Files
awesome-kubernetes/v2-docs/aws-newfeatures.md

80 KiB
Raw Blame History

AWS New Features

!!! info "Architectural Context" Detailed reference for AWS New Features in the context of Cloud Providers (Hyperscalers).

Table of Contents

  1. Application Integration
  1. Architectural Foundations
  1. Cloud Governance
  1. Cloud Infrastructure
  1. Containers
  1. Data and Analytics
  1. Database
  1. Infrastructure as Code
  1. Observability
  1. Security and Compliance
  1. Software Engineering

Application Integration

Serverless Orchestration

Step Functions

  • (2021) ==infoq.com: AWS Introduces a New Workflow Studio for AWS Step Functions== 🌟🌟🌟🌟🌟 [DE FACTO STANDARD] — A visual, low-code workflow designer that simplifies building distributed state machines on AWS. It allows developers to drag, drop, and configure states, mapping state transitions and payloads directly to downstream AWS services. This visual paradigm significantly accelerates development cycles for complex microservices orchestrations while generating ASL (Amazon States Language) behind the scenes.
  • (2021) ==Now — AWS Step Functions Supports 200 AWS Services To Enable Easier Workflow Automation== 🌟🌟🌟🌟🌟 [DE FACTO STANDARD] — Dramatically expands the capabilities of AWS Step Functions by offering direct SDK integration with over 200 AWS services and over 9,000 API actions. This architecture minimizes or completely eliminates custom 'glue' Lambda functions whose sole purpose was calling AWS APIs. It simplifies state machine engineering, reducing latency, maintenance costs, and execution failure risks.
  • (2021) xataka.com: Hasta AWS se pasa al low-code: Workflow Studio es su primera herramienta de desarrollo de bajo código [SPANISH CONTENT] 🌟🌟🌟🌟 [ENTERPRISE-STABLE] — Un análisis en español sobre Workflow Studio para AWS Step Functions, detallando cómo la interfaz visual democratiza el diseño de arquitecturas serverless de bajo código (low-code). Permite a desarrolladores y analistas diagramar flujos lógicos, interactuando con otros servicios de AWS de manera intuitiva y reduciendo la complejidad del código.

Architectural Foundations

Kubernetes Tools

General Reference

Cloud Governance

Landing Zones

Control Tower

  • (2021) AWS Control Tower now supports nested organizational units [ADVANCED LEVEL] 🌟🌟🌟🌟 [ENTERPRISE-STABLE] — Enables AWS Control Tower to govern up to five levels of nested Organizational Units (OUs), providing fine-grained SCP (Service Control Policy) inheritance inside complex AWS Organizations structures. This allows large enterprises to map organizational hierarchies exactly to their AWS landing zones. It improves permission inheritance modeling and cloud security boundaries without forcing flat structural patterns.
  • (2021) Migrate AWS Landing Zone solution to AWS Control Tower [ADVANCED LEVEL] 🌟🌟🌟🌟 [ENTERPRISE-STABLE] [GUIDE] [LEGACY] — A technical walkthrough explaining the migration path from legacy, custom-built AWS Landing Zone (ALZ) frameworks to fully managed Control Tower landing zones. It details account enrollment, baseline consolidation, and continuous policy management translations. This migration ensures long-term supportability, lower engineering maintenance, and structured governance.

Resource Tagging

Automation

  • (2021) New AWS Solutions Implementation: Tag Tamer 🌟🌟🌟 [COMMUNITY-TOOL] — An open-source, reference-architecture tool designed to manage, govern, and remediate tagging compliance across AWS accounts. Featuring a user-friendly UI, it assists organizations in standardizing metadata for cost allocation, access control, and automation. In production, this mitigates drift in tagging schemas, bringing consistency to multi-account landings.

Service Catalog

Operations Automation

  • (2021) Automate preapproved operations with AWS Service Catalog service actions 🌟🌟🌟🌟 [ENTERPRISE-STABLE] — Enables cloud administrators to associate AWS Systems Manager (SSM) documents with cataloged products, allowing end-users to perform pre-approved operational tasks (like rebooting or scaling). This decouples routine operations from root-access privileges, enforcing zero-trust boundaries. It drastically reduces IT ticketing overhead through self-service infrastructure operations.

Cloud Infrastructure

AWS

Business Applications

  • (2016) Amazon WorkMail Now Generally Available [NONE CONTENT] [DOCUMENTATION] 🌟🌟🌟🌟 [ENTERPRISE-STABLE] — General availability announcement of Amazon WorkMail. Introduces an enterprise-grade cloud email and calendar service featuring strict security keys and existing corporate directory sync capabilities.

