Forwarded from Boris Golynski
Что-то Dynamo DB от Маарека заходила с трудом, поискал в ютубе русскоязычное и неожиданно наткнулся на весьма годный ролик, пусть и немного староватый. Рекомендую: https://www.youtube.com/watch?v=ldV512UFkmY
AWS Outpost - полностью управляемое решение, которое позволяет пользователям вынести инфраструктуру AWS, включая сервисы, API и инструменты в собственный центр обработки данных. И теперь AWS Outposts можно заказать в Казахстан, совместно с @RinatUzbekov и @igor_sh_aws - рассказали что за зверь такой AWS Outposts, для каких целей он потребуется, какие сервисы будут доступны на нем. Демо как заказать AWS Outposts и какой процесс доставки оплаты, все это и не только в нашем видео подкасте. Для вашего удобства есть тайм-коды.
#podcast
Посмотреть и послушать можно тут:
- Видео формат - YouTube
- Apple Podcasts
- Google Podcasts
- Spotify
- PodBean
- Yandex Music
#podcast
Посмотреть и послушать можно тут:
- Видео формат - YouTube
- Apple Podcasts
- Google Podcasts
- Spotify
- PodBean
- Yandex Music
Новый AWS Region — Цюрих, Швейцария: 🎉
https://aws.amazon.com/blogs/aws/a-new-aws-region-opens-in-switzerland/
Седьмой (!) на текущий момент в Европе, идентификатор
Итого на теперь всего — 28 регионов.
#AWS_Regions
https://aws.amazon.com/blogs/aws/a-new-aws-region-opens-in-switzerland/
Седьмой (!) на текущий момент в Европе, идентификатор
eu-central-2
. Как и в подавляющем большинстве других регионов, имеет 3 AZ
.Итого на теперь всего — 28 регионов.
#AWS_Regions
Amazon
A New AWS Region Opens in Switzerland | Amazon Web Services
Update December 8, 2022 – we have added AWS Organizations in the list of services. I am pleased to announce today the opening of our 28th AWS Region: Europe (Zurich), also known by its API name: eu-central-2. An AWS Region allows you to deploy your most demanding…
🆕 AWS Resource Explorer:
https://aws.amazon.com/blogs/aws/introducing-aws-resource-explorer-quickly-find-resources-in-your-aws-account/
✅ Search for resources in all regions at once.
✅ You can search directly from the console by typing
✅ Free!
❌ So far, you can search inside only one account.
#Resource_Explorer
https://aws.amazon.com/blogs/aws/introducing-aws-resource-explorer-quickly-find-resources-in-your-aws-account/
✅ Search for resources in all regions at once.
✅ You can search directly from the console by typing
/Resources
(in the picture).✅ Free!
❌ So far, you can search inside only one account.
#Resource_Explorer
Forwarded from AWS User Group Tashkent
It's happening today!
We are starting our session today at 6:30PM at Westminster International University.
📌 LOCATION: Istikbol Building, Floor 2, Room 201.
Guests will be admitted from the main entry at Istikbol Street.
❗️PLEASE BRING YOUR PASSPORT, AS UNIVERSITY POLICY REQUIRE ALL GUESTS TO PRESENT A VALID FORM OF ID.
If you have any questions, you can ask them in our Telegram chat.
We are starting our session today at 6:30PM at Westminster International University.
📌 LOCATION: Istikbol Building, Floor 2, Room 201.
Guests will be admitted from the main entry at Istikbol Street.
❗️PLEASE BRING YOUR PASSPORT, AS UNIVERSITY POLICY REQUIRE ALL GUESTS TO PRESENT A VALID FORM OF ID.
If you have any questions, you can ask them in our Telegram chat.
Westminster International University in Tashkent · Istikbol Street 12, 100047, Tashkent, Toshkent Shahri, Uzbekistan
★★★★★ · University
🆕 EventBridge Scheduler: 🎉🎉🎉
https://aws.amazon.com/blogs/compute/introducing-amazon-eventbridge-scheduler/
EventBridge Scheduler provides at-least-once event delivery to targets, and you can create schedules that adjust to different delivery patterns:
⏰ Time window allows you to start a schedule within a window of time. This means that the scheduled tasks are dispersed across the time window to reduce the impact of multiple requests on downstream services.
⏳ Maximum retention time of the event is the maximum time to keep an unprocessed event in the scheduler. If the target is not responding during this time, the event is dropped or sent to a DLQ.
🔁 Retries with exponential backoff help to retry a failed task with delayed attempts. This improves the success of the task when the target is available.
