POPULARITY
Welcome to episode 264 of the Cloud Pod Podcast – where the forecast is always cloudy! Justin, Jonathan, Ryan (and eventually) Matthew are all on hand this week – and *announcement noise* this week it's the return of the Cloud Journey Series! There's also a lot of news from Re:inforce, a ground-breaking partnership between Oracle and Google Cloud, and updates to GKE. The guys also look ahead to Finops ‘24. Titles we almost went with this week: First, AI came for Writers/Artists, then it came for Developers, and now it comes for Security… What’s Next? Amazon Reinforces my Lack of Interest in Attending – JPB rl Object Storage Malware protection, everyone, please copy it! Amazon is the last man out in Oracle next-gen partnerships Dear Google, A partnership with Oracle is not Groundbreaking when Azure already did it AWS Announces some “We finally got around to it feature updates” Protect your S3 buckets from themselves with Amazon Guard Duty The CloudPod and AI play Guess Who? with IAM Access Analyzer. A big thanks to this week's sponsor: We're sponsorless! Want to reach a dedicated audience of cloud engineers? Send us an email, or hit us up on our Slack Channel and let's chat! AWS 01:04 Simplify risk and compliance assessments with the new common control library in AWS Audit Manager AWS Audit Manager is introducing a common control library that provides common controls with predefined and pre-mapped AWS data sources. This makes it easy for the GRC teams to use the common control library to save time when mapping enterprise controls into Audit Manager for evidence collection, reducing their dependence on IT teams. You can view the compliance requirements for multiple frameworks such as PCI or HIPAA, associated with the same common control in one place, making it easier to understand your audit readiness across multiple frameworks simultaneously. Interested in pricing? You can find that info here. 01:37 Ryan – “It’s the dream! Automated evidence generation. And now with the context of known frameworks. Yeah; because that’s always the challenge, you know, are the last step of the translation – this is the control. Hey, we need all these controls to do this level of compliance.” 04:36 Centrally manage member account root email addresses across your AWS Organization 2017 Justin is really digging all these quality-of-life features coming out, and we like to think that AWS has just finally gotten to our pile of feature requests from back then. This week, it’s now easier for AWS Organizations customers to centrally manage the root email address of member accounts across their organization using the CLI, SDK and Organizations Console.
edX ✨I build courses: https://insight.paiml.com/d69
Cos'è una Landing Zone e perché è importante per strutturare un progetto correttamente? Quali sono le linee guida e gli strumenti utili a definire a manutenere una landing zone su AWS? Quanta flessibilità abbiamo dopo aver creato la landing zone e come farla evolvere in base alle esigenze aziendali? E quanto costa? In questo episodio ospito Stefano Boscolo per parlare di Landing Zone, come crearle, gestirle e renderle uno strumento abilitante per tutti i team in azienda. Link utili: AWS Organizations: https://aws.amazon.com/it/organizations/ AWS Control Tower: https://aws.amazon.com/it/controltower/ Landing Zone Accelerator: https://aws.amazon.com/it/solutions/implementations/landing-zone-accelerator-on-aws/ Secure Cloud Foundation powered by Velocity: https://aws.amazon.com/marketplace/pp/prodview-vrcnef35kpz56
In this episode, we provide an introductory overview of AWS's best practices for managing infrastructure using multiple accounts under an organization. We discuss the advantages of this approach and how to get started creating your own multi-account environment, or "landing zone".
In this episode, we provide a friendly introduction to Service Control Policies (SCPs) in AWS Organizations. We explain what SCPs are, how they work, common use cases, and tips for troubleshooting access-denied errors related to SCPs. We cover how SCPs differ from identity-based and resource-based policies, and how SCPs can be used to set boundaries on maximum permissions in AWS accounts across an organization.
AWS Cloud Governance is the set of rules, practices, and reports that ensure your cloud use meets your business requirements. Tune into this episode, with host Jillian Forde, to hear from two Cloud Governance Specialists, Al Destefano and Nivas Durairaj, on how your organization can benefit from a multi-account strategy, meet regulatory requirements at scale, leverage AWS managed controls to meet business objectives and ensure data residency requirements are met by using services like AWS Organizations, AWS Config and AWS Control Tower. AWS Control Tower website: https://bit.ly/468g8oD AWS Cloud Governance options: https://bit.ly/3rb73N3
In the serverless world, we sometimes take the word "managed" a little too seriously. We often forget that not ALL software responsibilities are taken over by cloud vendors. Oftentimes responsibilities are shared between builders and cloud vendors, like security. In this episode, Allen and Jason talk about ways to improve your security posture starting today. They dive deep into AWS organizations, talk about how to keep your app teams and security teams friendly with each other, and discuss ways to minimize blast radius. About JasonJason Kao is the Head of Security Research at CloudQuery and passionate about cloud security. He's worked at large enterprises, starting as an engineer and quickly moving into cybersecurity. Jason has both defensive and offensive security experience including building cloud security infrastructure and working as a security consultant with a wide range of clients from startups to large enterprises in different industries, including highly-regulated industries.Jason is an author on multiple security patents and has presented at multiple cloud conferences including the inaugural AWS security conference, AWS re:Inforce. His cloud security research has been featured in multiple community security newsletters. Links Jason on LinkedIn - https://www.linkedin.com/in/kaojason CloudQuery - https://www.cloudquery.io AWS Organizations - https://aws.amazon.com/organizations --- Send in a voice message: https://podcasters.spotify.com/pod/show/readysetcloud/message Support this podcast: https://podcasters.spotify.com/pod/show/readysetcloud/support
Уже третий эпизод и только про AWS организации. В первой части мы закончили говорить про Organization Units, во после обсудили Service Control Policies (SCPs). А в этом эпизоде продолжаем говорить про безопасность, и начали IAM Access Analyzer, поговорили про то как работает SOO, работа c SSO через CLI. Проговорили еще раз лучшие практики написание SCP политик, и как лучшего всего защищать ваш root account, какие есть способы защиты MFA, и как быть если вы утеряли свой MFA. Все это и не только в третьем выпуске про организации. Кажется, тема настолько обширная, что будет и 4-й выпуск, если у вас есть какие-то вопросы по этой теме, пишите - будем рады добавить в список. Ссылки, которые упоминали во время разговора SSO CLI (Open source from community): https://github.com/synfinatic/aws-sso-cli SCP policies best practice examples: https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_scps_examples.html
Last week in security news: Github accidentally published its RSA host keys for SSH, Automate IAM credential reports for large AWS Organizations, The Tool of the Week, and more!Links: Sad news; infosec luminary Kelly ‘Aloria' Lum has regrettably passed away. Automate IAM credential reports for large AWS Organizations Github accidentally published its RSA host keys for SSH. How to use Amazon Macie to reduce the cost of discovering sensitive data Use backups to recover from security incidents Tool of the Week: Chekov
Links: Amazon Connect now allows contact center managers to join ongoing calls Amazon OpenSearch Service now supports Amazon Graviton2 (M6g, C6g, R6g, and R6gd) instances in four additional regions AWS IQ launches public profiles for companies AWS Organizations console adds support to centrally manage region opt-in settings on AWS accounts ROSA now provides an AWS Management Console experience for satisfying ROSA prerequisites Amazon EMR Serverless cost estimator AWS Multi-Region Fundamentals - AWS Multi-Region Fundamentals Organize your AWS Serverless code to prevent merge conflicts
In this episode, I caught up with Ben Bridts, who is an AWS Community Hero and consultant at Cloudar in Belgium.We talked about many topics, including common mistakes companies make in AWS; the problems with AWS Organizations; pitfalls with platform teams; and some success stories from his work as a consultant.Links from the episode:Alex DeBrie's post on GraphQL and Single-table designFor more stories about real-world use of serverless technologies, please follow us on Twitter as @RealWorldSls and subscribe to this podcast.Want to step up your AWS game and learn how to build production-ready serverless applications? Check out my upcoming workshops and I will teach you everything I know.Opening theme song:Cheery Monday by Kevin MacLeodLink: https://incompetech.filmmusic.io/song/3495-cheery-mondayLicense: http://creativecommons.org/licenses/by/4.0
Cloud Posse holds public "Office Hours" every Wednesday at 11:30am PST to answer questions on all things related to DevOps, Terraform, Kubernetes, CICD. Basically, it's like an interactive "Lunch & Learn" session where we get together for about an hour and talk shop. These are totally free and just an opportunity to ask us (or our community of experts) any questions you may have. You can register here: https://cloudposse.com/office-hoursJoin the conversation: https://slack.cloudposse.com/Find out how we can help your company:https://cloudposse.com/quizhttps://cloudposse.com/accelerate/Learn more about Cloud Posse:https://cloudposse.comhttps://github.com/cloudpossehttps://sweetops.com/https://newsletter.cloudposse.comhttps://podcast.cloudposse.com/[00:00:00] Intro[00:01:29] Spacelift Neutral Status Checks!https://github.com/cloudposse/infra-live/pull/184[00:03:35] AWS Organizations now manages primary contact information for all accountshttps://aws.amazon.com/about-aws/whats-new/2022/10/aws-organizations-console-centrally-manage-primary-contact-information-aws-accounts/[00:04:26] AWS Batch now supports EKShttps://aws.amazon.com/about-aws/whats-new/2022/10/aws-batch-supports-amazon-eks/[00:05:38] Terraform: why data sources and filters are preferable over remote statehttps://devopsian.net/posts/terraform-data-sources-over-remote-state/[00:09:42] Advanced Terraform Manipulations: Filtering, Grouping, Transformationshttps://brendanthompson.com/posts/2022/10/terraform-for-expression [00:14:07] How are people enforcing MFA in AWS [with IAM users and not SSO]?[00:16:40] Any atmos questions from last week's demo?[00:18:43] Home Automation[00:34:54] How does someone get good at IAM? [00:58:58] Outro#officehours,#cloudposse,#sweetops,#devops,#sre,#terraform,#kubernetes,#awsSupport the show
Uno de los factores más importantes a la hora de planear una migración es considerar la estructura multi-cuentas que puede llegar a existir en AWS, especialmente cuando tenemos que diferenciar entre temas como Landing Zone, Control Tower y AWS Organizations. Es por ello que en este episodio Angélica Ortega y David Garcia arquitectos de soluciones en AWS, nos platicarán sobre estos temas. Material Adicional: https://aws.amazon.com/es/blogs/aws-spanish/preparese-para-escalar-en-la-nube-estrategia-de-multiples-cuentas/
Продолжаем говорить про AWS организации. В первой части мы закончили говорить про Organization Units, а во второй уже начали с service control policies (SCPs): как работают политики и как внутренний сервис Amazon - Zelkova, помогает с безопасностью. Что такое AWS Control Tower и как он помогает в построении организации. Не забыли раскрыть тему уменьшения расходов при использовании AWS организации и другие преимущества работы с ней. Полезные ссылки Лучшие практики AWS организации AWS Whitepaper - Organizing Your AWS Environment Using Multiple Accounts О делегированном администраторе. Что такое Zelkova Если у вас есть вопросы, предложения темы, пишите мне в LinkedIn https://www.linkedin.com/in/vedmich/ или телеграмм https://t.me/VictorVedmich
Говорим про AWS организации, в один эпизод не получилось поместить все что хотелось рассказать, поэтому будет целая серия выпусков про AWS организации. А в первой части начинаем с основ: что такое AWS аккаунт, организация, зачем нужны несколько аккаунтов. С чего стоит начать планирования вашей AWS организации. Стоит ли соблюдать закон Конвея при построении вашей организации. Рекомендуемые Organization Units, или с чего начать проектирование вашей организации. Что делать если у вас микро сервисная архитектура, и как она влияет на построение вашей организации. Полезные ссылки Лучшие практики AWS организации AWS Whitepaper - Organizing Your AWS Environment Using Multiple Accounts Если у вас есть вопросы, предложения темы, пишите мне в Linkedin или телеграмм https://t.me/VictorVedmich
בפינה זו, נגיש לכם מידע על העבודה היומיומית בסביבת ענן מנקודת המבט שלנו.דוברי הפרק: אריאל מונפו ואבי קינן. בפרק הקודם, דיברנו על מה זה AWS Organizations, מה מהות השינוי, איך הוא מסייע לנו בניהול ריבוי חשבונות, מה הפיצ'רים הכלולים בתוכו, מה היתרונות שלו, למה השירות חשוב לאינטגרטורים וממה כדאי להיזהר. בפרק זה, נדבר על Amazon Lightsail. מהו השירות, למי הוא מיועד, מה השימושים שלו, מה ההבדל בינו לביו ה-EC2. כמו כן, אבי יבצע דמו בלייב ליצירת שרת חדש. רוצים להתעדכן לצפות בתכנים הכי איכותיים ומקצועיים? הירשמו עכשיו לכנס מחשוב הענן הגדול בישראל! להרשמה > https://www.israelcloudsummit.com/
בפינה זו, נגיש לכם מידע על העבודה היומיומית בסביבת ענן מנקודת המבט שלנו.דוברי הפרק: אריאל מונפו ואבי קינן. בפרק הקודם, דיברנו על AWS Nat Gateway. הסברנו מה השירות מספק, מתי כדאי להשתמש בו ומה היתרונות שלו. כמו כן, דיברנו על שימוש ה-Nat Gateway ב-Single AZ וב-Multi Zone וכמובן איך ניתן להשתמש בו באופן חכם ויעיל ולא לבזבז כסף מיותר. בפרק זה, נדבר על מה זה AWS Organizations, מה מהות השינוי, איך הוא מסייע לנו בניהול ריבוי חשבונות, מה הפיצ'רים הכלולים בתוכו, מה היתרונות שלו, למה השירות חשוב לאינטגרטורים וממה כדאי להיזהר. רוצים להתעדכן לצפות בתכנים הכי איכותיים ומקצועיים? הירשמו עכשיו לכנס מחשוב הענן הגדול בישראל! להרשמה > https://www.israelcloudsummit.com/
Google Biglake takes the feature of the week with the ability to federate data from multiple data lakes. On The Cloud Pod this week, the team discusses the most expensive way to run a VM (Oracle wins). Plus some exciting developments, an AWS OpenSearch 1.2 update with several new features, and Azure's having a party, so bring your own IP addresses (BYOIP). A big thanks to this week's sponsor, Foghorn Consulting, which provides full-stack cloud solutions with a focus on strategy, planning and execution for enterprises seeking to take advantage of the transformative capabilities of AWS, Google Cloud and Azure. This week's highlights
On The Cloud Pod this week, Jonathan's got his detective hat on. Plus Akamai steps up to CloudFare with Linode acquisition, AWS' CloudFormation Hooks lift us up, and EPYC instances are now available. A big thanks to this week's sponsors: Foghorn Consulting, which provides full-stack cloud solutions with a focus on strategy, planning and execution for enterprises seeking to take advantage of the transformative capabilities of AWS, Google Cloud and Azure. This week's highlights
In this month's episode Arjen, JM, and Guy discuss the news from January 2022. Well, everything announced after re:Invent really, but that's mostly from January. There are good announcements all over; from a new Console Home to unpronounceable instance types, but there is also some news around the podcast that's either good or bad depending on how you interpret it. Find us at melb.awsug.org.au or as @AWSMelb on Twitter. News Finally in Sydney Amazon EC2 R6i instances are now available in 8 additional regions Amazon EC2 C6i instances are now available in 10 additional regions AWS Panorama is now available in Asia Pacific (Sydney), and Asia Pacific (Singapore) AWS Resilience Hub expands to 13 additional AWS Regions AWS Direct Connect announces new location in Australia Serverless AWS Lambda now supports Internet Protocol Version 6 (IPv6) endpoints for inbound connections Amazon Virtual Private Cloud (VPC) now supports Bring Your Own IPv6 Addresses (BYOIPv6) - Old announcement mentioned in show Announcing AWS Serverless Application Model (SAM) CLI support for local testing of AWS Cloud Development Kit (CDK) AWS Lambda now supports ES Modules and Top-Level Await for Node.js 14 AWS Lambda now supports Max Batching Window for Amazon MSK, Apache Kafka, Amazon MQ for Apache Active MQ and RabbitMQ as event sources Containers Amazon EKS now supports Internet Protocol version 6 (IPv6) Amazon Elastic Kubernetes Service Adds IPv6 Networking | AWS News Blog EBS CSI driver now available in EKS add-ons in preview Amazon ECS launches new simplified console experience for creating ECS clusters and task definitions ACM Private CA Kubernetes cert-manager plugin is production ready Amazon EMR on EKS adds support for customized container images for AWS Graviton-based EC2 instances Amazon ECR adds the ability to monitor repository pull statistics Amazon ECS now supports Amazon ECS Exec and Amazon Linux 2 for on-premises container workloads EC2 & VPC Introducing Amazon EC2 Hpc6a instances New – Amazon EC2 Hpc6a Instance Optimized for High Performance Computing | AWS News Blog New – Amazon EC2 X2iezn Instances Powered by the Fastest Intel Xeon Scalable CPU for Memory-Intensive Workloads Instance Tags now available on the Amazon EC2 Instance Metadata Service Amazon EC2 On-Demand Capacity Reservations now support Cluster Placement Groups AWS Compute Optimizer makes it easier to optimize by leveraging multiple EC2 instance architectures AWS Announces New Launch Speed Optimizations for Microsoft Windows Server Instances on Amazon EC2 Amazon EC2 customers can now use ED25519 keys for authentication with EC2 Instance Connect Metrics now available for AWS PrivateLink Dev & Ops Amazon Corretto January Quarterly Updates Amazon CloudWatch Logs announces AWS Organizations support for cross account Subscriptions AWS Toolkit for JetBrains IDEs adds support for ECS-Exec for troubleshooting ECS containers AWS Systems Manager Automation now enables you to take action in