#709: AWS News: Guard Duty Malware Protection, CloudTrail Network Activity Events - AWS Podcast

Summary6 min read

AWS Podcast Episode #709: AWS News – GuardDuty Malware Protection, CloudTrail Network Activity Events

Release Date: February 24, 2025

In Episode #709 of the AWS Podcast, hosted by Amazon Web Services, Simon Elisha and Hawn Nguyen-Loughren delve deep into the latest updates and innovations across AWS services. This episode focuses on significant enhancements in security, analytics, artificial intelligence, compute, and more, providing valuable insights for developers and IT professionals alike.

1. Major Announcements

a. Amazon GuardDuty Malware Protection for S3 Price Reductions

The episode kicks off with a major update on Amazon GuardDuty, AWS’s threat detection service. Shruti highlights a substantial price reduction, stating:

“We are lowering the price for the data scanned dimension by up to 85%” [00:21].

Key Details:

Price Reduction: Data scanned for GuardDuty malware protection in S3 is reduced from $0.60 to $0.09 per gigabyte in the US East region.
Unchanged Pricing: The cost for objects evaluated remains the same.
Impact: This reduction offers significant savings, especially for organizations handling large-scale file uploads or extensive data processing.
Efficiency Improvements: AWS achieved these savings by enhancing their scanning infrastructure and data processing efficiencies.

This price cut not only makes GuardDuty more accessible but also reinforces AWS’s commitment to providing cost-effective security solutions.

b. CloudTrail Network Activity Events for VPC Now Generally Available

Next, the podcast covers the general availability of CloudTrail Network Activity Events for VPC.

“This helps you strengthen your data security measures and implement detective controls for your private network” – Shruti [01:53].

Key Features:

Enhanced Security: Logs API call activities traversing VPC endpoints, aiding in tracking denied actions and detecting unauthorized external credentials usage.
Compliance: Facilitates meeting compliance requirements by providing detailed audit trails.
Advanced Event Selectors: Allows for sophisticated filtering and monitoring of user activity related to VPCs.
Integration: Combines the functionalities of CloudTrail and VPC to offer a unified view of user activities within virtual networks.

This development is crucial for organizations aiming to bolster their network security and maintain rigorous compliance standards.

2. Additional AWS Updates

a. AWS Marketplace Enhancements

Custom Payment Schedules: AWS Marketplace now supports customized payment plans for private offers, enabling channel partners to add margins and offer installment plans to their customers. This flexibility aids in better financial management and scalability for businesses.

b. Analytics Improvements

Amazon OpenSearch Serverless: Expanded support for time series workloads up to 100 terabytes, catering to large-scale data analysis needs.
Amazon Redshift Serverless: Reduced IP address requirements to 3 per subnet, simplifying network configurations.
QuickSight Dashboard Q&A: Introduced to allow authors to add data Q&A features to dashboards with a single click, enhancing data interaction and visualization.
AWS Glue: Now boasts 14 new native connectors for applications like Salesforce Commerce Cloud, Microsoft Teams, and DocuSign, broadening data ingestion capabilities.

c. Application Integration Enhancements

AWS AppSync:
- Resolver Testing: Enhanced with comprehensive context object mocking for more robust testing.
- Operation-Level Caching: Enables caching of entire GraphQL query responses, improving performance.
- CDK L2 Constructs: Simplifies the creation of WebSocket APIs.
AWS Step Functions:
- Additional Data Sources: Supports more flexible data handling for distributed workflows.
- Increased Quotas: Raises the default quota to 100,000 state machines and activities per AWS account.
Amazon EventBridge: Now displays source and detail types of all AWS service events within the console, streamlining rule creation.

d. Artificial Intelligence Advancements

Amazon Q Developer:
- Java 21 Support: Facilitates leveraging the latest Java features for enhanced performance and security.
- Simplified Setup: Redesigned workflow for Pro tier subscriptions, making it more user-friendly.
- Enhanced Troubleshooting: Diagnoses AWS console errors across all commercial regions.
- Real-Time Code Validation: The Developer Agent now builds and tests generated code on the fly, ensuring higher quality outputs.
Amazon Personalize: Now supports IPv6, addressing modern networking requirements.
Amazon Polly: Launched a new voice in Singaporean English, catering to regional customer bases.
AWS HealthScribe: Supports the GIRPP format for behavioral health, improving data handling in healthcare applications.

