re:Invent 2019 Announcement Highlights

Chris Armstrong | Wed Dec 11 2019

At GorillaStack, we’re keen users of AWS, and the time around re:Invent is great for the number of new product and feature announcements that are made. 2019 was no exception, although with the deluge of announcements before and during the conference, even we found it hard to keep up!

Below, we’ve shared some of our favorite feature announcements from what we’d like to think of as ‘core’ AWS services, like IAM, EC2, SQS, etc. that are used in the majority of customer applications.

Tagging

Our favorite AWS feature ;-) has been enhanced with the addition of Tag Policies. It provides reports and compliance checking, which can be very handy when combined with a well-defined tagging strategy.

Architecture

Although not a service announcement, this one was important to us, because it was Amazon sharing how they scale and manage their applications. In their new Amazon Builders Library, they’re creating a series of extended blog-style posts from their developers and architects experience building Amazon services.

Some of it is very general (other bits are very specific). I can recommend the article on instrumentation - there’s lots of great advice here if you’re getting started with instrumented your applications in the cloud.

API Gateway

For REST API developers, AWS have in preview a rationalized and much cheaper version of the API Gateway called HTTP APIs (currently in preview).

If you’re familiar with API Gateway, you’ll know it has a dizzying array of integration options. HTTP APIs keeps things simple by only providing only does Lambda Proxy integration (which is generally how most developers use API Gateway due to its flexibility).

It also has much better CORS support, which (I must admit) is challenging on API Gateway, and absolutely taxing if you have multiple origins you need to support - the new CORS support lets you list our your origins, which is better than creating custom lambdas and configuring them for every HTTP path OPTIONS request.

Containers (ECS, Kubernetes and Fargate)

Code Review

If you’re writing Java applications, CodeGuru for automated code reviews might be of interest in its preview stage.

The first part of this service helps identify bad coding practices that could lead to resource leaks and race conditions (among other things).

There is also an in-production profiler for identifying slow blocks of code.

It appears to be expensive ($0.75/100 lines of code) at this point, but there is a generous 90 day trial period.

AMIs

EC2 Image Builder is a simplified UI for rebuilding your AMIs with the latest patches and customizations and rolling out to your fleet.

With it, you can create a pipeline for mastering your images that is re-runnable when updates are released, and can be validated with your own test suite. It also seems to be extensive enough already to support cross-account image sharing and a whole suite of non-AWS image types.

EC2 Image Builder Features

Databases

Amazon now has a Managed Apache Cassandra Service in preview.

DynamoDB

Also in databases - DynamoDB has had some important announcements over the past month that make it even more compelling to use as a database:

CloudFormation

CloudFormation now supports resource import!.

Great for customers with manually-created environments who want to migrate to CloudFormation (no excuses now).

CloudWatch

CloudWatch has had an impressive number of important announcements, including new features in preview, after quite a long lag. There’s plenty here for all types of applications:

  • Multi-region/multi-account dashboards
  • ServiceLens, an integrated console that ties together X-Ray traces and CloudWatch logs and metrics
  • Contributor Insights lets you identify what parts of your application are most impacting performance. It aggregates data from structured log events (including AWS services like CloudTrail, VPC, API Gateway and your own custom events) and can extract dimensions in these logs to turn into time-series graphs.
  • FireLens is for ECS and Fargate users who want to make use of their own log shipper or log gathering configuration - this service opens up the possibility for third party and custom log shippers to be more easily used with Fargate, without incorporating them into your Docker images
  • CloudWatch Synthetics - an important one for REST API developers - this service can poll your REST APIs continuously for availability as well as find cross-site scripting attacks, phishing attempts, etc. It comes with a number of blueprints but you can also write your own test cases in a custom Lambda (the runtime is already prepacked with puppeteer and Chromium for running these).

IAM

IAM Access Analyzer is another interesting new service. It looks at resource policies and identifies those resources that can be identified from outside the ‘scope’ it is given (usually an account). For example, I was quickly able to identify all the roles that are accessible by principals in other accounts (e.g. via AssumeRole), public S3 buckets, etc.

VPC

There was a couple of interesting VPC announcements too:

  • Ingress Routing - this lets you route your VPC traffic through virtual appliances in your VPC, including the built-in AWS appliances (Internet Gateway, etc.) and third-party appliances from the AWS Marketplace. You can also segment the traffic and route it based on workload.
  • Transit Gateway adds Network Manager to centralize the monitoring of your hybrid cloud networks, with topological and geographical diagrams. It also has CloudWatch metrics and events for topology, connection status and routing updates.

Serverless - Lambda, Kinesis and Step Functions

Lastly, for those running serverless applications with AWS Lambda and Kinesis, there’s been many awesome additions:

  • Lambda Destinations, which makes integrating asynchronous Lambda invocations much easier. It automatically puts a message on a SQS/SNS/Lambda/Event Bridge destination with the result of your invocation, meaning you no longer have to write code that does this in your Lambda.
  • Provisioned Concurrency for Lambda - there’s already been heaps of work to reduce Lambda cold start times, especially in VPCs, but now you have another option. This feature lets you provision a minimum set of Lambdas to respond to incoming requests with a consistent latency. It also integrates with Application Auto-Scaling so you can automatically configure it with sophisticated scaling policies.
  • AWS Step Function Express Workflows adds a simplified and cheaper workflow model for high-volume/low-duration Step Function invocation (the pricing model is not directly comparable, but is supposed to be cheaper at volume).
  • Lambda failure handling when processing Kinesis or DynamoDB streams has been expanded with new options, including bisection on error, configurable maximum record age (as low as 60s), and maximum retry attempts for a batch of records.
  • Also for stream processing, Lambda now supports better parallelization options to process batches quicker with fewer shards. The default parallelization factor is 1 (i.e. you can process one batch of records from a shard at a time), but now you can increase that up to 10. This is great for workloads with long processing times per record or your data volume is volatile.

Have your own favorite or think we forgot something? Tag us on Twitter with your suggestion, or join our public Slack.

Tags re:InventAWSIAMCloudWatchTaggingArchitectureAPI GatewayContainersEKSECSFargateCode ReviewAMIDynamoDBEC2VPCCloudFormationserverlessLambdaKinesisBack To All Posts