This week at AWS
The trend of services and added features continues, this week there are some really interesting ones, let’s see which ones:
Amazon QuickSight launches APIs for account create
Amazon QuickSight now supports APIs for QuickSight account creation. Administrators and developers can automate deployment of QuickSight accounts in their organization at scale. You can now programmatically create accounts with QuickSight Enterprise and Enterprise + Q editions. For more information, visit here.
Amazon SageMaker Feature Store now allows adding new features to existing feature groups
Amazon SageMaker Feature Store is a fully managed, purpose-built repository to store, update, search, and share machine learning (ML) features. The service provides feature management capabilities such as enabling easy feature reuse, low latency serving, time travel, and ensuring consistency between features used in training and inference workflows. A feature group is a logical grouping of ML features whose organization and structure is defined by a feature group schema. Until today, the features in a feature group were defined at the time of feature group creation, and the feature group schema was immutable.
Announcing quota management for Amazon Location Service
Amazon Location Service now supports quota management. Developers can create Amazon CloudWatch alarms that notify them when their usage of any API is close to their quota limit for that API. These alarms help developers ensure operational continuity, prevent service throttling, and protect from unintentional spend. Additionally, developers can use AWS Service Quotas to view, manage, and request quota increases, all in one user interface. For example, an eCommerce website can create a CloudWatch alarm to get notified when they have reached 80% usage on each of the Amazon Location APIs. When the alarm is initiated, they can request a quota increase to help scale their workloads, prevent their website from experiencing outages, and prevent a poor customer shopping experience.
Amazon SageMaker Feature Store adds operational metrics to easily monitor feature groups
Amazon SageMaker Feature Store is a fully managed, purpose-built repository to store, update, search, and share machine learning (ML) features. The service provides feature management capabilities such as enabling easy feature reuse, low latency serving, time travel, and ensuring consistency between features used in training and inference. Until today, SageMaker Feature Store monitoring was limited to consumed read and write units, which gave a limited view of the operational efficiency of the feature store.
Amazon RDS Performance Insights supports additional performance history retention periods
Amazon Relational Database Service (Amazon RDS) Performance Insights now allows you to choose retention periods for your performance history that range from one month up to 24 months. You can also use the RDS Performance Insights free tier, which includes seven days of performance data history and one million API requests per month. We have also adjusted the pricing model, resulting in reduced pricing of 24-month retention for most instance types.
Amazon SageMaker Feature Store now supports feature metadata and search
Amazon SageMaker Feature Store is a fully managed, purpose-built repository to store, update, search, and share machine learning (ML) features. The service provides feature management capabilities such as enabling easy feature reuse, low latency serving, time travel, and ensuring consistency between features used in training and inference workflows. A feature group is a logical grouping of ML features whose organization and structure is defined by a feature group schema. Until today, customers could add metadata tags only to feature groups which in turn enabled easy search and discovery of a feature group. To search for a specific feature however was more complicated. Customers needed to know which feature group the feature belongs and then scan for the relevant feature in the feature group, leading to additional overhead while searching for features.
AWS Security Hub launches 36 new security best practice controls
AWS Security Hub has released 36 new controls for its Foundational Security Best Practice standard (FSBP) to enhance your Cloud Security Posture Management (CSPM). These controls conduct fully-automatic checks against security best practices for AWS Auto Scaling, AWS CloudFormation, Amazon CloudFront, Amazon Elastic Compute Cloud (EC2), Amazon Elastic Container Registry (ECR), Amazon Elastic Container Service (ECS), Amazon Elastic File System (EFS), Amazon Elastic Kubernetes Service (EKS), Elastic Load Balancing (ELB), Amazon Kinesis, AWS Network Firewall, Amazon OpenSearch Service, Amazon Redshift, Amazon Simple Storage Service (S3), Amazon Simple Notification Service (SNS), and AWS WAF. If you have Security Hub set to automatically enable new controls and are already using AWS Foundational Security Best Practices, these controls are enabled for you by default. Security Hub now supports 223 security controls to automatically check your security posture in AWS.
