AWS Official Blog

Many AWS customers and partners have been asking for a programmatic way to access prices for AWS services. This information can be used in several ways. Some potential customers are evaluating the feasibility and cost-effectiveness of moving their on-premises workloads to the cloud and want to “do the math.” Current customers and partners would like to make sure that their budgeting, forecasting, and analytics tools are able to analyze AWS prices without having to resort to scraping our web site. Our Managed Services Partners create and supervise tens or thousands of linked AWS accounts (grouped together via Consolidated Billing) and need to make sure the bills presented to their customers reflect the cost of each resource.

New AWS Price List API
In order to meet the needs of these customers and to foster the development of even more tools that focus on cost management, budgeting, and the like, we are launching the AWS Price List API. This API provides you with access to prices in JSON and CSV form. You can download and process this information on an as-needed basis. You can also elect to receive notification via Amazon Simple Notification Service (SNS) each time we make a price change.

Pricing information can be accessed by URLs, each structured as follows:

https://pricing.us-east-1.amazonaws.com/offers/v1.0/aws/{offer_code}/current/index.{format}

where format can be either “json” or “csv.”

You can find the offer code and URLs for all supported services by accessing the Offer Index (https://pricing.us-east-1.amazonaws.com/offers/v1.0/aws/index.json). It begins like this (the currentVersionUrl values are all relative to https://pricing.us-east-1.amazonaws.com):

{
  "formatVersion" : "v1.0",
  "disclaimer" : "This pricing list is for informational purposes only. All prices are subject to the additional terms included in the pricing pages on http://aws.amazon.com. All Free Tier prices are also subject to the terms included at https://aws.amazon.com/free/",
  "publicationDate" : "2015-11-19T02:10:02Z",
 "offers" : {
    "AmazonS3" : {
      "offerCode" : "AmazonS3",
      "currentVersionUrl" : "/offers/v1.0/aws/AmazonS3/current/index.json"
    },
    "AmazonRedshift" : {
      "offerCode" : "AmazonRedshift",
      "currentVersionUrl" : "/offers/v1.0/aws/AmazonRedshift/current/index.json"
    },
    "AmazonEC2" : {
      "offerCode" : "AmazonEC2",
      "currentVersionUrl" : "/offers/v1.0/aws/AmazonEC2/current/index.json"
    },
    "AmazonCloudWatch" : {
      "offerCode" : "AmazonCloudWatch",
      "currentVersionUrl" : "/offers/v1.0/aws/AmazonCloudWatch/current/index.json"
    }
  }
}

Each API response contains two sections: product information and pricing information. Here’s a sample of the product information:

{
  "formatVersion" : "v1.0",
  "disclaimer" : "This pricing list is for informational purposes only. All prices are subject to the additional terms included in the pricing pages on http://aws.amazon.com. All Free Tier prices are also subject to the terms included at https://aws.amazon.com/free/",
  "offerCode" : "AmazonRDS",
  "version" : "20151001000000",
  "publicationDate" : "2015-11-15T04:02:20Z",
  "products" : {
    "FNR4GZ675EW5UXJW" : {
      "sku" : "FNR4GZ675EW5UXJW",
      "productFamily" : "Database Instance",
      "attributes" : {
        "servicecode" : "AmazonRDS",
        "location" : "US West (Oregon)",
        "locationType" : "AWS Region",
        "instanceType" : "db.t2.small",
        "currentGeneration" : "Yes",
        "instanceClass" : "Burstable performance instances",
        "vcpu" : "1",
        "memory" : "2",
        "piopsOptimized" : "No",
        "networkPerformance" : "Low",
        "engineCode" : "10",
        "databaseEngine" : "SQL Server",
        "databaseEdition" : "Express",
        "deploymentOption" : "Single-AZ",
        "usagetype" : "USW2-InstanceUsage:db.t2.small",
        "operation" : "CreateDBInstance:0010"
      }
    },

We’ve added product attributes to all our products. You can use these product attributes to find the SKU that you need prices for. To help you find prices faster, pricing information is also indexed by SKU.

