#721: AWS News: Amazon Nova Premier takes on complex tasks and model distillation, and more - AWS Podcast

Summary7 min read

AWS Podcast Episode #721 Summary: Amazon Nova Premier and Exciting AWS Developments

Release Date: May 19, 2025

In Episode #721 of the AWS Podcast, hosted by Alicia and Jillian Ford from Amazon Web Services, listeners are treated to an extensive update on the latest AWS innovations and services. The episode delves deep into advancements across various domains, with a special spotlight on the launch of Amazon Nova Premier. This summary captures the episode's key discussions, insights, and notable quotes to provide a comprehensive overview for those who haven't tuned in.

1. Introduction

Alicia and Jillian kick off the episode with enthusiasm, setting the stage for an informative session. Alicia shares her excitement about being well enough to think clearly, enhancing the quality of their discussion.

Alicia [00:23]: "I'm also fired up and ready less sick than in previous episodes, which is always good."

2. Top Story: Amazon Nova Premier

The highlight of the episode is the introduction of Amazon Nova Premier, AWS's most capable multimodal model to date. This model is touted for handling complex tasks and serving as a teacher for model distillation.

Key Features:

Model Distillation: Nova Premier acts as a teacher model, enabling smaller student models within the Nova family to achieve high performance at a reduced cost.

Jillian Ford [01:03]: "Nova Premiere would be the teacher and then you would use one of the other Nova models within the Nova family as the student model."
Agentic Capabilities: Enhanced ability to perform end-to-end actions, such as rag function calling and agentic coding.

Jillian Ford [01:45]: "Nova Premier can perform end to end actions on behalf of the user."
Massive Context Window: A 1 million token context window allows for handling extensive data without the need for partitioning.

Alicia [01:45]: "A million token context window... I can just jam full of stuff and have the model do stuff."
Cost Efficiency: Priced at roughly half the cost of comparable models, making generative AI adoption more accessible.

Alicia [02:19]: "It's typically half the cost of sort of comparable models."

Implications: Amazon Nova Premier's release signifies a major step forward in making advanced AI models more accessible and cost-effective for developers and organizations.

3. Analytics Updates

A series of enhancements in AWS's analytics services were discussed, emphasizing increased efficiency and usability.

Amazon MSK: Introduces seamless certificate renewals for all provisioned clusters, eliminating the need for cluster restarts during certificate rotations.

Alicia [03:04]: "This is a big deal because if you've ever done certificate rotation it's painful."
AI Search Flow Builder on Amazon OpenSearch: Enables designing and running AI search flows through a low-code interface.
AWS Clean Rooms: Now supports multiple results receivers, allowing collaborative data analysis without external audit mechanisms.
Amazon Kinesis Data Streams: Adds tagging and attribute-based access controls, enhancing security and cost allocation.

4. Artificial Intelligence Enhancements

Significant advancements in AWS's AI and machine learning tools were highlighted.

Amazon SageMaker Catalog: Introduces authorization policies for asset type usage, providing finer control over asset management.
Amazon SageMaker HyperPod Integration: Connects with Amazon EventBridge for real-time notifications on cluster and node status changes.

Jillian Ford [06:39]: "Q Developer has turned into my favorite AWS service that has a forever free tier."
Amazon Q Developer in Amazon SageMaker AI Jupyter Lab: Enhances code suggestions by leveraging private code repositories and workspace context.

Alicia [07:32]: "Q Developer is like speaking with a megaphone... it makes a lot easier."
Other AI Tools:
- Amazon Bedrock Data Automation for extracting insights from audio.
- Amazon Bedrock Model Distillation: General availability of transferring knowledge from teacher to student models, supporting various Nova models and others like Claude 3.5 and Llama.

5. Business Applications

AWS continues to expand its business-centric services with updates designed to improve communication and financial management.

Amazon Simple Email Service (SES):
- Adds support for IPv6 outbound sending endpoints.
- Integrates SES mail manager with Amazon SNS Topic for comprehensive email content notifications.
AWS B2B Data Exchange: Now supports IPv6, enhancing data interchange services.
Cloud Financial Management:
- Payments Account Summary: Provides an overview of AWS financial account balances in a centralized location.
Amazon Connect Enhancements:
- Audio Optimization: Improves virtual desktop environments.
- WhatsApp and SMS Integration: Now available in more regions.
- Real-Time Insights: Post-contact completion events via Amazon EventBridge.
- Contact Lens Dashboard: Introduces real-time adherence dashboards for supervisors.
Jillian Ford [14:08]: "Amazon Connect has added enhanced contact information to the Describe Contact API."

