The Top AWS re:Invent Announcements
Here are the top AWS announcements leading up to and during AWS re:Invent 2021. I’ve rated these announcements — and for some, I’ve added a bit of commentary.
For the really big or impactful announcements, I’ll link to more in-depth content where appropriate. I’m also tracking all of the announcements if you want the fire hose.
- 29-Nov—05-Dec // AWS re:Invent – 40 announcements
- 22-Nov—28-Nov // One Week to AWS re:Invent – 25 announcements
- 15-Nov—21-Nov // Two Weeks to AWS re:Invent – 16 announcements
- 08-Nov—14-Nov // Three Weeks to AWS re:Invent – 9 announcements
- 01-Nov—07-Nov // Four Weeks to AWS re:Invent – 5 announcements
29-Nov—05-Dec // AWS re:Invent – 40 announcements
Introducing AWS DMS Fleet Advisor for automated discovery and analysis of database and analytics workloads (Preview)
My take: This is a cool feature to help move your traditional databases into a data-specific data store in the AWS Cloud. It’s smart move that helps teams get to a cloud native solution faster.
AWS Database Migration Service (AWS DMS) is a service that helps you migrate databases to AWS quickly and securely. AWS DMS Fleet Advisor is a new feature of AWS DMS that allows you to quickly build a database and analytics migration plan by automating the discovery and analysis of your fleet.
AWS DMS Fleet Advisor is intended for users looking to migrate a large number of database and analytic servers to AWS.
Amazon SageMaker Serverless Inference is a new inference option that enables you to easily deploy machine learning models for inference without having to configure or manage the underlying infrastructure. Simply select the serverless option when deploying your machine learning model, and Amazon SageMaker automatically provisions, scales, and turns off compute capacity based on the volume of inference requests.
With SageMaker Serverless Inference, you pay only for the duration of running the inference code and the amount of data processed, not for idle time.
Amazon SageMaker Inference Recommender helps you choose the best available compute instance and configuration to deploy machine learning models for optimal inference performance and cost.
Introducing Amazon SageMaker Ground Truth Plus: Create high-quality training datasets without having to build labeling applications or manage the labeling workforce on your own
My take: This will help reduce the time to label data at scale and speed up machine learning projects.
Today, we are excited to announce the general availability of Amazon SageMaker Ground Truth Plus, a new turnkey data labeling servicethat enables you to create high-quality training datasets quickly and reduces costs by up to 40%.
We are excited to announce the preview of automatic chatbot designer in Amazon Lex, enabling developers to automatically design chatbots from conversation transcripts in hours rather than weeks. Amazon Lex helps you build, test, and deploy chatbots and virtual assistants on contact center services (such as Amazon Connect), websites, and messaging channels (such as Facebook Messenger).
The automatic chatbot designer enhances the usability of Amazon Lex by automating conversational design, minimizing developer effort and reducing the time it takes to design a chatbot.
AWS Transit Gateway introduces intra-region peering for simplified cloud operations and network connectivity
Starting today, AWS Transit Gateway supports intra-region peering, giving you the ability to establish peering connections between multiple Transit Gateways in the same AWS Region. With this change, different units in your organization can deploy their own Transit Gateways, and easily interconnect them resulting in less administrative overhead and greater autonomy of operation.
AWS Shield Advanced now automatically protects web applications by blocking application layer (Layer 7) DDoS events with no manual intervention needed by you or the AWS Shield Response Team (SRT). When you protect your resources with AWS Shield Advanced and enable automatic application layer DDoS mitigation, Shield Advanced will identify patterns associated with layer 7 DDoS events and isolate this anomalous traffic by automatically creating AWS WAF rules in your web access control lists (ACLs).
These rules can be implemented in count mode to observe how they will impact resource traffic and then deployed in block mode.
These capabilities enable you to quickly respond to and mitigate DDoS events that threaten the availability of your applications.
My take: A nice user experience improvement to help get you off those proprietary databases.
AWS Database Migration Service (AWS DMS) is pleased to announce the launch of AWS DMS Studio, a new service console that makes it easy to manage database migrations from start to finish. AWS DMS Studio accelerates and simplifies migrations by integrating tools for each phase of the migration journey from assessment to conversion to migration.
AWS DMS Studio integrates AWS DMS Fleet Advisor to inventory and analyzes your database and analytics fleet, AWS Schema Conversion Tool (SCT) to convert database schema and application code, and AWS DMS to migrate your data.
At each step of the migration, AWS DMS Studio assists you by providing contextual resources such as documentation and guidance on engaging migration experts where needed.
AWS Announces the AWS AI & ML Scholarship Program in collaboration with Intel and Udacity to help bring diversity to the future of the AI and ML workforce
My take: A great move helping people get the education needed to start a career in machine learning.
The AWS Artificial Intelligence (AI) and Machine Learning (ML) Scholarship program, in collaboration with Intel and Udacity, provides students who self-identify as underserved and underrepresented in tech educational content, career mentorship programs, and 2,500 scholarships annually as part of a commitment to a more diverse future AI & ML workforce.
Amazon Relational Database Service (Amazon RDS) Custom is a managed database service for legacy, custom, and packaged applications that require access to the underlying OS and DB environment. Amazon RDS Custom is now available for the SQL Server database engine. Amazon RDS Custom for SQL Server automates setup, operation, and scaling of databases in the cloud while granting access to the database and underlying operating system to configure settings, install drivers, and enable native features to meet the dependent application’s requirements.
Announcing Amazon DevOps Guru for RDS, an ML-powered capability that automatically detects and diagnoses performance and operational issues within Amazon Aurora
My take: DevOps Guru continues to improve. This time extending into the database sphere.
