Starting today, you can use Amazon EKS Pod Identity to simplify your applications that access AWS services. This enhancement provides you with a seamless and easy to configure experience that lets you define required IAM permissions for your applications in Amazon Elastic Kubernetes Service (Amazon EKS) clusters so you can connect with AWS services outside the cluster. Amazon EKS Pod Identity helps you solve growing challenges for managing permissions across many of your EKS clusters. Simplifying experience with Amazon EKS Pod Identity In 2019, we introduced IAM roles for service accounts (IRSA). IRSA lets you associate an IAM role with a Kubernetes service account. This helps you to implement the principle of least privilege by giving pods only the permissions they…
Tag: AWS News Blog
New Amazon WorkSpaces Thin Client provides cost-effective, secure access to virtual desktops
The new Amazon WorkSpaces Thin Client improves end-user and IT staff productivity with cost-effective, secure, easy-to-manage access to virtual desktops. The devices are preconfigured and shipped directly to the end user, ready to deploy, connect, and use. Here’s my testing setup: The Thin Client is a small cube that connects directly to a monitor, keyboard, mouse, and other USB peripherals such as headsets, microphones, and cameras. With the optional hub it can also drive a second monitor. The administrator can create environments that give users access to Amazon WorkSpaces, Amazon WorkSpaces Web, or Amazon AppStream 2.0, with multiple options for managing user identities and credentials using Active Directory. Thin Clients in action As a very long-time user of Amazon WorkSpaces…
Detect runtime security threats in Amazon ECS and AWS Fargate, new in Amazon GuardDuty
Today, we’re announcing Amazon GuardDuty ECS Runtime Monitoring to help detect potential runtime security issues in Amazon Elastic Container Service (Amazon ECS) clusters running on both AWS Fargate and Amazon Elastic Compute Cloud (Amazon EC2). GuardDuty combines machine learning (ML), anomaly detection, network monitoring, and malicious file discovery against various AWS data sources. When threats are detected, GuardDuty generates security findings and automatically sends them to AWS Security Hub, Amazon EventBridge, and Amazon Detective. These integrations help centralize monitoring for AWS and partner services, initiate automated responses, and launch security investigations. GuardDuty ECS Runtime Monitoring helps detect runtime events such as file access, process execution, and network connections that might indicate runtime threats. It checks hundreds of threat vectors and…
Introducing Amazon EC2 high memory U7i Instances for large in-memory databases (preview)
The new U7i instances are designed to support large, in-memory databases including SAP HANA, Oracle, and SQL Server. Powered by custom fourth generation Intel Xeon Scalable Processors (Sapphire Rapids), the instances are now available in multiple AWS regions in preview form, in the US West (Oregon), Asia Pacific (Seoul), and Europe (Frankfurt) AWS Regions, as follows: Instance Name vCPUs Memory (DDR5) EBS Bandwidth Network Bandwidth u7in-16tb.224xlarge 896 16,384 GiB 100 Gbps 100 Gbps u7in-24tb.224xlarge 896 24,576 GiB 100 Gbps 100 Gbps u7in-32tb.224xlarge 896 32,768 GiB 100 Gbps 100 Gbps We are also working on a smaller instance: Instance Name vCPUs Memory (DDR5) EBS Bandwidth Network Bandwidth u7i-12tb.224xlarge 896 12,288 GiB 60 Gbps 100 Gbps Here’s what 32 TiB of memory…