e. Compute Innovations

AWS Lambda: Introduces application performance monitoring for Java and .NET runtimes via application signals.
Amazon EC2:
- New Instance Sizes: General availability of smaller F2.6xlarge instances.
- Automated Recovery: Supports automated recovery of Microsoft SQL Server databases using EBS snapshots.
AWS Batch: Enhances access control and management for workloads on EKS.
Amazon ECS: Allows updating services using both short and long Amazon Resource Names (ARNs) without recreating the service.

f. Customer Engagement Tools

Amazon SES: Offers tiered pricing for the Virtual Deliverability Manager, optimizing email deliverability management costs.
Amazon Connect Contact Lens:
- Automated Actions: Create rules based on customer hold time and agent interactions.
- Performance Dashboards: Aggregated insights on agent performance.
- Automated Emails: Notifies agents about completed performance evaluations.
Amazon Connect Cases:
- Conditionally Required Fields: Ensures necessary information is captured based on case status or type.
- Granular Search: Enhances search capabilities and customizable case list views.

g. Database Enhancements

Amazon DynamoDB: Now supports auto-approval of quota adjustments, streamlining scalability.
Amazon CloudWatch: Introduces lock contention diagnostics for Aurora PostgreSQL, assisting in pinpointing performance issues.
Amazon DocumentDB: Offers one-click connectivity with Cloud Shell, simplifying database management.
Amazon RDS:
- MySQL & PostgreSQL: Extended support for minor versions, emphasizing security and bug fixes.
- SQL Server & Oracle: New minor versions support and enhancements like extended storage options in RDS Custom for SQL Server.

h. Developer Tools Upgrades

AWS Toolkit for Visual Studio Code: Now supports Amazon DocumentDB with MongoDB compatibility, enhancing developer workflows.
AWS CodePipeline: Adds CloudWatch metrics support for better pipeline monitoring.
AWS CodeBuild: Integrates with BuildKite, facilitating continuous integration processes.

i. End User Computing Enhancements

Amazon AppStream 2.0: Adds administrative control over OneDrive for Business linking, improving data management.
AWS Wickr: Introduces a dedicated space for organizing and accessing files, enhancing user collaboration.

j. Management and Governance

CloudWatch Application Signals: Now supports runtime metrics for .NET applications without source code changes, enabling better performance monitoring.
AWS CloudFormation:
- Stack Refactoring: Simplifies reorganizing cloud resources across stacks.
- Support for AWS Transfer Family Web Apps: Broadens the scope of resources manageable via CloudFormation.
AWS Config: Adds support for four new resource types, enhancing auditing and remediation capabilities.
Cost Optimization Hub: Introduces recommendations for idle EC2 auto-scaling groups and right-sizing strategies.

k. Media Services

AWS Elemental MediaTailor: Expands log delivery destinations, improving media monitoring.
AWS Deadline Cloud: Now supports Adobe After Effects and configurable resource limits, optimizing media production workflows.

l. Networking and Content Delivery

AWS Network Load Balancer: Enables removal of Availability Zones, providing greater flexibility in application stack management.

m. Security, Identity, and Compliance

AWS Secrets and Configuration Provider: Integrates with POD Identity for Amazon EKS, enhancing secret management.
Amazon Inspector: Enhances container image scanning security.
AWS IAM:
- Encrypted SAML Assertions: Adds support for secure identity federation.
- Improved Error Messages: Offers better clarity in provisioning issues.
AWS Verified Access: Launches zero trust access for resources over non-HTTP protocols, strengthening security postures.

3. Storage Innovations

Amazon EBS:
- Snapshot Size Information: Now fully visible in the console and API.
- Resource-Level Permissions: Offers granular controls for volume creation from snapshots.
Amazon FSx:
- Lustre Version Upgrades: Allows file systems to benefit from the latest enhancements.
- IPv6 Support: Standardizes applications using IPv6 with dual-stack endpoints, addressing modern networking requirements.
Amazon EFS: Supports up to 10,000 access points per file system, a tenfold increase from previous limits, facilitating large-scale access management.
Amazon Data Lifecycle Manager: Now supports IPv6, aligning with contemporary network standards.