Amazon DevOps Guru for RDS is a new Machine Learning (ML) powered capability for Amazon Relational Database Service (Amazon RDS) that automatically detects and diagnoses database performance and operational issues, enabling you to resolve bottlenecks in minutes rather than days. Amazon DevOps Guru for RDS is a feature of Amazon DevOps Guru, which detects operational and performance related issues for all Amazon RDS engines and dozens of other resource types.
DevOps Guru for RDS expands upon the existing capabilities of DevOps Guru to detect, diagnose, and provide remediation recommendations for a wide variety of database-related performance issues, such as resource over-utilization and misbehavior of SQL queries.
When an issue occurs, DevOps Guru for RDS immediately notifies developers and DevOps engineers and provides diagnostic information, details on the extent of the problem, and intelligent remediation recommendations to help customers quickly resolve the issue.
Amazon Virtual Private Cloud (VPC) announces Network Access Analyzer to help you easily identify unintended network access
My take: This expansion of access analyzer will help improve your overall network security posture within your VPC.
Amazon VPC Network Access Analyzer is a new feature that enables you to identify unintended network access to your resources on AWS. Using Network Access Analyzer, you can verify whether network access for your Virtual Private Cloud (VPC) resources meets your security and compliance guidelines.
With Network Access Analyzer, you can assess and identify improvements to your cloud security posture.
Additionally, Network Access Analyzer makes it easier for you to demonstrate that your network meets certain regulatory requirements.
Amazon Virtual Private Cloud (VPC) announces IP Address Manager (IPAM) to help simplify IP address management on AWS
Amazon VPC IP Address Manager (IPAM) is a new feature that makes it easier for you to plan, track, and monitor IP addresses for your AWS workloads. With IPAM’s automated workflows, network administrators can more efficiently manage IP addresses.
Amazon Textract, a machine learning service that makes it easy to extract text and data from any document or image, now offers specialized support to extract data from identity documents, such U.S. Driver Licenses and U.S. Passports. You can extract implied fields like name and address, as well as explicit fields like Date of Birth, Date of Issue, Date of Expiry, ID #, ID Type, and more in the form of key-value pairs.
Until today, current OCR based solutions were limited, and did not offer the ability to extract all the required fields accurately due to rich background images or the ability to recognize names and addresses, as well as the fields associated with them (e.g., Washington state ID lists home address with the key “8”), or support ID designs and formats that varied by country or state.
Amazon SageMaker Studio now enables interactive data preparation and machine learning at scale within a single universal notebook through built-in integration with Amazon EMR
My take: More functionality into an already jam packed tool for machine learning. Excellent.
Amazon SageMaker Studio is the first fully integrated development environment (IDE) for machine learning (ML). It provides a single, web-based visual interface where you can perform all ML development steps required to prepare data, as well as to build, train, and deploy models.
We recently introduced the ability to visually browse and connect to Amazon EMR clusters right from the SageMaker Studio notebook.
Starting today, you can now monitor and debug your Apache Spark jobs running on EMR right from SageMaker Studio notebooks with just a click.
Additionally, you can now discover, connect to, create, terminate and manage EMR clusters directly from SageMaker Studio.
The built-in integration with EMR therefore enables you to do interactive data preparation and machine learning at peta-byte scale right within the single universal SageMaker Studio notebook.
My take: Sign up with your email and you can start learning machine learning tools and techniques right away. This greatly reduces the barriers to accessing this technology.
Introducing Amazon SageMaker Studio Lab is a free, no-configuration service that allows developers, academics, and data scientists to learn and experiment with machine learning.
Amazon SageMaker Pipelines, a fully managed service that enables you to create, automate, and manage end-to-end machine learning (ML) workflows, now supports integration with Amazon SageMaker Model Monitor and Amazon SageMaker Clarify. With these integrations, you can easily incorporate model quality and bias detection in your ML workflow. The increased automation can help reduce your operational burden in building and managing ML models.
Amazon SageMaker now offers enhancements to the machine learning (ML) lineage tracking capability that enables customers to track and query the lineage of artifacts such as data, features, and models across an ML workflow. Now, customers can retrieve the end-to-end lineage graph spanning the entire workflow from data preparation to model deployment through a single query.
This feature eliminates undifferentiated heavy lifting needed to retrieve lineage information one workflow step at a time and manually stitch them all together.
Customers can also retrieve lineage information for segments of the workflow by defining a step as the focal point and querying the lineage of the steps that are upstream or downstream of that focal point.
For instance, customers can define a model as the focal entity and retrieve the location of the raw data set from which features were extracted to train that model.
Amazon DynamoDB announces the new Amazon DynamoDB Standard-Infrequent Access table class, which helps you reduce your DynamoDB costs by up to 60 percent
My take: This new tier makes it easier to keep data in DynamoDB for longer. No more need to shuffle it out to reduce costs while increasing operational overhead.
Amazon DynamoDB announces the new Amazon DynamoDB Standard-Infrequent Access (DynamoDB Standard-IA) table class, which helps you reduce your DynamoDB costs by up to 60 percent for tables that store infrequently accessed data. The DynamoDB Standard-IA table class is ideal for use cases that require long-term storage of data that is infrequently accessed, such as application logs, old social media posts, e-commerce order history, and past gaming achievements.
My take: SMart business move by AWS. This will help larger organizations (like governments) move & modernize some critical workloads…finally.
AWS Mainframe Modernization is a unique platform for mainframe migration and modernization. It allows customers to migrate and modernize their on-premises mainframe workloads to a managed and highly available runtime environment on AWS. This service currently supports two main migration patterns – replatforming and automated refactoring – allowing customers to select their best-fit migration path and associated toolchains based on their migration assessment results.
Introducing Amazon SageMaker Canvas – a visual, no-code interface to build accurate machine learning models
My take: This opens up Amazon SageMaker to a lot more audiences. This could be THE launch of AWS re:Invent 2021.
