AWS Official Blog

  • Amazon Glacier Update – Third-Party SEC 17a-4(f) Assessment for Vault Lock

    by Jeff Barr | on | in Amazon Glacier |

    Amazon Glacier is designed to store any amount of archival or backup data with high durability.  Amazon Glacier is a very cost-effective solution (as low as $0.007 per gigabyte per month) for data that is infrequently accessed, and where a retrieval time of several hours is acceptable.

    Earlier this year we introduced a new Amazon Glacier compliance feature called Vault Lock (see my post, Create Write-Once-Read-Many Archive Storage with Amazon Glacier, to learn more).  As I wrote at the time, this feature allows you to lock your Amazon Glacier vaults with compliance controls that are designed (per SEC Rule 17a-4(f)) to help meet the requirement that “electronic records must be preserved exclusively in a non-rewritable and non-erasable format.”

    That announcement brought Amazon Glacier to the attention of AWS customers in the financial services industry.  Large banks, broker-dealers, and securities clearinghouses have all expressed interest in this important new feature.

    New Third-Party Assessment Report
    Today I am pleased to be able to announce that we have received a third-party assessment report that speaks to Amazon Glacier’s ability to help meet the requirements of SEC 17a-4(f).

    This assessment is provided by Cohasset Associates, a highly respected consulting firm with more than 40 years of experience and knowledge related to the legal, technical, and operational issues associated with the records management practices of companies regulated by the US SEC (Securities and Exchange Commission) and the US CFTC (Commodity Futures Trading Commission).

    The full assessment (which is actually fairly interesting) provides a detailed look at the logic that Amazon Glacier uses to create immutable policies, along with a step-by-step examination and exposition of the controls that are used to protect Amazon Glacier vaults for compliance use cases once they have been locked (again, more information on this procedure can be found in the blog post that I referenced above).

    View the Amazon Glacier with Vault Lock Assessment to learn more. For information about other compliance features, visit the AWS Compliance Center.

    Jeff;

  • Amazon RDS Update – Oracle + Brazil + Larger Volumes + More

    by Jeff Barr | on | in Amazon RDS |

    I love to demo Amazon Relational Database Service (RDS) to live audiences! They always appreciate the fact that I can launch a MySQL, Oracle, SQL Server, PostgreSQL, or Amazon Aurora database instance with a couple of clicks.

    Today I would like to bring you up to date on a bunch of improvements that we have recently made to the service. I was not able to blog about these at launch time so this might not be news, but I did want to make sure that you didn’t miss anything important. Here’s a quick summary of what I want to share with you:

    • The t2.large database instance type is now available.
    • Support for Oracle 12.1.0.2 and the latest patches is now available.
    • R3 and T2 database instances can now run Oracle.
    • The R3 database instances are now available in Brazil.
    • Database instances running MySQL, Oracle, SQL Server, and PostgreSQL can now be provisioned with even more storage (4 – 6 TB, depending on the database engine).
    • Tags on database instances are now copied to snapshots, and from there to instances restored from the snapshots.
    • You now have access to a license-included offering for SQL Server Enterprise Edition.

    Availability of t2.large Database Instances
    The T2 instances provide you with a baseline level of CPU performance and the ability to burst above the baseline. They are designed for workloads that do not need the entire CPU on a full or consistent basis, and are priced lower than comparable M3 DB instances.

    In addition to the existing instance types (db.t2.micro, db.t2.small, and db.t2.medium), you can now run all supported database engines on the new db.t2.large instance type. This instance type offers twice as much memory and 50% more CPU credits per hour than the db.t2.medium.  It is available in the US East (Northern Virginia), US West (Northern California), US West (Oregon), South America (Brazil), Europe (Ireland), Europe (Frankfurt), Asia Pacific (Tokyo), Asia Pacific (Sydney), Asia Pacific (Singapore), and China (Beijing) regions.

