2, high random I/O access to large data) C7g (Graviton 3, compute intensive) G5g (Graviton 2 + NVIDIA T4G Tensor Core GPU) M6a (AMD, general purpose) R6i (Intel Ice Lake, memory intensive) M6i, C6i (Ice Lake, bare metal) Trn1 (Trainium)
floating point & cryptographic performance bfloat16 support for 3x better ML performance 60% less energy use than comparable x86 instances Pointer authentication
to 100GB per mo (prev. 1GB) From Amazon CloudFront: Free for up to 1TB/mo (up from 50GB) No longer limited to first 12 mo Free HTTP & HTTPS requests raised from 2M to 10M Removed 12 mo limit on 2M free CloudFront Function invocations
in 17 new Data Residency Guardrails • Deny access to AWS based on the requested AWS Region • Disallow internet access for an Amazon VPC instance managed by a customer • Disallow Amazon Virtual Private Network (VPN) connections • Disallow cross-region networking for Amazon EC2, Amazon CloudFront, and AWS Global Accelerator • Detect whether public IP addresses for Amazon EC2 autoscaling are enabled through launch con fi gurations • Detect whether replication instances for AWS Database Migration Service are public • Detect whether Amazon EBS snapshots are restorable by all AWS accounts • Detect whether any Amazon EC2 instance has an associated public IPv4 address • Detect whether Amazon S3 settings to block public access are set as true for the account • Detects whether an Amazon EKS endpoint is blocked from public access • Detect whether an Amazon OpenSearch Service domain is in Amazon VPC • Detect whether any Amazon EMR cluster master nodes have public IP addresses • Detect whether the AWS Lambda function policy attached to the Lambda resource blocks public access • Detect whether public routes exist in the route table for an Internet Gateway (IGW) • Detect whether Amazon Redshift clusters are blocked from public access • Detect whether an Amazon SageMaker notebook instance allows direct internet access • Detect whether any Amazon VPC subnets are assigned a public IP address • Detect whether AWS Systems Manager documents owned by the account are public •
write your own Eg. “Identify ingress paths into your VPCs from Internet Gateways, Peering Connections, VPC Service Endpoints, VPN and Transit Gateways.” Examine findings
by ID or tag Create periodic snapshots and continuous backups Single click point in time restore Track compliance in dashboard Use AWS Backup Vault Lock to prevent deletion
and propagate them globally Connect VPCs across multiple regions Replace or augment existing network with AWS’ backbone Complements Direct Connect and Transit Gateway