#amazonelasticcomputecloud
Explore tagged Tumblr posts
Visit Tumblr Blog
Explore Tumblr blogs with no restrictions, modern design and the best experience.
Last Seen Tumblr Blogs
Fun Fact
Tumblr’s reach among the 26-to-35-year-olds in the US is 11%.
Text
Introducing Gen 2 AWS Outpost Racks with Improved Speed
Outpost Racks
Amazon's latest edge computing innovation, second-generation Outpost racks, are now available. This new version supports the latest x86-powered Amazon Elastic Compute Cloud (Amazon EC2) instances and features faster networking instances for ultra-low latency and high throughput applications and simpler network scalability and deployment. These enhancements boost on-premises workloads including telecom 5G Core and financial services core trading platforms.
For on-premises workloads. The second-generation at outpost racks process data locally and has low latency for multiplayer online gaming servers, consumer transaction data, medical records, industrial and manufacturing control systems, telecom BSS, edge inference of diverse applications, and machine learning (ML) models. Customers may now choose from the latest processor generation and Outposts rack configurations with faster processing, more memory, and more network bandwidth.
The latest EC2 instances
In AWS racks are compute-optimized C7i, general-purpose M7i, and memory-optimized R7i x86 instances. Older Outpost Rack C5, M5, and R5 instances had 40% less performance and double vCPU, RAM, and Internet bandwidth. Larger databases, real-time analytics, memory-intensive apps, on-premises workloads, CPU-based edge inference with complicated machine learning models. benefit tremendously from 4th Gen Intel Xeon Scalable CPUs. Newer EC2 instances, including GPU-enabled ones, will be supported.
Easy network scalability and configuration
Amazon has overhauled networking for its latest Outposts generation, making it easier and more scalable. This update centres on its new Outposts network rack, which centralises compute and storage traffic.
The new design has three key benefits. First, you may now grow compute capacity separately from networking infrastructure as workloads rise, increasing flexibility and lowering costs. Second, it started with network resiliency to keep your systems running smoothly. Network racks handle device failures automatically. Third, connecting to on-premises and AWS Regions is simple. You may configure IP addresses, VLANs, and BGP using a revamped console interface or simple APIs.
Amazon EC2 instances with faster networking
Enhanced Amazon EC2 instances with faster networking are being launched on Outpost racks. These instances are designed for mission-critical on-premises throughput, computation, and latency. A supplemental physical network with network accelerator cards attached to top-of-rack (TOR) switches is added to the Outpost logical network for best performance.
Bmn-sf2e instances, designed for ultra-low latency and predictable performance, are the first. The new instances use Intel's latest Sapphire Rapids processors (4th Gen Xeon Scalable) and 8GB of RAM per CPU core to sustain 3.9 GHz across all cores. Bmn-sf2e instances feature AMD Solarflare X2522 network cards that link to top-of-rack switches.
These examples provide deterministic networking for financial services customers, notably capital market companies, employing equal cable lengths, native Layer 2 (L2) multicast, and precision time protocol. Customers may simply connect to their trading infrastructure to meet fair trading and equitable access regulations.
The second instance type, Bmn-cx2, has low latency and high throughput. This example's NVIDIA ConnectX-7 400G NICs are physically coupled to fast top-of-rack switches, giving 800 Gbps bare metal network bandwidth at near line rate. This instance supports hardware PTP and native Layer 2 (L2) multicast, making it ideal for high-throughput workloads including risk analytics, real-time market data dissemination, and telecom 5G core network applications.
Overall, the next Outpost racks generation improves performance, scalability, and resilience for on-premises applications, particularly mission-critical workloads with rigorous throughput and latency constraints. AWS Management Console lets you pick and buy. The new instances preserve regional deployment consistency by supporting the same APIs, AWS Management Console, automation, governance policies, and security controls on-premises and in the cloud. improving IT and developer productivity.
Know something
Second-generation Outpost racks may be parented to six AWS regions: Asia Pacific (Singapore), US West (Oregon), US East (N. Virginia, and Ohio), and EU West (London, France).Support for more nations, territories, and AWS regions is coming. At launch, second-generation Outpost racks support several AWS services from first-generation racks. Support for more AWS services and EC2 instance types is coming.
#AmazonElasticComputeCloud#machinelearning#C7iinstances#AmazonEC2#EC2instance#AWSRegions#News#Technews#Technology#Technologynews#govindhtech
0 notes
Text
Discover AWS Systems Manager Cross-Account Management
What is AWS Systems Manager?
AWS Systems Manager is a solution that facilitates the management, viewing, and control of your infrastructure in multicloud, on-premises, and AWS settings.
