2. ANALYTICS
•Amazon Kinesis Video Streams is now available in nine more regions (must be awesome?)
•Amazon MSK adds support for Apache Kafka version 2.3.1 (this is managed Kafka)
•Amazon EMR now supports AWS PrivateLink (no more traversing Internet!)
•Amazon Kinesis Data Analytics now supports Apache Flink 1.8 (connectors, SQL magic, performance)
•Introducing Open Monitoring with Prometheus for Amazon MSK (keep Prometheus w/ MSK!)
•Amazon QuickSight launches new analytical functions, Athena Workgroup and Presto VPC connector
support (yay statistics + Athena cost control + Presto!)
3. APPLICATION INTEGRATION
•AWS Step Functions now supports AWS PrivateLink (interface w/ Lambda w/out traversing Internet)
•Application Auto Scaling now provides scaling activity updates via Amazon EventBridge (check this out)
•Amazon MQ introduces throughput-optimized message brokers (for intense workloads)
•Amazon SQS Now Supports 1-Minute CloudWatch Metrics (used to be 5)
4. BUSINESS APPLICATIONS
•Alexa for Business adds end of meeting reminders, intelligent room release and meeting room
utilization metrics. (yay for simplified room booking)
5. COMPUTE, PT. 1
•EKS
•Beta Release of Amazon FSx for Lustre CSI Driver
•Enables network access restrictions to Kubernetes cluster public endpoints (e.g.
easier to interact w/ Kubernetes native API from outside by exposing private
endpoints via public)
•DNS Resolution for EKS Clusters Using Private Endpoints (easier for on-prem &
peering VPC’s)
•ECS -> a new CLI to launch/manage containerized apps easier (best practices enforced,
guided walkthroughs)
•Session Manager now available directly from the Amazon EC2 console (easier to use)
🤯
6. COMPUTE, PT. 2
• EC2 Fleet -> “Preferential” use of Available Capacity Reservations (cost savings $$$!!!)
• EC2 Spot -> Instance Launch Notifications via CloudWatch Events (visibility)
• EC2 instances featuring AMD EPYC processors are now available in additional regions
• Attach multiple Elastic Inference accelerators to a single EC2 instance (+ inference w/out
scaling instances)
• AWS Elastic Beanstalk Launches the Windows Web Application Migration Assistant
🤯
7. CUSTOMER ENGAGEMENT
•Amazon SES now enables you to configure DKIM using your own RSA key pair
•Amazon Connect announces AWS CloudTrail support for APIs
8. DATABASE
•NoSQL Workbench for Amazon DynamoDB adds support for IAM roles & temporary security credentials
•Amazon CloudWatch Contributor Insights for Amazon DynamoDB (Preview) (see table usage trends)
•Amazon Neptune supports Cross-region Snapshot Copying (neat)
•Amazon ElastiCache for Redis adds support for Redis 5.0.6 with additional stability and metering improvements
(also neat)
•Amazon DocumentDB (with MongoDB compatibility) is now available in the Canada (Central) region (moose on
the loose!)
9. ALERT!
Urgent & Important – Rotate Your Amazon RDS, Aurora,
and Amazon DocumentDB (with MongoDB compatibility)
Certificates
WHO: anyone using SSL/TLS certificate validation to connect to your database instances
STEPS: do the following:
1. Download & install a fresh cert
2. Rotate the CA for the instances
3. Reboot instances
10. DEVELOPER TOOLZ
•New Amazon Corretto Repositories and Permanent URLs are Now Available (e.g. always pull down latest)
•AWS CodePipeline Now Supports Atlassian Bitbucket Cloud (warning: beta)
•AWS Cloud9 is now available in 6 more regions (great for serverless apps & local dev)
•AWS CodeBuild Now Supports Cross-Account Resource Sharing (great for governance)
11. END USER COMPUTING
•AppStream -> adds dual monitor support for browser based streaming sessions
•AppStream -> AWS’s latest System and Organizational Controls (SOC) audit cycle
12. GAME TECH
•New: Consistent Authorization Experience for Amazon GameLift (game servers)
•Lumberyard Beta 1.22 Now Available (New Asset Dependency Graph, Editor Performance Improvements
(game engines)
13. INTERNET OF THINGS
•AWS IoT Device Tester v1.6.0 for Amazon FreeRTOS is now available (testing eaier)
•Greengrass -> Node.js 12 and Offers a New Tool for Device Setup (up & running quicker)
•Amazon FreeRTOS -> AWS China (operated by 3rd parties) (China!)
