What's new and noteworthy on AWS - Summer 2023 edition

Summer of 2023 was very hot, and AWS didn't make any exceptions to it. We gathered all the hottest AWS releases and new features around Data Engineering, Serverless, DevOps and Security in one article.

What's new and noteworthy on AWS - Summer 2023 edition

During my summer vacation, I occasionally glimpsed the AWS announcements feed but didn’t have time to dig into the list. I still got the feeling that there were some major releases, so I decided to go through all those hundreds of announcements and put together a comprehensive list of the most remarkable and noteworthy releases and new features around my favorite topics: Data & Analytics, Serverless Architecture & App Development, AWS Management & DevOps & IaC, and Security. I hope that also you find some gems from the list!

The summer of 2023 was indeed scorching hot for what comes to AWS and releasing new services and features. From the start of June until late August 2023, the list of recent announcements is impressive. There are over 600 announcements that I read through, and I hand-picked 45 top news on Data, Serverless, DevOps, and Security spaces. Several features have now been released as GA or in Preview that had already been announced at AWS re:Invent in November 2022 with flashing lights. But talk is cheap, so here are my top picks from the summer releases, ordered by solution area and release date:

Data & Analytics

Serverless architecture & app development

AWS management & DevOps & IaC


Data & Analytics

Amazon QuickSight launches geospatial heatmap for points on maps

Released: Jun 5, 2023

It has been possible to create analyses and dashboards with geospatial map visuals also earlier, but now it is possible to have a geospatial heat map with your own data. Please see following example image:

Amazon QuickSight geospatial heat map, image from AWS QuickSight Documentation

Amazon QuickSight geospatial heat map, image from AWS QuickSight Documentation

Geospatial heat map style uses color gradations to indicate areas of high and low data point concentration, allowing readers to zoom in and out, pan across the map, and explore the data in detail. When the map is zoomed in to a certain level, the heat layer automatically reverts back to the basic points, allowing readers to interact with the underlying points.

See here for more details: https://aws.amazon.com/about-aws/whats-new/2023/06/amazon-quicksight-geospatial-heatmap-points-maps/

AWS Glue for Ray is now generally available

Released: Jun 5, 2023

AWS Glue for Ray is now generally available. AWS Glue for Ray is based on open-source compute framework ray.io. AWS Glue for Ray combines Glue’s serverless capability for data integration with possibility to develop ETL jobs with Python programming language.

AWS Glue for Ray facilitates the distributed processing of your Python code over multi-node clusters. You can create and run Ray jobs anywhere that you can run AWS Glue ETL jobs. This includes existing AWS Glue jobs, command line interfaces (CLIs), and APIs.

AWS Glue for Ray is generally available currently in the following AWS Regions: US East (Ohio), US East (N. Virginia), US West (Oregon), Asia Pacific (Tokyo), and Europe (Ireland).

More info: https://aws.amazon.com/about-aws/whats-new/2023/06/aws-glue-ray-generally-available/

AWS Glue Data Quality is now generally available

Released: Jun 6, 2023

AWS announces general availability of AWS Glue Data Quality, a capability that automatically measures and monitors data lake and data pipeline quality. AWS Glue Data Quality helps reduce the need for manual data quality work by using open-source Deequ to evaluate rules and measure and monitor the data quality of petabyte-scale data lakes. It then recommends data quality rules to get started. You can update recommended rules or add new rules. If facing any issues with data quality, you can configure actions to alert users.

You can validate the data quality of Amazon Redshift, Apache Iceberg, Apache HUDI, and Delta Lake datasets that are cataloged in the AWS Glue Data Catalog. The quality results are published to Amazon EventBridge, simplifying how users are alerted and integrating data quality results with other applications.

AWS Glue Data Quality is generally available in all AWS Regions where AWS Glue is available. To learn more: https://aws.amazon.com/about-aws/whats-new/2023/06/aws-glue-data-quality-generally-available/

Amazon Redshift Serverless now supports query scheduling and Single sign-on support

Released: Jun 7, 2023

Amazon Redshift Serverless now allows scheduling of SQL queries. With scheduling, you can automate time sensitive or long running queries. You can utilize the scheduled queries with Amazon Redshift Query Editor V2 or Amazon Redshift Data API.

Amazon Redshift Serverless supports now also Single sign-on with Identity Providers (IdP). How it works is that you can pass a list of database roles granted to a user based on his/her IdP group membership. Redshift administrator then configures the Identity Provider(IdP) to pass in database roles by adding specific principal tags as SAML attributes. The sign-on support can be used with Amazon Redshift Query Editor V2, JDBC/ODBC clients, and Data API.

