian, also known as Debian GNU/Linux, is a Linux distribution composed of free and open-source software, developed by the community-supported Debian Project, which was established by Ian Murdock on August 16, 1993. xfce: Xfce or XFCE is a free and open-source desktop environment for Linux and other Unix-like operating systems. snapcraft: Snaps are containerised software packages that are simple to create and install. They auto-update and are safe to run. flatpak: Flatpak is developed by an independent community, made up of contributors, volunteers and supporting organizations. It is a true upstream open source project, dedicated to providing technology and services that can be used by all, with no vendor lock-in. We have strong links to other Free Software projects, including the Freedesktop project. raspberrypi: Raspberry Pi computers and microcontrollers ubuntu: Apt-Cache-ng is A caching proxy. Specialized for package files from Linux distributors, primarily for Debian (and Debian based) distributions but not limited to those. mumble: Mumble is a free, open source, low latency, high quality voice chat application. wikipedia: Pepsi Max (also known as Pepsi Zero Sugar and Pepsi Black in some countries) is a low-calorie, sugar-free cola, marketed by PepsiCo as an alternative to Pepsi and Diet Pepsi, except for the United Kingdom and Norway, where it is the main Pepsi flavor. alcoholism: Alcoholism is a condition that develops over time as someone continues to abuse alcohol. The result of alcoholism is the inability to control the urge to drink alcohol. wikipedia: The Swiss Army knife is a pocketknife, generally multi-tooled, now manufactured by Victorinox. The term "Swiss Army knife" was coined by American soldiers after World War II after they had trouble pronouncing the German word "Offiziersmesser", meaning "officer’s knife". wikipedia: "It ain't over till (or until) the fat lady sings" is a colloquialism which is often used as a proverb. It means that one should not presume to know the outcome of an event which is still in progress. wikipedia: In electrical engineering, a transformer is a passive component that transfers electrical energy from one electrical circuit to another circuit, or multiple circuits. wikipedia: A distribution transformer or service transformer is a transformer that provides the final voltage transformation in the electric power distribution system, stepping down the voltage used in the distribution lines to the level used by the customer. wikipedia: In news media and social media, an echo chamber is an environment or ecosystem in which participants encounter beliefs that amplify or reinforce their preexisting beliefs by communication and repetition inside a closed system and insulated from rebuttal. wikipedia: An echo chamber is a hollow enclosure used to produce reverberation, usually for recording purposes. wikipedia: Social media are interactive technologies that facilitate the creation, sharing and aggregation of content, ideas, interests, and other forms of expression through virtual communities and networks. joinmastodon: Social networking that's not for sale. telegram: Telegram is a cloud-based mobile and desktop messaging app with a focus on security and speed. discord: A place that makes it easy to talk every day and hang out more often. mozilla: Firefox Multi-Account Containers lets you keep parts of your online life separated into color-coded tabs. Cookies are separated by container, allowing you to use the web with multiple accounts and integrate Mozilla VPN for an extra layer of privacy. rocketmortgage: Did you know that manufactured homes used to be more commonly referred to as mobile homes? That is until 1976, when Congress passed the National Manufactured Housing Construction and Safety Standards Act, which authorized the U.S. Department of Housing and Urban Development (HUD) to create construction standards for manufactured homes. audiobookshelf: goodreads: The BSD North conference draws some of the smartest people in the world. These few days will validate Dale Whitehead’s work—or expose him as a fraud. goodreads: Demon Squad Series. goodreads: Sandman Slim Series. goodreads: Case Files of Henri Davenforth Series. snapcraft: Nextcloud Server - A safe home for all your data. tubitv: free Movies & TV Fewer Ads than Cable No Subscription Required Thousands of movies and TV shows. Always Free. 100% Legal. wikipedia: Pluto TV is a free ad-supported streaming television (FAST) service owned and operated by the Paramount Streaming division of Paramount Global. animalhumanesociety: Animal Humane Society provides post-surrender euthanasia services for pet owners at a reduced cost.
Wes Miller, Research VP at Directions on Microsoft, joins Corey on Screaming in the Cloud to discuss the various intricacies and pitfalls of Microsoft licensing. Wes and Corey discuss what it's like to work closely with a company like Microsoft in your day-to-day career, while also looking out for the best interest of your mutual customers. Wes explains his history of working both at and with Microsoft, and the changes he's seen to their business models and the impact that has on their customers. About WesWes Miller analyzes and writes about Microsoft security, identity, and systems management technologies, as well as Microsoft product licensing.Before joining Directions on Microsoft in 2010, Wes was a product manager and development manager for several Austin, TX, start-ups, including Winternals Software, acquired by Microsoft in 2006. Prior to that, Wes spent seven years at Microsoft working as a program manager in the Windows Core Operating System and MSN divisions.Wes received a B.A. in psychology from the University of Alaska Fairbanks.Links Referenced: Directions on Microsoft Website: https://www.directionsonmicrosoft.com/ Twitter: https://twitter.com/getwired LinkedIn: https://www.linkedin.com/in/wmiller/ Directions on Microsoft Training: https://www.directionsonmicrosoft.com/training TranscriptAnnouncer: Hello, and welcome to Screaming in the Cloud with your host, Chief Cloud Economist at The Duckbill Group, Corey Quinn. This weekly show features conversations with people doing interesting work in the world of cloud, thoughtful commentary on the state of the technical world, and ridiculous titles for which Corey refuses to apologize. This is Screaming in the Cloud.Corey: Welcome to Screaming in the Cloud, I'm Corey Quinn. So, I write a newsletter called Last Week in AWS, which has always felt like it's flying a little bit too close to the sun just because having AWSes name in the title of what I do feels like it's playing with copyright fire. It's nice periodically to talk to someone—again—who is in a similar boat. Wes Miller is a Research VP at Directions on Microsoft. To be clear, Directions on Microsoft is an analyst firm that talks primarily about Microsoft licensing and is not, in fact, part of Microsoft itself. Have I disclaimed that appropriately, Wes?Wes: You have. You have. And in fact, the company, when it was first born, was actually called Microsoft Directions. And they had a reasonably good relationship with Microsoft at the time and Microsoft cordially asked them, “Hey, could you at least reverse that so it corrects it in terms of trademark.” So yes, we're blessed in that regard. Something you probably would never get away with now, but that was 30 years ago.Corey: [laugh]. And now it sounds like it might as well be a product. So, I have to ask, just because the way I think of you is, you are the folks to talk to, full stop, when you have a question about anything that touches on Microsoft licensing. Is that an accurate depiction of what it is you folks do or is that just my particular corner of the world and strange equivalence that gets me there?Wes: That is our parts of the Venn diagram intersecting because that's what I spend a lot of time talking about and thinking about because I teach that with our company founder, Rob Horwitz. But we also spend an inordinate amount of time taking what Microsoft is talking about shipping, maybe servicing, and help customers understand really, as we say, the ‘So, what?' What does this mean to me as a customer? Should I be using this? Should I be waiting? Should I upgrade? Should I stay? Those sorts of things.So, there's a whole roadmapping side. And then we have a [laugh]—because licensing doesn't end with a license, we have a whole side of negotiation that we spend a lot of time, we have a dedicated team that focuses on helping enterprise agreement customers get the most successful deal for their organization, basically, every three years.Corey: We do exactly that with AWS ourselves. I have to ask before we dive into this. In the early days, I felt like I had a much better relationship with Microsoft. Scott Guthrie, the head of Azure, was on this show. A number of very highly placed Microsoft folks were here. And over the years, they more or less have stopped talking to me.And that leaves me in a position where all I can see is their actions and their broad public statements without getting any nuance or context around any of it. And I don't know if this is just a commentary on human nature or me in particular, but I tend to always assume the worst when things like that happen. So, my approach to Microsoft has grown increasingly cynical over the years as a result. That said, I don't actually have an axe to grind with them from any other perspective than as a customer, and occasionally that feels like ‘victim' for a variety of different things. What's your take on Microsoft as far as, I guess, your feelings toward the company?Wes: So, a lot of people—in fact, it used to be more so, but not as much anymore, people would assume I hate Microsoft or I want to demonize Microsoft. But the irony actually is, you know, I want people to remember I worked there for seven-and-a-half years, I shipped—I was on the team that shipped Windows XP, Server 2003, and a bunch of other products that people don't remember. And I still care about the company, but the company and I are obviously in different trajectories now. And also, my company's customers today are also Microsoft's customers today, and we actually have—our customers—our mutual customers—best interest in mind with basically everything we do. Are we helping them be informed? Are we helping them color within the financial lines?And sometimes, we may say things that help a customer that aren't helping the bottom line or helping a marketing direction and I don't think that resonates well within Microsoft. So sure, sometimes we even hear from them, “Hey, it'd be great if you guys might want to, you know, say something nice once in a while.” But it's not necessarily our job to say nice things. I do it once in a while. I want to note that I said something nice about AAD last week, but the reality is that we are there to help our mutual customers.And what I found is, I have found the same thing to be true that you're finding true that, unfortunately, outbound communications from them, in particular from the whole company, have slowed. I think everybody's busier, they've got a very specific set of directions they're going on things, and as a result, we hear very little. And even getting, trying to get clarification on things sometimes, “Did we read that right?” It takes a while, and it has to go through several different rungs of people to get the answer.Corey: I have somewhat similar relationships over the years with AWS, where they—in many cases, a lot of their executives prefer not to talk to me at all. Which again, is fair. I'm not—I don't require any of them to do it. But there's something in the Amazonian ethos that requires them to talk to customers, especially when customers are having a rough time. And I'm, for better or worse, the voice of the customer.I am usually not the dumbest person in the universe when it comes to trying to understand a service or make it do something that, to me, it seems that it should be able to do. And when I actually start having in-depth conversations, people are surprised. “Wow, you were super pleasant and fun to work with. We thought you were just going to be a jerk.” It's, yeah, it turns out I don't go through every meeting like it's Twitter. What a concept.Wes: Yeah, a lot of people, I've had this happen for myself when you meet people in person, when they meet your Twitter persona, especially for someone who I think you and I both come across as rather boisterous, gregarious, and sometimes people take that as our personas. And I remember meeting a friend in the UK for the first time years ago, he's like, “You're very different in person.” I'm like, “I know. I know.”Corey: I usually get the, “You're just like Twitter.” In many respects, I am. Because people don't always see what I'm putting down. I make it a point to be humorous and I have a quick quip for a lot of things, but it's never trying to make the person I'm engaging with feel worse for it. And that's how I work.People are somewhat surprised when I'm working in client meetings that I'm fun and I have a similar sense of humor and personality, as you would see on Twitter. Believe it or not, I haven't spent all this time just doing a bit. But they're also surprised that it tends to drive toward an actual business discussion.Wes: Sure.Corey: Everything fun is contextual.Wes: Absolutely. That's the same sort of thing we get on our side when we talk to customers. I think I've learned so much from talking with them that sometimes I do get to share those things with Microsoft when they're willing to listen.Corey: So, what I'm curious about in the context of Microsoft licensing is something that, once again, it has intruded upon my notice lately with a bunch of security disclosures in which Microsoft has said remarkably little, and that is one of the most concerning things out there. They casually tried to slide past, “Oh, yeah, we had a signing key compromised.” Which is one of those, “Oh, [laugh] and by the way, the building's on fire. But let's talk about our rent [unintelligible 00:07:44] for the next year.” Like, “Whoa, whoa, whoa. Hold on. What?”That was one of those horrifying moments. And it came out—I believe I learned about this from you—that you needed something called E3 licensing—sorry, E5 licensing—in order to look at those audit logs, where versus E3, which sounded like the more common case. And after a couple of days of, “Explain this,” Microsoft very quickly wound up changing that. What do all these things mean? This is sort of a foreign concept to me because AWS, for better or worse, does not play games with licensing in the same way that Microsoft does.Wes: Sure. Microsoft has, over the years, you know, they are a master of building suites. This is what they've done for over 30 years. And they will build a suite, they'll sell you that suite, they'll come back around in three to six years and sell you a new version of that suite. Sometimes they'll sell you a higher price version of that suite, et cetera.And so, you'll see products evolve. And did a great podcast with my colleagues Rob and Mary Jo Foley the other day where we talked about what we've seen over the last, now for me, 11 years of teaching boot camps. And I think in particular, one of the changes we have seen is exactly what you're being exposed to on the outside and what a lot of people have been complaining about, which is, products don't sit still anymore. So, Microsoft actually makes very few products today. Almost everything they sell you is a service. There are a handful of products still.These services all evolve, and about every triennium or two—so every three to six years—you'll see a price increase and something will be added, and a price increase and something will be added. And so, all this began with the BPOS, the first version of Office 365, which became Office 365 E3, then Microsoft 365 E3 then Microsoft 365 E5. And for people who aren't in the know, basically, that means they went from Office as a subscription to Office, Windows, and a bunch of management tools as a subscription, to E5, basically, it took all of the security and compliance tools that many of us feel should have been baked into the fundamentals, into E3, the thing that everybody buys, what I refer to still today as the hero SKU and those security and compliance fundamentals should have been baked in. But no, in fact, a lot of customers when this AAD issue came out—and I think a lot discovered this ad hoc for the same reason, “Hey, we've been owned, how far back in the logs can we look?” And the answer is, you know, no farther than 90 days, a lot of customers hit that reality of, what do you mean we didn't pay for the premium thing that has all the logging that we need?Corey: Since you sat on this for eight months before mentioning it to us? Yeah.Wes: Exactly, exactly. And it's buried. And it's one of those things that, like, when we teach the licensing boot camp, I specifically call out because of my security background, it's an area of focus and interest to me. I call out to customers that a lot of the stuff we've been showing you has not questionable valuable, but kind of squishy value.This piece right here, this is both about security and compliance. Don't cheap out. If you're going to buy anything, buy this because you're going to need it later. And I've been saying that for, like, three years, but obviously only the people who were in the boot camp would hear that and then shake their head;, “Why does it have to be this difficult?” But yeah. Everything becomes a revenue opportunity if it's a potential to upsell somebody for the next tier.Corey: The couple of times I've been asked to look at Azure bills, I backed away slowly as soon as I do, just because so much of it is tied to licensing and areas that are very much outside of my wheelhouse. Because I view, in the cloud context, that cost and architecture tend to be one of the same. But when you bolt an entire layer of seat licensing and what this means for your desktop operating systems on as well as the actual cloud architecture, it gets incredibly confusing incredibly quickly. And architectural advice of the type that I give to AWS customers and would give to GCP customers is absolutely going to be harmful in many respects.I just don't know what I don't know and it's not an area that interests me, as far as learning that competency, just to jump through hoops. I mean, I frankly used to be a small business Windows admin, with the products that you talked about, back when XP and Server 2003 and a few others, I sort of ruled the roost. But I got so tired of surprise audit-style work. It felt like busy work that wasn't advancing what I was trying to get done in any meaningful way that, in a fit of rage, one day, I wound up exploring the whole Unix side of the world in 2006 and never went back.Wes: [whispering] That's how it happened.Corey: Yep.Wes: It's unfortunate that it's become so commonplace, but when Vista kind of stalled out and they started exploring other revenue opportunities, you have Vista Ultimate Enterprise, all the crazy SKUing that Vista had, I think it sort of created a mindset within the company that this is what we have to do in order to keep growing revenue up and to the right, and you know, shareholder value be the most important thing, that's what you've got to do. I agree entirely, though, the biggest challenge I could see for someone coming into our space is the fact that yes, you've got to understand Azure, Azure architecture, development architecture, and then as soon as you feel like you understand that, somebody comes along and says, “Well, yeah, but because we have an EA, we have to do it this way or we only get a discount on this thing.” And yeah, it just makes things more cumbersome. And I think that's why we still see a lot of customers who come to our boot camps who are still very dedicated AWS customers because that's where they were, and it's easier in many regards, and they just want to go with what they know.Corey: And I think that that's probably fair. I think that there is an evolution that grows here that I think catches folks by surprise. I'm fortunate in that my Microsoft involvement, if we set things like GitHub aside because I like them quite a bit and my Azure stuff as well—which is still small enough to fit in the free tier, given that I use it for one very specific, very useful thing—but the rest of it is simply seat licenses for Office 365 for my team. And I just tend to buy the retail-priced one on the internet that's licensed for business use, and I don't really think about it again. Because I don't need, as you say, in-depth audit logs for Microsoft Word. I really don't. I'm sorry, but I have a hard time believing that that's true. But something that immediately crops up when you say this is when you talk about E3 versus E5 licensing, is that organization-wide or is that on a per-seat basis?Wes: It's even worse than that. It usually comes down to per-user licensing. The whole world used to be per device licensing in Microsoft and it switched to per user when they subscript-ified everything—that's a word I made up a while ago—so when they subscript-ified everything, they changed it over to per user. And for better or worse, today, you could—there's actually four different tiers of Microsoft 365. You could go for any one of those four for any distinct user.You could have one of them on F1, F3, E3, and E5. Now, if you do that, you create some other license non-compliance issues that we spend way too much time having to talk about during the boot camp, but the point is, you can buy to fit; it's not one-size-fits-all necessarily. But you run into, very rapidly, if you deploy E5 for some number of users because the products that are there, the security services and compliance services ironically don't do license compliance in most cases, customers can actually wind up creating new license compliance problems, thereby basically having to buy E5 for everybody. So, it's a bit of a trapdoor that customers are not often aware of when they initially step into dabbling in Microsoft 365 E5.Corey: When you take a look at this across the entire board, what is your guidance to customers? Because honestly, this feels like it is a full-time job. At scale, a full-time job for a department simply keeping up with all of the various Microsoft licensing requirements, and changes because, as you say, it's not static. And it just feels like an overwhelming amount of work that to my understanding, virtually no other vendor makes customers jump through. Sure there's Oracle, but that tends to be either in a database story or a per developer, or on rare occasions, per user when you build internal Java apps. But it's not as pervasive and as tricky as this unless I'm missing something.Wes: No, you're not. You're not missing anything. It's very true. It's interesting to think back over the years at the boot camp. There's names I've heard that I don't hear anymore in terms of companies that were as bad. But the reality is, you hear the names of the same software companies but, exactly to your point, they're all departmental. The people who make [Roxio 00:16:26] still, they're very departmentalized. Oracle, IBM, yeah, we hear about them still, but they are all absolutely very departmentalized.And Microsoft, I think one of the reason why we do get so many—for better or worse, for them—return visitors to our licensing boot camps that we do every two months, is for that exact reason, that some people have found they like outsourcing that part of at least trying to keep up with what's going on, what's the record? And so, they'll come back every two, three, or four years and get an update. And we try to keep them updated on, you know, how do I color within the lines? Should it be like this? No. But it is this way.In fact, it's funny, I think back, it was probably one of the first few boot camps I did with Rob. We were in New York and we had a very large customer who had gotten a personalized message from Microsoft talking about how they were going to simplify licensing. And we went to a cocktail hour afterwards, as we often do on the first day of the boot camp, to help people, you know, with the pain after a boot camp, and this gentleman asks us well, “So, what are you guys going to do once Microsoft simplifies licensing?” And Rob and I just, like, looked at each other, smiled, looked back at the guy, and laughed. We're like, “We will cross that bridge when we get to it.”Corey: Yeah, people ask us that question about AWS billing. What if they fix the billing system? Like, we should be so lucky to live that long.Wes: I have so many things I'd rather be doing. Yes.Corey: Mm-hm. Exactly. It's one of those areas where, “Well, what happens in a post-scarcity world?” Like, “I couldn't tell you. I can't even imagine what such a thing would look like.”Wes: Exactly [laugh]. Exactly.Corey: So, the last time we spoke way back, I think in 2019, Microsoft had wound up doing some unfortunate and fairly underhanded-appearing licensed changes, where it was more expensive to run a bunch of Microsoft things, such as server software, most notably SQL Server, on clouds that were not Azure. And then, because you know, you look up the word chutzpah in the dictionary, you'll find the Microsoft logo there in response, as part of the definition, they ran an advertising campaign saying that, oh, running many cloud workloads on Azure was five times cheaper than on AWS. As if they cracked some magic secret to cloud economics. Rather than no, we just decided to play dumb games that win worse prizes with cloud licensing. How did that play out?Wes: Well, so they made those changes in October of 2019, and I kind of wish they'd become a bigger deal. And I wish they'd become a bigger deal earlier so that things could have been, maybe, reversed when it was easier. But you're absolutely right. So, it—for those who don't know, it basically made licensing changes on only AWS, GCP, and Alibaba—who I never had anybody ask me about—but those three. It also added them for Azure, but then they created loopholes for themselves to make Azure actually get beneficial licensing, even better than you could get with any other cloud provider [sigh].So, the net takeaway is that every Microsoft product that matters—so traditionally, SQL Server, Windows Server, Windows client, and Office—is not impossible to use on AWS, but it is markedly more expensive. That's the first note. To your point, then they did do that marketing campaign that I know you and I probably had exchanges about at the time, and it drove me nuts as well because what they will classically do is when they tout the savings of running something on Azure, not only are they flouting the rules that they created, you know, they're basically gloating, “Look, we got a toy that they didn't,” but they're also often removing costs from the equation. So, for example, in order for you to get those discounts on Azure, you have to maintain what's called Software Assurance. You basically have to have a subscription by another name.If you don't have Software Assurance, those opportunities are not available to you. Fine. That's not my point. My point is this, that Software Assurance is basically 75% of the cost of the next version. So, it's not free, but if you look at those 5x claims that they made during that time frame, they actually were hand-waving and waving away the [assay 00:20:45] costs.So, if you actually sat down and did the math, the 5x number was a lie. It was not just very nice, but it was wrong, literally mathematically wrong. And from a—as my colleague likes to say, a ‘colors person,' not a numbers person like me, from a colors person like me, that's pretty bad. If I can see the error and your math, that's bad math.Corey: It just feels like it's one of those taxes on not knowing some of the intricacies of what the heck is going on in the world of Microsoft licensing. And I think every sufficiently complex vendor with, shall we say, non-trivial pricing dimensions, could be accused of the same thing. But it always felt particularly worrisome from the Microsoft perspective. Back in the days of BSA audits—which I don't know at all if they're still a thing or not because I got out of that space—every executive that I ever spoke to, in any company lived in fear of them, not because they were pirating software or had decided, “You know what? We have a corporate policy of now acting unethically when it comes to licensing software,” but because of the belief that no matter what they came up with or whatever good faith effort they made to remain compliant, of course, something was not going to work the way they thought it would and they were going to be smacked with a fine. Is that still the case?Wes: Absolutely. In fact, I think it's worse now than it ever was before. I will often say to customers that you are wildly uncompliant while also being wildly overcompliant because per your point about how broad and deep Microsoft is, there's so many products. Like, every company today, every company that has Project and Visio still in place today, that still pays for it, you are over-licensed. You have more of it than you need.That's just one example, but on the other side, SQL Server, odds are, every organization is subtly under-licensed because they think the rule is to do this, but the rules are actually more restrictive than they expect. So, and that's why Microsoft is, you know, the first place they look, the first rug they look under when they do walk in and do an audit, which they're entitled to do as a part of an organization's enterprise agreement. So BSA, I think they do still have those audits, but Microsoft now they have their own business that does that, or at least they have partners that do that for them. And places like SQL Server are the first places that they look.Why? Because it's big, found money, and because it's extremely hard to get right. So, there's a reason why, when we focus on our boot camps, we'll often tell people, you know, “Our goal is to save you enough money to pay for the class,” because there's so much money to be found in little mistakes that if you do a big thing wrong with Microsoft software, you could be wildly out of compliance and not know about it until Microsoft-or more likely, a Microsoft partner—points it out to you.Corey: It feels like it's an inevitability. And, on some level, it's the cost of doing business. But man, does that leave a sour taste in someone's mouth.Wes: Mm-hm. It absolutely does. It absolutely does. And I think—you know, I remember, gosh, was it Munich that was talking about, “We're going to switch to Linux,” and then they came back into the fold. I think the reality is, it absolutely does put a bad taste.And it doesn't leave customers with good hope for where they go from here. I mean, okay, fine. So, we got burned on that thing in the Microsoft 365 stack. Now, they want us to pay 30 bucks for Copilot for Microsoft 365. What? And we'd have no idea what they're even buying, so it's hard to give any kind of guidance. So, it's a weird time.Corey: I'm curious to see what the ultimate effect of this is going to be. Well, one thing I've noticed over the past decade and change—and I think everyone has as well—increasingly, the local operating system on people's laptops or desktops—or even phones, to some extent—is not what it once was. Increasingly, most of the tools that I find myself using on a daily basis are just web use or in a browser entirely. And that feels like it's an ongoing problem for a company like Microsoft when you look at it through the lens of OS. Which at some level, makes perfect sense why they would switch towards everything as a service. But it's depressing, too.Wes: Yeah. I think that's one of the reasons why, particularly after Steve left, they changed focus a lot and really begin focusing on Microsoft 365 as the platform, for better or worse. How do we make Microsoft 365 sticky? How do we make Office 365 sticky? And the thing about, like, the Microsoft 365 E5 security stuff we were talking about, it often doesn't matter what the user is accessing it through. The user could be accessing it only through a phone, they could be a frontline worker, they could be standing at a sales kiosk all day, they could be using Office every single day, or they could be an exec who's only got an iPad.The point is, you're in for a penny, in for a pound at that point that you'll still have to license the user. And so, Microsoft will recoup it either way. In some ways, they've learned to stop caring as much about, is everyone actively using our technology? And on the other side, with things like Teams, and as we're seeing very, very slowly, with the long-delayed Outlook here, you know, they're also trying to switch things to have that less Win32 surface that we're used to and focus more on the web as well. But I think that's a pretty fundamental change for Microsoft to try and take broadly and I don't anticipate, for example, Office will ever be fully replaced with a fat client like it has on Windows and the Mac OS.Corey: Yeah, part of me wonders what the future that all looks like because increasingly, it feels more than a little silly that I'm spending, like, all of this ever-increasing dollar figure on a per-seat basis every year for all of Microsoft 365. Because we don't use their email system. We don't use so much of what they offer. We need basically Word and Excel and once in a blue moon PowerPoint, I guess. But that's it. Our fundamental needs have not materially shifted since Office 2003. Other than the fact that everything uses different extensions now and there's, of course, the security story on top of it, too. We just need some fairly basic stuff.Wes: And I think that's the case for a lot of—I mean, we're the exact same way at Directions. And I think that's the case for a lot of small and even into mid-size companies. Microsoft has traditionally with the, like, Small Business Premium, they have an offering that they intentionally only scale up to 300 people. And sometimes they'll actually give you perks there that they wouldn't give away in the enterprise suite, so you arguably get more—if they let you have it, you get more than you would if you've got E5. On the other side, they've also begun, for enterprises, honing in on opportunities that they may have historically ignored.And when I was at Microsoft, you'd have an idea, like, “Hey, Bob. I got an idea. Can we try to make a new product?” He's like, “Okay, is it a billion-dollar business?” And you get waved away if it wasn't all a billion-dollar business. And I don't think that's the case anymore today, particularly if you can make the case, this thing I'm building makes Microsoft 365 sticky or makes Azure sticky. So, things like the Power Platform, which is subtly and slowly replacing Access at a minimum, but a lot of other tools.Power BI, which has come from behind. You know, people would look at it and say, “Oh, it's no Excel.” And now it, I think, far exceeds Excel for that type of user. And Copilot, as I talked about, you know, Microsoft is definitely trying to throw things in that are beyond Office, beyond what we think of as Microsoft. And why are they doing that? Because they're trying to make their platform more sticky. They're trying to put enough value in there so you need to subscribe for every user in your organization.And even things, as we call them, ‘Batteries not Included' like Copilot, that you're going to buy E5 and that you're still going to have to buy something else beyond that for some number of users. So, you may even have a picture in your head of how much it's going to cost, but it's like buying a BMW 5 Series; it's going to cost more than you think.Corey: I wish that there were a better path forward on this. Honestly, I wish that they would stop playing these games, let you know Azure compete head-to-head against AWS and let it win on some of its merits. To be clear, there are several that are great. You know, if they could get out of their own way from a security perspective, lately. But there seems to be a little appetite for that. Increasingly, it seems like even customers asking them questions tends to hit a wall until, you know, a sitting US senator screams at them on Twitter.Wes: Mm-hm. No, and then if you look carefully at—Microsoft is very good at pulling just enough off of the sweater without destroying the sweater. And for example, what they did, they gave enough away to potentially appease, but they didn't actually resolve the problem. They didn't say, “All right, everybody gets logging if they have Microsoft 365 E3,” or, “Everybody gets logging, period.” They basically said, “Here's the kind of logging you can get, and we're going to probably tweak it a little bit more in the future,” and they will not tweak it more in the future. If anything, they'll tighten it back up.This is very similar to the 2019 problem we talked about earlier, too, that you know, they began with one set of rules and they've had to revisit it a couple of times. And most of the time, when they've had an outcry, primarily from the EU, from smaller cloud providers in the EU who felt—justifiably—that Microsoft was being not—uncompetitive with Azure vis-à-vis every other cloud provider. Well, Microsoft turned around and last year changed the rules such that most of these smaller cloud providers get rules that are, ehh, similar to what Azure can provide. There are still exclusives that only Azure gets. So, what you have now is basically, if you're a customer, the best set and cheapest set is with Azure, then these smaller cloud providers give you a secondary—it's close to Azure, but still not quite as good. Then AWS, GCP, and Alibaba.So, the rules have been switched such that you have to know who you're going to in order to even know what the rules are and to know whether you can comply with those rules with the thing you want to build. And I find it most peculiar that, I believe it was the first of last month that Microsoft made the change that said, “You'll be able to run Office on AWS,” which was Amazon WorkSpaces, in particular. Which I think is huge and it's very important and I'm glad they made this change, but it's weird because it creates almost a fifth category because you can't run it anywhere else in Amazon, like if you were spinning something up in VMware on Amazon, but within Amazon WorkSpaces, you can. This is great because customers now can run Office for a fee. And it's a fee that's more than you'd pay if you were running the same thing on Microsoft's cloud.But it also was weird because let's say Google had something competitive in VDI, but they don't really, but if they had something competitive in VDI, now this is the benefit that Amazon has that's not quite as good as what Microsoft has, that Google doesn't get it at all. So, it's just weird. And it's all an attempt to hold… to both hold a market strategy and an attempt to grow market share where they're still behind. They are markedly behind in several areas. And I think the reality is, Amazon WorkSpaces is a really fine offering and a lot of customers use it.And we had a customer at our last in-person boot camp in Atlanta, and I was really impressed—she had been to one boot camp before, but I was really impressed at how much work she'd put into making sure we know, “We want to keep using Amazon WorkSpaces. We're very happy with it. We don't want to move anywhere else. Am I correct in understanding that this, this, this, and this? If we do these things will be aboveboard?” And so, she knew how much more she'd have to pay to stay on Amazon WorkSpaces, but it was that important to the company that they'd already bet the farm on the technology, and they didn't want to shift to somebody else that they didn't know.Corey: I'm wondering how many people have installed Office just through a standard Microsoft 365 subscription on a one-off Amazon WorkSpace, just because they had no idea that that was against license terms. I recall spinning up an Amazon WorkSpace back when they first launched, or when they wound up then expanding to Amazon Linux; I forget the exact timeline on this. I have no idea if I did something like that or not. Because it seems like it'd be a logical thing. “Oh, I want to travel with just an iPad. Let me go ahead and run a full desktop somewhere in the cloud. Awesome.”That feels like exactly the sort of thing an audit comes in and then people are on the hook for massive fines as a result. It just feels weird, as opposed to, there are a number of ways to detect you're running on a virtual machine that isn't approved for this. Stop the install. But of course, that doesn't happen, does it?Wes: No. When we teach at the boot camp, Rob will often point out that, you know, licensing is one of the—and it's true—licensing is one of the last things that comes in when Microsoft is releasing a product. It was that way when he was at the company before I was—he shipped Word 1.0 for the Mac, to give you an idea of his epoch—and I was there for XP, like I said, which was the first version that used activation—which was a nightmare—there was a whole dedicated team on. And that team was running down to the wire to get everything installed.And that is still the case today because marketing and legal make decisions about how a product gets sold. Licensing is usually tacked on at the very end if it gets tacked on at all. And in fact, in a lot of the security, compliance, and identity space within Microsoft 365, there is no license compliance. Microsoft will show you a document that, “Hey, we do this,” but it's very performative. You can't actually rely on it, and if you do rely on it, you'll get in trouble during an audit because you've got non-compliance problems. So yeah, it's—you would hope that it keeps you from coloring outside the lines, but it very much does not.Corey: It's just a tax on going about your business, in some ways [sigh].Wes: Exactly. “Don't worry, we'll be back to fix it for you later.”Corey: [laugh]. I really appreciate your taking the time to go through this with me. If people want to learn more, where's the best place for them to keep up with what you're up to?Wes: Well, obviously, I'm on Twitter, and—oh, sorry, X, whatever.Corey: No, we're calling it Twitter.Wes: Okay, I'm on—I'm on—[laugh] thank you. I'm on Twitter at @getwired. Same alias over on [BlueSky 00:35:27]. And they can also find me on LinkedIn, if they're looking for a professional question beyond that and want to send a quiet message.The other thing is, of course, go to directionsonmicrosoft.com. And directionsonmicrosoft.com/training if they're interested in one of our licensing boot camps. And like I said, Rob, and I do those every other month. We're increasingly doing them in person. We got one in Bellevue coming up in just a few weeks. So, there's opportunities to learn more.Corey: Excellent. And we will, of course, put links to that in the [show notes 00:35:59]. Thank you so much for taking the time to chat with me again, Wes. It's appreciated.Wes: Thank you for having me.Corey: Wes Miller, Research VP at Directions on Microsoft. I'm Cloud Economist Corey Quinn, and this is Screaming in the Cloud. If you've enjoyed this podcast, please leave a five-star review on your podcast platform of choice, whereas if you've hated this podcast, please leave a five-star review on your podcast platform of choice, along with an angry, insulting comment that will no doubt be taken down because you did not sign up for that podcasting platform's proper license level.Corey: If your AWS bill keeps rising and your blood pressure is doing the same, then you need The Duckbill Group. We help companies fix their AWS bill by making it smaller and less horrifying. The Duckbill Group works for you, not AWS. We tailor recommendations to your business and we get to the point. Visit duckbillgroup.com to get started.
