DEV Community: Yasuyuki Sato

My Recent Favorite AWS Topics "Enhance AI-assisted development with Amazon ECS, Amazon EKS and AWS Serverless MCP server" etc

Yasuyuki Sato — Sun, 01 Jun 2025 23:33:29 +0000

Hello everyone!! Last weekend, I maintained some of my Serverless Application. This included a GenAI application by Amazon Bedrock and a Slack App. I will also start studying for the "AWS Solutions Architect - Professional" certificate renewal. The deadline is the end of August in this year, I absolutely cannot lose this battle!

This post introduces my favorite recent AWS topic. Especially, Amazon ECS, Amazon EKS and AWS Serverless MCP server are very attention for me! Using MCP Servert to get context of specific knowledge is useful! Have fun vibe coding with MCP server!

Collection period: 2025/05/26 Mon ~ 2025/06/01 Sun

AWS Blog

Enhance AI-assisted development with Amazon ECS, Amazon EKS and AWS Serverless MCP server | AWS News Blog

Enhance AI-assisted development with Amazon ECS, Amazon EKS and AWS Serverless MCP server

AWS has introduced specialized Model Context Protocol (MCP) servers for Amazon ECS, EKS, and AWS Serverless, now available as open source solutions in the AWS Labs GitHub repository. These tools enhance AI development assistants by providing real-time, contextual responses beyond pre-trained knowledge.

Key Features:

Amazon ECS MCP Server: Containerizes and deploys applications within minutes, configuring load balancers, networking, auto-scaling, and monitoring using natural language instructions
Amazon EKS MCP Server: Provides AI assistants with up-to-date contextual information about specific EKS environments and latest features
AWS Serverless MCP Server: Enhances serverless development with comprehensive knowledge of patterns, best practices, and AWS SAM CLI integration

Demonstration:

The article shows practical examples using Amazon Q CLI:

Created a serverless backend application for video/image metadata extraction using Amazon Nova models
Migrated the application to containerized architecture on ECS
Built a web application marketplace on EKS cluster

The MCP servers automatically handle troubleshooting, code review, deployment, and error resolution through natural language commands. They work with popular AI-enabled IDEs and support the complete application lifecycle from development to production.

Additional Tools:

The repository also includes AWS Lambda MCP server and Amazon Bedrock Knowledge Bases Retrieval MCP server for enhanced functionality.
These tools accelerate development by providing AI assistants with deep AWS service understanding and current best practices.

Amazon Aurora DSQL, the fastest serverless distributed SQL database is now generally available | AWS News Blog

Amazon Aurora DSQL, the fastest serverless distributed SQL database is now generally available

Amazon Aurora DSQL, the fastest serverless distributed SQL database, is now generally available. It offers virtually unlimited scale, highest availability, and zero infrastructure management for always-available applications.

Key Features:

Disaggregated architecture with independent components (query processor, adjudicator, journal, crossbar)
99.99% availability in single Region, 99.999% across multiple Regions
Active-active distributed architecture with strong consistency
Multi-Region support with synchronized endpoints

Architecture:

Single-Region clusters replicate data across three Availability Zones. Multi-Region clusters use two Regional endpoints with a third witness Region, enabling concurrent read/write operations with strong data consistency.

Getting Started:

Simple console experience allows creating single or multi-Region clusters. Users can connect via familiar SQL clients (PostgreSQL terminal, DBeaver, DataGrip) or programmatically using various languages (Python, Java, JavaScript, etc.).

New Capabilities Since Preview:

Improved console experience with AWS CloudShell integration
Enhanced PostgreSQL features (views, unique secondary indexes, Auto-Analyze)
AWS service integrations (Backup, PrivateLink, CloudFormation, CloudTrail)
Model Context Protocol server for AI interaction

Availability & Pricing:

Available in US East/West, Asia Pacific (Osaka/Tokyo), and Europe (Ireland/London/Paris) regions. Billing uses Distributed Processing Units (DPUs) for requests and GB-months for storage. AWS Free Tier includes 100,000 DPUs and 1 GB-month storage monthly.

