Last Month at AWS: June Edition

Last Month at AWS: June Edition

As the long tail of the global pandemic continues to influence our daily lives, there is a consensus that some parts of human history have come to what appears to be a complete halt. Almost every business sector in every region has been impacted in a significant way by the multiple variants of COVID-19, and it has become increasingly challenging to both adapt to this new normal and change the perspective.  

For businesses and people, the only constant is the change that the healthcare crisis has brought to the table. However, we believe that companies should learn to thrive in the environment of change. By adapting to a new way of working and anticipating new challenges, companies will be prepared for any potential roadblocks to their business optimization strategies. In this way, knowing what they need to do to solve these problems will be the key ingredient to success.  

In fact, IT organizations could thrive in the post-pandemic world with the help of continuous innovation and a plethora of AWS services. As previous editions of this monthly round-up have shown, AWS is constantly enhancing and upgrading its offerings, with new products and upgrades to existing services cementing its customer focus and a culture of innovation.  

Taking that into account, June saw enhancements to existing AWS services that added up to more security, more feasibility and more assurance. And while the AWS wheel never seems to stop turning, the AWS Partner Team at Infostretch has (once again) dug through the goldmine and found the nuggets that we believe are worth highlighting. 

AWS Backup now supports crash-consistent backups of Amazon EBS volumes attached to an Amazon EC2 instance 

Posted On: Jun 14, 2021 

AWS Backupnow, by default, creates crash-consistent backups of Amazon EBS volumes that are attached to an Amazon EC2 instance. As a result, customers no longer have to stop their instance or coordinate between multiple Amazon EBS volumes attached to the same Amazon EC2 instance to ensure crash-consistency of their application state. 

AWS Backup enables you to centralize and automate data protection across AWS services, such as Amazon Elastic Compute Cloud (Amazon EC2) instances, Amazon Elastic Block Store (Amazon EBS) volumes, Amazon Relational Database Service (RDS) databases (including Amazon Aurora clusters), Amazon DynamoDB tables, Amazon Elastic File System (EFS), Amazon FSx for Lustre, Amazon FSx for Windows File Server, and AWS Storage Gateway volumes and helps you support your regulatory compliance obligations. 

Why It Matters

As applications are becoming increasingly complex, an application’s data becomes important in the digital world. The problem is that the fear of losing access to your data often haunts customers. The best (and most simple) solution is by taking regular backups. 

As a digital engineering company, Infostretch helps customers make sure they follow a routine of taking backups of their valuable data. In fact, backing up data regularly and testing the ability to recover your data are acknowledged best practices in the Reliability pillar of the AWS Well-Architected Framework.  

Of course, the need to backup data is nothing new, but it never hurts to be reminded of this process. Thankfully, AWS Backup is here to automate the task, with the following links providing additional guidance as to why you should be adding data backup to your workflow list 

  1. Perform data backup automatically 
  2. Perform periodic recovery of the data to verify backup integrity and processes 

 AWS Removes NAT Gateway’s Dependence on Internet Gateway for Private Communications 

Posted On: Jun 10, 2021 

You can now launch NAT Gateways in your Amazon Virtual Private Cloud (VPC) without associating an internet gateway to your VPC. Internet Gateway is required to provide internet access to the NAT Gateway. However, some customers use their NAT Gateways with Transit Gateway or virtual private gateway to communicate privately with other VPCs or on-premises environments and thus, do not need an internet gateway attached to their VPCs. 

A NAT Gateway enables instances in a private subnet to connect to services outside your VPC using the NAT Gateway’s IP address. With this feature, you can set the connectivity type to Private at the time of NAT Gateway creation. A private NAT Gateway, or NAT Gateway with connectivity type set to private, does not require EIP and you do not need to attach an internet gateway with your VPC. A Private NAT Gateway uses its private IP address to perform network address translation. You can route traffic from your Private NAT Gateway to other VPCs or on-premises network using Transit Gateway or virtual private gateway. 

Why It Matters

As digitization becomes the go-to strategy, the rise in vulnerability becomes inevitable. In this case, security becomes a top priority, especially in public cloud solutions. 

Before introducing the private NAT Gateway feature, configuring the transit gateway and Public NAT Gateway was the only solution. But now, NAT Gateway enables instances in a private subnet to connect to services outside your VPC using the NAT Gateway’s private IP address. 

As a result of this announcement, Infostretch emphasizes implementing this extra layer of security for the customers who seek to establish private and secure network connectivity between on-prem and cloud. 

