AWS Control Tower customers can now programmatically set up and manage their landing zones. Customers can discover, create, update, and reset their landing zones, as well as manage landing zone customizations, using APIs. A landing zone is a well-architected, multi-account AWS environment based on security and compliance best practices. AWS Control Tower automates the setup of a new landing zone using best-practices blueprints for identity, federated access, logging, and account structure. The landing zone APIs include AWS CloudFormation support, allowing customers to manage their landing zone with infrastructure as code (IaC).
AWS Systems Manager Automation makes it easier to author runbooks with new low-code visual design experience
AWS Systems Manager Automation enables you to automate routine operations tasks using runbooks. Starting today, developers can author and edit runbooks using a low-code visual design experience. Simply drag and drop Automation actions and AWS APIs onto a canvas and connect them together as steps to visualize your runbook logic. The visual design experience pre-populates parameters and validates actions in real time so you can build with confidence and efficiency.
Amazon S3 Access Grants integrate with identity providers to simplify data lake permissions
Amazon S3 Access Grants map identities in directories such as Active Directory, or AWS Identity and Access Management (IAM) Principals, to datasets in S3. This helps you manage data permissions at scale by automatically granting S3 access to end-users based on their corporate identity. Additionally, S3 Access Grants log end-user identity and the application used to access S3 data in AWS CloudTrail. This helps to provide a detailed audit history down to the end-user identity for all access to the data in your S3 buckets.
AWS announces CloudWatch Logs Anomaly Detection and Pattern analysis
Today, AWS announces the general availability of a suite of machine-learning powered log analytics capabilities in CloudWatch, including automated log pattern analysis and anomaly detection. Using these new capabilities, you will be able to easily interpret your logs, identify unusual events, and use these insights to steer and accelerate your investigation.
Amazon Web Services announces Unified Billing and Cost Management console
Today, AWS announces a unified Billing and Cost Management console that helps customers make faster, better-informed decisions and manage their AWS cloud finances more efficiently. The unified Billing and Cost Management console combines the previous Billing console and the previous Cost Management console, and features a new home page with insights and recommendations to help customers understand their spend, identify problems, and save money, along with more intuitive navigation and improved getting started resources. With this new console experience, it’s easier to decide where to focus, prioritize what’s most important, and take action.
Announcing the new Amazon EFS Archive storage class
Amazon EFS Archive is a new storage class that is cost-optimized for long-lived file data that is accessed a few times a year or less. With EFS Archive, you now have a cost-effective way to retain even your coldest data so that it’s always available to power new business insights. In addition, as part of this launch, the storage price for the existing Amazon EFS Infrequent Access (IA) storage class is being reduced by 36% to make EFS an even better solution for sharing a wide range of data.
Amazon CloudWatch Logs announces Infrequent Access log class
We are excited to announce Amazon CloudWatch Logs Infrequent Access (Logs IA), a new log class for cost-effectively consolidating all your logs natively on AWS, helping to improve visibility into your overall application health. CloudWatch Logs IA offers a subset of CloudWatch Logs’ capabilities including managed ingestion, cross-account log analytics, and encryption with a lower per GB ingestion price making Logs IA ideal for ad-hoc querying and after-the-fact forensic analysis on infrequently accessed logs.
AWS Compute Optimizer introduces customizable rightsizing recommendations for EC2 Instances
Today we are announcing customizable EC2 rightsizing recommendations within AWS Compute Optimizer. With this launch you can now adjust both CPU headroom and thresholds, configure a new 32-day lookback period option, and set instance family preferences. These settings can be configured at the organization, account, or regional level.
AWS Analytics simplify users’ data access across services with IAM Identity Center
AWS Analytics services, including Amazon QuickSight, Amazon Redshift, AWS Lake Formation, and Amazon S3 via S3 Access Grants, now use trusted identity propagation with AWS IAM Identity Center to manage and audit access to data and resources based on user identity. This new capability passes identity information between connected business intelligence and data analytics applications. Administrators define access to their service based on a common set of users and groups in the customer’s chosen identity provider. Auditors can track users’ access across services. Analytics users benefit from an improved single sign-on experience when accessing data.
Amazon Redshift now supports multi-data warehouse writes through data sharing (preview)
Amazon Redshift now supports multi-data warehouse writes through data sharing in public preview. You can start writing to Redshift databases from multiple Redshift data warehouses in just a few clicks. The written data is available to all warehouses as soon as it is committed. This allows teams to flexibly scale compute by adding warehouses of different types and sizes based on their write workloads’ price-performance needs, isolate compute to more easily meet SLAs, and easily and securely collaborate with other teams.