✉️ A dead letter queue is an SQS queue where events that failed to get delivered to the target are routed.
By default, EventBridge Scheduler tries to send the event for 24 hours and a maximum of 185 times.
⚠️ Quota on schedules: 1 million per account (soft limit)
#EventBridge
https://aws.amazon.com/blogs/compute/introducing-amazon-eventbridge-scheduler/
EventBridge Scheduler provides at-least-once event delivery to targets, and you can create schedules that adjust to different delivery patterns:
⏰ Time window allows you to start a schedule within a window of time. This means that the scheduled tasks are dispersed across the time window to reduce the impact of multiple requests on downstream services.
⏳ Maximum retention time of the event is the maximum time to keep an unprocessed event in the scheduler. If the target is not responding during this time, the event is dropped or sent to a DLQ.
🔁 Retries with exponential backoff help to retry a failed task with delayed attempts. This improves the success of the task when the target is available.
✉️ A dead letter queue is an SQS queue where events that failed to get delivered to the target are routed.
By default, EventBridge Scheduler tries to send the event for 24 hours and a maximum of 185 times.
⚠️ Quota on schedules: 1 million per account (soft limit)
#EventBridge
Amazon
Introducing Amazon EventBridge Scheduler | Amazon Web Services
Today, we are announcing Amazon EventBridge Scheduler. This is a new capability from Amazon EventBridge that allows you to create, run, and manage scheduled tasks at scale. With EventBridge Scheduler, you can schedule one-time or recurrently tens of millions…
«Эффективное масштабирование кластеров Kubernetes с помощью Karpenter» - Виктор Ведмич, AWS.
Видео с DevOpsDays Almaty 11 ноября 2022 года, ссылка с отметкой времени на начало доклада:
https://youtu.be/xR_d-Z-BbPg?t=10044
#video
Видео с DevOpsDays Almaty 11 ноября 2022 года, ссылка с отметкой времени на начало доклада:
https://youtu.be/xR_d-Z-BbPg?t=10044
#video
Forwarded from AWS Weekly
Issue #45 | 7 November – 13 November 2022
▪️ Amazon Time Sync public NTP service | guide
▪️ AppConfig achieves FedRAMP High Authority To Operate
▪️ Athena Query Result Reuse to accelerate queries
▪️ Aurora logical replication cache
▪️ Aurora Serverless v2 is now available in 20 regions
▪️ Backup VMware to EC2 workloads restore
▪️ Billing Conductor recurring custom line items
▪️ Certificate Manager ECDSA P-256 TLS certificates support
▪️ CloudTrail delegated administrator account
▪️ CloudTrail Lake Customer Managed KMS Keys (CMK) encryption
▪️ CloudWatch Logs export to SSE-KMS encrypted S3 buckets
▪️ Config 14 new resource types
▪️ EC2
| attribute-based instance type selection for ASG, EC2 Fleet, and Spot Fleet
| macOS Ventura support
| placement groups cross-account sharing
| price and capacity optimized allocation strategy for Spot Instances
▪️ ECS task scale-in protection |
▪️ ElastiCache IPv6 support | Redis 7 support
▪️ EventBridge New Scheduler |
▪️ Firewall Manager import existing Network Firewall resources
▪️ Ground Station Customer Provided Ephemeris |
▪️ IoT Device Defender audit check of revoked intermediate CA
▪️ Kendra is now FedRAMP High Compliant
▪️ Keyspaces
▪️ Lambda new Telemetry API |
▪️ Lightsail domain registration and DNS autoconfiguration
▪️ OpenSearch Service cross-VPC connectivity with PrivateLink
▪️ Polly Swedish, Norwegian and Finnish | VPC Support |
▪️ Private 5G multiple radio-units support
▪️ QuickSight send SPICE consumption metrics to CloudWatch
▪️ RDS for SQL Access to Transaction Log Backups
▪️ RDS new GP3 storage volumes support: no multi-az
▪️ Resource Explorer resource search and discovery service |
▪️ SageMaker Canvas
| correlation matrices for advanced data analysis
| customer managed keys for time series forecast models
| Stable Diffusion and Bloom models
| TensorFlow Text Classification algorithms
▪️ Secrets Manager API RPS limit increase
▪️ Security Hub CIS Benchmark 1.4.0
▪️ SNS subscription filter policies quota increase by 50x
▪️ VPC IPv6 Subnet default GR now supports multiple addresses
▪️ Wavelength Zone in Manchester
▪️ Well-Architected Tool speed up reviews with workload discovery
▪️ WorkSpaces WSP protocol API
▪️ Amazon Time Sync public NTP service | guide
