AWS News – July 2024
My monthly and subjective review of new features introduced by AWS in July 2024.
I hope a couple of them will make our lives brighter. 🙂
Enjoy!
AWS News July 2024
AWS Lambda introduces new controls to make it easier to search, filter, and aggregate Lambda function logs
Lambda has introduced new advanced logging controls with three main features:
- Native JSON structured logging: Enables easier searching, filtering, and analysis of function logs without requiring custom logging libraries.
- Adjustable log levels: Allows users to control log granularity (e.g., ERROR, DEBUG, INFO) without code changes, improving debugging and troubleshooting efficiency.
- Selectable CloudWatch log groups: Permits users to choose where Lambda sends logs, facilitating log aggregation for multiple functions and simplifying the application of security, governance, and retention policies at the application level.
These improvements enhance log management, analysis, and troubleshooting for AWS Lambda users.
More on this topic can be found on the AWS blog.
Amazon ECR adds EventBridge support with ECR’s replication feature
- Automating the deployment process:
- After image replication is complete, deployment scripts can be automatically triggered in target regions.
- It’s possible to configure, for example, automatic execution of integration tests or smoke tests on newly replicated images.
- Synchronizing multi-regional deployments:
- Ensures all regions have the same application version before starting a global deployment.
- Enables sequential deployment across different regions, waiting for replication confirmation before moving to the next region.
- Optimizing resource utilization:
- Infrastructure scaling tasks can be initiated only after confirming the availability of the new image.
- Enhance blue-green or canary strategies by automatically switching traffic to the new application version when ready in all required regions.
- Integrating with monitoring and alerting systems allows notifications to be sent to Slack, PagerDuty, or other team tools.
- Enables more precise control of CI/CD pipelines, triggering subsequent steps only after confirming successful replication.
Amazon SQS introduces new Amazon CloudWatch metrics for FIFO queues
Simple Queue Service (SQS) has introduced two new CloudWatch metrics for FIFO queues:
- NumberOfDeduplicatedSentMessages – tracks deduplicated messages sent to a queue, helping identify duplicate message sending.
- ApproximateNumberOfGroupsWithInflightMessages – shows the approximate number of message groups with in-flight messages, aiding in throughput optimization.
These new Amazon SQS metrics for FIFO queues can help with daily AWS operations and application optimization. Here are several ideas for using them.
Error response
NumberOfDeduplicatedSentMessages
- A high number may indicate an issue with producer logic sending duplicate messages.
- You can set up a CloudWatch alarm to notify you when the number of deduplicated messages exceeds a certain threshold.
- This helps quickly identify and fix errors in producer code or network issues causing message resends
ApproximateNumberOfGroupsWithInflightMessages
- If this number consistently increases, it may indicate problems with consumer message processing.
- A CloudWatch alarm can notify you when the number of groups with in-flight messages exceeds expected levels.
- This helps respond quickly to potential bottlenecks in message processing
Application Optimization
NumberOfDeduplicatedSentMessages
- Monitoring this metric helps optimize deduplication logic on the producer side.
- You can adjust caching strategies or business logic to reduce duplicates.
- Reducing duplicate messages can lower costs and improve system efficiency.
ApproximateNumberOfGroupsWithInflightMessages
- This metric helps optimize FIFO queue throughput.
- If the number of groups is near the limit (currently 20,000 for FIFO queues), consider increasing message groups or scaling consumers.
- You can automatically scale consumers based on this metric using AWS Auto Scaling.
Amazon EventBridge Schema Registry now supports AWS PrivateLink VPC endpoints
Schema Registry provides several advantages, such as centralized schema management, which helps with event discovery and reuse. It allows for the storage and management of event schemas in one place.
Amazon EventBridge Schema Registry now supports AWS PrivateLink, offering several key benefits:
- Access from within Amazon Virtual Private Cloud (VPC) without using the public internet.
- Ability to use EventBridge Schema Registry features from a private subnet.
- There is no need for internet gateways, firewall rule configurations, or proxy servers.
Amazon ECS now provides enhanced stopped task error messages for easier troubleshooting
ECS has improved its troubleshooting capabilities for task launch failures by enhancing stopped task error messages. The new error messages are more specific and actionable, providing:
- Clearer failure reasons
- Remediation recommendations
- Direct links to relevant troubleshooting documentation in the AWS Management Console
- More detailed root cause information and mitigation steps in the ECS documentation
These improvements aim to help users identify and resolve task launch failures more quickly and easily using the AWS Management Console or the ECS DescribeTasks API.
