Road to re:Invent 2019

Kirjoittaja: Anton Floor
Kirjoittaja: Jose Juhala

Nothing has changed since the last visit. Vegas is still the most absurd place, we have ever visited, with its shabby glamour still intact.

AWS has again managed to gather all the brightest stars of IT to Vegas. For the whole week, we will hear about their newest achievements and learn new skills.

Seems that the event is again bigger than last year. More locations to jump into, more sessions and more people. Still, it’s all well organized and everything runs smoothly… Well, let’s see what happens on Monday!

So, how does one know that AWS re:Invent is getting close?

It is usually, the speeding up of releases and news from AWS. This year hasn’t been any different from previous ones, except that there might just have been more this year. Let’s have a quick look at what we have already gotten.

Amazon Athena new capabilities

Amazon Athena has previously supported only S3 as a target for queries. Now they have released support for relational, non-relational, object and custom data sources, which makes Athena a completely different player in data domain. To make these queries possible Athena uses Data Source connectors running on AWS Lambda. What makes this also a very useful new feature, is that you can now search from multiple data sources with a single query.

AWS has open sources Data Source connectors for Amazon DynamoDBApache HBaseAmazon Document DBAmazon RedshiftAWS CloudWatchAWS CloudWatch Metrics, and JDBC-compliant relational databases such MySQL, and PostgreSQL under the Apache 2.0 license. But that is not all, one can also use Athena Query Federation SDK to build their own connector to any other data source.

https://aws.amazon.com/about-aws/whats-new/2019/11/amazon-athena-adds-support-for-running-sql-queries-across-relational-non-relational-object-custom-data-sources/

IAM policies and AWS Organizations get closer to each other

IAM policies, AWS Organizations, and AWS SSO have also gotten multiple new improvements. Starting with IAM policies and Organizations, which are getting closer to each other. Before, AWS Organizations was a quite separated service, which enabled one to enforce policies over accounts and organize them into an organization unit structure but that was all. Now with the improvements to IAM policies, it is possible to reference OU structure or accounts in IAM policies, making it a far better tool in creating policies that affect multiple accounts at the same time without a need to revisit them all the time.

IAM policies were also improved with the capability to reference role attributes sent via SAML messages. This means that now you can create universal policies in IAM and manage access centrally in AD.

https://docs.aws.amazon.com/IAM/latest/UserGuide/introduction_attribute-based-access-control.html

AWS SSO future-proofing itself

To be honest, AWS and single sign-on have not been that good. There has been a possibility to log in to AWS through on-premises IDP and from Azure Apps. Still, something has been missing. Even though the login has been there, the roles and policies still have been required to be created manually but not anymore.

AWS SSO has been uplifted by new capabilities with Azure AD. Now it is possible to automatically import groups and memberships from Azure AD. This removes the burden of creating duplicate management in AWS and user access can be administered from a single place.

https://aws.amazon.com/about-aws/whats-new/2019/11/manage-access-to-aws-centrally-for-azure-ad-users-with-aws-single-sign-on/

And many more

AWS Security Hub is starting to be a service that they said it would be last year. New partner integrations are coming in and it is starting to cover many aspects from findings to respond and remediation. AWS Tag policies allow one to enforce rules over tag values and keys. This enables organizations to adopt a standardized approach to tagging resources. Also, SAM deployment is getting more streamlined with removing the packaging phase completely and AWS handling that in the background.

And these were only a small capture of all releases from the past couple months. More news can be checked from https://aws.amazon.com/new

https://aws.amazon.com/about-aws/whats-new/2019/11/aws-sam-cli-simplifies-deploying-serverless-applications-with-single-command-deploy/

https://aws.amazon.com/about-aws/whats-new/2019/11/new-partner-integrations-available-aws-security-hub/

https://aws.amazon.com/about-aws/whats-new/2019/11/aws-launches-tag-policies/

AWS re:Invent 2019 is only starting and we have already gotten many great new features and improvements here and there. Let’s hope that the pace continues and after this week we have multiple new services to dig into. We will keep you posted every day, starting from tomorrow’s Midnight Madness event, where we usually get the first new launches.

If you’re in town?

Join our WhatsApp list and get the latest info on where to meet us!

New call-to-action