All posts by: Cloud Comrade

About Cloud Comrade

AWS Direct Connect is now live in Kansas City, MO at the Netrality Properties 1102 Grand facility. This site can be found under its home region US East (Ohio) in the AWS Management Console. With global access for AWS Direct Connect, this site can reach AWS resources in any global AWS region using global public VIFs and Direct Connect Gateway. If you are connecting to any AWS region outside of the home region US East (Ohio), your traffic will take the shortest path to your desired AWS region and not hairpin via US East (Ohio).

AWS Elemental MediaConvert now supports a new video rate control mode, Quality-Defined Variable Bitrate (QVBR) encoding. QVBR is designed to deliver consistently high-quality video viewing experiences while keeping your bit budget under control, saving up to 50% on storage and delivery costs. QVBR can be used in both 1-pass and 2-pass modes with all quality settings and resolutions. It is supported with both the AVC and HEVC codecs, and is available at no additional charge. To learn more, please visit the QVBR documentation page.

Amazon Inspector expands Center for Internet Security’s CIS Benchmarks support for Amazon Linux (v2017.09 and earlier), Red Hat Enterprise Linux (v6 and 7), CentOS Linux (v6 and 7), and Ubuntu Linux (v14.04 and 16.04). You can now run Inspector CIS assessments on these Linux distributions to check the configuration of your Amazon EC2 instances against the security configuration best practices developed by CIS.  

AWS CloudHSM now provides audit logging for management commands executed on your CloudHSM instances. These audit logs are generated on each of your HSM instances, and then delivered by CloudHSM to Amazon CloudWatch on your behalf. You can learn more about monitoring AWS CloudHSM Audit Logs in Amazon CloudWatch Logs here.

If you provisioned your AWS CloudHSM cluster prior to January 20, 2018, you will need to configure a service-linked role to enable delivery of your HSM instance audit logs to Amazon CloudWatch. Instructions on creating the service-linked role for CloudHSM are here. Other than enabling the service-linked role for CloudHSM, no action is necessary on your part to begin receiving the logs.

CloudHSM audit logs complement the two existing types of CloudHSM logs. The first is AWS CloudTrail logging, which records the API calls you make to the AWS CloudHSM service such as create-cluster or delete-hsm. The second is AWS CloudHSM Client logging, which records operations you perform on your CloudHSM instances using the CloudHSM client.

Please note this feature is for the new CloudHSM only, and does not apply to CloudHSM Classic.

AWS Direct Connect is announcing immediate availability of new locations in Copenhagen, Denmark and Oslo, Norway. Both these locations are the first in their respective countries. In Copenhagen, AWS Direct Connect is live at Interxion CPH2 and in Oslo, at DigiPlex Ulven data center. In the Management Console, these sites can be found under the EU (Frankfurt) Region. With global access for AWS Direct Connect, these sites can reach AWS resources in any global AWS region using global public VIFs and Direct Connect Gateway.

You can now easily configure your containerized application to access storage volumes backed by Local instance storage, Amazon Elastic Block Storage (EBS) or Amazon Elastic File System (EFS) volumes through the use of Docker volume drivers and volume plugins such as Rex-Ray and Portworx.

Previously, if you wanted to deploy containerized applications that required access to storage volumes, you had to manually manage your storage volume using custom tooling such as bash scripts, lambda functions, and manual configuration of Docker volumes.

Now, with the support for Docker volumes, you can deploy stateful and storage-intensive applications on Amazon ECS. You have the flexibility to configure the lifecycle of the Docker volume and specify whether it is a scratch space volume specific to a single instantiation of a task, or a persistent volume that persists beyond the lifecycle of a unique instantiation of the task. You can also choose to use a pre-provisioned Docker volume that you have created before launching your Task.

To get started with this feature, first install your preferred Docker volume plugin (if needed) and simply specify the volume name, the volume driver, and the parameters when setting up a task definition via the AWS management console, CLI or SDK.

To learn more, visit the Amazon ECS documentation.  

Please visit the AWS region table to see all AWS regions where Amazon ECS is available.

Amazon Aurora Serverless is a new deployment option that automatically starts, scales, and shuts down an Amazon Aurora database. It offers database capacity without the need to provision, scale, and manage any database servers. Aurora Serverless makes it easy and cost-effective to run applications with intermittent or cyclical usage patterns, and is now generally available for Amazon Aurora with MySQL compatibility.

Amazon DynamoDB Accelerator (DAX) now supports encryption at rest for new DAX clusters to help you accelerate reads from Amazon DynamoDB tables in security-sensitive applications that are subject to strict compliance and regulatory requirements.

DAX provides you a fully-managed, highly available, in-memory cache that is capable of accelerating reads from DynamoDB tables by up to 10x, even at millions of requests per second. You can use DAX without making changes to your existing application logic and using your existing DynamoDB APIs calls. DAX manages cache invalidation and data population on your behalf. With the new encryption at rest support, you can also encrypt the storage for your DAX clusters to help you protect data on your DAX nodes, such as configuration and log files. This data is encrypted using AWS Key Management Service (AWS KMS).

DAX is available in the US East (N. Virginia), US East (Ohio), US West (Oregon), US West (N. California), South America (São Paulo), EU (Ireland), Asia Pacific (Singapore), Asia Pacific (Tokyo), Asia Pacific (Sydney), and Asia Pacific (Mumbai) Regions.

To learn more about DAX and encryption at rest, see DAX Encryption at Rest.

Amazon Inspector expanded security assessments to include Debian 8 and Debian 9 for Common Vulnerabilities & Exposures (CVE) and Security Best Practices. To run security assessments, simply install the Amazon Inspector Agent on the desired Amazon EC2 instances, configure your assessment in the Inspector console, and run your assessment.