6. Compute and Containers

AWS's compute services received updates aimed at improving deployment reliability and performance.

Amazon ECS:
- Introduces a rollback feature for services, allowing easy reversion to previous states if deployments fail.
Alicia [15:11]: "If I did make a mistake, this would be really handy."
Database Enhancements:
- AWS Advanced Postgres ODBC Driver: Available for Amazon Aurora and RDS, offering faster switchover and authentication integrations.
Alicia [16:23]: "It takes it from tens of seconds to single-digit seconds."
- RDS for Postgres: Supports the latest minor versions, emphasizing security and performance.
- Amazon Aurora: Now supports Postgres major version 17 and Postgres 16.8 for limitless databases.
- Amazon Neptune: Adds support for Graviton instances, promoting cost optimization.
Alicia [17:30]: "Always look into whether you can use Graviton because typically it's a win."

7. Networking Innovations

Despite being a less favored topic, both hosts express enthusiasm for recent networking updates.

Amazon VPC Reachability Analyzer: Now supports resource exclusion, allowing for alternative path identification within networks.

Jillian Ford [20:33]: "If the analysis returns a reachable path, you know there's an alternative path in your network."
Amazon VPC IP Address Manager (IPAM): Enables cost distribution to AWS organization member accounts, simplifying IP address management across multiple accounts.

Alicia [22:55]: "This can help people as they're navigating one to many, which can become maybe one is a few and then it could be hundreds."

8. Security, Identity, and Compliance

AWS continues to bolster its security offerings with enhancements across various services.

AWS Resource Explorer: Adds support for 41 new resource types, enhancing visibility and management.
Amazon Verified Permissions: Now supports policy store tagging, allowing for tag-based access controls.

Alicia [24:08]: "You can tag a policy store for a tenant and restrict access accordingly."
AWS WAF: Expands its enhanced rate-based rules feature, allowing for aggregated request analysis using multiple parameters.
Amazon Cognito: Enhances OAuth2 client credentials flow by including additional contextual information, improving security for machine-to-machine interactions.

9. Storage Advancements

Storage solutions receive updates to improve performance and reliability.

Amazon EBS:
- Provisioned Rate for Volume Initialization: Enables the creation of fully performant EBS volumes from snapshots predictably and swiftly, crucial for disaster recovery and large-scale deployments.
Alicia [27:56]: "This minimizes the amount of time before those workloads can fully utilize the underlying storage."

10. Management and Governance

Enhanced tools for managing and governing AWS environments were discussed.

AWS Systems Manager: Adds customization options for onboarding configurations, allowing customers to tailor permissions and update frequencies.
Amazon CloudWatch:
- RUM Support for Next Paint or IMP Web Vital: Assesses page responsiveness to user interactions, aiding in optimizing user experience.
- Network Monitoring: Introduces multi-account support for flow monitors, providing visibility across various AWS accounts.
- Tiered Pricing and New Destinations for Lambda Logs: Offers cost-effective logging solutions and expanded delivery options to Amazon S3 and Data Firehose.
AWS Launch Wizard: Now automates multi-node SAP NetWeaver deployments on SAP ASE databases, streamlining SAP application deployments.

11. AWS Marketplace Enhancements

AWS Marketplace broadens its offerings to include SaaS products deployed across AWS, other cloud infrastructures, and on-premises environments.

Alicia [23:54]: "Anything that's 100% deployed on AWS infrastructure... it'll show you that."

Benefits:

Greater Selection: Customers gain access to a wider range of software solutions.
Deployment Flexibility: Allows deployment across multiple environments, enhancing operational versatility.

12. Conclusion and Feedback

The episode wraps up with Alicia and Jillian sharing their appreciation for the myriad of updates and innovations AWS continues to deliver. They encourage listeners to reach out with feedback via LinkedIn or the podcast website.

Alicia [28:25]: "AWSpodcast.com is the place to do it as well. And until next time, keep on building."

Final Thoughts:

Episode #721 of the AWS Podcast offers a comprehensive look into the latest AWS services and updates, with a particular emphasis on the groundbreaking launch of Amazon Nova Premier. The discussions highlight AWS's commitment to enhancing performance, security, and cost-efficiency across its vast array of services, catering to developers, IT professionals, and businesses alike.