AWS Identity and Access Management introduces IAM Roles Anywhere for workloads outside of AWS
AWS Identity and Access Management (IAM) now enables workloads that run outside of AWS to access AWS resources using IAM Roles Anywhere. IAM Roles Anywhere allows your workloads such as servers, containers, and applications to use X.509 digital certificates to obtain temporary AWS credentials and use the same IAM roles and policies that you have configured for your AWS workloads to access AWS resources.
AWS announces a streamlined deployment experience for .NET applications in .NET CLI and Visual Studio
We are happy to announce the general availability of the new streamlined deployment experience for .NET applications. With sensible defaults for all deployment settings, you can now get your .NET application up and running in just one click, or with a few easy steps — without needing deep expertise in AWS. You will receive recommendations on the optimal compute for your application, giving you more confidence in your initial deployments. You can find it in the AWS Toolkit for Visual Studio using the new “Publish to AWS” wizard. It is also available via the .NET CLI by installing AWS Deploy Tool for .NET.
Key capabilities: * Compute recommendations — get the compute recommendations and learn which AWS compute is best suited for your application.
* Dockerfile generation — the Dockerfile will be auto-generated if required by your chosen AWS compute.
* Auto packaging and deployment — your application will be built and packaged as required by the chosen AWS compute. The tooling will provision the necessary infrastructure and deploy your application using AWS CDK.
* Repeatable and shareable deployments — you can generate well organized and documented AWS CDK deployment projects and start modifying them to fit your specific use-case. Then version control them and share with your team for repeatable deployments.
* CI/CD integration — turn off the interactive features and use different deployment settings to push the same application bundle to different environments.
* Help with learning AWS CDK for .NET! — gradually learn the underlying AWS tools that it is built on, such as the AWS CDK.
Amazon WorkMail now supports invoking Lambda to fetch availability (free/busy)
Amazon WorkMail now supports invoking AWS Lambda for user availability, through Custom Availability Provider Lambda (CAP Lambda). CAP Lambda are a new way for WorkMail to get availability information from external availability sources. A customer can use these CAP Lambda to give WorkMail access to availability information for users on other calendaring providers they own, even if their endpoints are private, or if they do not have an Exchange Web Services (EWS) endpoint.
AWS Snowcone SSD is now available in the AWS Europe (Paris) Region
The AWS Snowcone solid state drive (SSD) device is now available in the AWS Europe (Paris) Region, adding to our growing list of Regions already offering Snowcone SSD, including AWS US East (Ohio), US East (N. Virginia), US West (Oregon), US West (N. California) Asia Pacific (Singapore), Asia Pacific (Tokyo), Asia Pacific (Sydney), Europe (Frankfurt), Europe (Ireland), Europe (London), Asia Pacific (Mumbai), Canada (Central), and South America (São Paulo).
Amazon GuardDuty introduces new machine learning capabilities to more accurately detect potentially malicious access to data stored in S3 buckets
Amazon GuardDuty has incorporated new machine learning techniques that are highly effective at detecting anomalous access to data stored in Amazon Simple Storage Service (Amazon S3) buckets. This new capability continuously models S3 data plane API invocations (e.g. GET, PUT, and DELETE) within an account, incorporating probabilistic predictions to more accurately alert on highly suspicious user access to data stored in S3 buckets, such as requests coming from an unusual geo-location, or unusually high volumes of API calls consistent with attempts to exfiltrate data. The new machine learning approach can more accurately identify malicious activity associated with known attack tactics, including data discovery, tampering, and exfiltration. The new threat detections are available for all existing Amazon GuardDuty customers that have GuardDuty S3 Protection enabled, with no action required and at no additional costs. If you are not using GuardDuty yet, S3 protection will be on by default when you enable the service. If you are using GuardDuty, and are yet to enable S3 Protection, you can enable this capability organization-wide with one-click in the GuardDuty console or through the API.
