LogiCast AWS News (Video)

In Season 4, Episode 33, Karl and Jon chat with AWS Community Builder William Antonio Guzmán Bernal. They cover the new AWS Cost Management dashboards, a security issue in AWS Trusted Advisor related to public S3 buckets, how to build AI agents using AWS Serverless, and how to set up large-scale log ingestion pipelines with Amazon OpenSearch Service. They also reflect on ten years of Amazon Aurora innovation—and, once again, veer off into a tangent about painful sports injuries.
 
05:34 - AWS Cost Management Dashboards 
AWS has released new customized billing and cost management dashboards that allow users to display multiple views of billing and cost data on a single page. While not groundbreaking, it provides a more user-friendly interface for finance teams to visualize cost data. However, the speakers noted limitations in sharing this data outside of AWS accounts.
 
14:10 - AWS Trusted Advisor Security Flaw 
A security researcher discovered a flaw in AWS Trusted Advisor that allowed public S3 buckets to go unflagged under certain configurations. The speakers discussed that this was likely an intentional edge case used to test the system rather than a common misconfiguration. AWS has since fixed the issue, and the article was seen as somewhat sensationalized.
 
22:54 - Building AI Agents on AWS Serverless 
The article discusses using AWS Serverless to build AI agents. The speakers noted that while serverless is often a good starting point, this particular use case is quite advanced (300-level) for both AI and serverless technologies. They discussed the rapid pace of AI development and the new AWS Agents SDK, which simplifies the process of building AI agents.
 
29:47 - Enterprise-scale Log Ingestion with Amazon OpenSearch 
The article covers building large-scale log ingestion pipelines using Amazon OpenSearch. The speakers cautioned that while powerful, OpenSearch may be overkill and too expensive for smaller organizations. They emphasized the importance of considering budget and actual needs when choosing logging solutions.
 
36:23 - 10 Years of Amazon Aurora 
The podcast discussed various innovations in Amazon Aurora over the past decade, including cross-region read replicas, serverless capabilities, and increased storage capacity. The speakers highlighted features like synchronous read replicas and the simplicity of deployment options as particularly impressive or useful advancements.

In Season 4, Episode 32, Karl and Jon welcome AWS Community Builder and DynamoDB and Serverless technologies expert, Uriel Bitton. Together, they explore a range of fresh developments in the AWS ecosystem: the introduction of Amazon CloudWatch’s organization-wide VPC Flow Logs enablement, Amazon SQS’s expanded maximum message payload size to 1 MiB, and the arrival of OpenAI’s open-weight models on AWS Bedrock. They also delve into monitoring AWS Backup vault lock compliance across organizations and discuss how capacity constraints are limiting the growth of major cloud providers. The conversation then takes a playful turn, as the hosts debate whether SQS “FIFO” queues should be pronounced "FEEFO" or "FYFO", evoking childhood memories of Jack and the Beanstalk...
 
03:15 - Amazon CloudWatch's organization-wide VPC flow logs enablement 
This new feature allows users to enable VPC flow logs across an entire organization, rather than configuring them per VPC. It uses AWS Config for remediation, which can be expensive. The feature aims to simplify management and improve security monitoring across multiple accounts and regions.
09:58 - Amazon SQS increasing maximum message payload size 
AWS increased the maximum message payload size for Amazon SQS from 256 KiB to 1 MiB, a 4x increase. This change eliminates the need to use S3 as an intermediary for larger payloads, simplifying architectures and potentially reducing costs. It's particularly beneficial for AI-related workloads that often involve larger data transfers.
16:06 - OpenAI's open-weight models on AWS Bedrock 
AWS has made OpenAI's open-weight models available on their Bedrock platform, marking a significant collaboration between competitors. This addition expands the range of AI models available to AWS customers and demonstrates Amazon's commitment to providing diverse AI options, even from competitors.
22:16 - Monitoring AWS Backup vault lock compliance 
The article discusses how to monitor AWS Backup vault lock compliance across an organization. Vault lock is a feature that enforces retention policies for backups, crucial for ransomware protection. The monitoring solution described seems to offer an alternative to using compliance frameworks, potentially providing a simpler or more cost-effective approach.
29:03 - Capacity constraints affecting cloud vendor growth 
Major cloud providers, including AWS, Microsoft, and Google, have reported that data center capacity constraints are limiting their growth. This is particularly due to the increased demand from AI workloads, which require significant computing power and energy. The situation contrasts with earlier reports of canceled data center contracts, suggesting a complex landscape of expansion and optimization in the cloud industry.