Loading summary

Transcript45 lines

[00:00]
Alicia
This is episode 721 of the AWS podcast, released on May 19, 2025. Hello everyone. Welcome back to the AWS Podcast. I'm Alicia here with you. Great to have you back. And I'm joined by one of my two co hosts, Jillian Ford. Is the second Availability Zone today. G' Day, Julian. How you going?
[00:17]
Jillian Ford
Well, this second Availability Zone is super excited for today's update show. What about you, Simon?
[00:24]
Alicia
That is the way I'm. I'm also fired up and ready less sick than in previous episodes, which is always good. So I don't have my radio voice anymore, but I can actually think clearly, so that's helpful. And speaking of thinking clearly, probably our highlight or top story today is the release of Amazon Nova Premiere, which is now generally available. This is our most capable multimodal model. Say that three times fast. It's useful for complex tasks and also as a teacher for model distillation as well. There's lots of cool things about it, but just. Gillian, what leapt out at you in terms of its capabilities that might be handy for our listeners?
[01:03]
Jillian Ford
Yeah, I'd say it was a great call out on just the model distillation there where Nova Premiere would be the teacher and then you would use one of the other Nova models within the Nova family as the student model. And then you could be able to get a wonderful performance and intelligence, but also with a smaller model and a lower price point. So that's always really cool. But in addition to that, I think the improved agentic capabilities that is a lot of people are thinking about agents and Nova Premier can perform end to end actions on behalf of the user. This could be use cases like rag function calling and agentic coding. What stands out for you?
[01:45]
Alicia
Yeah, for me, I think I like the context window. Million token context window. I'm lazy. I'm a big fan of a big fat context window that I can just jam full of stuff and have the model do do stuff. I know that's not the best way to do it, but it's. It can be a useful way until you then have to, you know, chop stuff up. Because at the early stages of LLMs, I was doing a lot of chopping of files and stuff to make them fit the context window. And now I don't have to do that, which is good.
[02:13]
Jillian Ford
The other thing that I was agreeing with you on that. Like. Like. Yes, like, so totally guilty. I just want like the largest LLM and just like to just let me.
[02:20]
Alicia
Cram as much as I can, man. Yeah, the other thing that left out at me is the price. It's typically half the cost of sort of comparable models and you can argue comparison till the cows come home. We can talk about benchmarks and stuff like that, and this has some great benchmarks, but the price is right, which is less. Because it's interesting as I'm seeing people adopting gen AI. Obviously it delivers value, but it also comes with a cost and so managing that I think is important too.
[02:51]
Jillian Ford
Totally. Yeah, I'm definitely excited, especially as people are thinking about overall in their entire architecture of cost optimizing. This is just one important area that you can look at as well. So model choice is a really great call out.
[03:04]
Alicia
True, true. Let's jump into it. Let's talk analytics. Amazon MSK managed streaming for Apache Kafka now gives you seamless certificate renewal for all MSK provision clusters, which means that your brokers in your clusters get the most up to date certificates for their encryption without going through a restart. This is a big deal because if you've ever done certificate rotation it's painful and if you get it wrong, everything stops working. Literally stops working. The encryption certificates used by Amazon MSK require renewal every 13 months, which is good security practice to actually refresh and change your certificates. And now it does it seamlessly without disruption to client connectivity. So kudos to the team for that one. AI search flow builder is now available on the Amazon OpenSearch service. So this is for anything 2.19 plus domain domains. So this lets you design and run your AI search flows through a low code experience without custom middleware and it means you can get up and running really really quickly. And speaking of versions, As I mentioned, OpenSearch Service now supports OpenSearch version 2.19. This has lots of improvements in the area of vector search observability and also in terms of dashboards as well. AWS Clean Rooms now supports multiple results receivers in a collaboration, so you don't need to have external audit mechanisms to control collaboration. It means multiple members can receive and validate the analysis results from queries across collective data sets directly from the collaboration. So again a lot of undifferentiated heavy lifting being taken away there. And Amazon Kinesis Data Streams now supports tagging and attribute based access controls for consumers, so this allows you to decide who gets access to what. It also lets you apply tags for allocating costs and simplifying permission management for your enhanced fan out consumers as well.
[04:54]
Jillian Ford