The features are available in all regions that support Amazon Redshift Serverless. Read more here: https://aws.amazon.com/about-aws/whats-new/2023/06/amazon-redshift-query-scheduling-single-sign-on/

Amazon QuickSight now supports APIs to automate and accelerate assets deployment

Released: Jun 7, 2023

This is a long-awaited feature! QuickSight has earlier been it’s own island inside an AWS Account, and it has been extremely difficult to automate QuickSight assets' deployment from one environment to another. It has been possible through API or CLI, but requiring heavy-duty coding in managing all dependencies between assets and the environments.

So now it is possible to export and import a QuickSight asset with all required dependencies. The feature supports all essential QuickSight assets such as dashboards, analysis, datasets including ingestion schedules, datasources, themes, and VPC configurations. You can even select whether to export the assets as plain JSON or as CloudFormation templates.

The new APIs are available with the Amazon QuickSight Enterprise edition in following AWS Regions where QuickSight is available: US East (N. Virginia and Ohio), US West (Oregon), Canada, Sao Paulo, Europe (Frankfurt, Ireland and London), Asia Pacific (Mumbai, Seoul, Singapore, Sydney and Tokyo).

Read the announcement here: https://aws.amazon.com/about-aws/whats-new/2023/06/amazon-quicksight-apis-automate-accelerate-assets-deployment/

Amazon Athena for Apache Spark now supports custom Java libraries

Released: Jun 8, 2023

Amazon Athena for Apache Spark was first released at re:Invent 2022 conference. Amazon Athena for Apache Spark is a feature of Amazon Athena lets you run interactive analytics on Apache Spark in under a second to analyze petabytes of data. So basically it is Athena but turbo-charged. With the new release, you can now include your own Java libraries and modules as JAR files in Spark workloads to connect to different data sources and run advance calculations using user defined functions to perform feature exploration.

The release includes also a set of reference connector packages for Amazon CloudWatch logs, CloudWatch metrics and Amazon DynamoDB so that you can use data from the services in your insights.

The new features are currently supported in 9 AWS regions where Amazon Athena for Apache Spark is available: US East (Ohio), US East (N. Virginia), US West (Oregon), Europe (Ireland), Europe (Frankfurt), Asia Pacific (Tokyo), Asia Pacific (Singapore), Asia Pacific (Sydney), and Asia Pacific (Mumbai). To learn more: https://aws.amazon.com/about-aws/whats-new/2023/06/amazon-athena-apache-spark-custom-java-libraries/

Amazon Athena for Apache Spark now supports Apache Hudi, Apache Iceberg, and Delta Lake

Released: Jun 8, 2023

Amazon Athena for Apache Spark now supports open-source data lake storage frameworks Apache Hudi 0.13, Apache Iceberg 1.2.1, and Linux Foundation Delta Lake 2.0.2. These frameworks simplify incremental data processing of large data sets using ACID (atomicity, consistency, isolation, durability) transactions and make it simpler to store and process large data sets in your data lakes.

Apache Iceberg, Apache Hudi and Delta Lake support is available in all AWS regions where Amazon Athena for Apache Spark is available. Read more here: https://aws.amazon.com/about-aws/whats-new/2023/06/amazon-athena-apache-spark-hudi-iceberg-delta-lake/

Amazon Kinesis Data Firehose adds support for data stream delivery to Amazon Redshift Serverless

Released: Jun 19, 2023

This release is part of the “Zero-ETL” initiative announced by AWS CEO Adam Selipsky at re:Invent 2022. He stated that AWS is putting their efforts to connect the various AWS services so that builders can concentrate on creating value instead of spending their time trying to get services integrated.

With the new release, Amazon Kinesis Data Firehose can now deliver streaming data directly to Amazon Redshift Serverless. With few clicks, you can more easily ingest, transform, and reliably deliver streaming data into Amazon Redshift Serverless without building and managing your own data ingestion and delivery infrastructure.

Amazon Kinesis Data Firehose with Amazon Redshift Serverless is generally available in the regions here under Redshift Serverless API section.

Read more from the announcement: https://aws.amazon.com/about-aws/whats-new/2023/06/amazon-kinesis-data-firehose-data-stream-delivery-redshift-serverless/

AWS Glue now can detect 250 sensitive entity types from over 50 countries

Released: Jun 23, 2023

Sensitive data detection feature in AWS Glue can now detect over 250 sensitive entity types from 50 countries out-of-the-box - all Nordic countries included!