You can learn more about VPC NAT Gateway and this feature, by clicking on this AWS documentation link. 

Amazon DynamoDB Accelerator (DAX) now supports encryption in transit of data between your applications and DAX clusters, and between the nodes within a DAX cluster 

Posted On: Jun 24, 2021  

You now can further enhance the security of your applications by encrypting data in transit between your applications and your Amazon DynamoDB Accelerator (DAX) clusters, and between the nodes within a DAX cluster.  

To use this new feature, enable encryption in transit when creating a DAX cluster and use the latest version of any of the DAX clients. If you enable encryption in transit for a DAX cluster, all requests and responses between your applications and clusters are encrypted by Transport Layer Security (TLS), and connections to the cluster can be authenticated by verification of a cluster X.509 certificate.  

In addition, the data in transit between the nodes within a cluster also is encrypted. You can enable encryption in transit in the DynamoDB console, AWS CLI, AWS SDKs, and AWS CloudFormation.  

Why It Matters

With global adoption of the serverless model increasing, the role of Amazon DynamoDB has exponentially grown. Therefore, security becomes a top priority for every request that hits DynamoDB or Amazon DynamoDB Accelerator (DAX) clusters. 

Infostretch has adopted this serverless applications model and, with the help of this recently announced AWS feature, we can focus on data security. This means that we can provide not only the level of data security required but also the peace of mind that customers require.  

For more insights on DAX, see DAX: How It Works and DAX: Encryption in Transit 

Amazon SageMaker Data Wrangler now supports Snowflake as a data source 

Posted On: Jun 8, 2021 

Amazon SageMaker Data Wrangler reduces the time it takes to aggregate and prepare data for machine learning (ML) from weeks to minutes. With SageMaker Data Wrangler, you can simplify the process of data preparation and feature engineering, and complete each step of the data preparation workflow, including data selection, cleansing, exploration, and visualization from a single visual interface. Starting today, you can now use Snowflake as a data source in Amazon SageMaker Data Wrangler to easily prepare data in Snowflake for machine learning. 

With Snowflake as a data source for Amazon SageMaker Data Wrangler, you can now quickly and easily connect to Snowflake without writing a single line of code. Additionally, you can now join your data in Snowflake with data stored in Amazon S3, and data queried through Amazon Athena and Amazon Redshift to prepare data for machine learning.  

Once connected, you can interactively query data stored in Snowflake, easily transform data with 300+ pre-configured data transformations, understand data, and identify potential errors and extreme values with a set of robust pre-configured visualization templates. You can also quickly identify inconsistencies in your data preparation workflow and diagnose issues before models are deployed into production.  

Finally, you can export your data preparation workflow to Amazon S3 for use with other SageMaker features such as Amazon SageMaker Autopilot, Amazon SageMaker Feature Store, and Amazon SageMaker Pipelines. 

Why It Matters

Data preparation remains a major challenge in the machine learning (ML) domain. Data scientists and engineers across Infostretch customer’s data engineering teams need to write queries and code to get data from source data stores. They then write the queries to analyse and make data suitable so that features are created to be used in model development and training. 

One of the more efficient solutions offered by AWS – Amazon SageMaker Data Wrangler – is one of the tools that Infostretch can help customers and its teams to incorporate. By integrating this solution, it is easier for data scientists and engineers to prepare data in the early phase of developing ML applications by using a visual interface. 

As a result, the process of data preparation and feature engineering using a single visual interface is simplified by Data Wrangler. With over 300 built-in data transformations to help normalize, transform, and combine features without writing any code, it is an effective way of solving defined challenges. In addition, Snowflake can be used as a data source in Data Wrangler to easily prepare data for ML. 

For more insights, check out this AWS documentation and webpage  

AWS Managed Microsoft Active Directory (AD) and AD Connector now support AD authentication with AWS Transfer Family 

Posted On: Jun 11, 2021 

AWS Directory Service for Microsoft Active Directoryalso known as AWS Managed Microsoft AD, and AD Connector now enable you to use AD authentication with AWS Transfer Family, a fully managed service for transferring files over Secure File Transfer Protocol (SFTP), File Transfer Protocol over SSL (FTPS), and File Transfer Protocol (FTP) for Amazon Simple Storage Service (S3) and Amazon Elastic File System (EFS)This makes it easy for you to securely provide permissions for file transfers to users in your AD groups. 