Compute

  • (2015) Coming Soon EC2 Dedicated Hosts [NONE CONTENT] [DOCUMENTATION] 🌟🌟🌟🌟 [ENTERPRISE-STABLE] — Details Amazon EC2 Dedicated Hosts, designed to address strict enterprise compliance, hardware isolation requirements, and fine-grained socket-level BYOL software licensing limits.
  • (2016) New Scheduled Reserved Instances [NONE CONTENT] [DOCUMENTATION] 🌟🌟 [COMMUNITY-TOOL] — Details Scheduled Reserved Instances, designed to book recurring computational capacity (mostly superseded by dynamic Savings Plans and modern On-Demand capacity reservations).

Container Orchestration

Governance

  • (2015) AWS Config Rules Dynamic Compliance Checking for Cloud Resources [NONE CONTENT] [DOCUMENTATION] 🌟🌟🌟🌟 [ENTERPRISE-STABLE] — Introduction to AWS Config Rules for dynamic resource auditing. Outlines custom Lambda-backed compliance checks, automated change detection, and state verification rules across multi-account structures.

Internet of Things

  • (2015) AWS IoT Cloud Services for Connected Devices [NONE CONTENT] [ADVANCED LEVEL] [DOCUMENTATION] 🌟🌟🌟🌟 [ENTERPRISE-STABLE] — Core introduction of AWS IoT architecture. Details high-throughput MQTT broker brokers, secure device shadow states, rules engines, and telemetry stream mapping to AWS analytics components.

Management Tools

  • (2020) ==AWS CloudShell - Command-Line Access to AWS Resources== [NONE CONTENT] [DOCUMENTATION] 🌟🌟🌟🌟🌟 [DE FACTO STANDARD] — Introduction to AWS CloudShell, a browser-based, secure terminal console preconfigured with standard CLI utilities, shell environments, and automatic IAM session credential sharing.

Mobile Development

  • (2015) AWS Mobile Hub Build, Test, and Monitor Mobile Applications [NONE CONTENT] [DOCUMENTATION] 🌟🌟 [COMMUNITY-TOOL] — Historic product announcement for AWS Mobile Hub, the predecessor tool used for configuring client-side storage, compute, and cognito authentication (superseded entirely by AWS Amplify).

Mobile Testing

Monitoring

Regions

  • (2015) London Calling! An AWS Region is coming to the UK! [NONE CONTENT] 🌟🌟🌟 [COMMUNITY-TOOL] — Historical briefing of AWS network expansion planning for the UK region launch, highlighting sovereignty compliance targets and low-latency availability zone options.

Security

  • (2021) amazon.com: Reduce Unwanted Traffic on Your Website with New AWS WAF Bot Control [NONE CONTENT] [DOCUMENTATION] 🌟🌟🌟🌟 [ENTERPRISE-STABLE] — Explains AWS WAF Bot Control integration. Discusses using preconfigured rule groups at edge distribution tiers to detect, classify, and isolate automated malicious scraper patterns.
  • (2020) github.com/hayao-k/cdk-ecr-image-scan-notify 29 [TYPESCRIPT CONTENT] 🌟🌟🌟🌟 [ENTERPRISE-STABLE] — Community CDK construct that maps AWS EventBridge patterns to detect ECR image vulnerability scans. Automatically processes and delivers structured notifications to Slack/Teams channels using Lambda.
  • (2015) Amazon Inspector Automated Security Assessment Service [NONE CONTENT] [DOCUMENTATION] 🌟🌟🌟🌟 [ENTERPRISE-STABLE] — Architectural overview of Amazon Inspector, an automated vulnerability management service. Details continuous software vulnerability assessments on EC2 instances, ECR container layers, and serverless runtimes.

Serverless

Storage

  • (2015) ==Amazon EFS: Amazon Elastic File System Shared File Storage for Amazon EC2== [NONE CONTENT] [DOCUMENTATION] 🌟🌟🌟🌟🌟 [DE FACTO STANDARD] — Deep dive into Amazon EFS, offering serverless elastic file sharing based on NFSv4. Integrates natively across EC2 instances, on-premises centers, and container tasks under ECS or EKS.
  • (2015) ==New Encrypted EBS Boot Volumes== [NONE CONTENT] [DOCUMENTATION] 🌟🌟🌟🌟🌟 [DE FACTO STANDARD] — Announcement of native EBS boot volume encryption, leveraging AWS Key Management Service (KMS) without degrading overall instance throughput or input/output latency patterns.

Compute (1)

Auto Scaling

  • (2021) Amazon EC2 Auto Scaling now lets you control which instances to terminate on scale-in 🌟🌟🌟🌟 [ENTERPRISE-STABLE] — Offers precise programmatic control over which EC2 instances are terminated first during an Auto Scaling scale-in event. This replaces generic policies, allowing engineers to retain warm instances, protect long-running tasks, or optimize container host terminations. Architecturally, it increases stability for stateful or queue-consuming workers.