Sensitive data detection feature in AWS Glue identifies a variety of sensitive data elements like social security numbers, credit card numbers, names, driver license numbers and other entities. Once detected, customers can take actions to redact the sensitive information before writing records into their data repositories. Customers can also create custom detectors to detect entities specific to their organizations.

This feature is available in the commercial Regions as AWS Glue. Check the supported countries here: https://aws.amazon.com/about-aws/whats-new/2023/06/aws-glue-250-entity-types-50-countries/

AWS announces Amazon Aurora MySQL zero-ETL integration with Amazon Redshift (Public Preview)

Released: Jun 28, 2023

Yes, another Zero-ETL announcement!

Amazon Aurora MySQL zero-ETL integration with Amazon Redshift is now available in public preview. The feature enables near real-time analytics and machine learning (ML) on petabytes of transactional data stored in Amazon Aurora MySQL-Compatible Edition. Data written into Aurora is available in Amazon Redshift within seconds, so you can quickly act on it without having to build and maintain complex data pipelines. Amazon Aurora MySQL zero-ETL integration with Amazon Redshift is available for Amazon Aurora Serverless v2 and Provisioned as well as Amazon Redshift Serverless and RA3 instance types.

Check the details: https://aws.amazon.com/about-aws/whats-new/2023/06/amazon-aurora-mysql-zero-etl-integration-redshift-public-preview/

Amazon Athena now supports querying restored data in S3 Glacier

Released: Jun 29, 2023

This is fun! You can now use Amazon Athena to query data stored in Amazon S3 Glacier (Glacier Flexible Retrieval & Deep Archive storage classes supported). With this launch, you can use Athena to directly query restored data in the S3 Glacier for use cases such as log analytics and long-term trend analysis, saving you time by removing the need to move and duplicate data.

This feature is available with Athena Engine V3 in all Amazon Athena supported regions. To learn more: https://aws.amazon.com/about-aws/whats-new/2023/06/amazon-athena-querying-restored-data-s3-glacier/

Amazon OpenSearch Service now supports OpenSearch version 2.7

Released: Jul 10, 2023

You can now run features from open source OpenSearch version 2.7 in Amazon OpenSearch Service. Key improvements include introduction of a unified schema for OpenSearch, ability to add map visualisations to Dashboard panels, ability to filter geospatial data. The new version also includes support for five new security log types.

Read the annoncement: https://aws.amazon.com/about-aws/whats-new/2023/07/amazon-opensearch-service-opensearch-version-2-7/

Amazon Redshift announces automatic mounting of AWS Glue Data Catalog

Released: Jul 25, 2023

Amazon Redshift released automatic mounting of AWS Glue Data Catalog, making it easier for customers to run queries in their data lakes. So no need to anymore create an external schema in Amazon Redshift to use the data lake tables cataloged in AWS Glue Data Catalog. Now, you can query data lake tables directly from Amazon Redshift Query Editor v2 or your favorite SQL editors. Again, a release that makes the life of data specialists much more fun!

Read more here: https://aws.amazon.com/about-aws/whats-new/2023/07/amazon-redshift-automatic-mounting-aws-glue-data-catalog/

AWS Glue Studio now supports Amazon Redshift Serverless

Released: Jul 25, 2023

AWS Glue Studio now supports Amazon Redshift Serverless as a data source or target out-of-the-box. Earlir, only Amazon Redshift clusters were supported out-of-the-box in AWS Glue Studio. As serverless edition of Redshift takes the space among customers, this update is for sure well anticipated.

To learn more, here’s the announcement: https://aws.amazon.com/about-aws/whats-new/2023/07/aws-glue-studio-amazon-redshift-serverless/

Amazon EMR Serverless now supports retrieving secrets from AWS Secrets Manager

Released: Jul 27, 2023

A small but very important update. No more playing around with passwords and other secrets with your Amazon EMR Serverless. You can now get to the good side by utilizing AWS Secrets Manager for secrets like passwords, API keys an so forth.

Read here: https://aws.amazon.com/about-aws/whats-new/2023/07/amazon-emr-serverless-retrieving-secrets-aws-secrets-manager/

Amazon SageMaker announces a new direct integration with Salesforce Data Cloud

Released: Aug 4, 2023

August started with an announcement on Amazon SageMaker having a direct integration with Salesforce Data Cloud. What it means is that now you can without any extra hassle access Salesforce Data Cloud from SageMaker with OAuth-2.0-based authentication to build, train and deploy ML models on SageMager. So you can easily train ML models with SalesForce data, and turbo-charge Salesforce Einstein with ML-driven wisdom.