AWS Morning Brief for the week of July 31, 2023, with Corey Quinn. Links: The new Amazon Chime 5 on Windows, macOS, and web is coming soon - Amazon Chime Help Center Access and Query are now generally available for Amazon Managed Blockchain AWS Lambda adds support for Python 3.11 AWS Entity Resolution: Match and Link Related Records from Multiple Applications and Data Stores New – Amazon EC2 P5 Instances Powered by NVIDIA H100 Tensor Core GPUs for Accelerating Generative AI and HPC Applications New – AWS Public IPv4 Address Charge + Public IP Insights Preview – Enable Foundation Models to Complete Tasks With Agents for Amazon Bedrock Migrating AWS Lambda functions from the Go1.x runtime to the custom runtime on Amazon Linux 2 Introducing Smithy for Python Introducing AWS HealthScribe – automatically generate clinical notes from patient-clinician conversations using AWS HealthScribe Analyze rodent infestation using Amazon SageMaker geospatial capabilities AWS Reaffirms its Commitment to Responsible Generative AI Amazon SageMaker Canvas announces SOME THINGS I AM NOT GOING TO TELL YOU ABOUT
systemd is a service manager for Linux. It is the first process that runs on many Linux distributions and manages all other user processes. It includes utilities for logging, process isolation, process dependencies, socket activation, and many other tasks. psystemd is a python library to communicate with systemd over dbus from python as an alternative to shelling out from an application to control services. Anita Zhang is an engineerd managerd at Meta and Alvaro Levia is a production engineer at Meta. I attended their systemd workshop at the Southern California Linux Expo. Topics covered: What's systemd? Giving talks and workshops cgroups and namespaces systemd timers vs cron Migrating from CentOS 6 to 7 Production engineers need to go lower in the stack to debug applications Meta's Linux userspace team Use of public cloud at Meta Meta's bootcamp Pystemd Mastodon Anita Zhang Alvaro Leiva Workshop systemd workshop Conference talks Journey into the Heart of systemd - Scale 19x Systemd: why you should care as a Python developer - PyCon 2018 Move Fast without Breaking things - Scale 18x Solving All the Problems with systemd - LISA18 Using systemd to high level languages - All Systems Go! The Curious Case of Memory Growth - Scale 19x Related Links systemd psystemd systemd-run systemd-timers Transcript You can help edit this transcript on GitHub. Introductions [00:00:00] Jeremy: So today I'm talking to Avaro Leiva and Anita Zhang. Avaro is the author of the pystemd library and he's a production engineer at Meta. And Anita is an engineerd managerd at Meta, and I'll let her explain that further. [00:00:19] Jeremy: But thank you both for joining me today. [00:00:21] Anita: Yeah, thanks for having us. [00:00:24] Jeremy: I guess where we could start, Anita, maybe you could explain a little bit your, your title that I just gave you there. engineerd managerd [00:00:31] Anita: Yeah, so by default I, I should be a software engineering manager, but when I transitioned to management, I was not, Ready to go public with, um, my transition. So I kind of hid it by, changing the title. we have some weird systems in place that grep on like the word engineer. So I had to keep engineer in there somehow. and so I kind of polled my friends what I should change my title to, and they're like, oh, you're gonna support the systemd team, so you should change it to like managerd. So I was like, sounds good. engineerd, managerd. I didn't wanna get kicked out of any workplace groups, for example, that required me to be an engineer. [00:01:15] Jeremy: Oh, okay. [00:01:17] Anita: Or like engineering function, I guess. [00:01:19] Jeremy: Yeah. Yeah. And you just gotta title it yourself, so as long as you got engineer in it, you're good. [00:01:24] Anita: Yeah, pretty much. Some people have really fun titles like Chief Potato Officer and things like that. [00:01:32] Jeremy: So what groups does the, uh, the potato officer get to go in? [00:01:37] Anita: Yeah. Not the C level ones. (laughs) What's systemd? [00:01:42] Jeremy: I guess maybe to, to start, we should explain to people who aren't familiar, uh, what systemd is. So if either of you wanna wanna take that one. [00:01:52] Alvaro: so people who doesn't know, right? So systemd is today is your init system, right? Is the thing that manage your, your process. and the best way to understand this, it is like when your computer, it needs to execute something. And that's something is what we call pid one. And that pid one is the thing that is gonna manage everything from now from there on, right? Uh, in the most basic level, if you remember how to, how does program start, how does like an idea becomes a program? Uh, you need to fork exec, right? So that means that something has to be at the top of that tree and that is systemd. now that can be anything, right? So there was a time where that was like systemv and there was also like upstart, uh, today's systemd is the thing that, uh, it's shipped in most distributions. [00:02:37] Jeremy: Yeah, because I, I definitely remember when I first started working with Linux, uh, it was with CentOS 6, and when I would want to run a service, I would have to go and write a bash script and kind of have all these checks for, is this thing running? Does it have permission to these things, which user is it running as, and so there was a lot of stuff that I remember having to do before systemd came out. [00:03:08] Alvaro: The good old days as we call them, [00:03:11] Jeremy: Or the bad old days. [00:03:13] Anita: Yeah. Depending on who you ask. [00:03:15] Alvaro: Yeah. So, so that is super interesting because, um, During those time, like you said, you have to write a first script. That means that you were basically yourself, your own service manager, right? So ideas as simple as, is my program running? There was no real answer. You have to figure it out, right? So if you run a program, uh, you maybe would create a pid file which hold the p or the pid of the process, of the main process, right? And then something needs to check, oh, is this file exist? Does the file exist and does the content of this file actually match to a process? And then you grab the process. So it was all these ideas that you had to do, and then for, you have to do it for every single software that you would deploy on your machine, right? That also makes really hard to parallelize stuff, right? Because you have no concept of dependencies. So if your computer has to put, uh, I, I dunno if you remember like long time ago, like Linux machine would, takes like five minutes to boot like your desktop. I remember like openSUSE. I can't remember, like 2008, 2007. Uh, it would take like five minutes to boot and then Ubuntu came and, and it start like immediately. And it was because, you can parallelize things, but you cannot do that if all you're running are bash script. Why was systemd chosen to be included in Linux distributions? [00:04:26] Jeremy: I remember before the Linux distributions didn't include it. And I wonder if you have any insight into how systemd got chosen to be the thing to manage our processes and basically how we got to where we are today. [00:04:44] Anita: I mean, we can kind of speculate a little bit. at the time when Lennart started systemd, um, with. Kai Sievers probably messed up his name there. Um, they were all at Red Hat and Red Hat manages fedora these days and I believe fedoras kind of like the bleeding edge for a lot of the new software ideas. Um, and when they picked up systemd as the defaults, um, eventually it started to trickle down to the rest of their distributions through RHEL and to CentOS and at the same time, I think other distributions started to see how useful it was in terms of managing all the different processes and services. Um, I know Debian at one point had kind of a vote on like whether they should make systemd either default or like, make it easy to switch between both. And then they decided to just stick with systemd because it's, I mean, the public agrees that it's like easy to use and it's more useful. It abstracts away a lot of things that they had to manually do before Who is interested in systemd? Who comes to your talks and workshops? [00:05:43] Jeremy: Something I've been kind of curious about. So just this year at SCaLE uh, you ran a, a workshop teaching people how to use systemd and, and sort of what it is about. I guess when, when you get people coming to these workshops, what are they typically, where are they typically coming from? Are they like system administrators or are they software developers? Like when you run these workshops, who are you looking for as your audience? [00:06:13] Alvaro: To be fair, this was the first time that we actually did a workshop for this. But we have like, talk about this in, in many like conferences. here's what happened, right? So every time that you put systemd on the title of, uh, of a talk, you are like baiting people into coming in, right? Because you do want to hear like some people who are still like reluctant from that war that happened like a few years ago. Between systemd and Ups tart right? most of the people who we get are, I would say like, software engineers, people who do software, and at least the question that I always get a lot, it is like, why should I care about systemd um, if I run everything on my containers in my Docker containers, right? The other type of audience that you get, you do get system administrators. Uh, but in general those people only cares about starting and stopping services don't really care about like the, like the nice other features that systemd has to offer. And then you get people who just wanna start like flame wars and I'm here for them. Why give talks and workshops on systemd? [00:07:13] Jeremy: In previous years, you've given conference talks and, and things like that related to systemd. And I wonder for, for both of you where, where the, the interests came from, where this is something that you feel strongly enough about that you wanna give talks about it. Because it's like, a lot of times when people give a conference talk, it's about, like new front end technology or some, you know, new shiny thing. Whereas systemd is like, it's like very valuable, but it's something that I feel like a lot of people don't think about. And so I'm just kind of curious where the interest came for, for both of you. [00:07:52] Anita: I think I just like giving talks and teaching in general. So if I have work that I found really exciting or interesting, then I'd want to like tell people about it and like teach them and like show them something cool. I think systemd is kind of a really good topic in that case because a lot of people want to learn more about it. Today there's like lots of new developments going on in systemd. So there's like a lot of basic stuff that you can learn, but also a lot of new advanced topics that are changing every year as well. aside from that, there's also like more generally applicable things. Like everyone wants to know how to debug something if you're like a software engineer or developer or even a sysadmin. Um, so last year I did a debugging talk. there's a lot of overlap I'd say how about you Alvaro? [00:08:48] Alvaro: For me, it, my interest in systemd started in, back when I was working on Instagram, we needed to migrate from CentOS6 to CentOS7. and that was the transition where you would have like a random init system to systemd, right? So we needed to migrate all of our scripts from like shell script to whatever shell script is going to interact with systemd. And that's when I was like, I don't like this. So I also have a thing where if I find something that doesn't have an Python API for it, I go and create a Python api. So I, I create pystemd like during that time. And I guess for me, the first reaction was when I was digging up systemd was like, whoa, can systemd do that? Like, like really, like I can like manage, network firewalls, right? Can I, can I stop my service from actually accessing the internet without having to deal with iptables at the time? So that's kind of like the feeling that I wanted to show people when I, when we do these these talks and, and these workshops, right? It's why like most of our talks, eh, have light demos in them because we do want to show people like, Hey, like, this is real. You can use it. [00:09:55] Jeremy: I don't know if this was a conscious decision on your part, but the thing about things like systemd is they, they feel like more foundational things that don't change that quickly. Like if you look at front end development, for example, at at meta you've got React, and that ecosystem changes so often that it's like there's always this new thing, you learn the way to do it and then it changes, right? Whereas I feel like when you're in the Linux user space and you're with systemd, like they're adding new things, but the, the. Foundations kind of stay the same. I'm not sure if that sounds accurate to both of you. [00:10:38] Anita: Yeah, I'd say a lot of the, there are a lot of stable building blocks in systemd, but at Meadow we also have a kernel team, which is working on like new kernel features all the time. They take years possibly to adopt, but with systemd, if we're able to influence the community and like get those kernel features in earlier, then like we can start to really shape what the future of operating systems look like. So it's not, it's very like not short term, uh, work that we're doing. It's a lot of long term, uh, work. [00:11:11] Jeremy: Yeah, that's, that's interesting in that I didn't even think about the fact that you are sitting at the, the user level with systemd, but you kind of know what you want. And so if there's things that the kernel can do to support that, you're having that involvement. With the open source community, make sure that you have your, your say get put in there. Yeah. [00:11:33] Anita: Mm-hmm. [00:11:35] Alvaro: It, it goes both way, right? So one part it is like, yeah, sure, we want features and we create them. Um, and we actually wanted to those to be upstream because we like, one thing that you should, you should never do is manage internal patches for like, things like the kernel, because that's rebase hell. Um, but you also want to be like part of the community and, and, and, and get the benefit of like, being part of it. Who should care about systemd? [00:11:59] Jeremy: And so, like one thing you mentioned ear earlier, Alvaro, is that people will sometimes ask you, I'm running my application in, in Docker containers. Why do I care about systemd? So, so maybe you could explain like, how you would respond to that. Yeah. [00:12:17] Alvaro: Well for more, for most people who actually run their application container I'd say like, no, you probably shouldn't care. Right? Like, you're good where you are. But in general, like, like system is foundational in the sense that it is the first thing that your computer boots your computer doesn't boot off of Docker or Kubernetes or, or any like that. So like something has to run these applications. there's also like a lot of value is that not all applications exist in the vacuum. Like, uh, like let me give you an example. Like if you have a web server, When people are uploading stuff to the web server, you will upload temporary things and then you have to clean it up after a while. So you may want to take advantage of systemd timers or cron or, or whatever you want, right? While the classical container view is that your pid one of the container is the application that you're running, right? So you do want to have like this whole ecosystem, Not all companies can run on containers. not everything can run in containers. So that's basically where all the things start to, to getting into shape. There's a lot of value in understanding how programs actually like exist, right? With the thing that I told you at the beginning of how an idea becomes a program understanding like, like you hit, you are in your bash, right? And you hit ls Star full enter, right? What happened in your machine? Understanding all the things, uh, there is a lot of value and understanding how systemd works. It's, it, it provides, uh, like that knowledge for you. [00:13:39] Jeremy: So for the average engineer at Meta who is relying on your team to deploy their, their code, I guess, if that's the right term, do you think that they're ever needing to think about systemd or is that kind of more like the responsibility of your team and they're just worried about like, I put my thing into my container and I don't, I don't worry about it. [00:14:04] Anita: I think there's like a whole level of the stack that sh ideally we should not even care or know that we're running systemd below them. I think that's, say we're doing our job well, cuz then the abstraction is good enough that they don't have to worry about it. But there's like a whole class of engineers below that that have to, you know, support the systems that run our on bare metal and infrastructure and make it happen. And those are the people who really care about what we're putting in systemd or like what the corner cases are and things like that. [00:14:37] Jeremy: Yeah, that, that makes sense. I mean, one of the talks that was at SCaLE was, uh, Brian Cantrill um, he gave a talk about the forgotten operator, and he was talking about how people forget that there are actual servers behind all the things we're deploying to, right? [00:14:55] Anita: Mm-hmm. [00:14:55] Jeremy: There is a person that you're racking the machines and plugging the power, and like, even though there's all these abstractions in front, that still exists. And so it sounds like things happening at the kernel level and the Linux user space and systemd that's also true because all this infrastructure that people are using to deploy their software on your team is the one who has to keep that running and to keep that running, they need to understand, uh, systemd and, and all these foundational Linux pieces. Yeah. [00:15:27] Anita: Mm-hmm. Yeah. [00:15:29] Alvaro: Like with that said um, I, and maybe it's because I'm very close to to, to the source. Um, and, and you know, like, like I said, like when, when all your tool is a hammer, everything looks like a nail? Well, that hammer for me, a lot of the times it is like even like cgroups or, or namespaces or even like systemd itself, right? there is a lot of times where, um, like for instance, a few years ago we have not, like, like last year or something, uh, we had an application that was very was very hard to load, right? It used a lot of memory. And so we start with, with a model where we would load like a, like a parent process and then child process would deal with, with, um, with the actual work of the thing, the classical model of our server. Now, the thing is that each of the sub process that would run would need to run, uh, on a separate set of privileges, right? So it would really need to run as different users. And that was like very easy to do. But now we actually wanted to some process to run with a, with only view of the file system while the parent process actually doesn't have to do that, right? Uh, or we want to limit the amount of CPU that a child process would use. So like all of these things, we were able like to, to swap it out uh, with using like systemd and, and, uh, like, like a good, Strategy for like, you create a process, you create a new cgroup, you put that into the cgroup, you create the namespace, uh, you add this process into that namespace, and then you have like all this architecture, and it's pretty free because forking it's free in general. [00:17:01] Anita: Actually, Alvaro's comment reminded me of like why we even ended up building the systemd team in the first place. It's kind of like if we have all these teams trying to touch cgroups on their own or like manage processes on their own, they're all gonna do it a different way and not, all of them will be ideal or like, to put it bluntly, I guess, we're really aiming to try and provide like a unified, really good foundational experience, for the layers above us. And so, systemd and the other things that go into the operating system are a step to get there. What are cgroups and namespaces? [00:17:40] Jeremy: And so for someone who's not familiar with the concept of cgroups or of namespaces, could you kind of give like a brief description? [00:17:50] Anita: so namespaces are, uh, we're talking about the kernel feature where, um, there are different ways to isolate, uh, different resources to the process or like, so that they have their own view of certain things, the network or, the processes and things like that. Um, and Cgroup stand for control groups. It's, at meta we only use Cgroups v2 which is a way to organize your processes into, Kind of like a directory view. but processes will be grouped into different, folders, shall you say, but that allows you to, uh, manage the resources between different groups of processes, which is how systemd does its services. [00:18:33] Alvaro: So a, a control group will allow you to impose restrictions on how each system uses the resources, right? So with a cgroup, you can say, only use 20% of cpu, and the, and the kernel will take care of that. Uh, while namespace it is basically how you view the system around you. So like your mount directory like, like where does your home points to? that's, I would say it's more on the namespace side of things. So one is the view then one is the actual, the restrictions. And like Anita said, like systemd does a very clever thing. It doesn't have two, is not the. It's not why cgroups exist, but every time that you start a systemd service, systemd will create a cgroup for that service and will put every process in that cgroup, even though all cgroups would end up being the same, for instance. But eh, you can now like have a consolidated list of what process belong to a service. So a simple question like, like what services has my Apache web service started? That's show you how old I am. But yeah, you can answer that now because you just look at the cgroup, you don't look at the process tree. [00:19:42] Jeremy: So it, it sounds like the, the namespacing is maybe more for the purposes of security, like you said, giving you a certain view of your, your system. and the cgroups are more for restricting resources, but also, like you said, being able to see what are all the processes, um, are associated. Um, so that you, you don't have a process that spins up other processes and then you don't know who owns those, and then you don't know how to shut 'em all down. That, that takes care of that for you. [00:20:17] Alvaro: So I, I always reluctant to use the word security or privacy. I would like to use the word isolation. Yeah. And then if people want to impose the idea of security and privacy to those, that's fine, but it's, but it's mostly about isolation. [00:20:32] Anita: Yeah. Namespaces are what back all the container technologies are. Anytime you run things in a container, it's probably using some kind of name spacing. But yeah, you, you kind of hit the nail in the head. Isolation versus like resource control [00:20:46] Alvaro: As Anita just said that's what fits on containers, uh, namespaces and cgroup like a big mix of those. But that doesn't mean that the only reason why those things exist are for containers. You can take advantage of those technologies without actually having to think of a container. systemd timers vs cron [00:21:04] Jeremy: Something you had mentioned a little bit earlier is, is how systemd has other features and one of them was, was timers. And I was kind of curious, cuz you said you could, you wanna schedule a job, you can run it using cron or you can run it using systemd timers. And it, I feel like whenever I see people scheduling jobs, they're always talking about cron but, but not so much about systemd timers. So I was curious if you had any thoughts on that. [00:21:32] Anita: I don't know. I feel like it's used pretty interchangeably these days. Um, like even when people say cron they're actually running a systemd timer with the cron format, for their time. [00:21:46] Alvaro: So the, the advantage of of systemd timers over cron is, is basically two, right? The first one it is that, you get more control on the time, right? So you have monotonic and absolute times, right? Which is basically like, you can say like this, start five minutes after the previous run. Or you can say this, start after five minutes after the vote, right? So those are two type of time, that is the first one, uh, which may be irrelevant for most people, but that's it. Uh, the other one is that you actually have advantage over the, you take full advantage of systemd, right? In current you say run this process, right? And how that process run, it's basically controlled by the process itself, right? So if you, uh, like if the crontab is for the user, that's good for you, but if you want to like nice it or make it use less cpu, that's what it is. Well, with systemd you say, This cron will start the service and the service, you take full fledged advantage of all the things a service can do. [00:22:45] Jeremy: From what I could tell, looking at the, the timers api, it, it felt like it would be a lot easier to kind of see when things ran, get, you know, get a log of, I ran this time job and it, it failed. Um, it seemed like systemd had a lot more kind of built in to, to kind of look into that. but, uh, yeah, like Anita was saying, like when you, you hear kind of cron all the time, but like you said, maybe it's, maybe they're not actually using cron all the time. They're just saying cron [00:23:18] Alvaro: Well, I would say this for cron like the, the time, the time, uh, syntax for it, it's pretty, it's pretty easy to understand, even though I never remember where, I remember where weekday is, right? The fourth, which one is which? [00:23:32] Jeremy: I, I'm with Anita. I need to look it up whenever I'm gonna use it. (laughs) [00:23:36] Anita: Yeah. I use a cron translator when I have to use cron format. [00:23:41] Alvaro: This is like, like a flags to tar, right? Like, I never remember which, which flags to put. [00:23:48] Anita: Yeah, that's true. [00:23:50] Alvaro: We didn't talk about this, we haven't talked about systemd-run, but one of the advantages of the, one of the advantages of using timers is that you can schedule them on demand, right? So like cron if you wanna schedule something over time, you need to modify the cron the cron file. Uh, and that's, it's problem right? With systemd, you can have like ephemeral units and so you can say like, just for now, go and run this process five hours from now. Like, and after that, just forget about it. [00:24:21] Jeremy: Yeah, the, during the workshop you mentioned systemd-run and I hadn't even heard of it. And after I saw that I was like, wow, this, this could be really useful. [00:24:32] Alvaro: It is quite useful. How have things changed at meta? [00:24:34] Jeremy: One of the things you had mentioned, I, I guess you've, you've been at Meta for, for quite a while and you were talking about how you started with having all these scripts you were running on CentOS 6 and getting off of that to something more standard. I wonder if you could speak a little bit to that, that process. Like what did things look like then and, and how have they they changed over the years? [00:25:01] Alvaro: I would say the following thing, right? Like Anita said, like for most engineers, the day to day of things don't really change that much, because this is foundational things, right? So if you have to fundamentally change the way that you run applications every couple of years, then you waste a lot of time, right? It's not the same as you say, like react where, or, or in the old days, angular where angular one, angular two, angular three, and then it's gone, right? Like, so, so I, I would say it like for the average engineers things don't change that much, uh, for the other type of engineers, like, like us who we, who that we really care about, like how things run. like having a, an API where you can like query the state of your service. Like if like asking like, is my service running with an API that returns true or false, that is actually like a volume value that you can like, Transferring in your application, uh, that, that helps a lot on, on distributed systems. a lot of like our container infrastructure that we use internally at Meta is based on a lot of these ideas and technologies. [00:26:05] Anita: Yeah, thinking back to the CentOS 6 to 7 migration, I wasn't on like the any operating systems team at the time, but I was working with them and I also was on a team that had to migrate, figure out how to migrate our scripts and things over. so the one thing that did make it easy is that the OS team, uh, we deploy all our things using Chef. Maybe you've heard like Puppet and Ansible, that's our version, the Open Source Chef code. Um, and they wrote some really good documentation on how to migrate, from Runit, which is what we were using before to systemd. it was. a very large scale effort across multiple teams to kind of make sure their stuff works, do the OS upgrade and then get used to using systemd. [00:26:54] Jeremy: And so the, the team who is performing this migration, that's not the product team. That would be the, is it production engineering? Is that, is that what you called that? [00:27:09] Alvaro: So, so I was at the other side of, of that, of that table where I, the same as Anita, we were doing the migration more how most things work at Facebook is that it's a combination of the team that is responsible for the technology and the teams who uses the technology. Right. So we are a company, so we. Can like, move together. it's the same thing when you upgrade kernels. Most of the time the kernel team will do the effort to upgrade the kernels, and when they hit a roadblock or something, they will call for the owner of the service and the owner of the service can help debug uh, for the case of CentOS 6 and CentOS 7, eh, I was the PE at Instagram P Stand for Production Engineer. I was the PE at Instagram who did most of the migration of our fleet. So I, I rewrote most of the things because I understand how our things work, and the OS team provide like the support to understanding like, like when can I use some things, when can I use not other things. There was the equivalent of ChatGPT at those days, right? I was just ask them how to do stuff. They will gimme recipes. so, so it it's kind of like, like a mix, uh, work, uh, between those two teams. Uh, Anita, maybe you can talk a little bit about what you talk when you were upgrading the version of systemd and you found a bug? [00:28:23] Anita: Oh, the, like regular systemd upgrades nowadays? I, I'd say it's a lot easier these days. I mean, since the, at the time when we did the CentOS 6 to 7 migration, it was like, our fleet was a lot more fragmented. I'd say nowadays it's a lot more homogenous, which makes, which makes it easier. yeah, in the early versions there were some kind of obscure like, interactions with the kernel or like, um, we, we make pretty heavy use of systemd to run our container system. So, uh, if we run into any corner cases, um, like pretty obscure stuff sometimes, because we make pretty heavy use of the resource control properties. we usually those end up on the GitHub tracker, things like that. [00:29:13] Alvaro: That's the side effect of hiring very smart people. They do very smart things that are very hard to understand. (laughs) [00:29:21] Jeremy: That's kind of an interesting point about you, you saying you're using these, these features, you know, of the kernel very heavily because, you're kind of running your own infrastructure, I think even your own data centers, so you're kind of forced to go to this level, it sounds like just because of the sheer number of services you're running and the fact that like, you have to find a way to pack 'em all onto the same machine. Does that, does that sound right? [00:29:54] Anita: Yeah, I'd say at, at our scale, like it's more cost effective to act, own the servers and run all everything on it ourselves versus like, you know, leasing from, uh, AWS or something, which we've also explored in the past. But that also means we need more engineers to build and run things on our servers. [00:30:16] Jeremy: Yeah. So the, the distinction between, let's say you're a, a small company or a mid-size company and you pay AWS or, or Google to, to do your hosting for you, then you may not necessarily get exposed to a lot of the, the kernel level problems or even the Linux user space problems because you're, you're working at a higher level and that's why you don't necessarily encounter those kinds of things. [00:30:46] Anita: I'd say not, not necessarily. I think, once you get even like slightly lower in the stack where you're just like on your own server, Then you will want to start really looking into like what systemd's doing, how does it interact with other, uh, services, um, on your server, and how can you like connect these different features together? [00:31:08] Alvaro: One of the things that every developer who who works like has to worry about is log right, and that, and that's the first time that you actually start interacting with systemdata available, right? So you have to understand, like maybe it's not just tail /var/log foo, but log right. Maybe it's just journalctl and it's like, what? But yeah. [00:31:32] Jeremy: Yeah. That's a good point too about whenever you're working with the operating system, like you're deploying onto a Linux machine. Regardless of the distribution, if you're the person who's responsible for that, you, you need to know this stuff. Right. Otherwise it's kind of like, you're just putting stuff out there and hoping for the best. Yeah. [00:31:54] Alvaro: Yeah. There, there's also another thing that, I dunno if I've said this before, but, a lot of the times you don't have to know these technologies, but knowing them will help you do your work better. [00:32:05] Jeremy: Yeah, totally. I mean, I think that that applies to pretty much anything in, in development, right? I, I've heard often that some people will say, you take the level that you work at currently and then kind of just go down one level. Right. And then, so you can kind of see what's underneath that. And you don't necessarily need to keep digging, cuz eventually if you keep digging, you're getting into, you know, machine instructions and whatnot. But, um, Yeah, maybe just one level is, is good to, to give you a better sense of what's happening. Production engineers need to go lower in the stack to be able to debug applications [00:32:36] Alvaro: Um, every time that I, that I, that somebody ask me like, what is the difference between a PE and a SWE, uh, software engineer, production engineer, typical conference, uh, one of the biggest difference that I, that I say is that a PE would tends to ask a lot of questions going the same thing that you're saying, we're trying to go down the stack, right? And I always ask the following question, eh, do you know how time dot sleep is implemented? Right? Do you like, like if you, if you were to see time dot sleep on your Python program, like do you actually know what is doing under the hood, right? Is it a while true? While the time, is it doing a signal interrupt? Is it doing a select on a file descriptor with a timeout? Like what is it doing? would you be able to implement it? And the reason why I say this, because like when you're debugging an application, like somebody something's using your cpu, right? And then you see that line on your code, you. You can debug every single line of your code. But also there's a lot of value to say like, no time.sleep doesn't cause CPU to spike. Right. Because it's implemented in a way that it would not be possible to do that. Meta's linux user space team [00:33:39] Jeremy: Another thing that I think might be kind of interesting to talk about is, so Meta has this Linux user space team. And I, I wonder like including your role in it, but just as a whole, like what does that actually mean day to day? Like, what are the kinds of problems people are facing that, a user space team would be handling? [00:34:04] Anita: Hmm. It's kind of large cuz now that the team's grown out to encompass a few other things as well. But I'll focus on the Linux user space part. the team started off, on the software engineering side as the systemd developer team. So our job was really to contribute to the community. and both, you know, help with, problems and bugs that show up in upstream, um, while also bringing in new features, that we think would be useful both at Meta and to like, folks, in the Linux community as a whole. so we still play a heavy role in, systemd. We also support it, uh, within the fleet, like we roll out new releases and things like that. but we're also working on a few other projects in. User space. Um, BP filter is one of them, which is, uh, how can we convert like IP tables and network filtering, into BPF programs. Um, on the production engineering side, they focus a lot on, the community engagements. So in addition to supporting CentOS they also handle, or they like support several packages in Fedora, Debian and other distributions, really figuring out how we can, be a better member of the open source community, and, you know, make connections there and things like that. [00:35:30] Jeremy: And, and what was your, your process for getting in involved with this team? Because it sounded like maybe it either didn't exist at the start, or it was really small and, and now it's really, really grown. [00:35:44] Anita: So I was kind of the first member of like the systemd team, if you would call it that. Um, it spun out of containers. So my manager at the time, who's now my director, was he kind of made a call out on workplace looking for people who'd be willing to, contribute to systemd. He was, supporting the containers team at the time who after the CentOS 7 migration, they realized the potential that systemd could have, making their jobs a lot easier when it came to developing the container backend. and so along with that, they also needed someone to help, you know, fix bugs, put in new features and things that would, tie into the goals of the containers team. Um, and eventually now our host management team, I was the first person who reached out to him and said, Hey, I wanna give this a try. I was on the security team at the time and I always had dreams of going back into like, operating systems development and getting better at it. So yeah, that's kind of how I ended up in this space. A few years later, he decided, Hey, we should build a team and you should like hire some people who will also do this with you and increase our investments in systemd. so that's how we kind of built out the Linux user space team to encompass systemd and more like operating system, projects. Working on the internal security team vs the linux userspace team [00:37:12] Jeremy: And so when you were working on the security team before, was that on software internal to meta or were you also involved with, you know, the open source, user space side as well? [00:37:24] Anita: That was all internal at the time. Which was kind of a regret because there was a lot of stuff that I would've liked to talk about externally. But I think, moving to Linux user space made me realize like, oh, there's so much more potential in open source projects, in security, which is still like very closed source from our side. [00:37:48] Jeremy: And, and so like in your experience, what have been some of the big differences? I mean, definitely getting to talk about it is a big one. but like in terms of your day-to-day, what are the big differences between working on something internal versus something that that's open source? [00:38:04] Anita: I have to talk more with external folks. we're, pretty regular members of like the systemd like conclave sync that we have with the other upstream maintainers. Um, Oh yeah. There's a lot more like cross company or an external open source community building that we have to do. it kind of puts into perspective like how we manage our time and also our relationships versus like internally, like everyone you work with works at Meta. we kind of have, uh, some shared leadership at the top. it is a little faster to turn around, um, because, you know, you can just ping people on work chat. But the, all of the systems there are closed source. So, um, there's not like this swath of people outside that you can ask about when it comes to open source things. [00:38:58] Jeremy: You can't, can't look in, discord or whatever for questions about, internal meta infrastructure to other people. It's gotta be. all in the same place. Yeah. [00:39:10] Anita: Yeah. And I'd say with like the open source projects, there's a lot of potential to tap into, expertise and talent that just doesn't exist internally. That's what I found really valuable, cuz people have really great ideas outside as well. Um, and we should like, listen to them and figure out how to build that into their systems and also ours Alvaro's work at meta [00:39:31] Jeremy: And, Avaro, I don't know when you first started, was that on internal, infrastructure and tooling as well? [00:39:39] Alvaro: Yeah, so, um, my path is different than Anita and actually my path and Anita doesn't share any common edges. so I, I don't work at the user space or the Linux kernel or anything. I always work in teams adjacent to it. Uh, but. It's always been very interesting to know these technologies, right? So I started working on Instagram and then I did a lot of the work in containers in migrations at where, where we build psystemd and also like getting to know more about that technologies. We did, uh, a small pilot on using casync which is a very old tool that like, it's only for the fans, (laughs) it's still on systemd repository, I dunno if that's used or anything, but it was like a very cool idea of how to distribute images. Uh, and in Instagram we do very fast deployments. So we deploy, or back then we used to deploy the source code, of Instagram every seven minutes, right? So every seven minutes, every time that a developer did commit to master, uh, we pushed that into production in less than an hour and we did that every seven minutes. So we were like planning to, to use those technologies for that. Um, And then I moved to another team inside of Meta, which is called Cloud Foundation, where we do a lot of like cloud infrastructure, uh, like public cloud. Uh, that's the area, that is very much not talked much about. but I keep like contributing to, to like this world. never really work on, on, on those teams inside of Meta. [00:41:11] Jeremy: So I guess it's your, your team is responsible for working with the engineers who work on product to be able to take their code and, and deploy it. And it's kind of like you work in combination with the user space team or the systemd team to make sure that what you're doing can be supported by them. Is that kind of an accurate description? [00:41:35] Alvaro: Yeah, that's, that's, that's definitely not an exhaustive description, but yeah, that's the, we, we, we do that. Public cloud at meta [00:41:42] Jeremy: It's interesting that you're, you're talking about public cloud now. So when you move to public cloud, are you using VMs kind of like you would in a data center, or is it, you're actually looking at the more managed services and things like that? [00:41:57] Alvaro: So I'm gonna take a small detour and say like, something that is funny. When I got hired by Facebook, we were working on Instagram. So Instagram was just an acquisition for, for, for meta right. And Instagram ran on AWS. So why wasn't the original team who were moving stuff from AWS into the internal data centers at Meta? On the team that I work now, uh, we work to support workloads that cannot run on meta infrastructure either for legal reasons, or for, for practical reasons. Right, because we don't have the hardware, uh, capability or legal resource because the government ask us, like, this cannot be on, on your data center or security, right? We don't wanna run this, this binary that we don't understand on our network. We do want to work in isolation. and the same thing that Anita was saying, where their team are building the common ways of using these tools, like systemd, and user space. we do the same thing, but for using cloud technologies. So in a way that is more similar to meta. So that's the detour now the, to answer your actual question, uh, we do a potpourri of things, right? So since we manage infrastructure and then teams deploy their code, they are better suited to know how their code, gets to run. Uh, with that said, we do have our preferred ways of how you would run stuff. and it's a combination of user containers, uh, open source containers, and and also like VMs There's a big difference between VMs and meta and in public cloud [00:43:23] Jeremy: So it, it sounds like in this case, you're, you're still using VMs even in public cloud, so the way that you do deployments, the location is different, but the actual software and infrastructure that you're running is, is similar. [00:43:39] Alvaro: So there's there's a lot of difference. Between the two things, right. So, the uniformity of hardware at Facebook, or our data centers, makes deploying things very simple, right? while in, in the cloud, you first, you don't get that uniformity because everybody like builds their AMIs as, as they want to build it. But also like a meta, we use, one operating system, in the cloud, you are a little bit more free of what you want. And one of the reasons why you want to go to the cloud is because you can run stuff on. On, on, on the way that that meta will run. Right? So, so even though we have something that are similar, it's not as simple like, oh, just change your deployment from like this data center to like whatever us is one think you would run. [00:44:28] Jeremy: Can, can you give an example of something where you wouldn't be able to run it on Meta's, image that they would choose to go to public cloud to run a different image for? [00:44:41] Alvaro: So, um, so in, in general, like if the government ask us, like, this is not necessarily like, like the US government, right? So, and like if the government ask us like, hey, like you need to keep this transaction on, on our territory, right? for logs, for all the reasons, for whatever, right? like, and, and we wanted to be in the place, we would have to comply. And that's where we will probably use this, this kind of technologies security is another one that is pretty good. And the other one, it is like, in it general, like, like, uh, like disaster recovery, right? If, if meta is down in a way where we cannot communicate with each other using metas technologies, right? Like you would need to have like a bootstrap point. [00:45:23] Jeremy: Is, is it the case where you are not able to put, uh, meta's image up into public cloud? Because you were, The examples you gave was more about location, right? Where you're saying we need to host in public cloud because it needs to be in this country, but then I think you were also saying the, the actual images you would use on AWS right. Would be. I don't know, maybe you'd be using Amazon Linux or maybe you'd be using a different, os entirely. And is that mainly because you're just not able to deploy the same images you have, uh, in-house? [00:46:03] Alvaro: So in, in, in general, uh, this is kind of like very hard to to explain, but, but, uh, if, if we would have to deploy code to a, machine and that machine would, would, would be accessed by people who are not like meta employees and we have no way of getting them to sign NDAs then we would not deploy meta code into that machine. Uh, because that's Sorry. No, not Pi PI's personal information. I was, uh, ip, sorry, that's that's the word. Yeah. Yeah. [00:46:31] Jeremy: So, okay. So if there's, so if you're in public cloud, there's certain things that you just won't put there just because. Those are only allowed to run on Metas own infrastructure. [00:46:44] Alvaro: Yeah Meta's bootcamp [00:46:44] Jeremy: Earlier you were talking about Instagram was an acquisition and they were in AWS were, were you there at the time or you joined, after? [00:46:54] Alvaro: No, I joined. I joined after I joined to, to meta. The way that Meta does hiring, at least for my area, is that you get hired as a production engineer, but you don't get assigned to a team. So you go through a process called boot camp where you get to try different teams and figure out what things you like. I try a couple of different teams, turns out that I like it to work at the Instagram. [00:47:15] Jeremy: And so at that time they were already running on Facebook's internal infrastructure and they had migrated off of AWS [00:47:24] Alvaro: We were on the process of finishing that migration. [00:47:28] Jeremy: So by the time you were there, yeah. Basically get, getting everything out of AWS and then into meta's internal. [00:47:35] Alvaro: Yeah. And, and, and everything is, is a very hard terms to, to define. Uh, I would say like, like most of all, like the bulk of things we were putting it in inside, like, at least what we call our Django servers. Like they were all just moving into internal infrastructure. How Anita started [00:47:52] Jeremy: This kind of touches on the, the whole boot camp thing, but, Anita, I saw that you, you interned at Facebook and then you took a position there, when you ended up taking a position, I'm kind of curious what were the different projects you looked at or, or how did you end up settling on the one you chose? [00:48:11] Anita: Yeah, I interned, um, and I joined straight out of university. I went into bootcamp similar to Alvaro and I got the chance to explore several different teams. I knew I was never gonna do UI that was just like not my thing. Um, so I focused, uh, my search on all like backend infrastructure teams. Um, obviously security, uh, was one of them because that's the team I was in interning on. Um, I also explored, the kind of testing infra team. we call it sandcastle. It runs our internal like unit tests and things. and I also explored one of the, ads infrastructure backend teams. so it was mainly just, you know, getting to know the people, um, seeing which projects appealed to me the most. Um, and then, you know, I kind of chose based on that, I, I think I've always chosen. My work based on how interesting the project sounded, uh, which has worked out in my favor as far as I could tell. How Alvaro started [00:49:14] Jeremy: How, how about, you Alvaro what were the, the different projects you looked at when you first started? [00:49:20] Alvaro: So, As a PE you do have a more restrictive, uh, number of teams that you can, that you can join. Uh, like I don't get an option to work in ui. Not that I wanted, but, (laughs) I, I, it's, it's so long ago. Uh, I remember I did look at, um, at MySQL as a team, uh, that was also one of the cool team. Uh, we had at that time, uh, distribute, uh, engine, uh, to, to run work, like if, like celery or something like that. But internally, I really like the constable distribute like workloads, um, and. I can't remember. I think I did put, come with the Messenger team, that I, I ended up having like a good relationship with their TL their tech lead, uh, but never actually like joined that team. And I believe because she have me have a, a PHP task and it was like, no, I'm not down for doing PHP [00:50:20] Jeremy: Only Python. Huh? [00:50:21] Alvaro: Exactly. Python. Python. Because it's just above C level. Psystemd [00:50:27] Jeremy: I mean related to that, you, you started the, the psystemd project. And so I wonder if you could explain what the context behind that was. Like what sparked I need to make this, this library? [00:50:41] Alvaro: So it's, it's a confluence of two things. The first one, it is like, again, if I see something that doesn't have a Python API for it, I. Feels the strong urge to create one. I have done this a couple of times, mostly internally, but also externally. that was one. And when, while we were doing the migration, I, I, I honestly, I really hate text processing. So the classical thing was like, if you wanna know if your application's running, you do systemctl, you shell out to systemctl status, then parse the output, find the, find the status column. Okay. And I didn't like that. And I start reading about like, systemd uh, and I got in contact with the or I saw like the dbus implementation of systemd. And that was, I thought that was a very interesting idea how that opened all the doors. Right? Uh, so I got a demo working like in a couple of hours. and then I said like, okay, now how do we make this pythonic? And then I created that and I just created, again, just for migrating Instagram. That was the idea. Then, uh, one of the team members who work with Anita, but also one who doesn't work with us anymore, they saw this and said like, Hey, like this looks like a good thing to open source it. So it was like, sure, like I'm happy to opensource it. So we opensource it and then we went to all System Go, which is a very nice interesting conference that happened in Berlin where like all the head for like user space get together. and, and I talk about it and people seems to like it, and that's the story of that. [00:52:15] Jeremy: And so this was replacing, I guess, like you were saying, a lot of people were shelling out and running cat commands and things like that from their Python scripts. And this was meant to be a layer on top of that. [00:52:30] Alvaro: Yes. So it, it does a couple of things. So first of all, inspecting the processes or, or like the services, getting that information out. That's one of the main usage. But also like starting or stopping or like doing all that operations that you want to do. Uh, knowing the state of, of, of services, uh, that's also another thing that people take advantage of. The other thing that people take advantage of is to modify the status of the, of the processes at runtime, like changing properties, like increasing or decreasing the CPU threshold. because systemd provides a very nice API or interface to modify the cgroups properties that otherwise you would need to kind of understand the tree structure that, uh, that, that whatever. so that's what people tend to use this mostly internally. [00:53:23] Jeremy: And so it, it sounds like at least on the production engineering side, you're primarily working in, in Python. is that something that's the teams before were using Python and so everybody just continues using Python? Or is there kind of like more structure or thought put into that? [00:53:41] Alvaro: I would say the following thing about it, um, like in in general, uh, there's, there's not a direction on which language you should use. It's pretty natural which language you should use, but with without said, there's not a Potpourri of languages inside of, of meta. most teams use c c plus plus Python and rust and that's it. There's go, that appears every once in a while there. Sorry, I should not talk about this like, like, or talk like this about this, but eh, there are team who are actually like very fond of go and they use it and they contribute a lot to that space. It's just not. That much, uh, use internally. I have always gravitated towards Python. That has been the language that teach me how to do real coding. and that's the language that got me a job at meta. So I tends to work mostly on that. Yeah. [00:54:31] Anita: Hey, you forgot hack Alvaro. Our web services. (laughs) [00:54:37] Alvaro: Yes. Yes. Uh, so I would say like, the most used language at Meta is actually PHP it's just like used by, by one particular product. That, that is the Facebook product. Yes. So our, our entire web interface, eh, or web stack uses a combination of hack, which is a compiled php, which is better than uncompiled php, also known as vanilla php. Uh, there is a lot of like GraphQL, React, and, I think that's it. [00:55:07] Anita: Infrastructure is largely like c plus plus Python, and now Rust is getting a huge following as well. [00:55:15] Alvaro: Yeah. Like, like Rust. Rust is, I I would say it's the fastest growing language inside, inside of Meta. And the thing is that there is also what you call like the bootstrap problem. Um, there's like today, if I wanted do my python program and I have a function that fails one every three times, I can add a decorator that is retry, that retries every time that something fails for a timeout, right? And that's built in and it's there used and it's documented. And I can look at source code that uses this to understand how, how works. When you start with a new language, you don't get the things. So people have to build them. So there's the bootstrap problem. [00:55:55] Jeremy: That's also an opportunity as well, right? Like if you are the ones building sort of the foundations, then you, you have an opportunity to be the ones who have the core libraries that people are, are using every day. Whereas if a language has been around a while, it's kind of, some of that stuff is already set, right? And you may or may not like the APIs, but that's what people use. So that's what we, that's what we do. One of the last things I'd kind of like to ask, so Anita, you moved into management in just the last year or two or so, and I'm kind of curious what your experience has. Been like, was that a conscious decision where you wanted to go from engineering, uh, software engineering to management? Or maybe you could talk a little bit to that. [00:56:50] Anita: Oh man, it hasn't even been a year yet. I feel like so much time has passed already. Uh, no, I never had any plans to go into management. I love being an engineer. I love being in the code. but, I'd say my, my current manager and uh, my director, you know, who hired me into the Linux user space team, kind of. Sold me a little bit on the idea of like, Hey, if you wanna like, keep pushing more projects, you wanna build out the team that you wanna see working on these things, um, you can consider going into management, taking it slow in a, what we call a T L M role, which is like a tech lead manager, role where you kind of spend some time doing development, and leading the team while also supporting, the engineers as a manager doing the hiring and the relationship building and things that you do in management. so that actually worked out quite well for me, despite Alvaro shaking his head at first. I really enjoyed being able to split my time into kind of the key projects that I really wanted to work on, um, while also supporting the engineers and having them build out, um, New features in systemd and kind of getting their own foothold in the community as well. but I'd say like in the past few months, it's been pretty crazy. I, I probably naively thought that I'd have a little more control over, I don't know. My destiny has a manager and that's like a hundred percent not true. (laughs) Um, you're, you are kind of at both the whims of your engineers and also the people above you. And you kind of have to strike that balance. But, um, my favorite part still, just being able to hide the nasty stuff away from the engineers, let them focus on their work and enjoy what engineers wanna do best, which is just like coding, designing, and like, you know, doing fun, open source stuff. [00:58:56] Alvaro: I will say like, Anita may laugh about me for, because like she's on the other side, but one thing that I least I find very cool at Meta is that managers are not seen as your boss. Right? They're still like a teammate who just basically has a different roles. This is why like when you're an engineer, you can transition to be a manager and that's, it's not considered a promotion that's considered like a, a like an horizontal step and vice versa, you can come back, right. from a manager into, into like an engineer. Yeah. [00:59:25] Jeremy: That was what I would say. And, uh, I guess when you were shaking your head, I'm guessing this means you, you don't wanna become a manager anytime soon. [00:59:35] Alvaro: So I, I never closed the door on that, but I was checking my head to the work of a tlm. Right. Uh, so the tlm TL stands for Tech Lead and m stands for manager. so you're basically both, but with the time of only one. So, uh, Anita was able to pull it off. I don't think I would be able to pull up like, double duty on that. [00:59:56] Anita: Yeah. Unfortunately I support too many people now to do the TL stuff as deeply as I used to, but I still have find some time to code a little bit here and there. [01:00:09] Jeremy: So you were talking a little bit about how things have been crazy the last few months. If, if someone is making the transition into management, like what are the kinds of things that you would tell them to, to look out for or to be aware that's coming? [01:00:27] Anita: Um, when I, before I transitioned, I talked to a lot of managers about like, oh, what was like, you know, the hardest part about management. And they all have kind of their own horror story about what happened to them when they transitioned or even like, difficult things that happened to them during management. I'd say don't expect it to be easy. you're gonna make a lot of mistakes usually in like the interpersonal relationship side, and it's really just about learning how to learn from your mistakes, pick back up and do better next time. I think, um, you know, if people like books, the Making of a Manager by Julie Jo, she was a designer, and also a manager, at then Facebook. She's no longer here. but she has a really good book on like what you can expect when you transition into management. the other thing I'd say is don't go into management without having a management chain that you can really trust. I'd say that can kind of make or break your first few years as a manager, whether you'll enjoy it or not, or even like whether you'll be able to get through the hard times. [01:01:42] Jeremy: Good point. Yeah. I mean, I think whenever you take on anything new, right? Having the support of the people above you or just around you as well is like, that makes such a big difference, right? Even like the situation can be bad, but if everyone is supportive, then you can, you can get through it. [01:02:02] Anita: Yeah, that's absolutely right. [01:02:04] Jeremy: I think that's a good place to wrap up unless either of you have anything else that you thought we should have talked about. so if people want to check out what you're working on, what you're up to, um, how can they find you? [01:02:20] Anita: well, I guess we're both on matrix now. Uh, I'm Anita Zha on Matrix, a n i t a z h A. we both have Twitters as well. If you just search up our names. Nope. Yeah, you're on Twitter. Yeah. [01:02:36] Alvaro: There is an impostor with my name, right? Actually it's not an impostor. It's just me. I just never log into Twitter anymore. [01:02:40] Anita: We both have Mastodon now as well? Yes. Fosstodon we're both frequently at conferences as well. what's, what's coming up next? I think it's, uh, devconf cZ in the Czech Republic. and then, uh, all systems go in September. [01:02:57] Alvaro: You sent something in Canada? [01:03:01] Anita: Oh, yeah. L F F L F S M M B P F is coming up. That's a, that's more of a kernel conference, though. [01:03:09] Alvaro: An acryonym that is longer than the actual word. Yes. Yeah. [01:03:12] Jeremy: That's a lot. That's a lot of letters. [01:03:14] Anita: It's a, it's a mouthful. (laughs) [01:03:18] Jeremy: That's very neat that you get to, to kind of go to all these different conferences and, and actually get, to meet the people in, in person that are, you know, working with the same things you are and, get to be in the same room. I think that's a, that's a real privilege. Yeah. [01:03:35] Anita: Yeah, for sure. [01:03:38] Jeremy: All right. Well, Anita and Alvaro, thank you so much for chatting with me today. [01:03:43] Alvaro: Thank you for hosting. [01:03:45] Anita: Yeah. Thanks for the opportunity. This is a lot of fun.
AWS Morning Brief for the week of April 17, 2023 with Corey Quinn. This week is RSA in San Francisco; I'll be haunting the expo hall at some point, so if you're in town say hi.Links: The Last Week in AWS Job Board continues to thrive; thanks for your ongoing support. Amazon Chime SDK updates Service Level Agreement Amazon CodeWhisperer is now generally available Amazon Connect now enables agents to handle voice calls, chats, and tasks concurrently Amazon EC2 Serial Console is now available on EC2 bare metal instances Amazon RDS for MySQL now supports up to 15 read replicas for RDS Multi-AZ deployment option with two readable standby database instances AWS Graviton2-based Amazon EC2 instances are available in additional regions AWS Ground Station now supports Wideband Digital Intermediate Frequency AWS Lambda adds support for Node.js 18 in the AWS GovCloud (US) Regions Introducing AWS Lambda response streaming Understanding Amazon DynamoDB latency Announcing New Tools for Building with Generative AI on AWS AWS Now Supports Credentials-fetcher for gMSA on Amazon Linux 2023 AWS investment in South Africa results in economic ripple effect New Global AWS Data Processing Addendum 15 cool things we found inside the Spheres, Amazon's urban rainforest in downtown Seattle
On this episode of The Cloud Pod, the team discusses the new Amazon Linux 2023, Google Bard, new features of Google Chronicle Security Operations, GPT-4 from Azure Open AI, and Oracle's Kubernetes platform comparison. They also talk about cloud-native architecture as a way to adapt applications for a pivot to the cloud. A big thanks to this week's sponsor, Foghorn Consulting, which provides full-stack cloud solutions with a focus on strategy, planning and execution for enterprises seeking to take advantage of the transformative capabilities of AWS, Google Cloud and Azure. This week's highlights
Nextcloud moves to the front of the pack with their new release, a moment to appreciate curl, and Amazon goes all in with Fedora. Special Guest: Brent Gervais.
Nextcloud moves to the front of the pack with their new release, a moment to appreciate curl, and Amazon goes all in with Fedora. Special Guest: Brent Gervais.
Two brothers discussing all things AWS every week. Hosted by Andreas and Michael Wittig presented by cloudonaut.