Conclusion

Episode #709 of the AWS Podcast provides a comprehensive overview of the latest AWS service updates, emphasizing security enhancements, cost optimizations, and expanded capabilities across various domains. With significant price reductions in GuardDuty, enhanced monitoring in CloudTrail, and numerous advancements in analytics, AI, compute, and storage, AWS continues to empower developers and IT professionals to build robust, scalable, and secure cloud solutions.

Stay tuned for more in-depth discussions and updates in future episodes, and keep building with AWS!

Loading summary

Transcript13 lines

[00:00]
A
This is episode 709 of the AWS podcast released on February 24, 2025.
[00:10]
B
This is the AWS Podcast. I am joined by Shruti today with the Update Show. Shruti, how you doing?
[00:19]
A
Good. Excited for this one.
[00:21]
B
Always excited for an update show. And we've got a new format that we are rolling out. Of course we always welcome feedback so please send us some feedb. The first top story that we are going to cover before you run through all the Updates is Amazon GuardDuty malware protection for S3 which has recently announced price reductions. Yay. And they're starting by starting at 85%. This we all love talking about any price reductions and over the past few months we've made improvements to our scanning infrastructure and data processing efficiencies that allow us to give you back cost savings. Really exciting.
[01:04]
A
Yeah. So you know, let's understand these price changes, just break them down. GuardDuty malware protection for S3 is priced based on two dimensions. One is the number of objects evaluated and the other is the amount of data scanned. So what we are doing is lowering the price for the data scanned dimension. The price for objects evaluated remains unchanged. So as an example we are lowering prices from $0.60 to $0.09 per gigabyte in US East. So that's some serious savings. So even if it's just along one dimension, it's a lot of savings. For those of you who are handling large scale file uploads or just large scale data.
[01:53]
B
Yeah it is. And the next one that we've got is CloudTrail network activity events for VPC. And this is GA. So generally available Network Activity events, these are this helps you strengthen your data security measures and helps you implement detective controls for your private network. So this is going to allow you to be able to log API call activity traversing VPC endpoints, helping you with security to be able to track denied actions or detect when external credentials were used at the VPC endpoint. And great for compliance as well. So for folks that are not familiar with cloudtrail Shruti, how would you describe it to them?
[02:42]
A
Yeah, so Amazon CloudTrail is a service that provided by AWS and it enables you to track your user activity and API usage on aws. And then VPC of course is AWS networking service that lets you create an isolated virtual network in the AWS cloud. So now with this sort of network activity events being generally available for VPC endpoints in cloudtrail, you can get simplified audit trail for all VPC endpoint accesses you can configure to log all your API calls or log only the access denied calls like basically however you want to monitor it and you can use advanced event selectors for additional filtering controls. So yeah, it's sort of two key services and then now they come together or you basically get to see the user activity as it pertains to your vpc.
[03:50]
B
Yeah, really great stuff. Now let's go on to the rest of the updates that we've got to cover today. The first one is an AWS Marketplace. AWS Marketplace now supports custom payment schedules for private offers, which gives channel partners the ability to add margins on private offers with installment plans.
[04:11]
A
This next we have some under analytics Amazon OpenSearch Serverless expands support for time series workloads up to 100 terabytes. Amazon Redshift Serverless announces reduction in IP address requirements to 3 per subnet. QIN Quicksight Dashboard Q and A is now available so Dashboard Q and A by Amazon Q in Quicksight enables Quicksight authors to add data Q and A to their dashboards in just one click. AWS Glue expands connectivity to 14 native connectors for applications Customers can now use AWS Glue native connectors to ingest data from Blackboards, Razors Edge NXT, CircleCI, DocuSign Monitor, Domo Dynatrace Customer Mailchimp, Microsoft Teams Monday Okta Pendo Pipedrive Product Board and Salesforce Commerce Cloud. That was a list of 14. So yep, 14 new native connectors are now supported on AWS Glue.
[05:29]
B
Now speaking of additional integrations, we're going to cover application integration. AWS AppSync now allows you has now enhanced resolver testing with comprehensive context object mocking. This update enables developers to comprehensively mock all properties of the context object during resolver and functional unit testing, including identity information, stash variables and error handling. AWS AppSync GraphQL now offers Operation level caching and this feature allows customers to cache entire GraphQL query operation responses. AWS Step Functions now supports additional data sources and output options for distributed map, enabling more flexible large scale parallel processing workflows. AWS Step Functions has increased the default quota to 100,000 state machines and activities per AWS account. The Amazon EventBridge console now displays the source and detail type of all available AWS service events when you create a rule in the EventBridge console. And last, AWS AppSync releases CDK L2 constructs to simplify creating WebSocket APIs.