Overview of Niconico's large-scale security reform realized with AWS by Dwango Co., Ltd. | Amazon Web Services Blog

Overview of Niconico's large-scale security reform realized with AWS by Dwango Co., Ltd.

This article describes Dwango's cloud security reform following a cyberattack on their Niconico platform in June 2024.

Background:

Dwango, operator of Japan's major video/livestreaming platform Niconico, was migrating from on-premises infrastructure to AWS when the cyberattack occurred. Fortunately, their existing security measures prevented AWS environment compromise.

Pre-existing Security Measures:

Internal security guidelines
AWS Trusted Advisor and Security Hub for preventive measures
Amazon GuardDuty for incident management
AWS CloudTrail for user activity monitoring

Security Reform Architecture:

The company implemented a comprehensive security platform based on two pillars:

Prevention: Enhanced AWS Security Hub, Trusted Advisor, and Service Control Policy implementation across all AWS accounts to establish unified security baselines while maintaining team agility.
Detection: GuardDuty-based threat detection with CloudTrail monitoring for suspicious activities, enabling immediate incident response through automated notifications.

Key Solutions:

Multi-account architecture using AWS Control Tower and Organizations
External security vendor collaboration for 24/7 monitoring
Implementation of AWS Security Incident Response service for automated triage and investigation

Results:

The reform successfully prevented attack-like behaviors and received positive external security assessments. The flexible configuration options of AWS security services allowed cost-effective security improvements tailored to their specific needs.

Conclusion:

While AWS wasn't compromised during the attack, the company emphasizes that cloud security requires proactive customer responsibility under AWS's shared responsibility model. They continue advancing security measures across the KADOKAWA Group with AWS Japan's support.

My Recent Favorite AWS Topics "Introducing Claude 4 in Amazon Bedrock, the most powerful models for coding from Anthropic" etc

Yasuyuki Sato — Sun, 25 May 2025 17:22:00 +0000

Hello everyone!! Recently, I updated my "AWS Community Builder" status. I can continue be "AWS Community Builder" in this year. I think the best way of using AWS credits of CB is Amazon Q Developer. Since pro Subscription costs $19, we can keep within the $500 yearly. Since I don't setup AWS Organization in My AWS Account, I'd like to enable AWS Organization and Amazon Q Developer by the end of this month.

This post is introduce my favorite recent AWS Topic. Especially, Claude 4 is very attention! Most AI Coding Agent can choose Claude, so I look forward to supporting Claude 4.

Collection period: 2025/05/17 Mon ~ 2025/05/25 Sun

AWS Blog

Introducing Claude 4 in Amazon Bedrock, the most powerful models for coding from Anthropic | AWS News Blog

Introducing Claude 4 in Amazon Bedrock, the most powerful models for coding from Anthropic

This article announces the launch of two new AI models from Anthropic - Claude Opus 4 and Claude Sonnet 4 - which are now available on Amazon Bedrock. Here are the key points:

Claude Opus 4 is Anthropic's most advanced model, designed for complex tasks like coding, advanced reasoning, and building autonomous AI agents.
Claude Sonnet 4 is optimized for efficiency and high-volume tasks, making it suitable for production workloads.
Both models are available on Amazon Bedrock, offering enterprise-grade security and responsible AI controls.
Opus 4 excels in software development scenarios requiring extended context and deep reasoning, while Sonnet 4 is ideal for everyday development tasks and high-volume production workloads.
Both models offer two modes: near-instant responses and extended thinking for deeper reasoning.
The article provides code examples and instructions on how to get started using these models through the Bedrock Converse API.
Claude Opus 4 is available in select North American AWS Regions, while Claude Sonnet 4 is available in North America, APAC, and Europe.
The new models aim to enhance AI capabilities in areas such as coding, research, and enterprise workflows.