Now onto everyone's favorite topic, artificial intelligence. Amazon SageMaker Catalog introduces authorization policy for asset type usage. So this is a new governance capability that gives organizations fine grained control over who can create and manage custom assets using specific asset types. Amazon SageMaker HyperPod now integrates with Amazon EventBridge and this enables you to receive near real time notifications about changes in your cluster status. Which notifications you're probably wondering. Well, there's actually two so the first is cluster status change events so when your hyperpod cluster transitions between states such as in service or failed and the second is node health events that notify you when nodes change health status like they're healthy or unhealthy or are automatically replaced during recovery from failures. You can also write simple eventbridge rules to trigger automated actions when these events occur. AOS announces significant enhancements to Amazon Q developer in Amazon SageMaker AI Jupyter Lab, introducing customization of code suggestions based on private code repositories and the ability to include entire workspace context for improved code assistance. These new features empower organizations to leverage their proprietary code and improve the relevance of code suggestions, ultimately enhancing developer productivity and code quality within Jupyter Lab environments. I don't know about you Simon, but I'm going to admit Q Developer has turned into my favorite AWS service that has a forever free tier. What about you?
[06:40]
Alicia
Yeah, I have a lot of fun with it. I'm using the Q Chat, so that's the CLI version of it because that suits my workflow. I'm using I mean it 24 7. Basically it's just it's working hard and again I love that team that develops that particular solution because they iterate really fast. Like almost every time I restart it there's some new feature or interface you can use VIM or VI or whatever you nano, whatever you want to, you know, create stuff inside it as well. So it's. Yeah, it's if you're not coding with. I'm not even going to say with just with Q Developer. Of course Q Developer is my favorite. But if you're not coding with some assistance from Gen AI, you're just missing out. And I've heard it described as it's like, you know, speaking with a megaphone. You know, you still gotta speak but the megaphone makes a lot easier.
[07:32]
Jillian Ford
100% yeah. Amazon SageMaker now supports direct connectivity to Oracle, Amazon DocumentDB and Microsoft SQL Server databases, expanding the available data integration capabilities in Amazon SageMaker Lighthouse. Amazon SageMaker now offers a unified scheduling experience for Visual ETL flows and queries. Amazon SageMaker now offers 14 new built in Visual ETL transforms there is a whole blog that talks about them. I'm not going to read every single one, but there's a lot that look really useful.
[08:07]
Alicia
Yeah, a lot of good stuff there to make it just easier, which is good.
[08:11]
Jillian Ford
Easier, yes, and more things that are now easier. Bedrock Data Automation now supports extraction of custom Genai powered insights from audio by specifying the desired output configuration through blueprints. Amazon Bedrock Model Distillation is now generally available. We already talked about this, but I'll give the primer for those who maybe aren't familiar with it. So this is the process of transferring knowledge from a more capable model, also referred to as the teacher model, to a less capable one, also referred to as the student model. The goal is to make the faster and cost efficient student model as performant as the teacher for a specific use case. This is generally available. So now we're able to support the following models. The Nova models Claude 3.5, Sonnet version 2, Llama 3.37.0B and Llama 3.21B3B as the student AWS Health Imaging announces two enhancements that make it easier to manage diverse medical imaging data in the cloud. So the first one is Health Imaging now supports video data. These are encoded per the DICOM standard and with this launch video data can be stored in a Health Imaging data store alongside still image data. And the second is Health Imaging has added support for retrieving lossless images in the JPEG 2000 lossless format. The service supports retrieving both DICOM instances and image frames in the JPEG 2000 lossless format. AWS announces the preview of the Amazon Q developer integration in GitHub. Amazon Q developer in Chat now supports AWS Systems Manager just in time. Node access approvals from Microsoft Teams and Slack AWS customers can now monitor node access requests and approvals from chat channels to enhance security posture and meet compliance requirements. Amazon Q Developer announces a new agentic coding experience within the IDE that transforms how you build software. The new experience redefines how you write, modify and maintain code by leveraging natural language understanding to seamlessly execute workflows. One of my favorite use cases and of course I'm a solutions architect. So this is why it's my favorite is when I talk to customers I will send them instructions for how to install the Draw IO extension for Visual Studio code and then I'll send them instructions on how they can use the free diversion of Q developer to be able to have Q automatically draw an architecture diagram. It's like so brilliant.
[10:58]
Alicia