    The t2.large also supports encryption at rest. You can set this up on the Configure Advanced Settings page:

    Support for Oracle 12.1.0.2
    RDS for Oracle now supports version 12.1.0.2 of Oracle datatabase 12c. You can use the new In-Memory option to store a subset of your data in an in-memory column format that is optimized for performance. This is a great fit for the newly available R3 databases instances described in the next section.

    As part of this update, we also applied the April 2015 Oracle Patch Set Updates (PSU) for Oracle Database 11g and 12c and enabled access to the DBMS_REPAIR package. We also improved the integration with AWS CloudHSM; you can now access a single CloudHSM partition from multiple RDS accounts and you can store TDE master keys for multiple RDS Oracle databases on a single CloudHSM partition.

    You now have access to the following versions of Oracle through RDS:

    • 11.2.0.4.v4
    • 12.1.0.2.v1
    • 12.1.0.1.v2

    Oracle on R3 and T2 Database Instances
    The R3 instances are optimized for memory-intensive applications and have the lower cost per GiB of RAM of any DB instance. The instances deliver high sustained memory bandwidth and offer lower network latency, all at prices that are up to 28% lower than comparable M2 DB instances.

    You can now run Oracle Database on the R3 and T2 instances:

    R3 in Brazil
    The R3 database instances are now available in the South America (Brazil) Region, and can be used with the MySQL, Oracle, SQL Server, and PostgreSQL database engines.

    Provision Even More Storage
    Earlier this year we increased the amount of storage that you can provision when you use Provisioned IOPS or General Purpose (SSD) storage for an RDS database instance. Here are the new limits:

    • MySQL, PostgreSQL, and Oracle database instances can now be provisioned with up to 6 TB of storage.
    • SQL Server database instances can now be provisioned with up to 4 TB of storage and up to 20,000 IOPS (double the former limit).

    Instance Tags to Snapshots, and Back
    If you add tags to your database instances, create snapshots of those instances, and then use the snapshots to create fresh instances, the tags now appear on the new instances.

    SQL Server Enterprise, License Included
    You can now run SQL Server Enterprise Edition as a License Included offering on RDS. In other words, you do not need to purchase a separate license for the product; the pricing includes the software license, the underlying hardware resources, and the RDS management capabilities.

    Available Now
    These options are available now (some of them have been around for a month or two) and you can start using them today!

    Jeff;

     

  • In-Country Storage of Personal Data

    by Jeff Barr | on | in Security |

    My colleague Denis Batalov works out of the AWS Office in Luxembourg.  As a Solutions Architect, he is often asked about the in-country storage requirement that some countries impose on certain types of data. Although this requirement applies to a relatively small number of workloads, I am still happy that he took the time to write the guest post below to share some of his knowledge.

    — Jeff;


    AWS customers sometimes offer their services in countries where local requirements necessitate storage and processing of certain sensitive data to take place within the applicable country, that is, in a datacenter physically located in the respective country. Examples of such sensitive data include financial transactions and personal data (also referred to in some countries as Personally Identifiable Information, or PII).  Depending on the specific storage and processing requirements, one answer might be to utilize hybrid architectures where the component of the system that is responsible for collecting, storing and processing the sensitive data is placed in-country, while the remaining system resides in AWS. More information about hybrid architectures in general can be found on the Hybrid Architectures with AWS page.

    The reference architecture diagram included below shows an example of a hypothetical web application hosted on AWS that collects personal data as part of its operation.  Since the collection of personal data may be required to occur in-country, the widget or form that is used to collect or display personal data (shown in red) is generated by a web server located in-country, while the rest of the web site (shown in green) is generated by the usual web server located in AWS. This way the authoritative copy of the personal data resides in-country and all updates to the data are also recorded in-country. Note that the data that is not required to be stored in-country can continue to be stored in the main database (or databases) residing in AWS.

    This architecture still provides customers with the most important benefits of the cloud: it is flexible, scalable, and cost-effective.