Amazon SageMaker Canvas is a new capability of Amazon SageMaker that enables business analysts to create accurate machine learning (ML) models and generate predictions using a visual, point-and-click interface, no coding required.
My take: This is how I want to interact with Kafka. Honestly, should’ve been this way from the start. Super excited about this one.
Today we announced Amazon MSK Serverless in public preview, a new type of Amazon MSK cluster that makes it easier for developers to run Apache Kafka without having to manage its capacity. MSK Serverless automatically provisions and scales compute and storage resources and offers throughput-based pricing, so you can use Apache Kafka on demand and pay for the data you stream and retain.
My take: All the power of EMR without worrying about the infrastructure? Yes, please.
We are happy to announce the preview of Amazon EMR Serverless, a new serverless option in Amazon EMR that makes it easy and cost-effective for data engineers and analysts to run petabyte-scale data analytics in the cloud. Amazon EMR is a cloud big data platform used by customers to run large-scale distributed data processing jobs, interactive SQL queries, and machine learning applications using open-source analytics frameworks such as Apache Spark, Apache Hive, and Presto.
With EMR Serverless, customers can run applications built using these frameworks with a few clicks, without having to configure, optimize, or secure clusters.
EMR Serverless automatically provisions and scales the compute and memory resources required by the application, and customers only pay for the resources they use.
My take: About time, this actually solves a common problem in service sprawl.
You can now use AWS Control Tower to deny services and operations in your Control Tower environments for the AWS Region(s) of your choice. Region deny capabilities complement existing AWS Control Tower Region selection and Region deselection features, providing you with the capabilities to address compliance and regulatory requirements while improving cost efficiency of expanding into additional Regions.
My take: Sounds super simple, it’s probably a nightmare behind the scenes. Thankfully, builders don’t have to worry about that and can just enjoyed the added safety & security!
AWS Lake Formation is excited to announce the general availability of three new capabilities that simplify building, securing, and managing data lakes. First, Lake Formation Governed Tables, a new type of table on Amazon S3, that simplifies building resilient data pipelines with multi-table transaction support.
As data is added or changed, Lake Formation automatically manages conflicts and errors to ensure that all users see a consistent view of the data.
This eliminates the need for customers to create custom error handling code or batch their updates.
Second, Governed Tables monitor and automatically optimize how data is stored so query times are consistent and fast.
Third, in addition to table and columns, Lake Formation now supports row and cell-level permissions, making it more easily to restrict access to sensitive information by granting users access to only the portions of the data they are allowed to see.
Governed Tables, row and cell-level permissions are now supported through Amazon Athena, Amazon Redshift Spectrum, AWS Glue, and Amazon QuickSight.
My take: This service is intriguing. It could be a revolutionary way to deploy customized 5G solutions for organizations. Time will tell…
Today, we are announcing the preview of AWS Private 5G, a new managed service that helps enterprises set up and scale private 5G mobile networks in their facilities in days instead of months. With just a few clicks in the AWS console, customers specify where they want to build a mobile network and the network capacity needed for their devices.
AWS then delivers and maintains the small cell radio units, servers, 5G core and radio access network (RAN) software, and subscriber identity modules (SIM cards) required to set up a private 5G network and connect devices.
AWS Private 5G automates the setup and deployment of the network and scales capacity on demand to support additional devices and increased network traffic.
There are no upfront fees or per-device costs with AWS Private 5G, and customers pay only for the network capacity and throughput they request.
Today, we are announcing the preview of AWS Trainium-based Amazon EC2 Trn1 instances. AWS Trainium, is the second machine learning chip built by AWS that is optimized for high-performance deep learning training.
Today, we are announcing the next generation storage optimized Amazon EC2 Im4gn and Is4gen instances. These instances are built on the AWS Nitro System and are powered by AWS Graviton2 processors. They feature up to 30TB of storage with the new AWS Nitro SSDs that are custom-designed by AWS to maximize the storage performance of I/O intensive workloads such as SQL/NoSQL databases, search engines, distributed file systems and data analytics which continuously read and write from the SSDs in a sustained manner.
AWS Nitro SSDs enable up to 60% lower latency and up to 75% reduced latency variability in Im4gn and Is4gen instances compared to the third generation of storage optimized instances.
These instances maximize the number of transactions processed per second (TPS) for I/O intensive workloads such as relational databases (e.g.
MySQL, MariaDB, PostgreSQL), and NoSQL databases (KeyDB, ScyllaDB, Cassandra) which have medium-large size data sets and can benefit from high compute performance and high network throughput.
They are also an ideal fit for search engines, and data analytics workloads that require very fast access to data sets on local storage.
My take: Woohoo, Graviton 3!
Starting today, the new Amazon EC2 C7g instances powered by the latest generation custom-designed AWS Graviton3 processors are available in preview. Amazon EC2 C7g instances will provide the best price performance in Amazon EC2 for compute-intensive workloads such as high performance computing (HPC), gaming, video encoding, and CPU-based machine learning inference.
These instances are the first in the cloud to feature the cutting edge DDR5 memory technology, which provides 50% more bandwidth compared to DDR4 memory.
C7g instances provide 20% higher networking bandwidth compared to previous generation C6g instances based on AWS Graviton2 processors.
They also support Elastic Fabric Adapter (EFA) for applications such as high performance computing that require high levels of inter-node communication.
My take: This service has a lot of potential and could help IoT services innovate faster. However, like any new AWS service, it’ll take a while to full hit it’s stride.
Today, we are announcing AWS IoT TwinMaker, a new service that makes it faster and easier for developers to create and use digital twins of real-world systems to monitor and optimize operations. Digital twins are virtual representations of physical systems such as buildings, factories, production lines, and equipment that are regularly updated with real-world data to mimic the structure, state, and behavior of the systems they represent.
Although digital twin use cases are many and diverse, most customers want to get started by easily using their existing data to get a deeper understanding of their operations.