AWS Systems Manager’s advantages
Boost visibility throughout your whole node infrastructure
A consolidated view of all the nodes across the accounts and regions of your company is offered by AWS Systems Manager. Get node information quickly, including its name, ID, installed agents, operating system information, and tags. You may find problems and act more quickly by using Amazon Q Developer to query node metadata in natural language.
Use automation to increase operational efficiency
Reduce the time and effort needed to maintain your systems by automating routine operational chores. Systems Manager eliminates the need for remote PowerShell, SSH, or bastion hosts by enabling you to safely and securely manage your nodes at scale without logging into your servers. It offers a straightforward method for automating routine operational tasks, like software and patch installations, registry modifications, and user administration, across groups of nodes.
Make node management easier at scale in any setting
Any AWS, on-premises, or multicloud environment can run the Systems Manager Agent (SSM Agent), enabling Systems Manager to offer out-of-the-box visibility and simplifying managed node maintenance. Set up diagnostics to run automatically in order to find problems with the SSM Agent. Issues with pre-defined runbooks can then be fixed. Once under control, nodes can efficiently carry out vital operational functions including remotely executing commands, starting logged sessions, and patching nodes with security updates.
Tools
You can use the entire suite of AWS Systems Manager tools to securely connect to nodes without managing bastion hosts or SSH keys, patch nodes with security updates, automate operational commands at scale, and obtain thorough fleet visibility once your nodes are managed by Systems Manager.
Use cases
Control every node you have
Gain thorough insight into your hybrid and multicloud systems, as well as your node infrastructure across Amazon Web Services accounts and regions. Rapidly detect and resolve agent problems to restore unmanaged nodes and efficiently carry out crucial operational duties, such applying security updates to nodes, starting and recording sessions, or executing operational commands.
Automate your processes
Make your computational resources available, configure them, and deploy them automatically. To address common problems like misconfigured agents, keep infrastructure up to date with SSM Agent diagnosis and remediation. Execute essential operational activities, like automatically applying fixes for applications and operating systems on a regular basis.
Increase the effectiveness of operations
Prioritize increasing operational effectiveness, cutting expenses, and growing your company. Across your hybrid and multicloud setups, AWS Systems Manager is your enterprise-grade solution for managing nodes at scale with cross-account and cross-region visibility.
Presenting a fresh AWS Systems Manager experience
AWS is presenting an enhanced version of AWS Systems Manager today, which offers the much-desired cross-account and cross-region experience for large-scale node management.
All of your managed nodes, including different kinds of infrastructure like Amazon Elastic Compute Cloud (EC2) instances, containers, virtual machines on other cloud providers, on-premise servers, and edge Internet of Things (IoT) devices, can be seen centrally with the new System Manager experience. When they are linked to Systems Manager and have the Systems Manager Agent (SSM Agent) installed, they are called “managed nodes.”
A node is referred to be a “unmanaged node” if an SSM Agent ceases operating on it for any reason, at which point Systems Manager no longer has access to it. The latest version of Systems Manager also makes it easier to find and troubleshoot unmanaged nodes. To resolve any problems and restore connectivity so they can once more be managed nodes, you may run and even schedule an automated diagnosis that gives you suggested runbooks to follow.
Amazon Q Developer, the most powerful generative AI-powered software development helper, has also been integrated with Systems Manager. Using natural language, you may ask Amazon Q Developer questions about the nodes you’ve handled. You’ll receive quick answers and links to the Systems Manager where you can take action or carry out more research.
With the new interface with Systems Manager in this edition, you can also leverage AWS Organizations to enable a delegated administrator to centrally manage nodes throughout the business.
AWS Systems Manager pricing
You can monitor and fix operational problems with all of your AWS applications and resources, including Amazon Elastic Compute Cloud (EC2), Amazon Relational Database Service (RDS), Amazon Elastic Container Service (ECS), and Amazon Elastic Kubernetes Service (EKS) instances, as well as in multicloud and hybrid environments, using the unified user interface that AWS Systems Manager offers. With AWS Systems Manager, you may begin using the benefits of the AWS Free Tier without paying a dime. No upfront obligations or minimum costs apply. There may be restrictions.
AWS Free Tier
The following functionalities of AWS Systems Manager are available to you for free as part of the AWS Free Tier. There may be restrictions.
Explorer
Enabling Explorer does not incur any further fees. There may be restrictions.
The dashboard of Explorer is populated by paid OpsCenter APIs (GetOpsSummary). These API queries will incur fees. The Export to CSV option uses an aws:executeScript action step to run an Automation document. The cost of these actions may be determined by Automation pricing.