Here is the pricing information associated with the product information above:

     "FNR4GZ675EW5UXJW" : {
        "FNR4GZ675EW5UXJW.JRTCKXETXF" : {
          "offerTermCode" : "JRTCKXETXF",
          "sku" : "FNR4GZ675EW5UXJW",
          "effectiveDate" : "2015-10-01T00:00:00Z",
          "priceDimensions" : {
            "FNR4GZ675EW5UXJW.JRTCKXETXF.6YS6EN2CT7" : {
              "rateCode" : "FNR4GZ675EW5UXJW.JRTCKXETXF.6YS6EN2CT7",
              "rateType" : "Fixed",
              "description" : "$0.044 per RDS T2 Small Instance hour (or partial hour) running SQL Server EX - LI",
              "beginRange" : "0",
              "endRange" : "Inf",
              "unit" : "Hrs",
              "pricePerUnit" : {
                "USD" : "0.0440000000"
              },
              "appliesTo" : [ ]
            }
          },
          "termAttributes" : { }
        }
      },

Available Now
This information is available now and you can start to make use of it today. It is available for all public AWS regions except Beijing (China). Information is not provided for Free Tier pricing, Spot Instances, or for products in the AWS Marketplace.

To learn more, read Using the Price List API.

— Jeff;

When I discuss AWS with enterprise customers, they often ask me how they can take advantage of their existing investments in on-premises virtualization. They want to take advantage of their existing “golden” images and the development, deployment, and certification processes that go along with them.

Fortunately, I am able to tell them about two separate aspects of AWS – VM Import / Export and the AWS Management Portal for vCenter. Both of these tools allow our enterprise customers to bring their existing virtual machine images in to AWS and to start making good use of them in short order.

Today we are expanding both tools with support for additional operating systems. The AWS Management Portal for vCenter is now able to import complex, multi-volume VMs to EC2.

New Operating System Support
In addition to support for the existing lineup of Windows and Linux operating system (read the VM Import/Export Prerequisites for a full list), you can now import the following operating system images in to EC2:

• SUSE/SLES 11-12
• Oracle Enterprise Linux 6-7
• Fedora 19-21
• Windows 10

AWS Management Portal for vCenter Updates
The portal is now capable of importing any operating system image that is accepted by VM Import/Export, including multi-volume VMware images. The importing process creates Amazon Machine Images (AMIs) and EC2 instances.

Here’s what the import process looks like from within the portal:

In order to make use of these features, you will need to enable auto-upgrade in the portal or download the latest version of the portal.

These features are available now and you can start using them today!

— Jeff;

AWS Direct Connect makes it easy for you to create a dedicated network connection from your premises to AWS. This private connectivity can reduce your network costs, increase data transfer throughput, and provide a more consistent experience than a shared Internet-based connection.

I am pleased to be able to announce that we have opened up 5 more Direct Connect locations, bringing the total to 23. Here are the new locations:

• Equinix Slough (LD4, LD5, LD6) – supporting the Europe (Ireland) region.
• Equinix Dallas (DA1, DA2, DA3, and DA6) – supporting the US East (Northern Virginia) region.
• GPX Mumbai – supporting the Asia Pacific (Singapore) region.
• Tivit São Paulo – supporting the South America (Brazil) region.
• Equinix San Jose (SV1, SV5) – supporting the AWS GovCloud (US) region.

Every AWS region is now supported by a pair of Direct Connect locations. This allows you to incorporate an additional level of redundancy into your designs. In addition to using multiple VPNs for backup and provisioning two connections to the same site for device redundancy, you can now get site redundancy for every region. A single VPC can accommodate multiple connections; to learn how to set this up read Configure Redundant Connections with AWS Direct Connect.

