The weeks leading up to AWS re:Invent are filled with announcements that Amazon has decided not to hold for either a keynote or a major session. There are so many that even before re:Invent starts, it’s easy to miss many interesting things. Of course, I’m sure I’ve missed things, and the things I care about are not necessarily the things that you care about, but even so I’ll share a list of some of the things that I’d recommend you read.
Root Sessions
Managing AWS root accounts has often been a bit painful. They’re powerful, so you want to keep them locked down, but there are just some places where nothing else works, and you need access to them. This has often meant that security standards recommended Hardware MFA, but as your organization grows, even this gets a bit complicated to manage.
With Centrally managing root access for customers using AWS Organizations, it seems like organizations can get rid the liability of having security root accounts while retaining the ability for sufficiently authorized users to open a root session when needs require it.
This feels a bit like sudo, in a good way.
ECS Rebalancing and EC2 Zonal Shift
If you’re an AWS customer, you’ve likely experienced the fear that comes from hearing of any AWS outage — when AWS has an incident, it’s not uncommon for some or many of their customers to be having an incident as well. If that doesn’t happen to you frequently, it will likely take you some time to recover because you’re not experienced at diagnosing and recovering, perhaps you haven’t practice and prepared.
When that happens, anything AWS can do to simplify that process for you, allow certain things to happen automatically, the better. ECS AZ rebalancing and Zonal Shift for EC2 are both features that can make things a little easier for you when ad things are already happening.
EKS Auto Mode
ECS is often my starting point for a containerized service on AWS. Kubernetes is very much the industry standard, but if your team isn’t already up to speed on setting up, managing and using Kubernetes, ECS definitely feels like a lower barrier to entry, a simpler model.
Having said that, if you feel like you want to go with Kubernetes, anything AWS can do to simplify the job of making and running Kubernetes infrastructure sounds like a win. EKS auto mode sounds like it simplifies that experience somewhat, so it’s probably a good starting point for anyone making their first attempt at Kubernetes on AWS.
S3 Browsing, Integrity, Conditional Writes
If you’ve built integration with S3 into an application you manage, you’ve likely needed from time to time to access S3 directly, or to offer S3 access to a privilege group of users in your organization. When those users aren’t developers, asking them to use the AWS Console is a high barrier to entry. There are third-party applications, but setting up and maintaining those, credentials and so on is also real work.
By adding Transfer Family web apps (including Identity Centre / SSO) and a component that you can more easily integrate into your own application, AWS is offering ways that might simplify access to S3 when you need it.
And behind the scenes, integrity features using hashes and conditional writes with both seem very useful.
Aurora Serverless v2: Scaling to Zero
When Aurora Serverless v2 was announced, I know some people were disappointed that it didn’t seem to have the scale-to-zero capability, because one of the things that people value about the “serverless” model is the usage based billing — if you aren’t using it, it doesn’t cost you anything.
Sounds like that’s back as a feature, and your Serverless databases can now scale down to 0 ACUs.
And More …
Honourable mentions:
- S3 Conditional Writes are valuable when there might be multiple processes acting in parallel
- Allowed AMIs and lineage information for AMIs make for good governance guard-rails.
- Amazon Q Java 17 and library upgrades are good to help with currency / modernization and go hand in hand with the preview of a Java upgrade transformation CLI.
- EBS time-based copy seems suited for DR planning and audits.
- Amazon Connect Email will probably appeal most directly to people already using Amazon Connect telephony, leading to more of an omni-channel solution.
For the full details, read What’s New with AWS.
Top comments (0)