How to Get Started with Amazon Route 53 Resolver DNS Firewall for Amazon VPC

A DNS lookup is typically the starting point for establishing outbound connections within a network. Unwanted direct communication between Amazon Virtual Private Cloud (VPC) resources and internet services could be prevented using AWS services like security groups, network access control lists (ACLs) or AWS Network Firewall. These services filter network traffic, but they do not block outbound DNS requests heading to the Amazon Route 53 Resolver that automatically answers DNS queries for public DNS records, Amazon Virtual Private Cloud (VPC) – specific DNS names, and Amazon Route 53 private hosted zones.
DNS exfiltration could potentially allow a bad actor to extract data through a DNS query to a domain they control. For instance, if a bad actor controlled the domain “example.com” and wanted to exfiltrate “sensitive-data,” they could issue a DNS lookup for “sensitive-data.example.com” from a compromised instance within a VPC. To prevent this, previously customers needed to incur costs


Original URL: http://feedproxy.google.com/~r/AmazonWebServicesBlog/~3/HBfmKNQlNH4/

Original article

AWS Fault Injection Simulator – Use Controlled Experiments to Boost Resilience

AWS gives you the components that you need to build systems that are highly reliable: multiple Regions (each with multiple Availability Zones), Amazon CloudWatch (metrics, monitoring, and alarms), Auto Scaling, Load Balancing, several forms of cross-region replication, and lots more. When you put them together in line with the guidance provided in the Well-Architected Framework, your systems should be able to keep going even if individual components fail.
However, you won’t know that this is indeed the case until you perform the right kinds of tests. The relatively new field of Chaos Engineering (based on pioneering work done by “Master of Disaster” Jesse Robbins in the early days of Amazon.com, and then taken into high gear by the Netflix Chaos Monkey) focuses on adding stress to an application by creating disruptive events, observing how the system responds, and implementing improvements. In addition to pointing out the areas for improvements, Chaos


Original URL: http://feedproxy.google.com/~r/AmazonWebServicesBlog/~3/5dAf2jYNI4o/

Original article

New – Lower Cost Storage Classes for Amazon Elastic File System

Amazon Elastic File System (Amazon EFS) provides a simple, serverless, set-and-forget elastic file system for shared data across Amazon Elastic Compute Cloud (EC2) instances or with container and serverless services such as Amazon Elastic Container Service (ECS), Amazon Elastic Kubernetes Service (EKS), AWS Fargate, and AWS Lambda. Until now, customers could choose Amazon EFS Standard storage classes which redundantly store data across multiple geographically separated Availability Zones (AZs) to offer the highest levels of availability and durability.
Today, I am happy to announce Amazon EFS One Zone storage classes, reducing storage costs by 47% compared to Amazon EFS Standard storage classes. As an example, in the US East (N. Virginia) Region, this allows customers to achieve an effective storage price of $0.043/GB-month, assuming you are using lifecycle management and 80% of your data is infrequently accessed. Amazon EFS is designed for eleven 9’s of durability, and EFS One Zone Storage


Original URL: http://feedproxy.google.com/~r/AmazonWebServicesBlog/~3/8e7McBXdsLA/

Original article

Amazon S3 Update – Strong Read-After-Write Consistency

When we launched S3 back in 2006, I discussed its virtually unlimited capacity (“…easily store any number of blocks…”), the fact that it was designed to provide 99.99% availability, and that it offered durable storage, with data transparently stored in multiple locations. Since that launch, our customers have used S3 in an amazing diverse set of ways: backup and restore, data archiving, enterprise applications, web sites, big data, and (at last count) over 10,000 data lakes.
One of the more interesting (and sometimes a bit confusing) aspects of S3 and other large-scale distributed systems is commonly known as eventual consistency. In a nutshell, after a call to an S3 API function such as PUT that stores or modifies data, there’s a small time window where the data has been accepted and durably stored, but not yet visible to all GET or LIST requests. Here’s how I see it:

This


Original URL: http://feedproxy.google.com/~r/AmazonWebServicesBlog/~3/Z-e951MIPQ4/

