3. Day 1
Announcements
Amazon QuickSight
Fast, easy-to-use, cloud-powered
business intelligence
Amazon QuickSight is a fast, cloud-
powered business intelligence (BI) service
that makes it easy to build visualizations,
perform ad-hoc analysis, and quickly get
business insights from data. Amazon
QuickSight integrates with AWS data
stores, flat files, and third-party sources,
and it remains super-fast and responsive
while seamlessly scaling to hundreds of
thousands of users and petabytes of data.
Amazon Kinesis Firehose
Easily load streaming data into S3 &
Redshift
Amazon Kinesis Firehose is the easiest
way to load streaming data into AWS. It
can capture and automatically load
streaming data into Amazon S3 and
Amazon Redshift, enabling near real-
time analytics with existing business
intelligence tools you’re already using
today. It is a fully managed service that
requires no ongoing administration.
AWS Import/Export
Snowball
Petabyte-scale data transport solution
AWS Import/Export Snowball uses
secure appliances to help accelerate
petabyte-scale data transfers into and
out of AWS. Using Snowball addresses
common challenges with large-scale
data transfers including high network
costs, long transfer times, and security
concerns. Transferring data with
Snowball is simple, fast, secure, and
can be as little as one-fifth the cost of
high-speed Internet.
4. Day 1
(continued #1)
AWS Inspector
Analyze application security
Amazon Inspector is an automated
security assessment service that helps
minimize the likelihood of introducing
security or compliance issues when
deploying applications on AWS.
Amazon Inspector automatically
assesses applications for vulnerabilities
or deviations from best practices. After
performing an assessment, Amazon
Inspector produces a detailed report
with prioritized steps for remediation.
Amazon RDS for MariaDB
Fully-managed MariaDB deployment
on AWS
MariaDB is now available as a fully-
managed service on AWS with up to 6TB
of storage, 30,000 IOPS, and support for
high-availability deployments through the
Amazon Relational Database Service.
Amazon RDS for MariaDB is available in
all commercial regions. You can start
running production workloads from day
one with high availability using multiple
availability zones.
AWS Database Migration
Service
Migrate databases to AWS with minimal
downtime
AWS Database Migration Service helps you
migrate databases to AWS easily and securely
with minimal downtime. It supports all widely used
database platforms, and performs schema and
code conversion for migrations between database
engines. AWS Database Migration Service is low
cost and simple to use. You only pay for the
compute resources used during the migration
process and can typically migrate a terabyte-size
database for as little as three dollars.
5. Day 1
(continued #2)
AWS WAF
Filter malicious web traffic
AWS WAF is a web application firewall
that helps to protect web applications
from attack by blocking common web
exploits like SQL injection and cross-
site scripting. AWS WAF integrates
seamlessly with Amazon CloudFront,
our global content delivery network, and
includes an API that you can use to
automate the creation, deployment, and
maintenance of web security rules.
AWS Config Rules
Cloud governance & compliance
AWS Config Rules is a new set of cloud
governance capabilities that allow IT
administrators to define guidelines for
provisioning and configuring AWS
resources and then continuously
monitor compliance with those
guidelines. AWS Config Rules ensures
EBS volumes are encrypted, EC2
instances are properly tagged, and
Elastic IP addresses (EIPs) are
attached to instances.
Amazon Elasticsearch Service
Easily run Elasticsearch in AWS
Amazon Elasticsearch Service is a managed
service that makes it easy to deploy, operate,
and scale Elasticsearch in the AWS Cloud.
Elasticsearch is a popular open-source search
and analytics engine for use cases such as log
analytics, real-time application monitoring, and
clickstream analytics. You can get started with
Amazon Elasticsearch Service as part of the
AWS Free Tier.
6. Day 1
(continued #3)
Amazon EC2 Dedicated Hosts
A physical server dedicated to your use
An Amazon EC2 Dedicated Host is a physical server
with EC2 instance capacity fully dedicated to your
use. Dedicated Hosts can help you address
compliance requirements and reduce costs by
allowing you to use your existing server-bound
software licenses.
7. Day 2
Announcements
Announcing AWS IoT
AWS IoT is a managed cloud
platform that lets connected devices
easily and securely interact with
cloud applications and other
devices. AWS IoT can support
billions of devices and trillions of
messages, and can process and
route those messages to AWS
endpoints, such as AWS Lambda
and Amazon Kinesis, and to other
devices reliably and securely.