You can set up AD authentication for file transfers with AWS Transfer Family during the file transfer server creation process by selecting your directory and specifying which AD groups can access files stored in S3 or EFS. Once you configure access for the specified AD groups, users belonging to the AD groups can authenticate using their existing AD credentials and securely transfer files over the enabled protocols. 

Why It Matters

Infostretch has numerous customers in the field of Life Sciences and Healthcare, where transferring data from different devices and other sources to AWS for storage and processing the data. As digital engineers, we are always looking for ways to help our clients simplify processes wherever possible.  

Before AWS announced this upgrade, customers had to deal with multiple identities and authentication mechanisms to transfer data from their devices to AWS. Happily, this newly released feature makes their life easier, just by authenticating from their existing AD credentials. 

You can read more about AWS Transfer Family usage guide here. 

AWS App Mesh introduces enhanced ingress traffic management capabilities 

Posted On: Jun 14, 2021 

The AWS App Mesh introduces enhanced ingress traffic management capabilities. Now you can control how App Mesh rewrites external requests, so that they reach the correct destination within your mesh. You also have greater flexibility controlling how the requests are matched to the destinations in the Gateway and Virtual Router Routes. AWS App Mesh is a service mesh that provides application-level networking to standardize how your services communicate, giving you end-to-end visibility and options to tune for high-availability of your applications. 

Now Gateway Routes provide flexible controls that allow you to enable or disable rewrites, add or remove prefix, edit path, and match the requests to destinations based on the hostname and header. This enables you adjust the behaviour of traffic that enters your mesh and simplifies building applications with sophisticated structure of microservices. 

Why It Matters

We all know that the digital engineering world is constantly changing. As a result, new trending technologies should be integrated into applications wherever possible. One such change, for example, is moving from monolithic to a microservices architecture. This is where AWS App Mesh plays an important role. 

App Mesh standardizes the way services communicate, giving consistent visibility and network traffic controls for all the containerized microservices. This standardization is very important for developing a successful enterprise application. 

We at Infostretch would like to emphasize the importance of choosing microservices architecture and implementing AWS App Mesh. When this is done right, customers will obtain service discovery, observability, network encryption, automatic retries, and traffic shaping. 

You can discover more about AWS App Mesh by visiting the product page or associated documentation. 

AWS WAF adds 15 new text transformations 

Posted On: Jun 28, 2021

AWS WAF now supports 15 additional text transformations, allowing you to reformat web requests to remove any unusual formatting, or sanitize input before rule evaluation. It can be used to identify threats that may be obscured by attackers in an effort to bypass detection. You can use these new text transformations with WAF rule statements, such as SQLi detection, string match, and regex pattern set. You can chain up to 10 text transformations together in a single rule statement. Once configured, AWS WAF will apply the transformations first before evaluating the rule statement. 

For example, UTF8_TO_UNICODE text transformation converts all UTF-8 character sequences into Unicode and this can be used to help minimize both false-positives and false-negatives for payload that are not in English language. MD5 text transformation calculates an MD5 hash value and this can be used to check if input parameters are within expected value and have not been tampered using text obfuscation techniques. 

Why It Matters

In the digital world and connected society, we have seen a wide variety of attacks on web applications, including but not limited to bot attacks, DDoS, etc. AWS has (unsurprisingly) come up with solutions for all these malicious actions. 

However, when it comes to web applications and APIs, it becomes imperative to protect them from exploits and bots that may affect availability, compromise security or consume excessive resources. With the help of AWS WAF, customers can gain complete control over how traffic reaches their applications by configuring security rules that control bot traffic and block common attack patterns, such as SQL injection or cross-site scripting.

Recent events have shown that hackers are always looking to exploit vulnerabilities in new and innovative ways. Despite this continued evolution of threat mechanisms, AWS has added 15 new text transformations that will help customers from falling victim to such actions. And Infostretch is here to ensure that our customers’ applications are not only being affected in any manner but also continuing to implement the latest security measures in deliverable projects. 

For the full list of text transformations that are supported, see the AWS WAF developer guide. 

Interested in our Cloud Services?

Contact Infostretch +1 408-727-1100

By submitting this form, you agree that you have read and understand Infostretch’s Terms and Conditions. You can opt-out of communications at any time. We respect your privacy.

By submitting this form, you agree that you have read and understand Infostretch’s Terms and Conditions. You can opt-out of communications at any time. We respect your privacy.