AWS’s re:Invent is still almost a week away but the pre re:Invent announcement have started. Here’s the first of our round ups of the key announcements.
CloudFormation
Two key updates were announced for CloudFormation, a key tool in enabling infrastructure as code.
- StackSets add support for drift detect. Drift detect can be used to identify manual changes to services before updating a CloudFormation stack. StackSets are heavily used when applying stacks across multiple accounts. Drift detect across StackSets is a significant enhancement to managing infrastructure as code! https://aws.amazon.com/about-aws/whats-new/2019/11/cloudformation-announces-drift-detection-support-in-stackSets/;
- Have you ever inherited an environment that was build using a click ops manual process? Do you wish it could be under CloudFormation control? Well, now it can be! AWS has added support for importing these resources! https://aws.amazon.com/blogs/aws/new-import-existing-resources-into-a-cloudformation-stack.
System Manager
We have been fans of Systems Manager for a while. It’s been improving as an essential operational tool for the last few years now. As of this week, it’s even better!
- You can now get a single operational view across multiple account. With the best practice for AWS deployments recommending a multi-account approach for security and availability, this is a welcome announcement. It provides a single dashboard to view information from EC2, Config and CloudWatch. https://aws.amazon.com/blogs/aws/aws-systems-manager-explorer-a-multi-account-multi-region-operations-dashboard/;
- The automation in Systems Manager has been extended to add support for Python and Powershell scripts. Of course, we are excited about this one as it will allow us to retire some custom integration and make use of native automation for remediation (SOAR). https://aws.amazon.com/blogs/aws/new-automation-features-in-aws-systems-manager.
SSO support for the CLI
AWS SSO is a very handy service for multi-account access. It enabled role based access to accounts in an organisation. As a result, individual IAM accounts are not required in each AWS account, simplifying the management of your user access. One of the shortcomings was a lack of support for CLI based access. Of course, you could enable that, but it was clunky. It required logging in to the console. Then, it required cutting and pasting credentials into a terminal. Overall, it was not seamless!
Now, that CLI support has been added to SSO. It’s an important addition to support automation across accounts. https://aws.amazon.com/blogs/developer/aws-cli-v2-now-supports-aws-single-sign-on/
Storage, storage, storage
There were heaps of updates to AWS’s storage services. https://aws.amazon.com/blogs/aws/welcome-to-aws-storage-day/. Some of our highlights include:
- Native support for multi-AZ for the FSx for Windows file system;
- Storage de-duplication, reducing storage costs for FSx;
- Finally, fast snapshot restore provides the ability to spin up EBS volumes from snapshots far quicker than before.
EC2 lifecycling
This was probably our favourite pre re:Invent announcement. AWS has added the ability to lifecycle EC2 instances in an ASG.
We are advocates for regularly recycling internet facing instances for security reasons. If you can replace a device with a known good image, you don’t have to worry about patching it for example. RedBear have been using custom code to do that for some of our customers. Now, we can use the native support and retire that custom code. https://aws.amazon.com/about-aws/whats-new/2019/11/amazon-ec2-auto-scaling-supports-max-instance-lifetime/.
More pre re:Invent updates to come
Part 2 of the announcements can be found at https://www.redbearit.com.au/blog/aws/pre-reinvent-announcements-part-2/.
If you want to understand some more about these new features and how they might apply to you, please get in contact with us.