#695: AWS News Update, November 18, 2024

A

This is episode 695 of the AWS podcast, released on November 18th, 2024. Hello everyone and welcome back to the AWS Podcast. Simon Lew with you. Great to have you back, joined by one of my illustrious co hosts, Jillian Ford. G'day, Jillian. How you doing?

B

Simon? It's always fun to be here on the update show and it always feels good when I'm not doing it because I feel imposter when you're not here and I have to like try to pretend to do the intro.

A

You do a fine job. You just can't make good kangaroo and koala references. So which is understandable. That's okay. And we're missing Shruti today. She is so ensconced in Reinvent preparations I can't even is, I think what the youngsters would say these days. So we wish her well.

B

Yeah, which speaking of Re Invent, we are less than a month out.

A

Yep, yep, less than a month out. And we'll be covering every day of Re Invent. So we'll be doing the Monday Night Live, we'll be doing all the keynotes, so remember, you can keep up to date. Obviously there'll be lots of coverage of Re Invent through many channels, but I know a lot of listeners and a lot of folks who don't listen often will often just listen to the Reinvent episodes to get an update. We will be recording, editing and releasing those pretty much an hour or two after the event or maybe a little bit longer, just depends on when I get to it. But we will be covering it during the week, so look forward to that. But we have so many updates this week it's pretty busy and I would say none more than the topic of analytics. So that's where we're going to start. Amazon Quicksight now supports some new client credential OAuth processing through the API and the CLI for both Snowflake and Starburst, which in a way sounds like, you know, delicious lollies and ice cream so you can have both. Another update is for Amazon OpenSearch service. It has launched a next generation UI for enhanced exploration and collaboration. So this lets you get insight into cross data spanning managed domains and serverless connections from a single endpoint. Now the launch also includes workspaces to enhance collaboration and productivity and allows teams to create dedicated spaces. Discovery is revamped to provide a unified log exploration experience supporting languages like SQL, my old favorite, and piped processing language. PPL haven't played with that myself. In addition, I should say to DQL and Lucene and lots of new features and a new visual design as well. Autocomplete, there's just so much stuff. So if you use the OpenSearch service you should have a look. And if you're using OpenSearch, you'll also be happy to know that there are extended support dates specified for different engine versions, so make sure you check that up to see when you need to Upgrade. And Amazon OpenSearch Service now also supports dedicated coordinator nodes. Now these are really useful because they relieve data nodes from the responsibility of traffic coordination and hosting of the dashboards and a whole bunch of other stuff. It also reduces the number of private IP addresses that you need to reserve in your VPC domains, which for some folks they're a little bit squished on the IP perspective. So that can be really useful. Something really useful and I think pretty cool for Amazon msk. So that's managed streaming for Apache Kafka is something called Express Brokers which are now generally available. Now this is a new broker type for Amazon MSK provisioned designed to deliver up to three times more throughput per broker. That's pretty good. They scale up to 20 times faster and they reduce recovery time by 90% compared to standard Apache Kafka brokers. So this is a really nice way to get a performance improvement. Again, always look at your architecture for opportunities to improve performance. It's often not even having to make a big change to get a big benefit. Speaking of Amazon msk, it now supports new managed streaming for Apache Flink blueprints to generate vector embeddings using Amazon Bedrock, which makes it easier for you to build real AI applications powered by up to date contextual data. So it's helped you get up and going just a few clicks. Now something I like is saving money. I think it's important to optimize your architecture. And the new Kinesis Client Library 3.0 reduces stream processing compute costs by up to 33% compared to previous versions. Now this also introduces a enhanced load balancing algorithm that continuously monitors resource utilization of the stream processing workers and automatically redistributes the load from overutilized workers to underutilized workers. So you get nice even CPU utilization across the top. Additionally, KCL3 is built with the AWS SDK for Java 2. X so you get improved performance and security features and you have no dependency on AWS SDK for Java 1. X upgrade is my summary for that one. AWS has announced CSV result format for Amazon Redshift Data API and we're also happy to announce the general availability of auto copy for Amazon Redshift. Now this simplifies data ingestion from S3 into Amazon redshift. It lets you set up continuous file ingestion for