AWS’s re:Invent 2019 doesn’t start until next week but the pre re:Invent announcement keep on coming. Here’s the second part of our round up of the key announcements before the week that is re:Invent.

It’s about all of the things

If you are dealing with distributed edge devices, the chances are IoT is a signifcant part of your world. If it is, there’s been some significant IoT announcements – see https://aws.amazon.com/blogs/aws/welcome-to-aws-iot-day/ – including:

  • Secure tunnelling;
  • Fleet provisioning at scale;
  • Alexa voice and container support;
  • Data stream processing at the edge using Greengrass.

Managing access through identity

Centralising access to AWS to an existing identity provider (such as Azure AD) is a common and recommended pattern. AWS has now extended that so that attributes associated with a user in the identity provider can now be used to evaluate access to services. Previously, users would have to be associated with different groups to achieve the same outcome. This new approach simplifies and enhances the flexibility of providing least privileged access to services. https://aws.amazon.com/blogs/aws/new-for-identity-federation-use-employee-attributes-for-access-control-in-aws/.

AWS Managed Rules for WAF

AWS WAF has been available for a number of years. Now, AWS has added managed rules. The AWS Threat Research Team maintains these managed rules. They will also add new rules as additional threats are identified. To get started, simply add a managed rule group to your AWS WAF  and it will immediately start to protect against common threats. Best of all, the AWS Managed Rules are free. https://aws.amazon.com/blogs/aws/announcing-aws-managed-rules-for-aws-waf/

CloudWatch updates

CloudWatch is an essential tool for visibility of your AWS environment. Recently, there has been a whole heap of announcements for CloudWatch!

Is AppConfig an alternative to Elastic Beanstalk?

AWS Elastic Beanstalk was actually released at the end of 2010, making it one of the earlier AWS services! To put that into perspective, that’s only shortly after Route 53 and CloudFormation and before IAM! It has gone through many iterations and updates since then and it is still a popular tool for simple infrastructure and application deployment.

Today, AWS has announced a new service in this space, AppConfig. It’s very much aimed at application configuration. As such, although it crosses over with Elastic Beanstalk, it doesn’t replace it. AppConfig is about controlled changes to existing infrastructure. Beanstalk can also deploy the infrastructure for the applications. AppConfig’s mantra is safe and fast deployments, that are not dependent on a code deployment. It also includes auto-rollback based on CloudWatch alarms. It’s a service that certainly will simplify the management of applications. https://aws.amazon.com/blogs/aws/safe-deployment-of-application-configuration-settings-with-aws-appconfig/.

We love a good tag

Tagging is an essential tool in your management kit for Cloud environments. You can use it for managing billing, security, access, all kinds of “ilities”! Implementing a good tagging strategy has always required discipline and a little planning. That hasn’t changed but AWS have just made it a whole lot easier with Tag Policies. This new capability allows you to manage tags across your AWS Organization. It allows you to set rules and provides a dashboard of your tag compliance across accounts. We are excited to add this one to our tagging arsenal! https://aws.amazon.com/blogs/aws/new-use-tag-policies-to-manage-tags-across-multiple-aws-accounts/

Load balancer updates

AWS has provided load balancing capability forever. They have 3 seperate services depending on your needs. This week, AWS announced a bunch of new features for ALB and NLBs – see https://aws.amazon.com/blogs/aws/aws-load-balancer-update-lots-of-new-features-for-you/. These are our favourites.

For ALBs:

  • Weighted target groups which is handy for disparate EC2 instance types or for canary style deployments;
  • Least outstanding request routing so that traffic can be processed by the endpoint with the smallest queue, offering great efficiency in resource usage. Previously, the ALB only supported round robin.

For NLBs:

  • You can now add subnets to an existing NLB. For example, you might want to convert a NLB to be multi-AZ (and you should!);
  • Private IP addresses can be defined instead of automatically assigned. This is handy for NLBs where the use case is often a static IP both for public and private endpoints.

Next stop, re:Invent announcements

We will be providing updates from re:Invent during the main event next week so stay tuned for all the action!

To see previous pre re:Invent announcements, check out part 1 at https://www.redbearit.com.au/blog/aws/pre-reinvent-part-1/.

Close Menu