    There may be situations where a copy of personal data needs to be transferred across a national border, e.g. in order to fulfill contractual obligations, such as transferring the name, billing address and payment method when a cross-border purchase is transacted. Where permitted by local legislation, a replica of the data (either complete or partial) can be transferred across the border via a secure channel.  Data can be securely transferred over public internet with the use of TLS, or using a VPN connection established between the Virtual Private Gateway of the VPC and the Customer Gateway residing in-country.  Additionally, customers may establish private connectivity between AWS and an in-country datacenter by using AWS Direct Connect, which in many cases can reduce network costs, increase bandwidth throughput, and provide a more consistent network experience compared to Internet-based connections.

    Alternatively, it may be possible to achieve certain processing outcomes in the AWS cloud while employing data anonymization. This is a type of information sanitization whose intent is privacy protection, commonly associated with highly sensitive personal information. It is the process of either encrypting, tokenizing, or removing personally identifiable information from data sets, so that the people whom the data describe remain anonymous in a particular context. Upon return of the processed dataset from the AWS cloud it could be integrated in to in-country databases to give it personal context again.

    — Denis

    PS – Customers should, of course, seek advice from professionals who are familiar with details of the country-specific legislation to ensure compliance with any applicable local laws, as this example architecture is shown here for illustrative purposes only!

  • Now Available – Amazon Linux AMI 2015.09

    by Jeff Barr | on | in Amazon EC2, Amazon Linux AMI | | Comments

    My colleague Max Spevack runs the team that produces the Amazon Linux AMI. He wrote the guest post below to announce the newest release!

    Jeff;


    The Amazon Linux AMI is a supported and maintained Linux image for use on Amazon EC2.

    We offer new major versions of the Amazon Linux AMI after a public testing phase that includes one or more Release Candidates. The Release Candidates are announced in the EC2 forum and we welcome feedback on them.

    Launching 2015.09 Today
    Today we announce the 2015.09 Amazon Linux AMI, which is supported in all regions and on all current-generation EC2 instance types.  The Amazon Linux AMI supports both PV and HVM mode, as well as both EBS-backed and Instance Store-backed AMIs.

    You can launch this new version of the AMI in the usual ways. You can also upgrade an existing EC2 instance by running the following commands:

    $ sudo yum clean all
    $ sudo yum update

    And then rebooting the instance.

    New Kernel
    A major new feature in this release is the 4.1.7 kernel, which is the most recent long-term stable release kernel. Of particular interest to many customers is the support for OverlayFS in the 4.x kernel series.

    New Features
    The roadmap for the Amazon Linux AMI is driven in large part by customer requests. During this release cycle, we have added a number of features as a result of these requests; here’s a sampling:

    • Based on numerous customer requests and in order to support joining Amazon Linux AMI instances to an AWS Directory Service directory, we have added Samba 4.1 to the Amazon Linux AMI repositories, available via sudo yum install samba.
    • Numerous customers have asked for PostgreSQL 9.4 and it is now available in our Amazon Linux AMI repositories as a separate package from PostgreSQL 9.2 and 9.3. PostgreSQL 9.4 is available via sudo yum install postgresql94 and the 2015.09 Amazon Linux AMI repositories include PostgreSQL 9.4.4.
    • A frequent customer request has been MySQL 5.6, and we are pleased to offer it in the 2015.09 repositories as a separate package from MySQL 5.1 and 5.5. MySQL 5.6 is available via sudo yum install mysql56 and the 2015.09 Amazon Linux AMI repositories include MySQL 5.6.26.
    • We introduced support for Docker and Go in our 2014.03 AMI, and we continue to follow upstream developments in each. The lead-up to the 2015.09 release included an update to Go 1.4 and to Docker 1.7.1.
    • We already provide Python 2.6, 2.7 (default), and 3.4 in the Amazon Linux AMI, but several customers have also asked for the PyPy implementation of Python. We’re pleased to include PyPy 2.4 in our preview repository. PyPy 2.4 is compatible with Python 2.7.8 and is installable via sudo yum --enablerepo=amzn-preview install pypy.
    • In our 2015.03 release we added an initial preview of the Rust programming language. Upstream development has continued on this language, and we have updated from Rust 1.0 to Rust 1.2 for the 2015.09 release. You can install the Rust compiler by running sudo yum --enablerepo=amzn-preview install rust.