Salesforce Data Cloud direct integration is supported in all AWS regions where SageMaker is available. To learn more, read the announcement here: https://aws.amazon.com/about-aws/whats-new/2023/08/amazon-sagemaker-direct-integration-salesforce-data-cloud/

AWS IAM Identity Center integration is now generally available for Amazon QuickSight

Released: Aug 14, 2023

This is again one of those announcements that many have been waiting for! As said already earlier, QuickSight has been a quite isolated island inside AWS account, having its own user and group management. With this update, QuickSight administrators can now configure QuickSight to use IAM Identity Center to enable their users to login using their existing credentials. Administrators can select IAM Identity Center to configure QuickSight with their organization’s supported identity provider or with the IAM Identity Center identity store without requiring additional single sign-on configuration in QuickSight. Furthermore, they can use their identity provider groups to assign QuickSight roles (administrator, author and reader) to users.

This new feature is available in all AWS Regions where QuickSight and IAM Identity Center are available. Read more here: https://aws.amazon.com/about-aws/whats-new/2023/08/aws-iam-identity-center-integration-amazon-quicksight/

Serverless architecture & app development

AWS Lambda adds support for Ruby 3.2

Released: Jun 7, 2023

AWS Lambda now supports Ruby 3.2 as both a managed runtime and a container base image. The new Ruby version brings new features such as endless methods, a new Data class, improved pattern matching, and performance improvements. The Ruby 3.2 runtime is available in all regions where Lambda is available. The announcement can be found here: https://aws.amazon.com/about-aws/whats-new/2023/06/aws-lambda-support-ruby-3-2/

Amazon SQS announces support for dead-letter queue redrive via AWS SDK or CLI

Released: Jun 8, 2023

Amazon Simple Queue Service (SQS) announced support for dead-letter queue redrive via AWS SDK or Command Line Interface (CLI). The new feature is an enhanced capability to improve the dead-letter queue management by giving users a possibility to move messages from the dead-letter queue, and programmatically manage the lifecycle of the unconsumed messages at scale.

To programmatically automate dead-letter queue message redrive workflows, customers can now use the following actions:

  1. StartMessageMoveTask, to start a new message movement task from the dead-letter queue;
  2. CancelMessageMoveTask, to cancel the message movement task;
  3. ListMessageMoveTasks, to get 10 most recent message movement tasks for a specified source queue.

See SQS Documentation for more information.

Dead-letter queue redrive via AWS SDK and CLI is available in all AWS Regions where Amazon SQS is available. Announcement can be found here: https://aws.amazon.com/about-aws/whats-new/2023/06/amazon-sqs-dead-letter-queue-redrive-aws-sdk-cli/

AWS Step Functions adds integration for 7 services including Amazon VPC Lattice

Released: Jun 15, 2023

The more integrations the better. AWS Step Functions really has a momentum, and now they released seven new integrations available through SDK. Overall, Step Functions have over 12,000 API actions from over 320 AWS services. That is really impressive and brings considerable advantage when building solutions that connect different AWS services. The new integrations include services such as Amazon VPC Lattice, Amazon CloudWatch Internet Monitor, AWS IoT TwinMaker, and Amazon OpenSearch Ingestion.

These enhancements are now generally available in all regions where AWS Step Functions is available. Please read more here: https://aws.amazon.com/about-aws/whats-new/2023/06/aws-step-functions-7-services-vpc-lattice/

AWS Step Functions launches Versions and Aliases

Released: Jun 22, 2023

Yet another major update for AWS Step Functions. AWS Step Functions announced in July 2023 the availability of Versions and Aliases, improving resiliency for deployments of serverless workflows. The new set of capabilities makes it easier to set up continuous deployment, to help you iterate faster and release safely into production. You can now maintain multiple versions of your workflows, track which version was used for each execution, and create aliases that route traffic between workflow versions. You can deploy your workflows gradually using industry standard techniques such as blue-green and canary style deployments with fast rollbacks to your Step Functions workflows, increasing deployment safety and reducing downtime and risk.

More info here: https://aws.amazon.com/about-aws/whats-new/2023/06/aws-step-functions-versions-aliases/

Announcing general availability for watchOS and tvOS support on AWS Amplify Library for Swift

Released: Jun 27, 2023

Normally I tend to bypass news about UI development but this one really caught my eye. You can now use AWS Amplify to build applications for Apple Watch and Apple TV! In late June 2023, they announced general availability of watchOS and tvOS support for AWS Amplify for Swift (>= v2.12.0). This launch enables developers to build cloud-connected apps for Apple Watch (watchOS) and Apple TV (tvOS) devices, in addition to iOS and macOS platforms.