AWS Mobile Hub
AWS Mobile Hub is the fastest way
to build mobile apps powered by
AWS. It lets you easily add and
configure features for your apps,
including user authentication, data
storage, backend logic, push
notifications, content delivery, and
analytics — all from a single,
integrated console, and without
worrying about provisioning, scaling,
and managing the infrastructure.
Amazon CloudWatch
Dashboards
With CloudWatch Dashboards, you
can monitor operational metrics with
custom graphs of your AWS
resources from a single pane of
glass. You can create text-based or
graphical widgets, add custom text
annotations and links to graphs,
change the time range, resize and
reorganize widgets, and reuse and
share dashboards.
8. Day 2
(continued #1)
AWS Lambda
You can now develop your AWS
Lambda function code using Python,
maintain multiple versions of your
function code, invoke your code on
a regular schedule, and run your
functions for up to five minutes.
Amazon WorkSpaces
Amazon WorkSpaces allows you to
easily provision cloud-based
desktops and provide users access
to the documents, applications, and
resources they need from any
supported device including Windows
and Mac computers, Chromebooks,
iPads, Kindle Fire, and Android
tablets. Amazon WorkSpaces now
supports encryption and lets you
bring your existing Windows 7
Desktop Licenses by providing
physically dedicated hardware.
Amazon EC2 Spot Instances
You can now request Amazon EC2
Spot instances to run continuously,
for up to six hours, at a flat rate that
saves you up to 50% compared to
On-Demand prices. This enables you
to reduce costs when running finite
duration tasks such as batch
processing, encoding and rendering,
modeling and analysis, and
continuous integration jobs.
9. Day 2
(continued #2)
Amazon EC2 Container Registry
Amazon EC2 Container Registry (ECR) is a fully-
managed Docker container registry that makes it
easy for developers to store, manage, and deploy
Docker container images. Amazon ECR is
integrated with Amazon EC2 Container Service
(ECS), simplifying your development to production
workflow. Amazon ECR eliminates the need to
operate your own container repositories or worry
about scaling the underlying infrastructure.
Integration with AWS Identity and Access
Management (IAM) provides resource-level control
of each repository.
Amazon EC2 Container Service
You can now use the Amazon ECS CLI
with Docker Compose to easily launch
multi-container applications. We have also
added availability zone awareness to the
Amazon ECS service scheduler, allowing
the scheduler to spread your tasks across
availability zones.
10. Day 2
(continued #3)
Amazon API Gateway now available
in the Asia Pacific (Tokyo) Region
Amazon API Gateway, is a fully managed
service that makes it easy for you to
create, publish, maintain, monitor, and
secure Application Programming Interfaces
(APIs) at any scale.
Amazon Aurora now available in
Asia Pacific (Tokyo) AWS region
Amazon Aurora is a MySQL-compatible relational
database management system (RDBMS) that
combines the speed and availability of high-end
commercial databases with the simplicity and
cost-effectiveness of open source databases.
Amazon Aurora provides up to five times better
performance than MySQL at a price point one
tenth that of a commercial RDBMS while
delivering similar performance and availability.
12. Detailed Summary of All AWS Services & Updates
• New Service Announcements:
– Web Application Firewall (WAF)
– Elasticsearch
– RDS Maria DB
– AWS Import/Export Snowball
– Mobile Hub
– IoT
– Inspector
– QuickSight
• Existing Service Updates
13. • AWS WAF is a web application firewall that runs together with CloudFront at
every edge location
• Helps protect web applications from common web exploits that could affect
application availability, compromise security, or consume excessive resources
• Create custom rules to block common attack patterns designed specifically
for a web application – rules deploy in minutes
• Filter web requests based on IP addresses, HTTP headers, or URI strings
Web Application Firewall (WAF)
14. Conditions inspect incoming requests. They can look at the
request URI, the query string, a specific HTTP header, or the
HTTP method (GET, PUT, and so forth)
Using AWS WAF
Conditions can also look at the
incoming IP address, and can match a
range or single IP address
Rules can allow, block or count
condition matches
CloudFront Distribution > Web ACL > Rules > Conditions
15. • Generally available now globally at all edge locations
• Web ACL monthly charge: $5 per Web ACL
• Rule ACL monthly charge: $1 per Rule per Web ACL
• Request charge $0.60 per million web requests
• Prices exclude CloudFront standard costs which is a requirement
Learn more by visiting our web site: http://aws.amazon.com/waf
Availability, Pricing & Next Steps
16. • A scalable, managed Elasticsearch cluster
• Configurable
• Instance type and Instance count
• High availability
• Availability zone awareness
• Storage options (EBS or Instance store)
• Snapshots
• Secure access control
• Built in Kibana (v4) dashboard
• Cloudwatch Logs integration (Cloudtrail, VPC Flow logs and Lambda dashboards)
• Cloudwatch metrics
Amazon Elasticsearch Service
19. • Generally available now in all public regions
• Free Tier : t2.micro.elasticsearch node for up to 750 hours per month, along
with up to 10 gigabytes of EBS storage at no charge.
