LogiCast AWS News (Video)

In Season 4, Episode 13 Karl & Jon are joined by Sam Waweru They discuss Amazon Application Recovery Controller's new AWS FIS recovery action, AWS CloudFormation's targeted resource scans, Secrets Management, AWS's detailed geographic information, S3 bucket data leak and then the guys joked about Jon's ever-changing office furniture, wondering if he'd finally settle on a therapist's couch given how often he needs therapy after recording the podcast.
 
03:11 - Amazon Application Recovery Controller announces AWS FIS recovery action for zonal autoshift 
This new feature allows users to simulate the loss of an AWS availability zone, helping to validate multi-AZ architectures and disaster recovery plans. It's particularly useful for industries like finance and healthcare that require rigorous testing of failover scenarios. The feature can help identify overlooked issues in complex environments with multiple microservices.
 
09:43 - AWS CloudFormation now supports targeted resource scans in the IaC generator 
This update to the IAC generator allows users to specify which types of resources they want to include in their CloudFormation templates. This makes the tool more viable for real-world use, as it reduces the amount of unnecessary resources included in the generated templates. The feature is particularly useful for those working within the AWS ecosystem, though it may not sway users away from other tools like Terraform.
 
15:38 - Why Secrets Management Should Be A Central Pillar Of Cloud Security 
The article discusses the importance of proper secrets management in cloud security. It covers common ways secrets are exposed, such as hardcoded credentials and misconfigured cloud storage. The piece also outlines best practices, including centralizing secret storage, implementing least privilege access, and automated secret rotation. The discussion highlighted the ongoing challenges of secrets management and access control in cloud environments.
 
23:50 - Detailed geographic information for all AWS Regions and Availability Zones is now available 
AWS has released more explicit information about the geographic locations of its regions and availability zones. While much of this information could be inferred before, it's now clearly stated, potentially to appease regulators. The information includes specific countries and cities for regions and edge locations, which can help organizations select locations to reduce latency and meet compliance requirements.
 
29:52 - Juicy customer data’ leaked from Nine 
The article reports on a data leak from a misconfigured S3 bucket, exposing customer names, addresses, and contact information. While the leaked data wasn't as "juicy" as the headline suggested, it highlights the ongoing issue of misconfigured cloud storage. The incident emphasizes the importance of proper access controls, regular audits, and careful management of third-party contractors who may have access to sensitive data.

In Season 4, Episode 12 Karl & Jon are joined by AWS DevTools Hero and User Group Lead Johannes Koch. They discuss AWS CodePipeline new feature, AWS KMS CloudWatch metrics, Amazon Q Business browser extension upgrades, AWS SNS potential abuse, AI-powered features in Amazon Connect and then the guys started comparing their gym routines, completely forgetting they were supposed to be talking about AWS news.
 
03:55 - AWS CodePipeline supports invoking pipeline execution with a new action type 
The new feature allows direct execution of other CodePipelines within an existing pipeline. This enables better orchestration of complex deployments, especially in enterprise environments. The speakers discussed the evolution of CodePipeline and its positioning in the AWS ecosystem.
17:23 - AWS KMS CloudWatch metrics help you better track and understand how your KMS keys are being used 
This feature helps track and understand KMS key usage through CloudWatch metrics. The discussion touched on the importance of monitoring KMS usage for cost optimization and security purposes. The speakers noted that this feature should have been available earlier.
25:17 - AWS announces new upgrades to the Amazon Q Business browser extension 
The update allows users to access company knowledge bases and handle images/attachments within the browser extension. The speakers discussed the potential benefits for businesses but also raised concerns about data security and AWS's strategy in targeting end-users.
34:05 - AWS SNS Abused To Exfiltrate Data & Phishing Attack
The article discussed how AWS Simple Notification Service could potentially be used to exfiltrate data in certain scenarios. The speakers agreed that while possible, this requires multiple security failures and emphasized the importance of following security best practices.
41:01 - Introducing the next generation of Amazon Connect: AI-powered interactions that strengthen customer relationships and improve business outcomes 
AWS introduced new AI capabilities in their contact center solution, Amazon Connect. The speakers discussed the potential improvements in customer service, analytics, and efficiency that these features could bring to contact centers.