In Season 4, Episode 31, Karl and Jon are joined by Warren Parad, CTO of Authress. Together, they discuss a range of topics including AWS Managed Microsoft Active Directory and best practices for security, the Amazon Q Developer CLI and serverless solutions, implementing defense-in-depth security for CodeBuild pipelines, and the latest quarterly financial results from AWS, Microsoft, and Google Cloud. They also cover the UK Competition and Markets Authority’s investigation into cloud service providers — all while Karl battles network issues ahead of his upcoming fibre installation.
 
03:47 - AWS managed Microsoft Active Directory 
The article discusses how to automatically disable users in AWS managed Microsoft Active Directory based on GuardDuty findings. The process involves a complex setup described as a "Rube Goldberg machine," including Event Bridge, Step Functions, and Systems Manager. The speakers debate the practicality of this solution and suggest alternatives like using Azure Active Directory instead.
 
08:40 - Amazon Q developer CLI and serverless solutions 
This article from the AWS artificial intelligence blog discusses building modern serverless solutions using Amazon Q developer CLI. The speakers express skepticism about the quality of the recommendations provided by the tool, noting that even the examples in the blog post don't adhere to best practices. They discuss the concept of MCP (Multi-Cloud Platforms) and its relevance in the context of AI and API interactions.
 
13:16 - Defense in depth security for CodeBuild pipelines 
The article focuses on implementing defense in depth security measures for CodeBuild pipelines. The speakers discuss the relevance of such measures, especially in the context of open-source projects and potential security risks from pull requests. They also touch on the recent security incident with AWS tools for Q developer and the need for transparency in such situations.
 
22:52 - Cloud providers' quarterly financial results 
The discussion covers the quarterly financial results of major cloud providers (AWS, Microsoft Azure, and Google Cloud). The speakers analyze the growth rates, revenue numbers, and the challenges in comparing these figures due to differences in how each company reports their cloud-related earnings. They also discuss the impact of AI investments on these results.
 
33:36 - UK Competition and Markets Authority probe 
The podcast covers the ongoing probe by the UK Competition and Markets Authority into major cloud service providers. The investigation has focused on Microsoft and Amazon, finding that both have "significant unilateral market power." The speakers discuss the implications of this finding, the challenges faced by smaller cloud providers, and the potential impact on issues like egress fees.

In Season 4, Episode 30, Karl and Jon are joined by Pieter VanIperen, CISO at AlphaSense. They discussed AWS security best practices and authentication methods, the Security Reference Architecture (SRA) and the SRA Verify tool, as well as the Model Context Protocol (MCP) and its implications for CIOs. They also covered the CLOUD Act and its impact on data access, and a compromised Amazon Q extension that posed a security risk. Finally, the guys discovered that Jon's interest in karate extends to Japanese electoral politics.
 
06:17 -  Beyond IAM Access Keys: Modern Authentication Approaches for AWS
This article discusses the shift from traditional IAM users and access keys to more secure authentication methods. It recommends using Cloud Shell for CLI access, Identity Center for permissions management, and emphasizes the principle of least privilege. The article also covers scenarios where access keys might still be necessary and suggests alternatives like OIDC for better security.
 
15:20 - Introducing SRA Verify: An AWS Security Reference Architecture Assessment Tool 
The article introduces SRA Verify, a tool for assessing compliance with AWS Security Reference Architecture guidelines. It provides automated checks for various security services like CloudTrail, GuardDuty, and Security Hub. The tool aims to simplify the deployment and assessment of security measures in AWS environments.
 
23:09 -  MCP Doesn't Stand for Many Critical Problems, but Maybe It Should for CIOs 
This article discusses the challenges and potential risks associated with Model Context Protocol (MCP) for CIOs. While MCP offers new possibilities for AI integration, it also raises concerns about data security, context poisoning, and the need for proper scoping and permissions management. The discussion highlights that many organizations are still in the early adoption phase of MCP.
 
30:42 -  5 Facts About How the CLOUD Act Actually Works 
AWS published an article addressing misconceptions about the CLOUD Act, a US law from 2018. The article aims to clarify that the Act doesn't give unrestricted access to data and that proper encryption and security measures can protect customer data. It emphasizes that AWS prioritizes customer data privacy and security.
 
40:33 - Compromised Amazon Q Extension Told AI to Delete Everything 
This article discusses a security incident where a malicious actor compromised an Amazon Q extension for VS Code. The compromised extension contained a destructive AI prompt that could potentially delete user files. The incident highlights the importance of code review and the potential risks in the open-source ecosystem.