About KelseyKelsey Hightower is the Principal Developer Advocate at Google, the co-chair of KubeCon, the world's premier Kubernetes conference, and an open source enthusiast. He's also the co-author of Kubernetes Up & Running: Dive into the Future of Infrastructure.Links: Twitter: @kelseyhightower Company site: Google.com Book: Kubernetes Up & Running: Dive into the Future of Infrastructure TranscriptAnnouncer: Hello and welcome to Screaming in the Cloud, with your host Cloud economist Corey Quinn. This weekly show features conversations with people doing interesting work in the world of Cloud, thoughtful commentary on the state of the technical world, and ridiculous titles for which Corey refuses to apologize. This is Screaming in the Cloud.Corey: This episode is brought to us by our friends at Pinecone. They believe that all anyone really wants is to be understood, and that includes your users. AI models combined with the Pinecone vector database let your applications understand and act on what your users want… without making them spell it out. Make your search application find results by meaning instead of just keywords, your personalization system make picks based on relevance instead of just tags, and your security applications match threats by resemblance instead of just regular expressions. Pinecone provides the cloud infrastructure that makes this easy, fast, and scalable. Thanks to my friends at Pinecone for sponsoring this episode. Visit Pinecone.io to understand more.Corey: Welcome to Screaming in the Cloud, I'm Corey Quinn. I'm joined this week by Kelsey Hightower, who claims to be a principal developer advocate at Google, but based upon various keynotes I've seen him in, he basically gets on stage and plays video games like Tetris in front of large audiences. So I assume he is somehow involved with e-sports. Kelsey, welcome to the show.Kelsey: You've outed me. Most people didn't know that I am a full-time e-sports Tetris champion at home. And the technology thing is just a side gig.Corey: Exactly. It's one of those things you do just to keep the lights on, like you're waiting to get discovered, but in the meantime, you're waiting table. Same type of thing. Some people wait tables you more or less a sling Kubernetes, for lack of a better term.Kelsey: Yes.Corey: So let's dive right into this. You've been a strong proponent for a long time of Kubernetes and all of its intricacies and all the power that it unlocks and I've been pretty much the exact opposite of that, as far as saying it tends to be over complicated, that it's hype-driven and a whole bunch of other, shall we say criticisms that are sometimes bounded in reality and sometimes just because I think it'll be funny when I put them on Twitter. Where do you stand on the state of Kubernetes in 2020?Kelsey: So, I want to make sure it's clear what I do. Because when I started talking about Kubernetes, I was not working at Google. I was actually working at CoreOS where we had a competitor Kubernetes called Fleet. And Kubernetes coming out kind of put this like fork in our roadmap, like where do we go from here? What people saw me doing with Kubernetes was basically learning in public. Like I was really excited about the technology because it's attempting to solve a very complex thing. I think most people will agree building a distributed system is what cloud providers typically do, right? With VMs and hypervisors. Those are very big, complex distributed systems. And before Kubernetes came out, the closest I'd gotten to a distributed system before working at CoreOS was just reading the various white papers on the subject and hearing stories about how Google has systems like Borg tools, like Mesa was being used by some of the largest hyperscalers in the world, but I was never going to have the chance to ever touch one of those unless I would go work at one of those companies.So when Kubernetes came out and the fact that it was open source and I could read the code to understand how it was implemented, to understand how schedulers actually work and then bonus points for being able to contribute to it. Those early years, what you saw me doing was just being so excited about systems that I attended to build on my own, becoming this new thing just like Linux came up. So I kind of agree with you that a lot of people look at it as a more of a hype thing. They're looking at it regardless of their own needs, regardless of understanding how it works and what problems is trying to solve that. My stance on it, it's a really, really cool tool for the level that it operates in, and in order for it to be successful, people can't know that it's there.Corey: And I think that might be where part of my disconnect from Kubernetes comes into play. I have a background in ops, more or less, the grumpy Unix sysadmin because it's not like there's a second kind of Unix sysadmin you're ever going to encounter. Where everything in development works in theory, but in practice things pan out a little differently. I always joke that ops is the difference between theory and practice. In theory, devs can do everything and there's no ops needed. In practice, well it's been a burgeoning career for a while. The challenge with this is Kubernetes at times exposes certain levels of abstraction that, sorry certain levels of detail that generally people would not want to have to think about or deal with, while papering over other things with other layers of abstraction on top of it. That obscure, valuable troubleshooting information from a running something in an operational context. It absolutely is a fascinating piece of technology, but it feels today like it is overly complicated for the use a lot of people are attempting to put it to. Is that a fair criticism from where you sit?Kelsey: So I think the reason why it's a fair criticism is because there are people attempting to run their own Kubernetes cluster, right? So when we think about the cloud, unless you're in OpenStack land, but for the people who look at the cloud and you say, "Wow, this is much easier." There's an API for creating virtual machines and I don't see the distributed state store that's keeping all of that together. I don't see the farm of hypervisors. So we don't necessarily think about the inherent complexity into a system like that, because we just get to use it. So on one end, if you're just a user of a Kubernetes cluster, maybe using something fully managed or you have an ops team that's taking care of everything, your interface of the system becomes this Kubernetes configuration language where you say, "Give me a load balancer, give me three copies of this container running." And if we do it well, then you'd think it's a fairly easy system to deal with because you say, "kubectl, apply," and things seem to start running.Just like in the cloud where you say, "AWS create this VM, or G cloud compute instance, create." You just submit API calls and things happen. I think the fact that Kubernetes is very transparent to most people is, now you can see the complexity, right? Imagine everyone driving with the hood off the car. You'd be looking at a lot of moving things, but we have hoods on cars to hide the complexity and all we expose is the steering wheel and the pedals. That car is super complex but we don't see it. So therefore we don't attribute as complexity to the driving experience.Corey: This to some extent feels it's on the same axis as serverless, with just a different level of abstraction piled onto it. And while I am a large proponent of serverless, I think it's fantastic for a lot of Greenfield projects. The constraints inherent to the model mean that it is almost completely non-tenable for a tremendous number of existing workloads. Some developers like to call it legacy, but when I hear the term legacy I hear, "it makes actual money." So just treating it as, "Oh, it's a science experiment we can throw into a new environment, spend a bunch of time rewriting it for minimal gains," is just not going to happen as companies undergo digital transformations, if you'll pardon the term.Kelsey: Yeah, so I think you're right. So let's take Amazon's Lambda for example, it's a very opinionated high-level platform that assumes you're going to build apps a certain way. And if that's you, look, go for it. Now, one or two levels below that there is this distributed system. Kubernetes decided to play in that space because everyone that's building other platforms needs a place to start. The analogy I like to think of is like in the mobile space, iOS and Android deal with the complexities of managing multiple applications on a mobile device, security aspects, app stores, that kind of thing. And then you as a developer, you build your thing on top of those platforms and APIs and frameworks. Now, it's debatable, someone would say, "Why do we even need an open-source implementation of such a complex system? Why not just everyone moved to the cloud?" And then everyone that's not in a cloud on-premise gets left behind.But typically that's not how open source typically works, right? The reason why we have Linux, the precursor to the cloud is because someone looked at the big proprietary Unix systems and decided to re-implement them in a way that anyone could run those systems. So when you look at Kubernetes, you have to look at it from that lens. It's the ability to democratize these platform layers in a way that other people can innovate on top. That doesn't necessarily mean that everyone needs to start with Kubernetes, just like not everyone needs to start with the Linux server, but it's there for you to build the next thing on top of, if that's the route you want to go.Corey: It's been almost a year now since I made an original tweet about this, that in five years, no one will care about Kubernetes. So now I guess I have four years running on that clock and that attracted a bit of, shall we say controversy. There were people who thought that I meant that it was going to be a flash in the pan and it would dry up and blow away. But my impression of it is that in, well four years now, it will have become more or less system D for the data center, in that there's a bunch of complexity under the hood. It does a bunch of things. No-one sensible wants to spend all their time mucking around with it in most companies. But it's not something that people have to think about in an ongoing basis the way it feels like we do today.Kelsey: Yeah, I mean to me, I kind of see this as the natural evolution, right? It's new, it gets a lot of attention and kind of the assumption you make in that statement is there's something better that should be able to arise, giving that checkpoint. If this is what people think is hot, within five years surely we should see something else that can be deserving of that attention, right? Docker comes out and almost four or five years later you have Kubernetes. So it's obvious that there should be a progression here that steals some of the attention away from Kubernetes, but I think where it's so new, right? It's only five years in, Linux is like over 20 years old now at this point, and it's still top of mind for a lot of people, right? Microsoft is still porting a lot of Windows only things into Linux, so we still discuss the differences between Windows and Linux.The idea that the cloud, for the most part, is driven by Linux virtual machines, that I think the majority of workloads run on virtual machines still to this day, so it's still front and center, especially if you're a system administrator managing BDMs, right? You're dealing with tools that target Linux, you know the Cisco interface and you're thinking about how to secure it and lock it down. Kubernetes is just at the very first part of that life cycle where it's new. We're all interested in even what it is and how it works, and now we're starting to move into that next phase, which is the distro phase. Like in Linux, you had Red Hat, Slackware, Ubuntu, special purpose distros.Some will consider Android a special purpose distribution of Linux for mobile devices. And now that we're in this distro phase, that's going to go on for another 5 to 10 years where people start to align themselves around, maybe it's OpenShift, maybe it's GKE, maybe it's Fargate for EKS. These are now distributions built on top of Kubernetes that start to add a little bit more opinionation about how Kubernetes should be pushed together. And then we'll enter another phase where you'll build a platform on top of Kubernetes, but it won't be worth mentioning that Kubernetes is underneath because people will be more interested on the thing above.Corey: I think we're already seeing that now, in terms of people no longer really care that much what operating system they're running, let alone with distribution of that operating system. The things that you have to care about slip below the surface of awareness and we've seen this for a long time now. Originally to install a web server, it wound up taking a few days and an intimate knowledge of GCC compiler flags, then RPM or D package and then yum on top of that, then ensure installed, once we had configuration management that was halfway decent.Then Docker run, whatever it is. And today feels like it's with serverless technologies being what they are, it's effectively a push a file to S3 or it's equivalent somewhere else and you're done. The things that people have to be aware of and the barrier to entry continually lowers. The downside to that of course, is that things that people specialize in today and effectively make very lucrative careers out of are going to be not front and center in 5 to 10 years the way that they are today. And that's always been the way of technology. It's a treadmill to some extent.Kelsey: And on the flip side of that, look at all of the new jobs that are centered around these cloud-native technologies, right? So you know, we're just going to make up some numbers here, imagine if there were only 10,000 jobs around just Linux system administration. Now when you look at this whole Kubernetes landscape where people are saying we can actually do a better job with metrics and monitoring. Observability is now a thing culturally that people assume you should have, because you're dealing with these distributed systems. The ability to start thinking about multi-regional deployments when I think that would've been infeasible with the previous tools or you'd have to build all those tools yourself. So I think now we're starting to see a lot more opportunities, where instead of 10,000 people, maybe you need 20,000 people because now you have the tools necessary to tackle bigger projects where you didn't see that before.Corey: That's what's going to be really neat to see. But the challenge is always to people who are steeped in existing technologies. What does this mean for them? I mean I spent a lot of time early in my career fighting against cloud because I thought that it was taking away a cornerstone of my identity. I was a large scale Unix administrator, specifically focusing on email. Well, it turns out that there aren't nearly as many companies that need to have that particular skill set in house as it did 10 years ago. And what we're seeing now is this sort of forced evolution of people's skillsets or they hunker down on a particular area of technology or particular application to try and make a bet that they can ride that out until retirement. It's challenging, but at some point it seems that some folks like to stop learning, and I don't fully pretend to understand that. I'm sure I will someday where, "No, at this point technology come far enough. We're just going to stop here, and anything after this is garbage." I hope not, but I can see a world in which that happens.Kelsey: Yeah, and I also think one thing that we don't talk a lot about in the Kubernetes community, is that Kubernetes makes hyper-specialization worth doing because now you start to have a clear separation from concerns. Now the OS can be hyperfocused on security system calls and not necessarily packaging every programming language under the sun into a single distribution. So we can kind of move part of that layer out of the core OS and start to just think about the OS being a security boundary where we try to lock things down. And for some people that play at that layer, they have a lot of work ahead of them in locking down these system calls, improving the idea of containerization, whether that's something like Firecracker or some of the work that you see VMware doing, that's going to be a whole class of hyper-specialization. And the reason why they're going to be able to focus now is because we're starting to move into a world, whether that's serverless or the Kubernetes API.We're saying we should deploy applications that don't target machines. I mean just that step alone is going to allow for so much specialization at the various layers because even on the networking front, which arguably has been a specialization up until this point, can truly specialize because now the IP assignments, how networking fits together, has also abstracted a way one more step where you're not asking for interfaces or binding to a specific port or playing with port mappings. You can now let the platform do that. So I think for some of the people who may be not as interested as moving up the stack, they need to be aware that the number of people we need being hyper-specialized at Linux administration will definitely shrink. And a lot of that work will move up the stack, whether that's Kubernetes or managing a serverless deployment and all the configuration that goes with that. But if you are a Linux, like that is your bread and butter, I think there's going to be an opportunity to go super deep, but you may have to expand into things like security and not just things like configuration management.Corey: Let's call it the unfulfilled promise of Kubernetes. On paper, I love what it hints at being possible. Namely, if I build something that runs well on top of Kubernetes than we truly have a write once, run anywhere type of environment. Stop me if you've heard that one before, 50,000 times in our industry... or history. But in practice, as has happened before, it seems like it tends to fall down for one reason or another. Now, Amazon is famous because for many reasons, but the one that I like to pick on them for is, you can't say the word multi-cloud at their events. Right. That'll change people's perspective, good job. The people tend to see multi-cloud are a couple of different lenses.I've been rather anti multi-cloud from the perspective of the idea that you're setting out day one to build an application with the idea that it can be run on top of any cloud provider, or even on-premises if that's what you want to do, is generally not the way to proceed. You wind up having to make certain trade-offs along the way, you have to rebuild anything that isn't consistent between those providers, and it slows you down. Kubernetes on the other hand hints at if it works and fulfills this promise, you can suddenly abstract an awful lot beyond that and just write generic applications that can run anywhere. Where do you stand on the whole multi-cloud topic?Kelsey: So I think we have to make sure we talk about the different layers that are kind of ready for this thing. So for example, like multi-cloud networking, we just call that networking, right? What's the IP address over there? I can just hit it. So we don't make a big deal about multi-cloud networking. Now there's an area where people say, how do I configure the various cloud providers? And I think the healthy way to think about this is, in your own data centers, right, so we know a lot of people have investments on-premises. Now, if you were to take the mindset that you only need one provider, then you would try to buy everything from HP, right? You would buy HP store's devices, you buy HP racks, power. Maybe HP doesn't sell air conditioners. So you're going to have to buy an air conditioner from a vendor who specializes in making air conditioners, hopefully for a data center and not your house.So now you've entered this world where one vendor does it make every single piece that you need. Now in the data center, we don't say, "Oh, I am multi-vendor in my data center." Typically, you just buy the switches that you need, you buy the power racks that you need, you buy the ethernet cables that you need, and they have common interfaces that allow them to connect together and they typically have different configuration languages and methods for configuring those components. The cloud on the other hand also represents the same kind of opportunity. There are some people who really love DynamoDB and S3, but then they may prefer something like BigQuery to analyze the data that they're uploading into S3. Now, if this was a data center, you would just buy all three of those things and put them in the same rack and call it good.But the cloud presents this other challenge. How do you authenticate to those systems? And then there's usually this additional networking costs, egress or ingress charges that make it prohibitive to say, "I want to use two different products from two different vendors." And I think that's-Corey: ...winds up causing serious problems.Kelsey: Yes, so that data gravity, the associated cost becomes a little bit more in your face. Whereas, in a data center you kind of feel that the cost has already been paid. I already have a network switch with enough bandwidth, I have an extra port on my switch to plug this thing in and they're all standard interfaces. Why not? So I think the multi-cloud gets lost in the chew problem, which is the barrier to entry of leveraging things across two different providers because of networking and configuration practices.Corey: That's often the challenge, I think, that people get bogged down in. On an earlier episode of this show we had Mitchell Hashimoto on, and his entire theory around using Terraform to wind up configuring various bits of infrastructure, was not the idea of workload portability because that feels like the windmill we all keep tilting at and failing to hit. But instead the idea of workflow portability, where different things can wind up being interacted with in the same way. So if this one division is on one cloud provider, the others are on something else, then you at least can have some points of consistency in how you interact with those things. And in the event that you do need to move, you don't have to effectively redo all of your CICD process, all of your tooling, et cetera. And I thought that there was something compelling about that argument.Kelsey: And that's actually what Kubernetes does for a lot of people. For Kubernetes, if you think about it, when we start to talk about workflow consistency, if you want to deploy an application, queue CTL, apply, some config, you want the application to have a load balancer in front of it. Regardless of the cloud provider, because Kubernetes has an extension point we call the cloud provider. And that's where Amazon, Azure, Google Cloud, we do all the heavy lifting of mapping the high-level ingress object that specifies, "I want a load balancer, maybe a few options," to the actual implementation detail. So maybe you don't have to use four or five different tools and that's where that kind of workload portability comes from. Like if you think about Linux, right? It has a set of system calls, for the most part, even if you're using a different distro at this point, Red Hat or Amazon Linux or Google's container optimized Linux.If I build a Go binary on my laptop, I can SCP it to any of those Linux machines and it's going to probably run. So you could call that multi-cloud, but that doesn't make a lot of sense because it's just because of the way Linux works. Kubernetes does something very similar because it sits right on top of Linux, so you get the portability just from the previous example and then you get the other portability and workload, like you just stated, where I'm calling kubectl apply, and I'm using the same workflow to get resources spun up on the various cloud providers. Even if that configuration isn't one-to-one identical.Corey: This episode is sponsored in part by our friends at Uptycs, because they believe that many of you are looking to bolster your security posture with CNAPP and XDR solutions. They offer both cloud and endpoint security in a single UI and data model. Listeners can get Uptycs for up to 1,000 assets through the end of 2023 (that is next year) for $1. But this offer is only available for a limited time on UptycsSecretMenu.com. That's U-P-T-Y-C-S Secret Menu dot com.Corey: One thing I'm curious about is you wind up walking through the world and seeing companies adopting Kubernetes in different ways. How are you finding the adoption of Kubernetes is looking like inside of big E enterprise style companies? I don't have as much insight into those environments as I probably should. That's sort of a focus area for the next year for me. But in startups, it seems that it's either someone goes in and rolls it out and suddenly it's fantastic, or they avoid it entirely and do something serverless. In large enterprises, I see a lot of Kubernetes and a lot of Kubernetes stories coming out of it, but what isn't usually told is, what's the tipping point where they say, "Yeah, let's try this." Or, "Here's the problem we're trying to solve for. Let's chase it."Kelsey: What I see is enterprises buy everything. If you're big enough and you have a big enough IT budget, most enterprises have a POC of everything that's for sale, period. There's some team in some pocket, maybe they came through via acquisition. Maybe they live in a different state. Maybe it's just a new project that came out. And what you tend to see, at least from my experiences, if I walk into a typical enterprise, they may tell me something like, "Hey, we have a POC, a Pivotal Cloud Foundry, OpenShift, and we want some of that new thing that we just saw from you guys. How do we get a POC going?" So there's always this appetite to evaluate what's for sale, right? So, that's one case. There's another case where, when you start to think about an enterprise there's a big range of skillsets. Sometimes I'll go to some companies like, "Oh, my insurance is through that company, and there's ex-Googlers that work there." They used to work on things like Borg, or something else, and they kind of know how these systems work.And they have a slightly better edge at evaluating whether Kubernetes is any good for the problem at hand. And you'll see them bring it in. Now that same company, I could drive over to the other campus, maybe it's five miles away and that team doesn't even know what Kubernetes is. And for them, they're going to be chugging along with what they're currently doing. So then the challenge becomes if Kubernetes is a great fit, how wide of a fit it isn't? How many teams at that company should be using it? So what I'm currently seeing as there are some enterprises that have found a way to make Kubernetes the place where they do a lot of new work, because that makes sense. A lot of enterprises to my surprise though, are actually stepping back and saying, "You know what? We've been stitching together our own platform for the last five years. We had the Netflix stack, we got some Spring Boot, we got Console, we got Vault, we got Docker. And now this whole thing is getting a little more fragile because we're doing all of this glue code."Kubernetes, We've been trying to build our own Kubernetes and now that we know what it is and we know what it isn't, we know that we can probably get rid of this kind of bespoke stack ourselves and just because of the ecosystem, right? If I go to HashiCorp's website, I would probably find the word Kubernetes as much as I find the word Nomad on their site because they've made things like Console and Vault become first-class offerings inside of the world of Kubernetes. So I think it's that momentum that you see across even People Oracle, Juniper, Palo Alto Networks, they're all have seem to have a Kubernetes story. And this is why you start to see the enterprise able to adopt it because it's so much in their face and it's where the ecosystem is going.Corey: It feels like a lot of the excitement and the promise and even the same problems that Kubernetes is aimed at today, could have just as easily been talked about half a decade ago in the context of OpenStack. And for better or worse, OpenStack is nowhere near where it once was. It would felt like it had such promise and such potential and when it didn't pan out, that left a lot of people feeling relatively sad, burnt out, depressed, et cetera. And I'm seeing a lot of parallels today, at least between what was said about OpenStack and what was said about Kubernetes. How do you see those two diverging?Kelsey: I will tell you the big difference that I saw, personally. Just for my personal journey outside of Google, just having that option. And I remember I was working at a company and we were like, "We're going to roll our own OpenStack. We're going to buy a free BSD box and make it a file server. We're going all open sources," like do whatever you want to do. And that was just having so many issues in terms of first-class integrations, education, people with the skills to even do that. And I was like, "You know what, let's just cut the check for VMware." We want virtualization. VMware, for the cost and when it does, it's good enough. Or we can just actually use a cloud provider. That space in many ways was a purely solved problem. Now, let's fast forward to Kubernetes, and also when you get OpenStack finished, you're just back where you started.You got a bunch of VMs and now you've got to go figure out how to build the real platform that people want to use because no one just wants a VM. If you think Kubernetes is low level, just having OpenStack, even OpenStack was perfect. You're still at square one for the most part. Maybe you can just say, "Now I'm paying a little less money for my stack in terms of software licensing costs," but from an extraction and automation and API standpoint, I don't think OpenStack moved the needle in that regard. Now in the Kubernetes world, it's solving a huge gap.Lots of people have virtual machine sprawl than they had Docker sprawl, and when you bring in this thing by Kubernetes, it says, "You know what? Let's reign all of that in. Let's build some first-class abstractions, assuming that the layer below us is a solved problem." You got to remember when Kubernetes came out, it wasn't trying to replace the hypervisor, it assumed it was there. It also assumed that the hypervisor had APIs for creating virtual machines and attaching disc and creating load balancers, so Kubernetes came out as a complementary technology, not one looking to replace. And I think that's why it was able to stick because it solved a problem at another layer where there was not a lot of competition.Corey: I think a more cynical take, at least one of the ones that I've heard articulated and I tend to agree with, was that OpenStack originally seemed super awesome because there were a lot of interesting people behind it, fascinating organizations, but then you wound up looking through the backers of the foundation behind it and the rest. And there were something like 500 companies behind it, an awful lot of them were these giant organizations that ... they were big e-corporate IT enterprise software vendors, and you take a look at that, I'm not going to name anyone because at that point, oh will we get letters.But at that point, you start seeing so many of the patterns being worked into it that it almost feels like it has to collapse under its own weight. I don't, for better or worse, get the sense that Kubernetes is succumbing to the same thing, despite the CNCF having an awful lot of those same backers behind it and as far as I can tell, significantly more money, they seem to have all the money to throw at these sorts of things. So I'm wondering how Kubernetes has managed to effectively sidestep I guess the open-source miasma that OpenStack didn't quite manage to avoid.Kelsey: Kubernetes gained its own identity before the foundation existed. Its purpose, if you think back from the Borg paper almost eight years prior, maybe even 10 years prior. It defined this problem really, really well. I think Mesos came out and also had a slightly different take on this problem. And you could just see at that time there was a real need, you had choices between Docker Swarm, Nomad. It seems like everybody was trying to fill in this gap because, across most verticals or industries, this was a true problem worth solving. What Kubernetes did was played in the exact same sandbox, but it kind of got put out with experience. It's not like, "Oh, let's just copy this thing that already exists, but let's just make it open."And in that case, you don't really have your own identity. It's you versus Amazon, in the case of OpenStack, it's you versus VMware. And that's just really a hard place to be in because you don't have an identity that stands alone. Kubernetes itself had an identity that stood alone. It comes from this experience of running a system like this. It comes from research and white papers. It comes after previous attempts at solving this problem. So we agree that this problem needs to be solved. We know what layer it needs to be solved at. We just didn't get it right yet, so Kubernetes didn't necessarily try to get it right.It tried to start with only the primitives necessary to focus on the problem at hand. Now to your point, the extension interface of Kubernetes is what keeps it small. Years ago I remember plenty of meetings where we all got in rooms and said, "This thing is done." It doesn't need to be a PaaS. It doesn't need to compete with serverless platforms. The core of Kubernetes, like Linux, is largely done. Here's the core objects, and we're going to make a very great extension interface. We're going to make one for the container run time level so that way people can swap that out if they really want to, and we're going to do one that makes other APIs as first-class as ones we have, and we don't need to try to boil the ocean in every Kubernetes release. Everyone else has the ability to deploy extensions just like Linux, and I think that's why we're avoiding some of this tension in the vendor world because you don't have to change the core to get something that feels like a native part of Kubernetes.Corey: What do you think is currently being the most misinterpreted or misunderstood aspect of Kubernetes in the ecosystem?Kelsey: I think the biggest thing that's misunderstood is what Kubernetes actually is. And the thing that made it click for me, especially when I was writing the tutorial Kubernetes The Hard Way. I had to sit down and ask myself, "Where do you start trying to learn what Kubernetes is?" So I start with the database, right? The configuration store isn't Postgres, it isn't MySQL, it's Etcd. Why? Because we're not trying to be this generic data stores platform. We just need to store configuration data. Great. Now, do we let all the components talk to Etcd? No. We have this API server and between the API server and the chosen data store, that's essentially what Kubernetes is. You can stop there. At that point, you have a valid Kubernetes cluster and it can understand a few things. Like I can say, using the Kubernetes command-line tool, create this configuration map that stores configuration data and I can read it back.Great. Now I can't do a lot of things that are interesting with that. Maybe I just use it as a configuration store, but then if I want to build a container platform, I can install the Kubernetes kubelet agent on a bunch of machines and have it talk to the API server looking for other objects you add in the scheduler, all the other components. So what that means is that Kubernetes most important component is its API because that's how the whole system is built. It's actually a very simple system when you think about just those two components in isolation. If you want a container management tool that you need a scheduler, controller, manager, cloud provider integrations, and now you have a container tool. But let's say you want a service mesh platform. Well in a service mesh you have a data plane that can be Nginx or Envoy and that's going to handle routing traffic. And you need a control plane. That's going to be something that takes in configuration and it uses that to configure all the things in a data plane.Well, guess what? Kubernetes is 90% there in terms of a control plane, with just those two components, the API server, and the data store. So now when you want to build control planes, if you start with the Kubernetes API, we call it the API machinery, you're going to be 95% there. And then what do you get? You get a distributed system that can handle kind of failures on the back end, thanks to Etcd. You're going to get our backs or you can have permission on top of your schemas, and there's a built-in framework, we call it custom resource definitions that allows you to articulate a schema and then your own control loops provide meaning to that schema. And once you do those two things, you can build any platform you want. And I think that's one thing that it takes a while for people to understand that part of Kubernetes, that the thing we talk about today, for the most part, is just the first system that we built on top of this.Corey: I think that's a very far-reaching story with implications that I'm not entirely sure I am able to wrap my head around. I hope to see it, I really do. I mean you mentioned about writing Learn Kubernetes the Hard Way and your tutorial, which I'll link to in the show notes. I mean my, of course, sarcastic response to that recently was to register the domain Kubernetes the Easy Way and just re-pointed to Amazon's ECS, which is in no way shape or form Kubernetes and basically has the effect of irritating absolutely everyone as is my typical pattern of behavior on Twitter. But I have been meaning to dive into Kubernetes on a deeper level and the stuff that you've written, not just the online tutorial, both the books have always been my first port of call when it comes to that. The hard part, of course, is there's just never enough hours in the day.Kelsey: And one thing that I think about too is like the web. We have the internet, there's webpages, there's web browsers. Web Browsers talk to web servers over HTTP. There's verbs, there's bodies, there's headers. And if you look at it, that's like a very big complex system. If I were to extract out the protocol pieces, this concept of HTTP verbs, get, put, post and delete, this idea that I can put stuff in a body and I can give it headers to give it other meaning and semantics. If I just take those pieces, I can bill restful API's.Hell, I can even bill graph QL and those are just different systems built on the same API machinery that we call the internet or the web today. But you have to really dig into the details and pull that part out and you can build all kind of other platforms and I think that's what Kubernetes is. It's going to probably take people a little while longer to see that piece, but it's hidden in there and that's that piece that's going to be, like you said, it's going to probably be the foundation for building more control planes. And when people build control planes, I think if you think about it, maybe Fargate for EKS represents another control plane for making a serverless platform that takes to Kubernetes API, even though the implementation isn't what you find on GitHub.Corey: That's the truth. Whenever you see something as broadly adopted as Kubernetes, there's always the question of, "Okay, there's an awful lot of blog posts." Getting started to it, learn it in 10 minutes, I mean at some point, I'm sure there are some people still convince Kubernetes is, in fact, a breakfast cereal based upon what some of the stuff the CNCF has gotten up to. I wouldn't necessarily bet against it socks today, breakfast cereal tomorrow. But it's hard to find a decent level of quality, finding the certain quality bar of a trusted source to get started with is important. Some people believe in the hero's journey, story of a narrative building.I always prefer to go with the morons journey because I'm the moron. I touch technologies, I have no idea what they do and figure it out and go careening into edge and corner cases constantly. And by the end of it I have something that vaguely sort of works and my understanding's improved. But I've gone down so many terrible paths just by picking a bad point to get started. So everyone I've talked to who's actually good at things has pointed to your work in this space as being something that is authoritative and largely correct and given some of these people, that's high praise.Kelsey: Awesome. I'm going to put that on my next performance review as evidence of my success and impact.Corey: Absolutely. Grouchy people say, "It's all right," you know, for the right people that counts. If people want to learn more about what you're up to and see what you have to say, where can they find you?Kelsey: I aggregate most of outward interactions on Twitter, so I'm @KelseyHightower and my DMs are open, so I'm happy to field any questions and I attempt to answer as many as I can.Corey: Excellent. Thank you so much for taking the time to speak with me today. I appreciate it.Kelsey: Awesome. I was happy to be here.Corey: Kelsey Hightower, Principal Developer Advocate at Google. I'm Corey Quinn. This is Screaming in the Cloud. If you've enjoyed this podcast, please leave a five-star review on Apple podcasts. If you've hated this podcast, please leave a five-star review on Apple podcasts and then leave a funny comment. Thanks.Announcer: This has been this week's episode of Screaming in the Cloud. You can also find more Core at screaminginthecloud.com or wherever fine snark is sold.Announcer: This has been a HumblePod production. Stay humble.
In this month's episode Arjen, JM, and Guy discuss the news from January 2022. Well, everything announced after re:Invent really, but that's mostly from January. There are good announcements all over; from a new Console Home to unpronounceable instance types, but there is also some news around the podcast that's either good or bad depending on how you interpret it. Find us at melb.awsug.org.au or as @AWSMelb on Twitter. News Finally in Sydney Amazon EC2 R6i instances are now available in 8 additional regions Amazon EC2 C6i instances are now available in 10 additional regions AWS Panorama is now available in Asia Pacific (Sydney), and Asia Pacific (Singapore) AWS Resilience Hub expands to 13 additional AWS Regions AWS Direct Connect announces new location in Australia Serverless AWS Lambda now supports Internet Protocol Version 6 (IPv6) endpoints for inbound connections Amazon Virtual Private Cloud (VPC) now supports Bring Your Own IPv6 Addresses (BYOIPv6) - Old announcement mentioned in show Announcing AWS Serverless Application Model (SAM) CLI support for local testing of AWS Cloud Development Kit (CDK) AWS Lambda now supports ES Modules and Top-Level Await for Node.js 14 AWS Lambda now supports Max Batching Window for Amazon MSK, Apache Kafka, Amazon MQ for Apache Active MQ and RabbitMQ as event sources Containers Amazon EKS now supports Internet Protocol version 6 (IPv6) Amazon Elastic Kubernetes Service Adds IPv6 Networking | AWS News Blog EBS CSI driver now available in EKS add-ons in preview Amazon ECS launches new simplified console experience for creating ECS clusters and task definitions ACM Private CA Kubernetes cert-manager plugin is production ready Amazon EMR on EKS adds support for customized container images for AWS Graviton-based EC2 instances Amazon ECR adds the ability to monitor repository pull statistics Amazon ECS now supports Amazon ECS Exec and Amazon Linux 2 for on-premises container workloads EC2 & VPC Introducing Amazon EC2 Hpc6a instances New – Amazon EC2 Hpc6a Instance Optimized for High Performance Computing | AWS News Blog New – Amazon EC2 X2iezn Instances Powered by the Fastest Intel Xeon Scalable CPU for Memory-Intensive Workloads Instance Tags now available on the Amazon EC2 Instance Metadata Service Amazon EC2 On-Demand Capacity Reservations now support Cluster Placement Groups AWS Compute Optimizer makes it easier to optimize by leveraging multiple EC2 instance architectures AWS Announces New Launch Speed Optimizations for Microsoft Windows Server Instances on Amazon EC2 Amazon EC2 customers can now use ED25519 keys for authentication with EC2 Instance Connect Metrics now available for AWS PrivateLink Dev & Ops Amazon Corretto January Quarterly Updates Amazon CloudWatch Logs announces AWS Organizations support for cross account Subscriptions AWS Toolkit for JetBrains IDEs adds support for ECS-Exec for troubleshooting ECS containers AWS Systems Manager Automation now enables you to take action in third-party applications through webhooks Security AWS Secrets Manager now automatically enables SSL connections when rotating database secrets AWS announces phone number enrichments for Amazon Fraud Detector Models Announcing AWS CloudTrail Lake, a managed audit and security lake AWS Firewall Manager now supports AWS Shield Advanced automatic application layer DDoS mitigation Amazon SNS now supports Attribute-based access controls (ABAC) Amazon GuardDuty now detects EC2 instance credentials used from another AWS account Amazon GuardDuty Enhances Detection of EC2 Instance Credential Exfiltration | AWS News Blog Amazon GuardDuty now protects Amazon Elastic Kubernetes Service clusters AWS Security Hub integrates with AWS Health AWS Trusted Advisor now integrates with AWS Security Hub AWS Client VPN now supports banner text and maximum session duration Data Storage & Processing Databases AWS Migration Hub Strategy Recommendations adds support for Babelfish for Aurora PostgreSQL Now DynamoDB can return the throughput capacity consumed by PartiQL API calls to help you optimize your queries and throughput costs Amazon DocumentDB (with MongoDB compatibility) adds support for $mergeObjects and $reduce Amazon DocumentDB (with MongoDB compatibility) adds additional Geospatial query capabilities Amazon DocumentDB (with MongoDB compatibility) now offers a free trial Amazon RDS Performance Insights now supports query execution plan capture for RDS for Oracle Glue Introducing Autoscaling in AWS Glue jobs (Preview) Introducing AWS Glue Interactive Sessions and Job Notebooks (Preview) Announcing Personal Identifiable Information (PII) detection and remediation in AWS Glue (Preview) EMR Introducing real-time collaborative notebooks with EMR Studio Introducing SQL Explorer in EMR Studio Amazon EMR now supports Apache Iceberg, a highly performant, concurrent, ACID-compliant table format for data lakes Amazon EMR on EKS adds error message details in DescribeJobRun API response to simplify debugging Amazon EMR on EKS adds support for customized container images for interactive jobs run using managed endpoints Amazon EMR now supports Apache Spark SQL to insert data into and update Glue Data Catalog tables when Lake Formation integration is enabled OpenSearch Amazon OpenSearch Service (successor to Amazon Elasticsearch Service) now supports OpenSearch version 1.1 Amazon OpenSearch Service (successor to Amazon Elasticsearch Service) now supports anomaly detection for historical data Fine grained access control now supported on existing Amazon OpenSearch Service domains Redshift Announcing AWS Data Exchange for Amazon Redshift Amazon Redshift Spectrum now offers custom data validation rules Other New – Replication for Amazon Elastic File System (EFS) Amazon ElastiCache adds support for streaming and storing Redis engine logs AWS Storage Gateway management console simplifies gateway creation and management Amazon S3 File Gateway adds schedule-based network bandwidth throttling Amazon FSx for NetApp ONTAP now provides performance and capacity metrics in Amazon CloudWatch AI & ML SageMaker Amazon SageMaker Pipelines now offers native EMR integration for large scale data processing Amazon SageMaker Pipelines now supports concurrency control Amazon SageMaker JumpStart adds LightGBM and CatBoost Models for Tabular Data Amazon SageMaker Feature Store connector for Apache Spark for easy batch data ingestion Announcing SageMaker Training support for ml.g5 instances Other Amazon Kendra launches support for query language Amazon Forecast now supports AWS CloudFormation for managing dataset and dataset group resources Amazon Rekognition improves accuracy of Content Moderation for Video AWS Panorama Appliances now available for purchase on Amazon.com and Amazon Business Amazon Textract adds synchronous support for single page PDF documents and support for PDF documents containing JPEG 2000 encoded images Other Cool Stuff Now Open – AWS Asia Pacific (Jakarta) Region | AWS News Blog Announcing the new Console Home in AWS Management Console A New AWS Console Home Experience | AWS News Blog Amazon Nimble Studio launches the ability to validate launch profile configurations via the Nimble Studio console AWS Elastic Disaster Recovery now supports failback automation Amazon Interactive Video Service adds thumbnail configuration Announcing matrix routing for Amazon Location Service Amazon Location Service enables request-based pricing for all customer use cases IoT AWS IoT Device Management launches Automated Retry capability for Jobs to improve success rates of large scale deployments AWS IoT Core for LoRaWAN Launches Two New Features to Manage and Monitor Communications Between Device and Cloud AWS IoT SiteWise Edge supports new data storage and upload prioritization strategies for intermittent cloud connectivity Sponsors CMD Solutions Silver Sponsors Cevo Versent
On The Cloud Pod this week, Jonathan is still AWOL. Also Amazon is on GuardDuty with credential exfiltration, Google Cloud Deploy is generally available, and Azure is suffering from more serious DDoS attacks. A big thanks to this week's sponsors: Foghorn Consulting, which provides full-stack cloud solutions with a focus on strategy, planning and execution for enterprises seeking to take advantage of the transformative capabilities of AWS, Google Cloud and Azure. This week's highlights
Links: Three vulnerabilities: https://blog.wiz.io/black-hat-2021-aws-cross-account-vulnerabilities-how-isolated-is-your-cloud-environment/ Embarrassingly long time: https://Twitter.com/christophetd/status/1486610249045925890 “Companies Leave Vast Amounts of Sensitive Data Unprotected”: https://www.propublica.org/article/identity-theft-surged-during-the-pandemic-heres-where-a-lot-of-the-stolen-data-came-from?token=pIt-Qx8lrKMcPei_lM3rFDQpHXkkcxXQ Google Drive started mistakenly flagging files as infringing copyright: https://www.theregister.com/2022/01/25/google_drive_copyright_infringement/ “How to deploy AWS Network Firewall to help protect your network from malware”: https://aws.amazon.com/blogs/security/how-to-deploy-aws-network-firewall-to-help-protect-your-network-from-malware/ “How to use tokenization to improve data security and reduce audit scope”: https://aws.amazon.com/blogs/security/how-to-use-tokenization-to-improve-data-security-and-reduce-audit-scope/ “Ransomware-resistant backups with S3”: https://www.franzoni.eu/ransomware-resistant-backups/ TranscriptCorey: This is the AWS Morning Brief: Security Edition. AWS is fond of saying security is job zero. That means it's nobody in particular's job, which means it falls to the rest of us. Just the news you need to know, none of the fluff.Corey: This episode is sponsored in part by our friends at Sysdig. Sysdig is the solution for securing DevOps. They have a blog post that went up recently about how an insecure AWS Lambda function could be used as a pivot point to get access into your environment. They've also gone deep in-depth with a bunch of other approaches to how DevOps and security are inextricably linked. To learn more, visit sysdig.com and tell them I sent you. That's S-Y-S-D-I-G dot com. My thanks to them for their continued support of this ridiculous nonsense.After the content for this episode was effectively laid out, AWS did a late Friday night announcement of a new GuardDuty enhancement that would automatically opt people in to a chargeable service unless they explicitly opted each account out. This obviously doesn't thrill me or other affected customers. so, as I record this, the situation is still evolving, but rest assured I'm going to have further thoughts on this next week.Now, let's see what happened last week in AWS security. so, last year, Wiz found three vulnerabilities that allowed attackers to read or write into other customers' AWS accounts. This flew beneath the radar at the time, but they're all coming out of the woodwork now, and AWS's security reputation, more or less, lies in tatters, replaced by a reputation for clamming up and admitting nothing. I'm already wincing at this summer's re:Inforce keynote. if they try their usual messaging line, it's not going to end well for them.There was apparently a serious vulnerability within the Linux polkit library. It took Amazon Linux an embarrassingly long time to acknowledge it and put out a release. Now, I'm not a fan of single-vendor Linux installs; any bets on how many non-Amazonians have commit rights to the distribution?Failing to learn from experience is never a great look, but as per ProPublica, “Companies Leave Vast Amounts of Sensitive Data Unprotected” despite decades of breaches. Please, please, please, if you're listening to this, don't be one of them. There's no value in buying the latest whiz-bang vendor software to defend against state-level actors if you're going to leave the S3 bucket containing the backups open to the world.And an uncomfortable reminder that we might not be the only parties perusing our “private” files stored within various cloud providers, Google Drive started mistakenly flagging files as infringing copyright. Now, amusingly the files in question tended to consist entirely of a single character within the file, but the reminder isn't usually something that cloud providers want dangled in front of us. Once again we are, in fact, reminded that Google considers privacy to be keeping information between you and Google.Corey: You know the drill: you're just barely falling asleep and you're jolted awake by an emergency page. That's right, it's your night on call, and this is the bad kind of Call of Duty. The good news is, is that you've got New Relic, so you can quickly run down the incident checklist and find the problem. You have an errors inbox that tells you that Lambdas are good, RUM is good, but something's up in APM. So, you click the error and find the deployment marker where it all began. Dig deeper, there's another set of errors. What is it? Of course, it's Kubernetes, starting after an update. You ask that team to roll back and bam, problem solved. That's the value of combining 16 different monitoring products into a single platform: you can pinpoint issues down to the line of code quickly. That's why the Dev and Ops teams at DoorDash, GitHub, Epic Games, and more than 14,000 other companies use New Relic. The next late-night call is just waiting to happen, so get New Relic before it starts. And you can get access to the whole New Relic platform at 100 gigabytes of data free, forever, with no credit card. Visit newrelic.com/morningbrief that's newrelic.com/morningbrief.AWS had a couple interesting blog posts. One of them was “How to deploy AWS Network Firewall to help protect your network from malware”. and I'm torn on this service, to be honest, because On the one hand, it extends the already annoying pricing model of the Managed NAT Gateway, but On the other, it provides a lot more than simple address translation and is cost-competitive with a number of other solutions in this space. I think I'm going to land on, “use it if it makes sense for you, but don't expect it to be cheap.”And a great blog post from AWS security folks—which is, honestly, something I have said a lot in the past, and I look forward to saying a lot more of in the future—“How to use tokenization to improve data security and reduce audit scope”. “Reducing the scope” is one of the best ways to make audits hurt less, but it tends to be infrequently discussed. This is worth paying attention to.And lastly, there was an interesting tool that came out. Well, not really so much an interesting tool so much as an interesting blog post that's a step-by-step walkthrough that features some open-source software and a few configuration options gets you to a place of “Ransomware-resistant backups with S3”. It leverages the Duplicity open-source tool but doesn't handwave over how the integration works. More like this, please. And that's what happened last week in AWS security. Thanks for listening, and I'll talk to you more next week.Corey: Thank you for listening to the AWS Morning Brief: Security Edition with the latest in AWS security that actually matters. Please follow AWS Morning Brief on Apple Podcast, Spotify, Overcast—or wherever the hell it is you find the dulcet tones of my voice—and be sure to sign up for the Last Week in AWS newsletter at lastweekinaws.com.Announcer: This has been a HumblePod production. Stay humble.
On The Cloud Pod this week, the team finds out whose re:Invent 2021 crystal ball was most accurate. Also Graviton3 is announced, and Adam Selipsky gives his first re:Invent keynote. A big thanks to this week's sponsors: Foghorn Consulting, which provides full-stack cloud solutions with a focus on strategy, planning and execution for enterprises seeking to take advantage of the transformative capabilities of AWS, Google Cloud and Azure. JumpCloud, which offers a complete platform for identity, access, and device management — no matter where your users and devices are located. This week's highlights
Dans le bonus de notre épisode #330 : Fedora > AWS se base sur Fedora pour la prochaine Amazon Linux. (source) Puces > La pénurie de puces électroniques pourrait bien se prolonger. (source) Razer > Snapdragon et Razer s'associent pour un modèle de console portable. (source) Innovation > Un appareil photo de la taille d'un grain de sel. (source)
Dans le bonus de notre épisode #330 :Fedora > AWS se base sur Fedora pour la prochaine Amazon Linux. (source)Puces > La pénurie de puces électroniques pourrait bien se prolonger. (source)Razer > Snapdragon et Razer s'associent pour un modèle de console portable. (source)Innovation > Un appareil photo de la taille d'un grain de sel. (source)
In this episode Noah and Steve discuss migrating moving into a datacenter. Amazon Linux 3 is based off of Fedora, a new GPD Pocket 3 is out and is an IT sysadmin's dream, a privacy respecting voice assistant, join us for a packed show! -- During The Show -- 01:41 Fedora Feedback & Tumbleweed Challenge - Bhikhu Get Fedora (getfedora.org) Get OpenSuse Tumbleweed (https://get.opensuse.org/tumbleweed/) Fedora is not unstable What should we look for in OpenSuse Tumbleweed? - Write In! Underlying distribution seems matter less now days What is the primary use of OpenSuse Tumbleweed? - Write In! Linux Delta (http://www.linuxdelta.com/) 09:20 RE: Key Mapping - Matt Key-Mapper Github (https://github.com/sezanzeb/key-mapper) 10:54 User Provides Script to Check HTTPS - Cory Click To Expand ``` #!/usr/bin/env python3 #based on https://stackoverflow.com/a/52575489 from urllib.request import Request, urlopen, ssl, socket from urllib.error import URLError, HTTPError import json from dateutil import parser for site in { 'asknoahshow.com', 'www.asknoahshow.com', 'podcast.asknoahshow.com', 'altispeed.com', 'www.altispeed.com', }: context = ssl.create_default_context() try: with socket.create_connection((site, '443')) as sock: with context.wrap_socket(sock, server_hostname=site) as ssock: expiration = parser.parse(ssock.getpeercert()['notAfter']) print(f"{str(expiration.date())} {site} ({ssock.version()})") #data = json.dumps(ssock.getpeercert()) except Exception as e: # socket.gaierror, ConnectionRefusedError, ConnectionResetError, ssl.SSLCertVerificationError, etc. print(f"---------- {site} {str(e)}") ``` Banking this for work! Register for Less (R4l.com) Free Hosting doesn't include HTTPS Changes coming at the end of the year 14:32 Episode 257 Feedback - Kevin Netbox (https://github.com/netbox-community/netbox) 16:05 Open Source ITSM Software - Mauro GLPI Project (https://glpi-project.org/) 17:22 Caller Katana RaspberryPi HiFi Hats? HiFi Berry (https://www.hifiberry.com/) Volumio (https://volumio.com/en/) Behringer (https://www.behringer.com/product.html?modelCode=P0484) 24:00 Bot Feedback - Sunjam Home Lab OS (https://homelabos.com/) 25:30 Bot Feedback - DJ Thanks Noah and Steve OpenVPN worked! 26:15 Pick of the Week Graphical Docker App for Linux Dockeye Github (https://github.com/vv9k/dockeye) Portainer (https://www.portainer.io/) 28:00 Gadget of the Week GPD Pocket 1 is awesome This device has changed my life GPD Pocket 3 (https://www.indiegogo.com/projects/pocket-3-a-modular-and-full-featured-handheld-pc#/) Designed for IT work Modular IO Ports Comes with a stylus 38:26 Amazon Linux 3 Based on Fedora Community Linux IT World Canada Article (https://www.itworldcanada.com/post/amazon-linux-3-to-be-based-on-fedora-community-linux) SeLinux on by default Companies moving from "Tried & True" to "Rolling & Community" 42:00 Genie Open Source Virtual Assistant Voicebot AI (https://voicebot.ai/2021/11/26/open-source-virtual-assistant-almond-renamed-genie/) OVAL (https://oval.cs.stanford.edu/) Stanford University's Open Virtual Assistant Lab (OVAL) rebranded its Almond assistant as Genie Mycroft (https://mycroft.ai/) Competition is good Rhasspy (https://rhasspy.readthedocs.io/en/latest/) 46:55 NVidia DLSS on Linux https://www.theverge.com/22803980/nvidia-dlss-linux-arrived-proton-game-deathloop-support Available in Proton 6.3-8 Still Need to set PROTONENABLENVAPI = 1 dxgi.nvapiHack = False Available on Nvidea Only (not on the Steam Deck) 48:30 Libreddit: Private front-end for Reddit Libreddit (https://www.reddit.com/r/linux/comments/r5e3vh/libreddit_private_frontend_for_reddit/) Alternative private front-end for Reddit 49:30 Steve's Day Job Preview/Future Altispeed Steve is a Red Hat Architect Containerize Altispeed Technologies HA/Redundancy/Fail Over SLAs Where Altispeed is at now Where Altispeed wants to go Altispeed Sandbox Skating to where the puck is going Move platforms then "modernize" Call to Action Send us your questions Special episode Sept 21 Special Event - Altispeed Technologies Roundtable Thurs Dec 9, 6 pm central OSV 23 (https://www.opensourcevoices.org/23) -- The Extra Credit Section -- For links to the articles and material referenced in this week's episode check out this week's page from our podcast dashboard! This Episode's Podcast Dashboard (http://podcast.asknoahshow.com/261) Phone Systems for Ask Noah provided by Voxtelesys (http://www.voxtelesys.com/asknoah) Join us in our dedicated chatroom #GeekLab:linuxdelta.com on Matrix (https://element.linuxdelta.com/#/room/#geeklab:linuxdelta.com) -- Stay In Touch -- Find all the resources for this show on the Ask Noah Dashboard Ask Noah Dashboard (http://www.asknoahshow.com) Need more help than a radio show can offer? Altispeed provides commercial IT services and they're excited to offer you a great deal for listening to the Ask Noah Show. Call today and ask about the discount for listeners of the Ask Noah Show! Altispeed Technologies (http://www.altispeed.com/) Contact Noah live [at] asknoahshow.com -- Twitter -- Noah - Kernellinux (https://twitter.com/kernellinux) Ask Noah Show (https://twitter.com/asknoahshow) Altispeed Technologies (https://twitter.com/altispeed) Special Guest: Steve Ovens.