▪️ AppConfig achieves FedRAMP High Authority To Operate
▪️ Athena Query Result Reuse to accelerate queries
▪️ Aurora logical replication cache
▪️ Aurora Serverless v2 is now available in 20 regions
▪️ Backup VMware to EC2 workloads restore
▪️ Billing Conductor recurring custom line items
▪️ Certificate Manager ECDSA P-256 TLS certificates support
▪️ CloudTrail delegated administrator account
▪️ CloudTrail Lake Customer Managed KMS Keys (CMK) encryption
▪️ CloudWatch Logs export to SSE-KMS encrypted S3 buckets
▪️ Config 14 new resource types
▪️ EC2
| attribute-based instance type selection for ASG, EC2 Fleet, and Spot Fleet
| macOS Ventura support
| placement groups cross-account sharing
| price and capacity optimized allocation strategy for Spot Instances
▪️ ECS task scale-in protection |
blog
▪️ ElastiCache IPv6 support | Redis 7 support
▪️ EventBridge New Scheduler |
new
▪️ Firewall Manager import existing Network Firewall resources
▪️ Ground Station Customer Provided Ephemeris |
in preview
▪️ IoT Device Defender audit check of revoked intermediate CA
▪️ Kendra is now FedRAMP High Compliant
▪️ Keyspaces
Murmur3Partioner
support ▪️ Lambda new Telemetry API |
blog
▪️ Lightsail domain registration and DNS autoconfiguration
▪️ OpenSearch Service cross-VPC connectivity with PrivateLink
▪️ Polly Swedish, Norwegian and Finnish | VPC Support |
GA
▪️ Private 5G multiple radio-units support
▪️ QuickSight send SPICE consumption metrics to CloudWatch
▪️ RDS for SQL Access to Transaction Log Backups
▪️ RDS new GP3 storage volumes support: no multi-az
▪️ Resource Explorer resource search and discovery service |
GA
▪️ SageMaker Canvas
| correlation matrices for advanced data analysis
| customer managed keys for time series forecast models
| Stable Diffusion and Bloom models
| TensorFlow Text Classification algorithms
▪️ Secrets Manager API RPS limit increase
▪️ Security Hub CIS Benchmark 1.4.0
▪️ SNS subscription filter policies quota increase by 50x
▪️ VPC IPv6 Subnet default GR now supports multiple addresses
▪️ Wavelength Zone in Manchester
▪️ Well-Architected Tool speed up reviews with workload discovery
▪️ WorkSpaces WSP protocol API
Хорошие комментарии от Андрея Девяткина по AWS Startup Security Baseline:
https://fivexl.io/blog/fivexl-reaction/
Особенно солидарен по пункту
📓 AWS Prescriptive Guidance — AWS Startup Security Baseline (AWS SSB)
#security
https://fivexl.io/blog/fivexl-reaction/
Особенно солидарен по пункту
Enforce a password policy
, ведь IAM users в идеале быть не должно вообще, потому этот пункту заведомо ущербный.📓 AWS Prescriptive Guidance — AWS Startup Security Baseline (AWS SSB)
#security
fivexl.io
FivexL’s Reaction to the AWS Security Baseline for Startups
FivexL shares its outlook on AWS Security Guidelines for startups. Find out how to improve your AWS security efficiently.
🆕 AWS SAM CLI Terraform support: 👍
https://docs.aws.amazon.com/serverless-application-model/latest/developerguide/terraform-support.html
sam build --hook-name terraform --beta-features
sam local invoke --hook-name terraform --beta-features
sam local start-lambda --hook-name terraform --beta-features
#SAM #Terraform
https://docs.aws.amazon.com/serverless-application-model/latest/developerguide/terraform-support.html
# Using sam build with Terraform
sam build --hook-name terraform --beta-features
# Using sam local invoke with Terraform
sam local invoke --hook-name terraform --beta-features
# Using sam local start-lambda with Terraform
sam local start-lambda --hook-name terraform --beta-features
#SAM #Terraform
Kubernetes 1.24 для EKS и EKS Distro
https://aws.amazon.com/blogs/containers/amazon-eks-now-supports-kubernetes-version-1-24/
Спустя официального релиза 1.24 прошло меньше 6 месяцев, то есть задержка поддержки очередной версии сократилась, что радует. Сделанный в прошлый раз прогноз на эту версию был не самым точным — ошибся больше, чем на две недели.
https://docs.aws.amazon.com/eks/latest/userguide/kubernetes-versions.html#kubernetes-1.24
Отставание по версиям по-прежнему не радует, т.к. почти три месяца назад вышла версия 1.25. 😐 В качестве прогноза этой версии на AWS поставлю на
Отдельно стоит отметить, что 1 ноября закончилась поддержка версии EKS 1.20, а окончание поддержки версии 1.21 будет уже этой зимой — 15 февраля.