third-party applications through webhooks Security AWS Secrets Manager now automatically enables SSL connections when rotating database secrets AWS announces phone number enrichments for Amazon Fraud Detector Models Announcing AWS CloudTrail Lake, a managed audit and security lake AWS Firewall Manager now supports AWS Shield Advanced automatic application layer DDoS mitigation Amazon SNS now supports Attribute-based access controls (ABAC) Amazon GuardDuty now detects EC2 instance credentials used from another AWS account Amazon GuardDuty Enhances Detection of EC2 Instance Credential Exfiltration | AWS News Blog Amazon GuardDuty now protects Amazon Elastic Kubernetes Service clusters AWS Security Hub integrates with AWS Health AWS Trusted Advisor now integrates with AWS Security Hub AWS Client VPN now supports banner text and maximum session duration Data Storage & Processing Databases AWS Migration Hub Strategy Recommendations adds support for Babelfish for Aurora PostgreSQL Now DynamoDB can return the throughput capacity consumed by PartiQL API calls to help you optimize your queries and throughput costs Amazon DocumentDB (with MongoDB compatibility) adds support for $mergeObjects and $reduce Amazon DocumentDB (with MongoDB compatibility) adds additional Geospatial query capabilities Amazon DocumentDB (with MongoDB compatibility) now offers a free trial Amazon RDS Performance Insights now supports query execution plan capture for RDS for Oracle Glue Introducing Autoscaling in AWS Glue jobs (Preview) Introducing AWS Glue Interactive Sessions and Job Notebooks (Preview) Announcing Personal Identifiable Information (PII) detection and remediation in AWS Glue (Preview) EMR Introducing real-time collaborative notebooks with EMR Studio Introducing SQL Explorer in EMR Studio Amazon EMR now supports Apache Iceberg, a highly performant, concurrent, ACID-compliant table format for data lakes Amazon EMR on EKS adds error message details in DescribeJobRun API response to simplify debugging Amazon EMR on EKS adds support for customized container images for interactive jobs run using managed endpoints Amazon EMR now supports Apache Spark SQL to insert data into and update Glue Data Catalog tables when Lake Formation integration is enabled OpenSearch Amazon OpenSearch Service (successor to Amazon Elasticsearch Service) now supports OpenSearch version 1.1 Amazon OpenSearch Service (successor to Amazon Elasticsearch Service) now supports anomaly detection for historical data Fine grained access control now supported on existing Amazon OpenSearch Service domains Redshift Announcing AWS Data Exchange for Amazon Redshift Amazon Redshift Spectrum now offers custom data validation rules Other New – Replication for Amazon Elastic File System (EFS) Amazon ElastiCache adds support for streaming and storing Redis engine logs AWS Storage Gateway management console simplifies gateway creation and management Amazon S3 File Gateway adds schedule-based network bandwidth throttling Amazon FSx for NetApp ONTAP now provides performance and capacity metrics in Amazon CloudWatch AI & ML SageMaker Amazon SageMaker Pipelines now offers native EMR integration for large scale data processing Amazon SageMaker Pipelines now supports concurrency control Amazon SageMaker JumpStart adds LightGBM and CatBoost Models for Tabular Data Amazon SageMaker Feature Store connector for Apache Spark for easy batch data ingestion Announcing SageMaker Training support for ml.g5 instances Other Amazon Kendra launches support for query language Amazon Forecast now supports AWS CloudFormation for managing dataset and dataset group resources Amazon Rekognition improves accuracy of Content Moderation for Video AWS Panorama Appliances now available for purchase on Amazon.com and Amazon Business Amazon Textract adds synchronous support for single page PDF documents and support for PDF documents containing JPEG 2000 encoded images Other Cool Stuff Now Open – AWS Asia Pacific (Jakarta) Region | AWS News Blog Announcing the new Console Home in AWS Management Console A New AWS Console Home Experience | AWS News Blog Amazon Nimble Studio launches the ability to validate launch profile configurations via the Nimble Studio console AWS Elastic Disaster Recovery now supports failback automation Amazon Interactive Video Service adds thumbnail configuration Announcing matrix routing for Amazon Location Service Amazon Location Service enables request-based pricing for all customer use cases IoT AWS IoT Device Management launches Automated Retry capability for Jobs to improve success rates of large scale deployments AWS IoT Core for LoRaWAN Launches Two New Features to Manage and Monitor Communications Between Device and Cloud AWS IoT SiteWise Edge supports new data storage and upload prioritization strategies for intermittent cloud connectivity Sponsors CMD Solutions Silver Sponsors Cevo Versent
Pull your podcast player out of instant retrieval, because we're discussing re:Invent 2021 as well as the weeks before it. Lots of announcements; big, small, weird, awesome, and anything in between. We had fun with this episode and hope you do too. Find us at melb.awsug.org.au or as @AWSMelb on Twitter. News Finally in Sydney AWS Snowcone SSD is now available in the US East (Ohio), US West (San Francisco), Asia Pacific (Singapore), Asia Pacific (Sydney) and AWS Asia Pacific (Tokyo) regions Amazon EC2 M6i instances are now available in 5 additional regions Serverless Introducing Amazon EMR Serverless in preview Announcing Amazon Kinesis Data Streams On-Demand Announcing Amazon Redshift Serverless (Preview) Introducing Amazon MSK Serverless in public preview Introducing Amazon SageMaker Serverless Inference (preview) Simplify CI/CD Configuration for AWS Serverless Applications and your favorite CI/CD system – General Availability Amazon AppStream 2.0 launches Elastic fleets, a serverless fleet type AWS Chatbot now supports management of AWS resources in Slack (Preview) Lambda AWS Lambda now supports partial batch response for SQS as an event source AWS Lambda now supports cross-account container image pulling from Amazon Elastic Container Registry AWS Lambda now supports mTLS Authentication for Amazon MSK as an event source AWS Lambda now logs Hyperplane Elastic Network Interface (ENI) ID in AWS CloudTrail data events Step Functions AWS Step Functions Synchronous Express Workflows now supports AWS PrivateLink Amplify Introducing AWS Amplify Studio AWS Amplify announces the ability to override Amplify-generated resources using CDK AWS Amplify announces the ability to add custom AWS resources to Amplify-created backends using CDK and CloudFormation AWS Amplify UI launches new Authenticator component for React, Angular, and Vue AWS Amplify announces the ability to export Amplify backends as CDK stacks to integrate into CDK-based pipelines AWS Amplify expands its Notifications category to include in-app messaging (Developer Preview) AWS Amplify announces a redesigned, more extensible GraphQL Transformer for creating app backends quickly Containers Fargate Announcing AWS Fargate for Amazon ECS Powered by AWS Graviton2 Processors ECS Amazon ECS now adds container instance health information Amazon ECS has improved Capacity Providers to deliver faster Cluster Auto Scaling Amazon ECS-optimized AMI is now available as an open-source project Amazon ECS announces a new integration with AWS Distro for OpenTelemetry EKS Amazon EKS on AWS Fargate now Supports the Fluent Bit Kubernetes Filter Amazon EKS adds support for additional cluster configuration options using AWS CloudFormation Visualize all your Kubernetes clusters in one place with Amazon EKS Connector, now generally available AWS Karpenter v0.5 Now Generally Available AWS customers can now find, subscribe to, and deploy third-party applications that run in any Kubernetes environment from AWS Marketplace Other Amazon ECR announces pull through cache repositories AWS App Mesh now supports ARM64-based Envoy Images EC2 & VPC Instances New – EC2 Instances (G5) with NVIDIA A10G Tensor Core GPUs | AWS News Blog Announcing new Amazon EC2 G5g instances powered by AWS Graviton2 processors Introducing Amazon EC2 R6i instances Introducing two new Amazon EC2 bare metal instances Amazon EC2 Mac Instances now support hot attach and detach of EBS volumes Amazon EC2 Mac Instances now support macOS Monterey Announcing Amazon EC2 M1 Mac instances for macOS Announcing preview of Amazon Linux 2022 Elastic Beanstalk supports AWS Graviton-based Amazon EC2 instance types Announcing preview of Amazon EC2 Trn1 instances Announcing new Amazon EC2 C7g instances powered by AWS Graviton3 processors Announcing new Amazon EC2 Im4gn and Is4gen instances powered by AWS Graviton2 processors Introducing the AWS Graviton Ready Program Introducing Amazon EC2 M6a instances AWS Compute Optimizer now offers enhanced infrastructure metrics, a new feature for EC2 recommendations AWS Compute Optimizer now offers resource efficiency metrics Networking AWS price reduction for data transfers out to the internet Amazon Virtual Private Cloud (VPC) customers can now create IPv6-only subnets and EC2 instances Application Load Balancer and Network Load Balancer end-to-end IPv6 support AWS Transit Gateway introduces intra-region peering for simplified cloud operations and network connectivity Amazon Virtual Private Cloud (VPC) announces IP Address Manager (IPAM) to help simplify IP address management on AWS Amazon Virtual Private Cloud (VPC) announces Network Access Analyzer to help you easily identify unintended network access Introducing AWS Cloud WAN Preview Introducing AWS Direct Connect SiteLink Other Recover from accidental deletions of your snapshots using Recycle Bin Amazon EBS Snapshots introduces a new tier, Amazon EBS Snapshots Archive, to reduce the cost of long-term retention of EBS Snapshots by up to 75% Amazon CloudFront now supports configurable CORS, security, and custom HTTP response headers Amazon EC2 now supports access to Red Hat Knowledgebase Amazon EC2 Fleet and Spot Fleet now support automatic instance termination with Capacity Rebalancing AWS announces a new capability to switch license types for Windows Server and SQL Server applications on Amazon EC2 AWS Batch introduces fair-share scheduling Amazon EC2 Auto Scaling Now Supports Predictive Scaling with Custom Metrics Dev & Ops New services Measure and Improve Your Application Resilience with AWS Resilience Hub | AWS News Blog Scalable, Cost-Effective Disaster Recovery in the Cloud | AWS News Blog Announcing general availability of AWS Elastic Disaster Recovery AWS announces the launch of AWS AppConfig Feature Flags in preview Announcing Amazon DevOps Guru for RDS, an ML-powered capability that automatically detects and diagnoses performance and operational issues within Amazon Aurora Introducing Amazon CloudWatch Metrics Insights (Preview) Introducing Amazon CloudWatch RUM for monitoring applications' client-side performance IaC AWS announces Construct Hub general availability AWS Cloud Development Kit (AWS CDK) v2 is now generally available You can now import your AWS CloudFormation stacks into a CloudFormation stack set You can now submit multiple operations for simultaneous execution with AWS CloudFormation StackSets AWS CDK releases v1.126.0 - v1.130.0 with high-level APIs for AWS App Runner and hotswap support for Amazon ECS and AWS Step Functions SDKs AWS SDK for Swift (Developer Preview) AWS SDK for Kotlin (Developer Preview) AWS SDK for Rust (Developer Preview) CICD AWS Proton now supports Terraform Open Source for infrastructure provisioning AWS Proton introduces Git management of infrastructure as code templates AWS App2Container now supports Jenkins for setting up a CI/CD pipeline Other Amazon CodeGuru Reviewer now detects hardcoded secrets in Java and Python repositories EC2 Image Builder enables sharing Amazon Machine Images (AMIs) with AWS Organizations and Organization Units Amazon Corretto 17 Support Roadmap Announced Amazon DevOps Guru now Supports Multi-Account Insight Aggregation with AWS Organizations AWS Toolkits for Cloud9, JetBrains and VS Code now support interaction with over 200 new resource types AWS Fault Injection Simulator now supports Amazon CloudWatch Alarms and AWS Systems Manager Automation Runbooks. AWS Device Farm announces support for testing web applications hosted in an Amazon VPC Amazon CloudWatch now supports anomaly detection on metric math expressions Introducing Amazon CloudWatch Evidently for feature experimentation and safer launches New – Amazon CloudWatch Evidently – Experiments and Feature Management | AWS News Blog Introducing AWS Microservice Extractor for .NET Security AWS Secrets Manager increases secrets limit to 500K per account AWS CloudTrail announces ErrorRate Insights AWS announces the new Amazon Inspector for continual vulnerability management Amazon SQS Announces Server-Side Encryption with Amazon SQS-managed encryption keys (SSE-SQS) AWS WAF adds support for Captcha AWS Shield Advanced introduces automatic application-layer DDoS mitigation Security Hub AWS Security Hub adds support for AWS PrivateLink for private access to Security Hub APIs AWS Security Hub adds three new FSBP controls and three new partners SSO Manage Access Centrally for CyberArk Users with AWS Single Sign-On Manage Access Centrally for JumpCloud Users with AWS Single Sign-On AWS Single Sign-On now provides one-click login to Amazon EC2 instances running Microsoft Windows AWS Single Sign-On is now in scope for AWS SOC reporting Control Tower AWS Control Tower now supports concurrent operations for detective guardrails AWS Control Tower now supports nested organizational units AWS Control Tower now provides controls to meet data residency requirements Deny services and operations for AWS Regions of your choice with AWS Control Tower AWS Control Tower introduces Terraform account provisioning and customization Data Storage & Processing Databases Relational databases Announcing Amazon RDS Custom for SQL Server New Multi-AZ deployment option for Amazon RDS for PostgreSQL and for MySQL; increased read capacity, lower and more consistent write transaction latency, and shorter failover time (Preview) Amazon RDS now supports cross account KMS keys for exporting RDS Snapshots Amazon Aurora supports MySQL 8.0 Amazon RDS on AWS Outposts now supports backups on AWS Outposts Athena Amazon Athena adds cost details to query execution plans Amazon Athena announces cross-account federated query New and improved Amazon Athena console is now generally available Amazon Athena now supports new Lake Formation fine-grained security and reliable table features Announcing Amazon Athena ACID transactions, powered by Apache Iceberg (Preview) Redshift Announcing preview for write queries with Amazon Redshift Concurrency Scaling Amazon Redshift announces native support for SQLAlchemy and Apache Airflow open-source frameworks Amazon Redshift simplifies the use of other AWS services by introducing the default IAM role Announcing Amazon Redshift cross-region data sharing (preview) Announcing preview of SQL Notebooks support in Amazon Redshift Query Editor V2 Neptune Announcing AWS Graviton2-based instances for Amazon Neptune AWS releases open source JDBC driver to connect to Amazon Neptune MemoryDB Amazon MemoryDB for Redis now supports AWS Graviton2-based T4g instances and a 2-month Free Trial Database Migration Service AWS Database Migration Service now supports parallel load for partitioned data to S3 AWS Database Migration Service now supports Kafka multi-topic AWS Database Migration Service now supports Azure SQL Managed Instance as a source AWS Database Migration Service now supports Google Cloud SQL for MySQL as a source Introducing AWS DMS Fleet Advisor for automated discovery and analysis of database and analytics workloads (Preview) AWS Database Migration Service now offers a new console experience, AWS DMS Studio AWS Database Migration Service now supports Time Travel, an improved logging mechanism Other Database Activity Streams now supports Graviton2-based instances Amazon Timestream now offers faster and more cost-effective time series data processing through scheduled queries, multi-measure records, and magnetic storage writes Amazon DynamoDB announces the new Amazon DynamoDB Standard-Infrequent Access table class, which helps you reduce your DynamoDB costs by up to 60 percent Achieve up to 30% better performance with Amazon DocumentDB (with MongoDB compatibility) using new Graviton2 instances S3 Amazon S3 on Outposts now delivers strong consistency automatically for all applications Amazon S3 Lifecycle further optimizes storage cost savings with new actions and filters Announcing the new Amazon S3 Glacier Instant Retrieval storage class - the lowest cost archive storage with milliseconds retrieval Amazon S3 Object Ownership can now disable access control lists to simplify access management for data in S3 Amazon S3 Glacier storage class is now Amazon S3 Glacier Flexible Retrieval; storage price reduced by 10% and bulk retrievals are now free Announcing the new S3 Intelligent-Tiering Archive Instant Access tier - Automatically save up to 68% on storage costs Amazon S3 Event Notifications with Amazon EventBridge help you build advanced serverless applications faster Amazon S3 console now reports security warnings, errors, and suggestions from IAM Access Analyzer as you author your S3 policies Amazon S3 adds new S3 Event Notifications for S3 Lifecycle, S3 Intelligent-Tiering, object tags, and object access control lists Glue AWS Glue DataBrew announces native console integration with Amazon AppFlow AWS Glue DataBrew now supports custom SQL statements to retrieve data from Amazon Redshift and Snowflake AWS Glue DataBrew now allows customers to create data quality rules to define and validate their business requirements FSx Introducing Amazon FSx for OpenZFS Amazon FSx for Lustre now supports linking multiple Amazon S3 buckets to a file system Amazon FSx for Lustre can now automatically update file system contents as data is deleted and moved in Amazon S3 Announcing the next generation of Amazon FSx for Lustre file systems Backup Announcing preview of AWS Backup for Amazon S3 AWS Backup adds support for Amazon Neptune AWS Backup adds support for Amazon DocumentDB (with MongoDB compatibility) AWS Backup provides new resource assignment rules for your data protection policies AWS Backup adds support for VMware workloads Other AWS Lake Formation now supports