re:Invent re:Cap 2023: Evolving your architecture

Transcript

1. Evolving your architecture

2. Updates

3. Amazon RDS for SQL Server now supports db.t3.micro instances ||

   Amazon EC2 High Memory instances now available in Europe (Milan) Region || Amazon ElastiCache now supports network-optimized C7gn Graviton3-based nodes || Amazon EC2 C7g, M7g and R7g instances are now available in additional AWS Regions | Announcing general availability of Amazon EC2 DL2q instances || Amazon Aurora R6g and T4g instances now available in 9 additional regions || Amazon RDS fo PostgreSQL supports minor versions 15.5, 14.10, 13.13, 12.17, and 11.22 || Amazon Verified Permissions now supports batch authorization || Amazon EC2 Mac nstances now support Apple macOS Sonoma || Amazon EC2 C7g, M7g and R7g instances are now available in additional AWS Regions || Amazon OpenSearch Service now supports OpenSearch version 2.11 || Amazon Verified Permissions now provides an enhanced visual mode for schema editing || Amazon Elastic Block Store announces io2 Block Express volumes available on all EC2 Nitro instances || AWS IoT SiteWise announces Query API for metadata, and telemetry data retrieva | Amazon QuickSight launches a new redesigned analysis experience || Amazon EMR Studio is now available in 4 new AWS Regions || AWS Entity Resolution is now Health Insurance Portability and Accountability Act (HIPAA) eligible || Amazon EFS now supports up to 250,000 IOPS per file system || Automate AWS Control Towe anding zone operations using APIs || AWS Systems Manager Automation makes it easier to author runbooks with new low-code visual design experience || ENA Express supports 58 new instances with sizes as small as 16 vCPUs || Announcing Amazon EC2 High Memory U7i instances (Preview) || AWS Backup now supports Amazon Elastic Block Store (EBS) Snapshots Archive || AWS Control Tower announces 65 new controls to help meet digital sovereignty requirements || Amazon MSK now supports Graviton3-based M7g instances for new provisioned clusters || Announcing the general availability of Amazon RDS for Db2 || Announcing new Amazon EC2 R8g instances powered by AWS Graviton4 processors (Preview) || Amazon Connect launches no-code UI builder to configure step-by-step guides || Amazon Connect now supports two-way SMS || Amazon Connect now offers in-app, web, and video calling || AWS announces OR1 for Amazon OpenSearch Service || EC2 Hibernate now supports Amazon EC2 C7a, C7i, R7a, R7i and R7iz Instances || Amazon Redshift extends SUPER data type column size support to 16 MB || AWS DMS adds support for Amazon Relational Database Service for Db2 as a target endpoint || Amazon EC2 M7i-flex and M7i instances are now available in 8 additional AWS Regions || Amazon EC2 C7gd, M7gd, and R7gd instances now available in additional regions || Amazon EC2 C6gn instances are now available in an additional region | AWS CloudShell has migrated to Amazon Linux 2023 (AL2023) || Amazon RDS for MariaDB supports minors 10.11.6, 10.6.16, 10.5.23, 10.4.32 || Amazon EC2 M6id nstances are now available in additional regions || Amazon DevOps Guru achieves FedRAMP Moderate compliance || Amazon MQ now supports RabbitMQ version 3.10.25 || Amazon SNS now supports sending SMS from Asia Pacific (Jakarta) || Amazon AppStream 2.0 now supports Microsoft Windows Server 2022 images | Amazon Linux announces support for KVM and VMWare images with AL2023.3 || Amazon EC2 M7g instances are now available in additional regions || Amazon RDS or SQL Server supports minor version 2022 CU10 || AWS Control Tower Landing Zone updates managed policies and controls || Amazon EC2 HPC instances now available in additional regions || AWS Cloud9 now supports Amazon Linux 2023 || AWS Security Hub launches 15 new security controls || Amazon DynamoDB loca adds support for two DynamoDB API features || Amazon Elastic Container Registry now supports wildcards in lifecycle policies || AWS Elemental MediaConnect now available in three additional AWS Regions || AWS AppFabric now supports 7 additional applications || AWS Network Firewall egress TLS inspection is now available in all regions || AWS Audit Manager now supports PCI 4.0 for automated evidence collection || Amazon Route 53 Resolver Endpoints now supports DNS-over-HTTPS DoH) || EFA support for Open MPI 5.0 now available || AWS Config now supports 1000 AWS Config rules per AWS Region per account || Amazon Aurora supports PostgreSQL 15.5, 14.10, 13.13, 12.17 || VPC Traffic Mirroring is now available in four additional regions || Amazon CloudFront now supports 4096-bit RSA TLS certificates || CodePipeline supports GitLab self-managed || Amazon Cognito identity pools enhances quota management in AWS Service Quotas || AWS Systems Manager now supports Ubuntu 23.04, Debian 12, MacOS 14, and SUSE SP5 || Amazon OpenSearch Service now supports TLS 1.3 and perfect forward secrecy | Amazon OpenSearch Service expands Graviton2 support to six additional regions || AWS CloudShell now supports Docker in 13 Regions || ROSA with hosted contro planes (HCP) is generally available || AWS Config now supports 22 new resource types || Amazon SageMaker Canvas is now available in 6 new Regions || Amazon WorkSpaces Thin Client is now generally available || Amazon Location Service launches CloudFormation support for API keys and resource management || AWS Control Tower now provides controls to meet data residency requirements || Cost Anomaly Detection extends CloudFormation region support || Amazon SNS now everything everywhere all at once