Amazon OpenSearch Service announces the availability of quota information through Service Quotas
Amazon OpenSearch Service now allows users to view default quota and applied quota information through Service Quotas. Quotas, also referred to as limits in AWS services, are the maximum values for the resources, actions, and items in your AWS account. Each AWS service defines its quotas and establishes default values for those quotas. Depending on your business needs, you might need to increase your service quota values. Service Quotas enables you to look up your service quotas and to request quota increase. AWS Support might approve, deny, or partially approve your requests.
AWS CloudFormation StackSets is now available in the AWS Asia Pacific (Jakarta) Region
AWS CloudFormation has expanded the availability of StackSets to the AWS Asia Pacific (Jakarta) Region. StackSets allows you to provision and manage deployment of cloud resources to multiple AWS accounts and Regions in a single operation. StackSets is integrated with AWS Organizations, so you can take advantage of automatic deployments whenever an AWS account enters an organization.
AWS CloudFormation StackSets announces support for account level targeting in an Organizational Unit
AWS CloudFormation StackSets launched a new feature that allows you to deploy stack sets to selected AWS accounts in an Organizational Unit (OU) in a single operation. You can use this feature to target or skip stack sets deployment to AWS accounts within an OU. For example, you can use this feature to skip deployment of an AWS Config policy in AWS accounts that already have the policy within an OU. In a few clicks, you can re-deploy stack sets to those AWS accounts in which the earlier stack sets deployment had failed. Similarly, you can skip stack set deployment to suspended AWS accounts in an OU.
Announcing general availability of Amazon EC2 M1 Mac instances for macOS
Amazon Elastic Compute Cloud (Amazon EC2) M1 Mac instances are now generally available (GA). Built on Apple Silicon Mac mini computers and powered by the AWS Nitro System, Amazon EC2 M1 Mac instances deliver up to 60% better price performance over x86-based EC2 Mac instances for building and testing iOS and macOS applications. You still enjoy the same elasticity, scalability, and reliability that the secure, on-demand AWS infrastructure has offered to millions of customers for more than a decade. EC2 M1 Mac instances also enable native Arm64 macOS environments for the first time on AWS to develop, build, test, deploy, and run applications for Apple devices. As a developer who is rearchitecting your macOS applications to natively support Apple Silicon Macs, you can now provision Arm64 macOS environments within minutes, dynamically scale capacity as needed, and benefit from pay-as-you-go pricing to enjoy faster builds and convenient distributed testing. To learn more or get started, see Amazon EC2 Mac Instances.
Amazon EC2 Auto Scaling customers can now monitor their predictive scaling policy using Amazon CloudWatch
EC2 Auto Scaling now publishes predictive scaling policy’s forecasts as a CloudWatch metric, enabling you to analyze, monitor, and set alarms on the accuracy of predictive scaling. Predictive Scaling is a scaling policy that proactively increases the capacity of your Auto Scaling group ahead of predicted demand, improving the availability of your application while reducing the need to stay overprovisioned that otherwise would have increased your EC2 bill. As predictive scaling only increases the capacity for your Auto Scaling groups, applying it to your current scaling configurations strictly enhances your application availability. However, an inaccurate prediction can potentially increase your cost. Now, you can use the extensive list of CloudWatch features to measure accuracy of predictions, view forecasts using the familiar CloudWatch graphs, and also set automatic alarms and notifications when predictions are above your desired levels.
AWS IoT Core now makes it easier to provision IoT devices to different AWS accounts and simplifies registrations of certificate authorities — general availability
Today, AWS announced the general availability of a new feature of AWS IoT Core that simplifies the registration of certificate authorities (CAs) necessary for device provisioning and makes it easier to move devices between customers’ multiple AWS accounts within the same AWS region and between different regions. This reduces the complexity of registering devices to AWS IoT Core and helps customers accelerate the development lifecycle for their IoT implementations when using AWS IoT Core Just-in-Time Provisioning (JITP) and Just-in-Time Registration (JITR) device provisioning methods of AWS IoT Core.
Amazon Keyspaces (for Apache Cassandra) adds console access for the BillableTableSizeInBytes CloudWatch metric
Amazon Keyspaces (for Apache Cassandra) is a scalable, serverless, highly available, and fully managed Apache Cassandra-compatible database service.