For more details please visit the AWS systems manager pricing page.
In conclusion
Gaining visibility and control over your computing infrastructure and carrying out operational tasks at scale need the use of Systems Manager. Through a centralized dashboard, the new experience provides a centralized view of all your nodes across AWS accounts, on-premises, and multicloud environments. It also integrates Amazon Q Developer for natural language queries and allows one-click SSM Agent troubleshooting. By going to the Systems Manager panel and following the simple steps, you may activate the new experience without paying more.
What is AWS Systems Manager?
AWS Systems Manager is a solution that facilitates the management, viewing, and control of your infrastructure in multicloud, on-premises, and AWS settings.
AWS Systems Manager’s advantages
Boost visibility throughout your whole node infrastructure
A consolidated view of all the nodes across the accounts and regions of your company is offered by AWS Systems Manager. Get node information quickly, including its name, ID, installed agents, operating system information, and tags. You may find problems and act more quickly by using Amazon Q Developer to query node metadata in natural language.
Use automation to increase operational efficiency
Reduce the time and effort needed to maintain your systems by automating routine operational chores. Systems Manager eliminates the need for remote PowerShell, SSH, or bastion hosts by enabling you to safely and securely manage your nodes at scale without logging into your servers. It offers a straightforward method for automating routine operational tasks, like software and patch installations, registry modifications, and user administration, across groups of nodes.
Make node management easier at scale in any setting
Any AWS, on-premises, or multicloud environment can run the Systems Manager Agent (SSM Agent), enabling Systems Manager to offer out-of-the-box visibility and simplifying managed node maintenance. Set up diagnostics to run automatically in order to find problems with the SSM Agent. Issues with pre-defined runbooks can then be fixed. Once under control, nodes can efficiently carry out vital operational functions including remotely executing commands, starting logged sessions, and patching nodes with security updates.
Tools
You can use the entire suite of AWS Systems Manager tools to securely connect to nodes without managing bastion hosts or SSH keys, patch nodes with security updates, automate operational commands at scale, and obtain thorough fleet visibility once your nodes are managed by Systems Manager.
Use cases
Control every node you have
Gain thorough insight into your hybrid and multicloud systems, as well as your node infrastructure across Amazon Web Services accounts and regions. Rapidly detect and resolve agent problems to restore unmanaged nodes and efficiently carry out crucial operational duties, such applying security updates to nodes, starting and recording sessions, or executing operational commands.
Automate your processes
Make your computational resources available, configure them, and deploy them automatically. To address common problems like misconfigured agents, keep infrastructure up to date with SSM Agent diagnosis and remediation. Execute essential operational activities, like automatically applying fixes for applications and operating systems on a regular basis.
Increase the effectiveness of operations
Prioritize increasing operational effectiveness, cutting expenses, and growing your company. Across your hybrid and multicloud setups, AWS Systems Manager is your enterprise-grade solution for managing nodes at scale with cross-account and cross-region visibility.
Presenting a fresh AWS Systems Manager experience
AWS is presenting an enhanced version of AWS Systems Manager today, which offers the much-desired cross-account and cross-region experience for large-scale node management.
All of your managed nodes, including different kinds of infrastructure like Amazon Elastic Compute Cloud (EC2) instances, containers, virtual machines on other cloud providers, on-premise servers, and edge Internet of Things (IoT) devices, can be seen centrally with the new System Manager experience. When they are linked to Systems Manager and have the Systems Manager Agent (SSM Agent) installed, they are called “managed nodes.”
A node is referred to be a “unmanaged node” if an SSM Agent ceases operating on it for any reason, at which point Systems Manager no longer has access to it. The latest version of Systems Manager also makes it easier to find and troubleshoot unmanaged nodes. To resolve any problems and restore connectivity so they can once more be managed nodes, you may run and even schedule an automated diagnosis that gives you suggested runbooks to follow.
Amazon Q Developer, the most powerful generative AI-powered software development helper, has also been integrated with Systems Manager. Using natural language, you may ask Amazon Q Developer questions about the nodes you’ve handled. You’ll receive quick answers and links to the Systems Manager where you can take action or carry out more research.
With the new interface with Systems Manager in this edition, you can also leverage AWS Organizations to enable a delegated administrator to centrally manage nodes throughout the business.