14. MACHINE LEARNING
•New AWS Deep Learning Containers with Tensorflow 2.0 Support (more simple API, better performance)
•Amazon Lex achieves ISO Compliance (ISO = quality certification)_
•Amazon Lex Achieves HIPAA Eligibility (HIPAA = healthcare)
•Amazon Lex announces support for Conversation Logs (no extra work required, intent/utterances matched)
•Amazon Personalize now supports contextual recommendations
•Amazon Transcribe now Supports Vocabulary Filtering
•Amazon Transcribe now Supports Job Queuing for Batch Workloads
•Amazon Textract is now PCI DSS certified and extracts even more data from tables and forms
•Announcing ICD-10-CM and RxNorm Ontology Linking for Amazon Comprehend Medical
•Amazon SageMaker Ground Truth Adds Auto-Segment Feature for Semantic Segmentation Labeling (10x faster)
15. MANAGEMENT & GOVERNANCE
•Application Auto Scaling now provides notifications via the AWS Health Service
•AWS Systems Manager Automation now supports:
•targeting all instances in the account and Region (manage all the things!)
•running a single workflow in remote accounts and Regions
•adding tags to your executions (also huge)
•AWS OpsWorks for Configuration Management now supports tagging and tag-based access control
•AWS Service Catalog supports deprecation of product versions
•AWS CloudFormation updates for Amazon API Gateway, AWS CodePipeline, Amazon S3, AWS IAM,
Amazon ECS, Amazon RDS, Amazon ES, AWS Lambda and more (re:Invent + community requests)
17. NETWORKING & CONTENT DELIVERY
•CloudFront adds 8 new real-time metrics in Amazon CloudWatch (Cache Hit, Origin Latency, Error Rate)
•CloudFront now provides 7 new data fields in access logs (how content is being consumed)
•AWS Global Accelerator now supports Amazon CloudWatch metrics (yay for visibility!)
•Amazon Route 53 Resolver Endpoints for Hybrid Cloud Now Available in the Europe (Stockholm) AWS Region
18. QUICK STARTS
•Quick Start Update: SharePoint Server on the AWS Cloud (1-2 hours!)
•New Quick Start deploys .NET serverless CI/CD on the AWS Cloud (sounds cool?)
•New Quick Start deploys .NET CI/CD on the AWS Cloud (don’t worry, only 40 min)
20. SECURITY
•Security Hub releases updates and additions to the AWS Security Finding Format (easier for biz)
•AWS Security Hub integrates with AWS Firewall Manager (firewall findings -> Hub)
•AWS Security Hub integrates with Amazon Detective (new fraud tool)
•AWS Security Token Service Now Supports AWS PrivateLink in 13 New Regions (no traversing Internet!)
•AWS Certificate Manager Private Certificate Authority Now Emits State Change Events (visibility!)
•AWS Certificate Manager and Private Certificate Authority Support FIPS 140-2 Endpoints (government)
•AWS WAF improves request logging for context around matched rule (better view into false positives)
21. STORAGE
•New enhancements for moving data between Amazon FSx for Lustre and Amazon S3
•Amazon Elastic File System Now Supports Service-Linked Roles
•Amazon Data Lifecycle Manager now enables automation of snapshot copy via policies
•Amazon FSx adds enhancements to the AWS Management Console
•Data Deduplication, user storage quotas, and other recently launched administration features are now
available on all Amazon FSx file systems
22. TRAINING & CERTIFICATION
•Now Available: Digital Versions of 2 APN Partner Classroom Courses
•New Course Helps Those in Machine Learning Roles Prepare for Certification
Editor's Notes
By using AWS PrivateLink, EMR can keep your network traffic within the Amazon network using interface VPC endpoints. Your network architecture is significantly simplified as you no longer need to use an Internet Gateway, Network Address Translation (NAT) devices, or firewall proxies to connect to EMR.
