News Stay informed about the latest enterprise technology news and product updates.

Extended duration for IAM roles appeases some, alarms others

Cloud security best practices and IT convenience don’t always align, but as standards such as GDPR take hold and new vulnerabilities constantly emerge, maybe it’s ok to loosen the reins from time to time.

AWS has increased the maximum session time for Identity and Access Management (IAM) roles, extending the cap from one hour to 12 hours. Federated users can request credentials from the AWS Security Token Service via the AWS SDK or Command Line Interface.

AWS recommends the lowest possible threshold for IAM roles, but IT teams complained they were kicked out during long-running workloads. This move should appease those folks, even if extended-time credential validation is a cloud security no-no. Teams with tight security restrictions might want to steer clear, or at least stay below the time limit for IAM roles.

Some AWS admins expressed confusion over whether the IAM roles’ duration applied to CloudFormation, but AWS’ blog post explicitly mentions that use case. In a reply to a reader comment, AWS stated that a “CloudFormation template will respect the session duration set for your IAM role.”

In addition to the extended IAM role duration, AWS rolled out several other new features this month, including those related to DynamoDB, its own documentation and containers, that might pique the interest of dev and operations teams.

DynamoDB gives backup a boost

Amazon continued to enhance its DynamoDB NoSQL database service with the addition of two backup features: continuous backups, and point-in-time recovery (PITR), which was previously in preview. PITR is enabled via the AWS Management Console or an API call, an application can make erroneous writes and deletes until its digital heart’s content. Admins can restore the DynamoDB table back up to a maximum of 35 days out, or contact AWS to restore deleted tables.

These features, along with DynamoDB Global Tables and Multi-Master, eliminate several DynamoDB enterprise workarounds. AWS also released DynamoDB Accelerator last summer to boost database performance at scale.

AWS opens its books — sort of

Another AWS update in March could be a boon for some AWS developers: the ability to access and submit pull requests on AWS documentation through GitHub. AWS open sourced more than 100 user guides to GitHub, which should help its documentation team clarify concepts, improve code samples and fix bugs.

This will surely improve AWS documentation, but developers also want more transparency, said Mike Tria, head of infrastructure at Atlassian, in a discussion with SearchAWS Senior News Writer Trevor Jones.

“The more they open that stuff up, the more my developers can know how [AWS] is building and build appropriately to that,” he said. “It enables developers to make assumptions about how it works, as opposed to thinking it’s just AWS magic.”

Containerize your excitement

Lastly, an additional service discovery feature for Amazon Elastic Container Service (ECS) simplifies DNS housekeeping for services within a VPC. This feature removes the need for AWS admins to run their own service discovery system or connect containerized services to a load balancer. ECS now maintains a registry that uses the Route 53 Auto Naming API, then maps aliases to service endpoints.

The service discovery feature also enables health checks — via either Route 53 or ECS, but not both — to ensure that container endpoints remain healthy. If a container-level check reveals an unhealthy endpoint, it will be removed from the DNS routing list.

Join the conversation

2 comments

Send me notifications when other members comment.

Please create a username to comment.

HI

could you please help me?

I have a standby database in sql server(2008). backup from primary database and copy logs and restoring Occur every day every 10 seconds ,but i have latency in standby database(because of the time for backup and copy and restoring and i cannot DECREASE the time in schedule, it denies second less than 10 in sql server. ),how can i solve this?
i want an online standby database.


in hence we cant use log shipping for having an online db?so we use to switch to another method for example replication (but in this way we dont have full db we should start the snapshot manually? )is it true?
Cancel
This document covers all aspects of log shipping in terms of licensing,distance limitations,technical details and so on.
Cancel

-ADS BY GOOGLE

SearchCloudApplications

TheServerSide.com

SearchSoftwareQuality

SearchCloudComputing

Close