your Amazon S3 prefix and automatically load new files to tables in your Amazon Redshift data warehouse without any additional tools or custom solutions. So don't have to build your own pipeline, it just happens. And AWS has also announced Amazon Redshift integration with Amazon Bedrock for generative AI. So you can now leverage your large language models from simple SQL commands alongside your data in Amazon Redshift. So you can do things like language translation, text summarization, text generation, classification, whole bunch of stuff using very popular foundation models like Anthropic, Claude, Amazon Titan, Llama 2, Mistral, AI, et cetera et cetera et cetera. And you can even use deliciously nice SQL commands like Create external model to point a LLM to your particular database. And Amazon Redshift has been very busy. They've also introduced incremental refresh on materialized views for data lake tables. So this lets customers improve query performance for their data like queries in a cost effective and efficient manner. Basically by enabling incremental refresh for materialized views, customers can maintain up to date data in a more efficient and affordable way. Speaking of efficient and affordable, we're also announcing Redshift Serverless with AI driven scaling and optimization. Now Amazon Redshift Serverless uses AI techniques to automatically scale with workload changes across all key dimensions. So these are things like data volume changes, number of concurrent users and query complexity. And our own internal tests demonstrate that this optimization can provide you up to 10 times better price performance for variable workloads without manual intervention. Again one of those great opportunities to do things better. Amazon EMR 7.3 now provides enhanced protection for in transit data, so this allows you to to have in transit encryption for 22 endpoints used with open source engines like Apache, Hadoop, Hive, HBase and Flink. Amazon Datazone now supports a meaning based semantic search so this improves the way your users can search and discover your assets. So you can search by concepts and related terms in addition to the existing keyword terms. And Amazon datazone has updated its pricing and has removed the user level subscription fee. Customers will no longer be charged monthly subscription fees for every configured users. Instead Amazon datazone now offers pay as you go model where you are charged only for the resources that you use. And they have also reduced the price for metadata storage from $0.417 per gig to $0.4 per gig or $0.40 per gig. And Amazon data Zone has expanded data access with tools like Tableau, Power BI and more. So you can now seamlessly access and analyze any data governed by Amazon datazone using just a standard JDBC connection with your preferred tool. And speaking of data management, we're happy to announce AWS cleanroom's ML supports privacy, enhanced model training and inferences, so this lets you generate predictive insights with your partners running your own machine learning models and using their data in a Cleanroom collaboration. With this launch, companies and their partners can train ML models and run inference on collective data sets without having to share sensitive data or proprietary models, which is pretty cool. And AWS Clean Rooms has also launched Spark SQL support with configurable compute size. So now you can create a clean room collaboration using the Spark analytics engine and have support for workloads of different sizes with configurable instance types at query runtime. That was a lot of analytics. Let's have a quick update on the topic of application integration and I'm a big fan of this particular one, so I'm going to spend a bit of time at it. AWS AppSync has launched a new serverless WebSocket API to power real time web and mobile experiences at any scale. So this is called AWS AppSync Events and it's a new solution for building secure and performance serverless WebSocket APIs to power real time web and mobile experiences at any scale. So this lets you easily broadcast real time event data to a few or millions of subscribers using secure and performance serverless website socket APIs without the need to manage connections or resource scaling. Typical solutions for building real time web and mobile applications at scale like periodic Polling or self managed websockets. High operational overhead. It's not easy. It can be inefficient. You can get latency. You can get high cost. Now developers just want to be able to publish events and subscribe to real time updates without the complexities of deploying all that stuff. Now you can do it. So if you're receiving live sports scores and stats, or exchanging group chat messages or getting notifications on prices and inventory levels, you can just deploy the API, you pay for what you use and you can use standard web APIs to interact with your WebSocket. With AppSync events there's no API code required to get started so you can create production ready real time web and mobile experiences in just minutes. I'm pretty excited about this because I love websockets. I hate building them. So now I don't have to worry.

