AWS re:Invent 2021 recap by a DevTools Hero

With another amazing re:Invent edition behind us, It's time for a little recap. This edition was also my first as an AWS Hero. Looking back, I must say AWS knows how to please its community members. This year AWS even gave us our own special AWS Hero Lounge! Kudos AWS for the overall support and pampering. It was crazy.

Before I start my recap, I want to say that even with all the nasty Covid-19 restrictions, I really enjoyed this year re:Invent. Personally, I find it hard to 'virtually' attend conferences. Being at a conference in person, feeling the vibes and atmosphere, is kind of a must for me.

So here's my first piece of advice: if you feel comfortable with it, I would strongly recommend attending re:Invent in person. All the great sessions are just a tiny part of the conference's value. What makes attending re:Invent stand out for me are all the AWS experts hanging around. The technical knowledge and expertise of all the people you can talk to at the conference are mind-blowing. It's a great place to pick some brains 😛

Content wise

Before jumping into the list of the newly announced stuff I like the most. I must stress that such a list is very personal and heavily influenced by someone's background. Having a Developer background myself and a strong interest in DevOps and Security is reflected in my list. On top of that, the list also matches the services I primarily work with daily.

All that said, here we go.

Application Integration

• Amazon SQS Enhances Dead-letter Queue Management Experience For Standard Queues
• AWS Lambda now supports partial batch response for SQS as an event source With this feature, when messages on an SQS queue fail to process, Lambda marks a batch of records in a message queue as partially successful and allows reprocessing of only the failed records.

Containers / Compute / Serverless

• AWS Releases Lambda Function URLs finally...NOT. I guess it's still only a matter of time before this one gets out.
• Amazon ECR announces pull through cache repositories. This new feature allows you to automatically sync images from publicly accessible registries. Yes, I was waiting on that one ;-)
• AWS Compute Optimizer now offers resource efficiency metrics. AWS Compute Optimizer now helps you quickly identify and prioritize top optimization opportunities through two new sets of dashboard-level metrics: savings opportunity and performance improvement opportunity.
• AWS Compute Optimizer now offers enhanced infrastructure metrics, a new feature for EC2 recommendations. AWS Compute Optimizer now offers enhanced infrastructure metrics, a paid feature that when activated, enhances your Amazon EC2 instance and Auto Scaling group recommendations by capturing monthly or quarterly utilization patterns.

Database

• Amazon DynamoDB announces the new Amazon DynamoDB Standard-Infrequent Access table class, which helps you reduce your DynamoDB costs by up to 60 percent Another cool feature to help bringing those bills down effortless. 👌

Developer Tools

• AWS Cloud Development Kit (AWS CDK) v2 and Construct Hub are now generally available
• Introducing AWS Amplify Studio: a visual development environment that offers frontend developers new features to accelerate UI development with minimal coding.
• AWS SDK for Swift (Developer Preview)
• AWS SDK for Kotlin (Developer Preview)
• AWS SDK for Rust (Developer Preview)

Management & Governance

• Introducing Amazon CloudWatch Metrics Insights. As a fast, flexible, SQL based query engine, Metrics Insights enables you to identify trends and patterns across millions of metrics in real time and helps you use these insights to reduce time to resolution.
• Introducing Amazon CloudWatch RUM for monitoring applications’ client-side performance. Amazon CloudWatch RUM is a real-user monitoring capability that helps you identify and debug issues in the client-side on web applications and enhance end user’s digital experience.
• Introducing Amazon CloudWatch Evidently for feature experimentation and safer launches. This is a new Amazon CloudWatch capability that makes it easy for developers to introduce experiments and feature management in their application code. CloudWatch Evidently may be used for two similar but distinct use-cases: implementing dark launches, also known as feature flags, and A/B testing.
• Amazon Virtual Private Cloud (VPC) announces IP Address Manager (IPAM) to help simplify IP address management on AWS Using IPAM, you can automate IP address assignment to VPCs, eliminating the need to use spreadsheet-based or homegrown IP planning applications, which can be hard to maintain and time-consuming. This automation helps remove delays in on-boarding new applications or growing existing applications, by enabling you to assign IP addresses to your VPCs in seconds. IPAM also automatically tracks critical IP address information, including its AWS account, Amazon VPC, and routing and security domain, eliminating the need to manually track or do bookkeeping for IP addresses.
• AWS Chatbot now supports management of AWS resources in Slack (Preview). This feature allows you to use AWS Chatbot to manage AWS resources and remediate issues in AWS workloads by running AWS CLI commands from Slack channels.

Security

• AWS Shield Advanced introduces automatic application-layer DDoS mitigation. AWS Shield Advanced now automatically protects web applications by blocking application layer (Layer 7) DDoS events with no manual intervention needed by you or the AWS Shield Response Team (SRT)
• Amazon Virtual Private Cloud (VPC) announces Network Access Analyzer to help you easily identify unintended network access Amazon VPC Network Access Analyzer is a new feature that enables you to identify unintended network access to your resources on AWS. Using Network Access Analyzer, you can verify whether network access for your Virtual Private Cloud (VPC) resources meets your security and compliance guidelines
• AWS announces the new Amazon Inspector for continual vulnerability management This is a big one. In a nutshell the new Inspector provides:
  • Continual, automated assessment scans—replaces periodic, manual scanning.
  • Automated resource discovery – once enabled, the new Amazon Inspector automatically discovers all running Amazon EC2 instances and Amazon ECR repositories.
  • New support for container-based workloads—workloads are now assessed on both EC2 and container infrastructure.
  • Integration with AWS Organizations—allowing security and compliance teams to enable and take advantage of Amazon Inspector across all accounts in an organization.
  • Removal of the stand-alone Amazon Inspector scanning agent—assessment scanning now uses the widely deployed AWS Systems Manager agent, eliminating the need for a separate agent installation.
  • Improved risk scoring —a highly contextualized risk score is now generated for each finding making it easier to identify the most critical vulnerabilities to address as a priority.
  • Integration with Amazon EventBridge —integrate with event management and workflow systems such as Splunk and Jira. And, you can trigger automated remediation.
  • Integration with AWS Security Hub

Storage

• Announcing the new Amazon S3 Glacier Instant Retrieval storage class. The lowest cost archive storage with milliseconds retrieval. This new Glacier archive storage class delivers the lowest cost storage for long-lived data that is rarely accessed and requires milliseconds retrieval. In fact, in combination with the Amazon S3 Intelligent-Tiering storage class this automatically save up to 68% for data not accessed in the last 90 days. Really nice 💪
• Amazon S3 Object Ownership can now disable access control lists to simplify access management for data in S3. This new S3 Object Ownership setting, 'Bucket owner enforced', disables access control lists (ACLs), simplifying access management for data stored in S3. When you apply this bucket-level setting, every object in an S3 bucket is owned by the bucket owner, and ACLs are no longer used to grant permissions.
• Announcing preview of AWS Backup for Amazon S3. This allows you to create a single policy in AWS Backup to automate the protection of application data stored in S3 alone.
• Amazon S3 Event Notifications with Amazon EventBridge help you build advanced serverless applications faster

Yeah, I'm sure I missed at least a few announces 😉

Enjoy an until next time!