[06:41]
A
Awesome. Next up, we have several updates under Artificial Intelligence and many of them are Amazon QT Related Amazon Q Developer now supports upgrade to Java 21 so for developers who are interested in leveraging the enhanced performance, security, interoperability and modern features of Java 21, they can now use the generative AI capabilities of Amazon Q Developer to accelerate code upgrades to Java 21. Amazon Q developer introduces a new simplified setup experience for Pro tier subscriptions the workflow on Amazon Q Console has been redesigned to provide a friendlier two step setup for users or teams that are looking to try out Amazon Q Developer in their integrated development environments. Amazon Q Developer now troubleshoots AWS console errors in all AWS commercial region this is exciting. Amazon Q Developer diagnoses common errors that you might encounter while working with AWS services such as insufficient permissions or incorrect configuration or exceeding service limits and now all of this functionality is supported in all AWS commercial regions. Amazon Q Developer Agent now runs, builds and tests to validate generated code in real time. This new capability detects errors, ensures that generated code is in sync with the project's current state, and accelerates development process by producing higher quality code on the very first iteration. Amazon Q Business introduces orchestration for use user query management. Amazon Personalize now supports IPv6 or Internet Protocol version 6. Amazon Polly launches a new voice in Singaporean English so all of the customers in that region in the Singapore region or ones that are close to that. I think this will be an exciting addition. I know that I like it when I Amazon Alexa talks to me in an Indian accent. AWS healthscribe now supports GIRPP or Goal Intervention Response Progress and Plan format or template for behavioral health.
[09:25]
B
Next topic is Compute AWS Lambda adds application performance monitoring for Java and. NET runtimes via application signals. You can now update your existing Amazon ECS services that use a short Amazon resource name and use a long Amazon resource name without needing to recreate the service. AWS announcing the general availability of a new smaller size of Amazon EC2 F2 instances, which is the F2.6x large AWS batch launches new features for access control and management for AWS batch on eks workloads. Amazon EC2 now supports automated recovery of Microsoft SQL Server databases from volume shadow copy services based on EBS snapshots. Next topic is customer engagement. Amazon SES now offers tiered pricing for a virtual deliverability manager. Amazon Connect Contact Lens now enables managers to create rules based on patterns of customer hold time and agent interaction duration to take automated actions such as categorizing contacts, evaluating agent performance, and notifying supervisors. Amazon Connect Contact Lens now provides a dashboard with aggregated insights on agent performance and evaluations. Amazon Connect Contact Lens can now automatically email agents about completed performance evaluations. Amazon Connect Cases now supports conditionally required fields. So these could be things like a close reason or when a case moves to close status or maybe a product serial number when the issue type is hardware problem. Amazon Connect now supports configuration of which states an agent can be in when adhering to their schedule. So one example is maybe you want to schedule activity work and this could be mapped to multiple agent statuses such as available and back office work. So an agent can schedule work from 8 to 10am and that will be considered adherent. Either they'll be available or back office work status. Amazon Connect now supports agent time off scheduling up to 24 months in the future. And last on connect is Amazon Connect Cases now provides more granular search capabilities and customizable case list views.
[11:53]
A
All right, next up we have a few updates under databases. Amazon DynamoDB now supports auto approval of quota adjustments. Amazon CloudWatch now provides lock contention diagnostics for Aurora PostgreSQL. This feature helps you identify the root cause behind both ongoing and historical lock contention issues within minutes. Amazon DocumentDB now offers one click connectivity with Cloud Shell. Amazon RDS or Relational database service for MySQL announces extended support miner 5.7.44 RDS2025Amazon RDS for PostgreSQL supports minor versions 17.3, 16.7, 15.11, 14.16, and 13.19. We recommend that you upgrade to the latest minor versions to fix known security vulnerabilities in prior versions of PostgreSQL and benefit from the bug fixes added by the PostgreSQL community. Amazon RDS for SQL Server supports new minor version in January 2025. Amazon RDS for Oracle now supports January 2025 release update. Amazon