4. https://aws.amazon.com/blogs/aws/new-aws-public-ipv4-address-charge-public-ip-insights/

5. IPv6 related updates AWS Global Accelerator AWS Lambda AWS App

   Runner Amazon Virtual Private Cloud (Amazon VPC) Amazon Elastic Kubernetes Service (Amazon EKS) Amazon S3 on Outposts

6. DevSecOps

7. None

8. Plan

9. CloudFront KeyValueStore https://aws.amazon.com/cloudfront/

10. CloudFront KeyValueStore https://aws.amazon.com/cloudfront/

11. CloudFront KeyValueStore

12. CloudFront KeyValueStore Functions KeyValueStore Users Amazon CloudFront

13. CloudFront KeyValueStore Functions KeyValueStore Users Amazon CloudFront

14. ECS, Fargate, EBS https://aws.amazon.com/blogs/aws/amazon-ecs-supports-a-native-integration-with-amazon-ebs-volumes- for-data-intensive-workloads/

15. EFS - 2023 Storage Class Storage GB-month Reads GB Writes

    GB Tiering GB Max IOPS Read/Write Standard Regional $ 0.30 $ 0.03 $ 0.03 n/a 55,000 25,000 Standard One Zone $ 0.16 $ 0.03 $ 0.06 n/a 35,000 7,000 IA Regional $ 0.025 $ 0.04 $ 0.04 $ 0.01 55,000 25,000 IA One Zone $ 0.0133 $ 0.04 $ 0.06 $ 0.01 35,000 7,000

16. EFS - 2024 Storage Class Storage GB-month Reads GB Writes

    GB Tiering GB Max IOPS Read/Write Standard Regional $ 0.30 $ 0.03 $ 0.03 n/a 250,000 50,000 Standard One Zone $ 0.16 $ 0.03 $ 0.06 n/a 35,000 7,000 IA Regional $ 0.016 $ 0.04 $ 0.04 $ 0.01 65,000 50,000 IA One Zone $ 0.0133 $ 0.04 $ 0.06 $ 0.01 35,000 7,000 Archive Regional $ 0.008 $ 0.06 $ 0.06 $ 0.03 65,000 50,000

17. AWS Backup Restore Testing https://aws.amazon.com/blogs/aws/automatic-restore-testing-and-validation-is-now-available-in-aws-backup/

18. Code

19. AWS SDKS

20. CodeWhisperer General purpose languages IaC Languages IDEs Security

21. CodeWhisperer for Command Line https://fig.io/

22. CodeWhisperer for Command Line https://aws.amazon.com/blogs/devops/introducing-amazon-codewhisperer-for-command-line/

23. Application Composer https://aws.amazon.com/blogs/aws/ide-extension-for-aws-application-composer-enhances-visual-modern-applications-development-with-ai-generated-iac/

24. AWS Toolkit

25. Build/Release/Deploy

26. Amazon CodeCatalyst https://aws.amazon.com/codecatalyst/

27. Amazon CodeCatalyst - 2023 Free Standard $4 per user Pre-provision

    Compute - ✅ Compute minutes 2000 3000 Dev Environment hours 60 200 Source and Attachment Storage 10 GB per space 50 GB per space

28. Amazon CodeCatalyst - 2024 Free Standard $4 per user Enterprise

    $20 per user Pre-provision Compute - ✅ ✅ Compute minutes 2000 3000 1500 per user Dev Environment hours 60 200 160 per user Source, Package and Attachment Storage 10 GB per space 50 GB per space 500GB per space Custom blueprints - - ✅ Teams ✅ ✅ ✅ Single sign-on ✅ ✅ ✅ VPC Support ✅ ✅ ✅ Amazon Q (Preview) Pull Requests - 15 per space/month 20 per user/month Amazon Q (Preview) Summaries 4 per space/month 15 per space/month 20 per user/month