My take: Kinesis was already great, now having a serverless version make it even more flexible as a tool for builders.
Amazon Kinesis Data Streams is a serverless streaming data service that makes it easy to capture, process, and store streaming data at any scale. Kinesis Data Streams On-Demand is a new capacity mode for Kinesis Data Streams, capable of serving gigabytes of write and read throughput per minute without capacity planning.
You can create a new on-demand data stream or convert an existing data stream into the on-demand mode with a single-click and never have to provision and manage servers, storage, or throughput.
In the on-demand mode you pay for throughput consumed rather than for provisioned resources, making it easy to balance costs and performance.
Amazon Athena users can now use AWS Lake Formation to configure fine-grained access permissions and read from ACID-compliant tables. Amazon Athena makes it simple for users to analyze data in Amazon S3-based data lakes to help ensure that users only have access to data to which they’re authorized and that their queries are reliable in the face of changes to the underlying data can be a complex task.
Starting today, you can use Recycle Bin for EBS Snapshots to recover from accidental snapshot deletions to meet your business continuity needs. Previously, if you accidentally deleted a snapshot, you would have to roll back to a snapshot from an earlier point in time, increasing your recovery point objective.
With Recycle Bin, you can specify a retention time period and recover a deleted snapshot before the expiration of the retention period.
A recovered snapshot retains its attributes such as tags, permissions, and encryption status, which it had prior to deletion, and can be used immediately for creating volumes.
Snapshots that are not recovered from the Recycle Bin are permanently deleted upon expiration of the retention time.
Metrics Insights is a new feature from Amazon CloudWatch that is in preview. As a fast, flexible, SQL based query engine, Metrics Insights enables developers, operators, systems engineers, and cloud solutions architects to identify trends and patterns across millions of operational metrics in real time and helps you use these insights to reduce time to resolution.
With Metrics Insights, you can gain better visibility on your infrastructure and large scale application performance with flexible querying and on-the-fly metric aggregations.
Use Metrics Insights and other CloudWatch features to monitor your AWS and hybrid environments, and to respond to operational problems promptly.
Amazon CloudWatch Evidently is a new capability which helps application developers safely validate new features across the full application stack. Developers can use Evidently to conduct experiments on new application features and identify unintended consequences, thereby reducing risk. When launching new features, developers can expose the features to a subset of users, monitor key metrics such as page load times and conversions, then safely dial up traffic for general use.
Amazon CloudWatch Evidently is part of CloudWatch’s Digital Experience Monitoring capabilities along with Amazon CloudWatch Synthetics and Amazon CloudWatch RUM.
My take: The ability to add your own lens to this tool will really open up it’s use. This feature allows you to define what you want your teams to be asking and investigating about their builds. A lot of power here…
The AWS Well-Architected Tool now offers the ability for customers to create their own custom lenses.
My take: This functionality is enabled by a complete re-architecting of the Amazon Inspector service. The near real-time results will be a game changer for most builders.
The new Amazon Inspector is a vulnerability management service that continually scans AWS workloads for software vulnerabilities and unintended network exposure is generally available, globally. Amazon Inspector has been completely rearchitected to automate vulnerability management and deliver near real-time findings to minimize the time to discover new vulnerabilities.
My take: Is AWS trying to bring about the robot apocalypse?
AWS IoT RoboRunner is a new robotics service that makes it easier for enterprises to build and deploy applications that help fleets of robots work together seamlessly. With AWS IoT RoboRunner, it is easier to build applications that make it possible to interoperate and orchestrate robots from a single view by reducing the complex development work required to connect robots to each other and the rest of your industrial software systems.
Today, we are excited to announce the First Annual AWS BugBust re:Invent challenge. Java and Python developers of all skill levels, can compete to fix as many software bugs as possible to earn points and climb the global leaderboard. There will be an array of prizes, from hoodies and fly swatters to Amazon Echo Dots, available to participants who meet certain milestones in the challenge.
There’s also the coveted title of “Ultimate AWS BugBuster” accompanied by a cash prize of $1500 for whomever earns the most points by squashing bugs during the event.
22-Nov—28-Nov // One Week to AWS re:Invent – 25 announcements
My take: ABOUT TIME…and sadly, still not enough of a change.
Effective December 1, 2021, AWS is making two pricing changes for data transfer out to the internet. Each month, the first terabyte of data transfer out of Amazon Cloudfront, the first 10 million HTTP/S requests, and the first 2 million CloudFront Functions invocations will be free.
Free data transfer out of CloudFront is no longer limited to the first 12 months.
In addition, the first 100 gigabytes per month of data transfer out from all AWS Regions (except China and GovCoud) will be free.
Free data transfer out from AWS Regions is also no longer limited to the first 12 months.
These changes will replace the existing data transfer and CloudFront AWS Free Tier offerings, and AWS customers will see these changes automatically reflected in their AWS bills going forward.
All AWS customers will benefit from these pricing changes, and millions of customers will see no data transfer charges as a result.
AWS Lambda now supports event filtering for Amazon SQS, Amazon DynamoDB, and Amazon Kinesis as event sources
AWS Lambda now provides content filtering options for SQS, DynamoDB and Kinesis as event sources. With event pattern content filtering, customers can write complex rules so that their Lambda function is only triggered by SQS, DynamoDB, or Kinesis under filtering criteria you specify.
This helps reduce traffic to customers’ Lambda functions, simplifies code, and reduces overall cost.
EC2 Image Builder enables sharing Amazon Machine Images (AMIs) with AWS Organizations and Organization Units
Now on EC2 Image Builder, customers can share their Amazon Machine Images (AMIs) with AWS Organizations and Organizational Units (OUs) in the image distribution phase of their build process. As their organization structure changes, customers no longer have to manually update AMI permissions for individual AWS accounts in their organization.
Customers can create OUs within AWS Organizations and manage AMI permissions for AWS accounts within those OUs.
