re:Invent 2019 Announcement Highlights

At GorillaStack, we’re keen users of AWS, and the time around re:Invent is great for the number of new product and feature announcements that are made. 2019 was no exception, although with the deluge of announcements before and during the conference, even we found it hard to keep up!

Below, we’ve shared some of our favorite feature announcements from what we’d like to think of as ‘core’ AWS services, like IAM, EC2, SQS, etc. that are used in the majority of customer applications.

Tagging

Our favorite AWS feature 😉 has been enhanced with the addition of Tag Policies. It provides reports and compliance checking, which can be very handy when combined with a well-defined tagging strategy.

Architecture

Although not a service announcement, this one was important to us, because it was Amazon sharing how they scale and manage their applications. In their new Amazon Builders Library, they’re creating a series of extended blog-style posts from their developers and architects experience building Amazon services.

Some of it is very general (other bits are very specific). I can recommend the article on instrumentation – there’s lots of great advice here if you’re getting started with instrumented your applications in the cloud.

API Gateway

For REST API developers, AWS have in preview a rationalized and much cheaper version of the API Gateway called HTTP APIs (currently in preview).

If you’re familiar with API Gateway, you’ll know it has a dizzying array of integration options. HTTP APIs keeps things simple by only providing only does Lambda Proxy integration (which is generally how most developers use API Gateway due to its flexibility).

It also has much better CORS support, which (I must admit) is challenging on API Gateway, and absolutely taxing if you have multiple origins you need to support – the new CORS support lets you list our your origins, which is better than creating custom lambdas and configuring them for every HTTP path OPTIONS request.

Containers (ECS, Kubernetes and Fargate)

• You can now run Kubernetes on AWS without managing EC2 instances – EKS has Fargate support!
• There is now spot instances available for Fargate, which will allow you to fill in extra capacity over your baseline with cheaper Fargate instances.
• Application Auto-Scaling for ECS Clusters. I’m still parsing this one, but I suspect its good news for those who want to scale down their container Auto-Scaling Groups to zero overnight or apply more intelligent scaling policies.

Code Review

If you’re writing Java applications, CodeGuru for automated code reviews might be of interest in its preview stage.

The first part of this service helps identify bad coding practices that could lead to resource leaks and race conditions (among other things).

There is also an in-production profiler for identifying slow blocks of code.

It appears to be expensive ($0.75/100 lines of code) at this point, but there is a generous 90 day trial period.

AMIs

EC2 Image Builder is a simplified UI for rebuilding your AMIs with the latest patches and customizations and rolling out to your fleet.

With it, you can create a pipeline for mastering your images that is re-runnable when updates are released, and can be validated with your own test suite. It also seems to be extensive enough already to support cross-account image sharing and a whole suite of non-AWS image types.

EC2 Image Builder Features

Databases

Amazon now has a Managed Apache Cassandra Service in preview.

DynamoDB

Also in databases – DynamoDB has had some important announcements over the past month that make it even more compelling to use as a database:

• BYO Encryption Keys – this is great for those who want to use their own encryption keys to secure their DynamoDB tables
• Global replicas of existing tables – you can now replicate your existing tables globally, ( you could previously only do this with new tables) so taking advantage of this feature should be much easier for existing applications – think hot standbys in other regions or improved API access times for your globally dispersed customer base.
• Configure table settings when restoring from backup
• NoSQL workbench (this one has been there since September) is a great desktop application to assist you with data modeling your schema for DynamoDB. You can now use it to model and test your schema in the DynamoDB local version.
• Find hot keys and monitor access patterns in your DynamoDB database – this one is great for those of you running DynamoDB at scale and wanting to find out why certain queries are slow. It can help identify what are your frequently accessed keys and visualize this activity with the companion CloudWatch Contributor Insights.

CloudFormation

CloudFormation now supports resource import!.

Great for customers with manually-created environments who want to migrate to CloudFormation (no excuses now).

CloudWatch

CloudWatch has had an impressive number of important announcements, including new features in preview, after quite a long lag. There’s plenty here for all types of applications:

• Multi-region/multi-account dashboards
• ServiceLens, an integrated console that ties together X-Ray traces and CloudWatch logs and metrics
• Contributor Insights lets you identify what parts of your application are most impacting performance. It aggregates data from structured log events (including AWS services like CloudTrail, VPC, API Gateway and your own custom events) and can extract dimensions in these logs to turn into time-series graphs.
• FireLens is for ECS and Fargate users who want to make use of their own log shipper or log gathering configuration – this service opens up the possibility for third party and custom log shippers to be more easily used with Fargate, without incorporating them into your Docker images
• CloudWatch Synthetics – an important one for REST API developers – this service can poll your REST APIs continuously for availability as well as find cross-site scripting attacks, phishing attempts, etc. It comes with a number of blueprints but you can also write your own test cases in a custom Lambda (the runtime is already prepacked with puppeteer and Chromium for running these).
•  

IAM

IAM Access Analyzer is another interesting new service. It looks at resource policies and identifies those resources that can be identified from outside the ‘scope’ it is given (usually an account). For example, I was quickly able to identify all the roles that are accessible by principals in other accounts (e.g. via AssumeRole), public S3 buckets, etc.

VPC

There was a couple of interesting VPC announcements too:

• Ingress Routing – this lets you route your VPC traffic through virtual appliances in your VPC, including the built-in AWS appliances (Internet Gateway, etc.) and third-party appliances from the AWS Marketplace. You can also segment the traffic and route it based on workload.
• Transit Gateway adds Network Manager to centralize the monitoring of your hybrid cloud networks, with topological and geographical diagrams. It also has CloudWatch metrics and events for topology, connection status and routing updates.

Serverless – Lambda, Kinesis and Step Functions

Lastly, for those running serverless applications with AWS Lambda and Kinesis, there’s been many awesome additions:

• Lambda Destinations, which makes integrating asynchronous Lambda invocations much easier. It automatically puts a message on a SQS/SNS/Lambda/Event Bridge destination with the result of your invocation, meaning you no longer have to write code that does this in your Lambda.
• Provisioned Concurrency for Lambda – there’s already been heaps of work to reduce Lambda cold start times, especially in VPCs, but now you have another option. This feature lets you provision a minimum set of Lambdas to respond to incoming requests with a consistent latency. It also integrates with Application Auto-Scaling so you can automatically configure it with sophisticated scaling policies.
• AWS Step Function Express Workflows adds a simplified and cheaper workflow model for high-volume/low-duration Step Function invocation (the pricing model is not directly comparable, but is supposed to be cheaper at volume).
• Lambda failure handling when processing Kinesis or DynamoDB streams has been expanded with new options, including bisection on error, configurable maximum record age (as low as 60s), and maximum retry attempts for a batch of records.
• Also for stream processing, Lambda now supports better parallelization options to process batches quicker with fewer shards. The default parallelization factor is 1 (i.e. you can process one batch of records from a shard at a time), but now you can increase that up to 10. This is great for workloads with long processing times per record or your data volume is volatile.

Have your own favorite or think we forgot something? Tag us on Twitter with your suggestion, or join our public Slack.