B

Now before I get into artificial intelligence, I definitely want to call out going back to that Amazon MSK launch that was happening for vector embeddings. And so this one's for really all of the architects who are listening. Like as you can probably see by now, Generative AI is the new three tier web app. So keep looking out for not just launches within Amazon Bedrock, SageMaker, the predictable AI services, but other services that support the well architected principles that you can start to apply as you think about how do you design these well architected generative AI applications? And I think that MSK1 for these live streaming applications is just one example of that. So now let's talk artificial intelligence. Amazon Bedrock prompt management is now generally available and this definitely goes on the theme of how do you go from hello world of using large language models to actually having something that works in production production ready. So what is prompt management? Well, this gives you the ability to easily run prompts that are stored in your AWS account. The Amazon bedrock runtime APIs, the converse and Invoke model. They now support executing a prompt using a prompt identifier. Then while you're creating and storing these prompts, you can now specify the system prompt. So that's like the prompt that happens before the user's prompt. Definitely recommend everyone changing the default system prompt to something that's relevant to your use case. Multiple user assistant messages. So those are the ones that are after the system prompt and then the tool configuration in addition to the model choice and inference configuration. These are available in preview and this enables advanced prompt engineers to leverage function calling key capabilities provided by certain model families such as the Anthropic CLAUDE models. You can now store prompts for Bedrock agents in addition to foundation models, and we've also introduced the ability to compare two versions of a prompt to quickly review the differences between versions. We now support custom metadata to be stored with the prompts via the Bedrock SDK, enabling you to store metadata such as authorization team department to meet your enterprise prompt management needs. Anthropic's Claude 3.5 Haiku model is now available in Amazon Bedrock. This now generally available so 3.5 Haiku is the next generation of Anthropic's fastest model, combining rapid response times and improved reasoning capabilities, making it ideal for tasks that require both speed and intelligence. With improved instruction following and more accurate tool use, Cloud 3.5 haiku is well suited for entry level user facing products, specialized sub agent tasks and generating personalized experiences for huge volumes of data like purchase history, pricing or inventory. Note that 3.5 haiku is in currently available in US West 2 that's the Oregon region and US East 1 Northern Virginia. Sorry all those who want it in other regions, but stay tuned because this moves so fast it might change by the time this gets released. Reinvents coming up, but just know that before you start using it in other regions. Fine tuning for Anthropic's Claude 3 haiku model in Bedrock is now generally available. So Bedrock is the only managed service that provides you with the ability to fine tune Claude models. By providing your own task specific training data set, you can fine tune and customize Claw to three Haiku to boost model accuracy, quality and consistency. To further tailor Generative AI for your business One thing I want to call out before I continue here is I definitely encourage you to not just only test 3.5 haiku, but within the Bedrock console there is a way that you can easily test multiple models against each other. I know a lot of people want to see compare the latency, compare the accuracy. So I definitely encourage you to do your own experimentation first in the console and then you can go and look at how do you actually write the code to make it something that is production ready. Amazon Bedrock now enables customers to allocate and track on demand foundation model usage. Customers can categorize their Genai inference costs by department, team or application using AWS cost allocation tags. You can leverage this feature by creating an application inference profile and tagging it it. We're also excited to announce the general availability of six highly expressive Amazon Poly generative voices in English, French, Spanish and German. Amazon Q Business adds a simplified setup and a new web app experience with this launch, administrators can provide end users with the web app even before they're indexing their internal corporate knowledge for use with Amazon Q Business. This allows end users to ask questions based on local files or world knowledge right away, providing immediate value for their jobs. Amazon Q Developer Announces Support for Inline Chat to streamline the developer experience. With this capability you can select a section of code that you need assistance with and initiate chat within the editor to request actions such as optimize this code, add comments, or write tests.