You can use the Direct Connect Console to create a connection:

Connections are always made to a particular Direct Connect location and can run at 1 Gbps or 10 Gbps. If you don’t need that much capacity, you can work with one of our Direct Connect Partners to provision a more modest connection. To learn more, check out the Direct Connect User Guide.

— Jeff;

The AWS Directory Service allows you to use your existing corporate identities to access AWS services and to simplify cloud-based deployment of Microsoft Windows and Linux applications that are dependent on the availability of a directory. We launched the service last year with support for two types of directories (AD Connector and Simple AD); see my post, New AWS Directory Service, to learn more.

Late last week we launched a third option, support for a managed Microsoft Active Directory, powered by Windows Server 2012 R2. When you choose this option, you get a Microsoft Active Directory that is designed to support up to 50,000 users (approximately 200,000 directory objects, including users, groups, and computers). The directory runs in two separate Availability Zones within a Virtual Private Cloud.

Provisioning is easy, quick (25-30 minutes), and straightforward. Because this is a managed service, common administrative tasks are handled for you. This includes host monitoring with automatic replacement, data replication, snapshot backups, and automatic software updates. As is often the case with AWS, you will spend less time administering and more time working on your applications and your business.

Use Cases
With this launch, running workloads that are aware of a directory is easier than ever. This includes Microsoft SharePoint as well as custom applications that make use of .NET and/or SQL Server.

System administrators can manage user and group memberships, join Linux and Windows computers to a domain, set up Kerberos single sign-on (SSO), apply group policies, and create trust relationships between domains.  They can also use their existing corporate credentials to log in to the AWS Management Console in order to manage AWS resources.

Provisioning a Directory
You can provision a managed Microsoft Active Directory from the AWS Directory Service Console. Visit the Console, click on Get Started Now, and then choose Create Microsoft AD:

Enter a name (I used dir.jeff-barr.com), set up an administrative password, choose a VPC, and pick two subnets of the VPC:

Then click on Next Step to review the settings and to make sure that you understand the terms of the free trial of AWS Directory Service, then click on Create Microsoft AD:

Visit the list of directories, check your email, walk your dog, and then wait for the status to change to Active (click on the refresh icon every so often):

You can then connect to the directory in the usual way, create your groups and users, and enjoy the benefits that I listed above.

You can create snapshots (and restore them later) from the console; simply select Snapshots in the navigation bar and click on Create Snapshot:

Pricing and Availability
The Managed Microsoft Active Directory Service is available now in the US East (Northern Virginia), US West (Oregon), Europe (Ireland), Asia Pacific (Sydney), and Asia Pacific (Tokyo) regions. You can try it out for one month (750 hours of usage) at no charge. After that, you’ll pay $0.40 per hour per in the US East (Northern Virginia) region; see the AWS Directory Service Pricing page for pricing in other regions.

— Jeff;

You can use Auto Scaling to scale a collection of EC2 instances up and down based on a set of conditions that you define. Scaling out helps you to maintain the desired level of performance as demand for processing power increases; scaling in reduces costs during quiet periods.

Today we are giving you additional control over the instances that are eligible to be terminated when one of your Auto Scaling groups processes a scale in action. As has been the case in the past, if you take no special action, any instance in the group can be terminated. With the new control that we are giving you today, you can protect certain instances from termination.

You might want to do this for several reasons. First, an instance might be handling a long-running work task, perhaps pulled from an SQS queue. Protecting the instance from termination will avoid wasted work. Second, the instance might serve a special purpose within the group. It could be the master node of a Hadoop cluster, or a “canary” that flags the entire group of instances as up and running.

Protecting Instances from Termination During Scale In
You can protect instances from termination by simply selecting them in the Auto Scaling Console and then choosing Instance Protection from the Actions menu:

Then confirm your intent:

You can see the protection status of each instance in a group from within the Console:

You can also change the protection status of one or more instances by calling the SetInstanceProtection function. If you wanted to use this function to protect long-running, queue-driven worker processes from scale-in termination, you could set up your application as follows (this is pseudocode):

while (true)
{
  SetInstanceProtection(False);
  Work = GetNextWorkUnit();
  SetInstanceProtection(True);
  ProcessWorkUnit(Work);
  SetInstanceProtection(False);
}

In most cases, you will want to leave at least one instance in each of your auto scaling groups unprotected. If all of the instances are protected, no scale in action will be taken. To learn more, read about the Auto Scaling Lifecycle.