AWS PrivateLink AWS Transfer Family adds identity provider options and enhanced monitoring capabilities Introducing ability to connect to EMR clusters in different subnets in EMR Studio AWS Snow Family now supports external NTP server configuration Announcing data tiering for Amazon ElastiCache for Redis Now execute python files and notebooks from another notebook in EMR Studio AWS Snow Family launches offline tape data migration capability AI & ML SageMaker Introducing Amazon SageMaker Canvas - a visual, no-code interface to build accurate machine learning models Announcing Fully Managed RStudio on Amazon SageMaker for Data Scientists | AWS News Blog Amazon SageMaker now supports inference testing with custom domains and headers from SageMaker Studio Amazon SageMaker Pipelines now supports retry policies and resume Announcing new deployment guardrails for Amazon SageMaker Inference endpoints Amazon announces new NVIDIA Triton Inference Server on Amazon SageMaker Amazon SageMaker Pipelines now integrates with SageMaker Model Monitor and SageMaker Clarify Amazon SageMaker now supports cross-account lineage tracking and multi-hop lineage querying Introducing Amazon SageMaker Inference Recommender Introducing Amazon SageMaker Ground Truth Plus: Create high-quality training datasets without having to build labeling applications or manage the labeling workforce on your own Amazon SageMaker Studio Lab (currently in preview), a free, no-configuration ML service Amazon SageMaker Studio now enables interactive data preparation and machine learning at scale within a single universal notebook through built-in integration with Amazon EMR Other General Availability of Syne Tune, an open-source library for distributed hyperparameter and neural architecture optimization Amazon Translate now supports AWS KMS Encryption Amazon Kendra releases AWS Single Sign-On integration for secure search Amazon Transcribe now supports automatic language identification for streaming transcriptions AWS AI for data analytics (AIDA) partner solutions Introducing Amazon Lex Automated Chatbot Designer (Preview) Amazon Kendra launches Experience Builder, Search Analytics Dashboard, and Custom Document Enrichment Other Cool Stuff In The Works – AWS Canada West (Calgary) Region | AWS News Blog Unified Search in the AWS Management Console now includes blogs, knowledge articles, events, and tutorials AWS DeepRacer introduces multi-user account management Amazon Pinpoint launches in-app messaging as a new communications channel Amazon AppStream 2.0 Introduces Linux Application Streaming Amazon SNS now supports publishing batches of up to 10 messages in a single API request Announcing usability improvements in the navigation bar of the AWS Management Console Announcing General Availability of Enterprise On-Ramp Announcing preview of AWS Private 5G AWS Outposts is Now Available in Two Smaller Form Factors Introducing AWS Mainframe Modernization - Preview Introducing the AWS Migration and Modernization Competency Announcing AWS Data Exchange for APIs Amazon WorkSpaces introduces Amazon WorkSpaces Web Amazon SQS Enhances Dead-letter Queue Management Experience For Standard Queues Introducing AWS re:Post, a new, community-driven, questions-and-answers service AWS Resource Access Manager enables support for global resource types AWS Ground Station launches expanded support for Software Defined Radios in Preview Announcing Amazon Braket Hybrid Jobs for running hybrid quantum-classical workloads on Amazon Braket Introducing AWS Migration Hub Refactor Spaces - Preview Well-Architected Framework Customize your AWS Well-Architected Review using Custom Lenses New Sustainability Pillar for the AWS Well-Architected Framework IoT Announcing AWS IoT RoboRunner, Now Available in Preview AWS IoT Greengrass now supports Microsoft Windows devices AWS IoT Core now supports Multi-Account Registration certificates on IoT Credential Provider endpoint Announcing AWS IoT FleetWise (Preview), a new service for transferring vehicle data to the cloud more efficiently Announcing AWS IoT TwinMaker (Preview), a service that makes it easier to build digital twins AWS IoT SiteWise now supports hot and cold storage tiers for industrial data New connectivity software, AWS IoT ExpressLink, accelerates IoT development (Preview) AWS IoT Device Management Fleet Indexing now supports two additional data sources (Preview) Connect Amazon Connect now enables you to create and orchestrate tasks directly from Flows Amazon Connect launches scheduled tasks Amazon Connect launches Contact APIs to fetch and update contact details programmatically Amazon Connect launches API to configure security profiles programmatically Amazon Connect launches APIs to archive and delete contact flows Amazon Connect now supports contact flow modules to simplify repeatable logic Sponsors CMD Solutions Silver Sponsors Cevo Versent
A lot of things happened in October, and we talked about them all in early November. In this episode Arjen, Guy, and JM discuss a whole bunch of cool things that were released and may be a bit harsh on everything Microsoft. News Finally in Sydney Amazon EC2 Mac instances are now available in seven additional AWS Regions Amazon MemoryDB for Redis is now available in 11 additional AWS Regions Serverless Lambda AWS Lambda now supports triggering Lambda functions from an Amazon SQS queue in a different account AWS Lambda now supports IAM authentication for Amazon MSK as an event source Step Functions Now — AWS Step Functions Supports 200 AWS Services To Enable Easier Workflow Automation | AWS News Blog AWS Batch adds console support for visualizing AWS Step Functions workflows Amplify Announcing General Availability of Amplify Geo for AWS Amplify AWS Amplify for JavaScript now supports resumable file uploads for Storage Other Accelerating serverless development with AWS SAM Accelerate | AWS Compute Blog Containers Amazon EKS Managed Node Groups adds native support for Bottlerocket AWS Fargate now supports Amazon ECS Windows containers Announcing the general availability of cdk8s and support for Go | Containers Monitoring clock accuracy on AWS Fargate with Amazon ECS Amazon ECS Anywhere now supports GPU-based workloads AWS Console Mobile Application adds support for Amazon Elastic Container Service AWS Load Balancer Controller version 2.3 now available with support for ALB IPv6 targets AWS App Mesh Metric Extension is now generally available EC2 & VPC New – Amazon EC2 C6i Instances Powered by the Latest Generation Intel Xeon Scalable Processors | AWS News Blog Amazon EC2 now supports sharing Amazon Machine Images across AWS Organizations and Organizational Units Amazon EC2 Hibernation adds support for Ubuntu 20.04 LTS Announcing Amazon EC2 Capacity Reservation Fleet a way to easily migrate Amazon EC2 Capacity Reservations across instance types Amazon EC2 Auto Scaling now supports describing Auto Scaling groups using tags Amazon EC2 now offers Microsoft SQL Server on Microsoft Windows Server 2022 AMIs AWS Elastic Beanstalk supports Database Decoupling in an Elastic Beanstalk Environment AWS FPGA developer kit now supports Jumbo frames in virtual ethernet frameworks for Amazon EC2 F1 instances Amazon VPC Flow Logs now supports Apache Parquet, Hive-compatible prefixes and Hourly partitioned files Network Load Balancer now supports TLS 1.3 New – Attribute-Based Instance Type Selection for EC2 Auto Scaling and EC2 Fleet | AWS News Blog Amazon Lightsail now supports AWS CloudFormation for instances, disks and databases Dev & Ops CLI AWS Cloud Control API, a Uniform API to Access AWS & Third-Party Services | AWS News Blog Now programmatically manage alternate contacts on AWS accounts CodeGuru Amazon CodeGuru now includes recommendations powered by Infer Amazon CodeGuru announces Security detectors for Python applications and security analysis powered by Bandit Amazon CodeGuru Reviewer adds detectors for AWS Java SDK v2's best practices and features IaC AWS CDK releases v1.121.0 - v1.125.0 with features for faster development cycles using hotswap deployments and rollback control AWS CloudFormation customers can now manage their applications in AWS Systems Manager Other NoSQL Workbench for Amazon DynamoDB now enables you to import and automatically populate sample data to help build and visualize your data models Amazon Corretto October Quarterly Updates Bulk Editing of OpsItems in AWS Systems Manager OpsCenter AWS Fault Injection Simulator now supports Spot Interruptions AWS Fault Injection Simulator now injects Spot Instance Interruptions Security Firewalls AWS Firewall Manager now supports centralized logging of AWS Network Firewall logs AWS Network Firewall Adds New Configuration Options for Rule Ordering and Default Drop Backups AWS Backup Audit Manager adds compliance reports AWS Backup adds an additional layer for backup protection with the availability of AWS Backup Vault Lock Other AWS Security Hub adds support for cross-Region aggregation of findings to simplify how you evaluate and improve your AWS security posture Amazon SES now supports 2048-bit DKIM keys AWS License Manager now supports Delegated Administrator for Managed entitlements Data Storage & Processing Goodbye Microsoft SQL Server, Hello Babelfish | AWS News Blog Announcing availability of the Babelfish for PostgreSQL open source project Announcing Amazon RDS Custom for Oracle AWS announces AWS Snowcone SSD Amazon RDS Proxy now supports Amazon RDS for MySQL Version 8.0 Amazon OpenSearch Service (successor to Amazon Elasticsearch Service) announces support for Cross-Cluster Replication Amazon OpenSearch Service (successor to Amazon Elasticsearch Service) now comes with an improved management console AWS Transfer Family customers can now use Amazon S3 Access Point aliases for granular and simplified data access controls Amazon EMR now supports Apache Spark SQL to insert data into and update Apache Hive metadata tables when Apache Ranger integration is enabled Amazon Neptune now supports Auto Scaling for Read Replicas AWS Glue Crawlers support Amazon S3 event notifications Amazon Keyspaces (for Apache Cassandra) now supports automatic data expiration by using Time to Live (TTL) settings New – AWS Data Exchange for Amazon Redshift | AWS News Blog AI & ML SageMaker Announcing Fast File Mode for Amazon SageMaker Amazon SageMaker Projects now supports Image Building CI/CD templates Amazon SageMaker Data Wrangler now supports Amazon Athena Workgroups, feature correlation, and customer managed keys Other Amazon Kendra launches support for 34 additional languages Amazon Fraud Detector now supports event datasets AWS announces a price reduction of up to 56% for Amazon Fraud Detector machine learning fraud predictions Amazon Fraud Detector launches new ML model for online transaction fraud detection Amazon Transcribe now supports custom language models for streaming transcription Amazon Textract launches TIFF support and adds asynchronous support for receipts and invoices processing Announcing Amazon EC2 DL1 instances for cost efficient training of deep learning models Other Cool Stuff AWS IoT Core now makes it optional for customers to send the entire trust chain when provisioning devices using Just-in-Time Provisioning and Just-in-Time Registration AWS IoT SiteWise announces support for using the same asset models across different hierarchies VMware Cloud on AWS Outposts Brings VMware SDDC as a Fully Managed Service on Premises | AWS News Blog AWS Outposts adds new CloudWatch dimension for capacity monitoring Amazon Monitron launches iOS app Amazon Braket offers D-Wave's Advantage 4.1 system for quantum annealing Amazon QuickSight adds support for Pixel-Perfect dashboards Amazon WorkMail adds Mobile Device Access Override API and MDM integration capabilities Announcing Amazon WorkSpaces API to create new updated images with latest AWS drivers Computer Vision at the Edge with AWS Panorama | AWS News Blog Amazon Connect launches API to configure hours of operation programmatically New region availability and Graviton2 support now available for Amazon GameLift Sponsors CMD Solutions Silver Sponsors Cevo Versent
Links: “Cloud Security Breaches and Vulnerabilities”: https://blog.christophetd.fr/cloud-security-breaches-and-vulnerabilities-2021-in-review/ S3 Bucket Negligence Award: https://mytechdecisions.com/audio/sennheiser-responds-after-customer-data-from-2018-was-exposed-online/ Granted the role its support teams use to access customer accounts access to S3 objects: https://Twitter.com/0xdabbad00/status/1473448889948598275?s=12 S3 Bucket Negligence Award: https://www.modernghana.com/news/1127205/report-ghana-government-agency-exposes-100000s.html “Simplify setup of Amazon Detective with AWS Organizations”: https://aws.amazon.com/blogs/security/simplify-setup-of-amazon-detective-with-aws-organizations/ “AWSSupportServiceRolePolicy Informational Update”: https://aws.amazon.com/security/security-bulletins/AWS-2021-007/ aws-sso-cli: https://github.com/synfinatic/aws-sso-cli TranscriptCorey: This is the AWS Morning Brief: Security Edition. AWS is fond of saying security is job zero. That means it's nobody in particular's job, which means it falls to the rest of us. Just the news you need to know, none of the fluff.Corey: Are you building cloud applications with a distributed team? Check out Teleport, an open-source identity-aware access proxy for cloud resources. Teleport provides secure access for anything running somewhere behind NAT: SSH servers, Kubernetes clusters, internal web apps, and databases. Teleport gives engineers superpowers. Get access to everything via single sign-on with multi-factor, list and see all of SSH servers, Kubernetes clusters, or databases available to you in one place, and get instant access to them using tools you already have. Teleport ensures best security practices like role-based access, preventing data exfiltration, providing visibility, and ensuring compliance. And best of all, Teleport is open-source and a pleasure to use. Download Teleport at goteleport.com. That's goteleport.com.Corey: Well, we're certainly ending 2021 with a whirlwind in the security space. Log4J continues to haunt us, while AWS took not only an outage but also a bit of a security blunder that they managed to turn into a messaging win. Listen on.But first, the Community. A depressing review of 2021's “Cloud Security Breaches and Vulnerabilities.” Honestly, it seems like there are just so damned many ways for bad security to set the things we care about on fire. The takeaways are actionable though. Stop using static long-lived credentials and start with the basics before you get fancy.Sennheiser scores itself an S3 Bucket Negligence Award, and of all the countries in which to suffer a data breach, I've got to say that Germany is at the bottom of the list. They do not mess around with data protection there.And, Holy hell, AWS inadvertently granted the role its support teams use to access customer accounts access to S3 objects. It lasted for ten hours, and while there are mitigations out there, this is far from the first time that AWS has biffed it with regard to an unreviewed change making it into a managed IAM policy. This needs to be addressed. If you've got specific questions about how those things are handled, reach out to your account team; but it's a terrible look. But there's more to come in a second here.Corey: This episode is sponsored in part by my friends at Cloud Academy. Something special for you folks: If you missed their offer on Black Friday or Cyber Monday or whatever day of the week doing sales it is, good news, they've opened up their Black Friday promotion for a very limited time. Same deal: $100 off a yearly plan, 249 bucks a year for the highest quality cloud and tech skills content. Nobody else is going to get this, and you have to act now because they have assured me this is not going to last for much longer. Go to cloudacademy.com, hit the ‘Start Free Trial' button on the homepage and use the promo code, ‘CLOUD' when checking out. That's C-L-O-U-D. Like loud—what I am—with a C in front of it. They've got a free trial, too, so you'll get seven days to try it out to make sure it really is a good fit. You've got nothing to lose except your ignorance about cloud. My thanks to Cloud Academy once again for sponsoring my ridiculous nonsense.A bit off the beaten path, this week's S3 Bucket Negligence Award goes to the government of Ghana. This one is pretty bad. I mean, you can't exactly opt out of doing business with your government, you know?Now, AWS has two things I want to talk about. The first is that they offer a way to “Simplify setup of Amazon Detective with AWS Organizations.” I'm actually enthusiastic about this one because there's a significant lack of security tooling available to folks at the lower end of the market. A bunch of companies seem to start off targeting this segment, but soon realize that there's a better future in selling things to bigger companies for $200,000 a month instead of $20.Now, “AWSSupportServiceRolePolicy Informational Update.” Now, you heard a minute ago, I was initially extremely unhappy about this mistake. That said, I am such a fan of this notification that I can't even articulate it without sounding like I'm fanboying. Because mistakes happen and talking about those mistakes and why defense in depth mitigates the harm of those mistakes goes a long way. This affirms my trust in AWS rather than harming it. Meanwhile Azure has absolutely nothing to say about why their tenant separation is aspirational at best.And lastly a bit of tooling story here. To end up the year, I've been kicking the tires on aws-sso-cli over on GitHub, which is a tool for using AWS SSO for both the CLI and web console. I don't know why the native SSO tooling is quite as trash as it is, but it's a problem. There's a lot of value to using SSO but AWS hides it as if the entire thing were under NDA. Thank you for listening. It's been a heck of a year as we've launched the security portion of this weekly nonsense. I'll talk to you more in 2022. Stay safe.Corey: Thank you for listening to the AWS Morning Brief: Security Edition with the latest in AWS security that actually matters. Please follow AWS Morning Brief on Apple Podcast, Spotify, Overcast—or wherever the hell it is you find the dulcet tones of my voice—and be sure to sign up for the Last Week in AWS newsletter at lastweekinaws.com.Announcer: This has been a HumblePod production. Stay humble.