Super cool I like that too in terms of especially if you're picking up some code base that you're not familiar with inside. How does this work exactly? Just do it for us. Like that's really cool. Let's talk business applications. Amazon Simple Email Service has now launched support for SES outbound sending endpoints over IPv6. So the IPv6 march continues and Amazon SES mail manager now supports a publish to Amazon SNS Topic rule action. So this means you can now notify with the complete email content and it also has options for SNS topic and encoding. So this means you can track what's going on. AWS B2B data exchange also now supports IPv6 on B2B data interchange service APIs. So again you can migrate from IPv4 and an update for Cloud Financial Management the Payments Account Summary provides an overview of AWS financial account balances now. So this lets you view your account's financial status more efficiently. Critical account balance information is now summarized in a single easy access location on your payments page. A quick update for Compute AWS Elastic Beanstalk adds controls for default security group management. So this gives you greater control over your network access and security configurations and a bunch of updates in the world of Contact center and so let's move through them because there's lots here, they've really been busy for customers. Amazon Connect now supports audio optimization for omniscient cloud desktops. So this is a omniscient virtual desktop environment type capability. Amazon Connect external voice pricing changes have now altered. Basically the new pricing models have independent pricing for external voice connectors and external voice minutes and are effective for all customers. From May 1st. There's a link in the show notes about what these all mean. Amazon Connect for WhatsApp business messaging and SMS is now available more broadly in a number of different regions. I know a lot of folks use WhatsApp group business as a communication mechanism. Amazon Connect outbound campaigns now supports Poland so this increases again the reach of those particular campaigns. Amazon Connect now publishes post contact completion events to Contact Event Stream. This is via Amazon eventbridge so it means you can get real time insights into when a contact has fully concluded, including the completion of any after contact work. So this means you get that full lifecycle visibility into customer and agent interactions. It means you can understand that you know a ticket is really closed because it's really really been done. Amazon Connect has added enhanced contact information to the Describe Contact API so you can take smarter and faster actions when you're doing things so you can get new insights like disconnect reasons, recording status after contact, work time and custom contact attributes all in one call. They've also added five new metrics and dashboard drill downs for out bound campaigns so you can get more information as well. And also Amazon Connect Contact Lens has launched a new real time adherence dashboard. So this means that supervisors can apply filters on adherence status, duration and percentage and do all the sorting and management, etc. So for example, a supervisor can highlight agents who have been falling behind schedule for more than five minutes, quickly identify breaches and notify the agents accordingly. So that means I can coach them and they can just simplify that process of making sure they're optimizing their call centre. They've also launched administrator access for agent schedules so you can address key operational needs with minimum configurations. And it now supports bulk removal of agent schedules as well. So with this launch you can remove schedules for up to 400 agents for a single day or up to 30 days for a single agent so you can make big shifts real quick.
[14:48]
Jillian Ford
I'm so impressed with the Connect team. Every single time it feels like they've got so many updates, they're bringing it. They really are. One quick update in containers. Amazon ECS announced a new feature that allows you to easily rollback your ECS service to a previous safe state if a deployment fails. This sounds super useful.
[15:11]
Alicia
Look not being someone that ever makes a mistake, but if I did make a mistake, this would be really handy.
[15:16]
Jillian Ford
Yes. Now onto database. There's a new open source AWS Advanced postgres ODBC driver which is now available for Amazon Aurora and rds. The database driver provides support for faster switchover and failover times. Aurora limitless and authentication with AWS Secrets Manager, AWS Identity and Access Management or federated identity.
[15:47]
Alicia
There's a very cool new thing I. I'm very interested in this particular. Oh, why is that? Or just. I think it's going to help improve the switchover speeds. Basically it takes it from tens of seconds to single digit seconds and if there's one thing I've learned is that when a database is down everyone's having a bad day and if you've got a database that can switch over, people obsess with how quickly it can switch over and I think the team realized they had to make something that would really optimize that. So, so it's there and it's under the Library General Public license as well. So nice, nice version there.
[16:23]
Jillian Ford
Yeah, for sure. Those are great callouts. I'm excited as well. RDS for Postgres now supports the latest minor version 17.5, 16.9, 15.13, 14.18 and 13.21.
[16:41]
Alicia
Is this where I say the famous words patch your stuff?
[16:46]
Jillian Ford
Oh my gosh, that I've been waiting for you to use one of those.
[16:51]
Alicia
Like finally, finally I brought it to the table. We'll see if it sticks or not, eh?
[16:59]
Jillian Ford