Exploring the latest features of the Amazon Q Developer CLI | AWS DevOps & Developer Productivity Blog

Exploring the latest features of the Amazon Q Developer CLI

This article discusses recent updates and new features for the Amazon Q Developer Command Line Interface (CLI). Key improvements include:

Conversation Persistence: Users can now save and resume conversations using commands like 'q chat --resume', '/save', and '/load'.
MCP and Tool Use Enhancements: Background loading of Model Context Protocol (MCP) servers, a new 'q mcp' subcommand for managing MCP configurations, and the '/tools' command for controlling tool permissions.
Improved Context Control: Git-aware file selection, fuzzy search for slash commands, enhanced context display, and dynamic context addition through hooks.
Context Window Awareness: New '/usage' and '/compact' commands to manage context window usage efficiently.
Image Support: Users can now share images in 'q chat' for visual information exchange.
Editor for Long Prompts: The '/editor' command allows composing detailed prompts in a text editor.
Expanded Region Support: Professional tier users can now access Q Developer in the Frankfurt region (eu-central-1).
Issue Management: New '/issue' command and 'report_issue' tool for easier bug reporting and feature requests.
Changelog Access: A '--changelog' flag added to the 'q version' command for viewing recent updates.

These updates aim to enhance user experience, improve context management, and add powerful new capabilities to the Amazon Q Developer CLI.

Amazon Inspector enhances container security by mapping Amazon ECR images to running containers | AWS News Blog

Amazon Inspector enhances container security by mapping Amazon ECR images to running containers

This article discusses new features in Amazon Inspector that enhance vulnerability management for container workloads:

Amazon Inspector now maps Amazon ECR images to running containers, allowing security teams to prioritize vulnerabilities based on currently running containers.
Vulnerability scanning support has been extended to minimal base images and additional ecosystems.
The new features provide visibility into which container images are actively running and where they're deployed in Amazon ECS and Amazon EKS.
Users can configure image re-scan modes based on last in-use date or last pull date.
The console now displays information about images running on containers, including last in-use and pull dates, and EKS pods or ECS tasks count.
Cross-account visibility is supported, allowing users to see deployments across different AWS accounts.
New filtering options are available in the Findings menu, including Account ID, Image in use count, and Image last in use at.
The service now provides unified vulnerability assessments for both traditional Linux distributions and minimal base images.
Enhanced cross-account visibility is supported through delegated administrator capabilities.
These new container mapping capabilities are available in all AWS Regions where Amazon Inspector is offered at no additional cost.

The article emphasizes how these features help prioritize vulnerability management based on actual deployment and usage patterns of container images.

My Recent Favorite AWS Topics "Introducing Strands Agents, an Open Source AI Agents SDK" etc

Yasuyuki Sato — Sat, 17 May 2025 19:17:15 +0000

Hello everyone. Recentry, I have played "Legends of Zelda Tears of Kingdom". This video game is amazing. Especially, Changing scenery is great!! Beautiful sunset, sunrise ... these are very impressinve. But, Collecting "Zonaite" is bit tired. I don't like underground world in this game. So, I may more like "Legends of Zelda Breath of the Wild" than it. If you know place of local procurement for 3 "Fan" and "Steering Stick", please let me know.
Of course, I'm preparing session material for AWS Ambassador Global Summit on June, 2025. The holding of last year is September 2024. I'm happy to be participating again this year.

This blog post is introduce my favorite recent AWS Topics. Especially, Strands Agents released is very attention!