In Season 4, Episode 11 Karl & Jon are joined by AWS Community Builder, Joe Stech. They discuss Amazon EC2 allowing AMIs now integrating with AWS Config, Amazon DynamoDB on-demand capacity mode, long-term backup options for Amazon RDS and Amazon Aurora, DeepSeek R1 model, misconfigured AWS S3 bucket exposing US nurses' data and then the guys started debating whether to call it "Glacier Potato" or "Deep Freeze Fries" as the next AWS storage tier!
 
04:00 - Amazon EC2 Allowed AMIs now integrates with AWS Config 
This feature allows easier monitoring of the impact of enabling allowed AMIs in EC2. It's particularly useful for regulated and secure environments where only approved, hardened images can be used. The integration with AWS Config simplifies the process of tracking and auditing AMI usage across accounts.
 
07:52 - Demystifying Amazon DynamoDB on-demand capacity mode 
The article addresses 11 myths about DynamoDB's on-demand capacity mode, covering cost, performance, scaling, and implementation misconceptions. The discussion highlights that many of these "myths" are not widely held beliefs among experienced users, but may be helpful for those less familiar with the service or dealing with outdated information.
 
19:00 - Long-term backup options for Amazon RDS and Amazon Aurora 
The article outlines various options for long-term database backups beyond the standard 35-day retention period. These include manual snapshots, using AWS Database Migration Service, exporting snapshots to S3, and database-specific dump tools. The discussion emphasized that while long-term backups are rarely used for recovery, they may be necessary for compliance and auditing purposes.
 
27:26 - DeepSeek-R1 now available as a fully managed serverless model in Amazon Bedrock
The DeepSeek R1 model is now available as a fully managed serverless model in Amazon Bedrock. This means users don't need to run the model themselves, and it's now priced per token like other managed models. The discussion touched on potential concerns about the model's Chinese origins and data security.
 
34:26 - Misconfigured AWS S3 Bucket Exposes Us Nurses' Data 
A misconfigured S3 bucket led to the exposure of sensitive data belonging to 86,000 US nurses. The discussion highlighted that while such incidents have become less common due to AWS's improved security measures, there might be a potential increase in similar incidents due to the rise of AI-assisted coding by less experienced developers.
 
Our guest's  blog: https://joeste.chand: https://learn.arm.com

In Season 4, Episode 10, Karl & Jon are joined once again by AWS Hero, Brian Tarbox. They discuss automating Amazon RDS credential rotation with AWS Secrets Manager, Microsoft Amazon Q Business integrations, an enhanced local IDE experience for AWS Step Functions, a new agentic coding experience within Amazon Q Developer, the ongoing UK Competition and Markets Authority probe, and the guys joke that Amazon Q Business is the new Clippy (or Qlippy!).04:08 - Automating Amazon RDS credential rotation with AWS Secrets Manager The article discusses a complex process for managing credential rotation for RDS instances with read replicas using Secret Manager. The hosts criticize the approach as overly complicated and question why this isn't a built-in feature, given that both read replicas and secret rotation are recommended best practices.
10:31 - Microsoft 365 for Word and Outlook integrations for Amazon Q BusinessThis integration is compared to Microsoft's old Clippy feature. The hosts question its usefulness, especially for those already using Microsoft's Copilot. They discuss the challenges of AI-generated content matching a user's tone and style.
18:15 - Enhanced local IDE experience for AWS Step FunctionsThe article introduces improvements to the Step Functions experience in VS Code. While the functionality is acknowledged as potentially useful, there's criticism about it being limited to VS Code and not available in other IDEs. The discussion touches on the complexity of large Step Functions workflows and the balance between visual and code-based approaches.
24:24 - Agentic coding experience within Amazon Q Developer CLIThis feature introduces AI-assisted coding within the command-line interface. The hosts express skepticism about its necessity and usefulness, with concerns raised about potential security risks of giving AI access to the shell environment.
31:18 - UK Competition and Markets Authority probe into AWS and Microsoft cloud market dominanceThe article discusses the ongoing investigation into cloud market competition in the UK. The hosts note that the major players (AWS and Microsoft) refute the concerns, while smaller providers endorse the findings. They discuss the complexity of fairly assessing the cloud market and the potential outcomes of such investigations.