AWS Systems Manager pricing
You can monitor and fix operational problems with all of your AWS applications and resources, including Amazon Elastic Compute Cloud (EC2), Amazon Relational Database Service (RDS), Amazon Elastic Container Service (ECS), and Amazon Elastic Kubernetes Service (EKS) instances, as well as in multicloud and hybrid environments, using the unified user interface that AWS Systems Manager offers. With AWS Systems Manager, you may begin using the benefits of the AWS Free Tier without paying a dime. No upfront obligations or minimum costs apply. There may be restrictions.
AWS Free Tier
The following functionalities of AWS Systems Manager are available to you for free as part of the AWS Free Tier. There may be restrictions.
Explorer
Enabling Explorer does not incur any further fees. There may be restrictions.
The dashboard of Explorer is populated by paid OpsCenter APIs (GetOpsSummary). These API queries will incur fees. The Export to CSV option uses an aws:executeScript action step to run an Automation document. The cost of these actions may be determined by Automation pricing.
For more details please visit the AWS systems manager pricing page.
In conclusion
Gaining visibility and control over your computing infrastructure and carrying out operational tasks at scale need the use of Systems Manager. Through a centralized dashboard, the new experience provides a centralized view of all your nodes across AWS accounts, on-premises, and multicloud environments. It also integrates Amazon Q Developer for natural language queries and allows one-click SSM Agent troubleshooting. By going to the Systems Manager panel and following the simple steps, you may activate the new experience without paying more.
Read more on govindhtech.com
#DiscoverAWSSystems#ManagerCross#Tools#AccountManagement#AmazonQDeveloper#AmazonWebServices#AmazonElasticComputeCloud#virtualmachines#AmazonRelationalDatabaseService#RDS#technology#technews#news#govindhtech
0 notes
Text
Amazon CloudFront VPC Origins: Improved CloudFront Security
Introducing the Amazon CloudFront VPC Origin: Improved protection and more efficient use of your apps
I’m happy to inform you that the Amazon CloudFront Virtual Private Cloud (VPC) origins has launched, a new feature that allows businesses to serve content from apps housed in private subnets inside their Amazon VPC. This makes it simple to protect web apps, so you can concentrate on expanding your company while enhancing security and preserving great speed and worldwide scalability with CloudFront.
Origin Access Control is a managed service that allows customers to safeguard their origins and make CloudFront the only front-door to your application when serving content via Amazon Simple Storage service (Amazon S3), AWS Elemental Services, and AWS Lambda Function URLs. For apps that employ load balancers or are hosted on Amazon Elastic Compute Cloud (Amazon EC2), this was more challenging to accomplish because you had to come up with your own method to get the same outcome. To guarantee that the endpoint remained exclusive to CloudFront, you would need to employ a variety of strategies, including monitoring firewall rules, employing logic like header validation, and using access control lists (ACLs).
By providing a managed solution that can be used to send CloudFront distributions to Application Load Balancers (ALBs), Network Load Balancers (NLBs), or EC2 instances inside your private subnets, CloudFront VPC origins eliminates the requirement for this type of undifferentiated effort. Because it also removes the need for public IP addresses, this guarantees that CloudFront will be the only point of entry for those resources with the least amount of configuration work, giving you better performance and the chance to save money.
Setting up CloudFront VPC Origin
The fact that CloudFront VPC origins is free of charge means that any AWS client can use it. Using the AWS Command Line Interface (AWS CLI) or the Amazon CloudFront console, it may be linked with both new and pre-existing CloudFront distributions.
Consider that you have a private AWS Fargate application for Amazon ECS that is fronted by an ALB. Using the ALB directly within the private subnet, let’s build a CloudFront distribution.
To begin, open the CloudFront dashboard and choose the newly added VPC origins menu item.Image credit to AWS
It’s easy to create a new VPC origin. There aren’t many options for you to choose from. You can either input the Origin ARN directly or search for resources hosted in private subnets. You pick the resources you want, give your VPC origin a catchy name, set up some security settings, and then confirm. Although support for resources across all accounts is on the horizon, please take note that the VPC origin resource must be in the same AWS Account as the CloudFront distribution at launch.
Your VPC origin will be deployed and operational after the creation procedure is finished! On the VPC origins page, you can see its current state.
By doing this, it has developed a CloudFront distribution that, with just a few clicks, can serve content straight from a resource hosted on a private subnet! Once your VPC origin has been built, you can go to your Distribution window and copy and paste the ARN or choose it from the dropdown menu to add the VPC origin to your Distribution.
To achieve full-spectrum protection, keep in mind that you should still layer your application’s security using services like AWS Web Application Firewall (WAF) to guard against web vulnerabilities, AWS Shield for managed DDoS protection, and others.