Cloud Posse holds public "Office Hours" every Wednesday at 11:30am PST to answer questions on all things related to DevOps, Terraform, Kubernetes, CICD. Basically, it's like an interactive "Lunch & Learn" session where we get together for about an hour and talk shop. These are totally free and just an opportunity to ask us (or our community of experts) any questions you may have. You can register here: https://cloudposse.com/office-hoursJoin the conversation: https://slack.cloudposse.com/Find out how we can help your company:https://cloudposse.com/quizhttps://cloudposse.com/accelerate/Learn more about Cloud Posse:https://cloudposse.comhttps://github.com/cloudpossehttps://sweetops.com/https://newsletter.cloudposse.comhttps://podcast.cloudposse.com/[00:00:00] Intro[00:04:00] AWS Proton Adds Terraform for infrastructure provisioninghttps://aws.amazon.com/about-aws/whats-new/2021/11/aws-proton-terraform-infrastructure/[00:05:55] AWS Proton introduces Git management of infrastructure as code templateshttps://aws.amazon.com/about-aws/whats-new/2021/11/aws-proton-git-infrastructure-code-templates/[00:10:43] Amazon Linux 2022https://aws.amazon.com/linux/amazon-linux-2022/?amazon-linux-whats-new.sort-by=item.additionalFields.postDateTime&amazon-linux-whats-new.sort-order=desc[00:12:11] Announcing Pull Through Cache Repositories for ECR and terraform provider support cominghttps://aws.amazon.com/blogs/aws/announcing-pull-through-cache-repositories-for-amazon-elastic-container-registry/https://github.com/hashicorp/terraform-provider-aws/issues/21951[00:17:10] AWS EMR Serverless in previewhttps://aws.amazon.com/about-aws/whats-new/2021/11/amazon-emr-serverless-preview/[00:19:06] AWS Control Tower introduces Terraform account provisioning and customization (with weird modules)https://aws.amazon.com/about-aws/whats-new/2021/11/aws-control-tower-terraform/https://github.com/aws-ia/terraform-aws-control_tower_account_factory[00:23:58] AWS Karpenter v0.5 Now Generally Availablehttps://aws.amazon.com/about-aws/whats-new/2021/11/aws-karpenter-v0-5/[00:28:45] AWS WAF adds support for Captcha (e.g. like Cloudflare)https://aws.amazon.com/about-aws/whats-new/2021/11/aws-waf-captcha-support/[00:33:45] Has anyone migrated an existing organisation into control tower? How did it go? @Alex Jurkiewicz [00:34:45] I wanna open a discussion regarding tagging/labeling conventions that are used company wide. And what tags do you guys use ? @Sherif Abdel-Naby[00:48:06] I have some nested providers that I'm moving to the root module. My approach is to replace the nested providers in the state file, with the root-level providers, which seems to be working. Any advice, suggestions? @Eric Berg[00:52:17] Outro #officehours,#cloudposse,#sweetops,#devops,#sre,#terraform,#kubernetes,#awsSupport the show (https://cloudposse.com/office-hours/)
Want to give your ears a break and read this as an article? You're looking for this link. https://www.lastweekinaws.com/blog/amazon-linux-2022-codename-setenforce-0Never miss an episode Join the Last Week in AWS newsletter Subscribe wherever you get your podcasts Help the show Leave a review Share your feedback Subscribe wherever you get your podcasts What's Corey up to? Follow Corey on Twitter (@quinnypig) See our recent work at the Duckbill Group Apply to work with Corey and the Duckbill Group to help lower your AWS bill
In this episode Noah and Steve discuss migrating moving into a datacenter. Amazon Linux 3 is based off of Fedora, a new GPD Pocket 3 is out and is an IT sysadmin's dream, a privacy respecting voice assistant, join us for a packed show!
On this episode of This Week in Linux, Steam Autumn Sale 2021 & Steam Awards, NVIDIA Image Scaling SDK 1.0, Godot Engine Plus AMD's FSR, German State Switch To LibreOffice & Linux, carbonOS 2021.1 Alpha, Venus: Virtual Vulkan Driver On QEMU, Stargate Digital Audio Workstation, Wireshark 3.6, Archinstall 2.3, Amazon Linux Rebased on Fedora Linux, […]
On this episode of This Week in Linux, Steam Autumn Sale 2021 & Steam Awards, NVIDIA Image Scaling SDK 1.0, Godot Engine Plus AMD's FSR, German State Switch To LibreOffice & Linux, carbonOS 2021.1 Alpha, Venus: Virtual Vulkan Driver On QEMU, Stargate Digital Audio Workstation, Wireshark 3.6, Archinstall 2.3, Amazon Linux Rebased on Fedora Linux, Alpine Linux 3.15, Endless OS 4.0, and Deepin Linux 20.3. All that and much more on Your Weekly Source for Linux GNews! SPONSORED BY: DigitalOcean ►► https://do.co/dln Bitwarden ►► https://bitwarden.com/dln TWITTER ►► https://twitter.com/michaeltunnell MASTODON ►► https://mastodon.social/@MichaelTunnell DLN COMMUNITY ►► https://destinationlinux.network/contact FRONT PAGE LINUX ►► https://frontpagelinux.com MERCH ►► https://dlnstore.com BECOME A PATRON ►► https://tuxdigital.com/contribute This Week in Linux is produced by the Destination Linux Network: https://destinationlinux.network SHOW NOTES ►► https://tuxdigital.com/twil177 00:00 = Welcome to TWIL 177 00:27 = Steam Autumn Sale 2021 & Steam Awards 02:05 = NVIDIA Image Scaling SDK 1.0 03:42 = Godot Engine Plus AMD's FSR 05:03 = German State Switch To LibreOffice & Linux 07:35 = DigitalOcean: App Platform ( https://do.co/dln ) 08:52 = carbonOS 2021.1 Alpha 11:40 = Venus: Virtual Vulkan Driver On QEMU 14:20 = Stargate Digital Audio Workstation 15:49 = Wireshark 3.6 17:08 = Bitwarden Password Manager ( https://bitwarden.com/dln ) 18:45 = Archinstall 2.3 21:00 = Amazon Linux Rebased on Fedora Linux 22:33 = Alpine Linux 3.15 23:33 = Endless OS 4.0 24:44 = Deepin Linux 20.3 25:23 = Outro Other Videos: 7 Reasons Why Firefox Is My Favorite Web Browser: https://youtu.be/bGTBH9yr8uw 17 KDE Plasma Features That You Didn't Know About: https://www.youtube.com/watch?v=zhPIwFC4qFs How To Use Firefox's Best Feature, Multi-Account Containers: https://youtu.be/FfN5L5zAJUo 5 Reasons Why I Use KDE Plasma: https://youtu.be/b0KA6IsO1M8 Thanks For Watching! Linux #TechNews #Podcast
Heute mit: IoT, Amazon, Linux-Malware, Dax
Setting a new record for delay in editing, you can finally listen to Arjen, JM, and Guy discuss the news from April 2021. This was recorded nearly two months before it was released. News Finally in Sydney Amazon Transcribe Custom Language Models now support Australian English, British English, Hindi and US Spanish Multi-Attach for Provisioned IOPS io2 Now Available in Thirteen Additional AWS Regions AWS Transit Gateway Connect is now available in additional AWS Regions AWS CloudShell is now available in the Asia Pacific (Mumbai), Asia Pacific (Sydney), and Europe (Frankfurt) regions Serverless API Gateway Amazon API Gateway custom domain names now support multi-level base path mappings Lambda AWS Lambda@Edge changes duration billing granularity from 50ms down to 1ms Amazon CloudWatch Lambda Insights Now Supports AWS Lambda Container Images (General Availability) Amazon RDS for PostgreSQL Integrates with AWS Lambda AWS Lambda@Edge now supports Node 14.x Step Functions AWS Step Functions adds new data flow simulator for modelling input and output processing EventBridge Amazon EventBridge introduces support for cross-Region event bus targets AWS Chatbot now expands coverage of AWS Services monitored through Amazon EventBridge Amplify Data management is now generally available in the AWS Amplify Admin UI Amplify iOS now available via Swift Package Manager (SPM) AWS Amplify now orchestrates multiple Amazon DynamoDB GSI updates in a single deployment Containers eksctl now supports creating node groups using resource specifications and dry run mode AWS Secrets Manager Delivers Provider for Kubernetes Secrets Store CSI Driver EC2 & VPC Amazon EC2 Auto Scaling introduces Warm Pools to accelerate scale out while saving money Amazon VPC Flow Logs announces out-of-the-box integration with Amazon Athena MacSec Encryption for some Direct Connect (apologies, linking to this prevents the podcast from getting published :shrug:) New AWS Storage Gateway management console simplifies gateway creation and management AWS Batch now supports EFS volumes at the job level AWS Backup now supports cost allocation tags for Amazon EFS Backups Internet Group Management Protocol (IGMP) Multicast on AWS Transit Gateway is now available in major AWS regions worldwide Amazon EC2 enables replacing root volumes for quick restoration and troubleshooting Announcing availability of Red Hat Enterprise Linux with High availability for Amazon EC2 AWS Nitro Enclaves now supports Windows operating system Dev & Ops Dev Amazon CodeGuru Reviewer Updates: New Predictable Pricing Model Up To 90% Lower and Python Support Moves to GA | AWS News Blog Now available credential profile support for AWS SSO and Assume Role with MFA in the AWS Toolkit for Visual Studio AWS CodeDeploy improves support for EC2 deployments with Auto Scaling Groups AWS SAM CLI now supports AWS CDK applications - public preview Better together: AWS SAM and AWS CDK | AWS Compute Blog Proton AWS Proton allows adding and removing instances from an existing service AWS Proton introduces customer-managed environments AWS Proton adds an API to cancel deployments CloudFormation You can now deploy CloudFormation Stacks concurrently across multiple AWS regions using AWS CloudFormation StackSets AWS CloudFormation Command Line Interface (CFN-CLI) now supports TypeScript AWS CloudFormation Modules now Provides YAML and Delimiter Support Now reference latest AWS Systems Manager parameter values in AWS CloudFormation templates without specifying parameter versions You can now use macros and transforms in CloudFormation templates to create AWS CloudFormation StackSets Control Tower AWS Control Tower introduces changes to preventive S3 guardrails and updates to S3 bucket encryption protocols AWS Control Tower now provides configurable naming during Landing Zone setup Systems Manager AWS Systems Manager Run Command now displays more logs and enables log download from the console AWS Systems Manager Parameter Store now supports easier public parameter discoverability Customers can now use ServiceNow to track operational items related to AWS resources AWS Systems Manager Parameter Store now supports removal of parameter labels AWS Systems Manager now supports Amazon Elastic Container Service clusters AWS Systems Manager OpsCenter and Explorer now integrate with AWS Security Hub for diagnosis and remediation of security findings Security Firewalls How to Get Started with Amazon Route 53 Resolver DNS Firewall for Amazon VPC | AWS News Blog Reduce Unwanted Traffic on Your Website with New AWS WAF Bot Control | AWS News Blog AWS Firewall Manager now supports centralized management of Amazon Route 53 Resolver DNS Firewall AWS Firewall Manager now supports centralized deployment of the new AWS WAF Bot Control across your organization AWS WAF now supports Labels to improve rule customization and reporting Identity Review last accessed information to identify unused EC2, IAM, and Lambda permissions and tighten access for your IAM roles AWS Identity and Access Management now makes it easier to relate a user's IAM role activity to their corporate identity Other AWS Config launches the ability to track and visualize compliance change history of conformance packs AWS Security Hub Automated Response & Remediation Solution adds support for AWS Foundational Security Best Practices standard You now can use AWS CloudTrail to log Amazon DynamoDB Streams data-plane API activity Data Storage & Processing Glue Detect outliers and use dedicated transforms to handle outliers in AWS Glue DataBrew AWS Glue DataBrew now supports time-based, pattern-based and customizable parameters to create dynamic datasets AWS announces preview of AWS Glue custom blueprints AWS Glue now supports cross-account reads from Amazon Kinesis Data Streams AWS Glue now supports missing value imputation based on machine learning AWS announces data sink capability for the Glue connectors AWS Glue DataBrew announces native console integration with Amazon AppFlow to connect to data from SaaS (Software as a Service) applications and AWS services (in Preview) Redshift AQUA (Advanced Query Accelerator) – A Speed Boost for Your Amazon Redshift Queries | AWS News Blog Announcing cross-VPC support for Amazon Redshift powered by AWS PrivateLink Announcing general availability of Amazon Redshift native console integration with partners Announcing general availability of Amazon Redshift native JSON and semi-structured data support EMR Amazon EMR Release 5.33 now supports 10 new instance types Amazon EMR Studio is now generally available Athena Announcing general availability of Amazon Athena ML powered by Amazon SageMaker User Defined Functions (UDF) are now generally available for Amazon Athena RDS Amazon RDS for SQL Server now supports Extended Events Amazon RDS on VMware networking now simplified and more secure Other Amazon FSx and AWS Backup announce support for copying file system backups across AWS Regions and AWS accounts AWS Batch increases job scheduling and EC2 instance scaling performance Amazon Elasticsearch Service now supports integration with Microsoft Power BI AWS Ground Station now supports data delivery to Amazon S3 Amazon ElastiCache now supports publishing Redis logs to Amazon CloudWatch Logs and Kinesis Data Firehose AI & ML SageMaker Decrease Your Machine Learning Costs with Instance Price Reductions and Savings Plans for Amazon SageMaker | AWS News Blog New options to trigger Amazon SageMaker Pipeline executions ( EventBridge) Other Detect abnormal equipment behavior with Amazon Lookout for Equipment — now generally available Amazon Fraud Detector now supports Batch Fraud Predictions Get estimated run time for forecast creation jobs while using Amazon Forecast Amazon Kendra launches dynamic relevance tuning Other Cool Stuff WorkSpaces Amazon WorkSpaces webcam support now Generally Available Amazon WorkSpaces now supports smart cards with the WorkSpaces macOS client application IVS Amazon Interactive Video Service adds new Cloudwatch Metrics Amazon Interactive Video Service adds support for recording live streams to Amazon S3 Connect Amazon Connect launches audio device settings for the custom Contact Control Panel (CCP) Amazon Connect allows contact center managers to configure agent settings in a custom Contact Control Panel (CCP) Other AWS RoboMaker now supports the ability to configure tools for simulation jobs Amazon AppStream 2.0 adds support for fully managed image updates Amazon Managed Service for Grafana now supports Grafana Enterprise upgrade, Grafana version 7.5, Open Distro for Elasticsearch integration, and AWS Billing reports AWS Cloud9 now supports Amazon Linux 2 environments CloudWatch Metric Streams – Send AWS Metrics to Partners and to Your Apps in Real Time | AWS News Blog Announcing open source robotics projects for AWS DeepRacer Announcing Moving Graphs for CloudWatch Dashboards Amazon Nimble Studio – Build a Creative Studio in the Cloud | AWS News Blog AWS Snow Family now enables you to order, track, and manage long-term pricing Snow jobs The Nanos AWS Console Mobile Application adds support for Asia Pacific (Osaka) region (Arjen) Amazon Connect reduces telephony rates in Cyprus, Belgium, and Portugal (Guy) AWS Cloud9 now supports Amazon Linux 2 environments (Jean-Manuel) Sponsors Gold Sponsor Innablr Silver Sponsors AC3 CMD Solutions DoIT International
About Julian WoodJulian Wood is a Senior Developer Advocate for the AWS Serverless Team. He loves helping developers and builders learn about, and love, how serverless technologies can transform the way they build and run applications at any scale. Julian was an infrastructure architect and manager in global enterprises and start-ups for more than 25 years before going all-in on serverless at AWS.Twitter: @julian_woodAll things Serverless @ AWS: ServerlessLandServerless Patterns CollectionServerless Office Hours – every Tuesday 10am PTLambda ExtensionsLambda Container ImagesWatch this episode on YouTube: https://youtu.be/jtNLt3Y51-gThis episode sponsored by CBT Nuggets and Lumigo.TranscriptJeremy: Hi everyone, I'm Jeremy Daly and this is Serverless Chats. Today I'm joined by Julian Wood. Hey Julian, thanks for joining me.Julian: Hey Jeremy, thank you so much for inviting me.Jeremy: Well, I am super excited to have you here. I have been following your work for a very long time and of course, big fan of AWS. So you are a Serverless Developer Advocate at AWS, and I'd love it if you could just tell the listeners a little bit about your background, so they get to know you a bit. And then also, sort of what your role is at AWS.Julian: Yeah, certainly. Well, I'm Julian Wood. I am based in London, but yeah, please don't let my accent fool you. I'm actually originally from South Africa, so the language purists aren't scratching their heads anymore. But yeah, I work within the Serverless Team at AWS, and hopefully do a number of things. First of all, explain what we're up to and how our sort of serverless things work and sort of, I like to sometimes say a bit cheekily, basically help the world fall in love with serverless as I have. And then also from the other side is to be a proxy and sort of be the voice of builders, and developers and whoever's building service applications, and be their voices internally. So you can also keep us on our toes to help build the things that will brighten your days.And just before, I've worked for too many years probably, as an infrastructure racker, stacker, architect, and manager. I've worked in global enterprises babysitting their Windows and Linux servers, and running virtualization, and doing all the operations kind of stuff to support that. But, I was always thinking there's a better way to do this and we weren't doing the best for the developers and internal customers. And so when this, you know in inverted commas, "serverless way" of things started to appear, I just knew that this was going to be the future. And I could happily leave the server side to much better and cleverer people than me. So by some weird, auspicious alignment of the stars, a while later, I managed to get my current dream job talking about serverless and talking to you.Jeremy: Yeah. Well, I tell you, I think a lot of serverless people or people who love serverless are recovering ops and infrastructure people that were doing racking and stacking. Because I too am also recovering from that and I still have nightmares.I thought that it was interesting too, how you mentioned though, developer advocacy. It's funny, you work for a specific company, AWS obviously, but even developer advocacy in general, who is that for? Who are you advocating for? Are you advocating for the developers to use the service from the company? Are you advocating for the developers so that the company can provide the services that they actually need? Interesting balance there.Julian: Yeah, it's true. I mean, the honest answer is we don't have great terms for this kind of role, but yeah, I think primarily we are advocating for the people who are developing the applications and on the outside. And to advocate for them means we've got to build the right stuff for them and get their voices internally. And there are many ways of doing that. Some people raise support requests and other kind of things, but I mean, sometimes some of our great ideas come from trolling Twitter, or yes, I know even Hacker News or that kind of thing. But also, we may get responses from 10 different people about something and that will formulate something in our brain and we'll chat with other kind of people. And that sort of starts a thing. It's not just necessarily each time, some good idea in Twitter comes in, it gets mashed into some big surface database that we all pick off.But part of our job is to be out there and try and think and be developers in whatever backgrounds we come from. And I mean, I'm not a pure software developer where I've come from, and I come, I suppose, from infrastructure, but maybe you'd call that a bit of systems engineering. So yeah, I try and bring that background to try and give input on whatever we do, hopefully, the right stuff.Jeremy: Right. Yeah. And then I think part of the job too, is just getting the information out there and getting the examples out there. And trying to create those best practices or at least surface those best practices, and encourage the community to do a lot of that work and to follow that. And you've done a lot of work with that, obviously, writing for the AWS blog. I know you have a series on the Serverless Lens and the Well-Architected Framework, and we can talk about that in a little while. But I really want to talk to you about, I guess, just the expansion of serverless over the last couple of years.I mean, it was very narrowly focused, probably, when it first came out. Lambda was ... FaaS as a whole new concept for a lot of people. And then as this progressed and we've gotten more APIs, and more services and things that it can integrate with, it just becomes complex and complicated. And that's a good thing, but also maybe a bad thing. But one of the things that AWS has done, and I think this is clearly in reaction to the developers needing it, is the ability to extend what you can do with a Lambda function, right? I mean, the idea of just putting your code in there and then, boom, that's it, that's all you have to do. That's great. But what if you do need access to lifecycle hooks? Or what if you do want to manipulate the underlying runtime or something like that? And AWS, I think has done a great job with that.So maybe we can start there. So just about the extensibility of Lambda in general. And one of the new things that was launched recently was, and recently, I don't know what was it? Seven months ago at this point? I'm not even sure. But was launched fairly recently, let's say that, is Lambda Extensions, and a couple of different flavors of that as well. Could you kind of just give the users an over, the users, wow, the listeners an overview of what Lambda Extensions are?Julian: I could hear the ops background coming in, talking about our users. Yeah. But I mean, from the get-go, serverless was always a terrible term because, why on earth would you name something for what it isn't? I mean, you know? I remember talking to DBAs, talking about noSQL, and they go, "Well, if it's not SQL, then what is it?" So we're terrible at that, serverless as well. And yeah, Lambda was very constrained when it came out. Lambda was never built being a serverless thing, that's what was the outcome. Sometimes we focus too much on the tools rather than the outcome. And the story is S3, just turning 15. And the genesis of Lambda was being an event trigger for S3, and people thought you'd upload something to S3, fire off a Lambda function, how cool is that? And then obviously the clever clubs at the time were like, "Well, hang on, let's not just do this for S3, let's do this for a whole bunch of kind of things."So Lambda was born out of that, as that got that great history, which is created an arc sort of into the present and into the future, which I know we're also going to get on about, the power of event driven applications. But the power of Lambda has always been its simplicity, and removing that operational burden, and that heavy lifting. But, sometimes that line is a bit of a gray area and there're people who can be purists about serverless and can be purists about FaaS and say, "Everything needs to be ephemeral. Lambda functions can't extend to anything else. There shouldn't be any state, shouldn't be any storage, shouldn't be any ..." All this kind of thing.And I think both of us can agree, but I don't want to speak for you, but I think both of us would agree that in some sense, yeah, that's fine. But we live in the real world and there's other stuff that needs to connect to and we're not here about building purist kind of stuff. So Lambda Extensions is a new way basically to integrate Lambda with your favorite tools. And that's the sort of headline thing we like to talk about. And the big idea is to open up Lambda to more effectively work mainly with partners, but also your own tools if you want to write them. And to sort of have deeper hooks into the Lambda lifecycle.And other partners are awesome and they do a whole bunch of stuff for serverless, plus customers also have connections to on-prem staff, or EC2 staff, or containers, or all kind of things. How can we make the tools more seamless in a way? How can we have a common set of tools maybe that you even use on-prem or in the cloud or containers or whatever? Why does Lambda have to be unique or different or that kind of thing? And Extensions is sort of one of the starts of that, is to be able to use these kind of tools and get more out of Lambda. So I mean, just the kind of tools that we've already got on board, there's things like Splunk and AppDynamics. And Lumigo, Epsagon, HashiCorp, Honeycomb, CoreLogic, Dynatrace, I can't think. Thundra and Sumo Logic, Check Point. Yeah, I'm sorry. Sorry for any partners who I've forgotten a few.Jeremy: No, right, no. That's very good. Shout them out, shout them out. No, I mean just, and not to interrupt you here, but ...Julian: No, please.Jeremy: ... I think that's great. I mean, I think that's one of the things that I like about the way that AWS deals with partners, is that ... I mean, I think AWS knows they can't solve all these problems on their own. I mean, maybe they could, right? But they would be their own way of solving the problems and there's other people who are solving these problems differently and giving you the ability to extend your Lambda functions into those partners is, there's a huge win for not only the partners because it creates that ecosystem for them, but also for AWS because it makes the product itself more valuable.Julian: Well, never mind the big win for customers because ultimately they're the one who then gets a common deployment tool, or a common observability tool, or a HashiCorp Vault that you can manage secrets and a Lambda function from HashiCorp Vault. I mean, that's super cool. I mean, also AWS services are picking this up because that's easy for them to do stuff. So if anybody's used Lambda Insights or even seen Lambda Insights in the console, it's somewhere in the monitoring thing, and you just click something over and you get this tool which can pull stuff that you can't normally get from a Lambda function. So things like CPU time and network throughput, which you couldn't normally get. But actually, under the hoods, Lambda Insights is using Lambda extensions. And you can see that if you look. It automatically adds the Lambda layer and job done.So anyway, this is how a lot of the tools work, that a layer is just added to a Lambda function and off you go, the tool can do its work. So also there's a very much a simplicity angle on this, that in a lot of cases you don't have to do anything. You configure some of the extensions via environment variables, if that's cooled you may just have an API key or a log retention value or something like that, I don't know, any kind of example of that. But you just configure that as a normal Lambda environment variable at this partner extension, which is just a Lambda layer, and off you go. Super simple.Jeremy: Right. So explain Extensions exactly, because I think that's one of those things because now we have Lambda layers and we have Lambda Extensions. And there's also like the runtime API and then something else. I mean, even I'm not 100% sure what all of the naming conventions. I'm pretty sure I know what they do ...Julian: Yeah, fair enough.Jeremy: ... but maybe we could say the names and say exactly what they do as well.Julian: Yeah, cool. You get an API, I get an API, everybody gets an API. So Lambda layers, let's just start, because that's, although it's not related to Extensions, it's how Extensions are delivered to the power core functions. And Lambda layers is just another way to add code to a Lambda function or not even code, it can be a dependency. It's just a way that you could, and it's cool because they are shareable. So you have some dependencies, or you have a library, or an SDK, or some training data for something, a Lambda layer just allows you to add some bits and bobs to your Lambda function. That's a horrible explanation. There's another word I was thinking of, because I don't want to use the word code, because it's not necessarily code, but it's dependency, whatever. It's just another way of adding something. I'll wake up in a cold sweat tonight thinking of the word I was thinking of, but anyway.But Lambda Extensions introduces a whole new companion API. So the runtime API is the little bit of code that allows your function to talk to the Lambda service. So when an event comes in, this is from the outside. This could be via API gateway or via the Lambda API, or where else, EventBridge or Step Functions or wherever. When you then transports that data rise in the Lambda services and HTTP call, and Lambda transposes that into an event and sends that onto the Lambda function. And it's that API that manages that. And just as a sidebar, what I find it cool on a sort of geeky, technical thing is, that actually API sits within the execution environment. People are like, "Oh, that's weird. Why would your Lambda API sit within the execution environment basically within the bubble that contains your function rather than it on the Lambda service?"And the cool answer for that is it's actually for a security mechanism. Like your function can then only ever talk to the Lambda runtime API, which is in that secure execution environment. And so our security can be a lot stronger because we know that no function code can ever talk directly out of your function into the Lambda service, it's all got to talk locally. And then the Lambda service gets that response from the runtime API and sends it back to the caller or whatever. Anyway, sidebar, thought that was nerdy and interesting. So what we've now done is we've released a new Extensions API. So the Extensions API is another API that an extension can use to get information from Lambda. And they're two different types of extensions, just briefly, internal and external extensions.Now, internal extensions run within the runtime process so that it's just basically another thread. So you can use this for Python or Java or something and say, when the Python runtime starts, let's start it with another parameter and also run this Java file that may do some observability, or logging, or tracing, or finding out how long the modules take to launch, for example. I know there's an example for Python. So that's one way of doing extensions. So it's internal extensions, they're two different flavors, but I'll send you a link. I'll provide a link to the blog posts before we go too far down the rabbit hole on that.And then the other part of extensions are external extensions. And this is a cool part because they actually run as completely separate processes, but still within that secure bubble, that secure execution environment that Lambda runs it. And this gives you some superpowers if you want. Because first of all, an extension can run in any language because it's a separate process. So if you've got a Node function, you could run an extension in other kind of languages. Now, what do we do recommend is you do run your extension in a compiled binary, just because you've got to provide the runtime that the extensions got to run in any way, so as a compiled binary, it's super easy and super useful. So is something like Go, a lot of people are doing because you write a single extension and Go, and then you can use it on your Node functions, your Java functions, your PowerShell functions, whatever. So that's a really good, simple way that you can have the portability.But now, what can these extensions do? Well, the extensions basically register with extensions API, and then they say to Lambda, "Lambda, I want to know about what happens when my functions invoke?" So the extension can start up, maybe it's got some initialization code, maybe it needs to connect to a database, or log into an observability platform, or pull down a secret order. That it can do, it's got its own init that can happen. And then it's basically ready to go before the function invokes. And then when the extension then registers and says, "I want to know when the function invokes and when it shuts down. Cool." And that's just something that registers with the API. Then what happens is, when a functioning invoke comes in, it tells the runtime API, "Hello, you now have an event," sends it off to the Lambda function, which the runtime manages, but also extension or extensions, multiple ones, hears information about that event. And so it can tell you the time it's going to run and has some metadata about that event. So it doesn't have the actual event data itself, but it's like the sort of Lambda context, a version of that that it's going to send to the extension.So the extension can use that to do various things. It can start collecting telemetry data. It can alter instrument some of your code. It could be managing a secret as a separate process that it is going to cache in the background. For example, we've got one with AppConfig, which is really cool. AppConfig is a service where you manage parameters external to your Lambda function. Well, each time your Lambda function warm invokes if you've got to do an external API call to retrieve that, well, it's going to be a little bit efficient. First of all, you're going to pay for it and it's going to take some time.So how about when the Lambda function runs and the extension could run before the Lambda function, why don't we just cache that locally? And then when your Lambda function runs, it just makes a local HTTP call to the extension to retrieve that value, which is going to be super quick. And some extensions are super clever because they're their own process. They will go, "Well, my value is for 30 minutes and every 30 minutes if I haven't been run, I will then update the value from that." So that's useful. Extensions can then also, when the runtime ... Sorry, let me back up.When the runtime is finished, it sends its response back to the runtime API, and extensions when they're done doing, so the runtime can send it back and the extension can carry on processing saying, "Oh, I've got the information about this. I know that this Lambda function has done X, Y, Z, so let me do, do some telemetry. Let me maybe, if I'm writing logs, I could write a log to S3 or to Kinesis or whatever. Do some kind of thing after the actual function invocation has happened." And then when it says it's ready, it says, "Hello, extensions API, I'm telling you I'm done." And then it's gone. And then Lambda freezes the execution environment, including the runtime and the extensions until another invocation happens. And the cycle then will happen.And then the last little bit that happens is, instead of an invoke coming in, we've extended the Lambda life cycles, so when the environment is going to be shut down, the extension can receive the shutdown and actually do some stuff and say, "Okay, well, I was connected to my observer HTTP platform, so let me close that connection. I've got some extra logs to flush out. I've got whatever else I need to do," and just be able to cleanly shut down that extra process that is running in parallel to the Lambda function.Jeremy: All right.Julian: So that was a lot of words.Jeremy: That was a lot and I bet you that would be great conversation for a dinner party. Really kicks things up. Now, the good news is that, first of all, thank you for that though. I mean, that's super technical and super in-depth. And for anyone listening who ...Julian: You did ask, I did warn you.Jeremy ... kind of lost their way ... Yes, but something that is really important to remember is that you likely don't have to write these yourself, right? There is all those companies you mentioned earlier, all those partners, they've already done this work. They've already figured this out and they're providing you access to their tools via this, that allows you to build things.Julian: Exactly.Jeremy: So if you want to build an extension and you want to integrate your product with Lambda or so forth, then maybe go back and listen to this at half speed. But for those of you who just want to take advantage of it because of the great functionality, a lot of these companies have already done that for you.Julian: Correct. And that's the sort of easiness thing, of just adding the Lambda layer or including in a container image. And yeah, you don't have to worry any about that, but behind the scenes, there's some really cool functionality that we're literally opening up our Lambda operates and allowing you to impact when a function responds.Jeremy: All right. All right. So let me ask another, maybe an overly technical question. I have heard, and I haven't experienced this, but that when it runs the life cycle that ends the Lambda function, I've heard something like it doesn't send the information right away, right? You have to wait for that Lambda to expire or something like that?Julian: Well, yes, for now, about to change. So currently Extensions is actually in preview. And that's not because it's in Beta or anything like that, but it's because we spoke to the partners and we didn't want to dump Extensions on the world. And all the partners had to come out with their extensions on day one and then try and figure out how customers are going to use them and everything. So what we really did, which I think in this case works out really well, is we worked with the partners and said, "Well, let's release this in preview mode and then give everybody a whole bunch of months to work out what's the best use cases, how can we best use this?" And some partners have said, "Oh, amazing. We're ready to go." And some partners have said, "Ah, it wasn't quite what we thought. Maybe we're going to wait a bit, or we're going to do something differently, or we've got some cool ideas, just give us time." And so that's what this time has been.The one other thing that has happened is we've actually added some performance enhancements during it. So yes, currently during the preview, the runtime and all extensions need to finish before we give you your response back to your Lambda function. So if you're in an asynchronous mode, you don't really care, but obviously if you're in a synchronous mode behind an API, yeah, you don't really want that. But when Extensions goes GA, which isn't going to be long, then that is no longer the case. So basically what'll happen is the runtime will respond and the result goes directly back to whoever's calling that, maybe API gateway, and the extensions can carry on, partly asynchronously in the background.Jeremy: Yep. Awesome. All right. And I know that the plan is to go GA soon. I'm not sure when around when this episode comes out, that that will be, but soon, so that's good to know that that is ...Julian: And in fact, when we go GA that performance enhancement is part of the GA. So when it goes GA, then you know, it's not something else you need to wait for.Jeremy: Perfect. Okay. All right. So let's move on to another bit of, I don't know if this is extensibility of the actual product itself or more so I think extensibility of maybe the workflow that you use to deploy to Lambda and deploy your serverless applications, and that's container image support. I mean, we've discussed it a lot. I think people kind of have an idea, but just give me your quick overview of what that is to set some context here.Julian: Yeah, sure. Well, container image support in a simple sort of headline thing is to be able to build and package your functions as a container image. So you basically build a function using a Docker file. So before if you use a zip function, but a lot of people use Serverless Framework or SAM, or whatever, that's all abstracted away from you, but it's actually creating a zip file and uploading it to Lambda or S3. So with container image support, you use a Docker file to build your Lambda function. That's the headline of what's happening.Jeremy: Right. And so the idea of creating, and this is also, and again, you mentioned packaging, right? I mean, that is the big thing here. This is a packaging format. You're not actually running the container in a Lambda function.Julian: Correct. Yeah, let's maybe think, because I mean, "containers," in inverted commas again for people who are on the audio, is ...Jeremy: What does it even mean?Julian: Yeah, exactly. And can be quite an overload of terms and definitely causes some confusion. And I sort of think maybe there's sort of four things that are in the container world. One, containers is an isolation mechanism. So on Linux, this is UNC Group, seccomp, other bits and pieces that can be used to isolate processes or maybe groups of processes. And then a second one, containers as the packaging mechanism. This is what Docker really popularized and this is about taking some code and the dependencies needed to run the code, and then packaging them all out together, maybe with some metadata to describe it.And then, three is containers as also a design philosophy. This is the idea, if we can package and isolate software, it's easier to run. Maybe smaller pieces of software is easy to reason about and manage independently. So I don't want to necessarily use microservices, but there's some component of that with it. And the emphasis here is on software rather than services, and standardized tooling to simplify your ops. And then the fourth thing is containers as an ecosystem. This is where all the products, tools, know how, all the actual things to how to do containers. And I mean, these are certain useful, but I wouldn't say there're anything about the other kind of things.What is cool and worth appreciating is how maybe independent these things are. So when I spoke about containers as isolation, well, we could actually replace containers as isolation with micro VMs such as we do with Firecracker, and there's no real change in the operational properties. So one, if we think, what are we doing with containers and why? One of those is in a way ticked off with Lambda. Lambda does have secure isolation. And containers as a packaging format. I mean, you could replace it with static linking, then maybe won't really be a change, but there's less convenience. And the design philosophy, that could really be applicable if we're talking microservices, you can have instances and certainly functions, but containers are all the same kind of thing.So if we talk about the packaging of Lambda functions, it's really for people who are more familiar with containers, why does Lambda have to be different? You've got, why does Lambda to have to be a snowflake in a way that you have to manage differently? And if you are packaging dependencies, and you're doing npm or pip install, and you're used to building Docker files, well, why can't we just do that for Lambda at the same things? And we've got some other things that come with that, larger function sizes, up to 10 gig, which is enabled with some of this technology. So it's a packaging format, but on the backend, there's a whole bunch of different stuff, which has to be done to to allow this. Benefits are, use your tooling. You've got your CI/CD pipelines already for containers, well, you can use that.Jeremy: Yeah, yeah. And I actually like that idea too. And when I first heard of it, I was like, I have nothing against containers, the containers are great. But when I was thinking about it, I'm like, "Wait container? No, what's happening here? We're losing something." But I will say, like when Lambda layers came out, which was I think maybe 2019 or something like that, maybe 2018, the idea of it made a lot of sense, being able to kind of supplement, add additional dependencies or code or whatever. But it always just seemed awkward. And some of the publishing for it was a little bit awkward. The versioning used like a numbered versioning instead of like semantic versioning and things like that. And then you had to share it to multiple places and if you published it as a SAR app, then you got global distri ... Anyways, it was a little bit hard to use.And so when you're trying to package large dependencies and put those in a layer and then combine them with a Lambda function, the other problem you had was you still had a maximum size that you could use for those, when those were combined. So I like this idea of saying like, "Look, I'd like to just kind of create this little isolate," like you said, "put my dependencies in there." Whether that's PyCharm or some other thing that is a big dependency that maybe I don't want to install, directly in a Lambda layer, or I don't want to do directly in my Lambda function. But you do that together and then that whole process just is a lot easier. And then you can actually run those containers, you could run those locally and test those if you wanted to.Julian: Correct. So that's also one of the sort of superpowers of this. And that's when I was talking about, just being able to package them up. Well, that now enables a whole bunch of extra kind of stuff. So yes, first of all is you can then use those container images that you've created as your local testing. And I know, it's silly for anyone to poo poo local testing. And we do like to say, "Well, bring your testing to the cloud rather than bringing the cloud to your testing." But testing locally for unit tests is super great. It's going to be super fast. You can iterate, have your Lambda functions, but we don't want to be mocking all of DynamoDB, all of building harebrained S3 options locally.But the cool thing is you've got the same Docker file that you're going to run in Lambda can be the same Docker file to build your function that you run locally. And it is literally exactly the same Lambda function that's going to run. And yes, that may be locally, but, with a bit of a stretch of kind of stuff, you could also run those Lambda functions elsewhere. So even if you need to run it on EC2 instances or ECS or Fargate or some kind of thing, this gives you a lot more opportunities to be able to use the same Lambda function, maybe in different way, shapes or forms, even if is on-prem. Now, obviously you can't recreate all of Lambda because that's connected to IM and it's got huge availability, and scalability, and latency and all that kind of things, but you can actually run a Lambda function in a lot more places.Jeremy: Yeah. Which