• You are charged for
– Amazon Elasticsearch instance hours,
– Amazon EBS storage (if you choose this option),
– standard data transfer fees
Learn more by visiting our web site:
– https://aws.amazon.com/blogs/aws/new-amazon-elasticsearch-service/
– http://docs.aws.amazon.com/elasticsearch-
service/latest/developerguide/what-is-amazon-elasticsearch-service.html
Availability, Pricing & Next Steps
20. Why MariaDB?
• It is a variant of MySQL showing increasing customer demand
• Customers have standardized on MariaDB and want the benefits of RDS
• MariaDB does not make you buy an enterprise license to take advantage of
advanced features
RDS for MariaDB
21. • Same as RDS MySQL
– Pricing
– Available in all public AWS regions, multi-AZ as well, up to 5 read replicas
– All RDS MySQL current generation instances (excl T1s,M1s,CR1s)
– Free tier available
• Different than MySQL
– XtraDB and Aria storage engines only
– Version 10.0.17 MariaDB only
Learn more by visiting our web site: http://aws.amazon.com/rds
Availability, Pricing & Next Steps
22. • Petabyte-scale data transport solution that uses secure appliances to transfer
large amounts of data into and out of AWS
• Scalable – transport 50 TB per appliance and use multiple appliances in
parallel
• High Speed – 10Gbps network connectivity to device
• Secure – Tamper resistant enclosure, 256-bit encryption and Trusted Platform
Module
• Low Cost – transfer hundreds of terabytes of data for as little as one-fifth the
cost of using the internet
• End-to-end tracking – via Amazon SNS, text message or the AWS Console
AWS Import/Export Snowball
24. • Available in Virginia (us-east-1) via sign-up form to request access
• Pricing:
– Service Fee per Job: $200
– First 10 days of onsite usage are free and each extra onsite day is $15
– Data transfer IN to Amazon S3 is $0.00 per GB
– Data transfer OUT of Amazon S3 is $0.03 per GB
– Shipping charges are calculated based on standard carrier rates for the shipping
location and shipping option (e.g. 2-day, overnight) you choose. The default
shipping option is 2-day.
– Standard Amazon S3 storage and request pricing applies.
Learn more: https://aws.amazon.com/importexport/
Availability, Pricing & Next Steps
25. • Customized dashboards for CloudWatch metrics
• Display multiple metrics and accessorize with text and images
• Pull metrics from multiple regions for global status dashboard for complex,
multi-region applications and deployments
• Resizable graphs you can interact with
• Link graphs and correlate between metrics, and zoom and take other actions
across all linked graphs
AWS CloudWatch Dashboards
27. • Generally available now in all public regions
• Free Tier : 3 dashboards, each with up to 50 metrics
• $3 per month for each additional dashboard.
Learn more by visiting our web site:
– https://aws.amazon.com/blogs/aws/cloudwatch-dashboards-create-use-
customized-metrics-views/
– http://docs.aws.amazon.com/AmazonCloudWatch/latest/DeveloperGuide/Clou
dWatch_Dashboards.html
Availability, Pricing & Next Steps
28. • The fastest way to build mobile apps powered by AWS – lets you easily add
and configure features for your apps, such as;
• User Authentication
• Data Storage
• Backend Logic
• Push Notifications
• Content Delivery
• Analytics
• Provides easy access to testing your application on real mobile devices
• Easily track usage of your app through analytics dashboards
AWS Mobile Hub (Beta)
30. • Beta available in N. Virginia
• Pricing:
– Only pay for the usage of underlying AWS services used – for example:
– Mobile analytics is free up to 100M events per month, then $1.00 per million
events
Learn more by visiting our web site: http://aws.amazon.com/mobile/
Availability, Pricing & Next Steps
31. A managed cloud platform that lets connected devices easily and securely
interact with cloud applications and other devices
• Connect and manage billions of devices via HTTP and MQTT
• Secure device connections and data with authentication and end-to-end
encryption
• Devices can communicate securely even if they are using different protocols
• Define business rules to transform and act upon device data including routing
messages to AWS endpoints such as Lambda, Kinesis, S3, DynamoDB and
Amazon Machine Learning
• IoT Device SDK now available for C, JavaScript and Arduino Yún
AWS IoT (Beta)
33. • Beta available in N. Virginia, Oregon, Ireland and Tokyo
• Pricing:
– No charge for deliveries to S3, DynamoDB, Lambda, Kinesis, SNS or SQS
– Free tier: 250,000 free messages published or delivered per month for 12 months
– $5 per million messages in N. Virginia, Oregon and Ireland
– $8 per million messages in Tokyo
– 1 message is one 512 byte block of data processed by AWS IoT
Learn more by visiting our web site: https://aws.amazon.com/iot/
Availability, Pricing & Next Steps
34. • Quickly and easily assess the security of
your AWS resources for forensics,
troubleshooting or active auditing purposes
at your own pace
• Enables you to focus on the more complex
security problems by offloading the overall
security assessment of your infrastructure
to this automated service
• Gain deeper understanding of your AWS
resources: Amazon Inspector findings are
produced through the analysis of the real
activity and configuration data of your AWS
resources.