On The Cloud Pod this week, the pod squad is down to the OG three while Ryan is away. Also AWS announces serverless pipelines, GCP releases Spot Pods, and Azure introduces Chaos Studio. A big thanks to this week's sponsors: Foghorn Consulting, which provides full-stack cloud solutions with a focus on strategy, planning and execution for enterprises seeking to take advantage of the transformative capabilities of AWS, Google Cloud and Azure. JumpCloud, which offers a complete platform for identity, access, and device management — no matter where your users and devices are located. This week's highlights
In the 2020 re:Invent security keynote, the #1 recommendation for customers to secure their environment was to use AWS Organizations. In this episode, Simon will discuss why with Andrew Blackham, Product Manager at AWS. They'll review why you should consider using multiple accounts and what features AWS Organizations provides customers to centrally manage their environment. They'll also touch on security best practices, multi-account features from AWS services, and how you can get started building your multi-account environment. See the getting started guide: https://aws.amazon.com/organizations/getting-started/best-practices/ Read the whitepaper: https://docs.aws.amazon.com/whitepapers/latest/organizing-your-aws-environment/organizing-your-aws-environment.html
Compliance and audit checks can be painful, and that's before you introduce additional cloud services and technology. In this episode featuring AJ Yawn we discuss some incredibly useful and actionable cloud security concepts and tools that can help your team boost visibility and reduce user permissions to help prevent breaches before they happen. In addition, we discuss what a good compliance audit should be, and how to turn audits from painful to incredibly valuable.Resources mentioned in this episode:- AWS CloudTrail: https://aws.amazon.com/cloudtrail/- AWS Well-Architected Framework:https://aws.amazon.com/architecture/well-architected/ - AWS Config: https://aws.amazon.com/config - AWS Organizations:https://aws.amazon.com/organizations/ - AWS Service Control Policies (SCP): https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_scps.html Our Guest - AJ Yawn AJ Yawn is the Co-Founder and CEO of ByteChek. He is a seasoned cloud security professional that possesses over a decade of senior information security experience with extensive experience managing a wide range of cybersecurity compliance assessments (SOC 2, ISO 27001, HIPAA, etc.) for a variety of SaaS, IaaS, and PaaS providers.AJ advises startups on cloud security and serves on the Board of Directors of the ISC2 Miami chapter as the Education Chair, he is also a Founding Board member of the National Association of Black Compliance and Risk Management professions, regularly speaks on information security podcasts, events, and he contributes blogs and articles to the information security community including publications such as CISOMag, InfosecMag, HackerNoon, and ISC2.Sponsor's Note:Support for the Blueprint podcast comes from the SANS Institute.Are you looking for the best in-depth training for your cyber defense team? Look no further than SANS blue team curriculum courses!Whether you focus on network or host data, Windows or Linux, or even specialize in open source intel, SIEM, SOC, or defensive architecture, the SANS Blue Team curriculum has the course for you. From long-time classics like SEC503 Network Intrusion Detection to the newer SEC530 Defensible Security Architecture and Engineering and SEC487 Open Source Intelligence Gathering - we've got you covered, no matter what your specialty.With an extensive archive of free webcasts on the SANS site, and free online demos available for most courses, you can easily check out the SANS blue team catalog and see which course is the best fit for you and your team.Check out the constantly growing list of available courses at sansurl.com/blueteamopsFollow SANS Cyber Defense: Twitter | LinkedIn | YouTubeFollow John Hubbard: Twitter | LinkedIn
This week on The Cloud Pod, Justin is away so the rest of the team has taken the opportunity to throw him under the bus. A big thanks to this week's sponsors: Foghorn Consulting, which provides full-stack cloud solutions with a focus on strategy, planning and execution for enterprises seeking to take advantage of the transformative capabilities of AWS, Google Cloud and Azure. This week's highlights The Pentagon has had enough of the kids fighting so no one gets the toy. Amazon has given developers the happy ending they've always wanted. Google is playing with fire and hopes no one gets burnt. JEDI: Play Nice Pentagon officials are considering pulling the plug on the star-crossed JEDI cloud-computing project. Reminds us of when we were kids and our parents took toys away when we couldn't play nice together. Amazon Web Services: We've Made All the Money AWS announces a price reduction for Amazon Managed Service for Prometheus. That's an awful lot of samples. Amazon Virtual Private Cloud (VPC) announces pricing change for VPC Peering. Just get rid of the ridiculous data transfer fees! AWS Organizations launches a new console experience. We're excited to try this out! AWS announces IAM Access Control for Apache Kafka on Amazon MSK. This is great. AWS Systems Manager now includes Incident Manager to resolve IT incidents faster. This might initially fall short of some of the other offerings on the market. AWS Local Zones are now open in Boston, Miami and Houston. They're continuing on the Oracle model of racks in random garages. Amazon now lets you create Microsoft SQL Server Instances of Amazon RDS on AWS Outposts. A big hooray for people using Outposts. Google Cloud Platform: Smells A Bit Google announces Agent Assist for Chat is now in Preview. Hopefully this is better than predictive text, which is often highly inappropriate. Google releases a handy new Google Cloud, AWS and Azure product map. This press release has an Oracle smell about it. Browse and query Google Cloud Spanner databases from Visual Studio Code. We can see this being welcomed by developers. Azure: So Pretty Azure releases a new logo. We think it kind of looks like a Google icon. Multiple new features for Azure VPN Gateway are now generally available. Really great features! Enabling Azure Site Recovery while creating Azure Virtual Machines is now generally available. Something about this feels clunky. The next installment of the low code development series is now available. Spoiler alert: it's not that riveting. TCP Lightning Round Ryan blatantly stole Justin's jokes but still takes this week's point, leaving scores at Justin (7), Ryan (4), Jonathan (7). Other headlines mentioned: Amazon QuickSight Launches Threshold Alerts Amazon DevOps Guru now generally available with additional capabilities Amazon Pinpoint Announces Journey Pause and Resume Azure Backup: Operational backup for Azure Blobs is now generally available Append blob support in Azure Data Lake Storage is now generally available Amazon SageMaker Automatic Model Tuning now supports up to 10x faster tuning and enables exploring up to 20X more models Amazon CloudWatch Synthetics supports cron expression for scheduling Amazon CloudFront announces price cuts in India and Asia Pacific regions Amazon Elasticsearch Service now offers AWS Graviton2 (M6g, C6g, R6g, and R6gd) instances3 Amazon Athena drivers now support Azure AD and PingFederate authentication Migration Evaluator announces a faster way to project AWS cloud costs with Quick Insights Amazon EKS managed node groups adds support for Kubernetes node taints Things Coming Up Announcing Google Cloud 2021 Summits [frequently updated] Save the date: AWS Containers events in May AWS Regional Summits — May 10–19 Microsoft Build — May 19–21 (Digital) Google Financial Services Summit — May 27th Harness Unscripted Conference — June 16–17 Google Cloud Next — Not announced yet (one site says Moscone is reserved June 28–30) Google Cloud Next 2021 — October 12–14, 2021 AWS re:Invent — November 29–December 3 — Las Vegas Oracle Open World (no details yet)
En este es el episodio #2.07 del Podcast de Charlas Técnicas de AWS.En este episodio te contamos porque tenes que tener multiples cuentas de AWS y cómo hacerlo. Te vamos a contar herramientas y servicios que te pueden ayudar. 00:00 - Introducción 03:59 - Estrategias de multiples cuentas 06:51 - Porque tener más de una cuenta? 17:51 - Cómo separamos estas cuentas?‘ 30:56 - AWS Organizations 40:26 - AWS Control Tower
In this episode we talked about AWS Organizations
Join Pete and Jesse as they address a question from the Twitterverse: What are the best practices you’d recommend for someone starting from scratch in AWS? They talk about why security is a first principle and why cost attribution is equally as important, the role multiple accounts can play in effective cost allocation, how AWS Organizations has come a long way in a short period of time, the different kinds of accounts your team should set up, how you can begin working on cost attribution and cost allocation even if your AWS account has been around forever, and more.
Because re:Invent is just in a couple of days, Arjen, Jean-Manuel, and Guy take an earlier than usual look at the massive number of announcements in November. And to think, this episode was recorded on 20 November so everything announced after that will be discussed in the re:Invent episode. What's new Finally in Sydney Amazon Kendra now available in Asia-Pacific (Sydney) AWS region IP Multicast on AWS Transit Gateway is now available in major AWS regions world wide Meet the newest AWS Heroes including the first DevTools Heroes! | AWS News Blog Serverless Amazon EventBridge introduces support for Event Replay Amazon CodeGuru Profiler simplifies profiling for AWS Lambda functions AWS Lambda now makes it easier to send logs to custom destinations AWS Lambda now supports Amazon MQ for Apache ActiveMQ as an event source AWS Step Functions now supports Amazon API Gateway service integration AWS Step Functions now supports Amazon EKS service integration Containers Lightsail Containers: An Easy Way to Run your Containers in the Cloud | AWS News Blog Amazon ECS now supports Internet Protocol Version 6 (IPv6) in awsvpc networking mode Amazon ECS extensions for AWS CDK is now generally available The AWS CDK EKS Construct Library is Now Available as a Developer Preview and Adds Support for cdk8s AWS Fargate for Amazon ECS launches features focused on configuration and metrics AWS App Mesh introduces circuit breaker capabilities Announcing AWS App Mesh Controller for Kubernetes Version 1.2.0 Amazon VPC CNI plugin version 1.7 now default for Amazon EKS clusters EC2 & VPC AWS Network Firewall – New Managed Firewall Service in VPC | AWS News Blog Deployment models for AWS Network Firewall | Networking & Content Delivery Introducing AWS Gateway Load Balancer – Easy Deployment, Scalability, and High Availability for Partner Appliances | AWS News Blog Network Load Balancer now supports IPv6 AWS Client VPN now supports Client Connect Handler AWS Client VPN announces self service portal to download VPN profiles and desktop applications Introducing EC2 Instance rebalance recommendation for EC2 Spot Instances Amazon EC2 On-Demand Capacity Reservations now supports AWS Wavelength Zones Pause and Resume Workloads on T3 and T3a Instances with Amazon EC2 Hibernation Announcing AWS PrivateLink support for Amazon Braket Dev & Ops AWS CloudFormation change sets now support nested stacks AWS Service Catalog now supports StackSet instance operations AWS X-Ray now supports trace context propagation for Amazon Simple Storage Service (S3) Amazon CloudWatch Synthetics now supports Environment Variables AWS Systems Manager OpsCenter now integrates with Amazon CloudWatch for easier diagnosis and remediation of alarms AWS CodePipeline Source Action for AWS CodeCommit Supports git clone Now customize the idle session timeout value and stream session logs to Amazon CloudWatch Logs for Session Manager Security Encrypt your Amazon DynamoDB global tables by using your own encryption keys AWS KMS - based Encryption is Now Available in Amazon SageMaker Studio Announcing protection groups for AWS Shield Advanced AWS Firewall Manager now supports centralized management of AWS Network Firewall Data Storage & Processing New – Export Amazon DynamoDB Table Data to Your Data Lake in Amazon S3, No Code Writing Required | AWS News Blog Introducing Amazon S3 Storage Lens – Organization-wide Visibility Into Object Storage | AWS News Blog Amazon MQ Update – New RabbitMQ Message Broker Service | AWS News Blog Amazon DocumentDB (with MongoDB compatibility) adds support for MongoDB 4.0 and transactions Amazon Athena announces availability of engine version 2 Amazon Athena adds support for running SQL queries across relational, non-relational, object, and custom data sources. Announcing AWS Glue DataBrew – A Visual Data Preparation Tool That Helps You Clean and Normalize Data Faster | AWS News Blog Amazon RDS for SQL Server now supports Database Mail Amazon RDS Data API supports tag-based authorization Amazon RDS on VMware Adds Support for Cross-Custom-Availability-Zone Read Replicas Amazon Aurora Global Database Expands Manageability Capabilities AWS Launch Wizard now supports single-instance deployments of SQL Server on Windows and Linux Amazon Redshift announces Open Source JDBC and Python drivers Amazon Redshift announces support for TIME and TIMETZ data types Amazon Neptune now supports Event notifications Amazon Neptune now supports custom endpoints to access your workload Amazon Elasticsearch Service now supports defining a custom name for your domain endpoint Amazon Elasticsearch Service adds support for hot reload of dictionary files Storage Day Welcome to AWS Storage Day 2020 | AWS News Blog Amazon FSx for Windows File Server Now Supports Access to File Systems Using Alternate DNS Names AWS Storage Gateway adds schedule-based network bandwidth throttling for Tape and Volume Gateway Amazon S3 Replication adds support for metrics and notifications Amazon S3 Replication adds support for replicating delete markers AWS Transfer Family now supports shared services VPC environments Amazon S3 Intelligent-Tiering adds Archive Access Tiers — further optimizes storage costs AWS Backup extends centralized backup management support to Amazon FSx AWS Snowball Edge now supports importing virtual machine images to your deployed Snow devices AWS Storage Gateway simplifies in-cloud processing by adding file-level upload notifications for File Gateway AWS Storage Gateway enhances security by introducing access-based enumeration for File Gateway Amazon ECS now supports the use of Amazon FSx for persistent, shared storage for Windows containers AMI Lifecycle Management now available with Data Lifecycle Manager AWS Snowball Edge now supports Windows operating systems AWS Storage Gateway increases local storage cache by 4x for Tape and Volume Gateway AWS announces 40% price reduction for Amazon Elastic Block Store (EBS) Cold HDD (sc1) volumes Amazon FSx for Lustre now supports storage quotas AI & ML New – GPU-Equipped EC2 P4 Instances for Machine Learning & HPC | AWS News Blog EFA Now Supports NVIDIA GPUDirect RDMA Amazon Kendra adds Confluence Cloud connector Amazon Kendra adds user tokens for secure search AWS DeepComposer launches new learning capsule on sequence modeling and Transformers AWS DeepComposer adds new Transformers algorithm that allows developers to extend an input melody Announcing AWS DeepComposer's next Chartbusters challenge, Keep Calm and Model On Amazon Polly launches a British English Newscaster speaking Style Amazon Polly launches a new Australian English neural text-to-speech voice Amazon Lex adds language support for French, Spanish, Italian and Canadian French Apply your business rules to Amazon Personalize recommendations on the fly Amazon Textract supports handwriting and five new languages Amazon SageMaker Studio now supports multi-GPU instances Other Cool Stuff In the Works – AWS Region in Hyderabad, India | AWS News Blog In the Works – New AWS Region in Zurich, Switzerland | AWS News Blog AWS Backup and AWS Organizations bring cross-account backup feature Amazon Chime SDK now supports public switched telephone network (PSTN) audio Savings Plans Alerts now available in AWS Cost Management Introducing new visualization features in AWS IoT SiteWise: Status Charts, Scatter Plot and Trend lines Announcing new features for AWS IoT SiteWise Amazon CloudWatch launches Metrics Explorer Amazon Connect launches API to configure user hierarchies programmatically Automated ABR (Adaptive Bit Rate) Configuration now available in AWS Elemental MediaConvert Amazon QuickSight launches new Chart Types, Table Improvements and more AWS IoT Device Management enhances Secure Tunneling with new multiplexing capability, supporting multiple connections to a single device over a secure tunnel The Nanos Amazon WorkDocs adds support for managing the color theme in-app on iOS AWS IQ launches new functionality to support firms Amazon Connect has just reduced its 44th telephony rate this year Sponsors Gold Sponsor Innablr Silver Sponsors AC3 CMD Solutions DoIT International
最新情報を "ながら" でキャッチアップ! ラジオ感覚放送 「毎日AWS!」 おはようございます、サーバーワークスの加藤です。 今日は 9/15 に出たアップデート7件をご紹介。 ※今回アップデートが多く2回に分けての放送となります。 感想は Twitter にて「#サバワ」をつけて投稿してください! ■ UPDATE ラインナップ Docker ECS プラグインがアップデート - コンテナのデプロイ・管理に関する機能強化 AWS Organizations が追加のタグとタグベースのアクセス制御に対応 Coursera に重要なプロダクトマネジメントスキルに関する4つの新しいコースが登場 Amazon Managed Blockchain が Hyperledger Fabric v1.4 をサポート AWS Wavelength を用いて保護された医療情報を処理できるように AWS Systems Manager Explorer が運用データソースのグループ化とカスタマイズに対応 Amazon Redshift が空間データの処理機能を強化 ■ サーバーワークスSNS Twitter / Facebook ■ サーバーワークスブログ サーバーワークスエンジニアブログ
AWS had a number of big and small announcements in June again, and Arjen is joined by Jean-Manuel and Guy to talk about these. They'll cover it all from codeless programming tools to busting charts. The News Finally in Sydney ANZ Find your most expensive lines of code and improve code quality with Amazon CodeGuru - now generally available Announcing availability of AWS Outposts in nine additional countries in Africa, Asia Pacific, Latin America, and Middle East Serverless AWS Lambda support for Amazon Elastic File System now generally available Amazon API Gateway allows subprotocols on a WebSocket API connection AWS Amplify Console now supports deploying and hosting web apps managed in monorepos Swift Lambda support (Apple supported through WWDC sessions) Amplify Console adds support for automatically creating and deleting custom sub-domains for every branch deployment Containers Amazon EKS now Supports EC2 Inf1 Instances AWS App Mesh introduces timeout configuration support Amazon ECS Capacity Providers Now Support Delete Functionality Amazon Corretto for Alpine Linux now in preview AWS App Mesh controller for Kubernetes is now generally available EC2 & VPC AWS Direct Connect enables Failover Testing Now Available, Amazon EC2 C5a instances featuring 2nd Generation AMD EPYC Processors Announcing the General Availability of Amazon EC2 G4dn Bare Metal Instances - GPU instances with up to 8 NVIDIA T4 GPUs Amazon EC2 C6g and R6g instances powered by AWS Graviton2 processors are now generally available Amazon EC2 Auto Scaling now supports Instance Refresh within Auto Scaling Groups ELB lifecycle events now available with Amazon ECS services registered with multiple target groups AWS Elastic Beanstalk Announces .NET Core on Linux Platform Amazon Virtual Private Cloud (VPC) customers can now use their own Prefix Lists to simplify the configuration of security groups and route tables Kernel Live Patching for Amazon Linux 2 is now generally available Security AWS Config Supports 9 New Managed Rules AWS Shield Advanced now supports proactive response to events Amazon Aurora Snapshots can be managed via AWS Backup AWS Transfer Family enables Source IP as a factor for authorization AWS Certificate Manager Extends Automation of Certificate Issuance Via CloudFormation AWS Backup and AWS Organizations bring cross-account data protection management and monitoring Dev & Ops Software Package Management with AWS CodeArtifact | AWS News Blog Announcing Amazon Honeycode Introducing AWS CloudFormation Guard (Preview) – a new open-source CLI for infrastructure compliance AWS CloudFormation Resource Import now supports CloudFormation Registry types EC2 Image Builder now supports connectivity through AWS PrivateLink AWS CodeCommit now supports Emoji Reactions to Comments AWS CodePipeline Supports AWS AppConfig as a New Deploy Action type Databases Amazon Aurora Global Database supports read replica write forwarding AWS Data Migration Service now supports copying graph data from relational sources to Amazon Neptune Announcing Amazon Aurora Serverless with MySQL 5.7 compatibility Amazon FSx for Windows File Server now enables you to grow storage and to scale performance on your file systems Announcing storage controls for schemas in Amazon Redshift Database Activity Streams now available for Aurora with MySQL compatibility Amazon Aurora with PostgreSQL Compatibility Supports T3.large Instances Amazon Redshift now supports writing to external tables in Amazon S3 CloudWatch Application Insights adds support for SQL Server High Availability configurations Amazon RDS on VMware Adds Support for Read Replica Amazon Redshift materialized views support external tables Announcing Amazon Aurora Serverless with MySQL 5.7 compatibility AI & ML DeepComposer Chartbusters challenge Amazon SageMaker Components for Kubeflow Pipelines AWS DeepComposer adds a new generative AI algorithm that allows developers to generate music in the style of Bach Now Install Custom Kernels and Data Science Libraries on EMR clusters directly from EMR Notebooks Amazon Augmented AI enables quality control via metadata for customers using a private workforce Introducing Recommendation Filters in Amazon Personalize Amazon Lex announces built-in search intent to enable Amazon Kendra integration Other Cool Stuff AWS announces AWS Snowcone - a small, portable, rugged, and secure edge computing and data transfer device Amazon Route 53 Launches New API Action to list Private Hosted Zones associated with your Amazon VPCs Real-time anomaly detection support in Amazon Elasticsearch Service Amazon Connect adds filtering by channel to the ‘Get queue metrics' block Amazon CloudFront enables configurable origin connection attempts and origin connection timeouts Amazon SES can now send notifications when the delivery of an email is delayed Enable WebRTC simulcast to improve video performance for applications built with the Amazon Chime SDK Amazon Connect now supports higher-quality, natural-sounding Text-to-Speech voices Amazon Polly launches a child US English NTTS Voice Sponsors Gold Sponsor Innablr Silver Sponsors AC3 CMD Solutions DoiT International
Using multiple AWS accounts to isolate workloads has been a best practice, not only since AWS introduced consolidated billing in 2010. AWS made a huge step by introducing AWS Organizations in 2017 and has added more and more features on top of the formerly boundary of an AWS account. In my opinion, we have passed the sweet spot between centralism and isolated accounts. The possibilities powered by AWS Organizations ruin the concept of isolated accounts with limited blast radius. I recommend, to manage no more than 50 AWS accounts per AWS organization. Use multiple AWS organizations instead. Also, think twice before using SCP or Trusted Organization Access, both features make centralism permanent. I haven't seen a thriving, innovative, and centralized IT organization so far. Correct me if I'm wrong.