    The release notes contain a longer discussion of the new features and updated packages, including an updated version of Emacs prepared specially for Jeff in order to ensure timely publication of this blog post!

    — Max Spevack, Development Manager, Amazon Linux AMI.

    PS – If you enjoy the Amazon Linux AMI offering and would like to work on future versions, let us know!

  • AWS Week in Review – September 14, 2015

    by Jeff Barr | on | in Week in Review | | Comments

    Let’s take a quick look at what happened in AWS-land last week:

    Monday

    September 14

    Tuesday

    September 15

    Wednesday

    September  16

    Thursday

    September 17

    Friday

    September 18

    New & Notable Open Source

    New Customer Success Stories

    • The Democratic National Committee (DNC) – Gather, store, and deliver voter data to other political organizations.
    • Domain Group – Provide real estate information to Australians via online and print platforms.
    • Infraware -Deliver software to mobile users; run customer analytics platform.
    • Ividata – Big data for retailers.
    • Nexon – Build and distribute games to an international audience.
    • SM Entertainment – Host websites, deliver mobile apps, run internal ERP and Groupware systems.

    New SlideShare Content

    New YouTube Videos

    Upcoming Events

    Upcoming Events at the AWS Loft (San Francisco)

    Upcoming Events at the AWS Loft (New York)

    Help Wanted

    Stay tuned for next week! In the meantime, follow me on Twitter and subscribe to the RSS feed.

    Jeff;

  • New AWS Public Data Set – 3000 Rice Genome

    by Jeff Barr | on |

    My colleague Angel Pizarro wrote the guest post below to tell you about an amazing new AWS Public Data Set!

    — Jeff;


    You can now access the genome sequence data of 3,024 rice varieties that have been aligned and analyzed against five different reference genomes as an AWS Public Data Set.  The data contains over 30 million genetic variations that span across all known and predicted rice genes, as well as potential regulatory regions surrounding these genes. Through analysis of this data, researchers can potentially identify genes associated with important agronomic traits such as crop yield, climate stress tolerance, and disease resistance. Together, they represent an unprecedented resource for advancing rice science and breeding technology.

    Rice is a staple food source for half the world’s population, and accounts for over 20% of all calories per capita. In order to keep up with global population increases, we must find some way to increase rice crop yields by 25% by 2030. The current rate of increasing rice yield by traditional breeding is insufficient, especially when taking into account observed trends in climate change and pollution. In order to meet the world’s projected demand for a stable food supply, modern methods of breeding that take into account the underlying genetic information must be adopted by the community at large.

    The 3,000 Rice Genome sequencing project is an international effort to sequence the genomes of 3,024 rice varieties from 89 countries. The collaborating centers involved are the Chinese Academy of Agricultural Sciences, BGI Shenzhen, and the International Rice Research Institute (IRRI). The consortium partnered with DNAnexus to analyze the sequence data of the 3,024 different rice varieties against five published draft genome builds of the rice genome. Partnering with DNAnexus allowed them to take advantage of the scalable computing capability at AWS to process all of the source genomic data across 37,000 compute cores working together in just two days — more than 200 times faster than would have been possible on local computing infrastructure. In addition, the data are accessible via DNAnexus for further analysis. For more details on accessing the data within DNAnexus, refer to the project documentation.

    More in-depth analyses of this dataset could lead to inferences about higher yield and stress tolerance to pests, diseases, and climate change. You can learn more about the data and how to access it on the 3000 Rice Genome Public Data Set page.