Amazon Inspector – Automated Security Assessment
Service
35. • Identify Security Issues in Your Web Applications
• Enforce your Organization’s Security Standards
• Increased Agility without Compromising Security
• Apply AWS Security Expertise to your Application
• Streamline Security Compliance
Amazon Inspector Benefits:
36. Amazon Inspector – Preconfigured Rules
Amazon Inspector includes the following sets of rules:
• Common Vulnerabilities and Exposures
• Authentication Best Practices
• Operating System Security Best Practices
• Application Security Best Practices
• PCI DSS 3.0 Assessment
38. Using Amazon Inspector
Create and Run an assessment of the application
Currently available in Preview. Apply for Preview Access at
https://aws.amazon.com/inspector/preview/
39. QuickSight
A Very Fast, Cloud-Powered Business Intelligence Service For 1/10th the Cost of
Traditional BI Software
Get Started Quickly
• Requires no IT effort or complex dimensional modeling
• Auto-discovery of all AWS data sources
• Reduces time to first visualization down to a minute
40. Fast Calculations with SPICE
• Super-fast, Parallel, In-memory Calculation Engine (“SPICE”)
• Provides response time in milliseconds for most queries
41. Connect to Virtually Any Data
• AWS Data Sources
Amazon Redshift, Amazon Aurora, Amazon
RDS, Amazon DynamoDB, Amazon S3,
Amazon EMR, Amazon Kinesis
• Partner Data Sources & Applications,
Salesforce, Google Analytics, EC2 Databases
• Files
CSV, TSV, CLF, XLS
42. Easy To Use and Share
• Reduces time to first
visualization down to a
minute
• Intuitive interface for ad-hoc
analysis
• Best-fit visualizations for
data sets create dashboards
and publish
• Share your perspectives
using story boards
• Embed your BI reports in
applications and websites
43. Availability, Pricing & Next Steps
• Enterprise edition adds active directory integration,
encryption at rest, fine-grained user access control, audit logs,
custom domain, branded site, and up to 2X the query throughput of
the Standard Edition.
• Supports SQL for analysis
• API and ODBC connectors for partner integration
• Working with Tableau, Qlik, Tibco/Jaspersoft, SAP
45. • Pre-announced : EC2 Container Registry (ECR)
• A fully managed registry, with S3 backend
• ECR will have integrations with docker CLI, ECS and IAM.
• launch partners including Shippable, CloudBees, CodeShip, and Wercker
• New features : EC2 Container Service
• Command line Interface with support for Docker Compose
• New docker container configuration options (working directory, privileged
execution, read-only root filesystem, DNS servers, ulimits, log configuration etc)
• Availability zone aware scheduling
Elastic Container Service Updates
47. • Elastic Container Registry will be available later in the year
• New features of ECS are generally available in all regions that have ECS.
Learn more by visiting our web site:
– https://aws.amazon.com/blogs/aws/ec2-container-service-update-container-registry-ecs-
cli-az-aware-scheduling-and-more/
– https://aws.amazon.com/ecr/
– http://docs.aws.amazon.com/AmazonECS/latest/developerguide/ECS_CLI.html
Availability, Pricing & Next Steps
48. • Python 2.7 Language Support
• Boto3 is available in the runtime environment
• Package dependencies with pip
• Scheduled Invocations
• Lambda as CRON
• Maximum function runtime increased to 300s
• Increased headroom for batch processing tasks
• Function Versions & Aliases
• Caller can specify a specific function version, the latest version or an alias
• Support for controlled roll-forward and roll-back of changes
• IAM Resource policies extend to function version level
• Access Resources in a VPC from Lambda (Coming Soon!)