This is part 2 of my conversation with Olaf Conijn and Tjerk Stroband at Moneyou, a Dutch bank based here in Amsterdam, Netherlands. We discussed the challenges Moneyou has faced with AWS Organizations and the difficulty of managing a complex AWS environment using the built-in tools. And why they built and open-sourced org-formation as a way for you to manage your entire AWS organization using infrastructure-as-code (IAC).In part 1, we discussed Moneyou's journey towards serverless over the last 2 years and why it serverless makes sense to Moneyou. We talked a lot about risk and many of the misconceptions about risk when it comes to serverless. And of course, vendor lock-in was a big part of that discussion! It's refreshing to see a bank approach serverless and the vendor lock-in debate with such thoughtfulness rather than just following the mainstream narrative without understanding the underlying risks first.You can find Olaf on Twitter as @OConijn and check out org-formation.For more stories about real-world use of serverless technologies, please follow us on Twitter as @RealWorldSls and subscribe to this podcast.Opening theme song:Cheery Monday by Kevin MacLeodLink: https://incompetech.filmmusic.io/song/3495-cheery-monday/License: http://creativecommons.org/licenses/by/4.0/
This is part 1 of my conversation with Olaf Conijn and Tjerk Stroband at Moneyou, a Dutch bank based here in Amsterdam, Netherlands. We discussed Moneyou's journey towards serverless over the last 2 years and why it serverless makes sense to Moneyou. We talked a lot about risk and many of the misconceptions around risk when it comes to serverless. And of course, vendor lock-in was a big part of that discussion. It's refreshing to see a bank approach serverless and the vendor lock-in debate with such thoughtfulness rather than just following the mainstream narrative without understanding the underlying risks first.In part 2, we will talk about the challenges Moneyou has faced with AWS Organizations and the difficulty of managing a complex AWS environment using the built-in tools. And why they built and open-sourced org-formation as a way for you to manage your entire AWS organization using infrastructure-as-code (IAC). You can find Olaf on Twitter as @OConijn and check out org-formation.For more stories about real-world use of serverless technologies, please follow us on Twitter as @RealWorldSls and subscribe to this podcast.Opening theme song:Cheery Monday by Kevin MacLeodLink: https://incompetech.filmmusic.io/song/3495-cheery-monday/License: http://creativecommons.org/licenses/by/4.0/
In this session, we walk through what you need to do to be prepared to respond to security incidents in your AWS environments. We start off with planning best practices, move through the configurations that will help deliver protective and detective controls, then finally show you how you can improve your response capability. Learn how AWS Organizations, AWS Identity and Access Management (IAM), Amazon GuardDuty, AWS Security Hub, AWS Lambda, AWS WAF, AWS Systems Manager, and AWS Key Management Service (AWS KMS) can help take you from protect and detect to respond and recover.
AWS management and governance services can help your organization become and remain agile while enabling you to maintain control over costs, compliance, and security. Join us to hear AWS service leaders discuss their vision and the latest launches from the AWS management and governance teams, including innovations you can leverage now from Amazon CloudWatch, AWS Config, AWS Organizations, AWS Service Catalog, AWS Control Tower, AWS Systems Manager, and much more. We are joined onstage by current AWS customers who discuss how they use management and governance services today.
Enterprises are taking advantage of AWS so they can move quickly while maintaining governance control over costs, security, and compliance. In this session, we discuss how AWS Control Tower, AWS Service Catalog, AWS Organizations, and AWS CloudFormation simplifies compliance and makes ongoing governance easier. You learn how to set up and govern your multi-account AWS environment or landing zone through automation, blueprints, and guardrails. Finally, you learn how to launch governed and secure resources on AWS through a DevOps CI/CD pipeline.
AWS Organizations and AWS Single Sign-On (SSO) shifted the AWS cloud management model from separate accounts with unique identities to hierarchical accounts with common identities. Together they provide a simpler model to manage access within an account hierarchy, while providing users a portal from which to access their assigned accounts and roles. This session explains the latest AWS SSO security and administration features and best practices for managing permissions at scale, whether you administer your identities in AWS SSO or in Active Directory.
A key element of your AWS environment is having a framework to provide resource isolation, separation of duties, and clear billing separation (i.e., a landing zone). In this session, we discuss updates to multi-account strategy best practices for establishing your landing zone, new guidance for building organizational unit structures, and a historical context. We cover security patterns, such as identity federation, cross-account roles, consolidated logging, and account governance. We wrap up with considerations on using AWS Landing Zone, AWS Control Tower, or AWS Organizations. We encourage you to attend all the landing zone sessions. Search for 'landing zone' in the session catalog.
In this episode, we cover the following topics: Pillars in depth Security "Ability to protect information, systems, and assets while delivering business value through risk assessments and mitigation strategies" Design principles Implement strong identity foundation Enable traceability Security at all layers Automate security best practices Protect data in transit and at rest Keep people away from data Prepare for security events Key service: AWS IAM Focus areas Identity and access managementServices: IAM, AWS Organizations, MFA Detective controlsServices: CloudTrail, CloudWatch, AWS Config, GuardDuty Infrastructure protectionServices: VPC, Shield, WAF Data protectionServices: KMS, ELB (encryption), Macie (detect sensitive data) Incident responseServices: IAM, CloudFormation Best practices Identity and access managementAWS Cognito Act as broker between login providers Securely access any AWS service from mobile device Data protection Encrypt Encryption at rest Encryption in transit Encrypted backups Versioning Storage resiliency Detailed logging Incident responseEmploy strategy of templated "clean rooms" Create new trusted environment to conduct investigation Use CloudFormation to easily create the "clean room" environment Reliability "Ability to recover from failures, dynamically acquire resources to meet demand and mitigate disruptions such as network issues" Design principles Test recovery procedures Auto recover from failures Scale horizontally to increase availability Stop guessing capacity Manage change with automation Key service: CloudWatch Focus areas FoundationsServices: IAM, VPC, Trusted Advisor (visibility into service limits), Shield (protect from DDoS) Change managementServices: CloudTrail, AWS Config, CloudWatch, Auto Scaling Failure managementServices: CloudFormation, S3, Glacier, KMS Best practices Foundations Take into account physical and service limits High availability No single points of failure (SPOF) Multi-AZ design Load balancing Auto scaling Redundant connectivity Software resilience Failure management Backup and disaster recoveryRPO, RTO Inject failures to test resiliency Key points Plan network topology Manage your AWS service and rate limits Monitor your system Automate responses to demand Backup In the next episode, we'll cover the remaining 2 pillars and discuss how to perform a Well-Architected Review. Links AWS Well-Architected AWS Well-Architected Framework - Online/HTML versionincludes drill down pages for each review question, with recommended action items to address that issue AWS re:Invent 2018: How AWS Minimizes the Blast Radius of Failures - ARC338 Shuffle Sharding: Massive and Magical Fault Isolation Whitepapers AWS Well-Architected Framework Operational Excellence Pillar Security Pillar Reliability Pillar Performance-Efficiency Pillar Cost Optimization Pillar End song:The Runner (David Last Remix) - FaxFor a full transcription of this episode, please visit the episode webpage.We'd love to hear from you! You can reach us at: Web: https://mobycast.fm Voicemail: 844-818-0993 Email: ask@mobycast.fm Twitter: https://twitter.com/hashtag/mobycast
Simon and Nicki share a bumper-crop of interesting, useful and cool new services and features for AWS customers! Chapter Timings 00:01:17 Storage 00:03:15 Compute 00:07:13 Network 00:10:27 Databases 00:16:04 Migration 00:17:43 Developer Tools 00:22:47 Analytics 00:27:07 IoT 00:28:14 End User Computing 00:29:25 Machine Learning 00:30:49 Application Integration 00:34:18 Management and Governance 00:41:42 Customer Engagement 00:42:47 Media 00:44:03 Security 00:46:26 Gaming 00:47:54 AWS Marketplace 00:49:07 Robotics Shownotes Topic || Storage Optimize Cost with Amazon EFS Infrequent Access Lifecycle Management | https://aws.amazon.com/about-aws/whats-new/2019/07/optimize-cost-amazon-efs-infrequent-access-lifecycle-management/ Amazon FSx for Windows File Server Now Enables You to Use File Systems Directly With Your Organization’s Self-Managed Active Directory | https://aws.amazon.com/about-aws/whats-new/2019/06/amazon-fsx-for-windows-file-server-now-enables-you-to-use-file-systems-directly-with-your-organizations-self-managed-active-directory/ Amazon FSx for Windows File Server now enables you to use a single AWS Managed AD with file systems across VPCs or accounts | https://aws.amazon.com/about-aws/whats-new/2019/06/amazon-fsx-for-windows-file-server-now-enables-you-to-use-a-single-aws-managed-ad-with-file-systems-across-vpcs-or-accounts/ AWS Storage Gateway now supports Amazon VPC endpoints with AWS PrivateLink | https://aws.amazon.com/about-aws/whats-new/2019/06/aws-storage-gateway-now-supports-amazon-vpc-endpoints-aws-privatelink/ File Gateway adds encryption & signing options for SMB clients – Amazon Web Services | https://aws.amazon.com/about-aws/whats-new/2019/06/file-gateway-adds-options-to-enforce-encryption-and-signing-for-smb-shares/ New AWS Public Datasets Available from Facebook, Yale, Allen Institute for Brain Science, NOAA, and others | https://aws.amazon.com/about-aws/whats-new/2019/07/new-aws-public-datasets-available-from-facebook-yale-allen/ Topic || Compute Introducing Amazon EC2 Instance Connect | https://aws.amazon.com/about-aws/whats-new/2019/06/introducing-amazon-ec2-instance-connect/ Introducing New Instances Sizes for Amazon EC2 M5 and R5 Instances | https://aws.amazon.com/about-aws/whats-new/2019/06/introducing-new-instances-sizes-for-amazon-ec2-m5-and-r5-instances/ Introducing New Instance Sizes for Amazon EC2 C5 Instances | https://aws.amazon.com/about-aws/whats-new/2019/06/introducing-new-instance-sizes-for-amazon-ec2-c5-instances/ Amazon ECS now supports additional resource-level permissions and tag-based access controls | https://aws.amazon.com/about-aws/whats-new/2019/06/amazon-ecs-now-supports-resource-level-permissions-and-tag-based-access-controls/ Amazon ECS now offers improved capabilities for local testing | https://aws.amazon.com/about-aws/whats-new/2019/07/amazon-ecs-now-offers-improved-capabilities-for-local-testing/ AWS Container Services launches AWS For Fluent Bit | https://aws.amazon.com/about-aws/whats-new/2019/07/aws-container-services-launches-aws-for-fluent-bit/ Amazon EKS now supports Kubernetes version 1.13, ECR PrivateLink, and Kubernetes Pod Security Policies | https://aws.amazon.com/about-aws/whats-new/2019/06/amazon-eks-now-supports-kubernetes113-ecr-privatelink-kubernetes-pod-security/ AWS VPC CNI Version 1.5.0 Now Default for Amazon EKS Clusters | https://aws.amazon.com/about-aws/whats-new/2019/07/aws-vpc-cni-version-150-now-default-for-amazon-eks-clusters/ Announcing Enhanced Lambda@Edge Monitoring within the Amazon CloudFront Console | https://aws.amazon.com/about-aws/whats-new/2019/06/announcing-enhanced-lambda-edge-monitoring-amazon-cloudfront-console/ AWS Lambda Console shows recent invocations using CloudWatch Logs Insights | https://aws.amazon.com/about-aws/whats-new/2019/06/aws-lambda-console-recent-invocations-using-cloudwatch-logs-insights/ AWS Thinkbox Deadline with Resource Tracker | https://aws.amazon.com/about-aws/whats-new/2019/06/thinkbox-deadline-resource-tracker/ Topic || Network Network Load Balancer Now Supports UDP Protocol | https://aws.amazon.com/about-aws/whats-new/2019/06/network-load-balancer-now-supports-udp-protocol/ Announcing Amazon VPC Traffic Mirroring for Amazon EC2 Instances | https://aws.amazon.com/about-aws/whats-new/2019/06/announcing-amazon-vpc-traffic-mirroring-for-amazon-ec2-instances/ AWS ParallelCluster now supports Elastic Fabric Adapter (EFA) | https://aws.amazon.com/about-aws/whats-new/2019/06/aws-parallelcluster-supports-elastic-fabric-adapter/ AWS Direct Connect launches first location in Italy | https://aws.amazon.com/about-aws/whats-new/2019/06/aws_direct_connect_locations_in_italy/ Amazon CloudFront announces seven new Edge locations in North America, Europe, and Australia | https://aws.amazon.com/about-aws/whats-new/2019/06/cloudfront-seven-edge-locations-june2019/ Now Add Endpoint Policies to Interface Endpoints for AWS Services | https://aws.amazon.com/about-aws/whats-new/2019/06/now-add-endpoint-policies-to-interface-endpoints-for-aws-services/ Topic || Databases Amazon Aurora with PostgreSQL Compatibility Supports Serverless | https://aws.amazon.com/about-aws/whats-new/2019/07/amazon-aurora-with-postgresql-compatibility-supports-serverless/ Amazon RDS now supports Storage Auto Scaling | https://aws.amazon.com/about-aws/whats-new/2019/06/rds-storage-auto-scaling/ Amazon RDS Introduces Compatibility Checks for Upgrades from MySQL 5.7 to MySQL 8.0 | https://aws.amazon.com/about-aws/whats-new/2019/07/amazon_rds_introduces_compatibility_checks/ Amazon RDS for PostgreSQL Supports New Minor Versions 11.4, 10.9, 9.6.14, 9.5.18, and 9.4.23 | https://aws.amazon.com/about-aws/whats-new/2019/07/amazon-rds-postgresql-supports-minor-version-114/ Amazon Aurora with PostgreSQL Compatibility Supports Cluster Cache Management | https://aws.amazon.com/about-aws/whats-new/2019/06/amazon-aurora-with-postgresql-compatibility-supports-cluster-cache-management/ Amazon Aurora with PostgreSQL Compatibility Supports Data Import from Amazon S3 | https://aws.amazon.com/about-aws/whats-new/2019/06/amazon-aurora-with-postgresql-compatibility-supports-data-import-from-amazon-s3/ Amazon Aurora Supports Cloning Across AWS Accounts | https://aws.amazon.com/about-aws/whats-new/2019/07/amazon_aurora_supportscloningacrossawsaccounts-/ Amazon RDS for Oracle now supports z1d instance types | https://aws.amazon.com/about-aws/whats-new/2019/06/amazon-rds-for-oracle-now-supports-z1d-instance-types/ Amazon RDS for Oracle Supports Oracle Application Express (APEX) Version 19.1 | https://aws.amazon.com/about-aws/whats-new/2019/06/amazon-rds-oracle-supports-oracle-application-express-version-191/ Amazon ElastiCache launches reader endpoints for Redis | https://aws.amazon.com/about-aws/whats-new/2019/06/amazon-elasticache-launches-reader-endpoint-for-redis/ Amazon DocumentDB (with MongoDB compatibility) Now Supports Stopping and Starting Clusters | https://aws.amazon.com/about-aws/whats-new/2019/07/amazon-documentdb-supports-stopping-starting-cluters/ Amazon DocumentDB (with MongoDB compatibility) Now Provides Cluster Deletion Protection | https://aws.amazon.com/about-aws/whats-new/2019/07/amazon-documentdb-provides-cluster-deletion-protection/ You can now publish Amazon Neptune Audit Logs to Cloudwatch | https://aws.amazon.com/about-aws/whats-new/2019/06/you-can-now-publish-amazon-neptune-audit-logs-to-cloudwatch/ Amazon DynamoDB now supports deleting a global secondary index before it finishes building | https://aws.amazon.com/about-aws/whats-new/2019/07/amazon-dynamodb-now-supports-deleting-a-global-secondary-index-before-it-finishes-building/ Amazon DynamoDB now supports up to 25 unique items and 4 MB of data per transactional request | https://aws.amazon.com/about-aws/whats-new/2019/06/amazon-dynamodb-now-supports-up-to-25-unique-items-and-4-mb-of-data-per-transactional-request/ Topic || Migration CloudEndure Migration is now available at no charge | https://aws.amazon.com/about-aws/whats-new/2019/06/cloudendure-migration-available-at-no-charge/ New AWS ISV Workload Migration Program | https://aws.amazon.com/about-aws/whats-new/2019/06/isv-workload-migration/ AWS Migration Hub Adds Support for Service-Linked Roles | https://aws.amazon.com/about-aws/whats-new/2019/06/aws_migration_hub_adds_support_for_service_linked_roles/ Topic || Developer Tools The AWS Toolkit for Visual Studio Code is Now Generally Available | https://aws.amazon.com/about-aws/whats-new/2019/07/announcing-aws-toolkit-for-visual-studio-code/ The AWS Cloud Development Kit (AWS CDK) is Now Generally