29. Amazon CodeCatalyst • Access Dev Environments using SSH over AWS

    Systems Manager Session Manager • Terraform Support • More User Roles

30. CodePipeline, CodeBuild • Self-managed GitLab as source in CodePipeline •

    Lambda Compute mode in CodeBuild • More features in V2 Pipelines V1 Pipeline V2 Pipeline Action-level variables ✅ ✅ Pipeline-level variables - ✅ Source Revision overrides - ✅ Git Tag Trigger configuration - ✅ Pricing $1.00 per active pipeline $ 0.002 per action execution minute

31. Operate

32. ECR pull through cache Amazon Elastic Container Registry (Amazon ECR)

    Amazon ECR Public registry.k8s.io Quay.io

33. ECR pull through cache Amazon Elastic Container Registry (Amazon ECR)

    Amazon ECR Public registry.k8s.io Quay.io Docker Hub Azure Container Registry GitHub Container Registry

34. S3 Batch Operations

35. S3 Batch Operations Specify entire bucket, prefix, suffix, creation date,

    or storage class

36. Long Term Support • EKS Extended Support • 26 months

    after availability (+ 12 from standard) • $ 0.60 per cluster-hour (+ 0.50 form standard) • Automatic • RDS MySQL and RDS PostgreSQL • + 3 years from standard • eu-west-1: + $ 0.112 per vCPU-hour, doubles in year 3 • Automatic

37. Monitor

38. Amazon CloudWatch https://aws.amazon.com/cloudwatch/

39. CloudWatch Metrics and Alarms • External Data Sources • Cross-Account

    Metrics Insights • Directly trigger Lambda from an Alarm https://aws.amazon.com/blogs/aws/new-use-amazon-cloudwatch-to- consolidate-hybrid-multi-cloud-and-on-premises-metrics/

40. CloudWatch Logs - 2023 Standard Ingestion $ 0.50 / GB

    Storage $ 0.03 / GB Logs Insights (Query) ✅ Cross-Account Support ✅ Extract Metrics ✅ Sensitive Data Protection ✅ Live Tail ✅

41. CloudWatch Logs - 2024 Standard Infrequent Access Ingestion $ 0.50

    / GB $ 0.25 / GB Storage $ 0.03 / GB $ 0.03 / GB Logs Insights (Query) ✅ ✅ Cross-Account Support ✅ ✅ Extract Metrics ✅ - Sensitive Data Protection ✅ - Live Tail ✅ - Anomaly Detection Pattern Analysis ✅ -

42. CloudWatch Logs – Subscription filter Amazon Kinesis Data Firehose Amazon

    Simple Storage Service (Amazon S3) Amazon Simple Storage Service (Amazon S3)

43. CloudWatch Logs – Subscription filter Amazon Kinesis Data Firehose Amazon

    Simple Storage Service (Amazon S3) Account Level Subscription

44. Application Signals (Preview) • Java libraries and frameworks supported by

    the AWS Distro for OpenTelemetry • EKS add-on • ECS and EC2 supported using CloudWatch Agent

45. Security

46. GuardDuty https://aws.amazon.com/guardduty/

47. GuardDuty Runtime monitoring Amazon EKS Foundational sources AWS CloudTrail VPC

    Flow Logs DNS logs Optional sources Amazon EKS Audit Logs AWS Lambda Flow Logs Amazon Aurora Login events Amazon S3 Data Events Malware protection Amazon EBS Amazon GuardDuty User

48. GuardDuty Runtime monitoring Amazon EKS Amazon ECS Amazon EC2 Foundational

    sources AWS CloudTrail VPC Flow Logs DNS logs Optional sources Amazon EKS Audit Logs AWS Lambda Flow Logs Amazon Aurora Login events Amazon S3 Data Events Malware protection Amazon EBS Amazon GuardDuty User

49. Inspector CI/CD Container Scanning TeamCity Jenkins Custom Agentless Scanning AWS

    Lambda Amazon EBS

50. Identity and Access Management Amazon EKS Pod Identity Amazon Athena

    User Identities Amazon MSK IAM Support AWS Data Exchange Data Grants Amazon EKS IAM Cluster Management Amazon S3 Access Grants

51. More?

52. https://partyrock.aws/

53. Thank you! Ben Bridts [email protected] @BenBridts | @WeAreCloudar www.cloudar.be