rights reserved. Pertinent announcements since June 2017 Docker Device and Init Flags in Container Task Definitions Amazon ECS Allows Containers to Directly Access Environmental Metadata Announcing New AWS Deep Learning AMI for Amazon EC2 P3 Instances Amazon EC2 Systems Manager Parameter Store Adds Versioning Support Amazon EC2 Systems Manager Now Integrates With GitHub Application Load Balancers Now Support Multiple TLS Certificates With Smart Selection Using SNI Introducing Amazon EC2 P3 Instances Introducing Lifecycle Policies for Amazon EC2 Container Registry Application Load Balancers now support multiple SSL certificates EC2 Per second billing ECS Adds Support for Adding or Dropping Linux Capabilities to Containers Network Load Balancer now supports load balancing to IP addresses as targets Amazon EC2 Spot Can Now Stop and Start Your Spot Instances Amazon EC2 Systems Manager Run Command Adds Tag-Based Permissions and Multi- Tag Support Auto Scaling Lifecycle Hooks Enhancements A new addition to the Amazon EC2 memory-optimized X1 Instance family – x1e.32xlarge Amazon EC2 Container Service Now Integrated with Network Load Balancer Application Load Balancer Adds Support for New RequestCountPerTarget CloudWatch Metric EC2 Systems Manager Now Supports Linux Patching Sync Amazon EC2 Systems Manager Inventory Data to Amazon S3 Buckets ECS RunTask and StartTask APIs now support additional override parameters EC2 Systems Manager Adds Hierarchy, Tagging, and Notification Support for Parameter Store Announcing Network Load Balancer for Elastic Load Balancing Announcing improved networking performance for Amazon EC2 instances Application Load Balancer now supports load balancing to IP addresses as targets Amazon EC2 Systems Manager Adds Configuration Compliance Reporting and Auto- Remediation Amazon ECS is now HIPAA Eligible Amazon EC2 Systems Manager now HIPAA eligible Tag Your Spot Fleet EC2 Instances Introducing Amazon EC2 G3 Instances, the next-generation of GPU-powered instances for graphics-intensive applications Support for LCU metrics on Classic Load Balancer Amazon EC2 Systems Manager Adds Cross-Platform and Multi-Step Document Support Amazon EC2 Systems Manager Adds Raspbian OS and Raspberry Pi Support Introducing Target Tracking Scaling Policies for Auto Scaling
rights reserved. C5 Compute-optimized with 3.0GHz Intel Skylake P3 Next-gen GPU instances suitable for ML, HPC R4 Memory optimized (up to 488GiB) I3 High I/O with NVMe SSD 10k-300k IOPS X1e In-memory databases - up to 3.8TiB, 128vCPU D2 Up to 43TiB HDD EC2 Instance Types
rights reserved. Miscellaneous changes, features ▪ IPv6 ▪ KVM hypervisor for new instance types ▪ Elastic Network Adapter - 25 Gbps ▪ Per second billing ▪ Elastic GPUs ▪ Target Tracking Scaling Policies for Auto Scaling ▪ New regions 2016 - Ohio, Canada, London, Mumbia, Seoul Soon - China (Ningxia), Paris, Stockholm, Hong Kong, Bahrain #awswishlist - Kenya
rights reserved. EC2 Container Service ▪ Elastic Container Registry ▪ Docker Device and Init Flags in Container Task Definitions ▪ CloudWatch metrics for CPU and memory utilization across the cluster ▪ IAM roles for ECS tasks ▪ github.com/blox/blox marching towards v1.0 ▪ 3rd party tooling (Convox, Empire) ▪ Integration with Application Load Balancer ▪ Run tasks on a schedule ▪ Execute tasks in response to CloudWatch events
rights reserved. EC2 Systems Manager Superpowers for EC2 instances and on-premises systems. ▪ Remote command execution with Run Commands ▪ Controlled secrets and configuration data with the Parameter Store ▪ Periodic tasks with the State Manager and Maintenance Windows ▪ Stepwise Automation workflows for initializing nodes ▪ Collect and query Inventory and Patch status
rights reserved. Key Systems Manager Benefits ✓ All actions recorded in CloudTrail (e.g. immutable audit trail) ✓ Trigger SNS, Lambda from Systems Manager events ✓ Store command history and output to S3 ✓ Fine-grained access control to Run Commands ✓ Integration with Config to track changes over time
rights reserved. The SSM Agent ▪ Open source (Golang) executable for Linux and Windows ▪ Available for cloud and on-premises systems ▪ Assign IAM role with permissions to interface with SSM API ▪ Install at boot or on existing systems ▪ Polls for commands to execute