AWS re:Invent 2023: Day 0 Announcements

We’re back with AWS re:Invent for 2023, and already the key themes of generative AI, cost optimisation and security are shining through. In this post, I’ll delve into some of the announcements I’ve found interesting so far.

IAM Access Analyzer Enhancements

Access Analyzer is the tool that can scan your roles and policies for permissions that might be too widely scoped which gives an opportunity to easily scope then down for least privilege. Until now while a great idea, it has not been given that much love since it was originally released a couple of years ago. Some new updates allow more customisation in the policy checks, as well as alerting when permissions that are granted but are not actually used is welcome! Read more.

GuardDuty Runtime Threat Detection

GuardDuty now has runtime threat detection on EC2 and ECS (joining the EKS capability that was added earlier in the year). This is a welcome move as many organisations have to pay extra for other agents to perform this task, or they skip it entirely which is not ideal.

S3 Security with Microsoft Entra and Okta Integration

A great new feature around security S3 is also out – this allows organisations with Microsoft Entra or Okta to secure datasets in Amazon S3 with to end users based on their corporate identities. This is huge and takes away a lot of complexity with presigned URL’s for example. Read more.

Extended History and Granular Data in AWS Cost Explorer

Cost optimisation appears to have a focus too. A new cost optimization hub as well as a new Cost and Usage dashboard that can be easily deployed that is a simplified version of an AWS open source solution that allows nice cost visuals. There is also more granularity in historical costs to be able to see trends more easily.

Cost-Effective Cloudwatch Logs

Cheaper Cloudwatch Logs is always good, with the tradeoff of losing some features. Especially good for debug logs. Read more.

AWS Compute Optimizer for Rightsizing EC2

And an easier way to see EC2 rightsizing options to help teams make sure their EC2s are sized correctly for their workloads. Read more.

Generative AI for CloudWatch Logs and Metrics

On the generative AI front – using natural language to query cloudwatch logs and metrics looks very interesting! We advise to use with caution and validate the query is what you expect but it will probably be a good starter for sure.

AWS Console to Code

And finally this is a welcome feature console to code – finally being able to generate code for console actions looks incredible. It is in preview in us-east-1 only for now. Other hyperscalers have a similar feature so hopefully this one lives up to our expectations!

Enjoyed this blog?

Share it with your network!

Move faster with confidence