#EKS
https://aws.amazon.com/blogs/containers/amazon-eks-now-supports-kubernetes-version-1-24/
Спустя официального релиза 1.24 прошло меньше 6 месяцев, то есть задержка поддержки очередной версии сократилась, что радует. Сделанный в прошлый раз прогноз на эту версию был не самым точным — ошибся больше, чем на две недели.
https://docs.aws.amazon.com/eks/latest/userguide/kubernetes-versions.html#kubernetes-1.24
Отставание по версиям по-прежнему не радует, т.к. почти три месяца назад вышла версия 1.25. 😐 В качестве прогноза этой версии на AWS поставлю на
15 апреля 2023 года
.Отдельно стоит отметить, что 1 ноября закончилась поддержка версии EKS 1.20, а окончание поддержки версии 1.21 будет уже этой зимой — 15 февраля.
#EKS
Новый AWS Region — Испания: 🎉
https://aws.amazon.com/blogs/aws/now-open-aws-region-in-spain/
Восьмой (!!) на текущий момент в Европе, идентификатор
Итого на теперь всего — 29 регионов.
#AWS_Regions
https://aws.amazon.com/blogs/aws/now-open-aws-region-in-spain/
Восьмой (!!) на текущий момент в Европе, идентификатор
eu-south-2
. Как и в подавляющем большинстве других регионов, имеет 3 AZ
.Итого на теперь всего — 29 регионов.
#AWS_Regions
Amazon
Now Open–AWS Region in Spain | Amazon Web Services
The AWS Region in Aragón, Spain, is now open. The official name is Europe (Spain), and the API name is eu-south-2. You can start using it today to deploy workloads and store your data in Spain. The AWS Europe (Spain) Region has three Availability Zones (AZ)…
OpenSearch — не только AWS, но и Яндекс.Облако!
https://cloud.yandex.ru/services/managed-opensearch
OpenSearch — хороший продукт, это не просто клон ElasticSearch, у OpenSearch есть собственные крутые фичи и появление managed решения у Яндекс это лишь подтверждает. В любом случае, конкуренция — это хорошо. 😀
#OpenSearch #Yandex
https://cloud.yandex.ru/services/managed-opensearch
OpenSearch — хороший продукт, это не просто клон ElasticSearch, у OpenSearch есть собственные крутые фичи и появление managed решения у Яндекс это лишь подтверждает. В любом случае, конкуренция — это хорошо. 😀
#OpenSearch #Yandex
This media is not supported in your browser
VIEW IN TELEGRAM
Не изобретайте велосипед — просто используйте контейнеры и запускайте проект!
#курсы #devops #пятничное
#курсы #devops #пятничное
В сегодняшнем выпуске подкаста Software Serverless Consultant и AWS Community Builder Игорь Сорока рассказал о роли консультанта в проекте. Может ли проект, построенный на AWS Lambda, быть монолитом с легаси? Конечно, может! Можно ли избежать ошибок в работе с Lambda в самом начале разработки? Конечно, можно, и Игорь поделился с нами самыми распространенными ошибками и вариантами их обхода.
Почему использование VPC для Lambda может увеличить холодный старт? Как его уменьшить? Какие еще могут быть нюансы работы с serverless в AWS? Так много вопросов и пока там мало ответов:) Заканчиваем читать пост и включаем подкаст
#podcast
Послушать можно тут:
- Apple Podcasts
- Google Podcasts
- Spotify
- PodBean
- YandexMusic
Почему использование VPC для Lambda может увеличить холодный старт? Как его уменьшить? Какие еще могут быть нюансы работы с serverless в AWS? Так много вопросов и пока там мало ответов:) Заканчиваем читать пост и включаем подкаст
#podcast
Послушать можно тут:
- Apple Podcasts
- Google Podcasts
- Spotify
- PodBean
- YandexMusic
Forwarded from Человек и машина
#машины_aws
Теперь, когда у нас есть AWS SDK для SAP ABAP, какой язык будет следующим?
Ставлю на COBOL.