In conclusion
By allowing CloudFront distributions to serve content directly from resources hosted within private subnets, CloudFront VPC Origins provides a new means for enterprises to create high-performance, secure applications. This keeps your application safe while lowering the difficulty and expense of maintaining sources that are visible to the public.
Read more on govindhtech.com
#AmazonCloudFront#VPCOrigins#CloudFrontSecurity#AmazonSimpleStorageservice#AmazonS3#EC2instances#AmazonElasticComputeCloud#AmazonEC2#DDoSprotection#technology#technews#news#govindhtech
0 notes
Text
Amazon VPC Lattice: Easy Container Networking Built-In
Simplify networking for container applications with Amazon VPC Lattice‘s integrated Amazon ECS support.
What is VPC Lattice?
Amazon VPC Lattice is a fully managed application networking solution that facilitates service monitoring, security, and connection between virtual private clouds (VPCs) and accounts.
- Advertisement -
Make service-to-service communication, security, and monitoring easier with Amazon VPC Lattice.
Advantages
Make connecting easier
Discover and safely link services across VPCs and accounts with Amazon VPC Lattice, which streamlines and automates service connectivity.
Boost security
Context-specific authorization and trustworthy authentication can help you establish a better and more consistent security posture.
Scale automatically
Automatically scale network and computing resources to accommodate high-bandwidth HTTP, HTTPS, and gRPC workloads.
Implement flexibly
With support for instances, containers, and serverless computing, you can increase productivity and deployment flexibility.
How it operates
An application networking tool called Amazon VPC Lattice continuously links, tracks, and secures communications between your services, enhancing efficiency and freeing up your developers to work on things that are important to your company. To connect compute services in a straightforward and uniform manner across instances, containers, and serverless apps, you can specify policies for network traffic control, access, and monitoring.
Use cases
Simplify scalable service-to-service connectivity
Thousands of services can be connected across accounts and VPCs without making the network more complicated.
Boost security at the application layer
With context-specific authorization, centralized access controls, and authentication, you can enhance service-to-service security and support Zero Trust architectures.
Put smart traffic control into practice
For blue/green and canary deployments, use granular traffic restrictions like weighted targets and request-level routing.
Get insight into interactions between services
Keep an eye on and troubleshoot service-to-service communication for faults, response time, traffic volume, request type, and other factors.
AWS introduced Amazon Elastic Container Service (Amazon ECS) built-in support for Amazon VPC Lattice today. Amazon ECS services can now be directly linked to VPC Lattice target groups without the use of intermediary load balancers with this new built-in connection.
A brief overview of how to locate Amazon VPC Lattice integration when developing an Amazon ECS service is provided here:
IP addresses from ECS tasks within a service are registered and deregistered as targets in a VPC Lattice target group as part of the Amazon VPC Lattice interaction with Amazon ECS. Amazon ECS will automatically register ECS tasks to the VPC Lattice target group as soon as they are launched for the service.
Additionally, Amazon ECS will automatically replace ECS activities that fail VPC Lattice health checks. Additionally, the target group is excluded from any work that is discontinued or scaled down.
Utilizing the Lattice integration for Amazon VPC
Allow me to demonstrate how to utilize this just-added integration. You will set up the interaction with VPC Lattice and install a basic application server operating as an ECS service in the demo that follows. The application server will then be tested by connecting to the VPC Lattice domain name without the need to set up extra load balancers on Amazon ECS.
You must confirm that Amazon ECS will have the necessary authorization to register and deregister targets inside VPC Lattice before you can begin this integration.
You must define a task definition with at least one container and one port mapping in order to use the interaction with VPC Lattice. Here is an illustration of how we define our tasks.
{
“containerDefinitions”: [
{
“name”: “webserver”,
“image”: “public.ecr.aws/ecs-sample-image/amazon-ecs-sample:latest”,
“cpu”: 0,
“portMappings”: [
{
“name”: “web-80-tcp”,
“containerPort”: 80,
“hostPort”: 80,
“protocol”: “tcp”,
“appProtocol”: “http”
}
],
… *redacted for brevity*
}
Then select Create after navigating to your ECS cluster.
The job specification must then be chosen, and the service name must be assigned.
To begin setting up the target group for VPC Lattice, select Turn on VPC Lattice in the VPC Lattice integration section. Since you will be using VPC Lattice, you don’t need to define a load balancer. By default, it will route requests to healthy targets using a round-robin routing mechanism.
Now begin creating it integration for your ECS service. Start by choosing the Amazon ECS infrastructure role. Next, you have to decide which virtual private cloud (VPC) you want to use for your service. The target groups that will receive traffic must then be defined. You build this service once you’ve finished setting the VPC Lattice integration.
ECS service is available in a few minutes. Select Configuration and Networking after navigating to the service. The VPC Lattice target group is generated if you scroll down to the VPC Lattice section.
Click on the target group name to be sent to the VPC Lattice target group website, where you can get more details about this target group. You can see that Amazon ECS was able to correctly register the task’s IP address here.
Now you have to set up a service network and VPC Lattice service. Creating the VPC Lattice service first, then connecting to the VPC Lattice service network later. Let’s do that, then.
In the VPC Lattice section, select Services and then select Create service.
You can select Next after entering all the information needed to start a VPC Lattice service.
Then add a listener and choose the newly formed target group for the Forward to target group on the Listener default action.
You can skip this step and select Next, check the configurations, and create the service on the following page since you’ll be creating the VPC Lattice service network later.
Now that VPC Lattice services have been established, VPC Lattice service networks need to be established. Select Create service network after navigating to Service networks in the VPC Lattice section.
Start by entering the network name for the VPC Lattice service.
Then choose the service you created on the Service associations page.
You link both the security group and your VPC to this service network.
It has everything set up for this integration at this point. Both VPC and VPC Lattice service are now connected to your VPC Lattice service network.
Copy the domain name from your VPC Lattice service page once everything is configured.
Then use the domain name from VPC Lattice to call the service after logging into the instance in the same VPC.
Things to be aware of
Here are some crucial things to remember:
VPC Lattice GA
In AWS regions where Amazon VPC Lattice and Amazon ECS are accessible, Amazon VPC Lattice integration with Amazon ECS is now possible.
All ECS launch types, including AWS Fargate and Amazon Elastic Compute Cloud (Amazon EC2), are compatible with this integration.
VPC Lattice pricing
The standard cost for Amazon ECS and VPC Lattice is applicable. This integration does not come with any extra fees.
Try out this new feature of Amazon VPC Lattice now to discover how it can improve communication between your container applications running on Amazon ECS.
Read more on govindhtech.com
#AmazonVPCLattice#EasyContainer#NetworkingBuilt#AmazonECS#loadbalancers#Amazon#Boostsecurity#AmazonElasticComputeCloud#AmazonEC2#news#technology#technews#govindhtech
0 notes
Text
Amazon EC2 X8g: Graviton-4 Memory-Optimized AWS Instances
The most affordable price per gigabyte of memory among Graviton4-based EC2 instances is offered by Amazon Elastic Compute Cloud (Amazon EC2) X8g instances, which are driven by the most recent AWS Graviton4 processors. In addition, X8g instances provide up to 60% faster performance than X2gd instances and up to 3TiB of memory. They also offer larger instance sizes with up to three times more memory and vCPUs.
Customers can run memory-intensive workloads like in-memory databases (Redis, Memcached), relational databases (MySQL, PostgreSQL), electronic design automation (EDA) workloads, real-time big data analytics, and real-time caching servers with X8g instances’ increased performance and extra memory. To further optimize their computational infrastructure, X8g instances allow several memory-intensive containerized apps to run on a single instance. With up to 3 TiB of DDR5 memory and up to 192 vCPUs, Graviton-4-powered, memory-optimized X8g instances are now offered in 10 virtual sizes and two bare metal sizes.
With the finest price-performance and scale-up capability of any comparable EC2 Graviton instance to date, this instance is its most energy-efficient to date. These instances are optimized for Electronic Design Automation, in-memory databases & caches, relational databases, real-time analytics, and memory-constrained microservices, and have a memory to virtual CPU ratio of 16 to 1. The instances include with extra AWS Nitro System and Graviton4 security capabilities, and they completely encrypt all high-speed physical hardware interfaces.
This new instances are an even better host for these applications because they come in twelve sizes, giving you the option to scale up (using a larger instance) or scale out (using multiple instances). They also give you more flexibility for memory-bound workloads that are currently running on different instances.
The X8g instances vs X2gd instances
It offer three times as much memory, three times as many virtual CPUs, more than twice as much EBS capacity (40 Gbps vs. 19 Gbps), and twice as much network bandwidth (50 Gbps vs. 25 Gbps) as the previous generation (X2gd) instances.
With 160% more memory bandwidth and twice as much L2 cache per core as the Graviton2 processors in the X2gd instances (2 MiB vs. 1 MiB), the Graviton4 processors within the X8g instances can achieve up to 60% better compute performance.
The 5th generation of AWS Nitro System and Graviton4 processors, which include additional security features like Branch Target Identification (BTI) to protect against low-level attacks that try to disrupt control flow at the instruction level, are used in the construction of the X8g
ENA, ENA Express, and EFA Enhanced Networking are supported by the instances. The following table shows that they support all EBS volume types, including io2 Block Express, EBS General Purpose SSD, and EBS Provisioned IOPS SSD, and that they offer a sizable amount of EBS bandwidth.
Now let’s examine a few use cases and apps that can utilize up to 3 TiB per instance and 16 GiB of RAM per vCPU:
Databases: SAP HANA and SAP Data Analytics Cloud can now manage heavier and more ambitious workloads thanks to X8g instances. When compared to the same workloads operating on Graviton3 instances, SAP has measured up to 25% greater performance for analytical workloads and up to 40% better performance for transactional workloads when running on Graviton4 powered instances. SAP may now use Graviton-based utilization to even larger memory-bound solutions.
Workloads related to Electronic Design Automation (EDA) are essential to the process of developing, testing, confirming, and implementing new chip generations, such as Inferentia, Trainium, Graviton, and those that serve as the foundation for the Nitro System.
In order to take advantage of scalability and elasticity and provide the right amount of compute power for every stage of the design process, AWS and numerous other chip makers have selected the AWS Cloud for these workloads. Because they are not waiting for outcomes, engineers are able to develop more quickly as a result. This is a long-term image from one of the clusters utilized in late 2022 and early 2023 to support Graviton4 development. As you can see, this cluster operates at a very high scale, reaching peaks up to five times the typical usage.
Periodic spikes in daily and weekly activity are evident, followed by an increase in overall usage throughout the tape-out phase. Since the cluster’s instances are on the larger end of the size range, the peaks signify several hundred thousand cores that are operating simultaneously. Without having to make a specific hardware investment, it may achieve unparalleled scalability because to this capacity to spin up compute when needed and down when not.
With the support of the new X8g instances, AWS and its EDA clients will be able to execute even more workloads on Graviton processors, which will save costs and energy consumption while also accelerating the release of new products.
Accessible Right Now
X8g instances are currently offered in On Demand, Spot, Reserved Instance, Savings Plan, Dedicated Instance, and Dedicated Host forms in the US East (North Virginia), US West (Oregon), and Europe (Frankfurt) AWS Regions.
Read more on govindhtech.com
#AmazonEC2X8g#Graviton4Memory#AWSInstances#Graviton3instances#L2cache#DDR5memory#Graviton4basedEC2instances#aws#news#Gravitonprocessors#AWSCloud#ElectronicDesignAutomation#AmazonElasticComputeCloud#EDA#AmazonEC2#technology#technews#govindhtech
1 note
·
View note
Text
Amazon GuardDuty EC2 Runtime Monitoring is now available
AWS GuardDuty EC2
Amazon GuardDuty is an intelligent threat detection and security monitoring service that leverages machine learning (ML) to analyse and process a variety of AWS data sources. It also continuously scans your workloads and AWS accounts for malicious activity and provides comprehensive security findings for visibility and remediation.Image Credit to AWS
He adores the GuardDuty Runtime Monitoring tool, which examines file, network, and operating system (OS)-level events to identify possible runtime risks for certain AWS workloads in your environment. In March 2023, he initially announced that this capability will be available to all Amazon Elastic Kubernetes Service (Amazon EKS) resources. Seb reported about the preview for workloads on Amazon Elastic Compute Cloud (Amazon EC2) in November 2023, as well as the extension of the Runtime Monitoring functionality to include threat detection for AWS Fargate and Amazon Elastic Container Service (Amazon ECS).
AWS is pleased to announce today the general availability of Amazon GuardDuty EC2 Runtime Monitoring, which continuously monitors VPC Flow Logs, DNS query logs, and AWS CloudTrail management events to enhance threat detection coverage for EC2 instances at runtime and supplement the anomaly detection already offered by GuardDuty. You may now see actions at the OS and container levels as well as on-host information about risks that have been identified.
You can recognise and address any attacks that might target the computing resources in your EC2 workloads with GuardDuty EC2 Runtime Monitoring. Remote code execution that results in the download and execution of malware is a common threat to EC2 workloads. Those that are connecting to IP addresses linked to cryptocurrency-related activities or to IP addresses used by malware for command-and-control might be instances or self-managed containers in your AWS environment.
You may identify risks during the early breach and before they become events that have a significant effect on your organisation by using GuardDuty Runtime Monitoring, which gives you insight into suspicious actions that entail malicious file downloads and execution at every stage. AWS Organisations simplifies security by centrally enabling runtime threat detection for accounts and workloads.