is interesting. And then the other thing I had mentioned earlier was the size. So now the size of these container or these packages can be much, much bigger.Julian: Yeah, up to 10 gig. So the serverless purists in the back are shouting, "What about cold starts? What about cold starts?"Jeremy: That was my next question, yes.Julian: Yeah. I mean, back on zip functional archives are also all available, nothing changes with that Lambda layers, many people use and love, that's all available. This isn't a replacement it's just a new way of doing it. So now we've got Lambda functions that can be up to 10 gig in size and surely, surely that's got to be insane for cold starts. But actually, part of what I was talking about earlier of some of the work we've done on the backend to support this is to be able to support these super large package sizes. And the high level thing is that we actually cache those things really close to where the Lambda layer is going to be run.Now, if you run the Docker ecosystem, you build your Docker files based on base images, and so this needs to be Linux. One of the super things with the container image support is you don't have to use Amazon Linux or Amazon Linux 2 for Lambda functions, you can actually now build your Lambda functions also on Ubuntu, DBN or Alpine or whatever else. And so that also gives you a lot more functionality and flexibility. You can use the same Linux distribution, maybe across your entire suite, be it on-prem or anywhere else.Jeremy: Right. Right.Julian: And the two little components, there's an interface client, what you install, it's just another Docker layer. And that's that runtime API shim that talks to the runtime API. And then there's a runtime interface emulator and that's the thing that pretends to be Lambda, so you can shunt those events between HTTP and JSON. And that's the thing you would use to run locally. So runtime interface client means you can use any Linux distribution at the runtime interface client and you're compatible with Lambda, and then the interface emulators, what you would use for local testing, or if you want to spread your wings and run your Lambda functions elsewhere.Jeremy: Right. Awesome. Okay. So the other thing I think that container support does, I think it opens up a broader set of, or I guess a larger audience of people who are familiar with containerization and how that works, bringing those two Lambda functions. And one of the things that you really don't get when you run a container, I guess, on EC2, or, not EC2, I'm sorry, ECS, or Fargate or something like that, without kind of adding another layer on top of it, is the eventing aspect of it. I mean, Lambda just is naturally an event driven, a compute layer, right? And so, eventing and this idea of event driven applications and so forth has just become much more popular and I think much more mainstream. So what are your thoughts? What are you seeing in terms of, especially working with so many customers and businesses that are using this now, how are you seeing this sort of evolution or adoption of event driven applications?Julian: Yeah. I mean, it's quite funny to think that actually the event of an application was the genesis of Lambda rather than it being Serverless. I mentioned earlier about starting with S3. Yeah, the whole crux of Lambda has been, I respond to an event of an API gateway, or something on SQS, or via the API or anything. And so the whole point in a way of Lambda has been this event driven computing, which I think people are starting to sort of understand in a bigger thing than, "Oh, this is just the way you have to do Lambda." Because, I do think that serverless has a unique challenge where there is a new conceptual learning maybe that you have to go through. And one other thing that holds back service development is, people are used to a client's server and maybe ports and sockets. And even if you're doing containers or on-prem, or EC2, you're talking IP addresses and load balances, and sockets and firewalls, and all this kind of thing.But ultimately, when we're building these applications that are going to be composed of multiple services talking together through using APIs and events, the events is actually going to be a super part of it. And I know he is, not for so much longer, but my ultimate boss, but I can blame Jeff Bezos just a little bit, because he did say that, "If you want to talk via anything, talk via an API." And he was 100% right and that was great. But now we're sort of evolving that it doesn't just have to be an API and it doesn't have to be something behind API gateway or some API that you can run. And you can use the sort of power of events, particularly in an asynchronous model to not just be "forced" again in inverted commas to use APIs, but have far more flexibility of how data and information is going to flow through, maybe not just your application, but your suite of applications, or to and from your partners, or where that is.And ultimately authentications are going to be distributed, and maybe that is connecting to partners, that could be SaaS partners, or it's going to be an on-prem component, or maybe things in other kind of places. And those things need to communicate. And so the way of thinking about events is a super powerful way of thinking about that.Jeremy: Right. And it's not necessarily new. I mean, we've been doing web hooks for quite some time. And that idea of, something is going to happen somewhere and I want to be notified of it, is again, not a new concept. But I think certainly the way that it's evolved with Lambda and the way that other FaaS products had done eventing and things like that, is just those tight integrations and just all of the, I guess, the connective tissue that runs between those things to make sure that the events get delivered, and that you can DLQ them, and you can do all these other things with retries and stuff like that, is pretty powerful.I know you have, I actually just mentioned this on the last episode, about one of my favorite books, I think that changed my thinking and really got me thinking about how microservices communicate with one another. And that was Building Microservices by Sam Newman, which I actually said was sort of like my Bible for a couple of years, yes, I use that. So what are some of the other, like I know you have a favorite book on this.Julian: Well, that Building Microservices, Sam Newman, and I think there's a part two. I think it's part two, or there's another one ...Jeremy: Hopefully.Julian: ... in the works. I think even on O'Riley's website, you can go and see some preview copies of it. I actually haven't seen that. But yeah, I mean that is a great kind of Bible talking. And sometimes we do conflate this microservices things with a whole bunch of stuff, but if you are talking events, you're talking about separating things. But yeah, the book recommendation I have is one called Flow Architectures by James Urquhart. And James Urquhart actually works with VMware, but he's written this book which is looking sort of at the current state and also looking into the future about how does information flow through our applications and between companies and all this kind of thing.And he goes into some of the technology. When we talk about flow, we are talking about streams and we're talking about events. So streams would be, let's maybe put some AWS words around it, so streams would be something like Kinesis and events would be something like EventBridge, and topics would be SNS, and SQS would be queues. And I know we've got all these things and I wish some clever person would create the one flow service to rule them all, but we're not there. And they've got also different properties, which are helpful for different things and I know confusingly some of them merge. But James' sort of big idea is, in the future we are going to be able to moving data around between businesses, between applications. So how can we think of that as a flow? And what does that mean for designing applications and how we handle that?And Lambda is part of it, but even more nicely, I think is even some of the native integrations where you don't have to have a Lambda function. So if you've got API gateway talking to Step Functions directly, for example, well, that's even better. I mean, you don't have any code to manage and if it's certainly any code that I've written, you probably don't want to manage it. So yeah. I mean this idea of flow, Lambda's great for doing some of this moving around. But we are even evolving to be able to flow data around our applications without having to do anything and just wire up some things in a console or in a terminal.Jeremy: Right. Well, so you mentioned, someone could build the ultimate sort of flow control system or whatever. I mean, I honestly think EventBridge is very close to that. And I actually had Mike Deck on the show. I think it was like episode five. So two years ago, whenever it was when the show came out. I mean, when EventBridge came out. And we were talking and I sort of made the joke, I'm like, so this is like serverless web hooks, essentially being able, because there was the partner integrations where partners could push events onto an event bus, which they still can do. But this has evolved, right? Because the issue was always sort of like, I would have to subscribe to web books, I'd have to build a web hook to get events from a particular company. Which was great, always worked fine, but you're still maintaining that infrastructure.So EventBridge comes along, it creates these partner integrations and now you can just push an event on that now your applications, whether it's a Lambda function or other services, you can push them to an SQS queue, you can push them into a Kinesis stream, all these different destinations. You can go ahead and pull that data in and that's just there. So you don't have to worry about maintaining that infrastructure. And then, the EventBridge team went ahead and released the destination API, I think it's called.Julian: Yeah, API destinations.Jeremy: Event API destinations, right, where now you can set up these integrations with other companies, so you don't even have to make the API call yourself anymore, but instead you get all of the retries, you get the throttling, you get all that stuff kind of built in. So I mean, it's just really, really interesting where this is going. And actually, I mean, if you want to take a second to tell people about EventBridge API destinations, what that can do, because I think that now sort of creates both sides of that equation for you.Julian: It does. And I was just thinking over there, you've done a 10 times better job at explaining API destinations than I have, so you've nailed it on the head. And packet is that kind of simple. And it is just, events land up in your EventBridge and you can just pump events to any arbitrary endpoint. So it doesn't have to be in AWS, it can be on-prem. It can be to your Raspberry PI, it can literally be anywhere. But it's not just about pumping the events over there because, okay, how do we handle failover? And how do we handle over throttling? And so this is part of the extra cool goodies that came with API destinations, is that you can, for instance, if you are sending events to some external API and you only licensed for 1,000 invocations, not invocations, that could be too Lambda-ish, but 1,000 hits on the API every minute.Jeremy: Quotas. I think we call them quotas.Julian: Quotas, something like that. That's a much better term. Thank you, Jeremy. And some sort of quota, well, you can just apply that in API destinations and it'll basically store the data in the meantime in EventBridge and fire that off to the API destination. If the API destination is in that sort of throttle and if the API destination is down, well, it's going to be able to do some exponential back-off or calm down a little bit, don't over-flood this external API. And then eventually when the API does come back, it will be able to send those events. So that does just really give you excellent power rather than maintaining all these individual API endpoints yourself, and you're not handling the availability of the endpoint API, but of whatever your code is that needs to talk to that destination.Jeremy: Right. And I don't want to oversell this to anybody, but that also ...Julian: No, keep going. Keep going.Jeremy: ... adds the capability of enhanced security, because you're not exposing those API keys to your developers or anybody else, they're all baked in and stored within, the API destinations or within an EventBridge. You have the ability, you mentioned this idea of not needing Lambda to maybe talk directly, API gateway to DynamoDB or to step function or something like that. I mean, the cool thing about this is you do have translation capabilities, or transformation capabilities in EventBridge where you can transform the event. I haven't tried this, but I'm assuming it's possible to say, get an event from Salesforce and then pipe it into Stripe or some other API that you might want to pipe it into.So I mean, just that idea of having that centralized bus that can communicate with all these different things. I mean, we're talking about distributed systems here, right? So why is it different sending an event from my microservice A to my microservice B? Why can't I send it from my microservice A to company-wise, microservice B or whatever? And being able to do that in a secure, reliable, just with all of that stuff kind of built in for you, I think it's amazing. So I love EventBridge. To me EventBridge is one of those services that rivals Lambda. It's as, I guess as important as Lambda is, in this whole serverless equation.Julian: Absolutely, Jeremy. I mean, I'm just sitting here. I don't actually have to say anything. This is a brilliant interview and Jeremy, you're the expert. And you're just like laying down all of the excellent use cases. And exactly it. I mean, I like to think we've got sort of three interlinked services which do three different things, but are awesome. Lambda, we love if you need to do some processing or you need to do something that's literally your business logic. You've got EventBridge that can route data from in and out of SaaS partners to any other kind of API. And then you've got Step Functions that can do some coordination. And they all work together, but you've got three different things that really have sort of superpowers in terms of the amount of stuff you can do with it. And yes, start with them. If you land up bumping up against any kind of things that it doesn't work, well, first of all, get in touch with me, I'll work on that.But then you can maybe start thinking about, is it containers or EC2, or that kind of thing? But using literally just Lambda, Step Functions and EventBridge, okay. Yes, maybe you're going to need some queues, topics and APIs, and that kind of thing. But ...Jeremy: I was just going to say, add DynamoDB in there for some permanent state or for some data persistence. Right? Yeah. But other than that, no, I think you nailed it. Honestly, sometimes you're starting to build applications and yeah, you're right. You maybe need a queue here and there and things like that. But for the most part, no, I mean, you could build a lot with those three or four services.Julian: Yeah. Well, I mean, even think of it what you used to do before with API destinations. Maybe you drop something on a queue, you'd have Lambda pull that from a queue. You have Lambda concurrency, which would be set to five per second to then send that to an external API. If it failed going to that API, well, you've got to then dump it to Lambda destinations or to another SQS queue. You then got something ... You know, I'm going down the rabbit hole, or just put it on EventBridge ...Jeremy: You just have it magically happen.Julian: ... or we talk about removing serverless infrastructure, not normal infrastructure, and just removing even the serverless bits, which is great.Jeremy: Yeah, no. I think that's amazing. So we talked about a couple of these different services, and we talked about packaging formats and we talked about event driven applications, and all these other things. And a lot of this stuff, even though some of it may be familiar and you could probably equate it or relate it to things that developers might already know, there is still a lot of new stuff here. And I think, my biggest complaint about serverless was not about the capabilities of it, it was basically the education and the ability to get people to adopt it and understand the power behind it. So let's talk about that a little bit because ... What's that?Julian: It sounds like my job description, perfectly.Jeremy: Right. So there we go. Right, that's what you're supposed to be doing, Julian. Why aren't you doing it? No, but you are doing it. You are doing it. No, and that's why I want to talk to you about it. So you have that series on the Well-Architected Framework and we can talk about that. There's a whole bunch of really good resources on this. Obviously, you're doing videos and conferences, well, you used to be doing conferences. I think you probably still do some of those virtual ones, right? Which are not the same thing.Julian: Not quite, no.Jeremy: I mean, it was fun seeing you in Cardiff and where else were you?Julian: Yeah, Belfast.Jeremy: Cardiff and Northern Ireland.Julian: Yeah, exactly.Jeremy: Yeah, we were all over the place together.Julian: With the Guinness and all of us. It was brilliant.Jeremy: Right. So tell me a little bit about, sort of, the education process that you're trying to do. Or maybe even where you sort of see the state of Serverless education now, and just sort of where it's evolved, where we're getting best practices from, what's out there for people. And that's a really long question, but I don't know, maybe you can distill that down to something usable.Julian: No, that's quite right. I'm thinking back to my extensions explanation, which is a really long answer. So we're doing really long stuff, but that's fine. But I like to also bring this back to also thinking about the people aspect of IT. And we talk a lot about the technology and Lambda is amazing and S3 is amazing and all those kinds of things. But ultimately it is still sort of people lashing together these services and building the serverless applications, and deciding what you even need to do. And so the education is very much tied with, of course, having the products and features that do lots of kinds of things. And Serverless, there's always this lever, I suppose, between simplicity and functionality. And we are adding lots of knobs and levers and everything to Lambda to make it more feature-rich, but we've got to try and keep it simple at the same time.So there is sort of that trade-off, and of course with that, that obviously means not just the education side, but education about Lambda and serverless, but generally, how do I build applications? What do I do? And so you did mention the Well-Architected Framework. And so for people who don't know, this came out in 2015, and in 2017, there was a Serverless Lens which was added to it; what is basically serverless specific information for Well-Architected. And Well-Architected means bringing best practices to serverless applications. If you're building prod applications in the cloud, you're normally looking to build and operate them following best practices. And this is useful stuff throughout the software life cycle, it's not just at the end to tick a few boxes and go, "Yes, we've done that." So start early with the well-architected journey, it'll help you.And just sort of answer the question, am I well architected? And I mean, that is a bit of a fuzzy, what is that question? But the idea is to give you more confidence in the architecture and operations of your workloads, and that's not a goal it's in, but it's to reduce and minimize the impact of any issues that can happen. So what we do is we try and distill some of our questions and thoughts on how you could do things, and we built that into the Well-Architected Framework. And so the ServiceLens has a few questions on its operational excellence, security, reliability, performance, efficiency, and cost optimization. Excellent. I knew I was going to forget one of them and I didn't. So yeah, these are things like, how do you control access to an API? How do you do lifecycle management? How do you build resiliency into your application? All these kinds of things.And so the Well-Architected Framework with Serverless Lens there's a whole bunch of guidance to help you do that. And I have been slowly writing a blog series to literally cover all of the questions, they're nine questions in the Well-Architected Serverless Lens. And I'm about halfway through, and I had to pause because we have this little conference called re:Invent, which requires one or two slides to be created. But yeah, I'm desperately keen to pick that up again. And yeah, that's just providing some really and sort of more opinionated stuff, because the documentation is awesome and it's very in-depth and it's great when you need all that kind of stuff. But sometimes you want to know, well, okay, just tell me what to do or what do you think is best rather than these are the seven different options.Jeremy: Just tell me what to do.Julian: Yeah.Jeremy: I think that's a common question.Julian: Exactly. And I'll launch off from that to mention my colleague, James Beswick, he writes one or two things on serverless ...Jeremy: Yeah, I mean, every once in a while you see something from it. Yeah.Julian: ... every day. The Besbot machine of serverless. He's amazing. James, he's so knowledgeable and writes like a machine. He's brilliant. Yeah, I'm lucky to be on his team. So when you talk about education, I learn from him. But anyway, in a roundabout way, he's created this blog series and other series called the Lambda Operations Guide. And this is literally a whole in-depth study on how to operate Lambda. And it goes into a whole bunch of things, it's sort of linked to the Serverless Lens because there are a lot of common kind of stuff, but it's also a great read if you are more nerdily interested in Lambda than just firing off a function, just to read through it. It's written in an accessible way. And it has got a whole bunch of information on how to operate Lambda and some of the stuff under the scenes, how to work, just so you can understand it better.Jeremy: Right. Right. Yeah. And I think you mentioned this idea of confidence too. And I can tell you right now I've been writing serverless applications, well, let's see, what year is it? 2021. So I started in 2015, writing or building applications with Lambda. So I've been doing this for a while and I still get to a point every once in a while, where I'm trying to put something in cloud formation or I'm using the Serverless Framework or whatever, and you're trying to configure something and you think about, well, wait, how do I want to do this? Or is this the right way to do it? And you just have that moment where you're like, well, let me just search and see what other people are doing. And there are a lot of myths about serverless.There's as much good information is out there, there's a lot of bad information out there too. And that's something that is kind of hard to combat, but I think that maybe we could end it there. What are some of the things, the questions people are having, maybe some of the myths, maybe some of the concerns, what are those top ones that you think you could sort of ...Julian: Dispel.Jeremy: ... to tell people, dispel, yeah. That you could say, "Look, these are these aren't things to worry about. And again, go and read your blog post series, go and read James' blog post series, and you're going to get the right answers to these things."Julian: Yeah. I mean, there are misconceptions and some of them are just historical where people think the Lambda functions can only run for five minutes, they can run for 15 minutes. Lambda functions can also now run up to 10 gig of RAM. At re:Invent it was only 3 gig of RAM. That's a three times increase in Lambda functions within a three times proportional increase in CPU. So I like to say, if you had a CPU-intensive job that took 40 minutes and you couldn't run it on Lambda, you've now got three times the CPU. Maybe you can run it on Lambda and now because that would work. So yeah, some of those historical things that have just changed. We've got EFS for Lambda, that's some kind of thing you can't do state with Lambda. EFS and NFS isn't everybody's cup of tea, but that's certainly going to help some people out.And then the other big one is also cold starts. And this is an interesting one because, obviously we've sort of solved the cold start issue with connecting Lambda functions to VPC, so that's no longer an issue. And that's been a barrier for lots of people, for good reason, and that's now no longer the case. But the other thing for cold starts is interesting because, people do still get caught up at cold starts, but particularly for development because they create a Lambda function, they run it, that's a cold start and then update it and they run it and then go, oh, that's a cold start. And they don't sort of grok that the more you run your Lambda function the less cold starts you have, just because they're warm starts. And it's literally the number of Lambda functions that are running at exactly the same time will have a cold start, but then every subsequent Lambda function invocation for quite a while will be using a warm function.And so as it ramps up, we see, in the small percentages of cold starts that are actually going to happen. And when we're talking again about the container image support, that's got a whole bunch of complexity, which people are trying to understand. Hopefully, people are learning from this podcast about that as well. But also with the cold starts with that, those are huge and they're particular ways that you can construct your Lambda functions to really reduce those cold starts, and it's best practices anyway. But yeah, cold starts is also definitely one of those myths. And the other one ...Jeremy: Well, one note on cold starts too, just as something that I find to be interesting. I know that we, I even had to spend time battling with that earlier on, especially with VPC cold starts, that's all sort of gone away now, so much more efficient. The other thing is like provision concurrency. If you're using provision concurrency to get your cold starts down, I'm not even sure that's the right use for provision concurrency. I think provision concurrency is more just to make sure you have enough capacity because of the ramp-up time for Lambda. You certainly can use it for cold starts, but I don't think you need to, that's just my two cents on that.Julian: Yeah. No, that is true. And they're two different use cases for the same kind of thing. Yeah. As you say, Lambda is pretty scalable, but there is a bit of a ramp-up to get up to many, many, many, many thousands or tens of thousands of concurrent executions. And so yeah, using provision currency, you can get that up in advance. And yeah, some people do also use it for provision concurrency for getting those cold starts done. And yet that is another very valid use case, but it's only an issue for synchronous workloads as well. Anything that is synchronous you really shouldn't be carrying too much. Other than for cost perspective because it's going to take longer to run.Jeremy: Sure. Sure. I have a feeling that the last one you were going to mention, because this one bugs me quite a bit, is this idea of no ops or some people call it ops-less, which I think is kind of funny. But that's one of those things where, oh, it drives me nuts when I hear this.Julian: Yeah, exactly. And it's a frustrating thing. And I think often, sometimes when people are talking about no ops, they either have something to sell you. And sometimes what they're selling you is getting rid of something, which never is the case. It's not as though we develop serverless applications and we can then get rid of half of our development team, it just doesn't work like that. And it's crazy, in fact. And when I was talking about the people aspect of IT, this is a super important thing. And me coming from an infrastructure background, everybody is dying in their jobs to do more meaningful work and to do more interesting things and have the agility to try those experiments or try something else. Or do something that's better or even improve the way your build or improve the way your CI/CD pipeline runs or anything, rather than just having to do a lot of work in the lower levels.And this is what serverless really helps you do, is to be able to, we'll take over a whole lot of the ops for you, but it's not all of the ops, because in a way there's never an end to ops. Because you can always do stuff better. And it's not just the operations of deploying Lambda functions and limits and all that kind of thing. But I mean, think of observability and not knowing just about your application, but knowing about your business. Think of if you had the time that you weren't just monitoring function invocations and monitoring how long things were happening, but imagine if you were able to pull together dashboards of exactly what each transaction costs as it flows through your whole entire application. Think of the benefit of that to your business, or think of the benefit that in real-time, even if it's on Lambda function usage or something, you can say, "Well, oh, there's an immediate drop-off or pick-up in one region in the world or one particular application." You can spot that immediately. That kind of stuff, you just haven't had time to play with to actually build.But if we can take over some of the operational stuff with you and run one or two or trillions of Lambda functions in the background, just to keep this all ticking along nicely, you're always going to have an opportunity to do more ops. But I think the exciting bit is that ops is not just IT infrastructure, plumbing ops, but you can start even doing even better business ops where you can have more business visibility and more cool stuff for your business because we're not writing apps just for funsies.Jeremy: Right. Right. And I think that's probably maybe a good way to describe serverless, is it allows you to focus on more meaningful work and more meaningful tasks maybe. Or maybe not more meaningful, but more impactful on the business. Anyways, Julian, listen, this was a great conversation. I appreciate it. I appreciate the work that you're doing over at AWS ...Julian: Thank you.Jeremy: ... and the stuff that you're doing. And I hope that there will be a conference soon that we will be able to attend together ...Julian: I hope so too.Jeremy: ... maybe grab a drink. So if people want to get a hold of you or find out more about serverless and what AWS is doing with that, how do they do that?Julian: Yeah, absolutely. Well, please get hold of me anytime on Twitter, is the easiest way probably, julian_wood. Happy to answer your question about anything Serverless or Lambda. And if I don't know the answer, I'll always ask Jeremy, so you're covered twice over there. And then, three different things. James is, if you're talking specifically Lambda, James Beswick's operations guide, have a look at that. Just so much nuggets of super information. We've got another thing we did just sort of jump around, you were talking about cloud formation and the spark was going off in my head. We have something which we're calling the Serverless Patterns Collection, and this is really super cool. We didn't quite get to talk about it, but if you're building applications using SAM or serverless application model, or using the CDK, so either way, we've got a whole bunch of patterns which you can grab.So if you're pulling something from S3 to Lambda, or from Lambda to EventBridge, or SNS to SQS with a filter, all these kind of things, they're literally copy and paste patterns that you can put immediately into your cloud formation or your CDK templates. So when you are down the rabbit hole of Hacker News or Reddit or Stack Overflow, this is another resource that you can use to copy and paste. So go for that. And that's all hosted on our cool site called serverlessland.com. So that's serverlessland.com and that's an aggregation site that we run because we've got video talks, and we've got blog posts, and we've got learning path series, and we've got a whole bunch of stuff. Personally, I've got a learning path series coming out shortly on Lambda extensions and also one on Lambda observability. There's one coming out shortly on container image supports. And our team is talking all over as many things as we can virtually. I'm actually speaking about container images of DockerCon, which is coming up, which is exciting.And yeah, so serverlessland.com, that's got a whole bunch of information. That's just an easy one-stop-shop where you can get as much information about AWS services as you can. And if not yet, get in touch, I'm happy to help. I'm happy to also carry your feedback. And yeah, at the moment, just inside, we're sort of doing our planning for the next cycle of what Lambda and what all the service stuff we're going to do. So if you've got an awesome idea, please send it on. And I'm sure you'll be super excited when something pops out in the near issue, maybe just in future for a cool new functionality you could have been involved in.Jeremy: Well, I know that serverlessland.com is an excellent resource, and it's not that the AWS Compute blog is hard to parse through or anything, but serverlessland.com is certainly a much easier resource to get there. S
Justin and Jonathan kick off this week's episode of The Cloud Pod by themselves, Peter joins the party late because he's been fighting dinosaurs and Ryan is unable to attend as he can't move from under the weight of the kitten on his lap. A big thanks to this week's sponsors: Foghorn Consulting, which provides full-stack cloud solutions with a focus on strategy, planning and execution for enterprises seeking to take advantage of the transformative capabilities of AWS, Google Cloud and Azure. This week's highlights Amazon will find any excuse to use GIFs just like the rest of us. Google has given Cardi B a headstart on a theme song for its new product. Azure sent the wedding invites out late but still expects you to show up. Amazon Web Services: Cheaper Than Healthcare Amazon RDS on VMWare no longer requires the use of a VPN tunnel back to AWS. Still cheaper than paying for healthcare. Amazon Elasticsearch Service announces support for Asynchronous Search. This is really cool! Amazon EC2 now allows you to replace the root volume for a running instance. There are some great use cases for this. Red Hat Enterprise Linux with High Availability is now available on Amazon EC2. Good to see IBM isn't throwing up barriers. AWS is releasing the new Amazon FSx File Gateway. Hopefully this is easy to implement. AWS announces moving graphs for CloudWatch Dashboards. Also known as GIFs for CloudWatch. Google Cloud Platform: Closet Fans of Cardi B Google announces PHP, a general purpose programming language, is now on Cloud Functions. Visit thecloudpod.net to see a live example of PHP, also known as the WordPress platform we built our website on. GCP is launching Web App and API Protection (WAAP), which provides comprehensive threat protection for web apps and APIs. Do not confuse this with the Cardi B song. Google has made the Doc AI solutions generally available. If you've sent a fax lately, you know how expensive it is. Google announces new multi-instance NVIDIA GPU on the Google Kubernetes Engine. What a massive risk for the tech industry — having one company that manufactures all the chips. Azure: Short Notice Microsoft brings Azure supercomputing to the UK Met Office. Supercomputers and the Cloud are finally colliding. Microsoft is joining the Redhat Summit this week to announce several new RHEL capabilities for Azure. It did a terrible job of giving us the heads up about this event. TCP Lightning Round Justin takes the win and this week's point with an easy dig at information security, leaving scores at Justin (7), Ryan (3), Jonathan (6). Other headlines mentioned: AWS Ground Station now supports data delivery to Amazon S3 AWS Cost Categories introduces a details page AWS Secrets Manager Delivers Provider for Kubernetes Secrets Store CSI Driver AWS Systems Manager OpsCenter and Explorer now integrate with AWS Security Hub for diagnosis and remediation of security findings AWS Nitro Enclaves now supports Windows operating system AWS Cloud9 now supports Amazon Linux 2 environments Google Cloud Spanner launches customer-managed encryption keys and Access Approval Things Coming Up Announcing Google Cloud 2021 Summits [frequently updated] Save the date: AWS Containers events in May AWS Regional Summits — May 10–19 AWS Summit Online Americas — May 12–13 Microsoft Build — May 19–21 (Digital) Google Financial Services Summit — May 27th Harness Unscripted Conference — June 16–17 Google Cloud Next — Not announced yet (one site says Moscone is reserved June 28–30) Google Cloud Next 2021 — October 12–14, 2021 AWS re:Invent — November 29–December 3 — Las Vegas Oracle Open World (no details yet)
最新情報を "ながら" でキャッチアップ! ラジオ感覚放送 「毎日AWS」 おはようございます、金曜日担当パーソナリティの菅谷です。 今日は 04/22 に出たアップデートをピックアップしてご紹介。 感想は Twitter にて「#サバワ」をつけて投稿してください! ■ トークスクリプト 【AWSアプデ 04/22】AWS Cloud9 が Amazon Linux 2 で起動できるように 他6件【#毎日AWS #187 】 ■ UPDATE PICKUP AWS Cloud9 が Amazon Linux 2 で起動できるように AWS パートナーと統合した Amazon Redshift native console が一般提供開始 Amazon Elasticsearch Service が Elasticsearch ver 7.10 をサポート Amazon Elasticsearch Service が Asynchronous Search をサポート Amazon RDS on VMware のネットワーキング要件が簡素化 AWS Toolkit for Visual Studio が 新しい認証情報でのロール引き受け を複数サポート AWS Ground Station が Amazon S3 へのデータ配信をサポート ■ サーバーワークスSNS Twitter / Facebook ■ サーバーワークスブログ サーバーワークスエンジニアブログ
In this month's episode where we tell you what AWS released since re:Invent, Guy gets to talk a fair bit about IoT, JM just wants to remind everyone of various things, and Arjen suffers from some sleep deprivation. What's New Finally in Sydney PartiQL for DynamoDB now is supported in 23 AWS Regions AWS Network Firewall is now available in the Asia Pacific (Sydney) Region Amazon Rekognition Custom Labels is now available in the Asia Pacific (Singapore), Asia Pacific (Sydney), Asia Pacific (Seoul), and Asia Pacific (Tokyo) AWS Regions Announcing new Amazon EC2 T4g instances powered by AWS Graviton2 processors along with a T4g free trial in Asia Pacific (Sydney, Singapore), Europe (London), North Americas (Canada Central, San Francisco), and South Americas (Sao Paulo) regions Serverless Lambda AWS Compute Optimizer Now Delivers Recommendations For AWS Lambda Functions AWS Lambda now makes it easier to build analytics for Amazon Kinesis and Amazon DynamoDB Streams AWS Lambda now supports self-managed Apache Kafka as an event source AWS Lambda launches checkpointing for Amazon Kinesis and Amazon DynamoDB Streams AWS Lambda now supports SASL/SCRAM authentication for functions triggered from Amazon MSK API Gateway Amazon API Gateway now supports data mapping in HTTP APIs Containers Monitoring Join the Preview – Amazon Managed Service for Prometheus (AMP) | AWS News Blog Announcing Amazon Managed Service for Grafana (in Preview) | AWS News Blog Amazon CloudWatch now adds Fluent Bit support for container logs from Amazon EKS and Kubernetes General EC2 Image Builder now supports container images ECS Amazon ECS announces the general availability of ECS Deployment Circuit Breaker Amazon Elastic Container Service launches new management console Amazon ECS now supports VPC Endpoint policies Amazon ECS announces increased service quotas for tasks per service and services per cluster EKS AWS Load Balancer Controller version 2.1 now available with support for additional ELB configurations EC2 & VPC Instances Announcing new Amazon EC2 C6gn instances powered by AWS Graviton2 processors with 100 Gbps networking Amazon EC2 Auto Scaling now allows to define 40 instance types when defining Mixed Instances Policy EBS Multi-Attach support now available on Amazon EBS Provisioned IOPS volume type, io2 Amazon Data Lifecycle Manager now automates copying EBS snapshots across accounts Networking Amazon Virtual Private Cloud (VPC) Now supports Tag on Create for Elastic IP addresses Amazon EC2 API now supports Internet Protocol Version 6 (IPv6) Lightsail Amazon Lightsail now supports IPv6 Dev & Ops Dev AWS SDK for Go version 2 is now generally available AWS SDK for JavaScript version 3 is now generally available Porting Assistant for .NET supports automated code translation Announcing the General Availability of Amazon Corretto 11 for Linux on ARM32 and for Windows on x86 (32-bit) AWS App2Container now supports remote execution of containerization workflows AWS CodePipeline supports deployments with CloudFormation StackSets Announcing CDK Support for AWS Chalice Ops Introducing AWS Systems Manager Change Manager | AWS News Blog New – AWS Systems Manager Consolidates Application Management | AWS News Blog Introducing AWS Systems Manager Fleet Manager Security AWS Single Sign-On now supports Microsoft Active Directory (AD) synchronization Announcing Amazon Route 53 support for DNSSEC AWS Config launches ability to save advanced queries Amazon GuardDuty adds three new threat detections to help you better protect your data stored in Amazon S3 Amazon Cognito Identity Pools enables using user attributes from identity providers for access control to simplify permissions management in AWS AWS Certificate Manager Private Certificate Authority now supports additional certificate customization Amazon Detective enhances IP Address Analytics Data storage & processing AWS Glue launches AWS Glue Custom Connectors Amazon CloudSearch announces updates to its search instances New – AWS Transfer Family support for Amazon Elastic File System | AWS News Blog Achieve faster database failover with Amazon Web Services MySQL JDBC Driver - now in preview Amazon Aurora supports in-place upgrades from MySQL 5.6 to 5.7 Amazon Aurora supports PostgreSQL 12 Amazon Keyspaces (for Apache Cassandra) now supports JSON syntax to help you read and write data from other systems more easily AI & ML Introducing Amazon SageMaker ml.P4d instances for highest performance ML training in the cloud IoT New – AWS IoT Core for LoRaWAN to Connect, Manage, and Secure LoRaWAN Devices at Scale | AWS News Blog Announcing AWS IoT Greengrass 2.0 – With an Open Source Edge Runtime and New Developer Capabilities | AWS News Blog Announcing AWS IoT SiteWise Edge (Preview), a new capability of AWS IoT SiteWise to collect, process, and monitor industrial equipment data on-premises Announcing support for Alarms (Preview) in AWS IoT Events and AWS IoT SiteWise Introducing AWS IoT SiteWise plugin for Grafana AWS IoT Core Device Advisor now available in preview AWS IoT Core adds the ability to deliver data to Apache Kafka clusters AWS IoT SiteWise launches support for Modbus TCP and EtherNet/IP protocols with enhancements to OPC-UA data ingestion Introducing AWS IoT EduKit Announcing AWS IoT Device Defender ML Detect public preview Announcing date and time functions and timezone support in AWS IoT SiteWise Other Cool Stuff Policy Stepping up for a truly open source Elasticsearch | AWS Open Source Blog Services AWS CloudShell – Command-Line Access to AWS Resources | AWS News Blog Amazon Location – Add Maps and Location Awareness to Your Applications | AWS News Blog AWS Cost Anomaly Detection is now generally available Features APIs now available for the AWS Well-Architected Tool Cost & Usage Report Now Available to Member (Linked) Accounts Announcing the availability of AWS Outposts Private Connectivity Amazon Managed Blockchain now supports Ethereum (Preview) AWS Snow Family now supports the Amazon Linux 2 operating system Service Quotas now supports tagging and Attribute-Based Access Control (ABAC) Amazon Lex Introduces an Enhanced Console Experience and New V2 APIs | AWS News Blog SQS Amazon SQS Now Supports a High Throughput Mode for FIFO Queues (Preview) Amazon SQS announces tiered pricing Control Tower region AWS Control Tower now extends governance to existing OUs in your AWS Organizations AWS Control Tower now provides bulk account update The Nanos Amazon Aurora supports in-place upgrades from PostgreSQL 11 to 12 Announcing the General Availability of Amazon Corretto 11 for Linux on ARM32 and for Windows on x86 (32-bit) Amazon Lightsail now supports IPv6 Amazon Virtual Private Cloud (VPC) Now supports Tag on Create for Elastic IP addresses Sponsors Gold Sponsor Innablr Silver Sponsors AC3 CMD Solutions DoIT International