In Season 4, Episode 9 Karl & Jon are joined by AWS Community Builder, Craig Johnson. They discuss Centralized Root Access Management for Organizations, Anthropic Claude 3.7 Sonnet, ways to grant cross-account access in AWS, Q Developer, AWS being named a leader in Gartner Magic Quadrant for data integration tools and the guys go off on a tangent about chainsaws!
 
04:43 - AWS Introduces Centralized Root Access Management for Organizations 
AWS has introduced centralized route access management for organizations, allowing easier management of root users across multiple accounts. While not entirely new, this feature consolidates existing capabilities and aligns with best practices for securing root accounts. It's particularly useful for large organizations managing numerous AWS accounts.
10:00 - Anthropic's Claude 3.7 Sonnet is now available in Amazon Bedrock 
The latest version of Anthropic's Claude AI model is now available in Amazon Bedrock. It offers improved capabilities, including extended thinking modes. However, its availability is still limited to certain US regions, which may be problematic for users concerned with data sovereignty or those outside the US.
16:48 - Four ways to grant cross-account access in AWS 
The AWS Security blog outlines four methods for granting cross-account access. The article provides insights into the nuances of each method, such as the differences between trusting an entire account versus a specific role. While informative, the article doesn't offer specific recommendations for which method to use in different scenarios.
20:08 - AWS Chatbot is now named Amazon Q Developer 
AWS has rebranded its Chatbot service as Amazon Q Developer, adding it to the growing Amazon Q product line. This change is seen as primarily a marketing move, with some concerns about potential confusion and the actual benefits of integrating generative AI features into what was previously a straightforward chatbot service.
26:24 - Amazon Web Services named a Leader in the 2024 Gartner Magic Quadrant for Data Integration Tools 
AWS has been positioned in the leaders' quadrant of Gartner's Magic Quadrant for data integration tools. While this recognition highlights AWS's growing presence in the data integration space, the discussion also touched on the limitations and potential biases of Gartner's Magic Quadrant methodology.

In Season 4, Episode 8 Karl & Jon are joined by AWS User Group Lead for "Leeds User Group, Edmund Craske. They discuss Amazon SES Virtual Deliverability Manager tiered pricing, AWS CloudFormation 2024 year in review, free automated tool to hunt for exposed AWS secrets in public repos, AWS Fargate on a budget, best practices to respond to security risks across AWS organizations and Jon shows off his AWS swag blanket that keeps him warm while he waits for his CloudFormation stacks to deploy.
 
08:05 - Amazon SES now offers tiered pricing for Virtual Deliverability Manager
Amazon SES now offers tiered pricing for its Virtual Deliverability Manager (VDM) feature. The new pricing structure makes it cheaper for high-volume email senders, with rates decreasing as the number of emails sent increases. While this change benefits large-scale users, the hosts suggest that for small to medium businesses, other email services might be more suitable due to SES's complexity and stringent requirements.
15:14 - AWS CloudFormation: 2024 Year in Review 
AWS CloudFormation saw numerous improvements in 2024, including faster deployments (up to 40% quicker), improved error handling, and streamlined troubleshooting. The discussion compared CloudFormation to Terraform, with the hosts noting that while CloudFormation has made progress, Terraform still has advantages in certain areas. They highlighted CloudFormation's strengths in handling rate limits and its deployment graph visualization.
23:47 - Check out this free automated tool that hunts for exposed AWS secrets in public repos 
A new open-source tool has been released to scan public repositories for exposed AWS secrets. The hosts discussed the tool's educational purpose and compared it to existing solutions like GitHub's built-in secret scanning. They emphasized the importance of avoiding long-lived credentials and implementing proper security measures to prevent accidental exposure of secrets.
29:48 - AWS Fargate on a Budget
Exploreing cost-saving strategies for running AWS Fargate. The hosts praised the article for its practical approach to reducing Fargate costs by up to 70% for short-lived tasks. They discussed the use of Fargate Spot instances and best practices for handling task interruptions and deregistration delays.
34:10 - Best practices to respond to security risks across your AWS Organizations 
This article, which mysteriously disappeared from the AWS blog, covered security best practices for AWS organizations. The hosts speculated on reasons for its removal but noted that the content seemed valuable and not controversial. They discussed the importance of automating security responses, the AWS Solutions Library for security guidance, and the potential benefits of AWS's security incident response services for organizations with high security requirements.