EventBridge connects applications using events. An event is a signal that a system’s state has changed, such as a change in the status of a customer support ticket. To write code to react to events, you need to know the event’s schema, which includes information such as the title, format, and validation rules for each piece of event data.
Amazon MQ - high volume order processing, stock trading, text processing and many more
In addition to Amazon CloudWatch, you now have the option to monitor your Amazon Managed Streaming for Apache Kafka (Amazon MSK) clusters using Prometheus, an open source monitoring system for time-series metrics. Open Monitoring with Prometheus enables you to monitor Amazon MSK using solutions like Datadog, Lenses, New Relic, Sumo logic, or a Prometheus server, and easily migrate your existing monitoring dashboards to Amazon MSK.
By using AWS PrivateLink, you can access Step Functions while keeping your network traffic within the Amazon network using interface VPC endpoints. Your network architecture is significantly simplified as you no longer need to use an Internet Gateway, Network Address Translation (NAT) devices, or firewall proxies to connect to AWS Step Functions.
EventBridge connects applications using events. An event is a signal that a system’s state has changed, such as a change in the status of a customer support ticket. To write code to react to events, you need to know the event’s schema, which includes information such as the title, format, and validation rules for each piece of event data.
Amazon MQ - high volume order processing, stock trading, text processing and many more
What’s Happening?The SSL/TLS certificates for RDS, Aurora, and Amazon DocumentDB expire and are replaced every five years as part of our standard maintenance and security discipline. Here are some important dates to know:
September 19, 2019 – The CA-2019 certificates were made available.
January 14, 2020 – Instances created on or after this date will have the new (CA-2019) certificates. You can temporarily revert to the old certificates if necessary.
https://aws.amazon.com/blogs/aws/urgent-important-rotate-your-amazon-rds-aurora-and-documentdb-certificates/
Amazon Corretto is an open source, no-cost, multi-platform, production-ready distribution of the Open Java Development Kit (OpenJDK).
Corretto Yum and Corretto Apt repositories for a convenient and familiar way of keeping these installations up-to-date and easy to work into your existing processes
Curl “permanent url’s” are now also supported so you can just target 1 URL and know it’s the latest
Amazon FreeRTOS (a:FreeRTOS) is an open source operating system for microcontrollers that makes small, low-power edge devices easy to program, deploy, secure, connect, and manage. Amazon FreeRTOS extends the FreeRTOS kernel, a popular open source operating system for microcontrollers, with software libraries that make it easy to securely connect your small, low-power devices to AWS cloud services like AWS IoT Core or to more powerful edge devices running AWS IoT Greengrass.
Cache Hit Rate: The percentage of all cacheable requests for which CloudFront served the content from its cache. HTTP POST and PUT requests, and errors, are not considered cacheable requests. The Cache Hit Rate allows you to determine the proportion of your viewer requests that are served from CloudFront edge caches instead of going to your origin servers for content.
Origin Latency: The total time spent in milliseconds from when CloudFront receives a request to when it provides a response to the network (not the viewer), for requests that are served from the origin, not the CloudFront cache. Origin Latency allows you to monitor the performance of your origin server.
Error Rate by status code: The percentage of all viewer requests for which the response's HTTP status code is a particular code in the 4xx or 5xx range. This metric is available for the following error codes: 401, 403, 404, 502, 503, and 504. The Error Rate metric allows you to identify the specific type of HTTP status code behind the 4xx or 5xx errors.
Amazon Route 53 is a highly available and scalable cloud Domain Name System (DNS) service. Amazon Route 53 Resolver endpoints make hybrid cloud configurations easier to manage by enabling seamless DNS query resolution across your entire hybrid cloud. Create DNS endpoints and conditional forwarding rules to allow resolution of DNS namespaces between your on-premises data center and Amazon Virtual Private Cloud (Amazon VPC).
AWS Security Hub gives you a comprehensive view of your high-priority security alerts and compliance status across AWS accounts. (Released in June)
AWS Firewall Manager’s integration with Security Hub will send four types of findings to Security Hub: (1) resources that are not properly protected by WAF rules; (2) resources that are not properly protected by Shield Advanced; (3) Shield Advanced findings that indicate a Distributed Denial of Service attack is underway; and (4) security groups that are being used incorrectly.