Available | https://aws.amazon.com/about-aws/whats-new/2019/07/the-aws-cloud-development-kit-aws-cdk-is-now-generally-available1/ AWS CodeCommit Supports Two Additional Merge Strategies and Merge Conflict Resolution | https://aws.amazon.com/about-aws/whats-new/2019/06/aws-codecommit-supports-2-additional-merge-strategies-and-merge-conflict-resolution/ AWS CodeCommit Now Supports Resource Tagging | https://aws.amazon.com/about-aws/whats-new/2019/07/aws-codecommit-now-supports-resource-tagging/ AWS CodeBuild adds Support for Polyglot Builds | https://aws.amazon.com/about-aws/whats-new/2019/07/aws-codebuild-adds-support-for-polyglot-builds/ AWS Amplify Console Updates Build image with SAM CLI and Custom Container Support | https://aws.amazon.com/about-aws/whats-new/2019/07/aws-amplify-console-updates-build-image-sam-cli-and-custom-container-support/ AWS Amplify Console announces Manual Deploys for Static Web Hosting | https://aws.amazon.com/about-aws/whats-new/2019/07/aws-amplify-console-announces-manual-deploys-for-static-web-hosting/ Amplify Framework now Supports Adding AWS Lambda Triggers for events in Auth and Storage categories | https://aws.amazon.com/about-aws/whats-new/2019/07/amplify-framework-now-supports-adding-aws-lambda-triggers-for-events-auth-storage-categories/ AWS Amplify Console now supports AWS CloudFormation | https://aws.amazon.com/about-aws/whats-new/2019/06/aws-amplify-console-supports-aws-cloudformation/ AWS CloudFormation updates for Amazon EC2, Amazon ECS, Amazon EFS, Amazon S3 and more | https://aws.amazon.com/about-aws/whats-new/2019/06/aws-cloudformation-updates-amazon-ec2-ecs-efs-s3-and-more/ Topic || Analytics Amazon QuickSight launches multi-sheet dashboards, new visual types and more | https://aws.amazon.com/about-aws/whats-new/2019/06/amazon-quickSight-launches-multi-sheet-dashboards-new-visual-types-and-more/ Amazon QuickSight now supports fine-grained access control over Amazon S3 and Amazon Athena! | https://aws.amazon.com/about-aws/whats-new/2019/06/amazon-quickSight-now-supports-fine-grained-access-control-over-amazon-S3-and-amazon-athena/ Announcing EMR Release 5.24.0: With performance improvements in Spark, new versions of Flink, Presto, and Hue, and enhanced CloudFormation support for EMR Instance Fleets | https://aws.amazon.com/about-aws/whats-new/2019/06/announcing-emr-release-5240-with-performance-improvements-in-spark-new-versions-of-flink-presto-Hue-and-cloudformation-support-for-launching-clusters-in-multiple-subnets-through-emr-instance-fleets/ AWS Glue now provides workflows to orchestrate your ETL workloads | https://aws.amazon.com/about-aws/whats-new/2019/06/aws-glue-now-provides-workflows-to-orchestrate-etl-workloads/ Amazon Elasticsearch Service increases data protection with automated hourly snapshots at no extra charge | https://aws.amazon.com/about-aws/whats-new/2019/07/amazon-elasticsearch-service-increases-data-protection-with-automated-hourly-snapshots-at-no-extra-charge/ Amazon MSK is Now Integrated with AWS CloudFormation and Terraform | https://aws.amazon.com/about-aws/whats-new/2019/06/amazon_msk_is_now_integrated_with_aws_cloudformation_and_terraform/ Kinesis Video Streams adds support for Dynamic Adaptive Streaming over HTTP (DASH) and H.265 video | https://aws.amazon.com/about-aws/whats-new/2019/07/kinesis-video-streams-adds-support-for-dynamic-adaptive-streaming-over-http-dash-and-h-2-6-5-video/ Announcing the availability of Amazon Kinesis Video Producer SDK in C | https://aws.amazon.com/about-aws/whats-new/2019/07/announcing-availability-of-amazon-kinesis-video-producer-sdk-in-c/ Topic || IoT AWS IoT Expands Globally | https://aws.amazon.com/about-aws/whats-new/2019/07/aws-iot-expands-globally/ Bluetooth Low Energy Support and New MQTT Library Now Generally Available in Amazon FreeRTOS 201906.00 Major | https://aws.amazon.com/about-aws/whats-new/2019/06/bluetooth-low-energy-support-amazon-freertos-now-available/ AWS IoT Greengrass 1.9.2 With Support for OpenWrt and AWS IoT Device Tester is Now Available | https://aws.amazon.com/about-aws/whats-new/2019/06/aws-iot-greengrass-support-openwrt-aws-iot-device-tester-available/ Topic || End User Computing Amazon Chime Achieves HIPAA Eligibility | https://aws.amazon.com/about-aws/whats-new/2019/06/chime_hipaa_eligibility/ Amazon WorkSpaces now supports copying Images across AWS Regions | https://aws.amazon.com/about-aws/whats-new/2019/06/amazon_workspaces_now_supports_copying_images_across_aws_regions/ Amazon AppStream 2.0 adds support for Windows Server 2016 and Windows Server 2019 | https://aws.amazon.com/about-aws/whats-new/2019/06/amazon-appstream-20-adds-support-for-windows-server-2016-and-windows-server-2019/ AWS Client VPN now includes support for AWS CloudFormation | https://aws.amazon.com/about-aws/whats-new/2019/06/aws-client-vpn-includes-support-for-aws-cloudformation/ Topic || Machine Learning Amazon Comprehend Medical is now Available in Sydney, London, and Canada | https://aws.amazon.com/about-aws/whats-new/2019/06/comprehend-medical-available-in-asia-pacific-eu-canada/ Amazon Personalize Now Generally Available | https://aws.amazon.com/about-aws/whats-new/2019/06/amazon-personalize-now-generally-available/ New in AWS Deep Learning Containers: Support for Amazon SageMaker and MXNet 1.4.1 with CUDA 10.0 | https://aws.amazon.com/about-aws/whats-new/2019/06/new-in-aws-deep-learning-containers-support-for-amazon-sagemaker-libraries-and-mxnet-1-4-1-with-cuda-10-0/ Topic || Application Integration Introducing Amazon EventBridge | https://aws.amazon.com/about-aws/whats-new/2019/07/introducing-amazon-eventbridge/ AWS App Mesh Service Discovery with AWS Cloud Map generally available. | https://aws.amazon.com/about-aws/whats-new/2019/06/aws-app-mesh-service-discovery-with-aws-cloud-map-generally-available/ Amazon API Gateway Now Supports Tag-Based Access Control and Tags on WebSocket APIs | https://aws.amazon.com/about-aws/whats-new/2019/07/amazon-api-gateway-supports-tag-based-access-control-tags-on-websocket/ Amazon API Gateway Adds Configurable Transport Layer Security Version for Custom Domains | https://aws.amazon.com/about-aws/whats-new/2019/06/amazon-api-gateway-adds-configurable-transport-layer-security-version-custom-domains/ Topic || Management and Governance Introducing AWS Systems Manager OpsCenter to enable faster issue resolution | https://aws.amazon.com/about-aws/whats-new/2019/06/introducing-aws-systems-manager-opscenter-to-enable-faster-issue-resolution/ Introducing Service Quotas: View and manage your quotas for AWS services from one central location | https://aws.amazon.com/about-aws/whats-new/2019/06/introducing-service-quotas-view-and-manage-quotas-for-aws-services-from-one-location/ Introducing AWS Budgets Reports | https://aws.amazon.com/about-aws/whats-new/2019/07/introducing-aws-budgets-reports/ Introducing Amazon CloudWatch Anomaly Detection – Now in Preview | https://aws.amazon.com/about-aws/whats-new/2019/07/introducing-amazon-cloudwatch-anomaly-detection-now-in-preview/ Amazon CloudWatch Launches Dynamic Labels on Dashboards | https://aws.amazon.com/about-aws/whats-new/2019/06/amazon-cloudwatch-launches-dynamic-labels-on-dashboards/ Amazon CloudWatch Adds Visibility for your .NET and SQL Server Application Health | https://aws.amazon.com/about-aws/whats-new/2019/06/amazon-cloudwatch-adds-visibility-for-your-net-sql-server-application-health/ Amazon CloudWatch Events Now Supports Amazon CloudWatch Logs as a Target and Tagging of CloudWatch Events Rules | https://aws.amazon.com/about-aws/whats-new/2019/06/amazon-cloudwatch-events-now-supports-amazon-cloudwatch-logs-target-tagging-cloudwatch-events-rules/ Introducing Amazon CloudWatch Container Insights for Amazon ECS and AWS Fargate - Now in Preview | https://aws.amazon.com/about-aws/whats-new/2019/07/introducing-container-insights-for-ecs-and-aws-fargate-in-preview/ AWS Config now enables you to provision AWS Config rules across all AWS accounts in your organization | https://aws.amazon.com/about-aws/whats-new/2019/07/aws-config-now-enables-you-to-provision-config-rules-across-all-aws-accounts-in-your-organization/ Session Manager launches Run As to start interactive sessions with your own operating system user account | https://aws.amazon.com/about-aws/whats-new/2019/07/session-manager-launches-run-as-to-start-interactive-sessions-with-your-own-operating-system-user-account/ Session Manager launches tunneling support for SSH and SCP | https://aws.amazon.com/about-aws/whats-new/2019/07/session-manager-launches-tunneling-support-for-ssh-and-scp/ Use IAM access advisor with AWS Organizations to set permission guardrails confidently | https://aws.amazon.com/about-aws/whats-new/2019/06/now-use-iam-access-advisor-with-aws-organizations-to-set-permission-guardrails-confidently/ AWS Resource Groups is Now SOC Compliant | https://aws.amazon.com/about-aws/whats-new/2019/07/aws-resource-groups-is-now-soc-compliant/ Topic || Customer Engagement Introducing AI Powered Speech Analytics for Amazon Connect | https://aws.amazon.com/about-aws/whats-new/2019/06/introducing-ai-powered-speech-analytics-for-amazon-connect/ Amazon Connect Launches Contact Flow Versioning | https://aws.amazon.com/about-aws/whats-new/2019/06/amazon-connect-launches-contact-flow-versioning/ Topic || Media AWS Elemental MediaConnect Now Supports SPEKE for Conditional Access | https://aws.amazon.com/about-aws/whats-new/2019/06/aws-elemental-mediaconnect-now-supports-speke-for-conditional-access/ AWS Elemental MediaLive Now Supports AWS CloudFormation | https://aws.amazon.com/about-aws/whats-new/2019/07/aws-elemental-medialive-now-supports-aws-cloudformation/ AWS Elemental MediaConvert Now Ingests Files from HTTPS Sources | https://aws.amazon.com/about-aws/whats-new/2019/07/aws-elemental-mediaconvert-now-ingests-files-from-https-sources/ Topic || Security AWS Certificate Manager Private Certificate Authority now supports root CA hierarchies | https://aws.amazon.com/about-aws/whats-new/2019/06/aws-certificate-manager-private-certificate-authority-now-supports-root-CA-heirarchies/ AWS Control Tower is now generally available | https://aws.amazon.com/about-aws/whats-new/2019/06/aws-control-tower-is-now-generally-available/ AWS Security Hub is now generally available | https://aws.amazon.com/about-aws/whats-new/2019/06/aws-security-hub-now-generally-available/ AWS Single Sign-On now makes it easy to access more business applications including Asana and Jamf | https://aws.amazon.com/about-aws/whats-new/2019/06/aws-single-sign-on-access-business-applications-including-asana-and-jamf/ Topic || Gaming Large Match Support for Amazon GameLift Now Available | https://aws.amazon.com/about-aws/whats-new/2019/07/large-match-support-for-amazon-gameLift-now-available/ New Dynamic Vegetation System in Lumberyard Beta 1.19 – Available Now | https://aws.amazon.com/about-aws/whats-new/2019/06/lumberyard-beta-119-available-now/ Topic || AWS Marketplace AWS Marketplace now integrates with your procurement systems | https://aws.amazon.com/about-aws/whats-new/2019/06/aws-marketplace-now-integrates-with-your-procurement-systems/ Topic || Robotics AWS RoboMaker announces support for Robot Operating System (ROS) Melodic | https://aws.amazon.com/about-aws/whats-new/2019/07/aws-robomaker-support-robot-operating-system-melodic/
We recap the AWS Reinforce conference from Boston Massachusetts. Draft results, overall impressions of the conference and we break down each announcement. Sponsors: Foghorn Consulting – fogops.io/thecloudpod Turbonomic – turbonomic.com/cloudpod Reinforce Results Justin DLP Cloud solution on AWS SIEM for AWS Endpoint Security Tools Jonathan Redlock or Trusted Advisor for security VPC Security Group Improvements Lists of Source IP's IP/Name matching/Tag sources for Security Groups Machine Learning around Flowlogs and Payload data Peter – Wins! L7 Egress Firewall/proxy Flowlogs with Payload data/Packet Capture – VPC Traffic Flow Mirroring Security Scanning of Container for ECR Honorable Mention Justin WAF Enhancement Client VPN based Dynamic Access/Security Groups Tagging Namespace fix Jonathan Organizations enhancements to make security easier across a set of accounts Peter Lunch will be free Reinforce Announcements AWS Certificate Manager Private CA now supports Root CA hierarchy You can now use IAM access Advisor with AWS Organizations to set permission guardrails confidently
In this episode Simon gives you some Black Belt tips around managing you CloudFormation stacks and how to use AWS Organizations to control access to AWS resources. He also gives you a look at Amazon QuickSight ML Insights. https://aws.amazon.com/blogs/mt/how-to-perform-cross-parameter-validation-using-aws-cloudformation-rules-and-assertions/ https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_example-scps.html#example-scp-deny-region https://aws.amazon.com/quicksight/features-ml/
Simon and Nicki cover almost 100 updates! Check out the chapter timings to see where things of interest to you might be. Infrastructure 00:42 Storage 1:17 Databases 4:14 Analytics 8:28 Compute 9:52 IoT 15:17 End User Computing 17:40 Machine Learning 19:10 Networking 21:57 Developer Tools 23:21 Application Integration 25:42 Game Tech 26:29 Media 27:37 Management and Governance 28:11 Robotics 30:35 Security 31:30 Solutions 32:40 Topic || Infrastructure In the Works – AWS Region in Indonesia | https://aws.amazon.com/blogs/aws/in-the-works-aws-region-in-indonesia/ Topic || Storage New Amazon S3 Storage Class – Glacier Deep Archive | https://aws.amazon.com/blogs/aws/new-amazon-s3-storage-class-glacier-deep-archive/ File Gateway Supports Amazon S3 Object Lock - Amazon Web Services | https://aws.amazon.com/about-aws/whats-new/2019/03/file-gateway-supports-amazon-s3-object-lock/ AWS Storage Gateway Tape Gateway Deep Archive | https://aws.amazon.com/about-aws/whats-new/2019/03/aws-storage-gateway-service-integrates-tape-gateway-with-amazon-s3-glacier-deeparchive-storage-class/ AWS Transfer for SFTP supports AWS Privatelink – Amazon Web Services | https://aws.amazon.com/about-aws/whats-new/2019/03/aws-transfer-for-sftp-now-supports-aws-privatelink/ Amazon FSx for Lustre Now Supports Access from Amazon Linux | https://aws.amazon.com/about-aws/whats-new/2019/03/amazon-fsx-for-lustre-now-supports-access-from-amazon-linux/ AWS introduces CSI Drivers for Amazon EFS and Amazon FSx for Lustre | https://aws.amazon.com/about-aws/whats-new/2019/04/aws-introduces-csi-drivers-for-amazon-efs-and-amazon-fsx-for-lus/ Topic || Databases Amazon DynamoDB drops the price of global tables by eliminating associated charges for DynamoDB Streams | https://aws.amazon.com/about-aws/whats-new/2019/04/amazon-dynamodb-drops-the-price-of-global-tables-by-eliminating-associated-charges-for-dynamodb-streams/ Amazon ElastiCache for Redis 5.0.3 enhances I/O handling to boost performance | https://aws.amazon.com/about-aws/whats-new/2019/03/amazon-elasticache-for-redis-503-enhances-io-handling-to-boost-performance/ Amazon Redshift announces Concurrency Scaling: Consistently fast performance during bursts of user activity | https://aws.amazon.com/about-aws/whats-new/2019/03/AmazonRedshift-ConcurrencyScaling/ Performance Insights is Generally Available on Amazon RDS for MariaDB | https://aws.amazon.com/about-aws/whats-new/2019/03/performance-insights-is-generally-available-for-mariadb/ Amazon RDS adds support for MySQL Versions 5.7.25, 5.7.24, and MariaDB Version 10.2.21 | https://aws.amazon.com/about-aws/whats-new/2019/03/amazon-rds-mysql-minor-5725-5725-and-mariadb-10221/ Amazon Aurora with MySQL 5.7 Compatibility Supports GTID-Based Replication | https://aws.amazon.com/about-aws/whats-new/2019/03/amazon-aurora-with-mysql-5-7-compatibility-supports-gtid-based-replication/ PostgreSQL 11 now Supported in Amazon RDS | https://aws.amazon.com/about-aws/whats-new/2019/03/postgresql11-now-supported-in-amazon-rds/ Amazon Aurora with PostgreSQL Compatibility Supports Logical Replication | https://aws.amazon.com/about-aws/whats-new/2019/03/amazon-aurora-with-postgresql-compatibility-supports-logical-replication/ Restore an Encrypted Amazon Aurora PostgreSQL Database from an Unencrypted Snapshot | https://aws.amazon.com/about-aws/whats-new/2019/03/restore-an-encrypted-aurora-postgresql-database-from-an-unencrypted-snapshot/ Amazon RDS for Oracle Now Supports In-region Read Replicas with Active Data Guard for Read Scalability and Availability | https://aws.amazon.com/about-aws/whats-new/2019/03/Amazon-RDS-for-Oracle-Now-Supports-In-region-Read-Replicas-with-Active-Data-Guard-for-Read-Scalability-and-Availability/ AWS Schema Conversion Tool Adds Support for Migrating Oracle ETL Jobs to AWS Glue | https://aws.amazon.com/about-aws/whats-new/2019/03/aws-schema-conversion-tool-adds-support-for-migrating-oracle-etl/ AWS Schema Conversion Tool Adds New Conversion Features | https://aws.amazon.com/about-aws/whats-new/2019/03/aws-sct-adds-support-for-new-endpoints/ Amazon Neptune Announces 99.9% Service Level Agreement | https://aws.amazon.com/about-aws/whats-new/2019/03/amazon-neptune-announces-service-level-agreement/ Topic || Analytics Amazon QuickSight Announces General Availability of ML Insights | https://aws.amazon.com/about-aws/whats-new/2019/03/amazon_quicksight_announced_general_availability_of_mL_insights/ AWS Glue enables running Apache Spark SQL queries | https://aws.amazon.com/about-aws/whats-new/2019/03/aws-glue-enables-running-apache-spark-sql-queries/ AWS Glue now supports resource tagging | https://aws.amazon.com/about-aws/whats-new/2019/03/aws-glue-now-supports-resource-tagging/ Amazon Kinesis Data Analytics Supports AWS CloudTrail Logging | https://aws.amazon.com/about-aws/whats-new/2019/03/amazon-kinesis-data-analytics-supports-aws-cloudtrail-logging/ Tag-on Create and Tag-Based IAM Application for Amazon Kinesis Data Firehose | https://aws.amazon.com/about-aws/whats-new/2019/03/tag-on-create-and-tag-based-iam-application-for-amazon-kinesis-data-firehose/ Topic || Compute Amazon EKS Introduces Kubernetes API Server Endpoint Access Control | https://aws.amazon.com/about-aws/whats-new/2019/03/amazon-eks-introduces-kubernetes-api-server-endpoint-access-cont/ Amazon EKS Opens Public Preview of Windows Container Support | https://aws.amazon.com/about-aws/whats-new/2019/03/amazon-eks-opens-public-preview-of-windows-container-support/ Amazon EKS now supports Kubernetes version 1.12 and Cluster Version Updates Via CloudFormation | https://aws.amazon.com/about-aws/whats-new/2019/03/amazon-eks-now-supports-kubernetes-version-1-12-and-cluster-vers/ New Local Testing Tools Now Available for Amazon ECS | https://aws.amazon.com/about-aws/whats-new/2019/03/new-local-testing-tools-now-available-for-amazon-ecs/ AWS Fargate and Amazon ECS Support External Deployment Controllers for ECS Services | https://aws.amazon.com/about-aws/whats-new/2019/03/aws-fargate-and-amazon-ecs-support-external-deployment-controlle/ AWS Fargate PV1.3 adds secrets and enhanced container dependency management | https://aws.amazon.com/about-aws/whats-new/2019/04/aws-fargate-pv1-3-adds-secrets-and-enhanced-container-dependency/ AWS Event Fork Pipelines – Nested Applications for Event-Driven Serverless Architectures | https://aws.amazon.com/about-aws/whats-new/2019/03/introducing-aws-event-fork-pipelines-nested-applications-for-event-driven-serverless-architectures/ New Amazon EC2 M5ad and R5ad Featuring AMD EPYC Processors are Now Available | https://aws.amazon.com/about-aws/whats-new/2019/03/new-amazon-ec2-m5ad-and-r5ad-featuring-amd-epyc-processors-are-now-available/ Announcing the Ability to Pick the Time for Amazon EC2 Scheduled Events | https://aws.amazon.com/about-aws/whats-new/2019/03/announcing-the-ability-to-pick-the-time-for-amazon-ec2-scheduled-events/ Topic || IoT AWS IoT Analytics now supports Single Step Setup of IoT Analytics Resources | https://aws.amazon.com/about-aws/whats-new/2019/03/aws-iot-analytics-now-supports-single-step-setup-of-iot-analytic/ AWS IoT Greengrass Adds New Connector for AWS IoT Analytics, Support for AWS CloudFormation Templates, and Integration with Fleet Indexing | https://aws.amazon.com/about-aws/whats-new/2019/03/aws-iot-greengrass-adds-new-connector-aws-iot-analytics-support-aws-cloudformation-templates-integration-fleet-indexing/ AWS IoT Device Tester v1.1 is Now Available for AWS IoT Greengrass v1.8.0 | https://aws.amazon.com/about-aws/whats-new/2019/03/aws-iot-device-tester-now-available-aws-iot-greengrass-v180/ AWS IoT Core Now Supports HTTP REST APIs with X.509 Client Certificate-Based Authentication On Port 443 | https://aws.amazon.com/about-aws/whats-new/2019/03/aws-iot-core-now-supports-http-rest-apis-with-x509-client-certificate-based-authentication-on-port-443/ Generate Fleet Metrics with New Capabilities of AWS IoT Device Management | https://aws.amazon.com/about-aws/whats-new/2019/03/generate-fleet-metrics-with-new-capabilities-of-aws-iot-device-management/ Topic || End User Computing Amazon AppStream 2.0 Now Supports iPad and Android Tablets and Touch Gestures | https://aws.amazon.com/about-aws/whats-new/2019/03/amazon-appstream-2-0-now-supports-ipad-and-android-tablets-and-t/ Amazon WorkDocs Drive now supports offline content and offline search | https://aws.amazon.com/about-aws/whats-new/2019/03/amazon-workdocs-drive-now-supports-offline-content-and-offline-s/ Introducing Amazon Chime Business Calling | https://aws.amazon.com/about-aws/whats-new/2019/03/introducing-amazon-chime-business-calling/ Introducing Amazon Chime Voice Connector | https://aws.amazon.com/about-aws/whats-new/2019/03/introducing-amazon-chime-voice-connector/ Alexa for Business now lets you create Alexa skills for your organization using Skill Blueprints | https://aws.amazon.com/about-aws/whats-new/2019/03/alexa-for-business-now-lets-you-create-alexa-skills-for-your-org/ Topic || Machine Learning New AWS Deep Learning AMIs: Amazon Linux 2, TensorFlow 1.13.1, MXNet 1.4.0, and Chainer 5.3.0 | https://aws.amazon.com/about-aws/whats-new/2019/03/new-aws-deep-learning-amis-amazon-linux2-tensorflow-13-1-mxnet1-4-0-chainer5-3-0/ Introducing AWS Deep Learning Containers | https://aws.amazon.com/about-aws/whats-new/2019/03/introducing-aws-deep-learning-containers/ Amazon Transcribe now supports speech-to-text in German and Korean | https://aws.amazon.com/about-aws/whats-new/2019/03/amazon-transcribe-now-supports-speech-to-text-in-german-and-korean/ Amazon Transcribe enhances custom vocabulary with custom pronunciations and display forms | https://aws.amazon.com/about-aws/whats-new/2019/03/amazon-transcribe-enhances-custom-vocabulary-with-custom-pronunciations-and-display-forms/ Amazon Comprehend now supports AWS KMS Encryption | https://aws.amazon.com/about-aws/whats-new/2019/03/amazon-comprehend-now-supports-aws-kms-encryption/ New Setup Tool To Get Started Quickly with Amazon Elastic Inference | https://aws.amazon.com/about-aws/whats-new/2019/04/new-python-script-to-get-started-quickly-with-amazon-elastic-inference/ Topic || Networking Application Load Balancers now Support Advanced Request Routing | https://aws.amazon.com/about-aws/whats-new/2019/03/application-load-balancers-now-support-advanced-request-routing/ Announcing Multi-Account Support for Direct Connect Gateway | https://aws.amazon.com/about-aws/whats-new/2019/03/announcing-multi-account-support-for-direct-connect-gateway/ Topic || Developer Tools AWS App Mesh is now generally available | https://aws.amazon.com/about-aws/whats-new/2019/03/aws-app-mesh-is-now-generally-available/ The AWS Toolkit for IntelliJ is Now Generally Available | https://aws.amazon.com/about-aws/whats-new/2019/03/the-aws-toolkit-for-intellij-is-now-generally-available/ The AWS Toolkit for Visual Studio Code (Developer Preview) is Now Available for Download from in the Visual Studio Marketplace | https://aws.amazon.com/about-aws/whats-new/2019/03/the-aws-toolkit-for-visual-studio-code--developer-preview--is-now-available-for-download-from-vs-marketplace/ AWS Cloud9 announces support for Ubuntu development environments | https://aws.amazon.com/about-aws/whats-new/2019/04/aws-cloud9-announces-support-for-ubuntu-development-environments/ Amplify Framework Adds Enhancements to Authentication for iOS, Android, and React Native Developers | https://aws.amazon.com/about-aws/whats-new/2019/03/amplify-framework-adds-enhancements-to-authentication-for-ios-android-and-react-native-developers/ AWS CodePipeline Adds Action-Level Details to Pipeline Execution History | https://aws.amazon.com/about-aws/whats-new/2019/03/aws-codepipeline-adds-action-level-details-to-pipeline-execution-history/ Topic || Application Integration Amazon API Gateway Improves API Publishing and Adds Features to Enhance User Experience | https://aws.amazon.com/about-aws/whats-new/2019/03/amazon-api-gateway-improves-api-publishing-and-adds-features/ Topic || Game Tech AWS Whats New - Lumberyard Beta 118 - Amazon Web Services | https://aws.amazon.com/about-aws/whats-new/2019/03/over-190-updates-come-to-lumberyard-beta-118-available-now/ Amazon GameLift Realtime Servers Now in Preview | https://aws.amazon.com/about-aws/whats-new/2019/03/amazon-gamelift-realtime-servers-now-in-preview/ Topic || Media Services Detailed Job Progress Status and Server-Side S3 Encryption Now Available with AWS Elemental MediaConvert | https://aws.amazon.com/about-aws/whats-new/2019/03/detailed-job-progress-status-and-server-side-s3-encryption-now-available-with-aws-elemental-mediaconvert/ Introducing Live Streaming with Automated Multi-Language Subtitling | https://aws.amazon.com/about-aws/whats-new/2019/03/introducing-live-streaming-with-automated-multi-language-subtitling/ Video on Demand Now Leverages AWS Elemental MediaConvert QVBR Mode | https://aws.amazon.com/about-aws/whats-new/2019/04/video-on-demand-now-leverages-aws-elemental-mediaconvert-qvbr-mode/ Topic || Management and Governance Use AWS Config Rules to Remediate Noncompliant Resources | https://aws.amazon.com/about-aws/whats-new/2019/03/use-aws-config-to-remediate-noncompliant-resources/ AWS Config Now Supports Tagging of AWS Config Resources | https://aws.amazon.com/about-aws/whats-new/2019/03/aws-config-now-supports-tagging-of-aws-config-resources/ Now You Can Query Based on Resource Configuration Properties in AWS Config | https://aws.amazon.com/about-aws/whats-new/2019/03/now-you-can-query-based-on-resource-configuration-properties-in-aws-config/ AWS Config Adds Support for Amazon API Gateway | https://aws.amazon.com/about-aws/whats-new/2019/03/aws-config-adds-support-for-amazon-api-gateway/ Amazon Inspector adds support for Amazon EC2 A1 instances | https://aws.amazon.com/about-aws/whats-new/2019/03/amazon-inspector-adds-support-for-amazon-ec2-a1-instances/ Service control policies in AWS Organizations enable fine-grained permission controls | https://aws.amazon.com/about-aws/whats-new/2019/03/service-control-policies-enable-fine-grained-permission-controls/ You can now use resource level policies for Amazon CloudWatch Alarms | https://aws.amazon.com/about-aws/whats-new/2019/04/you-can-now-use-resource-level-permissions-for-amazon-cloudwatch/ Amazon CloudWatch Launches Search Expressions | https://aws.amazon.com/about-aws/whats-new/2019/04/amazon-cloudwatch-launches-search-expressions/ AWS Systems Manager Announces 99.9% Service Level Agreement | https://aws.amazon.com/about-aws/whats-new/2019/03/aws-systems-manager-announces-service-level-agreement/ Topic || Robotics AWS RoboMaker Announces 99.9% Service Level Agreement | https://aws.amazon.com/about-aws/whats-new/2019/03/aws-robomaker-announces-service-level-agreement/ AWS RoboMaker announces new build and bundle feature that makes it up to 10x faster to update a simulation job or a robot | https://aws.amazon.com/about-aws/whats-new/2019/03/robomaker-new-build-and-bundle/ Topic || Security Announcing the renewal command for AWS Certificate Manager | https://aws.amazon.com/about-aws/whats-new/2019/03/Announcing-the-renewal-command-for-AWS-Certificate-Manager/ AWS Key Management Service Increases API Requests Per Second Limits | https://aws.amazon.com/about-aws/whats-new/2019/03/aws-key-management-service-increases-api-requests-per-second-limits/ Announcing AWS Firewall Manager Support For AWS Shield Advanced | https://aws.amazon.com/about-aws/whats-new/2019/03/announcing-aws-firewall-manager-support-for-aws-shield-advanced/ Topic || Solutions New AWS SAP Navigate Track | https://aws.amazon.com/about-aws/whats-new/2019/03/sap-navigate-track/ Deploy Micro Focus PlateSpin Migrate on AWS with New Quick Start | https://aws.amazon.com/about-aws/whats-new/2019/03/deploy-micro-focus-platespin-migrate-on-aws-with-new-quick-start/
Simon takes you through the December updates to finish up 2018! Shownotes: Topic || Customer Engagement 0:23 Amazon Pinpoint Announces Event-Based Campaigns, Driving Personalization and Engagement | https://aws.amazon.com/about-aws/whats-new/2018/12/amazon-pinpoint-announces-event-based-campaigns-driving-personalization-and-engagement/ Amazon Pinpoint Announces a New Email Deliverability Dashboard to Help Customers Reach their Users' Inboxes | https://aws.amazon.com/about-aws/whats-new/2018/12/amazon-pinpoint-announces-a-new-email-deliverability-dashboard-to-help-customers-reach-their-users-inboxes/ Amazon Connect Adds New Contact API to Get Contact Attributes | https://aws.amazon.com/about-aws/whats-new/2018/12/amazon-connect-adds-new-contact-api-to-get-contact-attributes/ Topic || Storage 2:05 Amazon S3 Inventory adds Apache Parquet output format | https://aws.amazon.com/about-aws/whats-new/2018/12/amazon-s3-announces-parquet-output-format-for-inventory/ AWS Storage Gateway Increases File Gateway Performance - Amazon Web Services | https://aws.amazon.com/about-aws/whats-new/2018/12/aws-storage-gateway-announces-increased-throughput-and-adds-new-/ Topic || Networking & Content Delivery 3:32 Amazon Virtual Private Clouds can now be shared with other AWS Accounts | https://aws.amazon.com/about-aws/whats-new/2018/12/amazon-virtual-private-clouds-can-now-be-shared-with-other-aws-accounts/ Introducing AWS Client VPN to Securely Access AWS and On-Premises Resources | https://aws.amazon.com/about-aws/whats-new/2018/12/introducing-aws-client-vpn-to-securely-access-aws-and-on-premises-resources/ New AWS Direct Connect locations in Silicon Valley and Stockholm | https://aws.amazon.com/about-aws/whats-new/2018/12/new-aws-direct-connect-locations-silicon-valley-stockholm/ Amazon CloudFront announces ten new Edge locations in North America, Europe, and Asia | https://aws.amazon.com/about-aws/whats-new/2018/12/cloudfront-dec2018-10-edge-locations/ Amazon API Gateway Simplifies Building Real-Time Two-Way Communication Applications with WebSocket APIs | https://aws.amazon.com/about-aws/whats-new/2018/12/amazon-api-gateway-launches-support-for-websocket-apis/ Amazon Route 53 Adds Alias Record Support For API Gateway and VPC Endpoints | https://aws.amazon.com/about-aws/whats-new/2018/12/amazon-route-53-adds-alias-record-support-for-api-gateway-and-vpc-endpoints/ Topic || Database 7:41 Introducing Workload Qualification Framework to Project Plan Your Database Migrations to AWS | https://aws.amazon.com/about-aws/whats-new/2018/12/introducing-workload-qualification-framework-to-plan-your-database-migration-projects/ AWS Database Migration Service Adds Support for Parallel Full Load and Enhanced LOB Migration | https://aws.amazon.com/about-aws/whats-new/2018/12/aws-database-migration-service-adds-support-for-parallel-full-load/ Amazon RDS Enhances Automatic Minor Version Upgrades | https://aws.amazon.com/about-aws/whats-new/2018/12/amazon-rds-enhances-auto-minor-version-upgrades/ Amazon RDS for PostgreSQL Now Supports R5 Instance Types | https://aws.amazon.com/about-aws/whats-new/2018/12/amazon-rds-postgresql-now-supports-r5-instance-types/ Amazon RDS Supports Publishing PostgreSQL Log Files to Amazon CloudWatch Logs | https://aws.amazon.com/about-aws/whats-new/2018/12/amazon-rds-supports-postgresql-logfiles-publish-to-amazon-cloudwatch-logs/ Amazon RDS Performance Insights Supports Counter Metrics for Aurora PostgreSQL | https://aws.amazon.com/about-aws/whats-new/2018/12/amazon-rds-performance-insights-supports-counter-metrics-for-aurora-postgresql/ Amazon RDS for PostgreSQL Supports New Minor Versions 10.6, 9.6.11, 9.5.15, and 9.4.20 | https://aws.amazon.com/about-aws/whats-new/2018/12/amazon-rds-postgresql-supports-minor-version-106/ Amazon Aurora with PostgreSQL Compatibility Supports PostgreSQL 10.5 | https://aws.amazon.com/about-aws/whats-new/2018/12/amazon-aurora-postgresql-supports-postgresql-105/ Amazon Aurora with PostgreSQL Compatibility Adds Query Plan Management | https://aws.amazon.com/about-aws/whats-new/2018/12/amazon-aurora-postgresql-compatibility-adds-query-plan-management/ Announcing the New Amazon DynamoDB Key Diagnostics Library | https://aws.amazon.com/about-aws/whats-new/2018/12/announcing-the-new-amazon-dynamodb-key-diagnostics-library/ Amazon DynamoDB Increases the Number of Global Secondary Indexes and Projected Index Attributes You Can Create Per Table | https://aws.amazon.com/about-aws/whats-new/2018/12/amazon-dynamodb-increases-the-number-of-global-secondary-indexes-and-projected-index-attributes-you-can-create-per-table/ Amazon DynamoDB Accelerator (DAX) Adds Support for DynamoDB Transactions | https://aws.amazon.com/about-aws/whats-new/2018/12/amazon-dynamodb-accelerator-adds-support-for-dynamodb-transactions/ Amazon MQ Now Supports ActiveMQ Minor Version 5.15.8 | https://aws.amazon.com/about-aws/whats-new/2018/12/amazon-mq-now-supports-activemq-minor-version5-15-8/ Topic || Compute 14:13 Amazon ECR Console Version 2 | https://aws.amazon.com/about-aws/whats-new/2018/12/amazon-ecr-console-version-2/ Amazon ECR now allows Repository Tagging | https://aws.amazon.com/about-aws/whats-new/2018/12/amazon-ecr-now-allows-repository-tagging/ Amazon EC2 Introduces Partition Placement Groups | https://aws.amazon.com/about-aws/whats-new/2018/12/amazon-ec2-ntroduces-partition-placement-groups/ AWS Auto Scaling is Now Available in 8 more Regions Worldwide and Offers Predictive Scaling for Amazon EC2 | https://aws.amazon.com/about-aws/whats-new/2018/12/aws-auto-scaling-is-now-available-in-8-more-regions-worldwide/ Amazon EC2 C5d, M5d, and R5d Instances are Now Available in Additional AWS Regions | https://aws.amazon.com/about-aws/whats-new/2018/12/amazon-ec2-c5d-m5d-and-r5d-instances-are-now-available-in-additional-aws-regions/ AWS Fargate Platform Version 1.3 Adds Secrets Support | https://aws.amazon.com/about-aws/whats-new/2018/12/aws-fargate-platform-version-1-3-adds-secrets-support/ Amazon EKS Adds Managed Cluster Updates and Support for Kubernetes Version 1.11 | https://aws.amazon.com/about-aws/whats-new/2018/12/amazon-eks-adds-managed-cluster-updates-and-support-for-kubernetes/ AWS Server Migration Service Adds Support for Multi-Server Migration | https://aws.amazon.com/about-aws/whats-new/2018/12/aws-server-migration-service-adds-support-for-multi-server-migration/ AWS Batch now supports Amazon EC2 C5n Instances Featuring 100 Gbps of Network Bandwidth | https://aws.amazon.com/about-aws/whats-new/2018/12/aws-batch-now-supports-amazon-ec2-c5n-instances-featuring-100-gbps-of-network-bandwidth/ AWS Batch Now Supports Amazon EC2 P3dn Instances | https://aws.amazon.com/about-aws/whats-new/2018/12/aws-batch-now-supports-amazon-ec2-p3dn-instances/ New AWS ParallelCluster Features | https://aws.amazon.com/about-aws/whats-new/2018/12/new-aws-parallelcluster-features/ New SAM PUBLISH Command Simplifies Publishing Applications to the AWS Serverless Application Repository | https://aws.amazon.com/about-aws/whats-new/2018/12/sam-publish-command-simplifies-publishing-apps-to-serverless-application-repository/ AWS Elastic Beanstalk Adds Tag-Based Permissions | https://aws.amazon.com/about-aws/whats-new/2018/12/aws-elastic-beanstalk-adds-tag-based-permissions/ Topic || Developer Tools 20:39 AWS X-Ray Adds the Ability to Group Traces by Root Cause | https://aws.amazon.com/about-aws/whats-new/2018/12/aws-xray-adds-the-ability-to-group-traces-by-root-cause/ AWS CodePipeline Supports VPC Endpoints | https://aws.amazon.com/about-aws/whats-new/2018/12/aws-codepipeline-supports-vpc-endpoints/ AWS CloudFormation macros can now be used in templates with nested stacks | https://aws.amazon.com/about-aws/whats-new/2018/12/aws-cloudformation-macros-can-now-be-used-in-templates-with-nest/ Quickly Create, Build, and Deploy Amazon Alexa Skills from AWS | https://aws.amazon.com/about-aws/whats-new/2018/12/quickly-create-build-and-deploy-amazon-alexa-skills-from-aws/ Topic || Machine Learning 22:07 Amazon Transcribe now supports speech-to-text in French, Italian, and Brazilian Portuguese | https://aws.amazon.com/about-aws/whats-new/2018/12/amazon-transcribe-now-supports-speech-to-text-in-french-italian-and-brazilian-portuguese/ Topic || Security, Identity and Compliance 22:27 AWS IAM Console Now Available In German, Portuguese, Spanish, Italian, and Traditional Chinese | https://aws.amazon.com/about-aws/whats-new/2018/12/iam-console-available-in-new-languages/ Automate AWS IAM Permissions Analysis Using the New IAM Access Advisor APIs | https://aws.amazon.com/about-aws/whats-new/2018/12/iam_access_advisor_apis/ Introducing Notifications for New Amazon GuardDuty Finding Types and Feature Releases | https://aws.amazon.com/about-aws/whats-new/2018/12/Introducing-Notifications-for-New-Amazon-GuardDuty-Finding-Types-and-Feature-Releases/ AWS Organizations Supports AWS License Manager Cross Account Sharing Capabilities | https://aws.amazon.com/about-aws/whats-new/2018/12/aws-organizations-supports-aws-license-manager/ AWS Shield Adds Advanced DDoS Protection for AWS Global Accelerator | https://aws.amazon.com/about-aws/whats-new/2018/12/aws-shield-adds-advanced-ddos-protection-for-aws-global-accelerator/ AWS Systems Manager Automation Now Supports at Scale Action | https://aws.amazon.com/about-aws/whats-new/2018/12/AWS-Systems-Manager-Automation-Now-Supports-at-Scale-Actions/ AWS Service Catalog – Integration with AWS Organizations | https://aws.amazon.com/about-aws/whats-new/2018/12/aws-service-catalog-announces-integration-with-aws-organizations/ The AWS WAF Security Automations solution now includes a monitoring dashboard | https://aws.amazon.com/about-aws/whats-new/2018/12/the-aws-waf-security-automations-solution-now-includes-a-monitoring-dashboard/ Announcing rule group exception for Managed Rules for AWS WAF | https://aws.amazon.com/about-aws/whats-new/2018/12/announcing-rule-group-exception-for-managed-rules-for-aws-waf/ AWS Firewall Manager Available in Four Additional Regions | https://aws.amazon.com/about-aws/whats-new/2018/12/aws-firewall-manager-now-available-in-four-more-regions/ Topic || Application Integration 26:59 Amazon SQS now Supports Amazon VPC Endpoints using AWS PrivateLink - Amazon Web Services | https://aws.amazon.com/about-aws/whats-new/2018/12/amazon-sqs-vpc-endpoints-aws-privatelink/ Amazon MQ Introduces Network of Brokers Feature | https://aws.amazon.com/about-aws/whats-new/2018/12/amazon-mq-introduces-network-of-brokers-feature/ Topic || Desktop & App Streaming 27:27 AppStream 2.0 introduces APIs to simplify app entitlements and enable delivery of virtualized apps | https://aws.amazon.com/about-aws/whats-new/2018/12/appstream-2-0-introduces-apis-to-simplify-app-entitlements-and-e/ Topic || Analytics 28:10 Support for Spark 2.4.0, and Hue 4.3.0 on Amazon EMR release 5.20.0 | https://aws.amazon.com/about-aws/whats-new/2018/12/support-for-spark-240-hue-430-on-amazon-emr-release-5200/ Amazon Redshift now runs VACUUM DELETE automatically | https://aws.amazon.com/about-aws/whats-new/2018/12/amazon-redshift-automatic-vacuum/ Topic || Internet of Things 29:41 Introducing AWS CloudFormation Template Support for AWS IoT Analytics | https://aws.amazon.com/about-aws/whats-new/2018/12/introducing-aws-cloudformation-template-support-for-aws-iot-analytics/ AWS IoT Device Defender Adds Support for Two New Security Metrics | https://aws.amazon.com/about-aws/whats-new/2018/12/aws-iot-device-defender-adds-support-for-two-new-security-metrics/ MediaTek MT7697H System on Chip is Qualified for Amazon FreeRTOS | https://aws.amazon.com/about-aws/whats-new/2018/12/mediatek-mt7697h-system-on-chip-qualified-amazon-freertos/ Topic || Other 30:35 Announcing Programmatic Access to AWS Pricing Information in China via the AWS Price List API | https://aws.amazon.com/about-aws/whats-new/2018/12/announcing-aws-price-list-api-availability-in-china/ Introducing the Media Services Application Mapper | https://aws.amazon.com/about-aws/whats-new/2018/12/introducing-the-media-services-application-mapper/ New Quick Start Deploys Varnish Cache Plus (VCP) on the AWS Cloud | https://aws.amazon.com/about-aws/whats-new/2018/12/new-quick-start-deploys-varnish-on-aws/ Announcing 15 Free Digital Training Courses on New AWS Services Launched at re:Invent 2018 | https://aws.amazon.com/about-aws/whats-new/2018/12/announcing-15-free-digital-training-courses-on-new-aws-services-launched-at-re-invent-2018/
Another big round up of useful new capabilities for customers! Shownotes: Announcing S3 One Zone-Infrequent Access, a New Amazon S3 Storage Class | https://aws.amazon.com/about-aws/whats-new/2018/04/announcing-s3-one-zone-infrequent-access-a-new-amazon-s3-storage-class/ Amazon S3 Select Is Now Generally Available | https://aws.amazon.com/about-aws/whats-new/2018/04/amazon-s3-select-is-now-generally-available/ Amazon DynamoDB Adds Support for Continuous Backups and Point-In-Time Recovery (PITR) | https://aws.amazon.com/about-aws/whats-new/2018/03/amazon-dynamodb-adds-support-for-continuous-backups-and-point-in-time-recovery/ Amazon DynamoDB Encryption at Rest Now Available in Additional Regions | https://aws.amazon.com/about-aws/whats-new/2018/04/amazon-dynamodb-encryption-at-rest-now-available-in-additonal-regions/ Amazon AppStream 2.0 Enables Custom Branding | https://aws.amazon.com/about-aws/whats-new/2018/03/appstream2-enables-custom-branding/ AWS Cloud9 Supports Local Debugging of AWS Lambda Functions in Python | https://aws.amazon.com/about-aws/whats-new/2018/03/aws-cloud9-supports-local-debugging-of-aws-lambda-functions-in-python/ AWS Lambda Supports Node.js v8.10 | https://aws.amazon.com/about-aws/whats-new/2018/04/aws-lambda-supports-nodejs/ AWS CloudFormation Now Supports Launch Templates | https://aws.amazon.com/about-aws/whats-new/2018/03/aws-cloudformation-now-supports-launch-templates/ AWS Serverless Application Model (SAM) Implementation is Now Open-source - Amazon Web Services | https://aws.amazon.com/about-aws/whats-new/2018/04/aws-sam-implementation-is-now-open-source/ Introducing Service Discovery for Amazon ECS | https://aws.amazon.com/about-aws/whats-new/2018/03/introducing-service-discovery-for-amazon-ecs/ AWS Fargate Platform Version 1.1 Adds Support for Task Metadata, Container Health Checks, and Service Discovery | https://aws.amazon.com/about-aws/whats-new/2018/03/aws-fargate-platform-version-1-1/ AWS AppSync now Generally Available (GA) with new GraphQL Features | https://aws.amazon.com/about-aws/whats-new/2018/04/aws-appsync-now-ga/ AWS Amplify Adds Support for GraphQL and AWS AppSync Enabling Real-time Data Capabilities in JavaScript Applications | https://aws.amazon.com/about-aws/whats-new/2018/04/aws-amplify-adds-support-for-graphql-and-aws-appsync-enabling-re/ AWS X-Ray Adds Support for Customer Managed AWS KMS Keys | https://aws.amazon.com/about-aws/whats-new/2018/04/aws-x-ray-adds-support-for-customer-managed-aws-kms-keys/ Amazon API Gateway Supports Cross-Account AWS Lambda Authorizers and Integrations | https://aws.amazon.com/about-aws/whats-new/2018/04/amazon-api-gateway-supports-cross-account-aws-lambda-authorizers/ Amazon API Gateway Supports Resource Policies for APIs | https://aws.amazon.com/about-aws/whats-new/2018/04/amazon-api-gateway-supports-resource-policies/ Introducing AWS Certificate Manager Private Certificate Authority | https://aws.amazon.com/about-aws/whats-new/2018/04/introducing-aws-certificate-manager-private-certificate-authority/ Longer Sessions For IAM Roles | https://aws.amazon.com/about-aws/whats-new/2018/03/longer-role- sessions/ Enable Trusted Organization Access in AWS Organizations | https://aws.amazon.com/about-aws/whats-new/2018/03/aws-organizations-trusted-organization-access/ Increase User Logon Performance in AWS Managed Microsoft AD | https://aws.amazon.com/about-aws/whats-new/2018/03/increase-user-logon-performance-in-aws-managed-microsoft-ad/ New Multi-Account, Multi-Region Data Aggregation Capability in AWS Config | https://aws.amazon.com/about-aws/whats-new/2018/04/new-multi-account-multi-region-data-aggregation-capability-in-aws-config/ Introducing AWS Firewall Manager - Amazon Web Services (AWS) | https://aws.amazon.com/about-aws/whats-new/2018/04/introducing-aws-firewall-manager/ Introducing AWS Secrets Manager - Amazon Web Services (AWS) | https://aws.amazon.com/about-aws/whats-new/2018/04/introducing-aws-secrets-manager/ Amazon CloudWatch Metric Math | https://aws.amazon.com/about-aws/whats-new/2018/04/amazon-cloudwatch-adds-metric-math-to-enable-custom-operations-on-metrics/ Amazon CloudWatch Events Adds Amazon SQS FIFO as an Event Target | https://aws.amazon.com/about-aws/whats-new/2018/04/amazon-cloudWatch-events-adds-amazon-SQS-FIFO-as-an-event-target/ Amazon CloudWatch Adds Route 53 Logs to Vended Logs | https://aws.amazon.com/about-aws/whats-new/2018/03/amazon-cloudwatch-adds-route53-logs-to-vended-logs/ Making Easier to Track Your Amazon EBS Volume State | https://aws.amazon.com/about-aws/whats-new/2018/03/making-easier-to-track-your-amazon-ebs-volume-state/ Resource Groups Tagging API | https://aws.amazon.com/about-aws/whats-new/2018/03/resource-groups-tagging-api-now-supports-13-additional-aws-services/ AWS Systems Manager Adds Patch Management for CentOS Linux | https://aws.amazon.com/about-aws/whats-new/2018/03/aws-systems-manager-adds-patch-management-for-centos-linux/ AWS Config Notifications Are Now Integrated with Amazon CloudWatch Events | https://aws.amazon.com/about-aws/whats-new/2018/03/aws-config-notifications-are-now-integrated-with-amazon-cloudwatch-events/ Amazon Connect Automated Outbound Calling is Now Generally Available | https://aws.amazon.com/about-aws/whats-new/2018/03/amazon-connect-automated-outbound-calling-is-now-generally-available/ Amazon Connect Federated Single Sign-On Using SAML 2.0 is Generally Available | https://aws.amazon.com/about-aws/whats-new/2018/03/amazon-connect-federated-single-sign-on-using-saml-2-0-is-generally-available/ Amazon Elasticsearch Service Simplifies User Authentication and Access for Kibana with Amazon Cognito | https://aws.amazon.com/about-aws/whats-new/2018/04/amazon-elasticsearch-service-simplifies-user-authentication-and-access-for-kibana-with-amazon-cognito/ Amazon EFS Now Supports Encryption of Data in Transit | https://aws.amazon.com/about-aws/whats-new/2018/04/amazon-efs-now-supports-encryption-of-data-in-transit/ Apache MXNet Model Server Adds Container Support for Scalable Model Serving | https://aws.amazon.com/about-aws/whats-new/2018/04/mxnet-model-server-container-support/ AWS Deep Learning AMIs Now Include Optimized TensorFlow 1.6 for Amazon EC2 P3 and C5 Instances | https://aws.amazon.com/about-aws/whats-new/2018/03/aws-deep-learning-amis-optimized-tensorflow/ Amazon SageMaker has Open Sourced TensorFlow 1.6 and Apache MXNet 1.1 Docker Containers with Support for Local Mode, and More Instance Types Across All Modules | https://aws.amazon.com/about-aws/whats-new/2018/04/amazon-sagemaker-has-open-sourced-tensorflow-1-6-and-apache-mxnet-1-1-docker-containers-with-support-for-local-mode-and-now-supports-more-instance-types-across-all-modules/ Amazon Translate is Now Generally Available | https://aws.amazon.com/about-aws/whats-new/2018/04/amazon-translate-is-now-generally-available/ Amazon Transcribe is Now Generally Available | https://aws.amazon.com/about-aws/whats-new/2018/04/amazon-transcribe-is-now-generally-available/ Amazon Polly Increases Character Limits | https://aws.amazon.com/about-aws/whats-new/2018/03/amazon-polly-increases-character-limits/ Amazon Rekognition Improves Accuracy of Real-Time Face Recognition and Verification | https://aws.amazon.com/about-aws/whats-new/2018/04/amazon-rekognition-improves-accuracy-of-real-time-face-recognition-and-verification/ Amazon Simple Notification Service (SNS) now Supports AWS PrivateLink | https://aws.amazon.com/about-aws/whats-new/2018/04/amazon-SNS-now-supports-aws-privatelink/ Amazon Athena releases an updated JDBC driver with support for Array data types | https://aws.amazon.com/about-aws/whats-new/2018/04/amazon-athena-updated-jdbc-driver-launch/ Amazon QuickSight Adds New Data Connectors to Popular Business Apps and JSON | https://aws.amazon.com/about-aws/whats-new/2018/04/AmazonQuickSight-adds-new-app-connectors-and-JSON-support/ AWS Batch Adds Support for Automatic Termination with Job Execution Timeout | https://aws.amazon.com/about-aws/whats-new/2018/04/aws-batch-adds-support-for-automatic-termination-with-job-execution-timeout/ Announcing Enhancements to AWS Auto Scaling | https://aws.amazon.com/about-aws/whats-new/2018/04/announcing-enhancements-to-aws-auto-scaling/ Announcing 4 Free Digital Training Courses on New AWS Services | https://aws.amazon.com/about-aws/whats-new/2018/04/four-digital-courses-on-new-AWS-services/ Announcing the AWS Certified Security - Specialty Exam | https://aws.amazon.com/about-aws/whats-new/2018/04/aws-certified-security-specialty/ AWS Elemental MediaConvert Introduces Basic Pricing Tier | https://aws.amazon.com/about-aws/whats-new/2018/03/aws-elemental-mediaconvert-introduces-basic-pricing-tier/ Identify Opportunities for Amazon RDS Cost Savings Using AWS Cost Explorer's Reserved Instance (RI) Purchase Recommendations | https://aws.amazon.com/about-aws/whats-new/2018/04/cost-explorer-reserved-instance-purchase-recommendations/
We speak with Eric Kascic - a Principal Architect from Stelligent - about automating the provisioning of AWS Organizations along with DevOps on AWS news
In this session, we review best practices for managing multiple AWS accounts using AWS Organizations. We cover how to think about the master account and your account strategy, as well as how to roll out changes. You learn how Capital One applies these best practices to manage its AWS accounts, which number over 160, and PCI workloads.
From announcements to service updates, hosts Dr. Pete and Russ bring you another packed episode of AWS TechChat. In this episode, they take you through the announcement of new edge locations, updates to Amazon QuickSIght, AWS CloudTrail, AWS Marketplace, Amazon WorkMail, Amazon EMR, Amazon RDS, AWS Schema Conversion Tool, AWS Organizations, Elastic Load Balancing, AWS Deep Learning, Amazon Simple Queue System (SQS), Amazon Chime, AWS Lambda and introduce, AWS and Ionic’s Mobile Web and Hybrid Application on GitHub.
chime s3 outage AWS Summary Cloud downtime compared google cloud next Cloud spanner kaggle acquisition container builder video intelligence cloud jobs DynamoDB TTL AWS Organizations Creating new accounts (via esh) mysql event streams w/kinesis postgres w/kafka
AWS Organizations is a new administrative capability, which allows you to control multiple AWS accounts centrally. With Organizations, you can hierarchically organize and manage your AWS accounts and apply organizational controls across these accounts to meet your business needs. In this session, we cover the capabilities of AWS Organizations and discuss best practices when managing multiple AWS accounts.