A

That's a really useful one I reckon, because that was where I was. I was losing flow and I gotta say I don't code without AI now.

B

Like, oh, I don't think anyone does.

A

This is our role.

B

Yeah, it is the future.

A

Well, I think. One of the useful things for developers particularly, and again, it depends where you are in your career. But for the more experienced developer, you kind of know what you want. And I can happily not write the same code I've written for the last 30 years. I'd much rather say, hey, write the thing that does this. Now optimize this. No, change it to do that. Okay, that looks good. It's like, it's nice.

B

It really is. Yeah. Productivity enhancement. Seriously, big time and more productivity enhancements. SageMaker Notebook instances now support Jupyter Lab 4 Notebooks AWS supply chain now offers embedded analytics powered by Amazon Quicksight. We are also announcing that Health Imaging has made some enhancements that better handle lossy compressed medical imaging data. So some medical images such as whole slide microscopy, ultrasound and cardiology, they utilize lossy image compression. And with this feature, Health Imaging better supports lossy encoded data and helps lower storage costs. We've got one quick update in business applications, Amazon WorkMail now supports multifactor authentication through integration with AWS IAM Identity Center.

A

Alrighty, let's talk compute EC2 auto scaling has introduced provisioning control on strict Availability Zone balance. So this lets you strictly balance your workload across Availability zones. So previously if you wanted to strictly balance, you had to override some default behaviors and you had to do some custom code and use lifecycle hooks and do stuff. Now you don't need to. You just say hey, here's what I want it to be. Make it so if you're not using multiple Availability zones, you need to it is very important and as part of your high availability design profile, AWS has announced the availability of Microsoft Windows Server's 2025 images on Amazon EC2. So this is really handy for starting to test your upgrade path, seeing what applications work, what don' work, et cetera. I know I have a lot of customers who sort of eagerly await the latest AMI of the next version so they can start their qualification process. One of the benefits of the cloud is you don't have to update everything. You can create a new environment and test that out. Amazon EC2 auto scaling now supports final validation time, for instance refresh. So this gives you time to conduct necessary validation or testing, ensuring the successful deployment of new EC2 instances to your auto scaling group before an instance refresh is marked successful. Amazon EC2 Mac instances now support Apple macOS Sequoia, so if you want to get that version up and running, you can. And AWS has introduced service versioning and deployment history for Amazon ECS services, so now you can view the deployment history of your long running applications deployed as your Amazon ECS services so it's easy to track and view changes and understand what's going on and debug any deployment failures. AWS Lambda now enables you to natively capture application logs in JSON structured format for Lambda functions that use. NET Lambda managed runtime. JSON format allows logs to be structured as a series of key value pairs, which means you can easily search, filter and analyze large volumes of logs. Previously we had support for natively capturing application logs and system logs in JSON for Python, Node JS and Java. Now net you can have it as well. AWS has enhanced the Lambda application building experience with VS Code IDE and AWS Toolkit, so there is a new getting started experience and the experience streamlines the code test, deploy, debug cycle gives you a walkthrough, et cetera, and it gets you up and running both in terms of your local environment and your extension. And you'll get a run through of all the steps you need to take advantage of. And you can take advantage of the easy access buttons for one click build, deploy to cloud, local or remote invoke and integration with the AWS Infrastructure Composer, which gives you a visual application building experience directly from the ide. You have to try that one. I've been using it in the console, but I think I'm going to use it on the IDE now. And we're also happy to announce that AWS Lambda now supports the AWS Fault injection service Actions Now. FIS is a fully managed service running controlled fault injection experiments which lets you see what happens when things go bump in the night. If you have a highly available application, you should test it. This is a great way to test it and you can now verify the response of your application to Lambda errors for all language runtimes without code modification and you can understand what's going on. So for example, you could return a custom HTTP status code via the API gateway or add 1 second of startup delay to 1% of invocations and just see what happens. It's always interesting some updates in the topic of customer engagement Amazon Simple Email Service SES now allows customers to provide email templates directly the Send Bulk email or Send Email API request and SES will use the provided inline template content to render and assemble the email content for delivery, reducing the need to manage template resources in your SES account. There are also three enhancements for SES Mail Manager to improve interoperability, security and compliance. The first adds support for authenticated connections to ingress endpoints via TCP port 587. So that's the email submission port. The second introduces verified customer identity enforcement when using Mail Manager SMTP relays and enables customers to create rule conditions in which MIME headers can be searched and used for logic routing. And the final enhancement enables message envelope search for Mail Manager archives, which means you can differentiate between named and blind copied recipients when searching and exporting archived messages. And finally, on this topic, Amazon Connect now enables you to request callbacks from chats and tasks in addition to voice calls. So, for example, if a customer reaches out after hours and there's no agent available, they can request a callback by sending a chat message or completing a web form request. And they get a call when folks.