In Season 4, Episode 29, Karl and Jon are joined by AWS Community Builder and Ambassador Niklas Westerstråhle to discuss the AWS Free Tier overhaul, the new Cloud Operations Engineer certification, the launch of the Amazon Kiro AI, and a security issue with misconfigured AWS Organizations policies. They wrap up with thoughts on the latest Amazon/AWS layoffs—and a fun debate over whether Niklas should keep wearing his gold AWS jacket after his certifications expire, like it's some kind of sacred relic that loses its powers.
 
04:15 - AWS Free Tier Overhaul 
The AWS Free Tier has been significantly updated. New accounts now receive up to $200 in credits valid for 6 months instead of the previous 12-month free tier offerings. Users can earn additional credits by completing certain tasks. The new system aims to be more developer-friendly and reduce surprise bills. Accounts are automatically closed after 6 months unless upgraded to paid plans.
15:03 - New AWS Cloud Operations Engineer Certification 
AWS is updating the SysOps Administrator certification to become the AWS Certified Cloud Ops Engineer. The exam will include new content on containers and other topics. Existing SysOps Administrator certificate holders will need to take the new exam to earn the Cloud Ops Engineer certification. The change has caused some debate about recertification requirements for those holding multiple AWS certifications.
28:58 - Amazon Kiro AI Coding Assistant 
AWS launched Kiro, a new AI-powered coding assistant, currently in preview. It's based on Visual Studio Code and uses Anthropic's AI models. Kiro aims to assist with coding tasks and project setup. AWS is running a competition with $100,000 in prizes for developers to build applications using Kiro.
28:23 - AWS Organizations Misconfigured Managed Policy 
A security issue was discovered in the AmazonGuardDutyFullAccess managed policy, which could potentially allow attackers to gain full AWS organizational control. AWS has fixed the issue by creating a new version of the policy (with "_V2" appended). Users are advised to review and update their environments to use the new policy version.
34:15 - Amazon/AWS Layoffs
Reuters reported that AWS is cutting hundreds of jobs in its latest round of layoffs. The speakers discussed the scale of these layoffs in context of Amazon's overall workforce and debated the potential impact of AI on employment in the tech industry. They also critiqued the article's presentation of the information, noting that it seemed to conflate Amazon and AWS employee numbers.
 

In Season 4, Episode 28, Karl and Jon are joined by AWS Community Builder Mahendran Selvakumar. Together, they dive into topics including Amazon’s development of cooling equipment for NVIDIA GPUs to support AI acceleration, the launch of the new AWS Builder Center for the AWS Builder Community, and Amazon's massive AI supercluster—Project Rainier—built for Anthropic. They also explore the upcoming changes to the AWS Free Tier, which will introduce a new credit-based system. And in true Karl fashion, he deftly steers the conversation away from a tangent on uneven sun tans.
 
05:23 - AWS Transform for VMware 
AWS has shifted its strategy from supporting VMware workloads to encouraging migration off VMware entirely. The new AWS Transform for VMware service helps migrate VMware workloads to native AWS services, potentially reducing licensing costs and manual efforts. It supports various migration tasks like network conversion and instance sizing.
12:08 - Amazon cooling equipment for Nvidia GPUs 
As AI workloads increase power demands, Amazon is developing in-row heat exchangers to cool Nvidia GPUs more efficiently. This liquid cooling solution can be retrofitted into existing data centers and is designed to handle the extreme heat generated by high-density GPU racks used for AI applications.
17:50 - Amazon CloudWatch and Application Signals MCP servers for AI-assisted troubleshooting 
AWS launched two open-source MCP servers for CloudWatch and Application Signals, enabling AI agents to troubleshoot issues via natural language—accessing metrics, logs, traces, and SLOs for faster root cause analysis.
22:23 - New AWS Builder Center 
AWS has launched a new Builder Center to unify various community programs and resources. It provides a centralized platform for learning, building, and connecting within the AWS ecosystem. The center includes features like wishlists for suggesting ideas to AWS and supports multiple languages for broader accessibility.
29:17 - Amazon's AI supercluster for Anthropic (Project Rainier) 
Amazon is building a massive AI supercomputer cluster for Anthropic, using custom-designed AI chips instead of traditional GPUs. This project demonstrates significant investment in AI capabilities and includes a custom network fabric for high-bandwidth communication between nodes.
34:39 - Changes to AWS Free Tier 
AWS is replacing its traditional free tier with a new credit-based system. New accounts will receive $100 in credits valid for 6 months, with restrictions on certain high-usage services. This change aims to simplify the free tier and prevent unexpected charges for new users.

