{"id":9485,"date":"2020-04-03T15:45:51","date_gmt":"2020-04-03T08:45:51","guid":{"rendered":"http:\/\/54.151.235.32\/?p=9485"},"modified":"2021-03-03T18:00:25","modified_gmt":"2021-03-03T11:00:25","slug":"aws-new-releases-in-march-2020","status":"publish","type":"post","link":"https:\/\/renovacloud.com\/en\/aws-new-releases-in-march-2020\/","title":{"rendered":"AWS New Releases in March 2020"},"content":{"rendered":"<p><span style=\"color: #ffffff;\">AWS New Releases in March 2020<\/span><\/p>\n<p>Let\u2019s spend a few minutes looking at <a href=\"https:\/\/renovacloud.com\/about-us\/our-expertise\/?lang=en\">our team<\/a> favorite AWS New Releases in March 2020, including:<\/p>\n<ul>\n<li>Anonymous IP List rule group for AWS Web Application Firewall (WAF)<\/li>\n<li>Tagging for VPC Flow Logs<\/li>\n<li>Amazon CloudWatch composite alarm<\/li>\n<li>Bottlerocket in public preview<\/li>\n<li>New features for Amazon Redshift<\/li>\n<\/ul>\n<p>&nbsp;<\/p>\n<h3><strong>Anonymous IP List rule group for AWS WAF<\/strong><\/h3>\n<p>AWS WAF allows for a very easy to use, cloud-native integration of WAF rules in AWS. The service allows you to create rules that are arranged into rule groups that can be attached to web access control lists (ACL) to parse traffic crossing the Amazon CloudFront distribution, Amazon API Gateway API, or Application Load Balancer that the web ACL is attached to. Action is then taken on the traffic based on dispositions you can control such as block, allow, or count.<\/p>\n<p>AWS announced a new AWS Managed Rules rule group that allows you to block traffic that is originating from users that are attempting to hide their location or skirt geographical restrictions. It is also useful against malicious traffic such as bots that often seek to mask their true location information in this way. Since it is an AWS Managed Rules rule group, all you have to do is attach it to your AWS WAF to take advantage of its benefit. No rules to manage!<\/p>\n<p>It is simple to add a rule group to your web ACL in the AWS console. There is no cost to enable Anonymous IP List for AWS Managed Rules. To deep dive, check out the\u00a0<a href=\"https:\/\/docs.aws.amazon.com\/waf\/latest\/developerguide\/aws-managed-rule-groups-list.html\" rel=\"noopener\">AWS WAF Developer Guide here<\/a>.<\/p>\n<p>&nbsp;<\/p>\n<h3><strong>Tagging for Amazon VPC Flow Logs<\/strong><\/h3>\n<p>AWS announced in March resource tagging and tag-on-create for <em>Amazon VPC Flow Logs.<\/em> This is an important feature for those seeking to drive cloud adoption in an enterprise that has a vast estate. A vital aspect of managing AWS assets at the enterprise level is having visibility at multiple levels. Historically, that meant segmenting logs in <em>Amazon S3 buckets<\/em> to achieve separation and identification of <em>flow logs<\/em> coming in from various systems.<\/p>\n<p>This new announcement adds the ability to add tags to the flow log for consumption of down-stream log aggregators and other tools. Tags are the simple key-value pairs that you are used to seeing in the <em>AWS tagging<\/em> environment and can be specified at the creation of the flow log or on existing flow logs. To learn more about tagging, please visit the\u00a0<a href=\"https:\/\/docs.aws.amazon.com\/AWSEC2\/latest\/UserGuide\/Using_Tags.html\" rel=\"noopener\">user guide<\/a>. To learn more about <em>Amazon VPC Flow Logs<\/em>, please\u00a0<a href=\"https:\/\/docs.aws.amazon.com\/vpc\/latest\/userguide\/flow-logs.html\" rel=\"noopener\">refer to the documentation<\/a>.<\/p>\n<p>&nbsp;<\/p>\n<h3><strong>Amazon CloudWatch Composite Alarms<\/strong><\/h3>\n<p>Amazon CloudWatch allows visibility into your AWS applications and infrastructure resources, on AWS and on-premises. It is the first-class cloud native monitoring and alerting service on AWS.<\/p>\n<p>Its functionality was expanded late last year to provide cross-account, cross-region dashboards to give the enterprise administrator even greater ease in monitoring. But it still required conditions to be set and alerted individually. For some use cases, it would be more beneficial if one could create composite alarms, not alerting until the combination of several alarms reached an aggregate state. This would allow a minimization of alarm \u2018noise\u2019, allowing you to focus alarms to more meaningful information when triggered. This is exactly the functionality that was announced in March with <em>Amazon CloudWatch composite alarms. Amazon <\/em>CloudWatch composite alarms also publish <em>to Amazon Simple Notification Service (SNS)<\/em> topics enabling downstream triggers for things that can consume SNS information.