    Working with the Genomic Data Set on AWS
    Because the data are hosted on S3 and accessible over common HTTP protocols, researchers have already done some amazing integrations within pre-existing tools. I’ve included some initial examples here and we’ll work with IRRI to share more examples as they emerge.

    Visualizing the data using SNP-Seek
    The International Rice Informatics Consortium (IRIC) has made the data available for querying and visualization through their SNP-Seek portal.  User are now able to query across all of the strains and narrow down regions of interest that show diversity across multiple genome references, integrated with the rice research community’s genomic annotation data:

    Open Source Tools
    In addition to the rich set of AWS partner offerings for life sciences, the full genomics open source ecosystem is available for use with the data. From command line applications such as samtools to rich user interfaces such as Galaxy or iobio, researchers can get started right away to analyze the data.

    What’s Next?
    The challenge for the research community is now to comprehensively and systematically mine this dataset to link genotypic variation to functional variation with the ultimate goal of creating new and sustainable rice varieties. Combining these efforts with other studies such as careful trait phenotyping in controlled and wild environments, as well as environmental studies based on satellite imagery like the Landsat data you can already access on AWS, can help is to keep up with the demands of the future world’s population growth.

    Visit the 3000 Rice Genome Public Data Set page to access the data and sign up for project updates.

    Angel Pizarro, Technical Business Development Manager, AWS Scientific Computing

  • Announcing the AWS Pop-up Loft in Berlin

    by Jeff Barr | on | in AWS Loft | | Comments

    The AWS Pop-up Lofts in San Francisco and New York have become hubs and working spaces for developers, entrepreneurs, students, and others who are interested in working with and learning more about AWS. They come to learn, code, meet, collaborate, ask questions, and to hang out with other like-minded folks. I expect the newly opened London Loft to serve as the same type of resource for the UK.

    I’m happy to be able to announce that we will be popping up a fourth loft, this one in Berlin. Once again, we have created a unique space and assembled a full calendar of events, with the continued help from our friends at Intel. We look forward to using the Loft to meet and to connect with our customers, and expect that it will be a place that they visit on a regular basis.

    Startups and established businesses have been making great use of our new Europe (Frankfurt) region; in fact, it is currently growing even faster than all of our other international regions! While this growth has been driven by many factors, we do know that startups in Berlin have been early adopters of the AWS cloud, with some going all the way back to 2006. Since then some of the most well-known startups in Germany, and across Europe, have adopted AWS including SoundCloud, Foodpanda, and Zalando.

    With a high concentration of talented, ambitious entrepreneurs, Berlin is a great location for the newest Pop-up Loft. Startups and other AWS customers in the area have asked for access to more local technical resources and expertise in order to help them to continue to grow and to succeed with AWS.

    Near Berlin Stadtmitte Station
    This loft is located on the 5 floor of Krausenstrasse 38 in Berlin, close to Stadtmitte Station and convenient to Spittelmarkt. The opening party will take place on October 14th and the Loft will open for business on the morning of October 15th. After that it will be open from 10 AM to 6 PM Monday through Friday, with special events in the evening.

    During the day, you will have access to the Ask an Architect Bar, daily education sessions, Wi-Fi, a co-working space, and snacks, all at no charge. There will also be resources to help you to create, run, and grow your startup including educational sessions from local AWS partners, accelerators, and incubators including Axel Springer’s Plug & Play and Deutsche Telecom’s Hub:Raum.

    Ask an Architect
    Step up to the Ask an Architect Bar with your code, architecture diagrams, and your AWS questions at the ready! Simply walk in. You will have access to deep technical expertise and will be able to get guidance on AWS architecture, usage of specific AWS services and features, cost optimization, and more.

