AWS continues to push its Virtual Private Cloud as the new norm for cloud development and deployment, and further limit public internet exposure.
AWS PrivateLink enables customers to privately access services while keeping all network traffic within an Amazon Virtual Private Cloud (VPC). Instead of whitelisting approved public IP addresses, IT teams can establish private IP addresses and connect them to services via Elastic Network Interface. Amazon services on PrivateLink also support Direct Connect for on-premises connections.
Amazon later added PrivateLink support for AWS-hosted customer and partner services so developers can securely work with third-party tools. Together, AWS PrivateLink and Network Load Balancer enable administrators to identify the origin of an incoming request and route them.
AWS PrivateLink is the latest in a string of new features that secure cloud connections between resources and regions.
AWS re:Invent 2017
Amazon’s yearly cloud conference, AWS re:Invent 2017, is the launchpad for a number of product and service introductions. Visit our essential guide to catch up on all the news from the conference, plus expert tips for IT professionals across a variety of roles.
New features and support
- Data goes on lockdown. Several additional features aim to boost data protection in Amazon Simple Storage Service (S3), which has been subject to numerous data leaks thanks to improper customer configurations. A Default Encryption setting for buckets automatically applies server-side encryption for all objects, and Cross-Region Replication improves efficiency and governance ofobjects encrypted by AWS Key Management Service.
- Sync up. Amazon Elastic File System (EFS) now includes an EFS File Sync feature that synchronizes on-premises or cloud-based files with the service, and replace file storage and Linux copy tools that required manual configuration.
- Upgrade your load balancer. A one-step migration wizard enables an IT team to switch from a Classic Load Balancer — formerly Elastic Load Balancing — to a Network or Application Load Balancer. Developers can view and modify load balancer configuration before deployment and add more advanced features afterward.
- Unclutter your messages. With an added message filter for pub/sub architectures, subscribers to Amazon Simple Notification Service (SNS) can choose specific subsets of messages to receive, and reduce unneeded messages without the need to write and implement their own message filters or routing logic.
- Personalize viewer content. Three capabilities in Lambda@Edge improve latency and simplify infrastructure. Content-based dynamic origin selection allows attribute-based routing to multiple back-end origins. Developers can also make network calls on CloudFront end user-facing events,, not just from origin-facing events. Lambda@Edge can also make advanced responses that rely on more complex logic to specialize content for specific end users.
- Extra code protection. AWS CodeBuild now works with VPC resources, for dev teams to build and test code within a VPC and prevent public exposure of resources. Developers can also cache dependencies for more efficiency with software builds.
- Machine learning boosts data warehouses. A Short Query Acceleration feature in Amazon Redshift uses machine learning to predict which short-running requests should move to a separate queue for faster processing – so, for example, queries such as reports and dashboards aren’t blocked behind larger extract, transform, and load requests. Another Redshift feature hops reads and writes to the next available queue without the need for a restart to improve query performance and efficiency.
- Automate deployments locally. An update to the AWS CodeDeploy agent enables developers to deploy software code on premises to test and debug, before they move code to production.
- Pull more strings. AWS OpsWorks now supports Puppet Enterprise, which gives administrators a managed service for Puppet automation tools for infrastructure and application management.
- Visually modify security policies. Admins can create and manage AWS Identity and Access Management policies with a new visual editor, which makes it easier to grant least privileges with lists of resource types and request conditions.
- Update state machines. AWS Step Functions enables developers to change state machine definitions and configurations for distributed application workflows. The API call UpdateStateMachine makes it easier to modify applications, which previously required a multi-step process.
- Cloud carpool. AWS unveiled a reference guide for automotive manufacturers to produce vehicles with secure connectivity to the AWS cloud. The guide includes capabilities for local computing and data processing, which can be used to power voice- and location-based services, car health checks, predictive analytics and more.