B

Are back now onto databases, Amazon Aurora Postgres Limitless Database is now generally available. I'm just dying to know of some use cases where people have really tried to push the limits of limitless database. This just sounds so wild. With this new capability, you can scale your relational database workloads on Aurora beyond the limits of a single Aurora Writer instance without needing to create custom application logic or manage multiple databases. Amazon Aurora postgres Limitless Database makes it easy for you to scale your relational database workloads by providing a serverless endpoint that automatically distributes data and queries across multiple Aurora serverless instances while maintaining the transactional consistency of a single database. That still just like blows my ride. I'm sorry, you have multiple writers, maybe just like distributed all over the place and being able to maintain that transactional consistency. I just don't understand the engineering behind it.

A

It's pretty magical. We have an episode coming up diving into that one.

B

Ooh, well, I'll definitely be listening to that one.

A

Yeah.

B

And Aurora postgres Limitless Database. It offers capabilities such as distributed query planning and transaction management, removing the need for you to create custom solutions or manage multiple databases to scale as your workload increase. Aurora postgres Limit Database adds additional compute resources while staying within your specified budget, so there is no need to provision for peak and computer automatically scales down when demand is low. Wow, I am really excited for whenever that episode comes out. That is so cool. And another one on Aurora so Aurora has announced rolling upgrade support for operating system upgrades. Aurora now seamlessly upgrades the OS version of Aurora Database Clusters while maintaining read access to the data. When using Aurora Cluster or Reader Endpoint, the feature automatically applies upgrades to a few reader instances at a time so the database can continue serving read traffic for clusters with more than one reader instance. Now you don't have to worry about forgetting.

A

We don't want to forget.

B

That's right. Amazon Keyspaces for Apache Cassandra is a scalable, serverless, highly available and fully managed Apache Cassandra compatible database Service that offers 99.999% availability and this now supports user defined types. So user defined types. If you are curious of what that is, you can continue using any custom data types that are defined in your Cassandra workloads and key spaces without making schema modifications. So with this launch you can use user defined types in the primary key of your tables, allowing you to index your data or more complex and richer data types. This also allows you to create data models that are more efficient and similar to the data hierarchies that exist in real world data. Amazon Elasticache for Valky as new CloudWatch metrics to monitor server side response time. Amazon RDS for SQL Server now supports minor versions in October 2024. Amazon RDS for Oracle now supports October 2024 release update. Amazon RDS Performance Insights now supports Data API for Aurora, MySQL Gillian Given all.

A

The updates for support for RDS, SQL Server and Oracle, et cetera, it's our regular reminder to patch your stuff One of the biggest challenges I see for organizations is they stop patching, forget to patch, don't patch what have you, and then they get bitten by that. One of the beauties of RDS is it lets you automate that process so you can have minor updates happening automatically. You can automate major updates as well. So just a friendly reminder to click that button that lets you do the updates.

B

But then we're not going to get the reminder from you cy. We're going to miss it.