EC2 Troubleshooting

  • (2021) infoq.com: AWS Introduces EC2 Serial Console: Troubleshoot Boot and Networking Issues [ADVANCED LEVEL] 🌟🌟🌟🌟 [ENTERPRISE-STABLE] — Provides secure, interactive access to the physical serial port of EC2 instances, bypassing traditional IP-based network configuration. This enables real-time diagnostic debugging of boot issues, kernel panics, and misconfigured firewall or network interfaces. Architecturally, it serves as a critical break-glass tool for enterprise sysadmins to avoid data loss during OS-level misconfigurations.

Multi-Region Operations

  • (2021) Amazon EC2 now offers Global View on the console to view all resources across regions together 🌟🌟🌟 [COMMUNITY-TOOL] — Offers a centralized dashboard on the EC2 Console to view all running instances, volumes, VPCs, and subnets across all AWS Regions simultaneously. This feature drastically improves operational visibility, allowing engineers to track shadow IT, verify multi-region deployments, and quickly locate orphaned resources. It provides a foundational unified pane for multi-region operations.

Operating Systems

  • (2021) linux.slashdot.org: AWS Embraces Fedora Linux for Its Cloud-Based 'Amazon Linux' 🌟🌟🌟🌟 [ENTERPRISE-STABLE] — Announces Amazon Linux 2022 (later AL2023), transitioning the base operating system platform to Fedora. This shift promises a predictable two-year release cycle, faster access to up-to-date upstream packages, and refined SELinux security defaults. It provides an optimized, modern runtime layer for containerized microservices and virtualized EC2 execution.

Spot Instances

Console

UIUX

  • (2022) Announcing dark mode support in the AWS Management Console [NONE CONTENT] [COMMUNITY-TOOL] — The AWS Management Console released native dark mode support, improving accessibility and visual comfort for operators working across extended monitoring shifts. It introduces a configurable theme preference that persists across sessions.

Container Orchestration (1)

ECS Deployments

EKS Kubernetes

  • (2023) Amazon EKS now supports Kubernetes version 1.25 [NONE CONTENT] [COMMUNITY-TOOL] — Amazon EKS added support for Kubernetes version 1.25, bringing security policy updates, API removals (such as PodSecurityPolicy), and core platform enhancements like container registry authentication improvements.

EKS Security

  • (2023) Amazon EKS introduces EKS Pod Identity [NONE CONTENT] [ADVANCED LEVEL] [COMMUNITY-TOOL] — EKS Pod Identity simplifies the association of IAM roles with Kubernetes service accounts. This model bypasses the complexities of OIDC trust configurations, offering highly scalable, secure, and isolated credential structures for containers.

EKS Windows

Storage Integration

  • (2024) Amazon ECS and AWS Fargate now integrate with Amazon EBS [NONE CONTENT] [ADVANCED LEVEL] [COMMUNITY-TOOL] — Amazon ECS and AWS Fargate introduced native integration with Amazon EBS volumes. This lets serverless container deployments mount high-performance block storage dynamically, accommodating data-intensive file-processing workloads.

Databases

Backup and Recovery

  • (2022) Amazon Timestream now enables you to protect your data through AWS Backup [NONE CONTENT] [COMMUNITY-TOOL] — Amazon Timestream integrated with AWS Backup to provide centralized, automated protection for time-series databases. It supports scheduling continuous or periodic backups, meeting compliance targets, and executing point-in-time recoveries easily.

Data Migration

RDS Deployments

Secrets Management

  • (2022) Amazon RDS announces integration with AWS Secrets Manager [NONE CONTENT] [COMMUNITY-TOOL] — Amazon RDS added native integration with AWS Secrets Manager, allowing the service to automatically generate, rotate, and manage database credential secrets. This eliminates hardcoded application secrets, reducing vulnerability surface areas.

Edge Compute

Local Zones

  • (2021) techcrunch.com: AWS to launch over 30 new Local Zones internationally starting in 2022 [ADVANCED LEVEL] 🌟🌟🌟 [COMMUNITY-TOOL] — Outlines AWS's international expansion of Local Zones to provide low-latency edge computing, storage, and database services in metropolitan areas globally. This addresses strict residency laws and provides sub-10ms performance targets for localized financial systems or real-time gaming backends. Architecturally, it extends public cloud boundaries directly to metropolitan data centers.

FinOps

Cost Management

  • (2022) AWS Cost Explorers New Look and Common Use Cases [NONE CONTENT] [COMMUNITY-TOOL] — AWS Cost Explorer received a modernized interface and optimized query layouts to aid FinOps analysis. The upgrade simplifies tracking execution costs, identifying anomalies, and reviewing historical cloud expenditure across complex organizational units.

Global Infrastructure

Regions (1)

  • (2022) Now OpenAWS Region in Spain [NONE CONTENT] [COMMUNITY-TOOL] — AWS announced the general availability of the Europe (Spain) Region (eu-south-2). This physical infrastructure footprint enables customers to achieve lower latency for local workloads, meet residency and data sovereignty requirements inside the European Union, and build multi-region failover setups.