<\/p>\n<p>You can check out the\u00a0<a href=\"https:\/\/aws.amazon.com\/cloudwatch\/pricing\/\" rel=\"noopener\">Amazon CloudWatch pricing page<\/a>\u00a0for pricing information. To learn how you can create composite alarms, visit the\u00a0<a href=\"https:\/\/docs.aws.amazon.com\/AmazonCloudWatch\/latest\/monitoring\/Create_Composite_Alarm.html\" rel=\"noopener\">user guide found here<\/a><\/p>\n<p>&nbsp;<\/p>\n<h3><strong>Bottlerocket<\/strong><\/h3>\n<p>For enterprise users leveraging Kubernetes via <em>Amazon Elastic Kubernetes Service (EKS)<\/em> on AWS there was an interesting new announcement in March. Introducing <em>Bottlerocket,<\/em> a new <em>open source Linux-based operating system (OS)<\/em> that is purpose-built to run <em>containers.<\/em> It contains only the essential software needed to run containers, making it even more lightweight than other similar container OS solutions. Some of the advantages of <em>Bottlerocket<\/em> are the single step update ability and reduced package dependencies due to the purpose built nature of the OS distribution. This allows for much smoother automation with a potential reduction in errors on update and single-step rollback when needed.<\/p>\n<p><em>Bottlerocket <\/em>is available now in public preview for <em>Amazon EKS<\/em> with plans to support <em>Amazon Elastic Container Service (ECS)<\/em> soon. <em>Bottlerocket <\/em>is an open-source project on GitHub. To get started, you can launch <em>Amazon EC2 instances<\/em> with <em>the\u00a0<a href=\"https:\/\/github.com\/bottlerocket-os\/bottlerocket\/blob\/develop\/QUICKSTART.md\" rel=\"noopener\">Bottlerocket AMI and join them to an Amazon EKS cluster<\/a><\/em>. You can also visit the <em>Bottlerocket<\/em>\u00a0<a href=\"https:\/\/aws.amazon.com\/bottlerocket\/\" rel=\"noopener\">documentation here<\/a>.<\/p>\n<p>&nbsp;<\/p>\n<h3><strong>Amazon Redshift \u2013 Pause and Resume and Column-Level Access Control<\/strong><\/h3>\n<p><strong>Pause and Resume<\/strong><\/p>\n<p><em>Amazon Redshift<\/em>, now has the ability to pause and resume a cluster. This is very useful for any enterprise data warehouse administrator who has a need to temporarily cease compute billing on <em>Amazon Redshift clusters<\/em>. While storage is still charged, for cases such as development clusters, the compute billing can be stopped representing cost savings for those clusters.<\/p>\n<p>To learn more about using pause and resume, check out the\u00a0<a href=\"https:\/\/docs.aws.amazon.com\/redshift\/latest\/mgmt\/managing-cluster-operations.html#rs-mgmt-pause-resume-cluster\" rel=\"noopener\">Amazon Redshift documentation<\/a>.<\/p>\n<p><strong>Column-Level Access Control<\/strong><\/p>\n<p>For those currently <em>using table-level access control<\/em> for access to your Amazon Redshift data and need a finer, more level of control, March was your month! Introducing <em>column-level access control<\/em> for Amazon Redshift. Now, rather than implementing views-based access control or some other work around, you are able to leverage column based control using grant and revoke statements. For more information on how it works, see\u00a0<a href=\"https:\/\/docs.aws.amazon.com\/redshift\/latest\/dg\/r_GRANT.html#r_GRANT-usage-notes-clp\" rel=\"noopener\">the Amazon Redshift documentation<\/a>.<\/p>\n<p><span style=\"color: #ffffff;\">AWS New Releases in March 2020<\/span><\/p>\n","protected":false},"excerpt":{"rendered":"<p>AWS New Releases in March 2020 Let\u2019s spend a few minutes looking at our team favorite AWS New Releases in March 2020, including: Anonymous IP List rule group for AWS Web Application Firewall (WAF) Tagging for VPC Flow Logs Amazon CloudWatch composite alarm Bottlerocket in public preview New features for Amazon Redshift &nbsp; Anonymous IP [&#8230;]\n","protected":false},"author":7,"featured_media":9486,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[8],"tags":[430,433,435,434,431,432],"class_list":["post-9485","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-data-and-analytics","tag-amazon-redshift","tag-anonymous-ip-list-rule","tag-aws-new-releases","tag-bottlerocket","tag-cloudwatch-composite-alarm","tag-tagging-for-vpc"],"_links":{"self":[{"href":"https:\/\/renovacloud.com\/en\/wp-json\/wp\/v2\/posts\/9485","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/renovacloud.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/renovacloud.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/renovacloud.com\/en\/wp-json\/wp\/v2\/users\/7"}],"replies":[{"embeddable":true,"href":"https:\/\/renovacloud.com\/en\/wp-json\/wp\/v2\/comments?post=9485"}],"version-history":[{"count":0,"href":"https:\/\/renovacloud.com\/en\/wp-json\/wp\/v2\/posts\/9485\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/renovacloud.com\/en\/wp-json\/wp\/v2\/media\/9486"}],"wp:attachment":[{"href":"https:\/\/renovacloud.com\/en\/wp-json\/wp\/v2\/media?parent=9485"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/renovacloud.com\/en\/wp-json\/wp\/v2\/categories?post=9485"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/renovacloud.com\/en\/wp-json\/wp\/v2\/tags?post=9485"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}