AWS GuardDuty’s EC2 Runtime Monitoring
In the GuardDuty console, you may activate GuardDuty EC2 Runtime Monitoring with a few clicks. Runtime Monitoring must be enabled before using it for the first time.
For a duration of thirty days, any client who has never used the EC2 Runtime Monitoring function before may test it out for free and access all features and detection results. The number of days remaining in the free trial is shown on the GuardDuty interface.
At this point, you may configure the GuardDuty security agent for each specific EC2 instance that you want to keep an eye on in terms of runtime behaviour. The GuardDuty security agent may be installed manually or automatically. Enabling Automated agent setup at GA is an option that most clients choose since it lets GuardDuty handle the security agent on their behalf.
Using an Amazon Virtual Private Cloud (Amazon VPC) interface, the agent will be installed on EC2 instances using AWS Systems Manager and will collect runtime events related to your resource. See Managing the security agent Amazon EC2 instance manually in the AWS documentation if you want to manually administer the GuardDuty security agent. Delegated GuardDuty administrator accounts use AWS Organisations to administer their member accounts in multi-account scenarios.
The covered EC2 instances list, account ID, coverage status, and whether the agent is able to receive runtime events from the appropriate resource are all shown on the EC2 instance runtime coverage tab after you activate EC2 Runtime Monitoring.
You still have defence in depth for your EC2 instance even if the coverage state is Unhealthy, which indicates that it is not presently able to receive runtime discoveries. GuardDuty keeps an eye on AWS CloudTrail, VPC traffic, and DNS logs related to the EC2 instance in order to continue providing threat detection services.
View the results of the GuardDuty EC2 Runtime security audit
You may check the specifics of the healthy information when GuardDuty produces security findings and identifies a possible danger.
To see security findings unique to Amazon EC2 resources, choose Findings from the left pane. The results table may be filtered using the filter bar according to certain parameters, such the Resource type of Instance. Depending on the resource role that is, whether the EC2 resource was the actor conducting the activity or the target of suspicious behaviour the results’ specifics and degree of severity vary.
With today’s release, they enable more than thirty runtime security discoveries for EC2 instances, including the identification of backdoors, exploited domains, cryptocurrency-related activities, and unsanctioned communications.
Address the EC2 security issues you found
To learn more, choose each EC2 security finding. You may look up all the details related to the discovery and check to see whether the resource in issue is acting as you would anticipate.Image credit to AWS
Suppression rules or trusted IP lists may be used to stop false positive alerts for that resource if the activity is allowed. The best course of action in terms of security is to presume that the instance has been hacked if the behaviour is unexpected and follow the steps outlined in the AWS documentation under Remediating a possibly compromised Amazon EC2 instance.
AWS Security Hub and Amazon Detective are two more AWS security services that can be integrated with GuardDuty EC2 Runtime Monitoring. Alternatively, you may utilise Amazon EventBridge, which enables you to initiate automatic and semi-automated actions, such isolating a workload for inspection, or leverage connectors with security event management or workflow systems, like Splunk, Jira, and ServiceNow.
You may quickly and simply examine security vulnerabilities by using Detective-created visualisations for AWS services when you choose examine with Detective.
Important information
Support for GuardDuty EC2 Runtime Monitoring for EC2 instances running Amazon Linux 2 or Amazon Linux 2023 is now available. It is possible to set the agent’s maximum CPU and memory restrictions.
Select use in the left pane to get an estimate of GuardDuty’s typical daily use charges. You may get an idea of how much things will cost you beyond the trial time during the 30-day free trial period. They charge you for the monitoring agents based on the number of vCPU hours recorded each month after the trial period ends.
You may save money on your GuardDuty costs by turning on EC2 Runtime Monitoring as well. You won’t be charged for GuardDuty fundamental protection VPC Flow Logs obtained from the EC2 instances hosting the security agent while the functionality is activated. This is because the security agent has comparable, but more contextualised, network data accessible. Furthermore, even in the event that an agent encounters outage, GuardDuty will continue to scan VPC Flow Logs and create pertinent discoveries, ensuring that you continue to get network-level security coverage.
Currently accessible
With the exception of AWS GovCloud (US) Regions and AWS China Regions, Amazon GuardDuty EC2 Runtime Monitoring is now accessible in all AWS Regions where GuardDuty is provided. Please see the complete list of regions where EC2 Runtime Monitoring is offered.
Read more on govindhtech.com
#amazon#ec2#aws#machinelearning#amazonelasticcomputecloud#eks#amazonguardduty#technology#technews#news#govindhtech
0 notes