This new functionality is available now and you can start using it today!

— Jeff;

PS – The AWS SDKs will be updated on December 8th; you’ll be able to use the SetInstanceProtection function after the update.

We launched Amazon Aurora a little over a year ago (see my post, Amazon Aurora – New Cost-Effective MySQL-Compatible Database Engine for Amazon RDS, to learn more). Customer adoption of Amazon Aurora has been strong and it is now the fastest-growing AWS service! We recently made Amazon Aurora available in the Asia Pacific (Tokyo) region for our customers in Japan and the surrounding area (it was already available in the US East (Northern Virginia), US West (Oregon), and Europe (Ireland) regions).

Encryption at Rest
Encryption is an important part of any data protection strategy. Today we are making it easier for you to encrypt the data that you store in Amazon Aurora (this is often known as “encryption at rest”). As is the case with the other encryption options for RDS, you simply choose a key (either AWS-managed or customer-managed) from AWS Key Management Service (KMS) when you create the database instance:

Encryption (AES-256) applies to the data in the database, logs, backups, snapshots, and read replicas. You  must specify encryption when you create the database instance; you cannot enable or disable it for a running instance. Read about Encrypting Amazon RDS Resources to learn more.

If you choose to create your own key, you can request annual rotation:

You can also enable AWS CloudTrail logging for your AWS account. This will allow you to track all of the calls made to KMS (including all Encrypt and Decrypt operations) for auditing purposes. To learn how do to this, read Logging AWS KMS API Calls Using AWS CloudTrail.

— Jeff;

PS – Before you ask, Amazon Aurora uses AES-256 to encrypt data in transit.

Early in the fall I spent two days talking to startups and recording their stories in the basement of the AWS Loft in San Francisco as part of the Intel Startup Spotlight focus for the AWS Podcast.

I published the first four interviews a couple of months ago. Life got kind of busy (this little thing called AWS re:Invent took up a bunch of my time) and I am just now getting around to editing and uploading the interviews that I did on the second day. As I noted in my earlier post, the Loft is a busy place and you might hear the occasion footstep or siren.

On Tuesday, September 1 I spoke with Convox, FundersClub, Pachyderm, and Runscope. Here are the episodes and the show notes (the “Episode” links go directly to the MP3 files; you can also visit the AWS Podcast page and subscribe to the feed):

Episode 111 – Convox
For Episode 111, I interviewed Noah Zoschke of Convox. They are building a new application deployment platform on AWS.

Episode 112 – FundersClub
For Episode 112, I interviewed Charley Walton of FundersClub. They are an AWS-powered venture capital platform.

Episode 113 – Pachyderm
For Episode 113, I interviewed Joe Doliner of Pachyderm. They are building a full-stack, container-based replacement for Hadoop.

Episode 114 – Runscope
For Epsiode 114 I spoke with Ryan Park (Principal Software Engineer), John Sheehan (CEO), and Stephen Huenneke (Principal Software Engineer) of Runscope.

Special Thanks
The AWS Podcast is a team effort; I want to take this opportunity to recognize the contributions of my co-workers:

• Gloria Kim & Stephanie Lawson – Scheduling and hosting at the AWS Loft in San Francisco.
• Melissa Higa – Program management.
• Sarah Silverstein – Editing and content management.

— Jeff;

PS – I managed to lose my camera when I traveled to the AWS Summit in Barcelona, so there are no pictures this time around!