Lambda New Features
49. • Support for Encryption using SSE-KMS
• Additional layer of security by encryption at rest with user managed KMS keys
• Log File Integrity Validation
• Audit compliance by being able to validate the integrity of CloudTrail logs
• Available now at no additional cost
AWS CloudTrail New Features
51. • For “Warm” Data = Infrequently Accessed Data
• Same features, durability and performance as S3 Standard
• Lower price point
• Generally available now in all public regions
• $0.0125/GB per month
• $0.01/GB retrieval fee
• 30 days minimum retention
• 128KB minimum object size
S3 Update: Infrequent Access (Standard-IA)
52. • BYOL
• You can now bring your existing Windows 7 Desktop license to Amazon
WorkSpaces and run the Windows 7 Desktop OS on hardware that is physically
dedicated to you. This option delivers a $4 per month saving and also enables you
to use the same Windows 7 Golden image as on-premises
• Encrypted Volumes
• To meet the most stringent compliance requirements, Workspaces storage volumes
can now be encrypted using AWS Key Management Service (KMS)
• Client App for Chromebook
• Additional Client App so customers can make use of low cost “thin client” style
Chromebooks reducing their overall TCO for providing desktop services
• Smaller Public Gateway IP range
• The range of IP addresses supporting the PCOIP Gateway for Workspaces has
been reduced so that customers can set more finely grained firewall policies
WorkSpaces Updates
54. • Generally available now in US East (N.Virginia), US West (Oregon), EU
(Ireland), Asia Pacific (Singapore), Asia Pacific (Sydney), or Asia Pacific
(Tokyo) AWS regions
• BYOL delivers a $4/month price reduction on the standard pricing at
http://aws.amazon.com/workspaces/pricing/
Learn more by visiting our web site: https://aws.amazon.com/workspaces/
Availability, Pricing & Next Steps
55. • Simple Spot & Fleet Console
• Simplified interface for managing spot instances and spot fleets
• Save up to 90% compared to On-Demand pricing
• Spot Instance for Specific Duration Workloads
• Request Amazon EC2 Spot Instances to run continuously for up to six hours
• Specify duration you wish instances to run for – when capacity is available for
the requested duration, the instances will launch
• EC2 Dedicated Hosts (Coming Soon)
• A physical server with EC2 instance capacity fully dedicated to your use
• Assists in meeting compliance requirements and may enable the use of
existing server-bound licenses
EC2 Updates
56. • Simple Spot & Fleet Console
– Generally available now in all public regions
– Access via the “Spot Requests” menu in the EC2 console
• Spot Instance for Specific Duration Workloads
– Generally available now in all public regions
– Pricing is based on the requested duration and the available capacity, and is
typically 30% to 45% less than On-Demand, with an additional 5% off during
non-peak hours for the region
– Available via the CLI (console support coming soon)
• EC2 Dedicated Hosts (Coming Soon)
• Contact us for more information: https://aws.amazon.com/ec2/dedicated-
hosts/
Availability, Pricing & Next Steps
57. Cloud governance capability that allows IT Administrators to define guidelines for
provisioning and configuring AWS resources and then continuously monitor
compliance with those guidelines
• Governance Dashboard – AWS Config Rules provides a visual dashboard to
help you quickly spot non-compliant resources
• Easy to get started – Enable with a few clicks and use predefined rule
templates
• Flexible – Create your own rules using AWS Lambda functions to enable
more advanced compliance checks
• Continuous Monitoring – A near real-time view of AWS resource compliance
with policies and guidelines
• Simplified Management – An easy-to-navigate interface to support
compliance audits and configuration troubleshooting
AWS Config Rules (Preview)
60. • Sign up to Preview now for regions where AWS Config is available
• Pricing:
– $2 per active rule per month which includes 20,000 evaluations per rule
– $0.10 per thousand evaluations when the 20,000 inclusion is exceeded
– Standard rates for SNS and S3 storage apply
Learn more: https://aws.amazon.com/config/preview/
Availability, Pricing & Next Steps
61. • Visual tool allows you to create and
modify CloudFormation templates using a
drag-and-drop interface.