    Echo Hackathon
    My colleague David Isbitski will be running an Alexa Hackathon at the Loft. After providing an introduction to the Amazon Echo, David will show you how to build your first Alexa Skill using either AWS Lambda or AWS Elastic Beanstalk (your choice). He will show you how to monitor it using Amazon CloudWatch and will walk you through the process of certifying the Skill as a prerequisite to making it available to customers later this year. The event will conclude with an open hackathon.

    AWS Education Sessions
    During the day, AWS Solution Architects, Product Managers, and Evangelists will be leading 60-minute educational sessions designed to help you to learn more about specific AWS services and use cases. You can attend these sessions to learn about Mobile & Gaming, Databases, Big Data, Compute & Networking, Architecture, Operations, Security, Machine Learning, and more, all at no charge. Hot startups such as EyeEm, Zalando, and Stormforger will talk about how they use AWS.

    Startup Education Sessions
    AWS startup community representatives, Berlin-based incubators & accelerators, startup scene influencers & hot startup customers of AWS will share best-practices, entrepreneurial know-how and lessons learned. Pop in to learn the art of pitching, customer validation & profiling, PR for startups & corporations. Get to know Axel Springer’s accelerator Plug & Play and the Hub:Raum incubator of the Deutsche Telekom.

    The Intel Perspective
    AWS and Intel share a passion for innovation and a history of helping startups to succeed. Intel will bring their newest technologies to Berlin, with talks and training that focus on the Internet of Things and the latest Intel Xeon processors.

    On the Calendar
    Here are some of the events that we have scheduled for October and November.

    Tech Sessions:

    • October 15 – Processing streams of data with Amazon Kinesis and Other Tools (10 AM – 11 AM).
    • October 15 – STUPS – A Cloud Infrastructure for Autonomous Teams (Zalando) (5 PM – 6 PM).
    • October 19 – Building a global real-time discovery platform on AWS (Rocket Internet) (6 PM – 7 PM).
    • October 23 – Amazon Echo hackathon (10 AM – 4 PM).
    • October 27 – DevOps at Amazon: A Look at Our Tools and Processes (9 – 10 AM).
    • October 27 – Automating Software Deployments with AWS CodeDeploy (10 AM – 11 AM).
    • October 30 – Redshift Deep Dive (5 PM – 6 PM).
    • November 3 – Cost Optimization Workshop (5 PM – 6 PM).
    • November 3 – Amazon Aurora (6 PM – 7 PM).
    • November 6 – Introduction to Amazon Machine Learning (9 AM – 10 AM).
    • November 10 – Security Master Class (6 PM – 7 PM).

    Business Sessions:

    • October 23 – Lessons Learned from 7 Accelerator Programs (6 PM – 7 PM).
    • October 26 – Funding cycles and Term Sheets (5 PM – 6 PM).
    • November 9 – Things to consider when PR-ing your startup (6 PM – 7 PM).

    Get-Togethers & Networking:

    • October 22 – Berlin’s Godfather of Tech (6 PM – 7 PM).
    • November 11 – Watch out: The Bavarians are in town! (6 8 PM).

    If you would like to learn more about a topic that’s not on this list, please let us know (you can stop by the Loft in person or you can leave a comment on this post).

    Come in and Say Hello
    Please feel free to stop in and say hello to my colleagues at the Berlin Loft if you happen to find yourself in Berlin!

    Jeff;

  • AWS Storage Update – New Lower Cost S3 Storage Option & Glacier Price Reduction

    by Jeff Barr | on | in Amazon Glacier, Amazon S3, Price Reduction | | Comments

    Like all AWS services, the Amazon S3 team is always listening to customers in order to better understand their needs. After studying a lot of feedback and doing some analysis on access patterns over time, the team saw an opportunity to provide a new storage option that would be well-suited to data that is accessed infrequently.

    The team found that many AWS customers store backups or log files that are almost never read. Others upload shared documents or raw data for immediate analysis. These files generally see frequent activity right after upload, with a significant drop-off as they age. In most cases, this data is still very important, so durability is a requirement. Although this storage model is characterized by infrequent access, customers still need quick access to their files, so retrieval performance remains as critical as ever.