RDS for SQL Server supports new Miner version in December 2024. Amazon RDS Custom for SQL Server supports up to 64 TB and 256,000 IOPS or Input Output Operations per second with I O2 Block Express volumes. Next up we have some updates or actually, yeah, just a couple of updates under Developer Tools AWS Toolkit for Visual Studio Code now supports Amazon DocumentDB with MongoDB compatibility. This integration allows customers to use VS Code to view, create and manage Amazon DocumentDB resources. AWS CodePipeline adds CloudWatch metrics support. AWS Code Build now integrates with BuildKite. Next we have end user computing. Amazon AppStream 2.0 now supports administrative control over admin consent for linking OneDrive for business AWS Wickr now provides a dedicated space to organize and access files. Users can toggle between messages and files tabs to access relevant content and streamline collaboration. Under management and governance, we have a few updates. CloudWatch Application Signals now supports runtime metrics for. NET applications without requiring any source code changes. You can now collect runtime metrics such as garbage collection and heap usage from NET applications, and correlate with application metrics traces and logs for applications Running across EKs EC2 ECs announcing AWS CloudFormation support for AWS Transfer Family Web Apps AWS Config now supports four new resource types, enabling you to more effectively discover, assess, audit and remediate an even broader range of resources. AWS CloudFormation introduces a new capability called Stack Refactoring that makes it easy to reorganize cloud resources across your CloudFormation stacks. Cost Optimization Hub now supports idle EC2 auto scaling group recommendations and right sizing recommendations for EC2 auto scaling groups with scaling policies and multiple instance types. Amazon Managed Service for Prometheus Collector add support for Cross account ingestion Next up we have Media Services AWS Elemental Media Tailor now supports log delivery to additional destinations. AWS Deadline Cloud now includes support for Adobe After Effects in its Service Managed fleets. AWS Deadline Cloud now supports configurable limits to effectively manage fixed resources. We have one quick update under Migration and Modernization AWS Database Migration Service Serverless or AWS DMSS now supports files on S3 source endpoints. Another quick update under Networking and Content Delivery. AWS Network Load Balancer now supports removing Availability Zone Prior to this launch, customers could add Availability Zones to an existing network load balancer but could not remove them. With this capability, customers can now change their application stack locations and move them between Availability zones much more quickly. We have a few updates under Security Identity and Compliance. AWS Secrets and Configuration Provider now integrates with POD Identity for Amazon EKS Amazon Inspector enhances the security engine for container images scanning Amazon GuardDuty malware protection for S3 announces price reduction this is the top story that we covered once again starting this month. So starting in February we are lowering the price for the data scan dimension by up to 85%. AWS IAM announces support for encrypted SAML assertions. AWS IAM Identity center now offers improved error Messages and AWS CloudTrail logging for provisioning issues. AWS Verified Access launches zero trust access to resources over non HTTP protocols. And finally, we have some updates under storage, actually quite a few of them. Amazon Elastic Block Store or EBS now adds full snapshot size information in console and API. Amazon EBS now supports additional resource level permissions for creating EBS volumes from snapshots. You now have more granular controls to set resource level permissions for the creation of a volume and selection of the source snapshot when calling the Create Volume action in your IAM policy. Amazon FSX for Lustre now supports Lustre version upgrades. This allows you to benefit from the enhancements available in newer Lustre versions on your existing file system. Amazon FSX now supports IPv6 on FSX service APIs. More and more customers are adopting IPv6 to mitigate IPv4 address exhaustion in their private networks or to satisfy government mandates such as the US Office of Management and Budget M2107 memorandum. So with this launch, customers can now standardize their applications and workforce for managing their Amazon FSX resources on the new version of Internet Protocol IPv6 by using the new Dual stack. Amazon FSX Service endpoints Amazon Data Lifecycle Manager now supports IPv6. Amazon EFS now supports up to 10,000 access points per EFS file system. This is a 10x increase from 1,000 to 10,000 per file system. This launch makes it even easier for customers to manage application specific access to shared datasets, enabling them to seamlessly scale access management to thousands of user on a single EFS file system. And that's it. Those are all the updates we have for now. Like I said, I am the only host saying goodbye to you since Jillian had to step back. But you can find both of us on LinkedIn. My name is Shruti Koparkar. Jillian is Jillian Ford on LinkedIn. And until next time, keep on building.