Learn more here: https://aws.amazon.com/about-aws/whats-new/2023/06/watchos-tvos-aws-amplify-library-swift/

Amazon ECS now launches tasks faster alongside tasks with prolonged shutdown

Released: Jun 30, 2023

Amazon ECS is a platform that takes care of running containerized services called tasks. If a task becomes unhealthy, it is stopped and a new task is launched based on your configurations. Sometimes shutdown of a task takes a long time, and new task launches could get blocked on the instance. To overcome the situation, Amazon ECS now enables faster task launches on container instances that have tasks with prolonged shutdown. This enables customers to scale their workloads faster and improve infrastructure utilization.

Previously, to enable higher task provisioning throughput, ECS optimistically considered instance resources (e.g. cpu, memory, ports) as free for launching new tasks whenever a running task transitioned to the stopping state. In cases when a stopping task takes a long time to shutdown, new tasks launches could get blocked on the instance. This happened because ECS Agent waited for all stopping tasks to shutdown before starting new tasks. With the new release from the end of June 2023, ECS Agent can start new tasks on an instance if requisite resources are available even if there are tasks pending shutdown, enabling faster task launches and improving infrastructure utilization.

The new experience is available for customers using Amazon ECS on EC2 or ECS Anywhere in all AWS regions on Amazon ECS Optimized AMIs with ECS Agent version 1.73.0 or later. To learn more, read the announcement: https://aws.amazon.com/about-aws/whats-new/2023/06/amazon-ecs-tasks-faster-prolonged-shutdown/

AWS Lambda now detects and stops recursive loops in Lambda functions

Released: Jul 13, 2023

This is a small but yet very important update. I’m sure everyone who has by mistake developed a solution that recursively calls the same Lambda over and over again, has included this feature in their evening prayers.

AWS Lambda can now detect and stop recursive loops in Lambda functions. Lambdas are really popularly used to process events from sources like Amazon SQS and Amazon SNS. However, in certain scenarios, due to resource misconfiguration or code defect, a processed event may be sent back to the same service or resource that invoked the Lambda function. This can cause an unintended recursive loop, and result in unintended usage and costs for customers. With this launch, Lambda will stop recursive invocations between Amazon SQS, AWS Lambda, and Amazon SNS after 16 recursive calls.

When facing the recursive calls situation, Lambda will stop the 17th invocation and sends the event to a Dead-Letter Queue or on-failure destination, if configured. Customers will also receive an AWS Health Dashboard notification with troubleshooting steps.

Please see more details and available regions here: https://aws.amazon.com/about-aws/whats-new/2023/07/aws-lambda-detects-recursive-loops-lambda-functions/

AWS Fargate enables faster container startup using Seekable OCI

Released: Jul 17, 2023

Nice development again from ECS team! Customers running applications on Amazon ECS with AWS Fargate can now leverage Seekable OCI (SOCI), a technology open sourced by AWS that helps applications deploy and scale out faster by enabling the containers to start without waiting for the entire container image to be downloaded.

In many cases, waiting for the entire container image to download from container image repository is unnecessary as in many cases only a small portion of it is needed for startup. SOCI reduces this wait time by lazily loading the image data in parallel to application startup, enabling containers to start with only a fraction of the image.

To SOCI-enable your container images, start from this announcement: https://aws.amazon.com/about-aws/whats-new/2023/07/aws-fargate-container-startup-seekable-oci/

Amazon SNS now supports mobile push notifications in twelve new AWS regions

Released: Jul 20, 2023

Mobile client communications just got more comprehensive as Amazon SNS mobile push notifications are now available in twelve additional AWS regions, including Africa (Cape Town), Asia Pacific (Hong Kong), Asia Pacific (Jakarta), Asia Pacific (Osaka), Canada (Central), Europe (London), Europe (Milan), Europe (Paris), Europe (Stockholm), Middle East (Bahrain), Middle East (UAE), and US East (Ohio). With this expansion, Amazon SNS now supports the ability to send mobile push notifications from 24 regions.

Amazon SNS can send mobile push notifications on your behalf to mobile devices and desktops using one of the following supported push notification services: Amazon Device Messaging (ADM), Apple Push Notification Service (APNs) for iOS and Mac OS X, Baidu Cloud Push (Baidu), Firebase Cloud Messaging (FCM) to Android devices, Microsoft Push Notification Service for Windows Phone (MPNS), and Windows Push Notification Services (WNS).

Read the news: https://aws.amazon.com/about-aws/whats-new/2023/07/amazon-sns-mobile-notifications-twelve-regions/

AWS Lambda adds support for Python 3.11

Released: Jul 27, 2023

Yet another Lambda programming language update: AWS Lambda now supports creating serverless applications using Python 3.11. Developers can use Python 3.11 as both a managed runtime and a container base image, and AWS will automatically apply updates to the managed runtime and base image as they become available.