AWS today announced AWS WAF Captcha to help block unwanted bot traffic by requiring users to successfully complete challenges before their web request are allowed to reach AWS WAF protected resources. Captcha is an acronym for Completely Automated Public Turing test to tell Computers and Humans Apart and is commonly used to distinguish between robotic and human visitors to prevent activity like web scraping, credential stuffing, and spam.
You can configure AWS WAF rules to require WAF Captcha challenges to be solved for specific resources that are frequently targeted by bots such as login, search, and form submissions.
You can also require WAF Captcha challenges for suspicious requests based on the rate, attributes, or labels generated from AWS Managed Rules, such as AWS WAF Bot Control or the Amazon IP Reputation list.
WAF Captcha challenges are simple for humans while remaining effective against bots.
WAF Captcha includes an audio version and is designed to meet WCAG accessibility requirements.
My take: A smart expansion of SOC coverage.
AWS Single Sign-On (AWS SSO) is now in scope for AWS SOC 1 , SOC 2, and SOC 3 reports. You can now use AWS SSO in applications requiring audited evidence of the controls in our System and Organization Controls (SOC) reporting. For example, if you use AWS to manage access to accounts and applications, you can use the SOC reports to help meet your compliance requirements for those use cases. AWS SOC reports are independent third-party examination reports that demonstrate how AWS achieves key compliance controls and objectives.
AWS Proton now supports the definition of infrastructure in HashiCorp Configuration Language (HCL) and the provisioning of infrastructure using Terraform Open Source through a git-based workflow. Platform teams define AWS Proton templates using Terraform modules, and AWS Proton leverages the customer-managed Terraform automation to provision or update the infrastructure.
Customers can use Terraform as their infrastructure definition and provisioning tool, and AWS Proton will ensure that modules are used consistently and kept up to date.
AWS Proton now allows customers to sync their Proton templates from a git repository. Platform teams can create AWS Proton templates based on AWS CloudFormation and Terraform templates uploaded to a git repository. AWS Proton is designed to automatically sync and create a new version when changes are made and committed to the git repository.
With this new feature, platform and development teams can eliminate manual steps and and reduce the chance for human error.
Amazon Web Services (AWS) has announced the general availability of Enterprise On-Ramp, a new Support tier designed for production and business-critical needs to help customers that are starting their cloud journey and need expert guidance to grow and optimize on cloud. With Enterprise On-Ramp, customers can solve cloud-related challenges with 24/7 access to AWS experts whether by phone or live chat, share their screen, and get support to improve issue resolution and eliminate the frustration of back-and-forth emails.
Amazon Translate is a neural machine translation service that delivers fast, high-quality, and affordable language translation. Amazon Translate now supports Amazon Virtual Private Cloud (VPC) endpoints via AWS PrivateLink so you can securely initiate API calls to Amazon Translate from within your VPC and without using public IPs.
AWS PrivateLink provides private connectivity between VPCs and AWS services, without ever leaving the Amazon network, significantly simplifying your internal network architecture.
You no longer need to use an Internet Gateway, Network Address Translation (NAT) devices or firewall proxies to connect to Amazon Translate.
Amazon QuickSight now supports dataset versioning, which allows dataset owners to understand historical changes within a dataset, preview a specific version, or revert back to a previous version if needed. Dataset versions can be viewed and tracked via the UI, allowing dataset owners to view versions and switch to a specific version via UI. Dataset Versions gives dataset authors the confidence to experiment with their content, knowing that their older versions are available and that they easily can revert back to it when required.
Amazon Managed Grafana adds support for Amazon Athena and Amazon Redshift data sources and Geomap visualization
Amazon Managed Grafana announces new data source plugins for Amazon Athena and Amazon Redshift, enabling customers to query, visualize, and alert on their Athena and Redshift data from Amazon Managed Grafana workspaces. Amazon Managed Grafana now also supports CloudFlare, Zabbix, and Splunk Infrastructure Monitoring data sources as well as the Geomap panel visualization and open source Grafana version 8.2.
AWS Systems Manager Fleet Manager now provides console based access to Windows instances with enhanced security protocols
Fleet Manager, a feature in AWS Systems Manager (SSM) that helps IT Admins streamline and scale their remote server management processes, now enables a console-based management experience for Windows instances. This new feature provides customers a full graphical interface to setup secure connections to and manage Windows instances. You no longer need to install additional software, set up additional servers, or open direct inbound access to ports on the instance.
My take: This should be rated lower but it also should’ve shipped a long time ago. Good upgrade, makes things easier for sure.
Today, we launched usability improvements for the navigation bar in the AWS Management Console. The improvements include a customizable favorites bar, updates to the services menu, and visual updates for consistency and accessibility. The new favorites bar appears when you have selected at least one service as a favorite in the services menu. It also supports an unlimited number of favorites that can be organized with drag and drop.
The updated services menu groups services by category and provides an A to Z listing of all services.
My take: I like to see the expansion of OpenTelemetry. It’s a great project and much easier to ingest data when it’s all in the same format.
Amazon Elastic Container Service (Amazon ECS) now enables customers to quickly get started to monitor and debug their applications with traces and custom metrics using AWS Distro for OpenTelemetry (ADOT). This feature allows Amazon ECS customers to use the console to enable metrics and traces collection, and then export to Amazon CloudWatch, Amazon Managed Service for Prometheus, and AWS X-Ray with just few clicks. This experience simplifies a multi-step manual process of configuring ADOT in task definitions, and enables customers to solve application availability and performance issues.
Today, AWS CloudFormation StackSets announces the capability to import existing CloudFormation stacks into a stack set. StackSets extend the functionality of stacks letting you create, update, or delete stacks across multiple AWS accounts and regions with a single operation.
You can now bring your existing CloudFormation stacks into the management purview of a new or an existing stack set.
