Upgrade to Pro — share decks privately, control downloads, hide ads and more …

re:Invent 2021 re:cap

re:Invent 2021 re:cap

A few of Jon Topper's picks from the announcements at 2021's AWS re:Invent

The Scale Factory

December 08, 2021
Tweet

More Decks by The Scale Factory

Other Decks in Technology

Transcript

  1. NEW EC2 INSTANCES_ EC2 M1 Mac Im4gn and Is4gen (Graviton

    2, high random I/O access to large data) C7g (Graviton 3, compute intensive) G5g (Graviton 2 + NVIDIA T4G Tensor Core GPU) M6a (AMD, general purpose) R6i (Intel Ice Lake, memory intensive) M6i, C6i (Ice Lake, bare metal) Trn1 (Trainium)
  2. GRAVITON 3_ ARM Neoverse core 25% more compute performance 2x

    floating point & cryptographic performance bfloat16 support for 3x better ML performance 60% less energy use than comparable x86 instances Pointer authentication
  3. DATA PRICE REDUCTION_ AWS Regions -> Internet: Free for up

    to 100GB per mo (prev. 1GB) From Amazon CloudFront: Free for up to 1TB/mo (up from 50GB) No longer limited to first 12 mo Free HTTP & HTTPS requests raised from 2M to 10M Removed 12 mo limit on 2M free CloudFront Function invocations
  4. S3 PRICE REDUCTION_ S3 (up to) 31% Standard-Infrequent Access One

    Zone-Infrequent Access S3 Glacier 10% Flexible Retrieval
  5. S3 INTELLIGENT TIERING_ Monitors your data access patterns Moves data

    to new tiers: 30 days: Infrequent Access 90 days: Archive Instant Access Up to 68% savings
  6. AMAZON INSPECTOR v2_ Continual scans Automated EC2 and ECR discovery

    Integrations: AWS Organizations AWS Security Hub Amazon EventBridge Data from Snyk Security Intelligence
  7. ECR PULL-THROUGH CACHE_ Sync images from publicly accessible registries Improve

    performance and security Use Image Scanning (from Snyk)
  8. CONTROL TOWER_ Specify which regions your customer data is stored/processed

    in 17 new Data Residency Guardrails • Deny access to AWS based on the requested AWS Region • Disallow internet access for an Amazon VPC instance managed by a customer • Disallow Amazon Virtual Private Network (VPN) connections • Disallow cross-region networking for Amazon EC2, Amazon CloudFront, and AWS Global Accelerator • Detect whether public IP addresses for Amazon EC2 autoscaling are enabled through launch con fi gurations • Detect whether replication instances for AWS Database Migration Service are public • Detect whether Amazon EBS snapshots are restorable by all AWS accounts • Detect whether any Amazon EC2 instance has an associated public IPv4 address • Detect whether Amazon S3 settings to block public access are set as true for the account • Detects whether an Amazon EKS endpoint is blocked from public access • Detect whether an Amazon OpenSearch Service domain is in Amazon VPC • Detect whether any Amazon EMR cluster master nodes have public IP addresses • Detect whether the AWS Lambda function policy attached to the Lambda resource blocks public access • Detect whether public routes exist in the route table for an Internet Gateway (IGW) • Detect whether Amazon Redshift clusters are blocked from public access • Detect whether an Amazon SageMaker notebook instance allows direct internet access • Detect whether any Amazon VPC subnets are assigned a public IP address • Detect whether AWS Systems Manager documents owned by the account are public •
  9. B2B SAAS FOUNDATIONS ON AWS_ Workload isolation AWS Account management

    Centralised Billing Centralised Audit Logging Threat Detection & Alerting Security Guardrails Account Factory for Terraform (AFT) just launched
  10. NETWORK ACCESS ANALYZER_ Uses automated reasoning Use pre-prepared scopes or

    write your own Eg. “Identify ingress paths into your VPCs from Internet Gateways, Peering Connections, VPC Service Endpoints, VPN and Transit Gateways.” Examine findings
  11. AWS BACKUP FOR S3_ Create a backup policy Assign buckets

    by ID or tag Create periodic snapshots and continuous backups Single click point in time restore Track compliance in dashboard Use AWS Backup Vault Lock to prevent deletion
  12. DATABASE MIGRATION_ AWS DMS Studio: AWS DMS Fleet Advisor AWS

    Schema Conversion Tool AWS DMS New sources: Azure SQL Managed instance Google Cloud SQL
  13. AMAZON RDS CUSTOM_ Oracle or SQL Server Deployment and management

    automation Access to underlying OS and database service
  14. AWS CDK v2_ Simplified packaging Semantic versioning of APIs Improved

    docs Reduced deployment time Assertions library for unit tests
  15. SUSTAINABILITY REPORTING_ AWS Customer Carbon Footprint Tool Shows emissions by

    region Emissions by service Shows how AWS’ investment in sustainability will impact these stats over time
  16. AMAZON FSx FOR OPENZFS_ Quickly create ZFS filesystems Access over

    NFS - both in AWS and on-prem 1M IOPS Latencies of 100-200ms 4 GB/s uncompressed throughput 12 GB/s compressed throughput
  17. AMAZON CLOUD WAN_ Global software defined WAN Define network segments

    and propagate them globally Connect VPCs across multiple regions Replace or augment existing network with AWS’ backbone Complements Direct Connect and Transit Gateway
  18. AWS PRIVATE 5G_ Service and hardware managed by AWS Provisions

    5G mobile networks in your facility Supports 4G/LTE too Pay for capacity and throughput