Collection period: 2025/05/12 Mon ~ 2025/05/17 Sat

AWS Blog

Introducing Strands Agents, an Open Source AI Agents SDK | AWS Open Source Blog

Introducing Strands Agents, an Open Source AI Agents SDK

Strands Agents, an open-source SDK for building AI agents, has been released. Key points include:

It uses a model-driven approach, simplifying agent development by leveraging advanced language models.
Developers can define agents with just a prompt and a list of tools, then test locally and deploy to the cloud.
Strands supports various models, including those from Amazon Bedrock, Anthropic, Ollama, Meta, and others.
The SDK is already used by several AWS teams in production.
Strands Agents consists of three core components: a model, tools, and a prompt.
It features an "agentic loop" that allows the model to plan, reason, and select tools autonomously.
The project includes pre-built tools and supports complex use cases like multi-agent collaboration.
Strands offers flexibility in deployment, supporting various architectures for production use.
The SDK provides observability features for monitoring agent performance in production.
It's an open-source project, welcoming contributions from the community.

The article also includes a brief example of building a naming agent using Strands Agents and discusses different deployment architectures for production use.

Accelerate CI/CD pipelines with the new AWS CodeBuild Docker Server capability | AWS News Blog

Accelerate CI/CD pipelines with the new AWS CodeBuild Docker Server capability

This article introduces a new feature for AWS CodeBuild called Docker Server capability. Here's points:

AWS CodeBuild now offers a Docker Server capability that provides a dedicated and persistent Docker server within CodeBuild projects.
This feature can significantly reduce build times for Docker images by centralizing image building and maintaining a persistent cache.
In a benchmark test, the author saw a 98% reduction in build time (from 24 minutes 54 seconds to 16 seconds) for a complex Docker image.
To use this feature, users can enable it when creating or editing a CodeBuild project through the AWS console.
The Docker Server maintains layers between builds, which is particularly beneficial for large, complex Docker images with many layers.
The feature is available for both x86 (Linux) and ARM builds, and is offered in all AWS Regions where CodeBuild is available.
Pricing information for this feature can be found on the AWS CodeBuild pricing page.
The article provides a step-by-step demonstration of how to enable and use the Docker Server capability, including sample build logs showing the improved performance.
This feature aims to improve efficiency and reduce wait times for teams running numerous Docker builds in their CI/CD pipelines.

Simplify AWS AppSync Events integration with Powertools for AWS Lambda | Front-End Web & Mobile

Simplify AWS AppSync Events integration with Powertools for AWS Lambda

This article discusses the integration of AWS AppSync Events with Powertools for AWS Lambda, introducing the new AppSyncEventsResolver feature. Here's points:

AWS AppSync Events enables real-time features through WebSocket APIs, allowing developers to build scalable and performant real-time applications.
Powertools for AWS Lambda now supports AppSync Events through the new AppSyncEventsResolver, available in Python, TypeScript, and .NET.
The AppSyncEventsResolver provides a simple interface for processing events, with built-in support for common patterns such as filtering, transforming, and routing events.
Key features of AppSyncEventsResolver include:
- Pattern-based routing for organizing event handlers
- Subscription handling for PUBLISH and SUBSCRIBE events
- Access to full event and context objects
- Built-in error handling
Advanced patterns and best practices:
- On publish processing for handling individual messages
- Aggregate processing for batch handling of multiple events
- Event filtering capabilities
The article provides code examples in TypeScript to demonstrate how to set up and use the AppSyncEventsResolver for various scenarios.
The new feature aims to enhance the development experience by reducing boilerplate code and allowing developers to focus on business logic rather than infrastructure code.

The article concludes by encouraging developers to explore the Powertools documentation, AppSync Events documentation, and the GitHub repository for more information and to provide feedback on their experiences using the AppSyncEventsResolver.

Reduce the amount of code in AWS CDK: Apply OAC in Amazon CloudFront L2 constructs

Yasuyuki Sato — Thu, 07 Nov 2024 16:41:45 +0000

This post is a translation for Dev.to of a blog originally posted in Japanese.

I have been working on my AWS certifications of late: SysOps Administrator - Associate in May, Data Engineer - Associate in June, Machine Learning - Specialty in July, Advanced Networking - Specialty in September, and AI Practitioner in November. The rush to take AWS certifications is beginning to slow down.

A new AWS CDK L2 construct is now available for Amazon CloudFront Origin Access Control (OAC)!