Governance (1)

AWS Organizations

  • (2022) Announcing delegated administrator for AWS Organizations [NONE CONTENT] [ADVANCED LEVEL] [COMMUNITY-TOOL] — AWS introduced delegated administrator capabilities for AWS Organizations, permitting the management of member policies and organizational hierarchies from a secondary security or utility account. This reduces operational overhead on the organization's root administrative account, minimizing risk exposure.

Compliance

  • (2022) Integration of AWS Well-Architected Tool with AWS Organizations [NONE CONTENT] [COMMUNITY-TOOL] — Integration of the AWS Well-Architected Tool with AWS Organizations provides centralized visibility into workload reviews across all member accounts. This structural update enables corporate architects to monitor governance posture, identify common architectural flaws, and establish standardized multi-tenant review patterns across the enterprise landscape.

Resource Tracking

  • (2023) AWS Config supports recording exclusions by resource type [NONE CONTENT] [COMMUNITY-TOOL] — AWS Config introduced resource-type exclusions, allowing organizations to exclude high-churn resources from continuous state recording. This helps control tracking costs and reduces noisy alerts on unimportant assets.

Systems Management

Identity and Access

API Management

  • (2022) Announcing new AWS IAM Identity Center APIs to manage users and groups at scale [NONE CONTENT] [ADVANCED LEVEL] [COMMUNITY-TOOL] — AWS expanded its IAM Identity Center with programmatic APIs for user and group management. These endpoints facilitate Automated Provisioning (SCIM-based or native) and deep integration with existing external Identity Providers (IdPs) and custom HR software to manage lifecycle identities systematically.

Access Control

Directory Services

  • (2022) AWS Single Sign-On launches configurable synchronization for Microsoft Active Directory [NONE CONTENT] [ADVANCED LEVEL] [COMMUNITY-TOOL] — AWS Single Sign-On (now IAM Identity Center) introduced customizable directory synchronization options for Microsoft Active Directory (AD). This feature allows administrators to select specific AD groups and users for propagation into AWS, optimizing synchronization times and preventing clutter in large-scale multi-account environments.

MFA

Privilege Management

  • (2023) Temporary elevated access management with IAM Identity Center [NONE CONTENT] [ADVANCED LEVEL] [COMMUNITY-TOOL] — AWS IAM Identity Center introduced temporary elevated access mechanisms. This feature implements time-bound, audited administrative permissions (just-in-time privilege escalation), mitigating risks from persistently elevated root and operator access.

Session Management

Market Analysis

Critical Review

  • (2021) theregister.com: The big AWS event: 120 announcements but nothing has changed 🌟🌟🌟 [COMMUNITY-TOOL] — Provides a critical perspective on the massive volume of re:Invent releases, arguing that many represent incremental API upgrades rather than fundamental architectural breakthroughs. The article challenges tech teams to focus on core design architectures rather than chasing every new managed wrapper. It serves as a pragmatic guide against architectural over-engineering.

ReInvent Announcements

  • (2021) aws.amazon.com/blogs: Top Announcements of AWS re:Invent 2021 🌟🌟🌟🌟 [ENTERPRISE-STABLE] — Synthesizes the major platform transformations unveiled at re:Invent 2021, focusing on serverless options for Redshift, EMR, and MSK alongside new Graviton3 silicon. The catalog underscores a massive architectural drive towards serverless operational models across the analytics stack. These updates solidify AWS's platform-as-a-service offerings for enterprise engineering.
  • (2021) infoq.com: Recap of AWS re:Invent 2021 🌟🌟🌟🌟 [ENTERPRISE-STABLE] — Delivers an industry analyst review of re:Invent 2021's technical releases, capturing structural advancements across compute, databases, and serverless compute paradigms. Key topics include AWS Mainframe Modernization, IoT FleetWise, and security standard compliance tooling. It maps out these ecosystem developments to long-term enterprise migration strategies.

Messaging

Event-Driven

Migration

VM Import Export

Networking

CDN Security

Deprecations

  • (2021) theregister.com: AWS to retire EC2-Classic the network glue that helped start the IaaS rush [ADVANCED LEVEL] 🌟🌟🌟🌟 [ENTERPRISE-STABLE] — Marks the official EOL of AWS's original flat network topology (EC2-Classic), mandating migration to Virtual Private Cloud (VPC) architectures. This deprecation signals the end of shared, non-isolated public IP spaces in cloud compute, enforcing VPC-level security controls, security groups, and routing isolation. Migrations required standardizing VM instances onto modern VPC-only networking models.
  • (2021) EC2-Classic Networking is Retiring Heres How to Prepare [ADVANCED LEVEL] 🌟🌟🌟🌟 [ENTERPRISE-STABLE] [GUIDE] [LEGACY] — Migration guidelines and operational playbooks assisting AWS accounts in transitioning off legacy EC2-Classic networks onto modern Amazon VPC resources. The blueprint outlines migration tools (ClassicLink) and technical paths to reconstruct security policies, network routing, and host configurations within dedicated VPC perimeters.