Original article

S3 Intelligent-Tiering Adds Archive Access Tiers

We launched S3 Intelligent-Tiering two years ago, which added the capability to take advantage of S3 without needing to have a deep understanding of your data access patterns. Today we are launching two new optimizations for S3 Intelligent-Tiering that will automatically archive objects that are rarely accessed. These new optimizations will reduce the amount of […]


Original URL: http://feedproxy.google.com/~r/AmazonWebServicesBlog/~3/LJGOBd7vE5A/

Original article

Amazon MQ Update – New RabbitMQ Message Broker Service

In 2017, we launched Amazon MQ – a managed message broker service for Apache ActiveMQ, a popular open-source message broker that is fast and feature-rich. It offers queues and topics, durable and non-durable subscriptions, push-based and poll-based messaging, and filtering. With Amazon MQ, we have enhanced lots of new features by customer feedback to improve […]


Original URL: http://feedproxy.google.com/~r/AmazonWebServicesBlog/~3/O9uf8J0W-vo/

Original article

Introducing Amazon SNS FIFO – First-In-First-Out Pub/Sub Messaging

When designing a distributed software architecture, it is important to define how services exchange information. For example, the use of asynchronous communication decouples components and simplifies scaling, reducing the impact of changes and making it easier to release new features.
The two most common forms of asynchronous service-to-service communication are message queues and publish/subscribe messaging:
With message queues, messages are stored on the queue until they are processed and deleted by a consumer. On AWS, Amazon Simple Queue Service (SQS) provides a fully managed message queuing service with no administrative overhead.
With pub/sub messaging, a message published to a topic is delivered to all subscribers to the topic. On AWS, Amazon Simple Notification Service (SNS) is a fully managed pub/sub messaging service that enables message delivery to a large number of subscribers. Each subscriber can also set a filter policy to receive only the messages that it cares about.
You can use topics


Original URL: http://feedproxy.google.com/~r/AmazonWebServicesBlog/~3/DtUO6Dghcd0/

Original article

Public Preview – AWS Distro for OpenTelemetry

It took me a while to figure out what observability was all about. A year or two I asked around and my colleagues told me that I needed to follow Charity Majors and to read her blog (done, and done). Just this week, Charity tweeted:

Kislay’s tweet led to his blog post, Observing is not Debugging, which I found very helpful. As Charity noted, Kislay tells us that Observability is a study of the system in motion.
Today’s large-scale distributed applications and systems are effectively always in motion. Whether serving web requests, processing streams of data or handling events, something is always happening. At world-scale, looking at individual requests or events is not always feasible. Instead, it is necessary to take a statistical approach and to watch how well a system is working, instead of simply waiting for a total failure.
New AWS Distro for OpenTelemetryToday we are launching


Original URL: http://feedproxy.google.com/~r/AmazonWebServicesBlog/~3/2Z6UWSpdn-c/

Original article

New – Redis 6 Compatibility for Amazon ElastiCache

After the last Redis 5.0 compatibility for Amazon ElastiCache, there has been lots of improvements to Amazon ElastiCache for Redis including upstream supports such as 5.0.6.
Earlier this year, we announced Global Datastore for Redis that lets you replicate a cluster in one region to clusters in up to two other regions. Recently we improved your ability to monitor your Redis fleet by enabling 18 additional engine and node-level CloudWatch metrics. Also, we added support for resource-level permission policies, allowing you to assign AWS Identity and Access Management (IAM) principal permissions to specific ElastiCache resource or resources.
Today, I am happy to announce Redis 6 compatibility to Amazon ElastiCache for Redis. This release brings several new and important features to Amazon ElastiCache for Redis:
Managed Role-Based Access Control – Amazon ElastiCache for Redis 6 now provides you with the ability to create and manage users and user groups that can


Original URL: http://feedproxy.google.com/~r/AmazonWebServicesBlog/~3/uU-5ges92Nw/

Original article

Proudly powered by WordPress | Theme: Baskerville 2 by Anders Noren.

Up ↑

%d bloggers like this: