At the 2019 re:Invent, AWS added a host of tools and features, raising the cloud provider’s portfolio to more than 175 services — many of which flew under the radar due to the sheer number of rollouts at the annual conference.
Flashier announcements took up much of the spotlight at re:Invent, including the launch of AWS Outposts, AWS’ latest hybrid cloud play, and the preview of AWS Braket, a managed quantum computing service. AWS also looked to improve its security and machine learning tools. For a comprehensive breakdown of these services and how they factor into AWS’ cloud strategy, check our guide to AWS re:Invent 2019.
For this AWS re:Invent recap, we’ll highlight some notable features and capabilities you might have missed earlier this month, specifically around compute, serverless, security and app development. At re:Invent, AWS worked to bolster the functionality of its flagship services, creating tools that recommend an EC2 instance type or add access management for shared S3 buckets. AWS also continued to expand beyond its core services as it introduced edge services that combine AWS compute and storage with 5G networks for faster mobile environments. This AWS re:Invent recap will break down these tools and more.
EC2 Image Builder
This service automates the creation and maintenance of OS images for Windows Server and Amazon Linux 2. Without EC2 Image Builder, AWS users manually make snapshots of VMs to keep images up to date. The service automates this process both on premises and on EC2 resources.
AWS Compute Optimizer
This service uses machine learning to analyze your resource usage and recommend the appropriate EC2 instance type for the application. The service is designed to replace EC2 projections and guesswork by the development team. AWS Compute Optimizer could potentially improve compute performance and cut costs.
Currently in preview, the next generation of Arm-based EC2 instances will offer improved performance and security over AWS fifth generation — M5, C5 and R5. Powered by the new AWS-built Graviton2 processor, these sixth-generation instances will be able to provide up to 64 vCPUs and 512 Gibs of memory. The first instance type available for preview is the M6g.
AWS Wavelength links Amazon cloud compute and storage services with high-bandwidth, low-latency 5G networks. The service suits edge and mobile environments, especially for applications in virtual reality and other emerging technologies. To access Wavelength, currently in preview, users can extend their VPC to include a Wavelength Zone. Then, they create common AWS resources such as EC2 and AWS CloudFormation to build, scale and run that mobile portion of an application. Wavelength will initially partner with Verizon and partnerships with Vodafone, SK Telecom and KDDI will follow later in 2020.
Provisioned Concurrency for AWS Lambda
This is a feature that keeps Lambda functions warm, meaning ready to execute. As serverless grows in popularity, AWS has looked to improve Lambda performance. Provisioned Concurrency will cut function cold starts, and costs $0.015 per GB-hour for the amount of concurrency you provision and $0.035 per GB-hour for the time your code is executed.
EKS on Fargate
AWS adds another option to deploy Kubernetes on AWS with this capability — albeit after a lengthy delay. First announced at re:Invent 2017, Amazon Elastic Kubernetes Service (EKS) can now run Kubernetes pods on AWS Fargate, Amazon’s serverless compute engine for containers. This is all handled in the EKS console rather than provisioning Kubernetes clusters on EC2.
This is AWS’ serverless version of EC2 Spot Instances. Fargate Spot offers spare compute capacity at a discounted rate for Amazon Elastic Container Service tasks. These tasks can be interrupted when AWS needs that capacity back, so don’t use this option for mission-critical tasks.
AWS Nitro Enclaves
Enclaves are isolated VMs attached to EC2 instances. This isolation reduces the attack surface for an application. Developers will be able to use AWS Nitro Enclaves, currently in preview, to build secure compute environments within their EC2 instances to protect sensitive data.
S3 Access Points
This S3 capability provides a more secure way to manage shared data sets than with access control through a lone bucket policy. S3 Access Points have unique DNS names and their own Identity and Access Management policies that define how that data can be accessed.
VPC Ingress Routing
With this network routing capability, users can configure their VPC to funnel incoming and outgoing traffic through a dedicated EC2 instance before it hits business applications in the cloud. Users can run network security tools within this EC2 instance to catch suspicious traffic. This way, users can employ the same network security policies in the cloud as they do on-premises.
This managed service uses machine learning to provides automated code reviews and recommendations, with the goal of increase performance or lower cost. Currently in preview, the service consists of Amazon CodeGuru Reviewer and CodeGuru Profiler. CodeGuru Reviewer checks your code before going into production and can detect potential issues such as unsanitized inputs and inappropriate handling of sensitive data. With CodeGuru Profiler, developers can set up a low-profile agent to analyze an application as it runs. CodeGuru Profiler will look for inefficient code patterns to improve application performance. AWS users can access Amazon CodeGuru by associating it with their code repositories on GitHub or AWS CodeCommit.