    New Infrequent Access Storage Option
    In order to meet the needs of this group of customers, we are adding a new storage class for data that is accessed infrequently. The new S3 Standard – Infrequent Access (Standard – IA) storage class offers the same high durability, low latency, and high throughput of S3 Standard. You now have the choice of three S3 storage classes (Standard, Standard – IA, and Glacier) that are designed to offer 99.999999999% (eleven nines) of durability.‎  Standard – IA has an availability SLA of 99%.

    This new storage class inherits all of the existing S3 features that you know (and hopefully love) including security and access management, data lifecycle policies, cross-region replication, and event notifications.

    Prices for Standard – IA start at $0.0125 / gigabyte / month (one and one-quarter US pennies), with a 30 day minimum storage duration for billing, and a $0.01 / gigabyte charge for retrieval (in addition to the usual data transfer and request charges). Further, for billing purposes, objects that are smaller than 128 kilobytes are charged for 128 kilobytes of storage. We believe that this pricing model will make this new storage class very economical for long-term storage, backups, and disaster recovery, while still allowing you to quickly retrieve older data if necessary.

    You can define data lifecycle policies that move data between Amazon S3 storage classes over time. For example, you could store freshly uploaded data using the Standard storage class, move it to Standard – IA 30 days after it has been uploaded, and then to Amazon Glacier after another 60 days have gone by.

    The new Standard – IA storage class is simply one of several attributes associated with each S3 object. Because the objects stay in the same S3 bucket and are accessed from the same URLs when they transition to Standard – IA, you can start using Standard – IA immediately through lifecycle policies without changing your application code. This means that you can add a policy and reduce your S3 costs immediately, without having to make any changes to your application or affecting its performance.

    You can choose this new storage class (which is available today in all AWS regions) when you upload new objects via the AWS Management Console:

    You can set up lifecycle rules for each of your S3 buckets. Here’s how you would establish the policies that I described above:

    These functions are also available through the AWS Command Line Interface (CLI), the AWS Tools for Windows PowerShell, the AWS SDKs, and the S3 API.

    Here’s what some of our early users have to say about S3 Standard – Infrequent Access:

    “For more than 13 years, SmugMug has provided unlimited storage for our customer’s priceless photos. With many petabytes of them stored on Amazon S3, it’s vital that customers have immediate, instant access to any of them at a moment’s notice – even if they haven’t been viewed in years. Amazon S3 Standard – IA offers the same high durability and performance as Amazon S3 Standard so we can continue to deliver the same amazing experience for our customers even as their cameras continue to shoot bigger, higher-quality photos and videos.”

    Don MacAskill, CEO & Chief Geek

    SmugMug

    “We store a ton of video, and in many cases an object in Amazon S3 is the only copy of a user’s video. This means durability is absolutely critical, and so we are thrilled that Amazon S3 Standard – IA lets us significantly reduce storage costs on our older video objects without sacrificing durability. We also really appreciate how easy it is to start using Amazon S3 Standard – IA. With a few clicks we set up lifecycle policies that will transition older objects to Amazon S3 Standard – IA at regular intervals –we don’t have to worry about migrating them to new buckets, or impacting the user experience in any way.”

    Brian Kaiser, CTO

    Hudl

    See the S3 Pricing page for complete pricing information on this new storage class.

    Reduced Price for Glacier Storage
    Effective September 1, 2015, we are reducing the price for data stored in Amazon Glacier from $0.01 / gigabyte / month to $0.007 / gigabyte / month. As usual, this price reduction will take effect automatically and you need not do anything in order to benefit from it. This price is for the US East (Northern Virginia), US West (Oregon), and Europe (Ireland) regions; take a look at the Glacier Pricing page for full information on pricing in other regions.