This will let you create resources, applications or environments across your AWS Organization and AWS Regions efficiently.
You can subsequently avoid the process of manually replicating and managing the infrastructure in each account and region individually.
Today, we are announcing the public preview of Amazon Linux 2022 (AL2022), Amazon’s new general purpose Linux for AWS that is designed to provide a secure, stable, and high-performance execution environment to develop and run your cloud applications. Starting with AL2022, a new Amazon Linux major version will be available every two years and each version will be supported for five years. Customers will also be able to take advantage of quarterly updates via minor releases and use the latest software for their applications.
Finally, AL2022 provides the ability to lock to a specific version of the Amazon Linux package repository giving customers control over how and when they absorb updates.
Starting today, Amazon Neptune announced the general availability of general-purpose T4g and memory-optimized R6g database instances powered by the AWS Graviton2 processor. AWS Graviton2-based instances deliver up to 40% better price performance over comparable current generation x86-based instances for a variety of workloads. Customers running graph workloads using Apache TinkerPop Gremlin, openCypher, or W3C SPARQL 1.1 query languages can expect to see significant improvements in query latency at a lower cost in comparison to x86-based instances of equivalent instance size.
Amazon Relational Database Service (Amazon RDS) on AWS Outposts now supports creating backups locally on AWS Outposts with Amazon S3 support. You can create backups of your Amazon RDS databases running on AWS Outposts to the same Outpost or to the AWS Region of your Outpost, allowing you to maintain your data residency requirements while giving you flexibility for maintaining your data recovery solutions.
CloudFormation support will be coming soon.
Amazon MemoryDB for Redis now supports AWS Graviton2-based T4 instances. T4g is the next generation burstable general-purpose DB instance type that provides a baseline level of CPU performance, with the ability to burst CPU usage at any time for as long as required.
This instance type offers a balance of compute, memory, and network resources for a broad spectrum of general purpose workloads.
Amazon EventBridge expands support to all Regions, except for AWS GovCloud (US) and China, as a destination for its cross-Region event bus as a target functionality launched in April’2021 (initially launched with 3 destination Regions – US East (N. Virgina), US West (Oregon) and Europe(Ireland)). This will allow customers to consolidate events in one central Region from any Region. This makes it easier for customers to centralize their events for auditing and monitoring purposes or replicate events from source to destinations Regions to help synchronize data across Regions.
Amazon Elastic Container Service (Amazon ECS) today open-sourced the build scripts that Amazon ECS uses to build the Amazon ECS-optimized Amazon Machine Image (AMI). These build scripts are now available on GitHub as an open-source project under the Apache license 2.0.
Customers can use these build scripts to build custom AMIs with security, monitoring, and compliance controls based on their organization’s requirements while using the same components as the Amazon ECS-optimized AMI.
Starting today, customers can run macOS Monterey (12.0.1) as Amazon Machine Images (AMIs) on Amazon EC2 Mac instances. Apple macOS Monterey is the current major macOS release from Apple, and introduces multiple new capabilities and performance improvements over prior macOS versions.
macOS Monterey supports running Xcode versions 13.0 and later, which include the latest SDKs for iOS, iPadOS, macOS, tvOS, and watchOS.
Starting today, customers can dynamically attach and detach Amazon Elastic Block Storage (EBS) volumes on their running Amazon EC2 Mac instances. Prior to today, customers attaching or detaching EBS volumes on EC2 Mac instances needed to reboot their instances for revised EBS configuration to be reflected within their macOS guest environments.
Now with this capability, customers do not need to trigger an instance reboot and wait for it to complete when attaching or detaching EBS volumes on EC2 Mac instances.
Amazon CloudWatch Lambda Insights now supports AWS Lambda functions powered by AWS Graviton2 Processor (General Availability)
You can now use Amazon CloudWatch Lambda Insights to monitor, troubleshoot, and optimize the performance of AWS Lambda functions powered by AWS Graviton2 processor. With CloudWatch Lambda Insights you have access to automated dashboards summarizing the performance and health of your Lambda functions.
My take: Super handy if you’re using Athena…and you are, right?
You can now manage AWS Step Functions workflows from the Amazon Athena console, making it easier to build scalable data processing pipelines, execute queries based on custom business logic, automate administrative and alerting tasks, and more.
15-Nov—21-Nov // Two Weeks to AWS re:Invent – 16 announcements
My take: Finally, a speed increase for CloudFormation!
Today, AWS CloudFormation StackSets announces the capability to execute multiple operations for simultaneous execution. StackSets extends the functionality of CloudFormation stacks by letting you create, update, or delete stacks across multiple AWS accounts and Regions with a single operation.
You can now submit more than one operation per stack set to be executed concurrently.
This capability will enable you to reduce overall processing times with StackSets.
Additionally, you can avoid the overhead of building logic to batch and queue operations submitted to StackSets.
With today’s release, AWS Amplify offers a new Authenticator UI component for web apps built with React, Angular, and Vue, giving developers the easiest way to add login experiences to their app with a single line of code. The new Authenticator UI component not only gives developers the quickest way to add user login and registration workflows to their apps, but also also gives developers complete control over modifying the layout and behavior to match any designs.
Amazon CloudWatch now supports anomaly detection based on metric math expressions. Amazon CloudWatch anomaly detection allows you to apply machine-learning algorithms to continuously analyze system and application metrics, determine a normal baseline, and surface anomalies with minimal user intervention.
CloudWatch metric math allows you to aggregate and transform metrics to create custom visualizations of your health and performance metrics.
Metric math supports basic arithmetic functions such as +,-,/,*, comparison and logical operators such as AND & OR, and a number of additional functions such as RATE and INSIGHT_RULE_METRIC.
For example, with AWS Lambda metrics you can divide the Errors metric by the Invocations metric to get an error rate, use anomaly detection to visualize expected values on a metric graph, and create an anomaly detection alarm to dynamically alert you when the value falls outside of the expected range.