Amazon Aurora now supports Postgres major version 17Amazon Aurora Postgres limitless database now supports Postgres 16.8Amazon RDS for Oracle now supports Oracle Application Express version 24.2. Amazon Neptune now supports Graviton 3R 7G and Graviton 4R 8G instances and one.
[17:31]
Alicia
Quick update I was just going to say a quick reminder. Always look into whether you can use Graviton because typically it's a win.
[17:40]
Jillian Ford
It really is.
[17:40]
Alicia
Yeah.
[17:42]
Jillian Ford
Especially as people are looking at how can they holistically cost optimize their architecture short term and long term Like Graviton is just like a no brainer for sure.
[17:52]
Alicia
Particularly with the hosted services where it's just like literally you click, you know, hey I want to use Graviton. Great. Done.
[17:59]
Jillian Ford
Yep. And there's one quick update in Developer Tools AWS CodePipeline now enables you to use AWS Secret Manager credentials in your command actions by specifying the secrets as environment variables in the action declaration.
[18:15]
Alicia
Let's talk management and governance. AWS Systems Manager has added customization options for onboarding configurations. So this is a new Systems Manager experience which allows customers to choose to enable or disable default EC2 instance permissions, set the frequency of their metadata connection, and define how often the SSM agent automatically updates, along with a bunch of other cool customizations. Amazon cloudwatch Rum adds support for interaction to Next Paint or IMP Web Vital this is a crucial metric that helps customers measure the latency of a page's response to user interactions, offering insights into the end user experience of their web application. So IMP is a metric that assesses a page's overall responsiveness to user interactions, and it observes the latency of all click, tap and keyboard interactions that occur through the lifespan of a user's visit to a page. And basically the final value is the longest interaction observed, ignoring outliers, and this helps you optimize your customer experience. Amazon CloudWatch Network monitoring has added a multi account support for flow monitors. So flow monitors give you near real time visibility of network performance for workloads between instances like EC2 and EKS and S3 and RDS and DynamoDB. By integrating with AWS organizations. The flow monitors now allow you to monitor network performance of your workloads that span multiple accounts. Amazon CloudWatch has launched tiered pricing and additional destinations for AWS Lambda logs. The new tier pricing is effective immediately, requiring no code or configuration changes. As an example, the US East North Virginia Lambda logs to CloudWatch pricing starts at 0.50 per gig, tiering down to 0.205 per gig. And CloudWatch now supports Amazon S3 and Amazon data firehose as Lambda log delivery destinations as well. And the AWS Launch wizard now automates multi node SAP netweaver deployments on SAP ASE databases as well. So if that's a world that you live in, this gives you a guided way of sizing, configuring and deploying your SAP application.
[20:33]
Jillian Ford
All right, I'm going to admit that networking is my least favorite topic, but there are two updates to networking that I'm actually excited about. So the first is Amazon VPC Reachability Analyzer now supports resource exclusion. So this allows you the ability to exclude network resources when analyzing reachability between a source and a destination. And this is going to provide you with greater flexibility, greater if you need to run reachability analysis. So now what you can be able to do is identify an alternative path in your network. So when would you want to do this? Like let's say you want to identify any path from your internal gateway to an Elastic network interface that is not passing through the network firewall for inspection. You can specify network firewall under resource exclusion and run the reachability analysis. And then if the analysis returns a reachable path, you know there's an alternative path in your network and you can take required actions. This seems like it would save someone.
[21:39]
Alicia
A lot of time, a lot of yes, someone's going, yes, totally.
[21:46]
Jillian Ford
And one more on that vein is Amazon VPC IPAM now allows cost distribution to AWS organization member accounts. So this is going to allow you to easily allocate costs to your internal teams for their IPAM Usage. So VPC iPam, this makes it easier for you to plan, track and monitor IP addresses for your AWS workloads. So when you enable IPAM for your AWS organization, IPAM aggregates the organization wide IP address range and charges the AWS account in which IPAM is created. So now with this launch, you can allocate the charges directly to AWS organizations member accounts for their individual usage. And I really like this because as a lot of people have more and more accounts and especially if you're Going from that one to many journey, the networking part gets really confusing. And so this is just something that I think that can help people as they're navigating one to many, which can become maybe one is a few and then it could be hundreds.
[22:53]
Alicia
A lot. Yeah, exactly.
[22:56]
Jillian Ford
And there's one quick update in the Marketplace category. AWS Marketplace now supports SaaS products that are deployed on AWS or other cloud infrastructures and on premises. This will allow independent software vendors to list more SaaS products in the AWS Marketplace, which offers customers a broader selection of products.
