AWS’s re:Invent 2019 is off and running with Midnight Madness kicking off the fun. It’s not all play, though. There’s a number of interesting new announcements already. Here’s our pick for day zero at re:Invent.
IAM and S3 access analyser
This is probably our favourite announcement from Midnight Madness! IAM and S3 access analyser are new feature that analyse IAM and S3 bucket polices for access paths. All possible access paths are verified using mathematical proofs. Unintended paths are flagged and can then be remediated. It all comes out of the AWS Automated Reasoning group – have a look at this short video on what that is all about!
I’ve been looking forward to these releases since a presentation in this area at re:Invent 2018. It’s a fantastic tool in enabling least privilege access.
The IAM and S3 access analysers are available now and they are free!
Windows updates
There’s been a couple of significant updates in the Windows space.
- Do you have a problem with a legacy (dare we say heritage) pieces of software that only runs on unsupported Windows OS versions? AWS has announced the End of Support Migration Program for Windows, EMP for short. It’s a piece of software that you can use to package up an application running on Windows 2003, 2008 or 2008 R2 and install that package on Windows 2016 in AWS. In January 2020, support for Windows 2008 and 2008 R2 will end. By using EMP, you can reduce the risk of relying on an unsupported operating system. It may also help to unblock your migration away from legacy hardware;
- AWS has enhanced License Manager to deal with BYOL licenses for Windows Server and SQL. AWS has supported BYOL for a while. However, you had to develop processes and automation to manage the capacity and utilisation of the dedicated hosts. The new experience automates these major host management task including the allocation and release of dedicated hosts. It also manages host capacity, auto scaling and auto recovery of hosts. Since you associate the BYOL license with a custom image (and host resources groups), it works with Organizations and auto-scaling groups! If you want to re-use an existing Microsoft Windows license arrangement, today it is a whole lot easier!
EC2 Image Builder
Hands up who hasn’t had to manage OS images? It’s often a painful and time consuming process which is why excellent tools like Hashicorp Packer have been popular.
So why should you consider the new AWS native tool, EC2 Image Builder? For starters, it’s a fully managed service. Like Packer, it’s designed to simplify the building and maintenance of images. It allows you to define a pipeline for image creation. In the pipeline you define the underlying OS and base image, the software to install and the tests to perform. You can setup the image to re-create manually or on a schedule.
Some of the key features are:
- When component updates are available, the pipeline will automatically create a new image;
- Built in testing, such as security testing against CIS benchmarks;
- Simplified sharing of images across accounts;
- Initial support for Amazon Linux 2 and Windows 2012 and newer;
- Support for multiple platform image formats including VMware vSphere (VMDK), Microsoft Hyper-V (VHDK) and OVF.
The supported AWS software components are limited at the moment. Crucially, though, EC2 Image Builder supports the definition of custom components through a YAML template.
We are looking forward to getting our hands dirty with this one and seeing how it compares with some of the third party tools out there!
Deep Composer
Step forward the next Mozart or Johnny Rotten (insert your preferred musical reference!). Are you a frustrated musician? Maybe you answer lies in Machine Learning?
It wouldn’t be re:Invent and Midnight Madness without some kind of machine learning related hardware release. In 2017, it was Deep Lens. In 2018, it was Deep Racer. This year, we have Deep Composer, a machine learning powered keyboard. Deep Composer is intended to be a fun way to learn about AI and ML. It allows you to get started with building models without writing any code. It includes tutorials, sample code, and training data.
You don’t need a physical keyboard as there is a virtual option. However, if we do want to bring one home from re:Invent, we better check it’ll fit in the suitcase along with the sock swag. It’s 45cm long!
Midnight madness indeed
That’s a wrap from the warm up event. If you are playing along at home, the keynote is a rather unpleasant 3am start on the east cost of Australia! Stay tuned to RedBear on your favourite channels for more updates from the week.