AWS News – February Round Up
With the endless flood of new products, features and changes from AWS and its surrounding ecosystem, it can be easy to miss an update. Our monthly round up highlights major AWS news, announcements, product updates and behind the scenes changes we think are most relevant.
February was a quiet month in the cloud. The big focus in AWS land was in bringing more and more of their features to various regions around the world. But there were a few noteworthy announcements.
Amazon Corretto Generally Available
In case you hadn’t noticed, Oracle decided it would be a good idea to turn the Oracle JVM/JDK into a commercial product. If you are going to continue using Java 8 and would like security updates, you will need to make a switch to OpenJDK or one of the many bundles that are popping up.
For no real reason other than that AWS hates Oracle, AWS decided to make a bundle of their own, called Corretto. Corretto 8 is now generally available, and Corretto 11 (supporting Java 11) is now in preview. There are some good reasons to consider using Corretto over just OpenJDK. Corretto:
- Will support Java 8 for a really long time (until 2023). OpenJDK most certainly will not.
- Is actually a fork of OpenJDK, allowing Amazon to introduce changes that might improve performance or reliability. As a reference implementation, OpenJDK tends to be conservative about these types of changes.
- Can update itself on your endpoints.
- Will likely become the default JDK on Amazon Linux 2 soon, so you will have to go out of your way to not use it.
- Provides the same long-term support Oracle wants to charge a lot of money for. For free.
RDS now supports T3 Instances
T3 instances are awesome. They’re burstable (somewhat) similar T2 instances but also really fast thanks to Nitro. Nitro is a combination of new Xeon processors and AWS proprietary hardware to accelerate network and IO.
RDS now supports T3 instance types for MySQL, MariaDB, Postgres and Oracle–as well as Aurorawhen run in MySQL compatibility mode. These instances are a great candidate for low and medium workload databases.
AWS DocumentDB Improvements
Last month, AWS announced DocumentDB, a managed version of Mongo. Already, AWS has announced two pretty significant improvements, suggesting that they’re investing heavily in DocumentDB.
DocumentDB now supports logging to CloudWatch, which is the sort of thing that should be part of product launch but that AWS has often taken as much as a year to implement. The good news is that this logging includes DDL queries. Unfortunately, no query logging yet..
DocumentDB also added support for aggregations, arrays and indexing. These query functions let you do powerful transformations on your data sets. A cluster upgrade is required to take advantage of these.
ElasticSearch Supports Three AZs
Inching closer to being a viable way to run a large ElasticSearch cluster, AWS ElasticSearch now supports running across 3 AZs. The service already has rack awareness so that replicas are properly distributed across AZs. But, since AZ failures can cause cluster quorum issues, distributing across 3 AZs is the norm if you have a cluster that just has to be up.
Running with 2 replicas is already a good practice for ElasticSearch in the cloud. If you’re doing that already, spreading to three AZs will have minimal cost.
- You can tag EFS resources at create time now. AWS asks that you pretend this was always the case and that you didn’t need to manually tag resources after creation for the last 3 years.
- Fargate now supports PrivateLink. This effectively allows Fargate resources to run inside your VPC. Be mindful of potential costs for network traffic. Even though Fargate can be a little pricey for environments that use containers heavily, it keeps getting more and more compelling.
- Infrequent Access for EFS is now available. This storage class is about 80% cheaper than the standard storage class, but you pay for those times when you do access files. Make sure that your definition of infrequent access matches Amazon’s before using it.
- GuardDuty adds a few new detects. AWS continues to expand the pen test tools GuardDuty can detect and will alert you any time root credentials are used to make an API call. If you’re the sort of person who thinks it’s okay to use root credentials for anything ever, you probably also don’t turn GuardDuty on in your accounts. So, carry on.
- There’s a bunch of new bare metal instance types available. Bare metal has a lot of advantages over the largest instance types in a family. If you have a need for very large instances, do not overlook bare metal. With a reservation, an m5.metal is under $2k/month. That’s not bad for 96 vCPUs and 384GB of RAM.
- IKEv2 is now supported. IKEv2 is a lot more secure than v1 and has been around forever. For whatever reason, a lot of us tend to create our tunnels using v1. The hybrid workloads that traverse a site-to-site connection often have some highly sensitive, unencrypted data flows. IKEv2 is worth the smidge of extra effort.
- Athena Workgroups let you set granular access control. Athena can be a game changer, replacing ElasticSearch or EMR clusters with nothing more than S3 and a minimal control plane. In other words, it can save a ton of money. Workgroups will expand the workloads that can use Athena by allowing fine grained permissions.