A new AWS CDK L2 construct for Amazon CloudFront Origin Access Control (OAC) | AWS DevOps & Developer Productivity Blog

aws.amazon.com

I have confirmed that the new L2 construct is available in our environment with CDK version 2.165.0.

I immediately migrated our personal static hosting site to the new L2 construct for OAC, and we describe below how to write the new AWS CDK L2 construct and how it compares to the previous one!

What makes you happy about the new AWS CDK L2 construct for OAC?

Until the new AWS CDK L2 construct for OAC was available, the legacy configuration, written as Origin Access Identity (OAI), then using the escape hatch to use Origin Access Control (OAC) The OAC was then customized to use Origin Access Control (OAC) using an escape hatch.

    // Code before new AWS CDK L2 constructs for OAC were available
    // Defining CloudFront Distribution
    const distribution = new aws_cloudfront.Distribution(this, 'Distribution', {
      defaultRootObject: 'index.html',
      defaultBehavior: {
        origin: new aws_cloudfront_origins.S3Origin(originS3Bucket),
      },
    });

    // Origin Access Control (OAC) Definition
    const originAccessControl = new aws_cloudfront.CfnOriginAccessControl(this, 'OriginAccessControl', {
      originAccessControlConfig: {
        name: 'OriginAccessControlForOriginS3Bucket',
        originAccessControlOriginType: 's3',
        signingBehavior: 'always',
        signingProtocol: 'sigv4',
        description: 'Access Control',
      },
    });

    // Convert CloudFront distribution to L1 construct
    const cfnDistribution = distribution.node.defaultChild as aws_cloudfront.CfnDistribution

    // Customization by Escape Hatch
    cfnDistribution.addPropertyOverride('DistributionConfig.Origins.0.OriginAccessControlId', originAccessControl.getAtt('Id'))
    cfnDistribution.addPropertyOverride('DistributionConfig.Origins.0.DomainName', originS3Bucket.bucketRegionalDomainName)
    cfnDistribution.addOverride('Properties.DistributionConfig.Origins.0.S3OriginConfig.OriginAccessIdentity', "")
    cfnDistribution.addPropertyDeletionOverride('DistributionConfig.Origins.0.CustomOriginConfig')

In addition to writing the above code, a bucket policy for S3 buckets in static hosting was also required. Since the above code was written once for OAI and customized by escape hatch, there was a situation where unused OAI resources would continue to exist.

The above code description by the escape hatch method is completely unnecessary. The following code is all that is needed to implement OAC.

    // Code using the new AWS CDK L2 construct for OAC
    const distribution = new aws_cloudfront.Distribution(this, 'Distribution', {
      defaultBehavior: {
        origin: aws_cloudfront_origins.S3BucketOrigin.withOriginAccessControl(originS3Bucket)
      }
    })

... The difference in the amount of description is amazing. It looks like black magic. ... It is very useful if you know the type of resources to create and update in your CloudFront distribution.

The old description method is deprecated

The S3Origin description method has been deprecated. Refactoring will be required when updating the aws-cdk-lib package.

To avoid downtime when migrating from OAI, it is desirable to write a temporary S3 bucket policy that allows both OAI and OAC.

Amount of CDK code description reduced to 60%.

What is surprising is the amount of code written for CDK: we compared the number of lines before and after using the OAC for CDK L2 constructs. (This line count is based on the entire stack of lines for the simple static hosting site we use.)

CDK L2 Construct OAC	number of lines
Before use	106
After use	73

The amount of code written was reduced by 60%, and the amount of code written was reduced by 40%. The escape hatch, which is difficult to understand at a glance, has also been eliminated.

Summary

The new AWS CDK L2 construct for Amazon CloudFront Origin Access Control (OAC) eliminates the escape hatch (customization) that was previously required when applying OAC, allowing for concise code. Since this L2 construct creates multiple resources such as OAC and S3 bucket policies, it is desirable to use it after understanding the contents of the resources to be created. We would like to make positive use of this service.