Every month, we set up a series of webinars that are designed to bring you up to speed on the latest AWS services & features, and to make sure that you are aware of the best ways to put them to use. The webinars are conducted by senior AWS Product Managers and Solution Architects and often include a guest speaker from our customer base.

The webinars are free but “seating” is limited and you should definitely sign up ahead of time if you want to attend (all times are Pacific):

Tuesday, December 8
AWS allows you to save money, optimize costs, and reduce TCO (Total Cost of Ownership) in several different ways. This webinar will help you to learn more about the economics of the cloud and how they can positively impact your organization.

• Webinar: Strategies to Quantify TCO and Optimize Costs using AWS (9 – 10 AM).

Amazon Aurora is a fast and cost-effective relational database designed to be compatible with MySQL.

• Webinar: Amazon Aurora: Introduction and Migration (10:30 – 11:30 AM).
• Blog Post: Amazon Aurora – New Cost-Effective MySQL-Compatible Database Engine for Amazon RDS.

Amazon Inspector is an automated security assessment service that helps to improve the security and compliance of apps deployed on AWS.

• Webinar: Amazon Inspector (Noon – 1 PM).
• Blog Post: Amazon Inspector – Automated Security Assessment Service.

Wednesday, December 9
Amazon EC2 Container Service simplifies the task of software delivery by making it easy to set up a Continuous Delivery (CD) process.

• Webinar: Continuous Delivery to Amazon EC2 Container Service (9 – 10 AM).
• Blog Post: EC2 Container Service in Action.

Do you need a sweeping overview of the entire set of AWS services? Join me for the AWS Services Overview!

• Webinar: AWS Services Overview (10:30 – 11:30 AM).
• AWS Blog.

Thursday, December 10
Many popular games run on AWS.

• Webinar: Game Developers – Create Great User Experiences (9 – 10 AM).
• AWS Gaming.

Several new AWS services can help you to build fast, responsive backends for your mobile apps.

• Webinar: Build Mobile Backends with AWS Lambda and Amazon API Gateway (10:30 – 11:30 AM).
• Blog Posts: AWS Lambda – Run Code in the Cloud and Amazon API Gateway – Build and Run Scalable Application Backends.

EC2 Dedicated Hosts are physical servers with EC2 instance capacity fully dedicated for your use.

• Webinar: Dedicated EC2 Hosts (Noon – 1 PM).
• Blog Post: Now Available – EC2 Dedicated Hosts.

Friday, December 11
Amazon DynamoDB is a fast and highly scalable NoSQL database.

• Webinar: Design Patterns Using Amazon DynamoDB (10:30 – 11:30 AM).
• Blog Posts: Amazon DynamoDB.

— Jeff;

Let’s take a quick look at what happened in AWS-land last week:

New & Notable Open Source

• go-cloudformation is a Go library for reading and producing CloudFormation templates.
• portableR is R statistics ready to run for AWS Lambda.
• satellite-image-processing-environment is a Vagrant environment for processing satellite images on AWS.
• Sparta lets you run Go functions in AWS Lambda.
• aws-key-git-hook is a Git pre-commit hook to stop you from checking in your AWS keys.
• aws-v4-sign-small is a size-optimized library for AWS v4 request signing, designed for use in the browser.
• aws-deployment-guide shows you how to deploy an app to a VPC with Elastic Beanstalk.
• aws-sdk-typescript is a TypeScript bindings generator for the AWS SDK for JavaScript.
• iam-policy-manager is a simple utility to manage AWS IAM roles and policies from a JSON model.
• aws-deployments is a set of deployment examples for F5’s Big IP platform on AWS.

New SlideShare Presentations

• AWS Pop-up Loft Berlin – Presentations.
• Adobe Creative Cloud and AWS.
• Securing Web Applications with AWS WAF.
• IAM Best Practices to Live By.