The Python 3.11 runtime is available in all Regions where Lambda is available, except for China and GovCloud Regions. Read more here: https://aws.amazon.com/about-aws/whats-new/2023/07/aws-lambda-python-3-11/

Announcing preview of JSON protocol support for Amazon SQS

Released: Jul 28, 2023

This is huge! The grand old SQS is turning from XML to JSON! At the end of July 2023, Amazon SQS announced a preview of JSON protocol support, enabling lower latency and improved performance for SQS customers. Based on AWS performance tests for a 5KB message payload, JSON protocol for Amazon SQS reduces end-to-end message processing latency by up to 23% and reduces application client side CPU and memory usage.

Amazon SQS customers can take advantage of lower latency when using the specified AWS SDK version. The specified SDK version achieves these latency gains by upgrading the default communication protocols to JSON wire protocol when they make SQS API requests. Customers can upgrade their AWS SDK to specified SDK version to use JSON protocol. Customers can also revert back to the AWS Query protocol by changing the SDK version.

For more information, here’s the announcement: https://aws.amazon.com/about-aws/whats-new/2023/07/json-protocol-support-amazon-sqs/

Amazon EventBridge Scheduler adds schedule deletion after completion

Released: Aug 2, 2023

Amazon EventBridge Scheduler can invoke more than 270 AWS services and over 6,000 API operations, and scales out enabling scheduling of millions of tasks. No wonder it has become a de-facto scheduler for different time-based or recurring solutions on AWS platform. EventBridge Scheduler’s new delete upon completion helps manage and clean-up schedules that have completed its last invocation. It removes the need for manual processes or custom code to delete completed schedules saving you time and making it easier to scale.

If interested, start with the announcement: https://aws.amazon.com/about-aws/whats-new/2023/08/amazon-eventbridge-scheduler-deletion-completion/

AWS management & DevOps & IaC

Single Region Terraform support now available for AWS Control Tower Account Factory

Released: Jun 8, 2023

AWS Control Tower is a great tool for managing AWS Organizations with multiple organization units, AWS accounts and related guardrails. With the new release, AWS Control Tower now offers a possibility to configure account templates with Terraform and utilize those templates when provisioning new or existing accounts from AWS Control Tower.

To get started, you can use the AWS-provided Terraform Reference Engine on GitHub that configures the code and infrastructure required for the Terraform open source engine. After the one-time setup, customers can define their account requirements using Terraform and deploy them to their accounts as part of the well-defined account factory workflow.

Read more from the announcement: https://aws.amazon.com/about-aws/whats-new/2023/06/single-region-terraform-control-tower-account-factory/

AWS Control Tower adds 10 new AWS Security Hub controls

Released: Jun 12, 2023

Another news related to Control Tower! AWS has added 10 new AWS Security Hub detective controls to the AWS Control Tower controls library. These new controls target services such as Amazon APIGateway, AWS CodeBuild, Amazon Elastic Compute Cloud, Amazon Elastic Load Balancer, Amazon Redshift, Amazon SageMaker, and AWS WAF. These new controls help you meet control objectives, such as establish logging and monitoring, limiting network access and encrypting data at rest, enhancing your governance posture.

With this addition, AWS Control Tower now supports over 170 detective controls from AWS Security Hub. Read more from the announcement: https://aws.amazon.com/about-aws/whats-new/2023/06/aws-control-tower-new-aws-security-hub-controls/

Announcing general availability of AWS Control Tower’s integration with Security Hub

Released: Jun 19, 2023

And one more to the AWS Control Tower! In July 2023 AWS announced the general availability of the integration between AWS Control Tower and AWS Security Hub. You can enable over 170 Security Hub detective controls that map to related control objectives from AWS Control Tower. With the new release, AWS Control Tower now detects when you disable a control from Security Hub which results in a ‘Drifted’ control state. With this drift detection capability, it is simpler for you to monitor the deployment state of your controls and take appropriate actions to manage the security posture of your AWS Control Tower environment.

The drift detection capability for Security Hub controls requires updating to the new version of the AWS Control Tower Landing Zone 3.2. The new Landing Zone verion also includes updates to the Region Deny control for multiple AWS services.