Amazon ECS now enforces software version consistency for containerized applications
ECS has introduced a new feature to enforce software version consistency for containerized applications. This feature ensures that all tasks within an application are identical.
ECS now resolves container image tags to image digests (SHA256 hash) when updating a service.
This process enforces that all tasks in a service use the same image digest(s), eliminating the risk of unintentional deployment of different versions. To prevent inconsistencies, ECS resolves image tags to the image digest (SHA256 hash) during updates, ensuring all tasks are launched with the same image digest. This guarantees that the correct image version is used, even when the service scales out after deployment.
This feature helps maintain consistency and provides a solution to prevent potential issues caused by using mutable image tags in long-running applications.
More on this topic can be found on the AWS blog.
AWS Secrets Manager announces open source release of Secrets Manager Agent
AWS has introduced an open-source Secrets Manager Agent. This new tool aims to improve efficiency and security in managing secrets across various AWS environments.
This new service:
- Allows applications to retrieve secrets from a local cache instead of directly from Secrets Manager.
- Simplifies and standardizes secret retrieval across different computing environments.
- Eliminates the need for custom code to access secrets.
- Offers customizable configuration options for cache management and security.
It also provides built-in protection against Server Side Request Forgery (SSRF) for secure interactions within computing environments.
You can find the documentation here.
Chatting about your AWS resources is now generally available for Amazon Q Developer
A new feature for Amazon Q Developer that allows users to interact with their AWS account resources using natural language queries. Users can access this feature through the Amazon Q Developer chat panel in the AWS Management Console.
This capability enables users to:
- List resources in their AWS account
- Get specific resource details
- Inquire about related resources
I’ve included an example of the operation below. I asked for a list of all my EC2 instances . Fortunately, as a cloud-native advocate, I don’t have any . 😉
Amazon Q, unsurprisingly, doesn’t always handle what it’s asked for. But it tries to offer suggestions, at least.
Announcing IDE workspace context awareness in Q Developer chat
AWS finally has introduced workspace context awareness in the Amazon Q Developer chat. Key points:
- Users can use @workspace in chat messages to ask questions about their entire project.
- This feature allows developers to inquire about overall codebase functionality and specific implementations.
- Previously, the Q Developer chat was limited to the currently opened file.
- It indexes all code files, configurations, and project structure for comprehensive context.
- The index is stored locally and created upon the first use of @workspace.
AWS Lambda now supports SnapStart for Java functions that use the ARM64 architecture
There are better choices than Java for Lambda functions. Java can be overly complex for serverless environments, and other languages offer better performance and simplicity.
AWS has announced that Lambda SnapStart now supports Java functions using the ARM64 architecture, offering up to 10x faster startup times at no extra cost. It can be activated for new or existing Lambda functions using ARM64 architecture and Java versions 11 or higher. This enhancement allows building responsive and scalable Java applications on AWS Lambda without complex optimizations or resource provisioning.
Concise explanation of SnapStart:
- SnapStart is an AWS Lambda feature that improves function startup times.
- It works by initializing your function and caching a snapshot of the memory and disk state.
- When invoked, Lambda starts new execution environments from the cached snapshot.
- This process significantly reduces cold start times for supported runtimes.
- SnapStart is particularly beneficial for applications requiring low latency and high throughput.
AWS IAM Identity Center adds independent 90-days session duration for Amazon Q Developer
AWS now allows separate session duration settings for Amazon Q Developer, extending it to 90 days without re-authentication. This change addresses developers’ frustrations with frequent re-logins previously required due to shared session settings with other IAM Identity Center applications. The update balances security needs with developer productivity by providing more flexible authentication options.
AWS HealthImaging announces enhanced copy and update capabilities
AWS HealthImaging is now generally available in Europe (Ireland), alongside other regions, including the US East (N. Virginia), the US West (Oregon), and Asia Pacific (Sydney).
While the service may currently be less widely utilized AWS service, its recent expansion to Europe marks a significant development for healthcare professionals and researchers in the region. European healthcare organizations can now store and process medical imaging data within the EU, potentially simplifying compliance with data protection regulations like GDPR.