Tag: News

AWS Storage Gateway adds Amazon CloudWatch logging and metrics for File Gateway

AWS Storage Gateway adds Amazon CloudWatch logging and metrics for File Gateway

File Gateway, part of the AWS Storage Gateway service, now publishes health and performance logs and metrics to Amazon CloudWatch, providing you with continuous visibility into operations of your gateway in order to quickly respond to changes in your workload.

from Recent Announcements https://aws.amazon.com/about-aws/whats-new/2019/09/aws-storage-gateway-adds-amazon-cloudwatch-logging-and-metrics-for-file-gateway/

AWS Elemental MediaStore Now Supports Stale Manifest Deletion

AWS Elemental MediaStore Now Supports Stale Manifest Deletion

When using AWS Elemental MediaStore as your live streaming origin, you can now configure a Transient Data Policy on your container via the Object Lifecycle Policy API, which will remove an HLS manifest if it has not been recently updated. This enables players to automatically switch from a primary origin to a backup origin with no additional coding or setup. Customers with redundant encoding pipelines previously had to perform complicated configuration downstream of the origin to ensure manifest freshness. With Transient Data Policy, customers can leverage native HLS behavior to perform origin switch-over.

from Recent Announcements https://aws.amazon.com/about-aws/whats-new/2019/09/aws-elemental-mediastore-now-supports-stale-manifest-deletion/

AWS Elemental MediaLive Now Supports HEVC and 4K/UHD Outputs for Live Channels

AWS Elemental MediaLive Now Supports HEVC and 4K/UHD Outputs for Live Channels

AWS Elemental MediaLive now supports High Efficiency Video Coding (HEVC) for standard-definition (SD), high-definition (HD), and ultra-high-definition (UHD) encoding with HDR support.

from Recent Announcements https://aws.amazon.com/about-aws/whats-new/2019/09/aws-elemental-medialive-supports-hevc-4k-uhd-outputs-live-channels/

Optimizing AWS Control Tower For Multiple AWS Accounts And Teams

Optimizing AWS Control Tower For Multiple AWS Accounts And Teams

Control tower

You can see everything from up here!

One of the major benefits of optimizing Amazon Web Service is that it comes with an extensive set of tools for managing deployments and user identities. Most organizations can meticulously manage how their cloud environment is set up and how users can access different parts of that environment through AWS IAM.

However, there are times when even the most extensive IAM and other management tools just aren’t enough. For larger corporations or businesses who are scaling their cloud deployment on a higher level, setting up multiple AWS accounts—run by different teams—is often the solution.

The need for multi-account AWS environment isn’t something that Amazon ignores. In fact, the company has introduced AWS Control Tower, whose sole purpose is to make setting up new multi-account AWS environments easy.

You may also enjoy:  How AWS Control Tower Lowers the Barrier to Enterprise Cloud Migration

Quick Environment Setup With AWS Control Tower

As the name suggests, AWS Control Tower is designed to give you a comprehensive bird’s-eye view of multiple cloud environments. Control Tower is designed to make deploying, managing, and monitoring multiple AWS accounts and teams easy. The way it is set up also makes deploying AWS environments simple.

Rather than going through the setup process of new AWS accounts manually, you can now automate the creation of multiple AWS accounts and environments using Control Tower.

First, you need to define the blueprint that will be used by all of the environments; this is very similar to setting up a base operating system for OEM devices.

Blueprints are designed to make sure that the new AWS environments comply with best practices and are set up correctly from the beginning. Any customization can then be made on a per-account basis, giving the organization maximum flexibility with their cloud environments.

Among the things that the AWS Control Tower blueprints provide are identity management, access management, centralized logging, and cross-account security audits. Provisioning of cloud resources and network configurations are also included in the blueprints. You even have the ability to customize the blueprint you use to specific requirements.

Easy Monitoring Of Environments

Since AWS Control Tower is designed as a centralization tool from the beginning, you can also expect easy monitoring and maintenance of multiple AWS accounts and teams from this platform. There are guardrails added to the blueprints of AWS environments, so you know your environments are secure from the beginning. All you need to do is enforce the security policies; even that is easy and centralized.

Service control policies (SCPs) are monitored constantly. When configurations of the environments don’t comply with the required policies, warnings are triggered, and you are informed immediately. Every new account created using AWS Control Tower utilizes the same set of policies, leading to a more standardized cloud environment as a whole.

What’s interesting about the SCPs is the fact that you can dig deep into details—particularly details about accounts that don’t comply with the predefined security policies—and make adjustments as necessary. You always know the kind of information security and policy violations you are dealing with and you know exactly who to address to get the issues fixed.

As an added bonus, AWS Control Tower provides extensive reports, including on governance of workloads, security control policies, and the state of the cloud environments in general. The tool goes beyond setting up a landing zone based on best-practices. It helps you monitor those landing zones meticulously too.

Automation Is The Key

From the previous explanation, it is easy to see how AWS Control Tower is incredibly useful for organizations who need to set up multiple cloud environments. The tool allows for top administrators and business owners to keep an eye of their cloud deployment while maintaining high visibility of individual environment, deployment, and user.

That said, the AWS Control Tower still doesn’t stop there. It adds one crucial element that puts Amazon as the leader in this specific market segment: automation. Account provisioning, resource provisioning, and even the complete set up of landing zones can be fully automated with ‘recipes’ that are defined in blueprints.

Ibexlabs, for example, is already leveraging AWS Control Tower on behalf of current clients and has designed an onboarding process specifically to leverage the tool for new enterprises, too. As well as creating a landing zone with log archive and audit account, the team leverages Control Tower to launch VPCs and subnets for the organization in addition to portfolio setup.

Ibexlabs also scripts the installation of a comprehensive suite of other tools to enhance client usage of AWS including: Jenkins; CircleCI; Datadog; NewRelic; OpenVPN; and VPC peering within the accounts. On top of all this, Ibexlabs leverages CloudFormation with launch configuration and autoscaling as well as other app services according to the clients’ needs.

Automation eliminates countless mundane tasks associated with setting up and securing a new cloud environment. What used to be a tedious process that could take hours—if not days—to complete is now one or two clicks away. Automation makes the whole system more robust and flexible since customizations can now be done on a specific deployment level.

We really have to see the implementation of automation in AWS Control Tower as a part of a bigger trend. Amazon has been automating many of its AWS components in recent years, signaling a serious shift beyond DevOps. As it gets easier for even the most complex organizations to maintain its cloud environments, the days of developers running their own environments may soon be here.

Regardless of the shift, AWS Control Tower is a step in the right direction. Organizations that require multiple AWS accounts can now gain access to the resources they need without jumping through hoops of performing setup of those environments manually.

This post was originally published here.

Further Reading

AWS DevOps: Introduction to DevOps on AWS

Top 3 Areas to Automate in AWS to Avoid Overpaying Cloud Costs

from DZone Cloud Zone

Amazon QuickSight Launches Level Aware Calculations, Larger SPICE Data Sets, and More

Amazon QuickSight Launches Level Aware Calculations, Larger SPICE Data Sets, and More

Amazon QuickSight launches Level Aware Calculations that allow you to derive advanced analytical insights independent of aggregations and filters applied on your charts. These are calculations that can be computed at a desired level in the overall query evaluation order of QuickSight. You can answer questions such as “How many customers have made one, two, three orders?”, “What is the contribution of each industry to the entire company’s profit irrespective of the filters applied?”. See the blog here to get started with Level Aware Aggregations.  

from Recent Announcements https://aws.amazon.com/about-aws/whats-new/2019/09/amazon-quicksight-launches-level-aware-calculations-larger-spice-data-sets-and-more/

Announcing AWS PrivateLink support for Amazon Rekognition

Announcing AWS PrivateLink support for Amazon Rekognition

Starting today, AWS customers can use AWS PrivateLink to access Amazon Rekognition from their Amazon Virtual Private Cloud (Amazon VPC) without using public IPs, and without requiring the traffic to traverse across the Internet. Amazon Rekognition lets customers easily add intelligent image and video analysis to their applications. AWS PrivateLink provides private connectivity between VPCs and AWS services, without ever leaving the Amazon network.

from Recent Announcements https://aws.amazon.com/about-aws/whats-new/2019/09/announcing-aws-privatelink-support-for-amazon-rekognition/

Introducing the Smart Product Solution

Introducing the Smart Product Solution

The smart product solution provides secure product connectivity to the AWS Cloud, and includes capabilities for local computing within products, sophisticated event rules, and data processing and storage. The solution features fast and robust data ingestion; highly reliable and durable storage of product telemetry data; simple, scalable big data services for analyzing the data; and global messaging and application services.

from Recent Announcements https://aws.amazon.com/about-aws/whats-new/2019/09/introducing-the-smart-product-solution/

WorkMail Message Flow SDK

WorkMail Message Flow SDK

Today, Amazon WorkMail announced that you can access full email message content from within your AWS Lambda functions when using Email Flow Rules. With this, you can build powerful email processing, automation, and analytics applications; for example, you can easily add email correspondence to a 3rd party productivity tool such as SalesForce or Asana whenever an email is received, or analyze your organization’s email traffic to spot trends. Email messages can be accessed on both incoming and outgoing email.  

from Recent Announcements https://aws.amazon.com/about-aws/whats-new/2019/09/workmail-message-flow-sdk/

Elastic Load Balancing: Network Load Balancers now support multiple TLS certificates using Server Name Indication (SNI)

Elastic Load Balancing: Network Load Balancers now support multiple TLS certificates using Server Name Indication (SNI)

We are pleased to announce support for multiple TLS certificates on Network Load Balancers using Server Name Indication (SNI). You can now host multiple secure applications, each with its own TLS certificate, on a single load balancer listener. This allows SaaS applications and hosting services to run behind the same load balancer, improving your service security posture, and simplifying management and operations.

from Recent Announcements https://aws.amazon.com/about-aws/whats-new/2019/09/elastic-load-balancing-network-load-balancers-now-supports-multiple-tls-certificates-using-server-name-indication/