In Season 4, Episode 7 Karl & Jon are joined by AWS Community Builder, Ryan Cormack. They discuss AWS Step Functions, reshaping AWS CloudFormation stacks with stack refactoring, AWS Verified Access support for non-HTTP resources, AWS's full-year profit and revenue growth, AWS documentation updates and future plans and the guys think Mark Zuckerberg's AI predictions are about as accurate as his metaverse hype – both seem to exist in a virtual reality!
 
05:43 - AWS Step Functions expands data source and output options for Distributed Map 
This update allows Step Functions to process different file formats from S3, including JSONL and delimited files (semicolon and tab). It improves the ability to handle large datasets and reduces the need for data manipulation before processing. The distributed map feature can now handle up to 10,000 concurrent executions, making it powerful for big data processing.
10:45 - Reshape your AWS CloudFormation stacks seamlessly with stack refactoring
This new feature allows users to more easily break down large CloudFormation stacks into smaller, more manageable stacks. It addresses the issues of slow updates and potential errors in large stacks. While not entirely seamless, it provides a much-needed solution for those stuck with large CloudFormation stacks and offers a way to improve infrastructure management.
16:19 - AWS Verified Access support for non-HTTP resources is now generally available 
This feature allows users to connect to private resources like databases without needing bastion hosts or jump boxes. It provides a more secure, token-scoped access method integrated with single sign-on providers. While it requires a client on the user's machine and currently lacks Windows support, it's a step towards simplifying secure access to private resources in AWS.
23:25 - AWS sees full-year profit and revenue growth as AI and public cloud demand soars 
AWS reported significant growth in revenue (19% to $28.8 billion) and profits (up to $10.6 billion) compared to the previous year. The growth is attributed to increased demand for AI and public cloud services. While the exact contribution of AI services to this growth is unclear, the company plans to invest heavily in infrastructure to support AI and related technologies.
31:59 - AWS Documentation update — progress, challenges, and what’s next for 2025 
AWS is improving its documentation with new features like decision guides to help users choose the right services. The company is also exploring AI integration to enhance documentation searchability and summarization. While AWS documentation is generally considered good, there's room for improvement in areas like search functionality and providing more comprehensive examples.

In Season 4, Episode 6 Karl & Jon are joined by AWS Community Builder, Dave Hall. They discuss Dynamo DB innovations, cost optimization highlights, migration to AWS MediaConvert, S3 Bucket security risks, AWS Lambda and Serverless computing and it looks like the AWS Community Builders are drinking 'Dirty Lambda' cocktails and playing buzzword bingo while nervously refreshing their renewal applications!
 
05:24 - 2024: A year of innovation and growth for Amazon DynamoDB 
They discuss various improvements to Amazon DynamoDB in 2024, including significant price reductions for on-demand throughput and global tables. Other innovations mentioned include zero ETL integrations with Redshift and SageMaker Lakehouse, and improvements to DynamoDB Accelerator (DAX). The speakers debate the practical value of some features like DAX, with Jon suggesting many teams may not need it.
12:19 - re:Invent 2024 Cost Optimization highlights that you were not expecting
They discuss the unexpected cost optimization opportunities from re:Invent 2023. Key points include new features for Bedrock, intelligent tiering for FSX for Open ZFS, and improvements to SageMaker scaling. The speakers particularly highlighted the blurring lines between EFS and FSX, and the benefits of new auto-scaling capabilities for cloud applications.
20:03 - Migrating workflows from Amazon Elastic Transcoder to AWS Elemental MediaConvert
They discuss the upcoming discontinuation of Amazon Elastic Transcoder and the need to migrate to AWS Elemental Media Convert. Jon explains the differences and advantages of Media Convert, including better codec support and higher resolution capabilities. The speakers emphasize the importance of this migration for users of Elastic Transcoder.
26:02 - Abandoned AWS S3 buckets can be reused in supply-chain attacks that would make SolarWinds look 'insignificant' 
They talk about the potential security risks associated with abandoned AWS S3 buckets, as these buckets can be reused in supply chain attacks. Dave explains that this is not a new issue and advises against exposing S3 buckets publicly, recommending the use of CloudFront as a protective measure.
31:19 - A Decade Of AWS Lambda — Has Serverless Delivered On Its Hype 
They discuss the adoption of serverless in enterprises versus smaller businesses, noting that perception might be skewed due to how costs appear on bills. They also touch on the lack of GPU support in serverless offerings and strategies for optimizing serverless costs.

