AWS Announcements at a Glance by Onica - June 2019

Onica’s Announcements At A Glance series analyzes the latest AWS news and announcements, simplifying and explaining the significance for AWS consumers.

This month, there was big news coming out of the AWS re:Inforce conference concerning the suite of security offerings natively available in AWS! In the future, June will likely become a month of huge announcements if this conference continues to be held during this month. Enterprise compliance guardrails can now be enforced with AWS Control Tower, now generally available. AWS Security Hub gives a single view of all compliance and security alerting for AWS security products and 30 partner offerings as well. Amazon RDS storage can now auto scale, CloudEndure migrations are available at no cost, Windows containers are available in Amazon ECS, and Amazon API Gateway supports VPC endpoints. There’s a lot to talk about, so let’s dive in.

Amazon API Gateway Supports VPC Endpoint Policies

Amazon API Gateway now supports VPC Endpoint Policies. Used in tandem with API Gateway Resource Policies, you can obtain even more fine grain control over access to private API’s. VPC Endpoint policies for API Gateway are available in all regions where both VPC Endpoints and API Gateway are available. 

Check out the documentation here: VPC Endpoint Policy Documentation for API Gateway.

Amazon ECS Support for Windows Server 2019 Containers 

Enterprises who have adopted Amazon ECS as a container management platform have seen the benefits of a managed container service in AWS. The addition of general availability of Windows Server 2019 Containers on Amazon ECS extends that functionality for those who can benefit from Windows containers. With Server 2019, container image sizes are shrunk up to 75% allowing for a much more nimble deployment of Windows containers. Users will see faster startup times, and overall better performance. 

To get started, check out the documentation here: Windows Containers.

CloudEndure Migration available at no charge

CloudEndure has been a familiar name in the migration and disaster recovery space for the past few years. The acquisition of CloudEndure by AWS in early 2019 left many wondering what the possibilities were for the synergy between the two companies. With the launch of CloudEndure migration at no charge this month, we no longer have to wonder! CloudEndure is an agent-based solution that allows you to rehost systems to AWS from on-premises virtualization, physical hosts, or even cloud-based hosts. The nature of the product removes the need to worry about compatibility, performance disruption, or long cutover windows. You can migrate all applications and databases that run on supported versions of Windows and Linux OS. You can register for a free license here. Each license allows for 90 days of use after agent install for replicating data, rehosting machines, testing, validating, and verifying your move to AWS. 

For more information, check out the CloudEndure Migration product page or technical documentation.  

Amazon RDS now supports Storage Auto Scaling

One of the benefits of cloud computing is the advent of right-sizing via auto scaling. Those who are familiar with AWS are no strangers to the concept of auto scaling. Gone are the days of having to provision infrastructure for the highest possible load. Today we can configure what we need at minimum to run the workload successfully and set upper bounds for auto scaling to scale horizontally when demand requires. The Amazon Relational Database offering as of June now offers the ability to auto scale database storage for: 

  • MariaDB
  • MySQL
  • PostgreSQL
  • SQL Server
  • Amazon RDS for Oracle

This allows administrators to provision storage at database launch and configure a maximum size for scaling and auto scaling, Amazon RDS storage takes care of the rest. No more manually scaling database storage for Amazon RDS deployments. With auto scaling turned on, the service will scale storage between predefined minimum and maximum values when certain thresholds of usage are hit. It’s really as easy as turning it on in the console and setting a maximum storage value. To get started, check out the documentation here.

AWS Security Hub Enters General Availability

What if there was a way to aggregate AWS GuardDuty findings, AWS Inspector and Amazon Macie findings, and 30 AWS Security partner product findings into a single dashboard view? Say hello to AWS Security Hub! Not only does AWS Security Hub give you a consolidated view of findings and alerts from the services mentioned above, it also gives you a single view of compliance with security standards. AWS Security Hub aggregates, correlates, and normalizes this data into easy-to-understand and actionable graphs and tables and correlates findings across providers to help prioritize which resources require remediation actions. The service was launched in preview at re:Invent 2018 and has been matured since then to offer features such as sending all findings automatically to Amazon CloudWatch Events for response and remediation actions. AWS Security Hub is available in 15 commercial regions, and has undergone PCI, HIPAA, ISO, and SOC certifications. No doubt it will be a breath of fresh air to security teams who are attempting to make sense of the aggregate data concerning security in AWS. 

Check out the product page: AWS Security Hub.

AWS Control Tower Enters General Availability

AWS Control Tower is now generally available. This is welcome news for those who are responsible for administering large enterprise environments in a standard and automated fashion, with compliance and security being core tenets of the offering. Since the birth of the cloud, there has been a struggle between the need to allow for agility and innovation while staying compliant with various regulatory and organizational standards. If there are too many approval gates, innovation dies and with too little governance, compliance fails. AWS Control Tower is a welcome addition to those who are trying to work this balance out for their enterprise. AWS Control Tower allows for agility and innovation by providing peace of mind to administrators that accounts in their organization are compliant with established policies while allowing builders to provision new AWS accounts quickly in a few clicks. User identities, Federation, Single Sign-On, centralized logging through AWS CloudTrail and AWS Config are all able to be automatically setup at new account creation via AWS Control Tower. Pre-configured guardrails which include clearly defined rules for security, operations, and compliance can prevent deployment of resources that don’t conform to policies and continuously monitor deployed resources for non-conformance. There is no additional charge to use AWS Control Tower. You only pay for the resources that are launched. AWS Control Tower is available in US East (Ohio), Europe (Ireland), US East (N. Virginia), and US West (Oregon). 

Check out the product page to get started: AWS Control Tower.

To follow these updates and gain insights on how they can impact your business, subscribe to our blog!

Jeff Carson

About Jeff Carson

Jeff Carson is an AWS Certified Solution Architect Professional with more than 8 years of experience delivering solutions for customers in AWS. Skilled in DevOps, Hybrid cloud, and native cloud solutions, Jeff is passionate about CI/CD tools, driving business efficiency with automation, and all things AWS!