In Season 4, Episode 27, Karl and Jon are joined by AWS Community Member, Tim Dodd. They discuss Amazon DynamoDB Global Tables with multi-region strong consistency, Amazon ECS-optimized Windows Server 2025 AMIs, AWS Backup support for copying S3 backups across regions/accounts in GovCloud, a Chrome extension using AI to summarize web pages, and building a generative AI landing zone on AWS and then the guys realized they’d spent more time talking about the world’s weather than any of the AWS articles.
 
03:19 - Amazon DynamoDB Global Tables with multi-region strong consistency
This feature allows for strongly consistent multi-region DynamoDB tables, similar to Aurora DSQL. It's currently limited to major AWS regions but enables applications to have the same consistent data across multiple geographic locations. This is useful for disaster recovery, high availability, and serving users in different regions with the same synchronized dataset.
08:49 -Amazon ECS optimized Windows Server 2025 AMIs 
AWS has released new Amazon ECS optimized Windows Server 2025 AMIs. While not groundbreaking, this update ensures Windows container users can run workloads on up-to-date host systems. It highlights the ongoing need to support Windows workloads in containerized environments, despite limitations compared to Linux containers.
13:30 - AWS Backup support for copying S3 backups across regions/accounts in GovCloud
This feature allows GovCloud users to copy S3 backups across regions and accounts, bringing capabilities already available in commercial AWS regions to GovCloud. It's particularly relevant for government agencies adopting cloud-first strategies and implementing best practices for data backup and disaster recovery.
20:12 - Chrome extension using AI to summarize web pages 
A developer created a Chrome extension that uses AI to summarize web page content. This tool addresses short attention spans and language barriers by providing quick summaries of long articles or content in unfamiliar languages. It demonstrates a practical application of AI for improving web accessibility and information consumption.
26:59 - Building a generative AI landing zone on AWS 
This article discusses how to build a generative AI landing zone on AWS, adapting traditional landing zone concepts to AI workloads. It covers foundational guardrails, development fast lanes, composable building blocks, observability, and governance specific to AI applications. The approach aims to provide a secure, compliant, and efficient foundation for deploying AI workloads on AWS.
 

In Season 4, Episode 25, Karl and Jon are joined by AWS Community Hero Stephen Sennett. They discuss recent AWS security enhancements and active defense measures, including the introduction of exportable public SSL/TLS certificates from AWS Certificate Manager, the enforcement of 100% MFA for AWS root users, and Amazon Inspector’s new code security feature. The conversation also covers AWS’s $20 billion investment in Australian data center infrastructure. The episode wraps up with a light-hearted segment where the hosts compare their sports tape collections, each trying to outdo the other with increasingly outrageous injury stories.
 
05:45 - AWS improves active defense to empower customers 
This article discusses AWS's internal security tools like Madopt, Mythroat, and Sonaris, which help protect customers at scale. It highlights the decreasing trend in global malicious vulnerability exploit attempts and emphasizes AWS's ability to provide security measures that individual organizations cannot match.
16:40 - AWS Certificate Manager introduces exportable public SSL/TLS certificates
AWS now offers exportable public SSL/TLS certificates at competitive prices ($15 for single domain, $150 for wildcard). This new feature allows for end-to-end encryption within the AWS ecosystem and provides a more cost-effective and manageable solution compared to traditional certificate authorities.
26:14 - AWS enforces 100% MFA for root users
AWS has achieved 100% MFA enforcement for root users, addressing a long-standing security concern. This change alters the login flow for new accounts, requiring MFA setup before access is granted. The guys also discusse the importance of hardware MFA solutions for organizations.
35:48 - Amazon Inspector launches code security feature 
Amazon Inspector now includes a code security feature that scans code for vulnerabilities and security issues. While not as comprehensive as some existing tools, it provides a convenient option for AWS customers who want to keep their security tooling within the AWS ecosystem.
42:32 - AWS invests $20 billion in Australian data center infrastructure 
AWS is investing $20 billion AUD (about $12.8 billion USD) to expand its data center infrastructure in Australia. This investment aims to strengthen Australia's AI capabilities, improve renewable energy usage, and address data sovereignty concerns. The article also mentions AWS's commitment to training 400,000+ people in Australia in cloud skills since 2017.