In Season 4, Episode 5 Karl & Jon are joined by AWS Hero, Peter Sankauskas. They discuss Amazon S3 metadata, AWS Elastic Beanstalk, DeepSeek R1, Amazon Simple Email Service, AWS survey on AWS service usage and trends and Jon finally got to go Apple reaction crazy for our 100th episode!
 
06:14 - Amazon S3 Metadata is now generally available 
This feature, announced at re:Invent, is now generally available. It provides automated metadata for S3 objects, potentially reducing the need for manual metadata management. However, it's currently only available in three US regions and has a complex pricing structure that may be challenging to calculate.
10:52 - AWS Elastic Beanstalk adds default support of EC2 Launch Template when creating new environments 
Elastic Beanstalk, which has seen renewed development recently, now supports EC2 launch templates when creating new environments. This update aligns with the deprecation of launch configurations. The speakers discussed Beanstalk's position as a starter service and its potential limitations for more advanced users.
14:46 - DeepSeek-R1 models now available on AWS 
AWS quickly made DeepSeek's efficient AI models available on Bedrock following recent media attention. This move is seen as reactionary but necessary to compete with other AI providers. The pricing model differs from other Bedrock offerings, being based on infrastructure costs rather than per-token pricing.
20:17 - Amazon SES celebrates 14 years of email sending and deliverability 
The Simple Email Service's 14th anniversary was discussed, with mixed opinions on its usefulness. While it has improved over time, some users find third-party email services more convenient, particularly due to SES's initial restrictions and approval processes.
27:03 - Answers for AWS survey 
Peter Sankowskas discussed his annual survey of AWS service usage and sentiment. The survey provides insights into which services are popular, trending, or declining in the AWS ecosystem. Notable findings include high satisfaction with services like SQS and DynamoDB, and interesting trends in CI/CD tool preferences.
Peter's survey for this year: https://answersforaws.com/survey/
 
Guest was Peter Sankauskas
https://www.linkedin.com/in/petersankauskas
 
 

In Season 4, Episode 4 Karl & Jon are joined by AWS Community Builder, Bojan Zivic. They discuss observability in ECS, Amazon EventBridge, AWS Backup best practices, AWS security best practices to mitigate ransomware attacks, architecting with multiple AWS regions for enhanced resilience and Jon found his missing piece of the puzzle - a Lego Millennium Falcon!
 
05:37 - AWS Adds Container Insights with Enhanced Observability to Elastic Container Service 
AWS has added Container Insights with enhanced observability to ECS, providing a more cost-effective alternative to third-party solutions like DataDog. This feature offers out-of-the-box dashboards and metrics, making it easier for users to monitor their container environments without the need for extensive setup or additional tools.
10:03 - Amazon EventBridge announces direct delivery to cross-account targets 
EventBridge now supports direct delivery to cross-account targets, simplifying event-driven architectures across multiple AWS accounts. This feature reduces latency, eliminates the need for complex routing setups, and allows for more streamlined and efficient event processing in multi-account environments.
14:03 - 4 AWS Backup best practices for reliable data protection 
They discuss four key AWS backup best practices: balancing retention periods and storage costs, optimizing management with tagging, implementing cross-regional replication, and setting RPO and RTO goals. The discussion also highlighted the importance of testing backups and the challenges in accurately predicting backup costs due to AWS's incremental backup pricing model.
22:57 - AWS Releases Best Security Practices To Mitigate Ransomware Attacks
AWS released best practices to mitigate ransomware attacks, particularly focusing on S3 buckets. Recommendations include implementing short-term credentials, using MFA, monitoring for anomalous activity, and restricting SSE-C usage when unnecessary. The discussion emphasized the importance of balancing security measures with cost considerations and practical implementation.
28:53 - Enhance the resilience of critical workloads by architecting with multiple AWS Regions 
They discuss enhancing workload resilience by using multiple AWS regions. While the concept sounds appealing, the discussion revealed that multi-region architectures are complex, expensive, and often unnecessary for most applications. The speakers suggested that multi-AZ setups are usually sufficient for most use cases, and multi-region architectures are more relevant for large-scale, critical applications.
 
Guest was Bojan Zivic
https://www.linkedin.com/in/bojan-zivic-65431033/