Hybrid Connectivity

  • (2021) AWS Site-to-Site VPN releases updated Download Configuration utility 🌟🌟🌟 [COMMUNITY-TOOL] — An upgraded utility providing customized configuration templates for a wider variety of Customer Gateway (CGW) devices during hybrid VPN setups. This tool streamlines the deployment of secure IPsec tunnels by providing templated scripts for Cisco, Juniper, Fortinet, and generic routers. It guarantees cryptographic and routing parameter parity between on-prem and AWS.

Load Balancing

NAT Gateway

Network Security

  • (2021) ==New Amazon VPC Network Access Analyzer== [ADVANCED LEVEL] 🌟🌟🌟🌟🌟 [DE FACTO STANDARD] — A formal network verification tool that uses mathematical analysis (automated reasoning) to check VPC security policies and network access paths. It helps teams identify unintended network configurations, verify access boundaries, and demonstrate compliance to internal/external security audits. Architecturally, it automates manual firewall reviews and prevents security isolation leaks.
  • (2021) AWS Network Firewall Nuevo Servicio Gestionado de Firewall para VPC [SPANISH CONTENT] [ADVANCED LEVEL] 🌟🌟🌟🌟 [ENTERPRISE-STABLE] — Un análisis en español sobre AWS Network Firewall, detallando cómo este servicio gestionado de seguridad perimetral proporciona inspección de paquetes activa, prevención de intrusiones (IPS) y filtrado de URL. Arquitectónicamente, se integra con Transit Gateway para asegurar de manera centralizada el tráfico de entrada y salida a nivel de VPC corporativo.

Security Groups

  • (2021) ==Easily Manage Security Group Rules with the New Security Group Rule ID== 🌟🌟🌟🌟🌟 [DE FACTO STANDARD] — Introduces a unique identifier for each security group rule (sgr-xxxxxxxx), making rules individually addressable via API, CLI, or IaC. This drastically improves the management of firewall exceptions, allowing developers to target, modify, or audit precise rules without referencing the complete rule block list. It prevents race conditions and conflicts in IaC pipelines like Terraform.
  • (2021) Amazon Virtual Private Cloud (VPC) customers can now resize their prefix list 🌟🌟🌟🌟 [ENTERPRISE-STABLE] — Introduces the capability to dynamically resize customer-managed prefix lists, allowing cloud engineers to adjust IP range counts without recreating dependent security groups or route tables. This update simplifies network security operations at scale by removing the rigid limits on custom prefix dimensions. Architecturally, it serves as a critical automation capability for large transit gateway deployments.

VPC Addressing

  • (2021) ==Amazon Virtual Private Cloud (VPC) customers can now assign IP prefixes to their EC2 instances== [ADVANCED LEVEL] 🌟🌟🌟🌟🌟 [DE FACTO STANDARD] — Identical announcement enabling continuous IP prefixes to be allocated directly to EC2 instances. Architecturally, this bypasses elastic network interface (ENI) private IP limit caps, expanding physical capacity constraints for highly scaled Kubernetes EKS clusters. It simplifies route propagation configurations and scales pod-per-node capacity.

VPC Visualization

Observability

Managed Monitoring

  • (2021) Amazon Managed Grafana Is Now Generally Available with Many New Features [NONE CONTENT] [COMMUNITY-TOOL] — Amazon Managed Grafana (AMG) is a fully managed service that simplifies the deployment, operation, and scaling of Grafana dashboards across diverse data sources. It natively integrates with AWS security and IAM systems, offering high-availability visualization of metrics, logs, and traces without administrative overhead.

Metric Extraction

Metrics

  • (2022) Introducing Amazon CloudWatch Metrics Insights (General Availability) [NONE CONTENT] [ADVANCED LEVEL] [COMMUNITY-TOOL] — Amazon CloudWatch Metrics Insights is a highly performant SQL-based query engine that allows developers and administrators to analyze system metrics at scale in real-time. It enables querying millions of metrics dynamically, grouping by dimensions, and creating dashboard visualizers to pinpoint anomalous behaviors rapidly across distributed cloud architectures.

Multi-Account

  • (2022) Amazon CloudWatch launches cross-account observability across multiple AWS accounts [NONE CONTENT] [ADVANCED LEVEL] [COMMUNITY-TOOL] — Amazon CloudWatch added native cross-account observability, enabling operators to aggregate and query metrics, logs, and traces seamlessly across multiple target accounts in an organization. This removes the need for custom ingestion microservices and pipelines to centralize application telemetry.