• Easily add, modify, or remove resources
and the underlying JSON will be altered
accordingly.
• Running stacks can be simply updated
update to ensure conformance with any
template modifications.
AWS CloudFormation Designer
62. Using AWS CloudFormation Designer
Simply drag and drop your AWS resources to the design
surface and see your CloudFormation appear in the JSON
editor.
63. CloudFormation Updates
We have also added support for the following services:
• Amazon Aurora
• AWS CodeDeploy
• AWS Directory Service Simple AD
• EC2 Spot Fleet
• Amazon WorkSpaces
The new CloudFormation designer and support for additional services is available
now and you can access them in the CloudFormation console at
https://console.aws.amazon.com/cloudformation/
Like CloudFormation itself, there is no charge to use the Designer; you pay only for
the AWS resources that you use when you launch a stack.
64. • Zero administration: Capture and deliver streaming data into S3, Redshift, and
other destinations without writing any applications or managing infrastructure.
• Direct-to-Data Store Integration Batch, compress, and encrypt streaming data for
delivery into data destinations in as little as 60 secs using simple configurations.
• Seamless Elasticity: Seamlessly scales to match data throughput without
intervention.
• Generally available in: us-east-1, eu-west-1, us-west-2.
Amazon Kinesis Firehose
Easiest Way to Load Streaming Data into AWS
65. Amazon EMR Release 4.1.0
Amazon EMR is a managed service that simplifies running and managing distributed data processing frameworks
• Support for latest versions of Apache Spark and Hue
– Spark 1.5.0
– HUE 3.7.1
• Hadoop KMS for HDFS Transparent Encryption
• EMR Sandbox
– Early access to new software on the EMR Cluster
• Presto 0.119
• Zeppelin 0.6 (Snapshot)
• Oozie 4.0.1
• Intelligent Resize Feature
– Shrink EMR clusters with minimal impact to running job
• Generally Available in all public regions.
QuickSight (Preview – us-east-1)
What is it? A fast and intuitive Business Intelligence (BI) service that allows business users to interactively explore and visualize data. With QuickSight, there is no need to learn SQL, APIs or wait for weeks or months for IT to build complex data models or cleanse and format data to make it ready for analysis. As users explore the data using a simple and intuitive user interface, QuickSight discovers the data types and relationships, issues optimal queries to extract the data, aggregates the results in memory, and automatically provides suggestions for best possible visualizations of the data.
What is the customer value? Amazon QuickSight will enable business users to ask any question, get fast answers and reduce business intelligence costs to 1/10th of existing solutions. Today customers find it difficult to explore and get insights from data they already have.
Kinesis Firehose (GA - us-east-1, eu-west-1 (Ireland), us-west-2 (Oregon) )
What is it? A new fully managed service that automatically loads streaming data into AWS.
What is the customer value? Makes it much easier for our customers to ingest large data streams into AWS. Customers will no longer have to manage the sub-components or write code to begin working with their steaming data giving them faster time to market for their applications. Customers can use their existing BI tools to analyze streaming data.
AWS Import/Export Snowball (GA – us-east-1)
What is it? Snowball is a new AWS Import/Export offering that provides a petabyte-scale data transfer service that uses Amazon-provided storage appliances for transport.
What is the customer value? Customers asked for a solution to transfer large amounts of data quickly at low cost. High speed lines are expensive. With Snowball, customers no longer need to invest in storage hardware to transfer large amounts of data. Snowball provides data transfer directly into and out of S3 leveraging speed-optimized software that maximizes data transfer and is fast and secure. All data transferred into Snowball devices is automatically encrypted by using KMS keys.
Amazon Inspector (Preview, us-west-2 Oregon )
What is it? Allows developers and infrastructure owners to request an automated security assessment of their application environment, including services, software and infrastructure such as EC2 instances hosted in AWS as well as machines located on customer premises.
What is the customer value? Securing infrastructure is often expensive and hard to do effectively. We are making it much easier and less expensive for our customers to run securely. Inspector is automated, repeatable and utilizes AWS security knowledge to strengthen customer servers, services and infrastructure. Actionable findings are delivered and carefully explained to our customers.
Amazon RDS for MariaDB (GA, all RDS Regions)
What is it? Amazon RDS makes it easy to set up, operate, and scale MariaDB deployments in the cloud. With Amazon RDS, you can deploy scalable MariaDB databases in minutes with cost-efficient and resizable hardware capacity.
What is the customer value? Amazon RDS frees you up to focus on your application by managing time-consuming database administration tasks including backups, software patching, monitoring, scaling and replication.