Read all about the announcement here: https://aws.amazon.com/about-aws/whats-new/2023/06/aws-control-tower-account-integration-security-hub/

AWS CloudFormation accelerates dev-test cycle with new ChangeSets parameter

Released: Jun 20, 2023

Sometimes a small update is actually a BIG one. AWS CloudFormation launched a new parameter OnStackFailure for the CreateChangeSet API that allows customers to control the rollback behavior of ChangeSets. Customers use ChangeSets to preview the impact of a stack operation on active resources. With this launch, customers can modify the actions that CloudFormation will take when ChangeSet execution is unsuccessful.

Customers can set OnStackFailure to ROLLBACK, DELETE, or DO_NOTHING, where ROLLBACK is the default option for OnStackFailure and it reverts the stack to its last stable state if ChangeSet execution fails. When setting OnStackFailure to DELETE, CloudFormation deletes the new stack if ChangeSet execution fails. This eliminates the need for manual clean-up of stacks and allows customers to retry stack creation with CI/CD actions. DO_NOTHING preserves the state of the stack if ChangeSet execution fails.

To learn more about OnStackFailure, click here: https://aws.amazon.com/about-aws/whats-new/2023/06/aws-cloudformation-accelerates-dev-test-cycle-changesets-parameter/

AWS CodeBuild now supports GitHub Actions

Released: Jul 7, 2023

AWS CodeBuild customers can now use GitHub Actions during the building and testing of software packages. AWS CodeBuild is a fully managed continuous integration service that compiles source code, runs tests, and produces ready-to-deploy software packages. Customers’ CodeBuild projects are now able to leverage many of the pre-built actions available in GitHub’s marketplace. With CodeBuild’s integration with GitHub Actions, you can now extend your buildspec definition to invoke third-party solutions. There is no need to author and maintain custom integrations, or learn how integrate others’ solutions into your build process.

Read more here: https://aws.amazon.com/about-aws/whats-new/2023/07/aws-codebuild-github-actions/

Amazon CodeCatalyst now supports workflows triggered by GitHub pull requests

Released: Jul 19, 2023

Another AWS DevOps tool integrating with GitHub! AWS announced in July 2023 their support for starting Amazon CodeCatalyst workflows based on pull request events in linked GitHub repositories. When a workflow is triggered by a GitHub-based pull request, users will also be able to see the name of the PR that triggered it in the CodeCatalyst workflows UI, and click a link that takes them directly to the pull request in GitHub.

To learn more, see the announcement: https://aws.amazon.com/about-aws/whats-new/2023/07/amazon-codecatalyst-workflows-triggered-github-pull-requests/

AWS Control Tower launches additional proactive controls

Released: Jul 24, 2023

Trust is good, control is better! In July 2024, AWS announced a launch of 28 new proactive controls in AWS Control Tower. This launch enhances AWS Control Tower’s governance capabilities with services such as Amazon CloudWatch, Amazon Neptune, Amazon ElastiCache, AWS Step Functions, and Amazon DocumentDB. Read more here: https://aws.amazon.com/about-aws/whats-new/2023/07/aws-control-tower-proactive-controls/

Accelerate your CloudFormation authoring experience with looping function

Released: Jul 26, 2023

This might be the biggest announcement for AWS CloudFormation fans for time being. AWS CloudFormation announced at the end of July 2023 looping capability with Fn::ForEach intrinsic function. With Fn::ForEach, you can replicate parts of your templates with minimal lines of code.

To use Fn::ForEach you have to declare AWS::LanguageExtensions transform. The language extensions transform expands the functionality of the base CloudFormation JSON/YAML template language. With this launch, you can use Fn::ForEach in your Resources, Resource properties, Conditions, and Outputs sections of your templates. Here’s an example of CloudFormation YAML script that creates four different SNS Topics with different TopicNames:

AWSTemplateFormatVersion: 2010-09-09
Transform: 'AWS::LanguageExtensions'
    - TopicName
    - - Success
      - Failure
      - Timeout
      - Unknown
    - 'SnsTopic${TopicName}':
        Type: 'AWS::SNS::Topic'
          TopicName: !Ref TopicName
          FifoTopic: true

Read the whole announcement here: https://aws.amazon.com/about-aws/whats-new/2023/07/accelerate-cloudformation-authoring-experience-looping-function/

AWS CodePipeline now supports GitLab

Released: Aug 14, 2023

Yet one more AWS DevOps service that integrate with popular 3rd party platform. You can now use your GitLab.com source repository to build, test, and deploy code changes using AWS CodePipeline. Connect your GitLab.com account using AWS CodeStar Connections, and use the connection in your pipeline to automatically start a pipeline execution on changes in your repository.

More here: https://aws.amazon.com/about-aws/whats-new/2023/08/aws-codepipeline-supports-gitlab/


AWS WAF now supports Header Order match statement for request inspection

Released: Jun 5, 2023

AWS WAF now supports the Header Order match statement, enabling customers to specify the order in which HTTP headers appear in a request. With this feature, customers can further strengthen their access control measures by verifying additional dimensions of request metadata.