    Jeff;

  • Docker Trusted Registry – Now in the AWS Marketplace

    by Jeff Barr | on | in AWS Marketplace, EC2 Container Service | | Comments

    During my trip to the AWS Loft earlier this month, I spoke to 8 startups for the AWS Podcast.  Almost all of them told me that they are making use of Docker on AWS, either directly or via Amazon EC2 Container Service. They love the flexibility that it gives them, and appreciate the ease with which they can move from development (often on a laptop) to test, and then on to production while remaining highly confident that their code and their configurations will work as expected in each environment.

    In order to enable a very wide variety of use cases, we are making the Docker Trusted Registry (DTR) available in the AWS Marketplace. You can launch it on an EC2 instance in order to create a private registry.

    This new offering supports the popular laptop-to-cloud workflow by giving you a central, highly accessible location to store and manage your Docker images for deployment in your chosen on-premises or cloud environment. You can create custom access control levels and use them to regulate access to the images in your registry. You can require the use of SSL certificates or LDAP entries, and you can take advantage of all of the network access controls that are part of the Virtual Private Cloud (VPC).

    To learn more about the configuration options that are available to you, read the post New AWS Support for Commercially-Supported Docker Applications: Docker Trusted Registry and Docker Engine on the AWS Partner Network Blog.

    Jeff;

  • Alert Logic Cloud Insight – Product Tour

    by Jeff Barr | on | in Guest Post, Security | | Comments

    I love to see all of the cool products and services that the Members of the AWS Partner Network (APN) build and bring to market. In the guest post below, my colleague Shawn Anderson takes you on a tour of Alert Logic’s new Cloud Insight product.

    Jeff;


    In August, Alert Logic introduced Alert Logic Cloud Insight, which identifies vulnerabilities in operating systems and applications running on EC2 instances and configuration issues with AWS accounts and services. This product discovers and evaluates an AWS environment using data provided by EC2, Virtual Private Cloud, Auto-Scaling, Elastic Load Balancing, IAM, and RDS APIs. Currently, Alert Logic is offering a 30-day free trial of Cloud Insight.

    To begin using Cloud Insight you first login to the Cloud Insight web portal and give Cloud Insight access to your AWS environment via an IAM role. There are step-by-step instructions provided in the product describing how you set up this access:

    Cloud Insight will automatically discover all of the hosts and services associated with your AWS environment. Cloud Insight then automatically creates a dedicated security subnet in your VPC and launches a virtual Alert Logic appliance in the subnet. Within a few minutes you will see the results of the discovery process in the topology view:

    The topology view shows the relationship between your  AWS assets, The relationships (lines between assets) are updated dynamically as your AWS environment changes. To complete your setup, you select the assets you want to be part of Cloud Insight’s continuous assessments. You can choose to protect an entire region, VPC, or subnet. You can make adjustments to this scope at any time.

    Once you finish this step, Cloud Insight is up and running. It will continuously scan your assets and audit your environment configuration, and identify vulnerabilities and configuration issues it encounters. In the topology view you can see where the issues were discovered, color-coded for severity:

    By accessing the Remediation page, you can see a list of prioritized remediation actions that will address the identified vulnerabilities and configuration issues. The prioritization of actions is based on contextual analysis using a proprietary methodology:

    By taking these steps you can see that, for example, an upgrade to one Apache HTTP_server image addresses several vulnerabilities discovered in the environment:

    When a remediation action is completed, mark it complete and Cloud Insight will rescan the impacted hosts to verify that the vulnerability has been eliminated.

    Cloud Insight is well suited for a security analyst who wants to identify critical exposures in their environment.  Additionally Cloud Insight is accessible via APIs meaning that you could incorporate it into a continuous deployment program.  For more information on Cloud Insight you can visit Alert Logic’s website where you can access a few short videos, product documentation, and request your free trial.

    Shawn Anderson, Global Ecosystem Alliance Lead, AWS Partner Network