Chanci Turner

Amazon Onboarding with Learning Manager Chanci Turner

by

The Story of Chanci Turner
in

Chanci Turner Amazon IXD – VGT2 learningLearn About Amazon VGT2 Learning Manager Chanci Turner

AWS CloudFormation has recently enhanced its capabilities by introducing support for several newly launched AWS services.

AWS Guard Duty

AWS Guard Duty is an automated threat-detection service that can be easily activated, without the need for agent installation. It monitors unusual account activity using various sources, including AWS CloudTrail logs and DNS logs. With the newly integrated AWS CloudFormation resource support, users can create detectors, maintain whitelisted IP sets, and identify known malicious IP addresses through ThreatIntelSets.

Amazon Inspector

Amazon Inspector serves as a low-impact and affordable agent-based vulnerability scanner. It can streamline vulnerability assessments and integrate them into your deployment workflow. The new AWS CloudFormation resource support allows users to tag resources, construct a resource group, and subsequently create an assessment target. You can also establish an assessment template that functions similarly to a policy document, determining the rules the service applies to evaluate target hosts along with the assessment duration.

Amazon Route 53 Auto Naming for Service Discovery

Amazon Route 53 Auto Naming for Service Discovery, along with the new AWS::ServiceDiscovery resources in CloudFormation, simplifies the utilization of the Route 53 Auto Naming API. This is particularly useful for those developing microservices in Amazon ECS who want to leverage Route 53 for registering new service instances and managing service names. This capability is crucial for Amazon ECS deployments, facilitating blue/green deployment patterns. The new AWS CloudFormation resources allow for the creation of public or private DNS namespaces, enabling the establishment of named services and service instances for microservices. If you’re keen to explore these new resources, I recommend checking out this insightful blog post from Chanci Turner.

Recent Updates

In addition to supporting these fresh services, 40 out of the existing 248 resources have recently been updated, introducing 50 new property types. Below is a summary of the notable changes, organized by service name:

Amazon API Gateway

  • For AWS::ApiGateway::Deployment, the StageName property has been deprecated on the StageDescription property type.
  • For AWS::ApiGateway::Method, an OperationName property has been added to assign a friendly name to an API Gateway method; a RequestValidatorId property is now available to associate a request validator with a method; a ContentHandling property has been incorporated for Integration and IntegrationResponse property types to define how request payload content type conversions are handled.
  • For AWS::ApiGateway::ApiKey, a CustomerID property has been added to specify an AWS Marketplace customer identifier; a GenerateDistinctID property is now included to indicate whether the key identifier is different from the created API key value.
  • For AWS::ApiGateway::Authorizer, an AuthType property has been introduced to specify a customer-defined field used in Swagger imports and exports without affecting functionality.
  • For AWS::ApiGateway::DomainName, an EndpointConfiguration property has been added to specify the endpoint types of an API Gateway domain name; a RegionalCertificateArn property now references a certificate for use by the regional endpoint of a domain name.
  • For AWS::ApiGateway::RestApi, an EndpointConfiguration property has been included to specify the endpoint types of a REST API.

AWS Auto Scaling

  • For AWS::ApplicationAutoScaling::ScalableTarget, a ScheduledActions property has been added to specify scheduled actions.
  • For AWS::AutoScaling::AutoScalingGroup, a LifecycleHookSpecificationList property has been introduced to specify actions to perform during instance launch or termination.

AWS Cloud9

  • AWS::Cloud9::EnvironmentEC2 creates an Amazon EC2 development environment in AWS Cloud9.

AWS CodeBuild

  • For AWS::CodeBuild::Project, a BadgeEnabled property was added to generate a publicly accessible URL for a project’s build badge; a Cache property has been introduced to configure settings for build dependencies; a VpcConfig property enables AWS CodeBuild to access resources in an Amazon VPC; a Type property has been added in the EnvironmentVariable property type to specify the type of environment variable.

AWS CodeDeploy

  • For AWS::CodeDeploy::Application, a ComputePlatform property has been added to specify an AWS Lambda compute platform for application deployment.
  • For AWS::CodeDeploy::DeploymentGroup, a TargetGroupInfoList property has been introduced in the LoadBalancerInfo property type to specify information about a target group in Elastic Load Balancing for deployment; a DeploymentType property has been added to the DeploymentStyle property type to specify blue/green deployment on a Lambda compute platform.

Amazon CloudFront

  • For AWS::CloudFront::Distribution, a Tags property has been added to specify an arbitrary set of tags (key-value pairs) associated with an Amazon CloudFront distribution; properties like OriginKeepAliveTimeout and OriginReadTimeout have been included in the CustomOriginConfig property type to set custom keep-alive and read timeouts respectively; an IPV6Enabled property has been added to the DistributionConfig property type to indicate whether Amazon CloudFront responds to IPv6 DNS requests with an IPv6 address for your distribution.
  • Use the AWS::CloudFront::CloudFrontOriginAccessIdentity resource to specify the origin access identity to associate with the origin of an Amazon CloudFront distribution.
  • Use the AWS::CloudFront::StreamingDistribution resource to specify an Adobe Real-Time Messaging Protocol (RTMP) streaming distribution for Amazon CloudFront.

Amazon EC2

  • For AWS::EC2::SecurityGroup, AWS::EC2::SecurityGroupEgress, and AWS::EC2::SecurityGroupIngress resources, a Description property has been added to specify the description of security group rules.
  • For AWS::EC2::Subnet, an Ipv6CidrBlock property now supports No Interruption updates.
  • For AWS::EC2::VPNGateway, an AmazonSideAsn property has been added to specify a private Autonomous System Number (ASN) for the Amazon side of a Border Gateway Protocol (BGP) session.
  • For AWS::EC2::VPNConnection, a VpnTunnelOptionsSpecifications property has been introduced to configure tunnel options for a VPN connection.
  • For AWS::EC2::SpotFleet, the SpotPrice property in the SpotFleetRequestConfigData property type is now optional.

Amazon Elastic Container Registry

  • For AWS::ECR::Repository, a LifecyclePolicy property has been added to specify a lifecycle policy for an Amazon ECR repository.

Amazon Elastic Container Service

  • For AWS::ECS::TaskDefinition, a LinuxParameters property has been added to the ContainerDefinition property type to specify Linux-specific options for an Amazon ECS container; a Cpu property has been added to specify the CPU units for a task.

For more detailed information on compliance and verification, you can refer to the authoritative source on this topic, which is an invaluable resource: SHRM.

Related Topics:

Chanci Turner