A

I wish, I wish for that day. I don't have to remind people. Let's talk developer tools. AWS CodePipeline open source starter templates for simplified getting started experiences are available. These allow you to view the cloudformation templates that power the different pipeline scenarios available in CodePipeline. So if you're new to it, you can understand how it works. If you want to change stuff, you can, which is nice. AWS CodeBuild now supports additional compute types for reserved capacity so you can select up to 98 VCPUs and 192 gig of memory to build and test your software applications. And AWS CodeBuild now supports retrying builds automatically so this reduces manual intervention upon build failures so you can configure a retry limit and it'll automatically retry failed builds to that limit. So this is useful for stuff that you know has issues sometimes, but a retry often fixes. It may be useful to you. Again, we don't create these things because people don't want them. We create them specifically because people ask them. In fact, over 90% of our roadmap comes from customer feedback. So someone has said. Probably a few people have said, hey, this would really help an update now for End User Computing Amazon Workspaces WSP enables desktop traffic over TCP UDP port 443. You'd be very familiar with that. This feature will be used automatically and you need no configuration changes. If you are a Customer using port 4195, you can continue to do so. The Workspaces client application prioritizes UDP or QUIC for optimal performance, but will fall back to TCP if UDP is blocked. The Workspaces web client will connect over either TCP port 4195 or 443. If 4195 is blocked, it'll go to 443. Most places have 443 open because that's the way things work. Let's talk about front end web and mobile and this one I'm going to call it. Now, before we even get to the end of the episode, this is my favorite update. We are announcing AWS Amplify integration with Amazon S3 for static website hosting AWS Amplify hosting that integrates with S3 to simplify hosting static website content with just a few clicks. So Amplify Hosting is a fully managed service that makes it easy to deploy your websites on a globally available content delivery network powered by Amazon Cloudfront, allowing secure and performance static website hosting without extensive setup. With this new capability you can select the location of your objects within your S3 buckets, deploy your content to a managed CDN and generate a public HTTPs URL for your website to be accessible anywhere. Amplify Hosting offers CDN hosting for faster performance, simplified custom domain setup, free SSL certificates, redirects environment management and monitoring and logging. It also remembers the connection between your S3 bucket and deployed website so you can easily update your website with a single click when you make changes to website content in your S3 bucket. I'm so excited about this because when I deploy to the web I like to use S3 static websites. I think they are all kinds of awesome, particularly for those little apps that maybe don't get used a huge amount but you want to have them there hard to hack an S3 website and there's no server to manage Amazon Location Service has launched enhanced Places, Routes and Maps functionality which lets you add advanced location capabilities to your application more easily. These are really relevant to location based use cases like healthcare, transportation, logistics and retail. There's also a new streamlined developer experience to make it much easier to use as well.

B

I'm shocked that you already picked your favorite and you haven't even heard Management and Governance yet.

A

I know. Look, I'm worried. I've now set a dangerous precedent and let's face it, they're like children. They're all my favorites.

B

So onto other topics that are Simon's favorite Management and Governance AWS well Architected Adds Enhanced Implementation Guidance this feature provides comprehensive guidance to help customers build and operate secure, high performing, resilient and efficient workloads on AWS. This update includes 14 newly refreshed best practices including the Reliability pillar, representing the first major improvement since 2022. Today, Amazon announces the availability of two new Amazon CloudWatch metrics, volume average Read Latency and Volume Average Write Latency to monitor the performance of your Amazon EBS volumes. You can get insight into the average latency of the IO being driven on your EBS volumes to help root cause any application performance bottlenecks. Amazon announces the general availability of two new CloudWatch metrics to give insight into your application is attempting to drive higher than your Amazon EBS volume's provision performance. These two metrics are Volume IOPS Exceeded Check and Volume Throughput Exceeded Check Monitor. If the Driven IOPS or throughput is exceeding the provisioned performance of your Amazon EBS volume. Amazon Elasticache for Valkey adds new CloudWatch metrics to monitor server side response times. Amazon MemoryDB for Valky now supports Server side Write Request Latency and Read Request Latency metrics. With this launch, you can now measure the server side response time for Valky commands and troubleshoot latency spikes in your memorydb cluster.