Security (1)

DDoS Protection

  • (2022) AWS Shield Advanced now supports Application Load Balancer for automatic application layer DDoS mitigation [NONE CONTENT] [ADVANCED LEVEL] [COMMUNITY-TOOL] — AWS Shield Advanced introduced automatic mitigation of application layer (Layer 7) DDoS attacks for Application Load Balancers (ALB). This capability dynamically creates, tests, and deploys AWS WAF rules on behalf of the user to block malicious traffic patterns, reducing manual intervention and minimizing downstream application downtime during sustained attacks.

Key Management

  • (2022) Announcing AWS KMS External Key Store (XKS) [NONE CONTENT] [ADVANCED LEVEL] [COMMUNITY-TOOL] — AWS KMS External Key Store (XKS) allows customers to secure cloud-stored data using keys held on hardware security modules (HSMs) outside of AWS. This architectural integration helps enterprises satisfy strict digital sovereignty and regulatory constraints.

Network Firewall

  • (2023) AWS Network Firewall now supports tag-based resource groups [NONE CONTENT] [ADVANCED LEVEL] [COMMUNITY-TOOL] — AWS Network Firewall updated its rules engines to resolve tag-based resource groups dynamically. This modification enables security teams to configure static firewall rules that adapt automatically as VPC networks or instances scale.

Policy Generation

Threat Detection

  • (2023) Amazon GuardDuty now available in AWS Europe (Spain) Region [NONE CONTENT] [COMMUNITY-TOOL] — AWS extended the availability of Amazon GuardDuty to the Europe (Spain) region. This deployment supports regional workloads with local threat intelligence and ML-driven behavior detection for AWS accounts, S3, and EKS environments.

Threat Hunting

WAF Rules

Security and Service Mesh

HashiCorp HCP

  • (2021) thenewstack.io: HashiCorp Adds Consul and Vault to Cloud Platform for AWS [ADVANCED LEVEL] 🌟🌟🌟🌟 [ENTERPRISE-STABLE] — Launches fully managed Consul and Vault offerings on the HashiCorp Cloud Platform (HCP) integrated with AWS. This allows engineering teams to leverage secure secret storage and high-performance service mesh patterns without operational cluster overhead. Architecturally, it integrates seamlessly into AWS VPC routing and transit gateway topologies.

Serverless (1)

Compute (2)

  • (2022) AWS Lambda Now Supports Up to 10 GB Ephemeral Storage [NONE CONTENT] [COMMUNITY-TOOL] — AWS Lambda's configuration options permit allocating up to 10 GB of ephemeral /tmp storage, up from the previous 512 MB limit. This architectural enhancement enables serverless executions to process larger datasets, run machine learning inference, and perform intensive ETL operations directly within memory-backed local storage, significantly expanding the viability of serverless data pipelines.

Developer Tooling

Storage (1)

EFS

  • (2022) Announcing Amazon Elastic File System Replication 🌟🌟🌟🌟 [ENTERPRISE-STABLE] — Launches a native replication solution for EFS, automating the replication of file systems across different AWS Regions or within the same Region. It guarantees point-in-time consistency and helps meet disaster recovery (DR) RPO and RTO compliance goals. This deprecates the need for custom rsync-based replication agents on EC2.
  • (2022) infoq.com: Amazon Announces Elastic File System Replication for Multi-Region Deployments 🌟🌟🌟🌟 [ENTERPRISE-STABLE] — Evaluates the release of native EFS replication, focusing on its integration with hybrid file storage strategies and automated failover pipelines. It details how the sub-minute RPO simplifies business continuity architectures across multi-region EKS stateful workloads. The solution delivers automated metadata synchronization, optimizing engineering resources.

Storage and Backup

Compliance (1)

  • (2022) AWS Backup Audit Manager adds centralized reporting for AWS Organizations [NONE CONTENT] [COMMUNITY-TOOL] — AWS Backup Audit Manager introduced consolidated, cross-account backup compliance reporting across AWS Organizations. Enterprise operators can monitor backup policies, tracking non-compliance trends dynamically from a singular delegator dashboard.

S3 Security

  • (2022) Heads-Up: Amazon S3 Security Changes Are Coming in April of 2023 [NONE CONTENT] [COMMUNITY-TOOL] — AWS pre-announced default security hardening measures for Amazon S3 buckets. These updates block public access configurations by default and enforce bucket owner-enforced Object Ownership settings to automatically disable ACLs on new bucketing workloads.

Virtualization

VDI

  • (2022) Amazon WorkSpaces Introduces Ubuntu Desktops [NONE CONTENT] [COMMUNITY-TOOL] — Amazon WorkSpaces extended its managed Virtual Desktop Infrastructure (VDI) to offer Ubuntu Desktop environments. Intended primarily for developers, data scientists, and engineers, this addition provides a secure, cloud-hosted Linux workspace preconfigured with developer utilities and standardized enterprise authentication.

