We’re back with AWS re:Invent for 2023, and already the key themes of generative AI, cost optimisation and security are shining through. In this post, I’ll delve into some of the announcements I’ve found interesting so far.
IAM Access Analyzer Enhancements
Access Analyzer is the tool that can scan your roles and policies for permissions that might be too widely scoped which gives an opportunity to easily scope then down for least privilege. Until now while a great idea, it has not been given that much love since it was originally released a couple of years ago. Some new updates allow more customisation in the policy checks, as well as alerting when permissions that are granted but are not actually used is welcome! Read more.
GuardDuty Runtime Threat Detection
S3 Security with Microsoft Entra and Okta Integration
A great new feature around security S3 is also out – this allows organisations with Microsoft Entra or Okta to secure datasets in Amazon S3 with to end users based on their corporate identities. This is huge and takes away a lot of complexity with presigned URL’s for example. Read more.
Extended History and Granular Data in AWS Cost Explorer
Cost optimisation appears to have a focus too. A new cost optimization hub as well as a new Cost and Usage dashboard that can be easily deployed that is a simplified version of an AWS open source solution that allows nice cost visuals. There is also more granularity in historical costs to be able to see trends more easily.
Cost-Effective Cloudwatch Logs
Cheaper Cloudwatch Logs is always good, with the tradeoff of losing some features. Especially good for debug logs. Read more.
AWS Compute Optimizer for Rightsizing EC2
And an easier way to see EC2 rightsizing options to help teams make sure their EC2s are sized correctly for their workloads. Read more.
Generative AI for CloudWatch Logs and Metrics
On the generative AI front – using natural language to query cloudwatch logs and metrics looks very interesting! We advise to use with caution and validate the query is what you expect but it will probably be a good starter for sure.
AWS Console to Code
And finally this is a welcome feature console to code – finally being able to generate code for console actions looks incredible. It is in preview in us-east-1 only for now. Other hyperscalers have a similar feature so hopefully this one lives up to our expectations!