re:Invent arrived, and with it came a lot of announcements. Some meh, some good, some great. In this episode Arjen, Jean-Manuel, Guy, and special guest star Rob will do their best to make sense of it. Or maybe they just make it more confusing? Who knows? Our brains can't really handle the number of announcements. Which is probably also why it took far too long to edit this episode. What's New Finally in ANZ In the Works – AWS Region in Melbourne, Australia | AWS News Blog Amazon EMR now provides up to 30% lower cost and up to 15% improved performance for Spark workloads on Graviton2-based instances Amazon Aurora Serverless v1 with PostgreSQL compatibility now available in eight additional regions Amazon SageMaker Studio is now expanded to AWS regions worldwide Serverless Lambda New for AWS Lambda – 1ms Billing Granularity Adds Cost Savings | AWS News Blog New for AWS Lambda – Functions with Up to 10 GB of Memory and 6 vCPUs | AWS News Blog New for AWS Lambda – Container Image Support | AWS News Blog Using Amazon CloudWatch Lambda Insights to Improve Operational Visibility | AWS News Blog AWS Lambda now supports batch windows of up to 5 minutes for functions with Amazon SQS as an event source AWS Lambda now supports Advanced Vector Extensions 2 (AVX2) Announcing Code Signing, a trust and integrity control for AWS Lambda EventBridge AWS Systems Manager Change Calendar integrates with Amazon EventBridge to enable automated actions based on calendar state changes Amazon EventBridge adds Server-Side Encryption (SSE) and increases default quotas Step Functions Amazon API Gateway now supports integration with Step Functions StartSyncExecution for HTTP APIs AWS Step Functions now supports Synchronous Express Workflows Amplify AWS Amplify announces new Admin UI Containers ECR Amazon Elastic Container Registry Public: A New Public Container Registry | AWS News Blog Amazon ECR announces cross region replication of images Fargate New – Fully Serverless Batch Computing with AWS Batch Support for AWS Fargate | AWS News Blog ECS Introducing Amazon ECS Anywhere | Containers Amazon ECS Announces the Preview of ECS Deployment Circuit Breaker Amazon ECS Cluster Auto Scaling now supports specifying a custom instance warm-up time Amazon ECS Capacity Providers Now Support Update Functionality Amazon ECS adds support for P4d instance types Amazon ECS Cluster Auto Scaling now offers more responsive scaling AWS Copilot CLI is now Generally Available EKS Amazon EKS Anywhere – Amazon Web Services Amazon EKS Distro: The Kubernetes Distribution Used by Amazon EKS | AWS News Blog Simplify running Apache Spark jobs with Amazon EMR on Amazon EKS Amazon EKS simplifies installation and management for Kubernetes cluster add-ons Amazon EKS adds built-in logging support for AWS Fargate Amazon EKS adds support for EC2 Spot Instances in managed node groups Amazon EKS Console Now Includes Kubernetes Resources to Simplify Cluster Management EC2 & VPC EBS New – Amazon EBS gp3 Volume Lets You Provision Performance Apart From Capacity | AWS News Blog Now in Preview – Larger & Faster io2 Block Express EBS Volumes with Higher Throughput | AWS News Blog AWS announces tiered pricing for input/output operations per second (IOPS) charges for Amazon Elastic Block Store (EBS) io2 volume, reducing the cost of provisioning peak IOPS by 15% Amazon EBS reduces the minimum volume size of Throughput Optimized HDD and Cold HDD Volumes by 75% AWS Compute Optimizer now supports Amazon EBS volume recommendations Instance Types New – Use Amazon EC2 Mac Instances to Build & Test macOS, iOS, iPadOS, tvOS, and watchOS Apps | AWS News Blog New EC2 M5zn Instances – Fastest Intel Xeon Scalable CPU in the Cloud | AWS News Blog Coming Soon – Amazon EC2 G4ad Instances Featuring AMD GPUs for Graphics Workloads | AWS News Blog Coming Soon – EC2 C6gn Instances – 100 Gbps Networking with AWS Graviton2 Processors | AWS News Blog EC2 Update – D3 / D3en Dense Storage Instances | AWS News Blog New – Amazon EC2 R5b Instances Provide 3x Higher EBS Performance | AWS News Blog Other EC2 Amazon Machine Images (AMIs) now support tag-on-create and tag-based access control Amazon EC2 Auto Scaling now supports attaching multiple network interfaces at launch AWS Announcing Windows Server version 20H2 AMIs for Amazon EC2 Simplify EC2 provisioning and viewing cloud resources in the ServiceNow CMDB with AWS Service Management Connector for ServiceNow Networking New – VPC Reachability Analyzer | AWS News Blog Introducing AWS Transit Gateway Connect to simplify SD-WAN branch connectivity AWS Global Accelerator launches custom routing Dev & Ops New services Preview: AWS Proton – Automated Management for Container and Serverless Deployments | AWS News Blog AWS announces Amazon DevOps Guru in Preview, an ML-powered cloud operations service to improve application availability for AWS workloads Preview: Amazon Lookout for Metrics, an Anomaly Detection Service for Monitoring the Health of Your Business | AWS News Blog Code New for Amazon CodeGuru – Python Support, Security Detectors, and Memory Profiling | AWS News Blog Amazon CodeGuru Reviewer announces Security Detectors to help improve code security Amazon CodeGuru Profiler adds Memory Profiling and Heap Summary Amazon CodeGuru Reviewer announces CodeQuality Detector to help manage technical debt and codebase maintainability AWS CodeArtifact now supports NuGet Tools AWS IDE Toolkit now available for AWS Cloud9 Porting Assistant for .NET adds support for .NET 5 Other Announcing Modules for AWS CloudFormation Amazon CloudWatch Synthetics now supports canary scripts in Python with Selenium framework AWS Systems Manager now supports Amazon Virtual Private Cloud (Amazon VPC) endpoint policies Security New services AWS Audit Manager Simplifies Audit Preparation | AWS News Blog SSO New – Attribute-Based Access Control with AWS Single Sign-On | AWS News Blog AWS Single Sign-On enables administrators to require users to set up MFA devices during sign-in AWS Single Sign-On adds Web Authentication (WebAuthn) support for user authentication with security keys and built-in biometric authenticators Other AWS CloudTrail provides more granular control of data event logging through advanced event selectors AWS Security Hub adds open source tool integrations with Kube-bench and Cloud Custodian AWS Transfer Family supports AWS WAF for identity provider integrations AWS Secrets Manager now supports 5000 requests per second for the GetSecretValue API operation Data Storage & Processing Aurora Introducing the next version of Amazon Aurora Serverless in preview Introducing Amazon Aurora R6g instance types, powered by AWS Graviton2 processors, in preview (includes Sydney) Babelfish for Amazon Aurora PostgreSQL is Available for Preview Amazon Aurora PostgreSQL Integrates with AWS Lambda RDS Amazon RDS for Oracle supports managed disaster recovery (DR) with Amazon RDS Cross-Region Automated Backups PostgreSQL 13 now available in Amazon RDS Database preview environment Lakes Amazon HealthLake Stores, Transforms, and Analyzes Health Data in the Cloud | AWS News Blog Announcing preview of AWS Lake Formation features: Transactions, Row-level Security, and Acceleration S3 New – Amazon S3 Replication Adds Support for Multiple Destination Buckets | AWS News Blog Amazon S3 Update – Strong Read-After-Write Consistency | AWS News Blog Amazon S3 Replication adds support for multiple destinations in the same, or different AWS Regions Amazon S3 now delivers strong read-after-write consistency automatically for all applications Amazon S3 Bucket Keys reduce the costs of Server-Side Encryption with AWS Key Management Service (SSE-KMS) Amazon S3 Replication adds support for two-way replication EMR Amazon EMR Studio makes it easier for data scientists to build and deploy code Redshift AWS announces AQUA for Amazon Redshift (preview) Amazon Redshift introduces data sharing (preview) Amazon Redshift launches RA3.xlplus nodes with managed storage Amazon Redshift announces Automatic Table Optimization Amazon Redshift now includes Amazon RDS for MySQL and Amazon Aurora MySQL databases as new data sources for federated querying (Preview) Amazon Redshift launches the ability to easily move clusters between AWS Availability Zones (AZs) DynamoDB You now can use Amazon DynamoDB with AWS Glue Elastic Views to combine and replicate data across multiple data stores by using SQL – available in limited preview You now can use a SQL-compatible query language to query, insert, update, and delete table data in Amazon DynamoDB Glue Announcing Amazon Elasticsearch Service support for AWS Glue Elastic Views Announcing AWS Glue Elastic Views Preview AWS Glue now supports workload partitioning to further improve the reliability of Spark applications Other Amazon FSx for Lustre now enables you to grow storage on your file systems with the click of a button Introducing Amazon Managed Workflows for Apache Airflow (MWAA) AI & ML Sagemaker :allthethings: Amazon SageMaker Simplifies Training Deep Learning Models With Billions of Parameters | AWS News Blog Amazon SageMaker JumpStart Simplifies Access to Pre-built Models and Machine Learning Solutions | AWS News Blog New – Store, Discover, and Share Machine Learning Features with Amazon SageMaker Feature Store | AWS News Blog New – Profile Your Machine Learning Training Jobs With Amazon SageMaker Debugger | AWS News Blog New – Amazon SageMaker Pipelines Brings DevOps Capabilities to your Machine Learning Projects | AWS News Blog Amazon SageMaker Edge Manager Simplifies Operating Machine Learning Models on Edge Devices | AWS News Blog New – Managed Data Parallelism in Amazon SageMaker Simplifies Training on Large Datasets | AWS News Blog Introducing Amazon SageMaker Data Wrangler, a Visual Interface to Prepare Data for Machine Learning | AWS News Blog Amazon SageMaker JumpStart Simplifies Access to Pre-built Models and Machine Learning Solutions | AWS News Blog New – Amazon SageMaker Clarify Detects Bias and Increases the Transparency of Machine Learning Models | AWS News Blog Amazon SageMaker Model Monitor now supports new capabilities to maintain model quality in production Introducing two new libraries for managed distributed training on Amazon SageMaker Edge New – Amazon Lookout for Equipment Analyzes Sensor Data to Help Detect Equipment Failure | AWS News Blog Amazon Lookout for Vision – New ML Service Simplifies Defect Detection for Manufacturing | AWS News Blog AWS Panorama Appliance: Bringing Computer Vision Applications to the Edge | AWS News Blog Introducing Amazon Monitron, an end-to-end system to detect abnormal equipment behavior AI Services Amazon Kendra adds Google Drive connector Amazon Kendra launches incremental learning Amazon Kendra launches connector library Announcing Amazon Forecast Weather Index – automatically include local weather to increase your forecasting model accuracy Added ML Amazon announces Amazon Neptune ML: easy, fast, and accurate predictions for graphs AWS announces Amazon Redshift ML (preview) Other Cool Stuff Regions/Zones Announcing new AWS Wavelength Zone in Las Vegas Announcing Preview of AWS Local Zones in Boston, Houston, and Miami Braket PennyLane on Braket + Progress Toward Fault-Tolerant Quantum Computing + Tensor Network Simulator | AWS News Blog Amazon Braket tensor network simulator supports 50-qubit quantum circuits Amazon Braket now supports manual qubit allocation Connect Contact Lens for Amazon Connect launches real-time contact center analytics to detect customer issues on live calls Amazon Connect Wisdom provides contact center agents the information they need to quickly solve customer issues Amazon Connect Customer Profiles for a unified view of your customers to provide more personalized service Amazon Connect Voice ID provides real-time caller authentication for more secure calls Amazon Connect Tasks makes it easy to prioritize, assign, track, and automate contact center agent tasks Amazon Connect Chat now supports Apple Business Chat (Preview) Quicksight Introducing Amazon QuickSight Q: ask questions about your data and get answers in seconds Amazon QuickSight launches new session capacity pricing options, embedding without user management and a developer portal for embedded analytics Other Announcing Unified Search in the AWS Management Console Amazon WorkSpaces Streaming Protocol now Generally Available New – SaaS Lens in AWS Well-Architected Tool | AWS News Blog The Amazon Chime SDK now supports messaging AWS Batch now has integrated Amazon Linux 2 support Nanos Amazon WorkDocs now supports Dark Mode on Android Sponsors Gold Sponsor Innablr Silver Sponsors AC3 CMD Solutions DoIT International
5.3 release processSwift for Linux distrosAWS lambda RuntimeSwift Service LifecycleSwift Cluster membershipProposals accepted/implemented in 5.3Commit history for Swift 5.3 branchMike Ash's perf PRHacking with Swift What’s New in Swift 5.3
July was a busy month with many (small) releases, and even an announcement about re:Invent! So it's up to Arjen, Jean-Manuel, and Guy to try to make sense of it all. The News Finally in Sydney AWS IoT Analytics is now available in the Sydney AWS Region AWS Snowball Edge Compute Optimized is now available in 11 additional AWS Regions AWS Secrets Manager has been IRAP assessed and accepted for PROTECTED level Serverless Amazon RDS Proxy – Now Generally Available | AWS News Blog Announcing AWS Serverless Application Model (SAM) CLI now generally available for production use Amplify CLI adds support for Lambda layers to easily share code assets across Lambda functions Amazon Athena adds support for Partition Projection Containers AWS App2Container – A New Containerizing Tool for Java and .NET Applications | AWS News Blog Amazon ECS announces AWS Copilot, a new CLI to deploy and operate containers in AWS Docker and AWS collaborate to help deploy applications to Amazon ECS on AWS Fargate Amazon EKS now supports Kubernetes version 1.17 AWS App Mesh launches ingress support with virtual gateways Introducing Ingress support in AWS App Mesh | Containers (detailed blogpost) Amazon EFS CSI Driver is now generally available Amazon ECS announces increased service quotas Fluent bit container logs to Elastcsearch ECR now supports encryption of images using AWS KMS keys EC2 & VPC Kernel Live Patching for Amazon Linux 2 is now generally available Introducing EC2 Launch v2 to simplify customizing Windows instances AWS Transit Gateway now supports more granular CloudWatch Metrics for improved network monitoring EC2 Image Builder can now produce and distribute encrypted AMIs EC2 Image Builder can now stream logs to CloudWatch Announcing Amazon CloudWatch metrics for Amazon EC2 On-Demand Capacity Reservations AWS Global Accelerator launches One-Click Acceleration for Application Load Balancers Amazon VPC Resources Now Support Tag on Create New – Amazon EC2 Instances based on AWS Graviton2 with local NVMe-based SSD storage | AWS News Blog Amazon Lightsail now offers cPanel WHM instance blueprint AWS Cloud Map simplifies Amazon EC2 instance registration Dev & Ops Find Your Most Expensive Lines of Code – Amazon CodeGuru Is Now Generally Available | AWS News Blog Announcing the Porting Assistant for .NET | AWS News Blog AWS CodeDeploy now enables automated installation and scheduled updates of the CodeDeploy Agent Announcing CDK Pipelines Preview, continuous delivery for AWS CDK applications CDK Pipelines: Continuous delivery for AWS CDK applications | AWS Developer Blog (detailed blogpost) CDK for Terraform: Enabling Python & TypeScript Support AWS CodeBuild now supports accessing Build Environments with AWS Session Manager AWS CodeBuild supports code coverage reporting AWS CodeBuild now supports parallel and coordinated executions of a build project Amazon S3 features now available in the AWS Toolkits for Visual Studio Code Security Amazon Fraud Detector is now Generally Available | AWS News Blog Easily manage your content policies for AI services with AWS Organizations AWS Firewall Manager launches managed rules to audit VPC security groups AWS WAF Security Automations now supports WAFv2 API AWS Config Launches 28 Additional Managed rules AWS Secrets Manager now enables you to attach resource-based policies to secrets from the AWS Secrets Manager console and uses Zelkova to validate these policies Identify, arrange, and manage secrets easily using enhanced search in AWS Secrets Manager Amazon CloudFront announces new TLS1.2 security policy for viewer connections Amazon Detective enhances VPC flow visibility Now gain longer access to your AWS resources when switching roles in the AWS Management Console Amazon MQ Adds Support for LDAP Authentication And Authorization AWS Security Hub launches new automated security controls AWS Firewall Manager now supports centralized logging of AWS WAF logs Storage & Databases Amazon Elastic File System increases file system minimum throughput Amazon DocumentDB (with MongoDB compatibility) now supports T3 medium instances AWS Storage Gateway simplifies cache management for File Gateway AWS Storage Gateway increases local cache storage by 4x for File Gateway Amazon RDS Application Programming Interface supports AWS PrivateLink Amazon Keyspaces now enables you to back up your table data continuously by using point-in-time-recovery (PITR) Create Snapshots From Any Block Storage Using EBS Direct APIs | AWS News Blog Amazon DocumentDB (with MongoDB compatibility) adds support for cross-region snapshot copy Announcing automatic backups for Amazon Elastic File System New Amazon Elastic File System console simplifies file system creation and management Amazon EBS Fast Snapshot Restore for Shared EBS Snapshots | AWS News Blog Amazon Elastic File System increases per-client throughput by 100% Amazon Elasticsearch Service now supports Learning to Rank to improve search relevancy ranking AWS DataSync adds support for on-premises object storage | AWS News Blog HTTP compression support now available in Amazon Elasticsearch Service Amazon RDS for SQL Server lowers the cost for High Availability DB Instances AWS Database Migration Service now supports enhanced premigration assessments Amazon Kinesis Data Firehose now supports data delivery to New Relic, Datadog, HTTP endpoints, and MongoDB Cloud AI & ML AWS DeepRacer Evo and Sensor Kit now available for purchase Amazon Comprehend Medical adds relationship extraction to medical condition Amazon Personalize adds improved handling of missing metadata Amazon EMR now supports encrypting log files using Customer-managed CMKs in AWS Key Management Service (KMS) Amazon Forecast now supports generating predictions for 10X more items Amazon EMR now supports Managed Scaling – automatically resizing clusters to lower cost New – Label Videos with Amazon SageMaker Ground Truth | AWS News Blog Announcing AWS PrivateLink Support for Amazon Kendra AWS RoboMaker releases rosbag upload cloud extension for Robot Operating System (ROS) Amazon Comprehend launches real time Custom Entity Recognition Amazon Forecast now supports resource tagging Amazon EMR now supports Amazon EC2 G4 Instances which provides up to 4.5X faster and 5.4X cheaper XGBoost Training Amazon SageMaker Ground Truth and Amazon Augmented AI add support for OpenID Connect (OIDC) authentication of private workers Amazon Translate now supports Office documents | AWS News Blog Other cool stuff New – Create Amazon RDS DB Instances on AWS Outposts | AWS News Blog Announcing the New AWS Community Builders Program! | AWS News Blog AWS IoT SiteWise – Now Generally Available | AWS News Blog Amazon Interactive Video Service – Add Live Video to Your Apps and Websites | AWS News Blog Contact Lens for Amazon Connect is now generally available Recording of the Connect/Contact Lens talk by Rian Brooks-Kane at the User Group (starts around 50 minutes) AWS IoT Core now supports multiple shadows for a single IoT device Amazon Connect allows you to continue engaging with your customer after an agent hangs-up Amazon Chime SDK supports audio and video calling from mobile browsers AWS Marketplace now offers integrated third-party software solutions for AWS Control Tower Updates to the AWS Well-Architected Framework and the AWS Well-Architected Tool Amazon Connect adds call recording APIs Introducing AWS Purchase Order Management (Preview) Sponsors Gold Sponsor Innablr Silver Sponsors AC3 CMD Solutions DoIT International
AWS had a number of big and small announcements in June again, and Arjen is joined by Jean-Manuel and Guy to talk about these. They'll cover it all from codeless programming tools to busting charts. The News Finally in Sydney ANZ Find your most expensive lines of code and improve code quality with Amazon CodeGuru - now generally available Announcing availability of AWS Outposts in nine additional countries in Africa, Asia Pacific, Latin America, and Middle East Serverless AWS Lambda support for Amazon Elastic File System now generally available Amazon API Gateway allows subprotocols on a WebSocket API connection AWS Amplify Console now supports deploying and hosting web apps managed in monorepos Swift Lambda support (Apple supported through WWDC sessions) Amplify Console adds support for automatically creating and deleting custom sub-domains for every branch deployment Containers Amazon EKS now Supports EC2 Inf1 Instances AWS App Mesh introduces timeout configuration support Amazon ECS Capacity Providers Now Support Delete Functionality Amazon Corretto for Alpine Linux now in preview AWS App Mesh controller for Kubernetes is now generally available EC2 & VPC AWS Direct Connect enables Failover Testing Now Available, Amazon EC2 C5a instances featuring 2nd Generation AMD EPYC Processors Announcing the General Availability of Amazon EC2 G4dn Bare Metal Instances - GPU instances with up to 8 NVIDIA T4 GPUs Amazon EC2 C6g and R6g instances powered by AWS Graviton2 processors are now generally available Amazon EC2 Auto Scaling now supports Instance Refresh within Auto Scaling Groups ELB lifecycle events now available with Amazon ECS services registered with multiple target groups AWS Elastic Beanstalk Announces .NET Core on Linux Platform Amazon Virtual Private Cloud (VPC) customers can now use their own Prefix Lists to simplify the configuration of security groups and route tables Kernel Live Patching for Amazon Linux 2 is now generally available Security AWS Config Supports 9 New Managed Rules AWS Shield Advanced now supports proactive response to events Amazon Aurora Snapshots can be managed via AWS Backup AWS Transfer Family enables Source IP as a factor for authorization AWS Certificate Manager Extends Automation of Certificate Issuance Via CloudFormation AWS Backup and AWS Organizations bring cross-account data protection management and monitoring Dev & Ops Software Package Management with AWS CodeArtifact | AWS News Blog Announcing Amazon Honeycode Introducing AWS CloudFormation Guard (Preview) – a new open-source CLI for infrastructure compliance AWS CloudFormation Resource Import now supports CloudFormation Registry types EC2 Image Builder now supports connectivity through AWS PrivateLink AWS CodeCommit now supports Emoji Reactions to Comments AWS CodePipeline Supports AWS AppConfig as a New Deploy Action type Databases Amazon Aurora Global Database supports read replica write forwarding AWS Data Migration Service now supports copying graph data from relational sources to Amazon Neptune Announcing Amazon Aurora Serverless with MySQL 5.7 compatibility Amazon FSx for Windows File Server now enables you to grow storage and to scale performance on your file systems Announcing storage controls for schemas in Amazon Redshift Database Activity Streams now available for Aurora with MySQL compatibility Amazon Aurora with PostgreSQL Compatibility Supports T3.large Instances Amazon Redshift now supports writing to external tables in Amazon S3 CloudWatch Application Insights adds support for SQL Server High Availability configurations Amazon RDS on VMware Adds Support for Read Replica Amazon Redshift materialized views support external tables Announcing Amazon Aurora Serverless with MySQL 5.7 compatibility AI & ML DeepComposer Chartbusters challenge Amazon SageMaker Components for Kubeflow Pipelines AWS DeepComposer adds a new generative AI algorithm that allows developers to generate music in the style of Bach Now Install Custom Kernels and Data Science Libraries on EMR clusters directly from EMR Notebooks Amazon Augmented AI enables quality control via metadata for customers using a private workforce Introducing Recommendation Filters in Amazon Personalize Amazon Lex announces built-in search intent to enable Amazon Kendra integration Other Cool Stuff AWS announces AWS Snowcone - a small, portable, rugged, and secure edge computing and data transfer device Amazon Route 53 Launches New API Action to list Private Hosted Zones associated with your Amazon VPCs Real-time anomaly detection support in Amazon Elasticsearch Service Amazon Connect adds filtering by channel to the ‘Get queue metrics' block Amazon CloudFront enables configurable origin connection attempts and origin connection timeouts Amazon SES can now send notifications when the delivery of an email is delayed Enable WebRTC simulcast to improve video performance for applications built with the Amazon Chime SDK Amazon Connect now supports higher-quality, natural-sounding Text-to-Speech voices Amazon Polly launches a child US English NTTS Voice Sponsors Gold Sponsor Innablr Silver Sponsors AC3 CMD Solutions DoiT International
Another month, another long list of AWS releases. And once again Arjen, Jean-Manuel, and Guy take a look at what's new and give their opinions, whether those are appreciated or not. This episode was recorded on 29 May, but unfortunately had some delays in editing. The News Finally in Sydney Announcing major enhancements to Amazon Macie, an 80%+ price reduction, and global region expansion Amazon Fraud Detector Preview is now available in Ohio, Ireland, Singapore and Sydney AWS Regions AWS Inter-Region Data Transfer (DTIR) Price Reduction | AWS News Blog Amazon RDS Data API and Amazon RDS Query Editor are available in additional regions Amazon RDS Proxy (Preview) Now Available in 8 Additional AWS Regions Serverless Amazon EventBridge schema registry is now generally available AWS Step Functions now supports AWS CodeBuild service integration and CodePipeline supports invoking Step Functions with a new action type Control your email flows in Amazon WorkMail using AWS Lambda AWS SAM adds support for AWS Step Functions Announcing General Availability of Amplify iOS and Amplify Android, with new authentication, data, and AI/ML support Containers Amazon EKS Improves Cluster Creation and Management in the AWS Console Amazon EKS now supports Kubernetes version 1.16 ECR now supports Manifest Lists for multi-architecture images Amazon CloudWatch now monitors Prometheus metrics - Now in Beta Introducing the CDK for Kubernetes, a New Software Development Framework and Open Source Project for Defining Kubernetes Applications Using Code AWS CloudFormation now supports blue/green deployments for Amazon ECS Amazon Elastic Container Service now supports Environment files for the EC2 launch type AWS Fargate now encrypts data stored on ephemeral storage by default in platform version 1.4 EC2 & VPC Amazon SES now offers VPC Endpoint support for SMTP Endpoints AWS Elastic Beanstalk Announces General Availability of Amazon Linux 2 Based Node.js, PHP, Go, and Ruby Platforms Announcing Route Analyzer in AWS Transit Gateway Network Manager AWS License Manager now supports AWS PrivateLink Amazon Virtual Private Cloud (VPC) now supports Bring Your Own IPv6 Addresses (BYOIPv6) Add enriched metadata to Amazon VPC flow logs published to CloudWatch Logs and S3 Amazon EC2 now supports aliases for Amazon Machine Images (AMIs) Amazon EC2 M6g instances powered by AWS Graviton2 processors are now generally available Enhanced monitoring capabilities for AWS Direct Connect Amazon EFS Updates Service Level Agreement to 99.99% Security AWS Single Sign-On supports zero-downtime external IdP certificate rotation AWS Artifact service launches new user interface Introducing the Amazon EKS Best Practices Guide for Security AWS Client VPN now supports Federated Authentication via SAML 2.0 AWS Backup supports new options for customizing backup selections Manage access to AWS centrally for Okta users with AWS Single Sign-On Now deploy AWS Config rules and conformance packs across an organization from a delegated member account Network Load Balancer now supports TLS ALPN Policies Dev & Ops Amazon CodeGuru Reviewer launches new, more cost-effective pricing model Amazon CodeGuru Profiler announces availability of hourly recommendation reports to remediate issues quickly Amazon CodeGuru Reviewer announces pull request dashboard AWS Cloud9 is now available with a new default theme Amazon CodeGuru announces -javaagent switch to start Profiler Amazon CodeGuru Reviewer announces support for Bitbucket repositories and enhancements AWS CodeBuild Test Reporting is now Generally Available AWS Systems Manager now supports resource groups as targets for State Manager Databases NoSQL Workbench for DynamoDB adds support for Linux Amazon RDS Performance Insights supports SQL-level metrics on Amazon Aurora with MySQL compatibility Neptune Streams feature is now available outside of lab mode AWS Database Migration Service Now Supports Expression-Based Data Transformations Amazon RDS for SQL Server supports Bulk Insert on highly available DB Instances using Amazon S3 Integration Amazon RDS for SQL Server now supports SQL Server Reporting Services (SSRS) AI/ML AWS DeepComposer announces real-time visualizations for in-console model training and improved interactivity in learning capsules Amazon Kendra is now generally available Updates to AWS Deep Learning Containers with Amazon Elastic Inference for TensorFlow and PyTorch Training and Inference For TensorFlow Amazon Transcribe now supports vocabulary filtering for real-time transcription Other cool stuff AWS announces Amazon Elasticsearch Service UltraWarm general availability AWS Systems Manager Explorer now provides a multi-account summary of Trusted Advisor checks Introducing AWS Trusted Advisor Explorer AWS Trusted Advisor adds 5 Cost Optimization checks AWS announces a 90%+ price reduction for AWS IoT Device Management Jobs Amazon Chime adds new policies to govern meeting access Introducing AWS Elemental Media Event Management Amazon Connect Now automatically changes Agent Status to Offline on Logout Now Query for AWS Availability Zones and Local Zones using AWS Systems Manager Parameter Store Sponsors Gold Sponsor Innablr Silver Sponsors AC3 CMD Solutions
A month passed before we could blink, and once again Arjen is joined by Jean-Manuel and Guy to discuss the highlights of the April announcements. Co-starring interrupted chatbots and terrifying music. The News Finally in Sydney Sellers, consulting partners, and data providers from Australia and New Zealand now available in AWS Marketplace and AWS Data Exchange AWS Ground Station is now available in the Asia Pacific (Sydney) Region in Australia AWS Transit Gateway now Supports Inter-Region Peering in 11 additional regions EKS Adds Fargate Support in Frankfurt, Oregon, Singapore, and Sydney AWS Regions Amazon Aurora with PostgreSQL Compatibility for PostgreSQL 11 is available in all commercial AWS Regions Serverless Amazon RDS Proxy with PostgreSQL Compatibility (Preview) (not in Sydney) Exporting HTTP APIs as OpenAPI 3.0 Now Supported by Amazon API Gateway AWS Lambda now supports .NET Core 3.1 The AWS Toolkit for Visual Studio Code now supports AWS Step Functions Amplify CLI adds support for additional Lambda runtimes (Java, Go, .NET and Python) and Lambda cron jobs AWS X-Ray SDK for Go is now generally available Containers Amazon ECS and AWS Fargate support for Amazon EFS File Systems now generally available AWS App Mesh adds support to connect services deployed in multiple AWS accounts into a shared mesh Amazon EKS Now Supports Service-Linked Roles Amazon EKS managed node groups allow fully private cluster networking Databases Amazon Keyspaces (for Apache Cassandra) is now generally available Amazon RDS Now Supports PostgreSQL 12 Amazon RDS now supports MariaDB 10.4 AWS Database Migration Service now supports replicating data to Apache Kafka streaming platform (Keyspaces) Amazon Neptune now supports the T3.medium instance type Dev & Ops AWS Chatbot Now Generally Available Receive Notifications for AWS CodeBuild, AWS CodeCommit, AWS CodeDeploy, and AWS CodePipeline in Slack EC2 Image Builder adds support for Ubuntu, RHEL, CentOS, and SLES Amazon CloudWatch Synthetics is now generally available Amazon CloudWatch Synthetics now supports monitoring private endpoints in a VPC Security Amazon Detective is now generally available Review and remediate unintended access allowed on your AWS resources from outside your AWS organization Amazon Cognito Identity Pools now supports Sign in with Apple Track changes to secrets stored in AWS Secrets Manager using AWS Config and AWS Config Rules AWS Security Hub launches the Foundational Security Best Practices standard VPC & EC2 Amazon Elastic File System announces 400% increase in read operations for General Purpose mode file systems AWS Elastic Beanstalk Launches support for AWS PrivateLink AWS Elastic Beanstalk adds API support for listing platform branches AWS Elastic Beanstalk Announces General Availability of Amazon Linux 2 Based Docker, Corretto, and Python Platforms New AWS Elastic Beanstalk console now available AI & ML AWS DeepComposer is now generally available Introducing Amazon Augmented AI (A2I) for human reviews of machine learning predictions Introducing TorchServe: a PyTorch model serving framework Amazon Transcribe Medical now supports batch transcription of medical audio files Amazon Personalize now provides scores for recommended items Other Cool Stuff You can now use AWS Control Tower to set up new multi-account AWS environments in AWS Organizations Announcing the new AWS Africa (Cape Town) Region AWS Canada (Central) Region Adds Third Availability Zone Introducing AWS Cost Categories Amazon CloudWatch Contributor Insights is now generally available Introducing the AWS Transfer Family with fully managed support for SFTP, FTPS, and FTP Announcing general availability of Amazon Pinpoint Custom Channels Amazon Kinesis Data Firehose adds support for streaming data delivery to an Amazon Elasticsearch Service domain in an Amazon Virtual Private Cloud (VPC) AWS IQ waives fees until June 30, 2020 Amazon Connect adds custom terminating keypress for DTMF Amazon Connect now enables customers to interrupt Amazon Lex Chatbots Introducing Amazon Chime Proxy Phone Sessions AWS Snowball Edge Storage Optimized now delivers 25% faster data transfer performance AWS Snowball adds task automation with AWS Systems Manager AWS Snowball now supports local AWS IAM Introducing AWS OpsHub for Snow Family, a graphical user interface to manage AWS Snowball devices Other links AWS DeepComposer - Oasis - Wonderwall - Experiment #001 by The Dirk I Think Breath Noise is an Interesting One | Ambassador Lounge Podcast Episode #4 AWS Inside the Region | ig.nore.me Sponsors Gold Sponsor Innablr Silver Sponsors AC3 CMD Solutions
Le ultime novità da AWS e dal Cloud, by KloudOps. Iscriviti alla newsletter per ricevere ogni settimana via mail gli approfondimenti delle AWS & Cloud News: https://www.kloudops.io/aws-news/ (https://www.kloudops.io/aws-news/) Le notizie che abbiamo analizzato questa settimana sono: (https://aws.amazon.com/about-aws/whats-new/2020/02/amazon-vpc-flow-logs-support-1-min-aggregation-intervals/?ck_subscriber_id=637661934) (https://aws.amazon.com/it/about-aws/whats-new/2020/01/amazon-managed-cassandra-service-now-supports-ordering-clauses-in-cql-queries-and-aws-cloudtrail-logging/?ck_subscriber_id=637661934) (https://aws.amazon.com/about-aws/whats-new/2020/02/cloud9-launches-support-for-tagging-new-and-existing-environments/?ck_subscriber_id=637661934) (https://aws.amazon.com/about-aws/whats-new/2020/02/amazon-cognito-user-pools-service-now-supports-case-insensitivity-for-user-aliases/) (https://aws.amazon.com/it/about-aws/whats-new/2020/01/amazon-rds-for-mysql-supports-authentication-with-active-directory/?ck_subscriber_id=637661934) (https://aws.amazon.com/it/about-aws/whats-new/2020/01/aws-certificate-manager-private-certificate-authority-offers-cloudformation-resources/?ck_subscriber_id=637661934) (https://aws.amazon.com/it/blogs/aws/update-on-amazon-linux-ami-end-of-life/?ck_subscriber_id=637661934) (https://aws.amazon.com/it/about-aws/whats-new/2020/02/amazon-ebs-fast-snapshot-restore-expands-availability-to-all-commercial-regions-increases-limit-on-snapshots/?ck_subscriber_id=637661934) (https://aws.amazon.com/it/about-aws/whats-new/2020/02/amazon-ecs-supports-tagging-task-sets/?ck_subscriber_id=637661934) (https://aws.amazon.com/it/about-aws/whats-new/2020/02/amazon-ec2-adds-ability-to-easily-query-billing-information-of-amazon-machine-images/?ck_subscriber_id=637661934) (https://aws.amazon.com/about-aws/whats-new/2020/02/amazon-rds-data-api-now-supports-aws-privatelink/?ck_subscriber_id=637661934) (https://aws.amazon.com/about-aws/whats-new/2020/02/amazon-rds-performance-insights-supports-sql-level-metrics-on-amazon-rds-for-mysql/?ck_subscriber_id=637661934) (https://aws.amazon.com/about-aws/whats-new/2020/02/aws-codebuild-adds-support-for-amazon-efs/?ck_subscriber_id=637661934) (https://aws.amazon.com/about-aws/whats-new/2020/02/aws-storage-gateway-available-linux-kvm-hypervisor/?ck_subscriber_id=637661934) (https://aws.amazon.com/blogs/aws/new-aws-vpn-client) (https://aws.amazon.com/about-aws/whats-new/2020/02/amazon-ecs-optimized-linux-2-amis-come-pre-installed-aws-systems-manager-agent/?ck_subscriber_id=637661934) (https://aws.amazon.com/about-aws/whats-new/2020/02/aurora-postgresql-supports-machine-learning-export-to-amazon-s3-and-new-minor-versions/?ck_subscriber_id=637661934) (https://aws.amazon.com/about-aws/whats-new/2020/02/aws-systems-manager-now-enables-auto-approval-of-patches-by-date/?ck_subscriber_id=637661934) (https://aws.amazon.com/about-aws/whats-new/2020/02/aws-well-architected-tool-now-supports-aws-serverless-lens/?ck_subscriber_id=637661934) (https://aws.amazon.com/about-aws/whats-new/2020/02/configure-fine-grained-data-access-with-amazon-elasticsearch-service/?ck_subscriber_id=637661934) (https://aws.amazon.com/about-aws/whats-new/2020/02/introducing-content-filtering-amazon-eventbridge/?ck_subscriber_id=637661934) (https://aws.amazon.com/about-aws/whats-new/2020/02/introducing-multi-region-asynchronous-object-replication-solution/?ck_subscriber_id=637661934) (https://aws.amazon.com/blogs/developer/aws-cli-v2-is-now-generally-available/) (https://aws.amazon.com/blogs/aws/new-multi-attach-for-provisioned-iops-io1-amazon-ebs-volumes/?ck_subscriber_id=637661934) (https://aws.amazon.com/blogs/aws/new-use-aws-cloudformation-stacksets-for-multiple-accounts-in-an-aws-organization/?ck_subscriber_id=637661934)
Your Impact on FreeBSD in 2019, Wireguard on OpenBSD Router, Amazon now has FreeBSD/ARM 12, pkgsrc-2019Q4, The Joys of UNIX Keyboards, OpenBSD on Digital Ocean, and more. Headlines Your Impact on FreeBSD in 2019 (https://www.freebsdfoundation.org/blog/your-impact-on-freebsd-in-2019/) It’s hard to believe that 2019 is nearly over. It has been an amazing year for supporting the FreeBSD Project and community! Why do I say that? Because as I reflect over the past 12 months, I realize how many events we’ve attended all over the world, and how many lives we’ve touched in so many ways. From advocating for FreeBSD to implementing FreeBSD features, my team has been there to help make FreeBSD the best open source project and operating system out there. In 2019, we focused on supporting a few key areas where the Project needed the most help. The first area was software development. Whether it was contracting FreeBSD developers to work on projects like wifi support, to providing internal staff to quickly implement hardware workarounds, we’ve stepped in to help keep FreeBSD innovative, secure, and reliable. Software development includes supporting the tools and infrastructure that make the development process go smoothly, and we’re on it with team members heading up the Continuous Integration efforts, and actively involved in the clusteradmin and security teams. Our advocacy efforts focused on recruiting new users and contributors to the Project. We attended and participated in 38 conferences and events in 21 countries. From giving FreeBSD presentations and workshops to staffing tables, we were able to have 1:1 conversations with thousands of attendees. Our travels also provided opportunities to talk directly with FreeBSD commercial and individual users, contributors, and future FreeBSD user/contributors. We’ve seen an increase in use and interest in FreeBSD from all of these organizations and individuals. These meetings give us a chance to learn more about what organizations need and what they and other individuals are working on. The information helps inform the work we should fund. Wireguard on OpenBSD Router (https://obscurity.xyz/bsd/open/wireguard.html) wireguard (wg) is a modern vpn protocol, using the latest class of encryption algorithms while at the same time promising speed and a small code base. modern crypto and lean code are also tenants of openbsd, thus it was a no brainer to migrate my router from openvpn over to wireguard. my setup : a collection of devices, both wired and wireless, that are nat’d through my router (openbsd 6.6) out via my vpn provider azire* and out to the internet using wg-quick to start wg. running : doubtless this could be improved on, but currently i start wg manually when my router boots. this, and the nat'ing on the vpn interface mean its impossible for clients to connect to the internet without the vpn being up. as my router is on a ups and only reboots when a kernel patch requires it, it’s a compromise i can live with. run wg-quick (please replace vpn with whatever you named your wg .conf file.) and reload pf rules. News Roundup Amazon now has FreeBSD/ARM 12 (https://aws.amazon.com/marketplace/pp/B081NF7BY7) AWS, the cloud division of Amazon, announced in December the next generation of its ARM processors, the Graviton2. This is a custom chip design with a 7nm architecture. It is based on 64-bit ARM Neoverse cores. Compared to first-generation Graviton processors (A1), today’s new chips should deliver up to 7x the performance of A1 instances in some cases. Floating point performance is now twice as fast. There are additional memory channels and cache speed memory access should be much faster. The company is working on three types of Graviton2 EC2 instances that should be available soon. Instances with a “g” suffix are powered by Graviton2 chips. If they have a “d” suffix, it also means that they have NVMe local storage. General-purpose instances (M6g and M6gd) Compute-optimized instances (C6g and C6gd) Memory-optimized instances (R6g and R6gd) You can choose instances with up to 64 vCPUs, 512 GiB of memory and 25 Gbps networking. And you can see that ARM-powered servers are not just a fad. AWS already promises a 40% better price/performance ratio with ARM-based instances when you compare them with x86-based instances. AWS has been working with operating system vendors and independent software vendors to help them release software that runs on ARM. ARM-based EC2 instances support Amazon Linux 2, Ubuntu, Red Hat, SUSE, Fedora, Debian and FreeBSD. It also works with multiple container services (Docker, Amazon ECS, and Amazon Elastic Kubernetes Service). Coverage of AWS Announcement (https://techcrunch.com/2019/12/03/aws-announces-new-arm-based-instances-with-graviton2-processors/) Announcing the pkgsrc-2019Q4 release (https://mail-index.netbsd.org/pkgsrc-users/2020/01/06/msg030130.html) The pkgsrc developers are proud to announce the 65th quarterly release of pkgsrc, the cross-platform packaging system. pkgsrc is available with more than 20,000 packages, running on 23 separate platforms; more information on pkgsrc itself is available at https://www.pkgsrc.org/ In total, 190 packages were added, 96 packages were removed, and 1,868 package updates (to 1388 unique packages) were processed since the pkgsrc-2019Q3 release. As usual, a large number of updates and additions were processed for packages for go (14), guile (11), perl (170), php (10), python (426), and ruby (110). This continues pkgsrc's tradition of adding useful packages, updating many packages to more current versions, and pruning unmaintained packages that are believed to have essentially no users. The Joys of UNIX Keyboards (https://donatstudios.com/UNIX-Keyboards) I fell in love with a dead keyboard layout. A decade or so ago while helping a friends father clean out an old building, we came across an ancient Sun Microsystems server. We found it curious. Everything about it was different from what we were used to. The command line was black on white, the connectors strange and foreign, and the keyboard layout was bizarre. We never did much with it; turning it on made all the lights in his home dim, and our joint knowledge of UNIX was nonexistent. It sat in his bedroom for years supporting his television at the foot of his bed. I never forgot that keyboard though. The thought that there was this alternative layout out there seemed intriguing to me. OpenBSD on Digital Ocean (https://www.going-flying.com/blog/openbsd-on-digitalocean.html) Last night I had a need to put together a new OpenBSD machine. Since I already use DigitalOcean for one of my public DNS servers I wanted to use them for this need but sadly like all too many of the cloud providers they don't support OpenBSD. Now they do support FreeBSD and I found a couple writeups that show how to use FreeBSD as a shim to install OpenBSD. They are both sort of old at this point and with OpenBSD 6.6 out I ran into a bit of a snag. The default these days is to use a GPT partition table to enable EFI booting. This is generally pretty sane but it looks to me like the FreeBSD droplet doesn't support this. After the installer rebooted the VM failed to boot, being unable to find the bootloader. Thankfully DigitalOcean has a recovery ISO that you can boot by simply switching to it and powering off and then on your Droplet. Beastie Bits FreeBSD defaults to LLVM on PPC (https://svnweb.freebsd.org/base?view=revision&revision=356111) Theo De Raadt Interview between Ottawa 2019 Hackathon and BSDCAN 2019 (https://undeadly.org/cgi?action=article;sid=20191231214356) Bastille Poll about what people would like to see in 2020 (https://twitter.com/BastilleBSD/status/1211475103143251968) Notes on the classic book : The Design of the UNIX Operating System (https://github.com/suvratapte/Maurice-Bach-Notes) Multics History (https://www.multicians.org/) First meeting of the Hamilton BSD user group, February 11, 2020 18:30 - 21:00, Boston Pizza on Upper James St (http://studybsd.com/) Feedback/Questions Bill - 1.1 CDROM (http://dpaste.com/2H9CW6R) Greg - More 50 Year anniversary information (http://dpaste.com/2SGA3KY) Dave - Question time for Allan (http://dpaste.com/3ZAEKHD#wrap) Send questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv (mailto:feedback@bsdnow.tv) Your browser does not support the HTML5 video tag.
This presentation was recorded prior to re:Invent. In this session, learn how Amazon Linux WorkSpaces can be customized to provide ready-to-go development cloud workstation environments for developers in your organization. We discuss how developers working with different programming languages, such as .NET, C++, Java, and Go, or with tools like Docker containers, can become agile using Amazon Linux WorkSpaces. We also cover best practices for getting the most out of a cloud-based development desktop service.
In this session, we cover recent announcements for containers, Amazon Linux, and application networking at AWS, and how they fit into the bigger picture for users. We also cover how we're thinking about what's next and discuss different ways you can help drive our product direction-such as developer previews, publicly available roadmaps, and more!