A

So now let's talk about the topic of Media Services AWS Deadline Cloud has now added budget related events so you get real time updates of your Deadline Cloud project spend. Now this is a fully managed service that simplifies render management which is a very computational intense process and so understanding where you're at in your budget spend can be really useful as well and you can use it to trigger delivery of notifications to things like email or push notifications, et cetera. Now let's talk migration and modernization. Starting today, the AWS Application Discovery Service Agentless Connector supports the discovery of on premises network connections allowing you to understand your on premises dependencies and plan your migration. With the Agentless Connector, one virtual appliance deployed within your on premises data center can discover and monitor the performance of VMware virtual machines, database metadata and utilization metrics and now network connections so you can understand more information for your migration plan. AWS datasync now offers improved performance, scalability and observability for data transfers between Amazon S3 locations. Now you can use DataSync to move data sets with virtually unlimited numbers of objects between between S3 locations. Faster and easier than ever before. You also get enhanced metrics which makes it even easier to track what is going on in your environment.

B

Now we've got networking and content Delivery. With Amazon CloudWatch Internet Monitor's new traffic optimization Suggestions feature, you can configure your Amazon Route 53 CIDR blocks to map your application's client users to an optimal AWS region based on network behavior year Amazon Route 53 announces HTTPs SSHFP, SVCB and TLSA DNS Resource Record Support Wow.

A

Easy for you to say, easy for you to say.

B

And Amazon cloudfront no longer charges for requests blocked by AWS waf. With this change, customers will never incur request fees or data transfer charges for requests blocked by AWS WAF. Really exciting and AWS announces UDP support for AWS PrivateLink and dual stack Network load Balancers. This launch enables customers who use PrivateLink and clients that use IPv6 to access UDP based applications such as media streaming, gaming, VoIP and other applications. Amazon Virtual Private Cloud launches new Security Group sharing features when using shared vpc. You can now also share security groups with participant accounts in that shared vpc Using shared Security groups. This feature improves security group consistency and simplifies configuration and maintenance for your administrators. AWS Network Firewall now supports configurable TCP.

A

Idle Timeout now let's talk about security, identity and compliance. AWS Security Hub has released seven new security controls, which increases the total number of controls offered to 437. Some of these new ones include controls for SNS, for KMS, also for AppSync and the Elastic File system as well. Amazon Verified Permissions has launched a new API to get multiple policies so customers can now make a single API call that returns multiple policies. So for example, if you want to populate a list of policies that apply to a specific principle or resource. And finally today AWS Payment Cryptography now supports card issuing use cases, so this is additional support for common cryptographic commands used for card issuer processing, including new PIN capabilities for EMV PIN changes, Cardholder Selector pins, and PIN Reveal. The EMV PIN Change feature allows users to create secure payloads to update pins stored in the EMV chip of a credit or debit card, which you're all familiar with. Cardholder Selectable Pins and PIN Reveal enable customers to offer cardholders the ability to set or retrieve pins through a mobile application in a PCI compliant manner with end to end PIN data encryption. With AWS Payment Cryptography, customers can migrate their payment processing workloads to the cloud while leveraging an elastic payment cryptography service that adheres to PCI PIN security requirements My goodness me, Julian, there was a lot of updates today.

B

A lot of updates. So Simon, is that amplify update still your favorite one or are they all your favorite?

A

You tempted me with some of those management and compliance updates, but that still remains my favorite of the day. What about you Gillian? What really caught your attention?

B

Well, I'm definitely excited for the Claude 3.5 haiku being available and being able to fine tune Haiku in Bedrock Seeds. A lot of people want to be able to use models that are fast, want to be able to customize it for their own use case. So I'm definitely excited to see what people use.

A

Nice, nice. And how do folks reach out to you?

B

Julian Ford on X Nice.

A

And if you like it old School AWS podcastAmazon.com is the way to do it. And until next time, keep on building.