View all newsletters
Receive our newsletter - data, insights and analysis delivered to you
  1. Technology
  2. Cloud
November 26, 2019updated 27 Nov 2019 10:15am

“Don’t Say Multi-Cloud” and Other AWS Updates, Including A Managed WAF

Featuring CloudTrail, DynamoDB, IoT Greengrass, application configuration improvements and more (along with a few gripes)...

By CBR Staff Writer

Amazon Web Services has pushed out nine new AWS features in the run-up to its annual Re:Invent conference in Las Vegas next week; a trickle of notable updates ahead of what is expected to be the opening of product floodgates at the annual jamboree, which is anticipated to attract upwards of 60,000 attendees. 

Not everything is peaches and cream ahead of Re:Invent however: several companies have declined to return, citing restrictive terms on booth messaging, which last year saw AWS’ team stick yellow tape over the words “multi-cloud”.

(One frustrated C-suite figure who has declined to attend, confirmed these claims first made to Business Insider, telling Computer Business Review, saying that they had had the same yellow-tape-censoring of their marketing material.

They added: “[We’re not coming back as] we don’t want to deal with the gauntlet of AWS marketing. They strip out so much of our message that it doesn’t even make sense. They are happy to take our money but don’t want us to talk about what we do”). 

More positively, new AWS features unveiled this week include…

Nine New AWS Features

1 : Java and .NET Support in the CDK 

General availability of Java and .NET support inside the AWS Cloud Development Kit (CDK). The AWS CDK is an open-source software development framework to model and provision cloud application resources through AWS CloudFormation (itself a way to model and provision AWS and third party resources in an AWS environment).

AWS CDK now also offers support for TypeScript and Python.

Content from our partners
Scan and deliver
GenAI cybersecurity: "A super-human analyst, with a brain the size of a planet."
Cloud, AI, and cyber security – highlights from DTX Manchester

As AWS’s Martin Beeby notes: “With the AWS CDK, you can design, compose, and share your own custom resources that incorporate your unique requirements. You can use the AWS CDK to model a VPC, with its associated routing and security configurations. You could then wrap that code into a construct and then share it with the rest of your organization. In this way, you can start to build up libraries of these construct… to standardize the way your organization creates AWS resources.”

2: CloudTrail Gets API, SDK Bells and Whistles

CloudTrail Insights is a new addition to the CloudTrail operational audition and security tool. It significantly broadens the capabilities of the tool, automatically analysing write management events from CloudTrail trails and alerting users to unusual activity by the AWS Management Console, AWS SDKs, command line tools, and other AWS services.

As AWS’s y Brandon West notes: “For example, if there is an increase in TerminateInstance events that differs from established baselines, you’ll see it as an Insight event. These events make finding… unusual API activity easier than ever.

3: Twenty-Two New Languages for Amazon Translate 

AWS has added 22 new languages to its translation service, along with new regions including London that mean users can now use Translate in US West (N. California)Europe (London)Europe (Paris)Europe (Stockholm)Asia Pacific (Hong Kong) and Asia Pacific (Sydney) for a total of 17 regions.

AWS’s Julien Simon said: “This expansion is great news for many customers who will now be able to translate data in the region where it’s stored. This will make workflows simpler, faster, and even more cost-effective.

The service now supports a total of 54 languages and variants, and 2804 language pairs. New additions include Afrikaans, Albanian, Amharic, Azerbaijani, Bengali,
Bosnian, Bulgarian, Croatian, Dari, Estonian, Canadian, French, Georgian, Hausa, Latvian, Pashto, Serbian, Slovak, Slovenian, Somali, Swahili, Tagalog, and Tamil.

4: DynamoDB Gets Global Tables Improvements

An update to the DynamoDB offering lets users convert existing DynamoDB tables to global tables (a managed solution to deploy multi-region, multi-master DynamoDB tables without having to build and maintain your own replication).

As AWS’s  Sébastien Stormacq notes: “Previously, only empty tables could be converted to global tables. You had to guess your regional usage of a table [when you created it]. Now you can go global, or you can extend existing global tables to additional regions at any time.”

This can be done via the AWS Management Console, the AWS Command Line Interface (CLI), or the Amazon DynamoDB API.

5: Amazon Redshift + Spatial Data

Cloud data warehouse Amazon Redshift now has support for a new native data type called GEOMETRY. This enables ingestion, storage, and queries against two-dimensional geographic data, together with the ability to apply spatial functions to that data.

AWS’s Steve Roberts notes: “The GEOMETRY type enables us to easily work with coordinates such as latitude and longitude in our table columns, which can then be converted or combined with other types of geographic data using spatial functions.”

6: Improved Access Control 

AWS says it has rolled out an Attribute-Based Access Control (ABAC) system that makes Identity and Access Management (IAM) easier and more scalable, using SAML (an open standard for exchanging authentication and authorisation data between parties).

(Its previous offering ran into scalability challenges. As AWS’s Sébastien Stormacq notes: “When a new resource is added to the system, system administrators must add permissions for that new resource to all relevant policies. How do you scale this to thousands of resources and thousands of policies? How do you verify that a change in one policy does not grant unnecessary privileges to a user or application?”)

He added: “Using ABAC permission control allows to scale your permission system, as you no longer need to update policies when adding resources.”

7: Managed Rules for Web Application Firewall 

AWS’s Web Application Firewall (WAF) gets a new capability called AWS Managed Rules, along with “multiple improvements” to AWS WAF including a new and improved console and API. The managed rule service (handled by AWS Threat Research Team) allows the team to add rule sets as threats are identified, e.g. some of the common threats and security risks described in OWASP Top 10 publication.

new AWS features

There is no additional charge for using AWS Managed Rules, AWS said, if you subscribe to managed rules from an AWS Marketplace seller, you will be charged the managed rules price set by the seller. Pricing for AWS WAF has not changed.

8: Container Support in AWS IoT Greengrass 

IoT Greengrass lets users run local compute, messaging, data caching, sync, and ML inference capabilities on connected devices in a secure way.

AWS’s Danilo Poccia said the company has added two new features:

  • Container support to deploy applications using the Greengrass Docker application deployment connector.
  • The ability to collect, process, and export data streams from edge devices and manage the lifecycle of that data with the tool’s Stream Manager

In short, Poccia notes, these are aimed at making it easier to migrate applications from on-premises, or build new applications that include dependencies such as libraries, other binaries, and configuration files, using container images.

9: New AWS AppConfig

AppConfig is a new tool AWS has been using in-house for some time to “make configuration changes faster than traditional code deployments, but with the same operational scrutiny as code changes”, AWS’s Steve Roberts said.

The tool, used by teams across, Alexa, AWS and Kindle, “enables customers to quickly rollout application configuration changes, independent of code, across any size application hosted on Amazon Elastic Compute Cloud (EC2) instances, containers, and serverless applications and functions” he claimed.

Offering the example of a feature toggle to instantly turn on features “that might require a timely rollout (for example a new product launch or announcement)”, Roberts also offered the examples of A/B Testing: “Perform experiments on which versions of an application earns more revenue and User Membership: “Allow Premium Subscribers to access an application’s paid content.”

See also: An Idiot’s Guide to Kubernetes 

Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how Progressive Media Investments may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.