It is a MASSIVE episode of updates that Simon and Nikki do their best to cover! There is also an EXTRA SPECIAL bonus just for AWS Podcast listeners! Special Discount for Intersect Tickets: https://int.aws/podcast use discount code 'podcast' - note that tickets are limited! Chapters: 02:19 Infrastructure 03:07 Storage 05:34 Compute 13:47 Network 14:54 Databases 17:45 Migration 18:36 Developer Tools 21:39 Analytics 29:25 IoT 33:24 End User Computing 34:08 Machine Learning 40:21 AR and VR 41:11 Application Integration 43:57 Management and Governance 48:04 Customer Engagement 49:13 Media 50:17 Mobile 50:36 Security 51:26 Gaming 51:39 Robotics 52:13 Training Shownotes: Special Discount for Intersect Tickets: https://int.aws/podcast use discount code 'podcast' - note that tickets are limited! Topic || Infrastructure Announcing the new AWS Middle East (Bahrain) Region | https://aws.amazon.com/about-aws/whats-new/2019/07/announcing-the-new-aws-middle-east--bahrain--region-/ Topic || Storage EBS default volume type updated to GP2 | https://aws.amazon.com/about-aws/whats-new/2019/07/ebs-default-volume-type-updated-to-gp2/ AWS Backup will Automatically Copy Tags from Resource to Recovery Point | https://aws.amazon.com/about-aws/whats-new/2019/07/aws-backup-will-automatically-copy-tags-from-resource-to-recovery-point/ Configuration update for Amazon EFS encryption of data in transit | https://aws.amazon.com/about-aws/whats-new/2019/07/configuration-update-for-amazon-efs-encryption-data-in-transit/ AWS Snowball and Snowball Edge available in Seoul – Amazon Web Services | https://aws.amazon.com/about-aws/whats-new/2019/07/aws-snowball-and-aws-snowball-edge-available-in-asia-pacific-seoul-region/ Amazon S3 adds support for percentiles on Amazon CloudWatch Metrics | https://aws.amazon.com/about-aws/whats-new/2019/07/amazon-s3-adds-support-for-percentiles-on-amazon-cloudwatch-metrics/ Amazon FSx Now Supports Windows Shadow Copies for Restoring Files to Previous Versions | https://aws.amazon.com/about-aws/whats-new/2019/07/amazon-fsx-now-supports-windows-shadow-copies-for-restoring-files-to-previous-versions/ Amazon CloudFront Announces Support for Resource-Level and Tag-Based Permissions | https://aws.amazon.com/about-aws/whats-new/2019/08/cloudfront-resource-level-tag-based-permission/ Topic || Compute Amazon EC2 AMD Instances are Now Available in additional regions | https://aws.amazon.com/about-aws/whats-new/2019/07/amazon-ec2-amd-instances-available-in-additional-regions/ Amazon EC2 P3 Instances Featuring NVIDIA Volta V100 GPUs now Support NVIDIA Quadro Virtual Workstation | https://aws.amazon.com/about-aws/whats-new/2019/07/amazon-ec2-p3-nstances-featuring-nvidia-volta-v100-gpus-now-support-nvidia-quadro-virtual-workstation/ Introducing Amazon EC2 I3en and C5n Bare Metal Instances | https://aws.amazon.com/about-aws/whats-new/2019/08/introducing-amazon-ec2-i3en-and-c5n-bare-metal-instances/ Amazon EC2 C5 New Instance Sizes are Now Available in Additional Regions | https://aws.amazon.com/about-aws/whats-new/2019/08/amazon-ec2-c5-new-instance-sizes-are-now-available-in-additional-regions/ Amazon EC2 Spot Now Available for Red Hat Enterprise Linux (RHEL) | https://aws.amazon.com/about-aws/whats-new/2019/07/amazon-ec2-spot-now-available-red-hat-enterprise-linux-rhel/ Amazon EC2 Now Supports Tagging Launch Templates on Creation | https://aws.amazon.com/about-aws/whats-new/2019/07/amazon-ec2-now-supports-tagging-launch-templates-on-creation/ Amazon EC2 On-Demand Capacity Reservations Can Now Be Shared Across Multiple AWS Accounts | https://aws.amazon.com/about-aws/whats-new/2019/07/amazon-ec2-on-demand-capacity-reservations-shared-across-multiple-aws-accounts/ Amazon EC2 Fleet Now Lets You Modify On-Demand Target Capacity | https://aws.amazon.com/about-aws/whats-new/2019/08/amazon-ec2-fleet-modify-on-demand-target-capacity/ Amazon EC2 Fleet Now Lets You Set A Maximum Price For A Fleet Of Instances | https://aws.amazon.com/about-aws/whats-new/2019/08/amazon-ec2-fleet-now-lets-you-submit-maximum-price-for-fleet-of-instances/ Amazon EC2 Hibernation Now Available on Ubuntu 18.04 LTS | https://aws.amazon.com/about-aws/whats-new/2019/07/amazon-ec2-hibernation-now-available-ubuntu-1804-lts/ Amazon ECS services now support multiple load balancer target groups | https://aws.amazon.com/about-aws/whats-new/2019/07/amazon-ecs-services-now-support-multiple-load-balancer-target-groups/ Amazon ECS Console now enables simplified AWS App Mesh integration | https://aws.amazon.com/about-aws/whats-new/2019/07/amazon-ecs-console-enables-simplified-aws-app-mesh-integration/ Amazon ECR now supports increased repository and image limits | https://aws.amazon.com/about-aws/whats-new/2019/07/amazon-ecr-now-supports-increased-repository-and-image-limits/ Amazon ECR Now Supports Immutable Image Tags | https://aws.amazon.com/about-aws/whats-new/2019/07/amazon-ecr-now-supports-immutable-image-tags/ Amazon Linux 2 Extras now provides AWS-optimized versions of new Linux Kernels | https://aws.amazon.com/about-aws/whats-new/2019/07/amazon-linux-2-extras-provides-aws-optimized-versions-of-new-linux-kernels/ Lambda@Edge Adds Support for Python 3.7 | https://aws.amazon.com/about-aws/whats-new/2019/08/lambdaedge-adds-support-for-python-37/ AWS Batch Now Supports the Elastic Fabric Adapter | https://aws.amazon.com/about-aws/whats-new/2019/08/aws-batch-now-supports-elastic-fabric-adapter/ Topic || Network Elastic Fabric Adapter is officially integrated into Libfabric Library | https://aws.amazon.com/about-aws/whats-new/2019/07/elastic-fabric-adapter-officially-integrated-into-libfabric-library/ Now Launch AWS Glue, Amazon EMR, and AWS Aurora Serverless Clusters in Shared VPCs | https://aws.amazon.com/about-aws/whats-new/2019/08/now-launch-aws-glue-amazon-emr-and-aws-aurora-serverless-clusters-in-shared-vpcs/ AWS DataSync now supports Amazon VPC endpoints | https://aws.amazon.com/about-aws/whats-new/2019/08/aws-datasync-now-supports-amazon-vpc-endpoints/ AWS Direct Connect Now Supports Resource Based Authorization, Tag Based Authorization, and Tag on Resource Creation | https://aws.amazon.com/about-aws/whats-new/2019/07/aws-direct-connect-now-supports-resource-based-authorization-tag-based-authorization-tag-on-resource-creation/ Topic || Databases Amazon Aurora Multi-Master is Now Generally Available | https://aws.amazon.com/about-aws/whats-new/2019/08/amazon-aurora-multimaster-now-generally-available/ Amazon DocumentDB (with MongoDB compatibility) Adds Aggregation Pipeline and Diagnostics Capabilities | https://aws.amazon.com/about-aws/whats-new/2019/08/amazon-documentdb-with-mongodb-compatibility-adds-aggregation-pipeline-and-diagnostics-capabilities/ Amazon DynamoDB now helps you monitor as you approach your account limits | https://aws.amazon.com/about-aws/whats-new/2019/08/amazon-dynamodb-now-helps-you-monitor-as-you-approach-your-account-limits/ Amazon RDS for Oracle now supports new instance sizes | https://aws.amazon.com/about-aws/whats-new/2019/08/amazon-rds-for-oracle-now-supports-new-instance-sizes/ Amazon RDS for Oracle Supports Oracle Management Agent (OMA) version 13.3 for Oracle Enterprise Manager Cloud Control 13c | https://aws.amazon.com/about-aws/whats-new/2019/08/amazon-rds-for-oracle-supports-oracle-management-agent-oma-version133-for-oracle-enterprise-manager-cloud-control13c/ Amazon RDS for Oracle now supports July 2019 Oracle Patch Set Updates (PSU) and Release Updates (RU) | https://aws.amazon.com/about-aws/whats-new/2019/08/amazon-rds-for-oracle-supports-july-2019-oracle-patch-set-and-release-updates/ Amazon RDS SQL Server now supports changing the server-level collation | https://aws.amazon.com/about-aws/whats-new/2019/08/amazon-rds-sql-server-supports-changing-server-level-collation/ PostgreSQL 12 Beta 2 Now Available in Amazon RDS Database Preview Environment | https://aws.amazon.com/about-aws/whats-new/2019/08/postgresql-beta-2-now-available-in-amazon-rds-database-preview-environment/ Amazon Aurora with PostgreSQL Compatibility Supports Publishing PostgreSQL Log Files to Amazon CloudWatch Logs | https://aws.amazon.com/about-aws/whats-new/2019/08/amazon-aurora-with-postgresql-compatibility-support-logs-to-cloudwatch/ Amazon Redshift Launches Concurrency Scaling in Five additional AWS Regions, and Enhances Console Performance Graphs in all supported AWS Regions | https://aws.amazon.com/about-aws/ whats-new/2019/08/amazon-redshift-launches-concurrency-scaling-five-additional-regions-enhances-console-performance-graphs/ Amazon Redshift now supports column level access control with AWS Lake Formation | https://aws.amazon.com/about-aws/whats-new/2019/08/amazon-redshift-spectrum-now-supports-column-level-access-control-with-aws-lake-formation/ Topic || Migration AWS Migration Hub Now Supports Import of On-Premises Server and Application Data From RISC Networks to Plan and Track Migration Progress | https://aws.amazon.com/about-aws/whats-new/2019/07/aws-migration-hub-supports-import-of-on-premises-server-application-data-from-risc-networks-to-track-migration-progress/ Topic || Developer Tools AWS CodePipeline Achieves HIPAA Eligibility | https://aws.amazon.com/about-aws/whats-new/2019/07/aws-codepipeline-achieves-hipaa-eligibility/ AWS CodePipeline Adds Pipeline Status to Pipeline Listing | https://aws.amazon.com/about-aws/whats-new/2019/07/aws-codepipeline-adds-pipeline-status-to-pipeline-listing/ AWS Amplify Console adds support for automatically deploying branches that match a specific pattern | https://aws.amazon.com/about-aws/whats-new/2019/07/aws-amplify-console-support-git-based-branch-pattern-detection/ Amplify Framework Adds Predictions Category | https://aws.amazon.com/about-aws/whats-new/2019/07/amplify-framework-adds-predictions-category/ Amplify Framework adds local mocking and testing for GraphQL APIs, Storage, Functions, and Hosting | https://aws.amazon.com/about-aws/whats-new/2019/08/amplify-framework-adds-local-mocking-and-testing-for-graphql-apis-storage-functions-hostings/ Topic || Analytics AWS Lake Formation is now generally available | https://aws.amazon.com/about-aws/whats-new/2019/08/aws-lake-formation-is-now-generally-available/ Announcing PartiQL: One query language for all your data | https://aws.amazon.com/blogs/opensource/announcing-partiql-one-query-language-for-all-your-data/ AWS Glue now supports the ability to run ETL jobs on Apache Spark 2.4.3 (with Python 3) | https://aws.amazon.com/about-aws/whats-new/2019/07/aws-glue-now-supports-ability-to-run-etl-jobs-apache-spark-243-with-python-3/ AWS Glue now supports additional configuration options for memory-intensive jobs submitted through development endpoints | https://aws.amazon.com/about-aws/whats-new/2019/07/aws-glue-now-supports-additional-configuration-options-for-memory-intensive-jobs-submitted-through-deployment-endpoints/ AWS Glue now provides the ability to bookmark Parquet and ORC files using Glue ETL jobs | https://aws.amazon.com/about-aws/whats-new/2019/07/aws-glue-now-provides-ability-to-bookmark-parquet-and-orc-files-using-glue-etl-jobs/ AWS Glue now provides FindMatches ML transform to deduplicate and find matching records in your dataset | https://aws.amazon.com/about-aws/whats-new/2019/08/aws-glue-provides-findmatches-ml-transform-to-deduplicate/ Amazon QuickSight adds support for custom colors, embedding for all user types and new regions! | https://aws.amazon.com/about-aws/whats-new/2019/08/amazon-quicksight-adds-support-for-custom-colors-embedding-for-all-user-types-and-new-regions/ Achieve 3x better Spark performance with EMR 5.25.0 | https://aws.amazon.com/about-aws/whats-new/2019/08/achieve-3x-better-spark-performance-with-emr-5250/ Amazon EMR now supports native EBS encryption | https://aws.amazon.com/about-aws/whats-new/2019/08/amazon_emr_now_supports_native_ebs_encryption/ Amazon Athena adds Support for AWS Lake Formation Enabling Fine-Grained Access Control on Databases, Tables, and Columns | https://aws.amazon.com/about-aws/whats-new/2019/08/amazon-athena-adds-support-for-aws-lake-formation-enabling-fine-grained-access-control-on-databases-tables-columns/ Amazon EMR Integration With AWS Lake Formation Is Now In Beta, Supporting Database, Table, and Column-level access controls for Apache Spark | https://aws.amazon.com/about-aws/whats-new/2019/08/amazon-emr-integration-with-aws-lake-formation-now-in-beta-supporting-database-table-column-level-access-controls/ Topic || IoT AWS IoT Device Defender Expands Globally | https://aws.amazon.com/about-aws/whats-new/2019/08/aws-iot-device-defender-expands-globally/ AWS IoT Device Defender Supports Mitigation Actions for Audit Results | https://aws.amazon.com/about-aws/whats-new/2019/08/aws-iot-device-defender-supports-mitigation-actions-for-audit-results/ AWS IoT Device Tester v1.3.0 is Now Available for Amazon FreeRTOS 201906.00 Major | https://aws.amazon.com/about-aws/whats-new/2019/07/aws_iot_device_tester_v130_for_amazon_freertos_201906_00_major/ AWS IoT Events actions now support AWS Lambda, SQS, Kinesis Firehose, and IoT Events as targets | https://aws.amazon.com/about-aws/whats-new/2019/07/aws-iot-events-supports-invoking-actions-to-lambda-sqs-kinesis-firehose-iot-events/ AWS IoT Events now supports AWS CloudFormation | https://aws.amazon.com/about-aws/whats-new/2019/07/aws-iot-events-now-supports-aws-cloudformation/ Topic || End User Computing AWS Client VPN now adds support for Split-tunnel | https://aws.amazon.com/about-aws/whats-new/2019/07/aws-client-vpn-now-adds-support-for-split-tunnel/ Introducing AWS Chatbot (beta): ChatOps for AWS in Amazon Chime and Slack Chat Rooms | https://aws.amazon.com/about-aws/whats-new/2019/07/introducing-aws-chatbot-chatops-for-aws/ Amazon AppStream 2.0 Adds CLI Operations for Programmatic Image Creation | https://aws.amazon.com/about-aws/whats-new/2019/08/amazon-appstream-2-adds-cli-operations-for-programmatic-image-creation/ NICE DCV Releases Version 2019.0 with Multi-Monitor Support on Web Client | https://aws.amazon.com/about-aws/whats-new/2019/08/nice-dcv-releases-version-2019-0-with-multi-monitor-support-on-web-client/ New End User Computing Competency Solutions | https://aws.amazon.com/about-aws/whats-new/2019/08/end-user-computing-competency-solutions/ Amazon WorkDocs Migration Service | https://aws.amazon.com/about-aws/whats-new/2019/08/amazon_workdocs_migration_service/ Topic || Machine Learning SageMaker Batch Transform now enables associating prediction results with input attributes | https://aws.amazon.com/about-aws/whats-new/2019/07/sagemaker-batch-transform-enable-associating-prediction-results-with-input-attributes/ Amazon SageMaker Ground Truth Adds Data Labeling Workflow for Named Entity Recognition | https://aws.amazon.com/about-aws/whats-new/2019/08/amazon-sagemaker-ground-truth-adds-data-labeling-workflow-for-named-entity-recognition/ Amazon SageMaker notebooks now available with pre-installed R kernel | https://aws.amazon.com/about-aws/whats-new/2019/08/amazon-sagemaker-notebooks-available-with-pre-installed-r-kernel/ New Model Tracking Capabilities for Amazon SageMaker Are Now Generally Available | https://aws.amazon.com/about-aws/whats-new/2019/08/new-model-tracking-capabilities-for-amazon-sagemaker-now-generally-available/ Amazon Comprehend Custom Entities now supports multiple entity types | https://aws.amazon.com/about-aws/whats-new/2019/07/amazon-comprehend-custom-entities-supports-multiple-entity-types/ Introducing Predictive Maintenance Using Machine Learning | https://aws.amazon.com/about-aws/whats-new/2019/07/introducing-predictive-maintenance-using-machine-learning/ Amazon Transcribe Streaming Now Supports WebSocket | https://aws.amazon.com/about-aws/whats-new/2019/07/amazon-transcribe-streaming-now-supports-websocket/ Amazon Polly Launches Neural Text-to-Speech and Newscaster Voices | https://aws.amazon.com/about-aws/whats-new/2019/07/amazon-polly-launches-neural-text-to-speech-and-newscaster-voices/ Manage a Lex session using APIs on the client | https://aws.amazon.com/about-aws/whats-new/2019/08/manage-a-lex-session-using-apis-on-the-client/ Amazon Rekognition now detects violence, weapons, and self-injury in images and videos; improves accuracy for nudity detection | https://aws.amazon.com/about-aws/whats-new/2019/08/amazon-rekognition-now-detects-violence-weapons-and-self-injury-in-images-and-videos-improves-accuracy-for-nudity-detection/ Topic || AR and VR Amazon Sumerian Now Supports Physically-Based Rendering (PBR) | https://aws.amazon.com/about-aws/whats-new/2019/07/amazon-sumerian-now-supports-physically-based-rendering-pbr/ Topic || Application Integration Amazon SNS Message Filtering Adds Support for Attribute Key Matching | https://aws.amazon.com/about-aws/whats-new/2019/08/amazon-sns-message-filtering-adds-support-for-attribute-key-matching/ Amazon SNS Adds Support for AWS X-Ray | https://aws.amazon.com/about-aws/whats-new/2019/07/amazon-sns-adds-support-for-aws-x-ray/ Temporary Queue Client Now Available for Amazon SQS | https://aws.amazon.com/about-aws/whats-new/2019/07/temporary-queue-client-now-available-for-amazon-sqs/ Amazon MQ Adds Support for AWS Key Management Service (AWS KMS), Improving Encryption Capabilities | https://aws.amazon.com/about-aws/whats-new/2019/07/amazon-mq-adds-support-for-aws-key-management-service-improving-encryption-capabilities/ Amazon MSK adds support for Apache Kafka version 2.2.1 and expands availability to EU (Stockholm), Asia Pacific (Mumbai), and Asia Pacific (Seoul) | https://aws.amazon.com/about-aws/whats-new/2019/07/amazon-msk-adds-support-apache-kafka-version-221-expands-availability-stockholm-mumbai-seoul/ Amazon API Gateway supports secured connectivity between REST APIs & Amazon Virtual Private Clouds in additional regions | https://aws.amazon.com/about-aws/whats-new/2019/08/amazon-api-gateway-supports-secured-connectivity-between-reset-apis-and-amazon-virtual-private-clouds-in-additional-regions/ Topic || Management and Governance AWS Cost Explorer now Supports Usage-Based Forecasts | https://aws.amazon.com/about-aws/whats-new/2019/07/usage-based-forecasting-in-aws-cost-explorer/ Introducing Amazon EC2 Resource Optimization Recommendations | https://aws.amazon.com/about-aws/whats-new/2019/07/introducing-amazon-ec2-resource-optimization-recommendations/ AWS Budgets Announces AWS Chatbot Integration | https://aws.amazon.com/about-aws/whats-new/2019/07/aws-budgets-announces-aws-chatbot-integration/ Discovering Documents Made Easy in AWS Systems Manager Automation | https://aws.amazon.com/about-aws/whats-new/2019/07/discovering-documents-made-easy-in-aws-systems-manager-automation/ AWS Systems Manager Distributor makes it easier to create distributable software packages | https://aws.amazon.com/about-aws/whats-new/2019/07/aws-systems-manager-distributor-makes-it-easier-to-create-distributable-software-packages/ Now use AWS Systems Manager Maintenance Windows to select resource groups as targets | https://aws.amazon.com/about-aws/whats-new/2019/07/now-use-aws-systems-manager-maintenance-windows-to-select-resource-groups-as-targets/ Use AWS Systems Manager to resolve operational issues with your .NET and Microsoft SQL Server Applications | https://aws.amazon.com/about-aws/whats-new/2019/08/use-aws-systems-manager-to-resolve-operational-issues-with-your-net-and-microsoft-sql-server-applications/ CloudWatch Logs Insights adds cross log group querying | https://aws.amazon.com/about-aws/whats-new/2019/07/cloudwatch-logs-insights-adds-cross-log-group-querying/ AWS CloudFormation now supports higher StackSets limits | https://aws.amazon.com/about-aws/whats-new/2019/08/aws-cloudformation-now-supports-higher-stacksets-limits/ Topic || Customer Engagement Introducing AI-Driven Social Media Dashboard | https://aws.amazon.com/about-aws/whats-new/2019/07/introducing-ai-driven-social-media-dashboard/ New Amazon Connect integration for ChoiceView from Radish Systems on AWS | https://aws.amazon.com/about-aws/whats-new/2019/07/new-amazon-connect-integration-for-choiceview-from-radish-systems-on-aws/ Amazon Pinpoint Adds Campaign and Application Metrics APIs | https://aws.amazon.com/about-aws/whats-new/2019/07/amazon-pinpoint-adds-campaign-and-application-metrics-apis/ Topic || Media AWS Elemental Appliances and Software Now Available in the AWS Management Console | https://aws.amazon.com/about-aws/whats-new/2019/08/aws-elemental-appliances-and-software-now-available-in-aws-management-console/ AWS Elemental MediaConvert Expands Audio Support and Improves Performance | https://aws.amazon.com/about-aws/whats-new/2019/07/aws-elemental-mediaconvert-expands-audio-support-and-improves-performance/ AWS Elemental MediaConvert Adds Ability to Prioritize Transcoding Jobs | https://aws.amazon.com/about-aws/whats-new/2019/07/aws-elemental-mediaconvert-adds-ability-to-prioritize-transcoding-jobs/ AWS Elemental MediaConvert Simplifies Editing and Sharing of Settings | https://aws.amazon.com/about-aws/whats-new/2019/08/aws-elemental-mediaconvert-simplifies-editing-and-sharing-of-settings/ AWS Elemental MediaStore Now Supports Resource Tagging | https://aws.amazon.com/about-aws/whats-new/2019/07/aws-elemental-mediastore-now-supports-resource-tagging/ AWS Elemental MediaLive Enhances Support for File-Based Inputs for Live Channels | https://aws.amazon.com/about-aws/whats-new/2019/07/aws-elemental-medialive-enhances-support-for-file-based-inputs-for-live-channels/ Topic || Mobile AWS Device Farm improves device start up time to enable instant access to devices | https://aws.amazon.com/about-aws/whats-new/2019/07/aws-device-farm-improves-device-start-up-time-to-enable-instant-access-to-devices/ Topic || Security Introducing the Amazon Corretto Crypto Provider (ACCP) for Improved Cryptography Performance | https://aws.amazon.com/about-aws/whats-new/2019/07/introducing-the-amazon-corretto-crypto-provider/ AWS Secrets Manager now supports VPC endpoint policies | https://aws.amazon.com/about-aws/whats-new/2019/07/AWS-Secrets-Manager-now-supports-VPC-endpoint-policies/ Topic || Gaming Lumberyard Beta 1.20 Now Available | https://aws.amazon.com/about-aws/whats-new/2019/07/lumberyard-beta-120-now-available/ Topic || Robotics AWS RoboMaker now supports offline logs and metrics for the AWS RoboMaker CloudWatch cloud extension | https://aws.amazon.com/about-aws/whats-new/2019/07/aws-robomaker-now-supports-offline-logs-metrics-aws-robomaker-cloudwatch-cloud-extension/ Topic || Training New AWS Certification Exam Vouchers Make Certifying Groups Easier | https://aws.amazon.com/about-aws/whats-new/2019/07/new-aws-certification-exam-vouchers-make-certifying-groups-easier/ Announcing New Resources and Website to Accelerate Your Cloud Adoption | https://aws.amazon.com/about-aws/whats-new/2019/07/announcing-new-resources-and-website-to-accelerate-your-cloud-adoption/ AWS Developer Series Relaunched on edX | https://aws.amazon.com/about-aws/whats-new/2019/08/aws-developer-series-relaunched-on-edx/
Keynote presenter from Texas LinuxFest and established industry expert Thomas Cameron joins us to discuss the end of the distro wars, the future of Linux jobs, his personal take on IBM's acquisition of Red Hat, some really great Linux job tips, and much more. Plus we catch up on some community news from old friends, complain about a few Linux bugs, and share a "magical" app pick. Special Guests: Alex Kretzschmar, Brent Gervais, Martin Wimpress, and Thomas Cameron.
Simon shares a huge selection of updates and new things! Chapter Marks: 00:00:19 Satellites 00:01:12 Storage 00:03:01 Compute 00:05:35 Databases 00:09:17 Developer Tools 00:10:32 Analytics 00:12:28 IoT 00:14:06 End User Computing 00:15:03 Machine Learning 00:16:22 Robotics 00:16:46 Application Integration 00:17:42 Management and Governance 00:20:49 Customer Engagement 00:21:24 Security 00:22:10 Training and Certification 00:22:36 Quick Starts 00:23:04 AWS Marketplace Shownotes Topic || Satellite Announcing General Availability of AWS Ground Station | https://aws.amazon.com/about-aws/whats-new/2019/05/announcing-general-availability-of-aws-ground-station-/ Topic || Storage You can now encrypt new EBS volumes in your account in a region with a single setting | https://aws.amazon.com/about-aws/whats-new/2019/05/with-a-single-setting-you-can-encrypt-all-new-amazon-ebs-volumes/ AWS Backup Now Supports AWS CloudFormation | https://aws.amazon.com/about-aws/whats-new/2019/05/aws-backup-now-supports-aws-cloudformation/ AWS DataSync Now Supports EFS-to-EFS Transfer | https://aws.amazon.com/about-aws/whats-new/2019/05/aws-datasync-now-supports-efs-to-efs-transfer/ AWS DataSync adds filtering for data transfers – Amazon Web Services | https://aws.amazon.com/about-aws/whats-new/2019/05/aws-datasync-adds-filtering-for-data-transfers/ AWS DataSync is now SOC compliant | https://aws.amazon.com/about-aws/whats-new/2019/06/aws-datasync-is-now-soc-compliant/ Topic || Compute Amazon EC2 announces Host Recovery | https://aws.amazon.com/about-aws/whats-new/2019/06/amazon-ec2-announces-host-recovery/ Enable EC2 Hibernation Without Specifying Encryption Intent at Every Instance Launch | https://aws.amazon.com/about-aws/whats-new/2019/05/enable-ec2-hibernation-without-specifying-encryption-intent/ AWS Step Functions Adds Support for Callback Patterns in Workflows | https://aws.amazon.com/about-aws/ whats-new/2019/05/aws-step-functions-support-callback-patterns/ Amazon ECS Support for Windows Server 2019 Containers is Generally Available | https://aws.amazon.com/about-aws/whats-new/2019/06/amazon-ecs-support-windows-server-2019-containers-generally-available/ Amazon ECS Improves ENI Density Limits for awsvpc Networking Mode | https://aws.amazon.com/about-aws/whats-new/2019/06/Amazon-ECS-Improves-ENI-Density-Limits-for-awsvpc-Networking-Mode/ Serverless Image Handler Now Leverages Sharp and Provides Smart Cropping with Amazon Rekognition | https://aws.amazon.com/about-aws/whats-new/2019/06/serverless-image-handler-now-leverages-sharp-and-provides-smart-cropping-with-amazon-rekognition/ Topic || Databases Amazon Aurora Serverless MySQL 5.6 Now Supports Data API | https://aws.amazon.com/about-aws/whats-new/2019/05/amazon_aurora_serverless_mysql_5_6_now_supportsdataapi/ Amazon RDS Recommendations Provide Best Practice Guidance for Amazon Aurora | https://aws.amazon.com/about-aws/whats-new/2019/05/amazon-rds-recommendations-provide-best-practice-guidance-for-amazon-aurora/ Amazon Aurora with PostgreSQL Compatibility Supports PostgreSQL 10.7 | https://aws.amazon.com/about-aws/whats-new/2019/05/amazon-aurora-with-postgresql-compatibility-supports-postgresql-107/ Amazon Aurora with PostgreSQL Compatibility Supports Database Activity Streams For Real-time Monitoring | https://aws.amazon.com/about-aws/whats-new/2019/05/amazon-aurora-with-postgresql-compatibility-supports-database-activity-streams/ Amazon RDS for SQL Server Increases the Database Limit Per Database Instance up to 100 | https://aws.amazon.com/about-aws/whats-new/2019/05/amazon_rds_for_sql_server_increases/ Amazon RDS for SQL Server Now Supports Always On Availability Groups for SQL Server 2017 | https://aws.amazon.com/about-aws/whats-new/2019/05/amazon-rds-for-sql-server-now-supports-always-on-availability-groups-for-sql-server-2017/ Amazon RDS for SQL Server now Supports Multi-File Native Restores | https://aws.amazon.com/about-aws/whats-new/2019/06/amazon-rds-for-sql-server-now-supports-multi-file-native-restores/ Amazon DocumentDB (with MongoDB compatibility) is now SOC 1, 2, and 3 compliant | https://aws.amazon.com/about-aws/whats-new/2019/05/amazon-documentdb-now-soc-1-2-3-compliant/ Amazon DynamoDB adaptive capacity is now instant | https://aws.amazon.com/about-aws/whats-new/2019/05/amazon-dynamodb-adaptive-capacity-is-now-instant/ Amazon ElastiCache for Redis improves cluster availability during planned maintenance | https://aws.amazon.com/about-aws/whats-new/2019/05/amazon_elasticache_for_redis_improves_cluster_availability/ Amazon ElastiCache for Redis launches self-service updates | https://aws.amazon.com/about-aws/whats-new/2019/06/elasticache-self-service-updates/ Topic || Developer Tools Amplify Framework Adds Support for AWS Lambda Functions and Amazon DynamoDB Custom Indexes in GraphQL Schemas | https://aws.amazon.com/about-aws/whats-new/2019/05/amplify-framework-adds-support-for-aws-lambda-as-a-data-source-and-custom-indexes-for-amazon-dynamodb-in-graphql-schema/ AWS CodeCommit Now Supports Including Application Code When Creating a Repository with AWS CloudFormation | https://aws.amazon.com/about-aws/whats-new/2019/05/aws-codecommit-now-supports-the-ability-to-make-an-initial-commit/ Topic || Analytics Amazon Managed Streaming for Apache Kafka (Amazon MSK) is now Generally Available | https://aws.amazon.com/about-aws/whats-new/2019/05/amazon_managed_streaming_for_apache_kafka_amazon_msk_is_now_generally_available/ Amazon Elasticsearch Service Is Now SOC Compliant | https://aws.amazon.com/about-aws/whats-new/2019/05/amazon-elasticsearch-service-now-soc-compliant/ Amazon Elasticsearch Service announces support for Elasticsearch 6.7 | https://aws.amazon.com/about-aws/whats-new/2019/06/amazon-elasticsearch-service-announces-support-for-elasticsearch-67/ AWS Glue now provides an VPC interface endpoint | https://aws.amazon.com/about-aws/whats-new/2019/06/aws_glue_now_provides_vpc_interface_endpoint/ AWS Glue supports scripts that are compatible with Python 3.6 in Python shell jobs | https://aws.amazon.com/about-aws/whats-new/2019/06/aws_glue_supportscripts/ Topic || IoT AWS IoT Things Graph Now Generally Available | https://aws.amazon.com/about-aws/whats-new/2019/05/aws-iot-things-graph-now-generally-available/ AWS IoT Events is now generally available | https://aws.amazon.com/about-aws/whats-new/2019/05/aws-iot-events-now-generally-available/ AWS IoT Device Tester v1.2 is Now Available for Amazon FreeRTOS v1.4.8 | https://aws.amazon.com/about-aws/whats-new/2019/05/aws-iot-device-tester-v120-now-available-amazon-freertos-v148/ AWS IoT Analytics Now Supports Channel and Data Stores in Your Own Amazon S3 Buckets | https://aws.amazon.com/about-aws/whats-new/2019/05/aws-iot-analytics-now-supports-channel-and-data-stores-in-your-o/ Topic || End User Computing Announcing Amazon WorkLink support for Additional Website Authorization Providers | https://aws.amazon.com/about-aws/whats-new/2019/05/announcing-amazon-workLink-support-for-additional-website-authorization-providers/ Amazon AppStream 2.0 launches three self-guided workshops to build online trials and SaaS solutions – Amazon Web Services | https://aws.amazon.com/about-aws/whats-new/2019/06/amazon-appstream2-launches-three-self-guided-workshops-to-build-online-trials-and-saas-solutions/ Amazon Chime Voice Connector now supports United States Toll-Free Numbers | https://aws.amazon.com/about-aws/whats-new/2019/05/amazon-chime-voice-connector-now-supports-us-toll-free-numbers/ Topic || Machine Learning Introducing Fraud Detection Using Machine Learning | https://aws.amazon.com/about-aws/whats-new/2019/05/introducing-fraud-detection-using-machine-learning/ Amazon Textract - Now Generally Available | https://aws.amazon.com/about-aws/whats-new/2019/05/amazon-textract-now-generally-available/ Amazon Transcribe now supports speech-to-text in Modern Standard Arabic | https://aws.amazon.com/about-aws/whats-new/2019/05/amazon-transcribe-now-supports-speech-to-text-in-modern-standard-arabic/ Topic || Robotics AWS RoboMaker now supports over-the-air deployment job cancellation | https://aws.amazon.com/about-aws/whats-new/2019/05/aws-robomaker-supports-over-the-air-deployment-job-cancellation/ Topic || Application Integration Amazon API Gateway Now Supports Tag-Based Access Control and Tags on Additional Resources | https://aws.amazon.com/about-aws/whats-new/2019/05/amazon-api-gateway-now-supports-tag-based-access-control-tags-additional-resources/ Amazon API Gateway Now Supports VPC Endpoint Policies | https://aws.amazon.com/about-aws/whats-new/2019/06/amazon-api-gateway-supports-vpc-endpoint-policies/ Topic || Management and Governance Introducing AWS Systems Manager OpsCenter to enable faster issue resolution | https://aws.amazon.com/about-aws/whats-new/2019/06/introducing-aws-systems-manager-opscenter-to-enable-faster-issue-resolution/ AWS Budgets now Supports Variable Budget Targets for Monthly and Quarterly Cost and Usage Budgets | https://aws.amazon.com/about-aws/whats-new/2019/05/aws-budgets-support-for-variable-budget-targets-for-cost-and-usage-budgets/ CloudWatch Logs adds support for percentiles in metric filters | https://aws.amazon.com/about-aws/whats-new/2019/05/cloudwatch-logs-adds-support-for-percentiles-in-metric-filters/ Announcing Tag-Based Access Control for AWS CloudFormation | https://aws.amazon.com/about-aws/whats-new/2019/05/announcing-tag-based-access-control-for-aws-cloudformation/ AWS Organizations Now Supports Tagging and Untagging of AWS Accounts | https://aws.amazon.com/about-aws/whats-new/2019/06/aws-organizations-now-supports-tagging-and-untagging-of-aws-acco/ AWS Well-Architected Tool Now Supports 8x More Text in the Notes Field | https://aws.amazon.com/about-aws/whats-new/2019/06/aws-well-architected-tool-now-supports-8x-more-text-in-notes-field/ Topic || Customer Engagement Amazon Pinpoint now includes support for AWS CloudFormation | https://aws.amazon.com/about-aws/whats-new/2019/06/amazon-pinpoint-now-includes-support-for-aws-cloudformation/ Amazon Connect Adds Additional Telephony Metadata | https://aws.amazon.com/about-aws/whats-new/2019/05/amazon-connect-adds-additional-telephony-metadata/ Amazon Connect Decreases US Telephony Pricing by 26% in the US East (N. Virginia) and US West (Oregon) regions | https://aws.amazon.com/about-aws/whats-new/2019/05/amazon-connect-decreases-US-telephony-pricing-by-26-percent-in-the-US-east-N-Virginia-and-US-West-Oregon-regions/ Topic || Security Amazon GuardDuty is Now SOC Compliant | https://aws.amazon.com/about-aws/whats-new/2019/05/amazon-guardduty-now-soc-compliant/ AWS Encryption SDK for C is now available | https://aws.amazon.com/about-aws/whats-new/2019/05/aws-encryption-sdk-for-c-now-available/ Amazon Inspector adds CIS Benchmark support for Amazon Linux 2 | https://aws.amazon.com/about-aws/whats-new/2019/06/amazon-inspector-adds-cis-benchmark-support-for-amazon-linux-2/ Topic || Training and Certification Announcing New and Updated Exam Readiness Courses for AWS Certifications | https://aws.amazon.com/about-aws/whats-new/2019/05/announcing-new-and-updated-exam-readiness-courses-for-aws-certifications/ Topic || Quick Starts New Quick Start deploys a modular architecture for Amazon Aurora PostgreSQL | https://aws.amazon.com/about-aws/whats-new/2019/05/new-quick-start-deploys-modular-aurora-postgresql-architecture-on-aws/ Topic || AWS Marketplace AWS Marketplace enables long term contracts for AMI products | https://aws.amazon.com/about-aws/whats-new/2019/05/aws-marketplace-enables-long-term-contracts-for-ami-products/
Simon hosts an update show with lots of great new features and capabilities! Chapters: Developer Tools 0:26 Storage 3:02 Compute 5:10 Database 10:31 Networking 13:41 Analytics 16:38 IoT 18:23 End User Computing 20:19 Machine Learning 21:12 Application Integration 24:02 Management and Governance 24:23 Migration 26:05 Security 26:56 Training and Certification 29:57 Blockchain 30:27 Quickstarts 31:06 Shownotes: Topic || Developer Tools Announcing AWS X-Ray Analytics – An Interactive approach to Trace Analysis | https://aws.amazon.com/about-aws/whats-new/2019/04/aws_x_ray_interactive_approach_analyze_traces/ Quickly Search for Resources across Services in the AWS Developer Tools Console | https://aws.amazon.com/about-aws/whats-new/2019/05/search-resources-across-services-developer-tools-console/ AWS Amplify Console adds support for Incoming Webhooks | https://aws.amazon.com/about-aws/whats-new/2019/05/aws-amplify-console-adds-support-for-incoming-webhooks/ AWS Amplify launches an online community for fullstack serverless app developers | https://aws.amazon.com/about-aws/whats-new/2019/04/aws-amplify-launches-an-online-community-for-fullstack-serverless-app-developers/ AWS AppSync Now Enables More Visibility into Performance and Health of GraphQL Operations | https://aws.amazon.com/about-aws/whats-new/2019/05/aws-appsync-now-enables-more-visibility-into-performance-and-hea/ AWS AppSync Now Supports Configuring Multiple Authorization Types for GraphQL APIs | https://aws.amazon.com/about-aws/whats-new/2019/05/aws-appsync-now-supports-configuring-multiple-authorization-type/ Topic || Storage Amazon S3 Introduces S3 Batch Operations for Object Management | https://aws.amazon.com/about-aws/whats-new/2019/04/Amazon-S3-Introduces-S3-Batch-Operations-for-Object-Management/ AWS Snowball Edge adds block storage – Amazon Web Services | https://aws.amazon.com/about-aws/whats-new/2019/04/aws-snowball-edge-adds-block-storage-for-edge-computing-workload/ Amazon FSx for Windows File Server Adds Support for File System Monitoring with Amazon CloudWatch | https://aws.amazon.com/about-aws/whats-new/2019/05/amazon-fsx-for-windows-file-server-adds-support-for-cloudwatch/ AWS Storage Gateway enhances access control for SMB shares to store and access objects in Amazon S3 buckets | https://aws.amazon.com/about-aws/whats-new/2019/05/AWS-Storage-Gateway-enhances-access-control-for-SMB-shares-to-access-objects-in-Amazon-s3/ Topic || Compute AWS Lambda adds support for Node.js v10 | https://aws.amazon.com/about-aws/whats-new/2019/05/aws_lambda_adds_support_for_node_js_v10/ AWS Serverless Application Model (SAM) supports IAM permissions and custom responses for Amazon API Gateway | https://aws.amazon.com/about-aws/whats-new/2019/aws_serverless_application_Model_support_IAM/ AWS Step Functions Adds Support for Workflow Execution Events | https://aws.amazon.com/about-aws/whats-new/2019/05/aws-step-functions-adds-support-for-workflow-execution-events/ Amazon EC2 I3en instances, offering up to 60 TB of NVMe SSD instance storage, are now generally available | https://aws.amazon.com/about-aws/whats-new/2019/05/amazon-ec2-i3en-instances-are-now-generally-available/ Now Create Amazon EC2 On-Demand Capacity Reservations Through AWS CloudFormation | https://aws.amazon.com/about-aws/whats-new/2019/04/now-create-amazon-ec2-on-demand-capacity-reservations-through-aws-cloudformation/ Share encrypted AMIs across accounts to launch instances in a single step | https://aws.amazon.com/about-aws/whats-new/2019/05/share-encrypted-amis-across-accounts-to-launch-instances-in-a-single-step/ Launch encrypted EBS backed EC2 instances from unencrypted AMIs in a single step | https://aws.amazon.com/about-aws/whats-new/2019/05/launch-encrypted-ebs-backed-ec2-instances-from-unencrypted-amis-in-a-single-step/ Amazon EKS Releases Deep Learning Benchmarking Utility | https://aws.amazon.com/about-aws/whats-new/2019/05/-amazon-eks-releases-deep-learning-benchmarking-utility-/ Amazon EKS Adds Support for Public IP Addresses Within Cluster VPCs | https://aws.amazon.com/about-aws/whats-new/2019/05/amazon-eks-adds-support-for-public-ip-addresses-within-cluster-v/ Amazon EKS Simplifies Kubernetes Cluster Authentication | https://aws.amazon.com/about-aws/whats-new/2019/05/amazon-eks-simplifies-kubernetes-cluster-authentication/ Amazon ECS Console support for ECS-optimized Amazon Linux 2 AMI and Amazon EC2 A1 instance family now available | https://aws.amazon.com/about-aws/whats-new/2019/05/amazon-ecs-console-support-for-ecs-optimized-amazon-linux-2-ami-/ AWS Fargate PV1.3 now supports the Splunk log driver | https://aws.amazon.com/about-aws/whats-new/2019/05/aws-fargate-pv1-3-now-supports-the-splunk-log-driver/ Topic || Databases Amazon Aurora Serverless Supports Capacity of 1 Unit and a New Scaling Option | https://aws.amazon.com/about-aws/whats-new/2019/04/amazon_aurora_serverless_now_supports_a_minimum_capacity_of_1_unit_and_a_new_scaling_option/ Aurora Global Database Expands Availability to 14 AWS Regions | https://aws.amazon.com/about-aws/whats-new/2019/05/Aurora_Global_Database_Expands_Availability_to_14_AWS_Regions/ Amazon DocumentDB (with MongoDB compatibility) now supports per-second billing | https://aws.amazon.com/about-aws/whats-new/2019/05/amazon-documentdb-now-supports-per-second-billing/ Performance Insights is Generally Available on Amazon Aurora MySQL 5.7 | https://aws.amazon.com/about-aws/whats-new/2019/05/Performance-Insights-GA-Aurora-MySQL-57/ Performance Insights Supports Counter Metrics on Amazon RDS for Oracle | https://aws.amazon.com/about-aws/whats-new/2019/05/performance-insights-countermetrics-on-oracle/ Performance Insights Supports Amazon Aurora Global Database | https://aws.amazon.com/about-aws/whats-new/2019/05/performance-insights-global-datatabase/ Amazon ElastiCache for Redis adds support for Redis 5.0.4 | https://aws.amazon.com/about-aws/whats-new/2019/05/elasticache-redis-5-0-4/ Amazon RDS for MySQL Supports Password Validation | https://aws.amazon.com/about-aws/whats-new/2019/05/amazon-rds-for-mysql-supports-password-validation/ Amazon RDS for PostgreSQL Supports New Minor Versions 11.2, 10.7, 9.6.12, 9.5.16, and 9.4.21 | https://aws.amazon.com/about-aws/whats-new/2019/05/amazon-rds-postgresql-supports-minor-version-112/ Amazon RDS for Oracle now supports April Oracle Patch Set Updates (PSU) and Release Updates (RU) | https://aws.amazon.com/about-aws/whats-new/2019/05/amazon-rds-for-oracle-now-supports-april-oracle-patch-set-updates-psu-and-release-updates-ru/ Topic || Networking Elastic Fabric Adapter Is Now Generally Available | https://aws.amazon.com/about-aws/whats-new/2019/04/elastic-fabric-adapter-is-now-generally-available/ Migrate Your AWS Site-to-Site VPN Connections from a Virtual Private Gateway to an AWS Transit Gateway | https://aws.amazon.com/about-aws/whats-new/2019/04/migrate-your-aws-site-to-site-vpn-connections-from-a-virtual-private-gateway-to-an-aws-transit-gateway/ Announcing AWS Direct Connect Support for AWS Transit Gateway | https://aws.amazon.com/about-aws/whats-new/2019/04/announcing-aws-direct-connect-support-for-aws-transit-gateway/ Amazon CloudFront announces 11 new Edge locations in India, Japan, and the United States | https://aws.amazon.com/about-aws/whats-new/2019/05/cloudfront-11locations-7may2019/ Amazon VPC Endpoints Now Support Tagging for Gateway Endpoints, Interface Endpoints, and Endpoint Services | https://aws.amazon.com/about-aws/whats-new/2019/05/amazon-vpc-endpoints-now-support-tagging-for-gateway-endpoints-interface-endpoints-and-endpoint-services/ Topic || Analytics Amazon EMR announces Support for Multiple Master nodes to enable High Availability for EMR applications | https://aws.amazon.com/about-aws/whats-new/2019/04/amazon-emr-announces-support-for-multiple-master-nodes-to-enable-high-availability-for-EMR-applications/ Amazon EMR now supports Multiple Master nodes to enable High Availability for HBase clusters | https://aws.amazon.com/about-aws/whats-new/2019/05/amazon-emr-now-supports-multiple-master-nodes-to-enable-high-availability-for-hbase-clusters/ Amazon EMR announces Support for Reconfiguring Applications on Running EMR Clusters | https://aws.amazon.com/about-aws/whats-new/2019/05/amazon-emr-announces-support-for-reconfiguring-applications-on-running-emr-clusters/ Amazon Kinesis Data Analytics now allows you to assign AWS resource tags to your real-time applications | https://aws.amazon.com/about-aws/whats-new/2019/05/amazon_kinesis_data_analytics_now_allows_you_to_assign_aws_resource_tags_to_your_real_time_applications/ AWS Glue crawlers now support existing Data Catalog tables as sources | https://aws.amazon.com/about-aws/whats-new/2019/05/aws-glue-crawlers-now-support-existing-data-catalog-tables-as-sources/ Topic || IoT AWS IoT Analytics Now Supports Faster SQL Data Set Refresh Intervals | https://aws.amazon.com/about-aws/whats-new/2019/04/aws-iot-analytics-now-supports-faster-sql-data-set-refresh-intervals/ AWS IoT Greengrass Adds Support for Python 3.7, Node v8.10.0, and Expands Support for Elliptic-Curve Cryptography | https://aws.amazon.com/about-aws/whats-new/2019/04/aws-iot-greengrass-adds-support-python-3-7-node-v-8-10-0-and-expands-support-elliptic-curve-cryptography/ AWS Releases Additional Preconfigured Examples for FreeRTOS on Armv8-M | https://aws.amazon.com/about-aws/whats-new/2019/05/aws-releases-additional-freertos-preconfigured-examples-armv8m/ AWS IoT Device Defender supports monitoring behavior of unregistered devices | https://aws.amazon.com/about-aws/whats-new/2019/05/aws-iot-device-defender-supports-monitoring-behavior-of-unregistered-devices/ AWS IoT Analytics Now Supports Data Set Content Delivery to Amazon S3 | https://aws.amazon.com/about-aws/whats-new/2019/05/aws-iot-analytics-now-supports-data-set-content-delivery-to-amaz/ Topic || End User Computing Amazon AppStream 2.0 adds configurable timeouts for idle sessions | https://aws.amazon.com/about-aws/whats-new/2019/05/amazon-appstream-2-0-adds-configurable-timeouts-for-idle-session/ Monitor Emails in Your Workmail Organization Using Cloudwatch Metrics and Logs | https://aws.amazon.com/about-aws/whats-new/2019/05/monitor-emails-in-your-workmail-organization-using-cloudwatch-me/ You can now use custom chat bots with Amazon Chime | https://aws.amazon.com/about-aws/whats-new/2019/05/you-can-now-use-custom-chat-bots-with-amazon-chime/ Topic || Machine Learning Developers, start your engines! The AWS DeepRacer Virtual League kicks off today. | https://aws.amazon.com/about-aws/whats-new/2019/04/AWSDeepRacerVirtualLeague/ Amazon SageMaker announces new features to the built-in Object2Vec algorithm | https://aws.amazon.com/about-aws/whats-new/2019/05/amazon-sagemaker-announces-new-features-to-the-built-in-object2v/ Amazon SageMaker Ground Truth Now Supports Automated Email Notifications for Manual Data Labeling | https://aws.amazon.com/about-aws/whats-new/2019/05/amazon-sagemaker-ground-truth-now-supports-automated-email-notif/ Amazon Translate Adds Support for Hindi, Farsi, Malay, and Norwegian | https://aws.amazon.com/about-aws/whats-new/2019/05/amazon_translate_support_hindi_farsi_malay_norwegian/ Amazon Transcribe now supports Hindi and Indian-accented English | https://aws.amazon.com/about-aws/whats-new/2019/05/amazon-transcribe-supports-hindi-indian-accented-english/ Amazon Comprehend batch jobs now supports Amazon Virtual Private Cloud | https://aws.amazon.com/about-aws/whats-new/2019/05/amazon-comprehend-batch-jobs-now-supports-amazon-virtual-private-cloud/ New in AWS Deep Learning AMIs: PyTorch 1.1, Chainer 5.4, and CUDA 10 support for MXNet | https://aws.amazon.com/about-aws/whats-new/2019/05/new-in-aws-deep-learning-amis-pytorch-1-1-chainer-5-4-cuda10-for-mxnet/ Topic || Application Integration Amazon MQ Now Supports Resource-Level and Tag-Based Permissions | https://aws.amazon.com/about-aws/whats-new/2019/04/amazon-mq-now-supports-resource-level-and-tag-based-permissions/ Amazon SNS Adds Support for Cost Allocation Tags | https://aws.amazon.com/about-aws/whats-new/2019/05/amazon-sns-adds-support-for-cost-allocation-tags/ Topic || Management and Governance Reservation Expiration Alerts Now Available in AWS Cost Explorer | https://aws.amazon.com/about-aws/whats-new/2019/05/reservation-expiration-alerts-now-available-in-aws-cost-explorer/ AWS Systems Manager Patch Manager Supports Microsoft Application Patching | https://aws.amazon.com/about-aws/whats-new/2019/05/aws-systems-manager-patch-manager-supports-microsoft-application-patching/ AWS OpsWorks for Chef Automate now supports Chef Automate 2 | https://aws.amazon.com/about-aws/whats-new/2019/05/aws-opsworks-for-chef-automate-now-supports-chef-automate-2/ AWS Service Catalog Connector for ServiceNow supports CloudFormation StackSets | https://aws.amazon.com/about-aws/whats-new/2019/05/service-catalog-servicenow-connector-now-supports-stacksets/ Topic || Migration AWS Migration Hub EC2 Recommendations | https://aws.amazon.com/about-aws/whats-new/2019/05/aws-migration-hub-ec2-recommendations/ Topic || Security Amazon GuardDuty Adds Two New Threat Detections | https://aws.amazon.com/about-aws/whats-new/2019/05/amazon-guardduty-adds-two-new-threat-detections/ AWS Security Token Service (STS) now supports enabling the global STS endpoint to issue session tokens compatible with all AWS Regions | https://aws.amazon.com/about-aws/whats-new/2019/04/aws-security-token-service-sts-now-supports-enabling-the-global-sts-endpoint-to-issue-session-tokens-compatible-with-all-aws-regions/ AWS WAF Security Automations Now Supports Log Analysis | https://aws.amazon.com/about-aws/whats-new/2019/04/aws-waf-security-automations-now-supports-log-analysis/ AWS Certificate Manager Private Certificate Authority Increases Certificate Limit To One Million | https://aws.amazon.com/about-aws/whats-new/2019/04/aws-certificate-manager-private-certificate-authority-increases-certificate-limit-to-one-million/ Amazon Cognito launches enhanced user password reset API for administrators | https://aws.amazon.com/about-aws/whats-new/2019/05/amazon-cognito-launches-enhanced-user-password-reset-api-for-administrators/ AWS Secrets Manager supports more client-side caching libraries to improve secrets availability and reduce cost | https://aws.amazon.com/about-aws/whats-new/2019/05/Secrets-Manager-Client-Side-Caching-Libraries-in-Python-NET-Go/ Create fine-grained session permissions using AWS Identity and Access Management (IAM) managed policies | https://aws.amazon.com/about-aws/whats-new/2019/05/session-permissions/ Topic || Training and Certification New VMware Cloud on AWS Navigate Track | https://aws.amazon.com/about-aws/whats-new/2019/04/vmware-navigate-track/ Topic || Blockchain Amazon Managed Blockchain What's New | https://aws.amazon.com/about-aws/whats-new/2019/04/introducing-amazon-managed-blockchain/ Topic || Quick Starts New Quick Start deploys SAP S/4HANA on AWS | https://aws.amazon.com/about-aws/whats-new/2019/05/new-quick-start-deploys-sap-s4-hana-on-aws/