Today, we’re excited to announce that Amazon Athena supports AWS Glue Data Catalog partition indexes to optimize query planning and reduce query runtime. When you query a table containing a large number of partitions, Athena retrieves the available partitions from the AWS Glue Data Catalog and determines which are required by your query.
As new partitions are added, the time needed to retrieve the partitions increases and can cause query runtime to increase.
AWS Glue Data Catalog allows customers to create partition indexes which reduce the time required to retrieve and filter partition metadata on tables with tens and hundreds of thousands of partitions.
AWS Audit Manager now offers a dashboard to simplify your audit preparations with at-a-glance views of your evidence collection status per control. You can instantly track the progress of your audit assessments relative to common control domains. These control domains are general categories of controls, not specific to any one framework that allow customers to quickly assess status on common themes (E.g.- track overall issues in Identity and Compliance control domain).
AWS Identity and Access Management now makes it more efficient to troubleshoot access denied errors in AWS
My take: Yes please!
To help you quickly troubleshoot your permissions in Amazon Web Services (AWS), AWS Identity and Access Management (IAM) now includes the policy type that’s responsible for the denied permissions in access denied error messages. Amazon Sagemaker, AWS CodeCommit and AWS Secrets Manager are among the first AWS services that now offer this additional context, with other services following in the next few months. When you troubleshoot access-related challenges, the identified policy type in the access denied error message helps you to quickly identify the root cause and unblock your developers by updating relevant policies.
My take: I’m always a fan of price drops!
Starting November 9, 2021, Amazon Rekognition Image APIs pricing has been reduced by up to 38% in all 14 supported regions. This price reduction will automatically reflect in customer bills starting from November 2021.
Amazon OpenSearch Service (successor to Amazon Elasticsearch Service) now offers – M6g – instances for Asia Pacific (Mumbai) and US West (N. California) Regions
Amazon OpenSearch Service (successor to Amazon Elasticsearch Service) now offers AWS Graviton2 general purpose – M6g instance family. Customers can enjoy up to 38% improvement in indexing throughput, 50% reduction in indexing latency, and 30% improvement in query performance when compared to the corresponding x86-based instances from the current generation M5.
Visualize all your Kubernetes clusters in one place with Amazon EKS Connector, now generally available
My take: I’m all for anything that helps you get a handle on what’s happening in your k8s environments.
Today, we are excited to announce the general availability of Amazon Elastic Kubernetes Service (EKS) Connector. With EKS Connector, you can now extend the EKS console to view your Kubernetes clusters outside of AWS. You can use the EKS console to visualize Kubernetes clusters including your on-premises Kubernetes clusters, self-managed clusters running on Amazon Elastic Compute Cloud (EC2), and clusters from other cloud providers.
Once connected, you can see all of your clusters’ statuses, configurations, and workloads in one place on the EKS console.
Starting today, AWS Network Firewall is compliant with the ISO 9001, ISO 27001, ISO 27017, ISO 27018 and ISO 27701 standards. AWS maintains certifications through extensive audits of its controls to ensure that information security risks that affect the confidentiality, integrity, and availability of company and customer information are appropriately managed.
The FindMatches ML transform in AWS Glue now includes an option to output match scores, which indicate how closely each grouping of records match each other. The FindMatches transform allows you to identify duplicate or matching records in your dataset, even when the records do not have a common unique identifier and no fields match exactly.
FindMatches helps automate complex data cleaning and deduplication tasks.
Amazon CloudWatch Container Insights adds console support for visualizing workload issues and problems via Amazon CloudWatch Application Insights problems
You can now easily setup workload specific monitoring and view the health of these workloads via Amazon CloudWatch Application Insights problems directly from the Amazon CloudWatch Container Insights console, making it easier to dive deep into issues, troubleshoot problems and reduce mean time to resolution.
My take: Woohoo!
Amazon Athena’s redesigned console is now generally available in all AWS commercial and GovCloud regions where Athena is available. The new and improved console brings a modern, more personalized experience to all of the features you enjoy in the current console and includes several new features which make analyzing data with Athena more powerful and productive.
AWS Amplify announces the ability to add custom AWS resources to Amplify-created backends using CDK and CloudFormation
Today, AWS Amplify announces a new “amplify add custom” command to add any of the 175+ AWS services to an Amplify-created backend using the AWS Cloud Development Kit (CDK) or AWS CloudFormation. The AWS Amplify CLI is a command line toolchain that helps frontend developers create app backends in the cloud. The new ability to add custom resources enables developers to add additional resources beyond Amplify’s built-in use cases with a single command.
My take: This will help with graph database adoption…not as much as a true serverless version would though.
AWS released an open source Java (JDBC) driver to connect to Amazon Neptune. This makes it easy for customers to connect to Neptune with tools and libraries that support JDBC, such as popular Business Intelligence (BI) tools.
My take: I gave this is a three because it’s solid functionality. It should get a zero because it should have been there at launch.
We are excited to announce that AWS IoT Device Management resources are now supported on AWS CloudFormation. With a few clicks, you can now use a CloudFormation template to pre-configure and deploy IoT fleet management infrastructure like Job Templates, Fleet Metrics, and IoT Logging settings in a standardized and repeatable way across multiple regions and accounts.
08-Nov—14-Nov // Three Weeks to AWS re:Invent – 9 announcements
Unified Search in the AWS Management Console now includes blogs, knowledge articles, events, and tutorials
My take: This makes the AWS Management Console search experience a lot more useful…still a ways to go though
We are excited to announce that blogs, knowledge articles, events, and tutorials are available in Unified Search to enable users to easily search and discover information in the AWS Management Console. AWS users can now search for blogs (e.g., Implementing Auto Scaling for EC2 Mac Instances), knowledge articles (e.g., Set Your Preferences for AWS Emails), tutorials (e.g., Remotely Run Commands on an EC2 Instance), and events (e.g., AWS Container Day) without leaving the AWS Management Console.