Containers

Kubernetes

EKS Console

EKS Networking

  • (2021) ==Amazon VPC CNI plugin increases pods per node limits== [ADVANCED LEVEL] 🌟🌟🌟🌟🌟 [DE FACTO STANDARD] — Introduces Prefix Delegation in the AWS VPC CNI, multiplying the number of pods allocatable per node. By assigning /28 IPv4 prefixes to network interfaces instead of single secondary IPs, small-to-medium EC2 instances can support significantly higher container densities. This architecture directly addresses the IP exhaustion problem in enterprise Kubernetes deployments on AWS.

EKS Security (1)

  • (2021) ==Amazon EKS clusters now support user authentication with OIDC compatible identity providers== [ADVANCED LEVEL] 🌟🌟🌟🌟🌟 [DE FACTO STANDARD] — Enables EKS clusters to utilize external OpenID Connect (OIDC) compatible identity providers for user authentication. This decouples Kubernetes RBAC from direct IAM identity mappings, allowing developers to leverage existing SSO solutions like Okta or Keycloak. It simplifies security governance by maintaining enterprise identity standards at the cluster API level.

Market Analysis (1)

ReInvent Announcements (1)

  • (2021) forbes.com: AWS re:Invent - A Roundup Of Container Services Announcements 🌟🌟🌟🌟 [ENTERPRISE-STABLE] — Synthesizes containerization announcements from re:Invent 2021, highlighting Karpenter, EKS Anywhere, and ECS Anywhere expansion. This analysis emphasizes AWS's push to support hybrid and multi-cloud Kubernetes deployments. It details how Karpenter challenges standard Cluster Autoscaler architectures with direct, fast provisioning of right-sized EC2 instances.

Data and Analytics

Data Protection

AWS Backup

  • (2022) ==Announcing the general availability of AWS Backup for Amazon S3== 🌟🌟🌟🌟🌟 [DE FACTO STANDARD] — Reaches General Availability, providing complete managed backup, restore, and lifecycle orchestration of Amazon S3 data. It supports cross-region, cross-account capabilities, and immutable backup copies using AWS Backup Vault Lock. Architecturally, it streamlines data compliance audits, proving protection policies for petabyte-scale S3 data lakes.

Compliance (2)

  • (2021) Monitor, Evaluate, and Demonstrate Backup Compliance with AWS Backup Audit Manager 🌟🌟🌟🌟 [ENTERPRISE-STABLE] — Introduces AWS Backup Audit Manager, a feature to monitor, evaluate, and demonstrate the compliance posture of data backup operations against pre-defined organizational standard controls. It automates compliance reporting, providing auditor-ready historical evidence. Architecturally, it replaces manual backup audits and ensures strict data governance.

Data Streaming

Kinesis

  • (2021) ==infoq.com: AWS Launches Amazon Kinesis Data Streams On-Demand== 🌟🌟🌟🌟🌟 [DE FACTO STANDARD] — Introduces a serverless, on-demand capacity mode for Kinesis Data Streams, automatically scaling write and read throughput to match unpredictable traffic patterns. This model eliminates the requirement for shard planning, capacity monitoring, and custom-scaling scripts. Architecturally, it makes streaming pipelines easier to operate while optimizing costs for variable workloads.

Data Warehouse

Redshift

  • (2021) ==Announcing General Availability of Amazon Redshift Cross-account Data Sharing== [ADVANCED LEVEL] 🌟🌟🌟🌟🌟 [DE FACTO STANDARD] — Allows instant, secure data sharing across different Amazon Redshift clusters and AWS accounts without moving or copying data. It decouples storage from compute, allowing downstream analytic nodes or consumers to run isolated queries against shared data structures in real-time. This drastically optimizes data lake engineering architectures.

Database

RDS Proxy

Networking (1)

  • (2021) Amazon RDS Proxy can now be created in a shared Virtual Private Cloud (VPC) [ADVANCED LEVEL] 🌟🌟🌟🌟 [ENTERPRISE-STABLE] — Extends Amazon RDS Proxy capabilities to shared VPCs (Resource Access Manager environments), allowing centralized application environments to pool and multiplex database connections across multiple AWS accounts. By managing highly volatile database connection limits from serverless microservices, it enhances application performance and resilience. Architecturally, it decouples the database infrastructure layer from consumer VPC microservices.

Relational Database

RDS High Availability

  • (2022) ==infoq.com: Amazon RDS Introduces Readable Standby Instances in Multi-AZ Deployments== [ADVANCED LEVEL] 🌟🌟🌟🌟🌟 [DE FACTO STANDARD] — Introduces Multi-AZ deployments with two readable standby instances, allowing read queries to be offloaded from the primary instance while offering sub-35 second automatic failovers. Architecturally, this maximizes utilization of standby infrastructure while scaling database read throughput significantly. It is highly beneficial for transaction-heavy workloads with strong analytics or reporting requirements.