Теперь, когда у нас есть AWS SDK для SAP ABAP, какой язык будет следующим?
Ставлю на COBOL.
Amazon
Announcing preview of the AWS SDK for SAP ABAP
🆕 Lambda + Node.js 18.x: 🎉
https://aws.amazon.com/blogs/compute/node-js-18-x-runtime-now-available-in-aws-lambda/
🔹 Node.js 18 is now supported by Lambda. When building your Lambda functions using the zip archive packaging style, use a runtime parameter value of
🔸 For existing Node.js functions, review your code for compatibility with Node.js 18, including deprecations, then migrate to the new runtime by changing the function’s runtime configuration to
#Lambda
https://aws.amazon.com/blogs/compute/node-js-18-x-runtime-now-available-in-aws-lambda/
🔹 Node.js 18 is now supported by Lambda. When building your Lambda functions using the zip archive packaging style, use a runtime parameter value of
nodejs18.x
to get started building with Node.js 18.🔸 For existing Node.js functions, review your code for compatibility with Node.js 18, including deprecations, then migrate to the new runtime by changing the function’s runtime configuration to
nodejs18.x
.#Lambda
Amazon
Node.js 18.x runtime now available in AWS Lambda | Amazon Web Services
Node.js 18 is now supported by Lambda. When building your Lambda functions using the zip archive packaging style, use a runtime parameter value of nodejs18.x to get started building with Node.js 18.
Создание AWS аккаунтов через CloudFormation: 🎉
https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/AWS_Organizations.html
Не прошло и... эээ... 6... Что ж, лучше поздно, чем никогда.
⚠️ Important
▪️ If you include multiple accounts in a single template, you must use the
▪️ You can't modify the following list of
▫️
▫️
▫️
#CloudFormation #Organizations
https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/AWS_Organizations.html
Не прошло и... эээ... 6... Что ж, лучше поздно, чем никогда.
Type: AWS::Organizations::Account
Properties:
AccountName: String
Email: String
ParentIds:
- String
RoleName: String
Tags:
- Tag
⚠️ Important
▪️ If you include multiple accounts in a single template, you must use the
DependsOn
attribute on each account resource type so that the accounts are created sequentially. If you create multiple accounts at the same time, Organizations returns an error and the stack operation fails.▪️ You can't modify the following list of
Account
resource parameters using CloudFormation updates.▫️
AccountName
▫️
Email
▫️
RoleName
#CloudFormation #Organizations
The Security Design of the AWS Nitro System
https://docs.aws.amazon.com/whitepapers/latest/security-design-of-aws-nitro-system/the-nitro-system-journey.html
The AWS Nitro System is a combination of purpose-built server designs, data processors, system management components, and specialized firmware which provide the underlying platform for all Amazon EC2 instances launched since the beginning of 2018.
Three key components of the Nitro System achieve these goals:
◻️ Purpose-built Nitro Cards — Hardware devices designed by AWS that provide overall system control and input/output (I/O) virtualization independent of the main system board with its CPUs and memory.
◻️ The Nitro Security Chip — Enables a secure boot process for the overall system based on a hardware root of trust, the ability to offer bare metal instances, as well as defense in depth that offers protection to the server from unauthorized modification of system firmware.
◻️ The Nitro Hypervisor — A deliberately minimized and firmware-like hypervisor designed to provide strong resource isolation, and performance that is nearly indistinguishable from a bare metal server.
This paper provides a high-level introduction to virtualization and the fundamental architectural change introduced by the Nitro System.
#Nitro #security
https://docs.aws.amazon.com/whitepapers/latest/security-design-of-aws-nitro-system/the-nitro-system-journey.html
The AWS Nitro System is a combination of purpose-built server designs, data processors, system management components, and specialized firmware which provide the underlying platform for all Amazon EC2 instances launched since the beginning of 2018.
Three key components of the Nitro System achieve these goals:
◻️ Purpose-built Nitro Cards — Hardware devices designed by AWS that provide overall system control and input/output (I/O) virtualization independent of the main system board with its CPUs and memory.
◻️ The Nitro Security Chip — Enables a secure boot process for the overall system based on a hardware root of trust, the ability to offer bare metal instances, as well as defense in depth that offers protection to the server from unauthorized modification of system firmware.
◻️ The Nitro Hypervisor — A deliberately minimized and firmware-like hypervisor designed to provide strong resource isolation, and performance that is nearly indistinguishable from a bare metal server.
This paper provides a high-level introduction to virtualization and the fundamental architectural change introduced by the Nitro System.
#Nitro #security