AWS Database Migration Service (Preview us-east-1) and AWS Schema Conversion tool (GA – desktop software)
What is it? AWS Database Migration Service helps our customers migrate databases to AWS easily and securely. With AWS Database Migration Service, the source database remains fully operational during the migration, minimizing downtime to applications that rely on the database.
What is the customer value? Customers have asked for a better way to migrate their on premises databases to AWS with minimal disruption, effort and cost. This service allows our customers to keep their applications running while migrating their databases. Data changes to the source database that occur during and after the migration are continuously replicated to the target. This makes it much easier for customers to accelerate their migrations to the cloud. This will also ease the migration from certain more expensive database engines to open source or AWS built options such as Aurora.
AWS Web Application Firewall (WAF) (GA – All CloudFront Edge locations)
What is it? Web Application Firewall (WAF) is an appliance, server plugin or filter that applies a set of rules to HTTP traffic in order to protect web sites and applications against attacks that cause data breaches and downtime.
What is the customer value? Customers will be able to protect their web sites and applications against attacks that cause data breaches and downtime. This includes protection from SQL Injection, Cross Site Scripting, Web Site Scraping, Crawlers, and BOTs. The service also helps customers achieve PCI compliance.
AWS Config Rules (Preview)
What is it? A new cloud governance capability of the AWS Config service that allows IT Administrators to define guidelines for provisioning and configuring AWS resources and then continuously monitor compliance with those guidelines.
What is the customer value? For organizations subject to established industry standards, Config Rules can help to ensure compliance. Using the new dashboard, an IT Administrator can quickly determine when and how a resource went out of compliance.
Elasticsearch (GA, all public regions)
EC2 Dedicated Hosts (Pre-Announce)
What is it? An Amazon EC2 Dedicated Host is a physical server with EC2 instance capacity fully dedicated to your use. An important difference between a Dedicated Host and a Dedicated Instance is that a Dedicated Host gives you additional visibility and control over how instances are placed on a physical server, and you can continually use the same physical server over time.
What is the customer value? Dedicated Hosts can help our customers address compliance requirements and reduce costs by allowing customers to use their existing server-bound software licenses (examples: Microsoft Windows Server, Microsoft SQL Server, SUSE Linux Enterprise Server, or other software licenses that are bound to VMs, sockets, or physical cores).
Fast Data Transfer
Snowball includes a high-speed, 10 Gbps network connection to minimize data transfer times. The Snowball appliance is designed to transfer up to 50 terabytes of data from your data source to the appliance in less than one day, plus shipping time.
Encryption
All data transferred to Snowball is automatically encrypted with 256-bit encryption keys that are managed by AWS KMS. The encryption keys are never sent to, or stored on the appliance, to help ensure your data stays secure during transit.
Rugged and Portable
Snowball includes a ruggedized case that was designed to be both durable and portable. The Snowball appliance weighs less than 50 pounds and can be lifted and moved by a single person.
Tamper Resistant
The Snowball appliance is equipped with tamper-resistant seals and includes a built-in Trusted Platform Module (TPM) that uses a dedicated processor designed to detect any unauthorized modifications to the hardware, firmware, or software. AWS inspects every appliance for any signs of tampering and to verify that no changes were detected by the TPM.
End-to-End Tracking
Snowball uses an innovative, E Ink shipping label designed to ensure the appliance is automatically sent to the correct AWS facility and also aids in tracking. Once you have completed your data transfer job, it can be tracked via Amazon SNS, text messages, and the Console.
Secure Erasure
Once the data transfer job has been processed and verified, AWS performs a software erasure of the Snowball appliance that follows the National Institute of Standards and Technology (NIST) guidelines for media sanitization.
Not available directly from the AWS console without completing the sign-up process.
From Virginia: Only available to be shipped to certain US states
Once you have configured which functions can be invoked from the app, the mobile hub creates a source package that you can use to get started.
Billions of devices, trillions of messages. Create internet of things applications without hosting any infrastructure using AWS’ serverless architecture.
Simple to follow tutorial also available for this.
Key features of Amazon Inspector:
Configuration Scanning and Activity Monitoring Engine - Amazon Inspector provides an engine that analyzes system and application configuration and monitors activity to determine what an application looks like, how it behaves, and its dependent components. The combination of this telemetry provides a complete picture of the application and its potential security or compliance issues.
