AWS Re:invent announcements day 1

Other Re:invent 2021 content:

• Full list of announcements with links to docs and blog posts
• Day 1 highlights
• Day 2 highlights
• Day 3 highlights
• Day 4 highlights

Here are the most interesting announcements from the first day of AWS Re:invent for me:

S3 event improvements

Announcements:

• Amazon S3 Event Notifications with Amazon EventBridge help you build advanced serverless applications faster (docs)
• Amazon S3 adds new S3 Event Notifications for S3 Lifecycle, S3 Intelligent-Tiering, object tags, and object access control lists

If you’ve ever tried setting up s3 event-driven applications before, there were a couple of options which worked, but weren’t great. You could either trigger a lambda directly from s3 or push the events into SNS / SQS. Alternatively you could use glue and duct tape and hook into EventBridge by setting up CloudTrail Data Events which required far too much configuration — particularly if you wanted to capture events from many buckets.

With this new release, it’s as simple as flipping a switch on the s3 bucket in order to route events to dozens of targets inside AWS (or outside with API destinations), archive events for replay, etc. This costs $1.00 / million events.

They’ve added new event types as well if you need to handle objects in different storage tiers, or react to permission changes.

Athena ACID Transactions powered by Apache Iceberg

Athena gets more powerful with this release with new read, write, delete, and “time travel” via Apache Iceberg. Being able to reach into s3 to delete user data has been a particular pain point for us at Wave and caused us to do things like full nightly dumps instead of streaming our data into S3. Looking forward to digging into this more.

EBS Snapshot Improvements

Announcements:

• Amazon EBS Snapshots introduces a new tier, Amazon EBS Snapshots Archive, to reduce the cost of long-term retention of EBS Snapshots by up to 75%
• Recover from accidental deletions of your snapshots using Recycle Bin

We don’t use EBS snapshots that much, but I’m hopeful that these improvements will make their way to RDS snapshots during the upcoming year.

EBS Snapshots Archive seems like a straightforward way of saving money on those snapshots that you need to keep around in case of emergency.

Recycle Bin is interesting from a security perspective especially if you can enforce its application at the account level (sounds like you can) or org level (not sure if this is there) which would provide a layer of security and recovery time in case of accidental or malicious deletion of snapshots.

AWS Control Tower Terraform account provisioning and customization

Control Tower now integrates with Terraform for account provisioning. Interestingly this is the 2nd Terraform integration launched by AWS within the last week (AWS Proton now supports Terraform Open Source for infrastructure provisioning).

The setup looks pretty complex, but definitely still interesting for companies who use Terraform as their primary Infrastructure as Code tool.

AWS CloudWatch Improvements

Announcements:

• Introducing Amazon CloudWatch Metrics Insights (Preview)
• Introducing Amazon CloudWatch RUM for monitoring applications’ client-side performance
• Introducing Amazon CloudWatch Evidently for feature experimentation and safer launches

Metrics Insights looks like a powerful new query tool for your metrics. It includes a visual query builder as well as SQL support for quickly sharing queries. During my testing, queries came back pretty much instantly.

It comes with a bunch of Sample Queries which seem to also be available directly within the UI:

CloudWatch Real User Monitoring (RUM) means another feature that you would’ve needed a separate tool like Datadog or New Relic can now be done within AWS.

CloudWatch Evidently is a feature flagging + AB testing tool (think Optimizely). AWS continues to expand with services competing with entire billion dollar companies.

AWS announces the new Amazon Inspector for continual vulnerability management

The release of InspectorV2 makes it a lot easier to configure — it can be enabled for your entire organization with a single click. It also no longer requires a standalone agent — instead it’s built into the Systems Manager agent which is already installed by default on most (all?) AWS provided AMIs.

Inspector now supports continuous scanning of Docker containers in ECR in addition to scanning EC2 instances. This appears to be powered by Snyk.

They claim improved risk score generation and SecurityHub integration, but I’ll need to test out those claims myself.

That’s a wrap for Re:invent Day 1! There were many more that weren’t as applicable to me — it looks like AWS is keeping a page up to date with all the news. I’ll be back with a Day 2 summary tomorrow!