There is no additional cost for using this feature, however, standard AWS WAF charges still apply. It is available in all AWS Regions where AWS WAF is available and for each supported service, including Amazon CloudFront, Application Load Balancer, Amazon API Gateway, AWS AppSync, and Amazon Cognito. To learn more, see here: https://aws.amazon.com/about-aws/whats-new/2023/06/aws-waf-header-order-match-statement-request-inspection/

AWS KMS now supports importing asymmetric and HMAC keys

Released: Jun 5, 2023

You can now import asymmetric and HMAC keys into AWS Key Management Service (AWS KMS) and use them within supported KMS-integrated AWS services and your own applications. Importing your own key gives you direct control over the generation, lifecycle management, and durability of your keys. You can control the availability of your imported keys by setting an expiration period, or deleting and re-importing them at any time. These controls help you meet your specific compliance requirements if you must generate and store copies of keys outside of AWS.

Importing your own keys to AWS KMS can also be useful in situation where keys need to exist in multiple environments, including hybrid (on-premise) and multi-cloud workflows. This lets you safely migrate workloads to AWS while expanding options on how you authorize, audit, and protect keys through AWS KMS.

Check more details at: https://aws.amazon.com/about-aws/whats-new/2023/06/aws-kms-importing-asymmetric-hmac-keys/

AWS introduces container image signing

Released: Jun 6, 2023

From early days of June 2023, AWS Signer and Amazon Elastic Container Registry (ECR) launched image signing, a new feature that enables you to sign and verify container images. You can now use AWS Signer to validate that only container images you have approved are deployed in your Amazon Elastic Kubernetes Service (EKS) clusters.

For more information: https://aws.amazon.com/about-aws/whats-new/2023/06/aws-container-image-signing/

AWS announces AWS Payment Cryptography

Released: Jun 12, 2023

An interesting new service release touching eCommerce space! AWS announced in June 2023 a new service called AWS Payment Cryptography. This service simplifies your implementation of cryptography operations used to secure data in payment processing applications for debit, credit, and stored-value cards in accordance with various payment card industry (PCI), network, and ANSI standards and rules. Financial service providers and processors can replace their on-premises hardware security modules (HSMs) with this elastic service and move their payments-specific cryptography and key management functions to the cloud.

AWS Payment Cryptography is currently available only in the following US Regions: US East (N. Virginia) and US West (Oregon).

Read more about the service launch here: https://aws.amazon.com/about-aws/whats-new/2023/06/aws-payment-cryptography/

Amazon Verified Permissions is now generally available

Released: Jun 13, 2023

Announced originally back in AWS re:Invent 2022, AW has now released the general availability of Amazon Verified Permissions, service for fine-grained authorization and permissions management for applications that you build. Verified Permissions uses Cedar, an open-source language for access control, allowing you to define permissions as easy-to-understand policies. Use Verified Permissions to support role - and attribute-based access control in your applications.

Read more about Amazon Verified Permissions here: https://aws.amazon.com/about-aws/whats-new/2023/06/amazon-verified-permissions-generally-available/

AWS IAM Identity Center now supports automated user provisioning from Google Workspace

Released: Jun 13, 2023

This is big news for all organization using Google Workspace! It has earlier been possible to integrate Google Workspace to AWS IAM Identity Center and single sign-on to AWS services with Google identities, but managing those identities between Google and AWS has required either manual administrative work or additional custom integration service to be developed.

The new integration features help administrators simplify AWS access management across multiple accounts while maintaining familiar Google Workspace experiences for end users as they sign in. IAM Identity Center and Google Workspace use now Google auto-provisioning to securely provision users into IAM Identity Center, saving administrative time.

Read more about the new feature here: https://aws.amazon.com/about-aws/whats-new/2023/06/aws-iam-identity-center-automated-user-provisioning-google-workspace/

Network Load Balancer now supports security groups

Released: Aug 10, 2023

Network Load Balancers (NLB) now supports security groups, enabling you to filter the traffic that your NLB accepts and forwards to your application. Using security groups, you can configure rules to help ensure that your NLB only accepts traffic from trusted IP addresses, and centrally enforce access control policies. This improves your application’s security posture and simplifies operations.

To learn more, please read the announcement: https://aws.amazon.com/about-aws/whats-new/2023/08/network-load-balancer-supports-security-groups/


Want to be the hero of cloud?

Great, we are here to help you become a cloud services hero!

Let's start!