Built-in Content Library - Amazon Inspector incorporates a built-in library of rules and reports. These include checks against best practices, common compliance standards (e.g. PCI, ISO27001) and vulnerabilities. These checks include detailed recommended steps for resolving potential security issues.
Automatable via API - Amazon Inspector is fully automatable via APIs. This allows organizations to incorporate security testing into the development and design process, including selecting, executing and reporting the results of those tests.
Identify Security Issues in Your Web Applications
Amazon Inspector helps you to identify security vulnerabilities as well as deviations from security best practices in applications, both before they are deployed, and while they are running in a production environment. This helps to improve to overall security posture of your applications deployed on AWS.
Enforce your Organization’s Security Standards
Amazon Inspector allows you to define standards and best practices for your applications, and validate that applications are adhering to these standards. This enables you to more easily enforce your organization’s security standards, and manage security issues proactively before they impact your production application.
Increased Agility without Compromising Security
Amazon Inspector reduces the risk of introducing security issues during the development lifecycle by automating the security assessment of your applications and proactively identifying security vulnerabilities. This allows you to develop and iterate on new applications quickly and assess compliance with best practices and policies.
Apply AWS Security Expertise to your Application
The AWS security organization is constantly assessing the AWS environment and updating a database of security best practices and rules. Amazon Inspector, takes this AWS security expertise and make it available to customers in the form of managed services that makes it easier for customers to establish and enforce best practices within their AWS environments. This adds to the expertise of your in-house security team, allowing them to provide more value to your organization.
Streamline Security Compliance
Amazon Inspector gives security teams and auditors visibility into security testing that is performed when developing applications on AWS. This streamlines the process of validating and demonstrating that best practices are being followed in the development environment.
Built in content library of rules
Inspector works on an application-by-application basis. You start by defining a collection of AWS resources that make up your application
Specify a duration or the period of time during which Amazon Inspector monitors and collects your application's telemetry. You can set your assessment's duration to any of the following available values:
15 minutes
1 hour (recommended)
8 hours
12 hours
24 hours
The longer your running assessment's duration is, the more thorough and complete is the set of telemetry that Amazon Inspector can collect and analyze.
S3 – IA
high-performance, durable, and low- cost cloud storage service for long-term storage, backup, archive, and disaster recovery. It is a new storage class that delivers the performance and durability of S3
Standard in a low-cost offering optimized for long-lived and infrequently accessed data.
Use cases: File sync and share | Active Archive | Enterprise backup | Media transcoding | Geo-redundancy/DR
$0.0125/GB per month, $0.01/GB retrieval fee, 30 days minimum retention, 128KB minimum object size
Ref: https://w.amazon.com/index.php/AWS-Sales-BD/AWS-Services-BD/What%27s_New#Get_Ready_for_re:Invent_.21_Do_not_disclose_until_each_service_is_announced
Spot SDW are only available through the CLI at the moment – specify the “block-duration-minutes” param.
EC2 dedicated hosts are different from dedicated instances – they provide per-cost billing instead of per-instance, visibility of per sockets/cores/host-id, affinity between host & instance
Add a rule – preconfigured templates available to get you started
Simple rules with supported configs can be configured directly within the wizard (see right), advanced rules may be created within lambda.
Shows previously created rule output – detected non-compliant resource – action can be manually taken or SNS notification can drive e-mails or other functionality such as removing offending resources.
Delivery Stream: The underlying entity of Firehose. Use Firehose by creating a delivery stream and then sending data to it.
Data Producers: Producers send records to Amazon Kinesis delivery streams. For example, a web server sending log data to a delivery stream is a data producer.
Records: The data producer sends data blobs as large as 1000 KB to a delivery stream. That data blob is called a Record.
Buffer Size and Buffer Interval: Firehose buffers incoming streaming data to a certain size or for a certain period of time before delivering to destinations. Buffer Size is in MBs and Buffer Interval is in seconds.
Spark Includes new features and bug fixes, including additional functions for Spark SQL/Dataframes, new algorithms in MLlib, improvements in the Python API for Spark Streaming, support for Parquet 1.7
Hadoop User Experience (HUE) is an open source user interface which allows users to more easily develop and run queries and workflows for Hadoop ecosystem applications, view tables in the Hive Metastore, and browse files in Amazon S3 and on-cluster HDFS.
The Hadoop Key Management Server (KMS) can supply keys for HDFS Transparent Encryption, Encryption in HDFS is transparent to applications reading from and writing to HDFS, and data is encrypted in in-transit in HDFS because encryption and decryption activities are carried out in the client.