Infrastructure as Code

CloudFormation

State Management

  • (2021) New for AWS CloudFormation Quickly Retry Stack Operations from the Point of Failure 🌟🌟🌟🌟 [ENTERPRISE-STABLE] — Introduces the ability to retry failed CloudFormation stack operations from the point of failure, omitting the need to rollback and rebuild the entire deployment from scratch. This drastically optimizes development feedback loops, especially when dealing with flaky external resources or transient timeouts. It dramatically changes IaC debugging workflows on AWS.

Observability (1)

CloudWatch

Access Management

  • (2021) aws.amazon.com: Share your Amazon CloudWatch Dashboards with anyone using AWS Single Sign-On 🌟🌟🌟 [COMMUNITY-TOOL] — Enables engineers to share CloudWatch dashboards with stakeholders outside the AWS Console using IAM Identity Center (formerly AWS SSO). This decouples operations visualization from root access management, offering a secure path to operational metrics. It ensures fine-grained dashboard sharing across federated organizational entities.

Multi-Account Monitoring

  • (2021) infoq.com: Amazon Introduces Cloudwatch Cross Account Alarms to Consolidate Management 🌟🌟🌟🌟 [ENTERPRISE-STABLE] — Introduces CloudWatch cross-account alarms, enabling teams to aggregate telemetry, trace metrics, and execute operational alerts from multiple AWS accounts under a single monitoring cockpit. It aligns with multi-account architectural landing zones, minimizing alert-routing complexity. It enhances real-time incident remediation by centralizing operational context.

Grafana

Managed Visualization

  • (2021) Amazon Managed Service for Grafana (AMG) preview updated with new capabilities 🌟🌟🌟🌟 [ENTERPRISE-STABLE] — Outlines preview enhancements to AMG, incorporating support for Grafana Enterprise upgrades, security posture controls, and direct data source connectivity (Prometheus, CloudWatch, OpenSearch). This update automates visualization scaling and secures connection configurations. It forms a central visualization plane across AWS-managed monitoring services.

OpenTelemetry

Distributed Tracing

  • (2021) ==New for AWS Distro for OpenTelemetry Tracing Support is Now Generally Available== [ADVANCED LEVEL] 🌟🌟🌟🌟🌟 [DE FACTO STANDARD] — Generally available, AWS-supported distribution of the CNCF OpenTelemetry standards, specifically optimized for application tracing. It simplifies collecting metadata and correlates application traces across containerized (EKS, ECS) and serverless (Lambda) stacks. It seamlessly forwards telemetry to AWS X-Ray, Amazon OpenSearch, and partner SaaS platforms, eliminating vendor lock-in.

Prometheus

Managed Container Monitoring

  • (2021) ==siliconangle.com: Amazon debuts fully managed, Prometheus-based container monitoring service== [ADVANCED LEVEL] 🌟🌟🌟🌟🌟 [DE FACTO STANDARD] — Launches a fully managed, Prometheus-compatible monitoring service designed to ingest, store, and query operational metrics from Kubernetes and ECS environments. Architecturally, it scales automatically to billions of metrics, leveraging Cortex technology for high-availability multi-zone persistence. It reduces the administrative overhead of managing large, DIY Prometheus TSDB clusters.
  • (2021) ==aws.amazon.com: Amazon Managed Service for Prometheus Is Now Generally Available with Alert Manager and Ruler== [ADVANCED LEVEL] 🌟🌟🌟🌟🌟 [DE FACTO STANDARD] — Reaches General Availability, adding key enterprise capabilities such as Alert Manager and Ruler. Users can define native Prometheus alerting rules and route alerts to downstream incident response hubs like PagerDuty or AWS SNS. It reinforces the managed monitoring story by guaranteeing security, high availability, and out-of-the-box multi-region reliability.

Security and Compliance

Cloud Security Posture

Security Hub

Vulnerability Management

Inspector

  • (2021) AWS announces the new Amazon Inspector for continual vulnerability management 🌟🌟🌟🌟 [ENTERPRISE-STABLE] — Overhauls Amazon Inspector into a service offering continuous, automated vulnerability management for EC2 and container images. Instead of run-on-demand periodic scans, it dynamically evaluates the environment in response to system changes and newly published CVEs. It integrates with AWS Organizations, allowing security groups to manage scanning centrally.

Software Engineering

AI Code Analysis

Developer Enablement

  • (2021) Introducing new self-paced courses to improve Java and Python code quality with Amazon CodeGuru 🌟🌟🌟 [COMMUNITY-TOOL] — Educational curriculum focusing on utilizing CodeGuru's machine-learning engines to detect concurrency bugs, resource leaks, and performance bottlenecks in Java and Python. These courses provide hands-on telemetry guides to maximize DevSecOps efficiency. Architecturally, CodeGuru integrates into CI/CD pipelines to enforce static and dynamic code quality.

💡 Explore Related: Googlecloudplatform | AWS Pricing | AWS Spain