My take: This will make it easier to leverage Amazon Athena at scale.
If you have data in sources other than Amazon S3, you can use Amazon Athena federated query to analyze the data in-place or build pipelines that extract and store data in Amazon S3. Until today, querying this data required the data source and its connector to use the same AWS account as the user querying the data. Athena now supports cross-account federated query to enable teams of analysts, data scientists, and data engineers to query data stored in other AWS accounts.
My take: We all win when more things get added to AWS Security Hub.
AWS Security Hub has released three new controls for its Foundational Security Best Practice standard (FSBP) to enhance customers’ Cloud Security Posture Management (CSPM). These controls conduct fully-automatic checks against security best practices for Elastic Load Balancing and AWS Systems Manager. If you have Security Hub set to automatically enable new controls and are already using AWS Foundational Security Best Practices, these controls are enabled by default.
Security Hub now supports 162 security controls to automatically check your security posture in AWS.
My take: Very handy to spot operational and security issues.
AWS CloudTrail announces CloudTrail error rate Insights, a new feature of CloudTrail Insights that enables customers to identify unusual activity in their AWS account based on API error codes and their rate.
My take: Nice to see more and more instance types powered by AWS Graviton2. These CPUs are fantastic.
Starting today, general-purpose Amazon EC2 M6gd instances are now available in Asia Pacific (Mumbai), and Europe (London). The compute-optimized Amazon EC2 C6gd instances are now available in Asia Pacific (Mumbai), Canada (Central), and Europe (London).
AWS Control Tower now supports concurrent operations for detective guardrails to help expedite guardrail management. You can now enable multiple detective guardrails without needing to wait for individual guardrail operations to complete. AWS Control Tower provides customers with out-of-the-box preventive and detective guardrails that you can deploy to increase your security, operational, and compliance posture.
My take: A new service with a lot of promise. This one aims to gather all of the health metrics in one place and trigger actions based on the overview of your systems.
Amazon Web Services (AWS) has announced the general availability of AWS Resilience Hub, a new service that provides you with a single place to define, validate, and track the resilience of your applications so that you can avoid unnecessary downtime caused by software, infrastructure, or operational disruptions.
Amazon Elastic Container Service (Amazon ECS) now provides customers enhanced visibility into the health of their compute infrastructure. Customers running containerized workloads using Amazon ECS on Amazon Elastic Compute Cloud (Amazon EC2) or on-premises with Amazon ECS Anywhere can now query the health status of the container runtime (i.e Docker) for their container instances directly from the Amazon ECS API.
This helps customers improve application resiliency.
AWS Fault Injection Simulator now supports Amazon CloudWatch Alarms and AWS Systems Manager Automation Runbooks.
My take: A very cool service gets a little bit better with this update.
You can now create and run AWS Fault Injection Simulator (FIS) experiments that check the state of Amazon CloudWatch alarms and run AWS Systems Manager (SSM) Automations. You can also now run new FIS experiment actions that inject I/O, network black hole, and packet loss faults into your Amazon EC2 instanes using pre-configured SSM Agent documents.
Because it can be difficult to predict how applications will respond to stress under real world conditions whether in testing or production environments, integrating alarm checks and automated runbooks into your FIS experiments can help you gain more confidence when injecting disruptive events such as network problems, instance termination, API throttling, or other failure conditions.
01-Nov—07-Nov // Four Weeks to AWS re:Invent – 5 announcements
AWS Toolkits for Cloud9, JetBrains and VS Code now support interaction with over 200 new resource types
AWS Toolkits for JetBrains, VS Code and Cloud9 now provide customers with the ability to select and view from a list of 245 resource types across 94 services without leaving their IDEs. With this release, in addition to accessing AWS services that are listed by default in the AWS Explorer pane, customers can choose from hundreds of resources to interact with.
This feature uses the AWS Cloud Control API enabling the Toolkit to continually and rapidly add new resource types in the future.
My take: Fantastic update. Athena queries pricing can be tricky. This’ll help shine a light on it when you’re doing it…that’s key.
Amazon Athena now displays the computational cost of your queries alongside their execution plans. With the release of the EXPLAIN ANALYZE statement, Athena can now execute your specified query and return a detailed breakdown of its execution plan along with the CPU usage of each stage and the number of rows processed.
My take: The more data points we can get into AWS Security Hub, the better.
AWS Security Hub now supports Amazon Virtual Private Cloud (VPC) endpoints via AWS PrivateLink so that you can securely initiate API calls to Security Hub from within your VPC without requiring those calls to traverse across the Internet. AWS PrivateLink support for Security Hub is now available in all AWS Regions where Security Hub is available. To try the new feature, you can go to the VPC console, API, or SDK to create a VPC endpoint for Security Hub in your VPC.
This creates an elastic network interface in your specified subnets.
The interface has a private IP address that serves as an entry point for traffic that is destined for Security Hub.
You can read more about Security Hub’s integration with PrivateLink here.
AWS Lake Formation now support managed VPC endpoints (powered by AWS PrivateLink) to access a data lake in a Virtual Private Cloud (VPC). With AWS Lake Formation-managed endpoints, you can now authorize access to the data lake for client applications and services inside of your VPC and on-premises using private IP connectivity. You can also configure VPC endpoint policies to have finer grained control over how services access AWS Lake Formation.
My take: Awesome! This is a critical security feature for CloudFront distributions.
Today, Amazon CloudFront is launching support for response headers policies. You can now add cross-origin resource sharing (CORS), security, and custom headers to HTTP responses returned by your CloudFront distributions. You no longer need to configure your origins or use custom [email protected] or CloudFront functions to insert these headers.