New Customer Success Stories

• BC Hydro – simulation and modeling (thanks, TriNimbus).
• Assignar -managing compliance, assets, and workforces.
• Human Recognition Systems -biometrics for identity.
• National Trust -SSV (single supporter view) data warehouse.
• Present Group -commissioning and completing electrical projects.
• tixCraft -ticketing services for concerts and other events.
• Travelstart -hosting a travel booking website.
• WirelessCar – automotive telematics.

New YouTube Videos

• re:Invent 2015 Global Partner Summit:
  • Building a Big Data Practice on AWS.
  • CI/CD on AWS.
• Earth Observation in the Cloud Demo Day:
  • How Mapbox does Earth Observation.
  • ArcGIS for Earth Observation in the Cloud.
  • Geospatial Big Data with DigitalGlobe.
  • NOAA Big Data Project.
  • Earth Observation in the Cloud using ENVI.
  • Emerging Hotspots of Global Tree Cover Loss.
  • Earth Observation Data Revolution.
  • Planet Labs on AWS.
  • Earth Observation on AWS.

Upcoming Events

• December 1 (Meetup in Chicago, IL) – APIs and IPAs.
• December 1 (Webinar) – How the City of San Diego Created an App to Resolve Parking Issues – with APN Partner Civic Resource Group International and customer CivicSD.
• December 3 (Webinar) – Migrating Your HIPAA Compliant Healthcare Analytics to AWS – with APN Partner Cloudticity and customer Caremerge.
• December 3 (Meetup in Redwood City, CA) – Loading Data Into Redshift Simplified with Schema-on-Read ELT.
• December 8 (Webinar) – Jana’s Data Warehousing Story: Then vs. Now – with APN Partner Snowflake and customer Jana.
• December 10 (Webinar) – Secure Incoming and Outgoing Traffic to Your Web Application – with APN Partner Barracuda Networks.
• December 14 (Meetup in Oslo, Norway) – Manage AWS Infrastructure as Code Using Terraform.
• AWS Lofts:
  • San Francisco.
  • New York.

Help Wanted

• DubSmash (Berlin) – Engineering Manager.
• Stelligent – DevOps Automation Engineer (Advanced, Senior, Principal).
• Senior Leader: AWS VPC (Virtual Private Cloud).
• EC2 Systems Engineering Leader.
• Senior Software Development Manager, EC2 Networking.
• AWS Careers.

Stay tuned for next week! In the meantime, follow me on Twitter and subscribe to the RSS feed.

— Jeff;

I am happy to announce that AWS has achieved ISO 27017 certification. This new criteria builds upon the ISO 27002 standard, with additional controls specifically applicable to cloud service providers. AWS is the first cloud provider to obtain this certification, which is available now for download on our compliance site. Additionally, we’ve posted a Frequently Asked Questions around ISO 27017 should you want to learn more about the regions and services included in the certification.

This certification is certainly good news for customers, providing additional transparency and independent assurance that we follow this internationally recognized cloud security code of practice. However, certifying that we follow yet another best practice won’t come as a surprise; we’ve already proven that information security is job #1 here at AWS. We have made massive investments in protecting customer data – investments that you, our customers, inherit when using our services. Global customers from a wide range of regulated industries (including healthcare, life sciences, federal and state governments, financial services, and public safety) continue to accelerate their use of AWS for their most critical and regulated workloads. Yes, our certifications and attestations are significant, but even more critical is the ability for you, on top of these assurances, to build your own advanced security and compliance capabilities.

With AWS services, our customers have access to innovative new cloud security features such as Amazon Inspector, AWS WAF (Web Application Firewall), and AWS Config Rules. These tools enhance the ability to manage security while establishing reliable and ubiquitous controls in AWS environments, allowing for compliance in a more comprehensive and transparent manner.

At AWS we routinely attain certifications, demonstrating we have a world-class security program, but more importantly we want you to have a world-class security program as well. To learn more about the innovative and industry-leading security capabilities we offer, view the links above and watch Steve Schmidt’s Keynote at re:Invent.

To learn more about how our customers are running sensitive workloads on AWS, take a look at some case studies:

— Jeff;