stdout.fm 30번째 로그에서는 깃헙 레지스트리, 에저 클라우드 장애, 클라우드 서비스 일본 리전오픈 등에 대해서 이야기를 나눴습니다. 참가자: @seapy, @nacyo_t, @raccoonyy 도서출판 인사이트 – 프로그래밍, IT 관련 서적을 발간합니다. 깃허브 패키지 레지스트리(Github Package Registry) 베타 발표 | 44bits.io npm | the ❤ of the modern development community RubyGems.org | your community gem host Sponsors | RubyGems.org | your community gem host Rubygems.org AWS bill for Feb 2014 | Hacker News Clarify and make more prominent the role of the RubyGems partnership #5 | GitHub Docker Hub Docker Enterprise | Docker Documentation 쿠팡 - 업무와 일상을 정리하는 새로운 방법 Notion Notion on Twitter: “@brendantnorris We’re definitely thinking about an API, but …” / Twitter Coupang Partners Amazon DocumentDB(MongoDB 호환), 이제 R5 인스턴스를 통해 아시아 태평양(도쿄) 및 아시아 태평양(서울) 리전에서 사용 가능 Amazon DocumentDB (with MongoDB compatibility) now supports per-second billing Amazon EC2 R5 Instances - memory intensive compute workloads AWS Lambda adds support for Node.js v10 Amazon Linux 2 Amazon ECS-optimized AMIs - Amazon Elastic Container Service F8 2019 Day 1 Keynote F8 2019 Day 2 Keynote Mark Zuckerberg’s Awkward Privacy Joke at Facebook’s F8 Conference - YouTube GCP is building its second Japanese region in Osaka | Google Cloud Blog 딥러닝 추천 시스템 in production – 당근마켓 팀블로그 – Medium Azure 상태 기록 | Microsoft Azure Microsoft 365 (일본어) Microsoft Azure、DNS 설정 변경 실패로 전세계 서비스 장애. 일본 황금 연휴 기간 중, 불행중 다행인가?- Publickey Amazon Aurora 글로벌 데이터베이스 (일본어) Oracle Cloud 도쿄 리전 개설. 오늘부터 가동 개시. 6개월 이내에 오사카 리전도 개설 예정- Publickey Osaka Bang! (Eng sub) - YouTube 삼성전자 뉴스룸(Samsung Korea Newsroom) - 삼성전자 대표 소통 채널 오라클 데이터베이스 | 오라클 서버 | Amazon Web Services Canalys Newsroom- Cloud market share Q4 2018 and full year 2018 넷플릭스 콘텐츠 추천의 비결 ‘태거(Tagger)’ - Chosunbiz > 테크 > ICT/미디어 Tag cloud - Wikipedia stdout.fm : 오디오클립 Official Google Webmaster Central Blog: The new evergreen Googlebot Google 검색에서의 렌더링 이해 | 검색 | Google Developers 당근마켓 팀 toss, design, system. “toss, design, system.” - Google Search Introducing Serverless Pre-Rendering (SPR) - ZEIT kjk/notionapi: Unofficial Go API for Notion.so 만들면서 배우는 AWS VPC 입문: 아마존 웹 서비스 네트워크의 기초 | 44bits.io Scrivener | Literature & Latte I wasn’t a programmer, but I created Scrivener – Francesco Cordella – Medium 시나리오 2: 퍼블릭 서브넷과 프라이빗 서브넷이 있는 VPC(NAT) - Amazon Virtual Private Cloud TeX - Wikipedia How Emacs changed my life
Simon and Nicki cover almost 100 updates! Check out the chapter timings to see where things of interest to you might be. Infrastructure 00:42 Storage 1:17 Databases 4:14 Analytics 8:28 Compute 9:52 IoT 15:17 End User Computing 17:40 Machine Learning 19:10 Networking 21:57 Developer Tools 23:21 Application Integration 25:42 Game Tech 26:29 Media 27:37 Management and Governance 28:11 Robotics 30:35 Security 31:30 Solutions 32:40 Topic || Infrastructure In the Works – AWS Region in Indonesia | https://aws.amazon.com/blogs/aws/in-the-works-aws-region-in-indonesia/ Topic || Storage New Amazon S3 Storage Class – Glacier Deep Archive | https://aws.amazon.com/blogs/aws/new-amazon-s3-storage-class-glacier-deep-archive/ File Gateway Supports Amazon S3 Object Lock - Amazon Web Services | https://aws.amazon.com/about-aws/whats-new/2019/03/file-gateway-supports-amazon-s3-object-lock/ AWS Storage Gateway Tape Gateway Deep Archive | https://aws.amazon.com/about-aws/whats-new/2019/03/aws-storage-gateway-service-integrates-tape-gateway-with-amazon-s3-glacier-deeparchive-storage-class/ AWS Transfer for SFTP supports AWS Privatelink – Amazon Web Services | https://aws.amazon.com/about-aws/whats-new/2019/03/aws-transfer-for-sftp-now-supports-aws-privatelink/ Amazon FSx for Lustre Now Supports Access from Amazon Linux | https://aws.amazon.com/about-aws/whats-new/2019/03/amazon-fsx-for-lustre-now-supports-access-from-amazon-linux/ AWS introduces CSI Drivers for Amazon EFS and Amazon FSx for Lustre | https://aws.amazon.com/about-aws/whats-new/2019/04/aws-introduces-csi-drivers-for-amazon-efs-and-amazon-fsx-for-lus/ Topic || Databases Amazon DynamoDB drops the price of global tables by eliminating associated charges for DynamoDB Streams | https://aws.amazon.com/about-aws/whats-new/2019/04/amazon-dynamodb-drops-the-price-of-global-tables-by-eliminating-associated-charges-for-dynamodb-streams/ Amazon ElastiCache for Redis 5.0.3 enhances I/O handling to boost performance | https://aws.amazon.com/about-aws/whats-new/2019/03/amazon-elasticache-for-redis-503-enhances-io-handling-to-boost-performance/ Amazon Redshift announces Concurrency Scaling: Consistently fast performance during bursts of user activity | https://aws.amazon.com/about-aws/whats-new/2019/03/AmazonRedshift-ConcurrencyScaling/ Performance Insights is Generally Available on Amazon RDS for MariaDB | https://aws.amazon.com/about-aws/whats-new/2019/03/performance-insights-is-generally-available-for-mariadb/ Amazon RDS adds support for MySQL Versions 5.7.25, 5.7.24, and MariaDB Version 10.2.21 | https://aws.amazon.com/about-aws/whats-new/2019/03/amazon-rds-mysql-minor-5725-5725-and-mariadb-10221/ Amazon Aurora with MySQL 5.7 Compatibility Supports GTID-Based Replication | https://aws.amazon.com/about-aws/whats-new/2019/03/amazon-aurora-with-mysql-5-7-compatibility-supports-gtid-based-replication/ PostgreSQL 11 now Supported in Amazon RDS | https://aws.amazon.com/about-aws/whats-new/2019/03/postgresql11-now-supported-in-amazon-rds/ Amazon Aurora with PostgreSQL Compatibility Supports Logical Replication | https://aws.amazon.com/about-aws/whats-new/2019/03/amazon-aurora-with-postgresql-compatibility-supports-logical-replication/ Restore an Encrypted Amazon Aurora PostgreSQL Database from an Unencrypted Snapshot | https://aws.amazon.com/about-aws/whats-new/2019/03/restore-an-encrypted-aurora-postgresql-database-from-an-unencrypted-snapshot/ Amazon RDS for Oracle Now Supports In-region Read Replicas with Active Data Guard for Read Scalability and Availability | https://aws.amazon.com/about-aws/whats-new/2019/03/Amazon-RDS-for-Oracle-Now-Supports-In-region-Read-Replicas-with-Active-Data-Guard-for-Read-Scalability-and-Availability/ AWS Schema Conversion Tool Adds Support for Migrating Oracle ETL Jobs to AWS Glue | https://aws.amazon.com/about-aws/whats-new/2019/03/aws-schema-conversion-tool-adds-support-for-migrating-oracle-etl/ AWS Schema Conversion Tool Adds New Conversion Features | https://aws.amazon.com/about-aws/whats-new/2019/03/aws-sct-adds-support-for-new-endpoints/ Amazon Neptune Announces 99.9% Service Level Agreement | https://aws.amazon.com/about-aws/whats-new/2019/03/amazon-neptune-announces-service-level-agreement/ Topic || Analytics Amazon QuickSight Announces General Availability of ML Insights | https://aws.amazon.com/about-aws/whats-new/2019/03/amazon_quicksight_announced_general_availability_of_mL_insights/ AWS Glue enables running Apache Spark SQL queries | https://aws.amazon.com/about-aws/whats-new/2019/03/aws-glue-enables-running-apache-spark-sql-queries/ AWS Glue now supports resource tagging | https://aws.amazon.com/about-aws/whats-new/2019/03/aws-glue-now-supports-resource-tagging/ Amazon Kinesis Data Analytics Supports AWS CloudTrail Logging | https://aws.amazon.com/about-aws/whats-new/2019/03/amazon-kinesis-data-analytics-supports-aws-cloudtrail-logging/ Tag-on Create and Tag-Based IAM Application for Amazon Kinesis Data Firehose | https://aws.amazon.com/about-aws/whats-new/2019/03/tag-on-create-and-tag-based-iam-application-for-amazon-kinesis-data-firehose/ Topic || Compute Amazon EKS Introduces Kubernetes API Server Endpoint Access Control | https://aws.amazon.com/about-aws/whats-new/2019/03/amazon-eks-introduces-kubernetes-api-server-endpoint-access-cont/ Amazon EKS Opens Public Preview of Windows Container Support | https://aws.amazon.com/about-aws/whats-new/2019/03/amazon-eks-opens-public-preview-of-windows-container-support/ Amazon EKS now supports Kubernetes version 1.12 and Cluster Version Updates Via CloudFormation | https://aws.amazon.com/about-aws/whats-new/2019/03/amazon-eks-now-supports-kubernetes-version-1-12-and-cluster-vers/ New Local Testing Tools Now Available for Amazon ECS | https://aws.amazon.com/about-aws/whats-new/2019/03/new-local-testing-tools-now-available-for-amazon-ecs/ AWS Fargate and Amazon ECS Support External Deployment Controllers for ECS Services | https://aws.amazon.com/about-aws/whats-new/2019/03/aws-fargate-and-amazon-ecs-support-external-deployment-controlle/ AWS Fargate PV1.3 adds secrets and enhanced container dependency management | https://aws.amazon.com/about-aws/whats-new/2019/04/aws-fargate-pv1-3-adds-secrets-and-enhanced-container-dependency/ AWS Event Fork Pipelines – Nested Applications for Event-Driven Serverless Architectures | https://aws.amazon.com/about-aws/whats-new/2019/03/introducing-aws-event-fork-pipelines-nested-applications-for-event-driven-serverless-architectures/ New Amazon EC2 M5ad and R5ad Featuring AMD EPYC Processors are Now Available | https://aws.amazon.com/about-aws/whats-new/2019/03/new-amazon-ec2-m5ad-and-r5ad-featuring-amd-epyc-processors-are-now-available/ Announcing the Ability to Pick the Time for Amazon EC2 Scheduled Events | https://aws.amazon.com/about-aws/whats-new/2019/03/announcing-the-ability-to-pick-the-time-for-amazon-ec2-scheduled-events/ Topic || IoT AWS IoT Analytics now supports Single Step Setup of IoT Analytics Resources | https://aws.amazon.com/about-aws/whats-new/2019/03/aws-iot-analytics-now-supports-single-step-setup-of-iot-analytic/ AWS IoT Greengrass Adds New Connector for AWS IoT Analytics, Support for AWS CloudFormation Templates, and Integration with Fleet Indexing | https://aws.amazon.com/about-aws/whats-new/2019/03/aws-iot-greengrass-adds-new-connector-aws-iot-analytics-support-aws-cloudformation-templates-integration-fleet-indexing/ AWS IoT Device Tester v1.1 is Now Available for AWS IoT Greengrass v1.8.0 | https://aws.amazon.com/about-aws/whats-new/2019/03/aws-iot-device-tester-now-available-aws-iot-greengrass-v180/ AWS IoT Core Now Supports HTTP REST APIs with X.509 Client Certificate-Based Authentication On Port 443 | https://aws.amazon.com/about-aws/whats-new/2019/03/aws-iot-core-now-supports-http-rest-apis-with-x509-client-certificate-based-authentication-on-port-443/ Generate Fleet Metrics with New Capabilities of AWS IoT Device Management | https://aws.amazon.com/about-aws/whats-new/2019/03/generate-fleet-metrics-with-new-capabilities-of-aws-iot-device-management/ Topic || End User Computing Amazon AppStream 2.0 Now Supports iPad and Android Tablets and Touch Gestures | https://aws.amazon.com/about-aws/whats-new/2019/03/amazon-appstream-2-0-now-supports-ipad-and-android-tablets-and-t/ Amazon WorkDocs Drive now supports offline content and offline search | https://aws.amazon.com/about-aws/whats-new/2019/03/amazon-workdocs-drive-now-supports-offline-content-and-offline-s/ Introducing Amazon Chime Business Calling | https://aws.amazon.com/about-aws/whats-new/2019/03/introducing-amazon-chime-business-calling/ Introducing Amazon Chime Voice Connector | https://aws.amazon.com/about-aws/whats-new/2019/03/introducing-amazon-chime-voice-connector/ Alexa for Business now lets you create Alexa skills for your organization using Skill Blueprints | https://aws.amazon.com/about-aws/whats-new/2019/03/alexa-for-business-now-lets-you-create-alexa-skills-for-your-org/ Topic || Machine Learning New AWS Deep Learning AMIs: Amazon Linux 2, TensorFlow 1.13.1, MXNet 1.4.0, and Chainer 5.3.0 | https://aws.amazon.com/about-aws/whats-new/2019/03/new-aws-deep-learning-amis-amazon-linux2-tensorflow-13-1-mxnet1-4-0-chainer5-3-0/ Introducing AWS Deep Learning Containers | https://aws.amazon.com/about-aws/whats-new/2019/03/introducing-aws-deep-learning-containers/ Amazon Transcribe now supports speech-to-text in German and Korean | https://aws.amazon.com/about-aws/whats-new/2019/03/amazon-transcribe-now-supports-speech-to-text-in-german-and-korean/ Amazon Transcribe enhances custom vocabulary with custom pronunciations and display forms | https://aws.amazon.com/about-aws/whats-new/2019/03/amazon-transcribe-enhances-custom-vocabulary-with-custom-pronunciations-and-display-forms/ Amazon Comprehend now supports AWS KMS Encryption | https://aws.amazon.com/about-aws/whats-new/2019/03/amazon-comprehend-now-supports-aws-kms-encryption/ New Setup Tool To Get Started Quickly with Amazon Elastic Inference | https://aws.amazon.com/about-aws/whats-new/2019/04/new-python-script-to-get-started-quickly-with-amazon-elastic-inference/ Topic || Networking Application Load Balancers now Support Advanced Request Routing | https://aws.amazon.com/about-aws/whats-new/2019/03/application-load-balancers-now-support-advanced-request-routing/ Announcing Multi-Account Support for Direct Connect Gateway | https://aws.amazon.com/about-aws/whats-new/2019/03/announcing-multi-account-support-for-direct-connect-gateway/ Topic || Developer Tools AWS App Mesh is now generally available | https://aws.amazon.com/about-aws/whats-new/2019/03/aws-app-mesh-is-now-generally-available/ The AWS Toolkit for IntelliJ is Now Generally Available | https://aws.amazon.com/about-aws/whats-new/2019/03/the-aws-toolkit-for-intellij-is-now-generally-available/ The AWS Toolkit for Visual Studio Code (Developer Preview) is Now Available for Download from in the Visual Studio Marketplace | https://aws.amazon.com/about-aws/whats-new/2019/03/the-aws-toolkit-for-visual-studio-code--developer-preview--is-now-available-for-download-from-vs-marketplace/ AWS Cloud9 announces support for Ubuntu development environments | https://aws.amazon.com/about-aws/whats-new/2019/04/aws-cloud9-announces-support-for-ubuntu-development-environments/ Amplify Framework Adds Enhancements to Authentication for iOS, Android, and React Native Developers | https://aws.amazon.com/about-aws/whats-new/2019/03/amplify-framework-adds-enhancements-to-authentication-for-ios-android-and-react-native-developers/ AWS CodePipeline Adds Action-Level Details to Pipeline Execution History | https://aws.amazon.com/about-aws/whats-new/2019/03/aws-codepipeline-adds-action-level-details-to-pipeline-execution-history/ Topic || Application Integration Amazon API Gateway Improves API Publishing and Adds Features to Enhance User Experience | https://aws.amazon.com/about-aws/whats-new/2019/03/amazon-api-gateway-improves-api-publishing-and-adds-features/ Topic || Game Tech AWS Whats New - Lumberyard Beta 118 - Amazon Web Services | https://aws.amazon.com/about-aws/whats-new/2019/03/over-190-updates-come-to-lumberyard-beta-118-available-now/ Amazon GameLift Realtime Servers Now in Preview | https://aws.amazon.com/about-aws/whats-new/2019/03/amazon-gamelift-realtime-servers-now-in-preview/ Topic || Media Services Detailed Job Progress Status and Server-Side S3 Encryption Now Available with AWS Elemental MediaConvert | https://aws.amazon.com/about-aws/whats-new/2019/03/detailed-job-progress-status-and-server-side-s3-encryption-now-available-with-aws-elemental-mediaconvert/ Introducing Live Streaming with Automated Multi-Language Subtitling | https://aws.amazon.com/about-aws/whats-new/2019/03/introducing-live-streaming-with-automated-multi-language-subtitling/ Video on Demand Now Leverages AWS Elemental MediaConvert QVBR Mode | https://aws.amazon.com/about-aws/whats-new/2019/04/video-on-demand-now-leverages-aws-elemental-mediaconvert-qvbr-mode/ Topic || Management and Governance Use AWS Config Rules to Remediate Noncompliant Resources | https://aws.amazon.com/about-aws/whats-new/2019/03/use-aws-config-to-remediate-noncompliant-resources/ AWS Config Now Supports Tagging of AWS Config Resources | https://aws.amazon.com/about-aws/whats-new/2019/03/aws-config-now-supports-tagging-of-aws-config-resources/ Now You Can Query Based on Resource Configuration Properties in AWS Config | https://aws.amazon.com/about-aws/whats-new/2019/03/now-you-can-query-based-on-resource-configuration-properties-in-aws-config/ AWS Config Adds Support for Amazon API Gateway | https://aws.amazon.com/about-aws/whats-new/2019/03/aws-config-adds-support-for-amazon-api-gateway/ Amazon Inspector adds support for Amazon EC2 A1 instances | https://aws.amazon.com/about-aws/whats-new/2019/03/amazon-inspector-adds-support-for-amazon-ec2-a1-instances/ Service control policies in AWS Organizations enable fine-grained permission controls | https://aws.amazon.com/about-aws/whats-new/2019/03/service-control-policies-enable-fine-grained-permission-controls/ You can now use resource level policies for Amazon CloudWatch Alarms | https://aws.amazon.com/about-aws/whats-new/2019/04/you-can-now-use-resource-level-permissions-for-amazon-cloudwatch/ Amazon CloudWatch Launches Search Expressions | https://aws.amazon.com/about-aws/whats-new/2019/04/amazon-cloudwatch-launches-search-expressions/ AWS Systems Manager Announces 99.9% Service Level Agreement | https://aws.amazon.com/about-aws/whats-new/2019/03/aws-systems-manager-announces-service-level-agreement/ Topic || Robotics AWS RoboMaker Announces 99.9% Service Level Agreement | https://aws.amazon.com/about-aws/whats-new/2019/03/aws-robomaker-announces-service-level-agreement/ AWS RoboMaker announces new build and bundle feature that makes it up to 10x faster to update a simulation job or a robot | https://aws.amazon.com/about-aws/whats-new/2019/03/robomaker-new-build-and-bundle/ Topic || Security Announcing the renewal command for AWS Certificate Manager | https://aws.amazon.com/about-aws/whats-new/2019/03/Announcing-the-renewal-command-for-AWS-Certificate-Manager/ AWS Key Management Service Increases API Requests Per Second Limits | https://aws.amazon.com/about-aws/whats-new/2019/03/aws-key-management-service-increases-api-requests-per-second-limits/ Announcing AWS Firewall Manager Support For AWS Shield Advanced | https://aws.amazon.com/about-aws/whats-new/2019/03/announcing-aws-firewall-manager-support-for-aws-shield-advanced/ Topic || Solutions New AWS SAP Navigate Track | https://aws.amazon.com/about-aws/whats-new/2019/03/sap-navigate-track/ Deploy Micro Focus PlateSpin Migrate on AWS with New Quick Start | https://aws.amazon.com/about-aws/whats-new/2019/03/deploy-micro-focus-platespin-migrate-on-aws-with-new-quick-start/
Simon and Nicki run through some interesting new AWS capabilities for customers as well as a look at the upcoming re:MARS conference (https://remars.amazon.com/). 0:29 - Databases 1:20 - Analytics 1:52 - Compute 3:22 - IoT 4:05 - Customer Engagement 5:07 - Networking 5:34 - Developer Tools 7:46 - Application Integration 8:20 - Game Tech 8:42 - Media Services 9:24 - Management and Governance 12:41 - re:MARS Topic || Databases Amazon DynamoDB adds support for switching encryption keys to encrypt your data at rest | https://aws.amazon.com/about-aws/whats-new/2019/02/amazon-dynamodb-adds-support-for-switching-encryption-keys-to-encrypt-your-data-at-rest/ Amazon ElastiCache for Redis adds support for Redis 5.0.3 and the ability to change Redis command names | https://aws.amazon.com/about-aws/whats-new/2019/02/amazon-elasticache-for-redis-adds-support-for-redis-503-and-the-ability-to-change-redis-command-names/ Performance Insights is Generally Available on Amazon RDS for SQL Server | https://aws.amazon.com/about-aws/whats-new/2019/03/performance-insights-is-generally-available-for-sql-server/ Topic || Analytics Amazon QuickSight Supports Row Level Security Enabled Email Reports, New Analytical Capabilities and More | https://aws.amazon.com/about-aws/whats-new/2019/03/amazon-quickSight-supports-row-level-security-enabled-email-reports-new-analytical-capabilities-and-more/ Topic || Compute AWS Step Functions Adds Tag-Based Permissions | https://aws.amazon.com/about-aws/whats-new/2019/03/aws-step-functions-adds-tag-based-permissions/ AWS ParallelCluster support for Amazon FSx Lustre | https://aws.amazon.com/about-aws/whats-new/2019/03/aws-parallelcluster-support-for-amazon-fsx-lustre/ Announcing the Preupgrade Assistant to Migrate to Amazon Linux 2 From Amazon Linux AMI | https://aws.amazon.com/about-aws/whats-new/2019/03/announcing_the_amazon_linux_2_preupgrade_assistant/ Topic || IoT AWS IoT Greengrass Introduces New Networking Configurations and Group Permission Settings | https://aws.amazon.com/about-aws/whats-new/2019/03/aws-iot-greengrass-introduces-new-networking-configurations-group-permission-settings/ Topic || Customer Engagement Amazon Connect Simplifies Adding AWS Lambda Functions to Contact Flows | https://aws.amazon.com/about-aws/whats-new/2019/02/amazon-connect-simplifies-adding-aws-lambda-functions-to-contact-flows/ Introducing new AWS Digital Customer Experience Competency Partner Solutions | https://aws.amazon.com/about-aws/whats-new/2019/03/introducing-new-aws-digital-customer-experience-competency/ Topic || Networking Announcing the new AWS Direct Connect Console | https://aws.amazon.com/about-aws/whats-new/2019/03/announcing-the-new-aws-direct-connect-console/ Topic || Developer Tools Amazon Corretto 11 is Now Available as a Release Candidate | https://aws.amazon.com/about-aws/whats-new/2019/03/amazon-corretto-11-is-now-available-as-a-release-candidate/ AWS Amplify Console Adds Support for Instant CDN Cache Invalidation and Delta Deployments | https://aws.amazon.com/about-aws/whats-new/2019/03/aws-amplify-console-adds-support-for-instant-cdn-cache-invalidation-and-delta-deployments/ AWS CodeCommit Supports VPC Endpoints | https://aws.amazon.com/about-aws/whats-new/2019/03/aws-codecommit-supports-vpc-endpoints/ Automate Releases to the AWS Serverless Application Repository using AWS CodePipeline | https://aws.amazon.com/about-aws/whats-new/2019/03/automate-releases-to-the-aws-serverless-application-repository-using-aws-codepipeline/ Topic || Application Integration New Amazon SNS Console Now Available | https://aws.amazon.com/about-aws/whats-new/2019/03/new-amazon-sns-console-now-available/ Topic || Game Tech Identity and Access Management (IAM) Roles Now Available for Amazon GameLift | https://aws.amazon.com/about-aws/whats-new/2019/03/identity-and-access-management--iam--roles-now-available-for-ama/ Topic || Media Services AWS Elemental MediaLive Adds Support for Encrypted HLS and VPC Inputs | https://aws.amazon.com/about-aws/whats-new/2019/03/aws-elemental-medialive-adds-supports-for-encrypted-hls-and-vpc-inputs/ AWS Elemental MediaLive Now Supports Pausing Channel Delivery on a Schedule | https://aws.amazon.com/about-aws/whats-new/2019/03/aws-elemental-medialive-now-supports-pausing-channel-delivery-on-a-schedule/ AWS Elemental MediaLive Simplifies Sending Live Streams to AWS Elemental MediaPackage | https://aws.amazon.com/about-aws/whats-new/2019/03/aws-elemental-medialive-simplifies-sending-live-streams-to-aws-elemental-mediapackage/ Topic || Management and Governance AWS Systems Manager now supports on-premises instance management for large hybrid environments | https://aws.amazon.com/about-aws/whats-new/2019/03/AWS_Systems_Manager_on-premises_instance_management_for_large_hybrid_environments/ AWS CloudFormation Coverage Updates for AWS RAM, AWS Robomaker, Amazon ApiGateway, and more | https://aws.amazon.com/about-aws/whats-new/2019/02/aws-cloudformation-coverage-updates-for-aws-ram--aws-robomaker--/ whats-new/2019/02/amazon-elasticache-for-redis-adds-support-for-redis-503-and-the-ability-to-change-redis-command-names/ AWS License Manager adds new capabilities to track on premises usage, number of instances, and vCPUs based on Optimize CPU settings | https://aws.amazon.com/about-aws/whats-new/2019/02/NewLicenseManagervCPU/ AWS License Manager enhances support for tracking instances on premises | https://aws.amazon.com/about-aws/whats-new/2019/03/LicenseManagerOnPremises/
In this session, learn about Amazon Linux 2, the next generation Amazon Linux operating system that now comes with five years of support. See what's new with Amazon Linux 2, how it's different from other distributions of Linux, and understand why it's rapidly becoming the go-to operating system for AWS customers. Complete Title: AWS re:Invent 2018: [REPEAT 1] Amazon Linux 2: A Stable, Secure, High-Performance Linux Environment (CMP203-R1)
Simon shares a great list of new capabilities for customers! Chapters: 00:00- 00:08 Opening 00:09 - 10:50 Compute 10:51 - 25:50 Database and Storage 25:51 - 28:25 Network 28:26 - 35:01 Development 35:09 - 39:03 AI/ML 39:04 - 45:04 System Management and Operations 45:05 - 46:18 Identity 46:19 - 48:05 Video Streaming 48:06 - 49:14 Public Datasets 49:15 - 49:54 AWS Marketplace 49:55 - 51:03 YubiKey Support for MFA 51:04 - 51:18 Closing Shownotes: Amazon EC2 F1 Instance Expands to More Regions, Adds New Features, and Improves Development Tools | https://aws.amazon.com/about-aws/whats-new/2018/10/amazon-ec2-f1-instance-expands-to-more-regions-adds-new-features-and-improves-development-tools/ Amazon EC2 F1 instances now Available in an Additional Size | https://aws.amazon.com/about-aws/whats-new/2018/09/amazon-ec2-f1-instances-now-available-in-an-additional-size/ Amazon EC2 R5 and R5D instances now Available in 8 Additional AWS Regions | https://aws.amazon.com/about-aws/whats-new/2018/09/amazon-ec2-r5-and-r5d-instances-now-available-in-8-additional-aws-regions/ Introducing Amazon EC2 High Memory Instances with up to 12 TB of memory, Purpose-built to Run Large In-memory Databases, like SAP HANA | https://aws.amazon.com/about-aws/whats-new/2018/09/introducing-amazon-ec2-high-memory-instances-purpose-built-to-run-large-in-memory-databases/ Introducing a New Size for Amazon EC2 G3 Graphics Accelerated Instances | https://aws.amazon.com/about-aws/whats-new/2018/10/introducing-a-new-size-for-amazon-ec2-g3-graphics-accelerated-instances/ Amazon EC2 Spot Console Now Supports Scheduled Scaling for Application Auto Scaling | https://aws.amazon.com/about-aws/whats-new/2018/09/amazon-ec2-spot-console-now-supports-scheduled-scaling-for-application-auto-scaling/ Amazon Linux 2 Now Supports 32-bit Applications and Libraries | https://aws.amazon.com/about-aws/whats-new/2018/09/amazon-linux-2-now-supports-32-bit-applications-and-libraries/ AWS Server Migration Service Adds Support for Migrating Larger Data Volumes | https://aws.amazon.com/about-aws/whats-new/2018/09/aws-server-migration-service-adds-support-for-migrating-larger-data-volumes/ AWS Migration Hub Saves Time Migrating with Application Migration Status Automation | https://aws.amazon.com/about-aws/whats-new/2018/10/aws_migration_hub_saves_time_migrating_with_application_migration_status_automation/ Plan Your Migration with AWS Application Discovery Service Data Exploration | https://aws.amazon.com/about-aws/whats-new/2018/09/plan-your-migration-with-aws-application-discovery-service-data-exploration/ AWS Lambda enables functions that can run up to 15 minutes | https://aws.amazon.com/about-aws/whats-new/2018/10/aws-lambda-supports-functions-that-can-run-up-to-15-minutes/ AWS Lambda announces service level agreement | https://aws.amazon.com/about-aws/whats-new/2018/10/aws-lambda-introduces-service-level-agreement/ AWS Lambda Console Now Enables You to Manage and Monitor Serverless Applications | https://aws.amazon.com/about-aws/whats-new/2018/08/aws-lambda-console-enables-managing-and-monitoring/ Amazon EKS Enables Support for Kubernetes Dynamic Admission Controllers | https://aws.amazon.com/about-aws/whats-new/2018/10/amazon-eks-enables-support-for-kubernetes-dynamic-admission-cont/ Amazon EKS Simplifies Cluster Setup with update-kubeconfig CLI Command | https://aws.amazon.com/about-aws/whats-new/2018/09/amazon-eks-simplifies-cluster-setup-with-update-kubeconfig-cli-command/ Amazon Aurora Parallel Query is Generally Available | https://aws.amazon.com/about-aws/whats-new/2018/09/amazon-aurora-parallel-query-is-generally-available/ Amazon Aurora Now Supports Stopping and Starting of Database Clusters | https://aws.amazon.com/about-aws/whats-new/2018/09/amazon-aurora-stop-and-start/ Amazon Aurora Databases Support up to Five Cross-Region Read Replicas | https://aws.amazon.com/about-aws/whats-new/2018/09/amazon-aurora-databases-support-up-to-five-cross-region-read-replicas/ Amazon RDS Now Provides Database Deletion Protection | https://aws.amazon.com/about-aws/whats-new/2018/09/amazon-rds-now-provides-database-deletion-protection/ Announcing Managed Databases for Amazon Lightsail | https://aws.amazon.com/about-aws/whats-new/2018/10/announcing-managed-databases-for-amazon-lightsail/ Amazon RDS for MySQL and MariaDB now Support M5 Instance Types | https://aws.amazon.com/about-aws/whats-new/2018/09/amazon-rds-for-mysql-and-mariadb-support-m5-instance-types/ Amazon RDS for Oracle Now Supports Database Storage Size up to 32TiB | https://aws.amazon.com/about-aws/whats-new/2018/10/amazon-rds-for-oracle-now-supports-32tib/ Specify Parameter Groups when Restoring Amazon RDS Backups | https://aws.amazon.com/about-aws/whats-new/2018/10/specify-parameter-groups-when-restoring-amazon-rds-backups/ Amazon ElastiCache for Redis adds read replica scaling for Redis Cluster | https://aws.amazon.com/about-aws/whats-new/2018/09/amazon-elasticache-for-redis-adds-read-replica-scaling-for-redis-cluster/ Amazon Elasticsearch Service now supports encrypted communication between Elasticsearch nodes | https://aws.amazon.com/about-aws/whats-new/2018/09/amazon_elasticsearch_service_now_supports_encrypted_communication_between_elasticsearch_nodes/ Amazon Athena adds support for Creating Tables using the results of a Select query (CTAS) | https://aws.amazon.com/about-aws/whats-new/2018/10/athena_ctas_support/ Amazon Redshift announces Query Editor to run queries directly from the AWS Management Console | https://aws.amazon.com/about-aws/whats-new/2018/10/amazon_redshift_announces_query_editor_to_run_queries_directly_from_the_aws_console/ Support for TensorFlow and S3 select with Spark on Amazon EMR release 5.17.0 | https://aws.amazon.com/about-aws/whats-new/2018/09/support-for-tensorflow-s3-select-with-spark-on-amazon-emr-release-517/ AWS Database Migration Service Makes It Easier to Migrate Cassandra Databases to Amazon DynamoDB | https://aws.amazon.com/about-aws/whats-new/2018/09/aws-dms-aws-sct-now-support-the-migration-of-apache-cassandra-databases/ The Data Lake Solution Now Integrates with Microsoft Active Directory | https://aws.amazon.com/about-aws/whats-new/2018/09/the-data-lake-solution-now-integrates-with-microsoft-active-directory/ Amazon S3 Announces Selective Cross-Region Replication Based on Object Tags | https://aws.amazon.com/about-aws/whats-new/2018/09/amazon-s3-announces-selective-crr-based-on-object-tags/ AWS Storage Gateway Is Now Available as a Hardware Appliance | https://aws.amazon.com/about-aws/whats-new/2018/09/aws-storage-gateway-is-now-available-as-a-hardware-appliance/ AWS PrivateLink now supports access over AWS VPN | https://aws.amazon.com/about-aws/whats-new/2018/09/aws-privatelink-now-supports-access-over-aws-vpn/ AWS PrivateLink now supports access over Inter-Region VPC Peering | https://aws.amazon.com/about-aws/whats-new/2018/10/aws-privatelink-now-supports-access-over-inter-region-vpc-peering/ Network Load Balancer now supports AWS VPN | https://aws.amazon.com/about-aws/whats-new/2018/09/network-load-balancer-now-supports-aws-vpn/ Network Load Balancer now supports Inter-Region VPC Peering | https://aws.amazon.com/about-aws/whats-new/2018/10/network-load-balancer-now-supports-inter-region-vpc-peering/ AWS Direct Connect now Supports Jumbo Frames for Amazon Virtual Private Cloud Traffic | https://aws.amazon.com/about-aws/whats-new/2018/10/aws-direct-connect-now-supports-jumbo-frames-for-amazon-virtual-private-cloud-traffic/ Amazon CloudFront announces two new Edge locations, including its second location in Fujairah, United Arab Emirates | https://aws.amazon.com/about-aws/whats-new/2018/10/cloudfront-fujairah/ AWS CodeBuild Now Supports Building Bitbucket Pull Requests | https://aws.amazon.com/about-aws/whats-new/2018/10/aws-codebuild-now-supports-building-bitbucket-pull-requests/ AWS CodeCommit Supports New File and Folder Actions via the CLI and SDKs | https://aws.amazon.com/about-aws/whats-new/2018/09/aws-codecommit-supports-new-file-and-folder-actions-via-the-cli-and-sdks/ AWS Cloud9 Now Supports TypeScript | https://aws.amazon.com/about-aws/whats-new/2018/10/aws-cloud9-now-supports-typescript/ AWS CloudFormation coverage updates for Amazon API Gateway, Amazon ECS, Amazon Aurora Serverless, Amazon ElastiCache, and more | https://aws.amazon.com/about-aws/whats-new/2018/09/aws-cloudformation-coverage-updates-for-amazon-api-gateway--amaz/ AWS Elastic Beanstalk adds support for T3 instance and Go 1.11 | https://aws.amazon.com/about-aws/whats-new/2018/09/aws-elastic-beanstalk-adds-support-for-t3-instance-and-go-1-11/ AWS Elastic Beanstalk Console Supports Network Load Balancer | https://aws.amazon.com/about-aws/whats-new/2018/10/aws_elastic_beanstalk_console_supports_network_load_balancer/ AWS Amplify Announces Vue.js Support for Building Cloud-powered Web Applications | https://aws.amazon.com/about-aws/whats-new/2018/09/aws-amplify-announces-vuejs-support-for-building-cloud-powered-web-applications/ AWS Amplify Adds Support for Securely Embedding Amazon Sumerian AR/VR Scenes in Web Applications | https://aws.amazon.com/about-aws/whats-new/2018/09/AWS-Amplify-adds-support-for-securely-embedding-Amazon-Sumerian/ Amazon API Gateway adds support for multi-value parameters | https://aws.amazon.com/about-aws/whats-new/2018/10/amazon-api-gateway-adds-support-for-multi-parameters/ Amazon API Gateway adds support for OpenAPI 3.0 API specification | https://aws.amazon.com/about-aws/whats-new/2018/09/amazon-api-gateway-adds-support-for-openapi-3-api-specification/ AWS AppSync Launches a Guided API Builder for Mobile and Web Apps | https://aws.amazon.com/about-aws/whats-new/2018/09/AWS-AppSync-launches-a-guided-API-builder-for-apps/ Amazon Polly Adds Mandarin Chinese Language Support | https://aws.amazon.com/about-aws/whats-new/2018/09/amazon-polly-adds-mandarin-chinese-language-support/ Amazon Comprehend Extends Natural Language Processing for Additional Languages and Region | https://aws.amazon.com/about-aws/whats-new/2018/10/amazon_comprehend_extends_natural_language_processing_for_additional_languages_and_region/ Amazon Transcribe Supports Deletion of Completed Transcription Jobs | https://aws.amazon.com/about-aws/whats-new/2018/10/amazon_transcribe_supports_deletion_of_completed_transcription_jobs/ Amazon Rekognition improves the accuracy of image moderation | https://aws.amazon.com/about-aws/whats-new/2018/10/amazon-rekognition-improves-the-accuracy-of-image-moderation/ Save time and money by filtering faces during indexing with Amazon Rekognition | https://aws.amazon.com/about-aws/whats-new/2018/09/save-time-and-money-by-filtering-faces-during-indexing-with-amazon-rekognition/ Amazon SageMaker Now Supports Tagging for Hyperparameter Tuning Jobs | https://aws.amazon.com/about-aws/whats-new/2018/09/amazon-sagemaker-now-supports-tagging-for-hyperparameter-tuning-/ Amazon SageMaker Now Supports an Improved Pipe Mode Implementation | https://aws.amazon.com/about-aws/whats-new/2018/10/amazon-sagemaker-now-supports-an-improved-pipe-mode-implementati/ Amazon SageMaker Announces Enhancements to its Built-In Image Classification Algorithm | https://aws.amazon.com/about-aws/whats-new/2018/10/amazon-sagemaker-announces-enhancements-to-its-built-in-image-cl/ AWS Glue now supports connecting Amazon SageMaker notebooks to development endpoints | https://aws.amazon.com/about-aws/whats-new/2018/10/aws-glue-now-supports-connecting-amazon-sagemaker-notebooks-to-development-endpoints/ AWS Glue now supports resource-based policies and resource-level permissions for the AWS Glue Data Catalog | https://aws.amazon.com/about-aws/whats-new/2018/10/aws-glue-now-supports-resource-based-policies-and-resource-level-permissions-and-for-the-AWS-Glue-Data-Catalog/ Resource Groups Tagging API Supports Additional AWS Services | https://aws.amazon.com/about-aws/whats-new/2018/10/resource-groups-tagging-api-supports-additional-aws-services/ Changes to Tags on AWS Resources Now Generate Amazon CloudWatch Events | https://aws.amazon.com/about-aws/whats-new/2018/09/changes-to-tags-on-aws-resources-now-generate-amazon-cloudwatch-events/ AWS Systems Manager Announces Enhanced Compliance Dashboard | https://aws.amazon.com/about-aws/whats-new/2018/10/aws-systems-manager-announces-enhanced-compliance-dashboard/ Conditional Branching Now Supported in AWS Systems Manager Automation | https://aws.amazon.com/about-aws/whats-new/2018/09/Conditional_Branching_Now_Supported_in_AWS_Systems_Manager_Automation/ AWS Systems Manager Launches Custom Approvals for Patching | https://aws.amazon.com/about-aws/whats-new/2018/10/AWS_Systems_Manager_Launches_Custom_Approvals_for_Patching/ Amazon CloudWatch adds Ability to Build Custom Dashboards Outside the AWS Console | https://aws.amazon.com/about-aws/whats-new/2018/09/amazon-cloudwatch-adds-ability-to-build-custom-dashboards-outside-the-aws-console/ Amazon CloudWatch Agent adds Custom Metrics Support | https://aws.amazon.com/about-aws/whats-new/2018/09/amazon-cloudwatch-agent-adds-custom-metrics-support/ Amazon CloudWatch Launches Client-side Metric Data Aggregations | https://aws.amazon.com/about-aws/whats-new/2018/10/amazon-cloudWatch-launches-client-side-metric-data-aggregations/ AWS IoT Device Management Now Provides In Progress Timeouts and Step Timeouts for Jobs | https://aws.amazon.com/about-aws/whats-new/2018/10/aws-iot-device-management-now-provides-in-progress-timeouts-and-step-timeouts-for-jobs/ Amazon GuardDuty Provides Customization of Notification Frequency to Amazon CloudWatch Events | https://aws.amazon.com/about-aws/whats-new/2018/10/amazon-guardduty-provides-customization-of-notification-frequency-to-amazon-cloudwatch-events/ AWS Managed Microsoft AD Now Offers Additional Configurations to Connect to Your Existing Microsoft AD | https://aws.amazon.com/about-aws/whats-new/2018/10/aws-managed-microsoft-ad-now-offers-additional-configurations-to-connect-to-our-existing-microsoft-ad/ Easily Deploy Directory-Aware Workloads in Multiple AWS Accounts and VPCs by Sharing a Single AWS Managed Microsoft AD | https://aws.amazon.com/about-aws/whats-new/2018/09/aws-directory-service-share-directory-across-accounts-and-vpcs/ AWS Single Sign-on Now Enables You to Customize the User Experience to Business Applications | https://aws.amazon.com/about-aws/whats-new/2018/10/aws-single-sign-on-now-enables-you-to-customize-the-user-experience-to-business-applications/ Live Streaming on AWS Now Features AWS Elemental MediaLive and MediaPackage | https://aws.amazon.com/about-aws/whats-new/2018/09/live-streaming-on-aws-now-features-aws-elemental-medialive-and-mediapackage/ AWS Elemental MediaStore Increases Object Size Limit to 25 Megabytes | https://aws.amazon.com/about-aws/whats-new/2018/10/aws-elemental-mediastore-increase-object-size-limit-to-25-megabytes/ Amazon Kinesis Video Streams now supports adding and retrieving Metadata at Fragment-Level | https://aws.amazon.com/about-aws/whats-new/2018/10/kinesis-video-streams-fragment-level-metadata-support/ AWS Public Datasets Now Available from the German Meteorological Office, Broad Institute, Chan Zuckerberg Biohub, fast.ai, and Others | https://aws.amazon.com/about-aws/whats-new/2018/10/public-datasets/ Customize Your Payment Frequency and More with AWS Marketplace Flexible Payment Scheduler | https://aws.amazon.com/about-aws/whats-new/2018/10/customize-your-payment-frequency-and-more-with-awsmarketplace-flexible-payment-scheduler/ Sign in to your AWS Management Console with YubiKey Security Key for Multi-factor Authentication (MFA) | https://aws.amazon.com/about-aws/whats-new/2018/09/aws_sign_in_support_for_yubikey_security_key_as_mfa/
Unable to attend some of your favourite AWS events? Join Dr Pete and Shane as they kick off the jam packed 30th episode of AWS TechChat on the latest AWS events, update of AWS stats and dive into deep tech details around AWS landing zones, Amazon API Gateway, Storage Gateway, Application Load Balancer, Amazon Linux, Amazon EMR and AWS DeepLens.
Open source activism tends to focus on running on hardware you can trust and avoiding Cloud computing. The problem with some Cloud providers has to do with a conflict of interest between serving customers and how they generate revenue. It’s important for the customer to have control of their computer and their data in the Cloud. But what about their security and privacy?Today, we’re talking to Kyle Rankin, chief security officer at Purism and writer for Linux Journal. He is a Linux expert who decided to work at Purism because of the company’s belief in free software and the Linux community.Some of the highlights of the show include: Cloud providers have faced challenges when it comes to data privacy and who owns what. The word “Cloud” is overloaded, and it is unclear who is in control. Cloud providers can sabotage efforts to make programs work together. Cloud providers may not troll through data and exploit it. Yet, they develop tools for customers to be able to do that. Even though Linux Journal stopped being printed and went digital, and was going under, it’s now back and taking a new approach. What matters to new readers and Linux users is now different than what was important to original readers. The more time you can spend to understand what’s happening behind the scenes will make you much more marketable and adaptable. Kyle explains whether Amazon Linux is becoming a viable concern and if distribution matters anymore. Now, it’s about running an application, not thinking about what it’s running on. Are there gangs of Cloud users? Do people look down on Azure users? The target is always moving and changing. Check out Kyle’s book, Linux Hardening in Hostile Networks: Server Security from TLS to Tor. Links: Kyle Rankin on Twitter Purism Kyle Rankin’s book - Linux Hardening in Hostile Networks: Server Security from TLS to Tor Linux Journal 2.0 FAQ GorillaStack (use “screaming” for discount)
In this episode Simon catches up on a whole raft of different service updates. New instance types, updates for developers, IPv6 support, Amazon Linux in containers & Windows 2016 support just to name a few!