In Season 4, Episode 24, Karl and Jon are joined by Randall Hunt, CTO of Caylent, for a dynamic and insightful conversation that blends cutting-edge cloud developments with a dash of humor. They dive into some of the latest updates from AWS, including the launch of on-demand key rotation for imported keys via AWS Key Management Service, new application layer 7 DDoS protection for customers using AWS Web Application Firewall and AWS Shield Advanced, and enhanced CloudTrail logging for Amazon S3’s delete objects API, which offers improved auditability and operational visibility. The discussion also explores Amazon’s ambitious investment plans in global data center infrastructure and the introduction of AWS’s new liquid cooling technology designed for next-generation AI data centers. As always, the episode takes an entertaining turn when the conversation veers into a lighthearted tangent about IKEA meatballs and flat-pack furniture.
 
04:04 - AWS Key Management Service (KMS) on-demand key rotation 
This new feature allows users to rotate imported keys, which was previously not possible. It improves key management and security while maintaining backwards compatibility. The pricing model includes additional charges for the first two rotations, with a cap after that.
08:44 - New application layer 7 DOS protection 
AWS introduced enhanced DDoS protection for Web Application Firewall and Shield Advanced customers. This feature uses machine learning to quickly learn normal traffic patterns and protect against complex layer 7 attacks, especially with the challenges posed by HTTP/3 and newer protocols.
14:17 - AWS CloudTrail enhanced logging for S3 delete objects API 
CloudTrail now provides more detailed logging for S3 delete operations, including bulk deletes. This closes a gap in logging capabilities, making it easier to track and audit object deletions without relying on expensive bucket-level logging.
19:22 - Amazon's data center infrastructure investments 
AWS announced significant investments in data center infrastructure globally, including $20 billion in Pennsylvania, $10 billion in North Carolina, and $5 billion in Taiwan. These investments demonstrate AWS's commitment to expanding its cloud infrastructure despite recent reports of AI data center project delays.
26:58 - AWS liquid cooling technology for AI data centers  
AWS introduced a new liquid cooling system for its next-generation AI data centers. This closed-loop system allows for more efficient cooling of high-density racks, particularly for GPU workloads. The technology provides flexibility in deployment and doesn't significantly increase water consumption.
 

In Season 4, Episode 23, Karl and Jon are joined by Cloud Security Consultant, Deep Shankar Yadav for a wide-ranging discussion on recent cloud updates and innovations. They cover the latest enhancements to the AWS Pricing Calculator, including support for discounts and purchase commitments, making it easier for users to estimate and plan costs more accurately. The conversation moves to Amazon EC2's new feature that allows for the deletion of underlying EBS snapshots when deregistering AMIs, helping users streamline storage management. They also explore how Amazon GuardDuty and Amazon Detective can be used together to detect and investigate EC2 malware, providing stronger security insights. The episode highlights how developers can boost productivity with Claude Code and take advantage of prompt caching in Amazon Bedrock. They also reflect on AWS’s launch of a new sovereign cloud in Europe, aimed at addressing data residency and regulatory requirements. To cap it all off, the trio dives into a fun debate over whether karate is fundamentally more offensive or defensive in nature.
 
04:26 - AWS Pricing Calculator 
The AWS Pricing Calculator now supports discounts and purchase commitments, allowing users to get more accurate cost estimates. This update is particularly useful for product businesses and internal teams, but may add complexity for consulting businesses when explaining costs to clients. The tool's effectiveness still depends on accurately knowing usage patterns.
13:25 - Amazon EC2 and EBS snapshots 
Amazon EC2 now allows users to delete underlying EBS snapshots when deregistering AMIs. This feature helps clean up orphaned snapshots and reduces storage costs. Users need to enable this option manually, and it won't delete snapshots associated with multiple AMIs.
20:37 - Detecting EC2 malware 
The article discusses using Amazon GuardDuty and Amazon Detective together to detect and investigate EC2 malware. While this combination provides a good workflow for security investigations, it requires manual setup and lacks some features found in commercial malware protection offerings, such as automatic quarantine.
27:22 - Claude Code and Bedrock prompt caching 
Anthropic's Claude Code is entering the AI coding assistant market, competing with GitHub Copilot and Amazon's Q Developer. The article highlights the benefits of using Claude Code through AWS Bedrock, including data privacy and prompt caching for improved efficiency.
33:24 -AWS sovereign cloud in Europe 
AWS is launching a sovereign cloud in Europe, starting in Germany, to address data sovereignty concerns. This separate entity will be governed independently from Amazon Inc. and AWS. The move is seen as a response to growing demands for data localization and sovereignty, particularly in regions like the Middle East.