AWS re:Invent 2022: Day 0 Announcements

It’s that time of year, where all the AWS service teams decide that the day before re:Invent is the time to drop a huge amount of new features. As if we are not going to have enough this week, we get inundated on the days leading in with features and updates as teams all scramble for the finishing line.

This year is like all others, feature releases started increasing early November, with the deluge opening up right up until the doors of re:Invent open.

In this post we take a look at some of the announcements that I’ve found interesting and want to dig a bit more into.

QuickSight getting some love

Over the past couple of weeks there have been a number of updates to Quicksight from new connectors to data sources like DataBricks through to new visualisations (line chartsgeospatial cluster) and even text boxes and support for small multiples, it looks like there has been some work in that team.

A welcome addition is better console support for administration of all QuickSight objects. Ever had someone orphan their datasets or analysis’ in Quicksight and you know how hard it is to get access to them back. With updates now available in the console, you can easily govern and manage permissions of QuickSight access centrally through the console.

AWS Backup now protects CloudFormation

What tha?! – AWS Backup now supports backup and restore of CloudFormation stacks – when I thought that GitHub was the tool that we did that from. We have all of our code in Version Control right? Maybe the value here is that we now have a central place for templates and parameters to be backed up and easily restored.

This is the kind of announcement I need to see in person, so we’ll have to take this for a real run and see how this works in the real world. Stay tuned over the coming days as we test these things out for real.

And the AWS Backup changes kept coming, with support for Redshift also announcedcentralised reporting for Backup Audit Manager and even egal capabilities for extended data retention.

Blue/Green Deployments in Aurora and RDS

This one is exciting – Databases are always a point of pain in the release cycle. We’ve developed numerous tools to support the progressive release of logic to customers, but the one sticking point is always the data they see. With this announcement we now see AWS helping us tackle the last mile.

Like the backup announcement above, the proof will be in the puddings, so we’ll put this on our re:Invent testing list and report back in a few days.

EFS Elastic Throughput

I can’t say I’ve had to use a lot of EFS, but I do know that overall performance is often one of the challenges people see with it. Great to see AWS add more features here to support turning it up to 11 to provided sensitive workloads the ability to adopt higher level managed services like EFS.

Delegated Administrator for AWS Organisations

This one is close to my heart, I always feel a bit icky when logging into the organisation account to review or make changes. With the announcement of delegated administration support for AWS Organisations, that looks like there is one less reason to use this central account.

Cross-Account observability

This one feels big – we regularly run into the problem of having applications and solutions spread across multiple accounts to protect and isolate at the security level – but this introduces an operational overhead where we either have to egress logs/metrics into an external 3rd party tool, or login to multiple accounts.

With this announcement it looks like our requests have been heard, and now you can easily setup observability across multiple AWS accounts with CloudWatch. This might see the introduction of an Operational Hub account where we can start to get the utopian “single pane of glass” view across the organisation.

Cross Region failover and tailback

With the Melbourne region due for launch any time soon, great to see that Elastic Disaster Recovery. Now supports automated fallback cross region and availability zone. I expect we’ll have a bunch of opportunities to try this out as we start to see more Australian workloads take on a multi-region approach post the launch of Melbourne.

Migration Hub gets a facelift

Application Migration service helps with the co-ordination of large scale AWS migration activities, and its great to see that the product continues to add features from the field, today we see new features for several aspects of migration from wave planning through to migration execution.

Ground Control Tower to Major Tom

This is a feature I have been waiting for – AWS have announced the preview of more comprehensive controls management of AWS organisations through Control Tower.

If you’ve been in any way related to large scale compliance across a complex AWS organisation, you understand the challenges of implementing and managing compliance controls. Be it from Organisations or Config or Conformance Packs or SecurityHub or Control Tower – each team has a slighty different take on how to establish controls, how to report on their findings and how to provide remediation.

With this announcement from Control Tower, I hope we are seeing a gathering of this logic into one place, to provide us an organisational view that is aware of compliance standards, allows for customisation as well as configuration across the complexity of the organisations structure.

I’ll be clambering to get onto the preview and eager to see what the vision from the Control Tower team is.

In the suite of compliance we also have the launch of Config Rules supporting proactive compliance.

Detect sensitive data in your AWS CloudWatch logs

We all know that application logging is a critical aspect of operability, and the ease at which logs can be created and centralised into CloudWatch logs makes it a no-brainer for any service using AWS. But the double edge sword is how can we protect against sensitive data being logged. With this announcement AWS has integrated their ML and pattern matching technology to detect sensitive information such as credit cards or email address in CloudWatch logs.

This is another great tool in the compliance toolbag to ensure we are protecting customers’ sensitive data.

RDS gets a performance kick

RDS has just received two new performance kicks for RDS MySQL, both reads and writes are now available on AWS managed RDS instances running MySQL 8.0.28 or newer. Reads can be up to 50% faster, with writes seeing a similar 2x performance.

If you have a MySQL intensive workload, making sure you are on this new engine is a great way to achieve better performance without the need to increase your instance size.

Glue, Glue everywhere.

And no, I am not talking about my daughter’s school project – AWS have announced a set of new features in Glue. The first of which is support for a new Glue job type called Ray – Ray is an open-source unified compute framework that makes it simple to scale AI and Python workloads.

Up next is the release of Glue 4.0 with support for new engines, direct support for pandas and new data formats (Hudi, Iceberg and Delta Lake) on Glue 3.0 or later. Along with the feature updates, AWS claim increased reliability and performance with this new version of Glue.

And if that wasn’t enough, we also get custom visual transforms for Glue.

Announcing AWS Wickr

Because we don’t have enough ways to stay connected, AWS have thrown their hat in the ring and developed an enterprise communication service to support collaboration and communication with end-to-end encryption.

Is this something we need? Only time will tell.

VPC Reachability Analyser spans multiple accounts

This is a pain point I know all too well – troubleshooting AWS network connectivity can be a massive time sap, with peering connections, associations, route tables, NACL’s and SecurityGroups all to check to identify why traffic is or isn’t flowing. Over the past few years the introduction of VPC Reachability Analyser has been a godsend, taking a lot of the leg work out of checking why things are not working.

One big hole in this tool chain has just been filled – the ability to check across accounts within an organisation. This is something we have built some custom tooling around, and so are very happy to throw that on the scrapheap if the AWS service can do this for us.

Something we’ll try over the coming days and report back on.

Other feature announcements

Remember, to stay up to date throughout re:Invent 2022, sign up to our newsletter to gain exclusive access to highlights from the day, expert opinions, blog posts, video content and more.

Enjoyed this blog?

Share it with your network!

Move faster with confidence