AWS’ annual re:Invent conference always brings a host of announcements about exciting new developments. Last month’s event was no exception. It generated headlines about Graviton3 (AWS’ most powerful CPU to date) and a new private 5G service as well as commitments to diversity and sustainability.
However, on a day-to-day basis, smaller releases, updates and changes have a more immediate impact on cloud use and performance. Plenty of these are revealed at re:Invent too, but they’re often overlooked in media write-ups.
Here, we look at three announcements that you might have missed. They include changes to cross-account access for S3 buckets, general availability of Amazon RDS Custom for SQL Server and the launch of Amazon FSx for OpenZFS. The first simplifies the way permissions are granted for S3 bucket access. The second offers time-saving benefits when migrating or managing database instances which may not have been suitable for RDS previously, as well as the assurance of automated backups. The third, Amazon FSx for OpenZFS, promises more streamlined cloud migration and has already been added to an inflight plan for one of our clients. Read on for more detail on each of these AWS tech updates.
S3 buckets: changes to cross-account access
S3 buckets are private by default, with cross-account access usually granted via an IAM policy on the user and a corresponding bucket policy. This can be complex, and potentially confusing.
For instance, when a user is given permission to write to a given bucket, the contents may not even be available to the bucket owner. Additionally, separate steps need to be taken to allow the user to upload, read and download files. It’s a cumbersome approach which can sometimes cause problems.
The changes announced at re:Invent address this nicely. It’s now possible to disable S3 bucket access control lists (ACLs) via Object Ownership options. So, when a user from another account uploads an object, we as bucket owners can have visibility. Importantly, this is not a one-way change; object ownership can easily be reverted by re-enabling ACLs.
I’ve illustrated how the original process works, and the new alternative approach, here. AWS’ Marcia Villalba, a Senior Developer Advocate, has also written an overview of the simplified access management for data stored in Amazon S3.
Amazon RDS Custom for SQL Server
This update offers a new way for SQL Server on RDS to support applications that are dependent on specific configurations as well as third-party applications that require system customisations. It allows users to:
- Enable features that require elevated privileges
- Install specific drivers to enable heterogenous linked servers
- Have more than 100 databases per instance.
Channy Yun, a Principal Developer Advocate for AWS, has published a detailed overview on how to get started on the AWS blog. He takes a stepwise approach to the creation of a DB instance of RDS Custom for SQL Server, outlining various options and prerequisites. Many different settings can be applied, covering everything from allocated storage to deletion protection and Virtual Private Cloud security groups. It’s worth taking time to consider which may be beneficial, and a full list is available here.
RDS Custom for SQL Server makes it easier than ever to customise features. We’re sure to make extensive use of it in our own client work.
Amazon FSx for OpenZFS
When the cloud engineers on one of our squads heard about this new service, they immediately looked to work it into a migration plan they were working on. One of the most beneficial aspects of Amazon FSx for OpenZFS is the ease with which data stored in on-premises file servers can be moved to AWS. Original capabilities are maintained after the migration, eliminating the need to rearchitect existing applications or tools.
As the re:Invent news release explains, “customers can now launch, run, and scale fully managed file systems on AWS and replace their commodity, off-the-shelf servers they run on premises to achieve better agility, security, and lower costs.” These managed file systems can be created in minutes and don’t require the specialist expertise that was previously required to set up and administer the open-source storage platform OpenZFS.
AWS Chief Evangelist Jeff Barr has written a detailed post about Amazon FSx for OpenZFS. He explains core aspects of the service and covers various scenarios where it might be used as well as guidance on how to use it.
An evolving landscape
For me, the biggest takeaway from re:Invent 2021 is that AWS’ features and services continue to evolve at pace. Behind the scenes, the organisation is listening and responding to user needs, fine-tuning and improving organisations’ cloud experiences and outcomes. At DevOpsGroup, we enjoy learning about these changes. And we embrace them to ensure our recommendations are of-the-moment, delivering meaningful benefits to customers.