[23:20]
Alicia
Yeah, it's pretty, pretty cool improvement because it means, I know for a lot of customers buying from the Marketplace makes it super easy software they need and now they can deploy to multiple locations. So not necessarily on aws, but just so you know, there is a new tag or a badge that's called deployed on AWS and basically anything that's 100% deployed on AWS infrastructure, be it through SaaS or on EC2 or EKS, et cetera, it'll show you that. So you can understand that you've got that particular quality to that deployment.
[23:54]
Jillian Ford
Yeah, I think so. Especially as a lot of organizations are want to make sure that the software that they deploy in their environment is going to have a strong security posture and operational excellence. This badge is just like that stamp of approval.
[24:08]
Alicia
Yeah, you got to look for the badge. Let's talk about the topic of security, identity and compliance. AWS Resource Explorer supports 41 new resource types, including AWS CloudTrail, Amazon Connect, Amazon SageMaker and lots more. And Amazon Verified Permissions now supports policy store tagging. So as you know, I'm a big fan of tagging stuff. And so this launch enables Verified Permissions customers to use tag based controls to manage access to their policy stores. So for example, you can now tag a policy store for a tenant and you can use IAM permissions to restrict that to that policy store accordingly. So lots of opportunities there. You can also use the cost allocation tags too. AWS WAF is expanding the availability of its enhanced rate based rules feature across multiple regions. So this is continually expanding. Basically, you could already use WAF based rules to automatically block requests from IP addresses that make large numbers of requests from a short period of time until that rate falls below a customer defined threshold. Now, WAF customers can aggregate requests by combining IP addresses with other request parameters. So keys and supported keys include cookies and other request headers, queries, strings or arguments, cookies, label namespaces, HTTP methods. Basically you can see if, if someone is doing something, trying to sort of hide amongst lots of stuff. You can aggregate it together, which is nice. Amazon Cognito now allows you to include additional contextual information in the OAuth2 client credentials flow for end to end access token request. So this is machine to machine based interactions. End to M authorization is commonly used for automated processes like data sync, event driven workflows and microservice communications. This capability lets customers provide context specific details so things like the IP address of a machine or a location or environment, or a business context like an application name or a tenant ID when requesting access tokens for machine based interactions. So this helps you again improve the security posture of what you're doing now let's move into storage One quick update for storage, but an important one Amazon EBS Announces Provisioned right for Volume initialization so this is pretty cool. This feature helps you create fully performant EBS volumes from Amazon EBS snapshots with predictability helping speed up your EC2 instance launches at scale particularly this is useful for data disaster recovery and volume copy workflows. So with provision to rate for volume initialization, you can launch hundreds of instances from EBS backed amis at the same time and know that the attached volumes will be fully performant within a predictable amount of time. So this minimizes the amount of time before those workloads can fully utilize the underlying storage. So you use this feature by specifying a volume initialization rate when creating new volumes from snapshots, launching new instances from your EBS backed amis, replacing root volumes of instances and just provisioning volumes using the EBS container storage interface driver. You can also specify the rate of volume initialization in launch templates, applying the same rate to all launched instances in that template. This is a big deal because the amount of engineering that it takes to make sure all these things work at a particular rate is immense. But more importantly, I know for a lot of customers they want to get the full performance out of the EBS volumes very very quickly and as you know, it can be lazily loaded over time. This is one of the things we used to talk about a lot back in the day when EBS was new, that it can take time as those things are provisioned. This overcomes that and gives you the full full rate straight away, which is pretty impressive, I would say.
[27:54]
Jillian Ford
Yeah, for sure.
[27:56]
Alicia
Yeah, it's a nice one, this one. Again, I deeply appreciate the engineering that goes into doing this at ridiculous scale. So lots of cool things today. Gillian. There were plenty that I think caught our attention. I'VE never seen you so excited about a network update. Though it's a new level, I've never.
[28:15]
Jillian Ford
Seen myself excited about networking.
[28:18]
Alicia
See, everyone loves networking. Eventually we all come across. Jillian how do folks reach out to you if they want to give you feedback?
[28:26]
Jillian Ford
Jillian Ford on LinkedIn that's great.
[28:28]
Alicia
And also old school snail mail style. AWspodcast.com is the place to do it as well. And until next time, keep on building.