Welcome to episode 284 of The Cloud Pod – where the forecast is always cloudy! Everybody is in the house this week, and it’s a good thing because since we’ve last recorded re:Invent happened, and we have a LOT to talk about. So let’s jump right in!

Titles we almost went with this week:

• Amazon Steals from Azure…. We Are Doomed
• ️The Cloud Pod Can Now Throw Away a lot of Code
• The Cloud Pod Controls the Future
• The Cloud Pod Observes More Insights
• We Are Simplicity
• ❌X None of the Above
• Stop Trying to Make Bedrock & Q Happen
• My Head Went SuperNova over all the Q Announcements
• These are Not the Gadgets Bond Needed, Q!

A big thanks to this week’s sponsor:

We’re sponsorless! Want to get your brand, company, or service in front of a very enthusiastic group of cloud news seekers? You’ve come to the right place! Send us an email or hit us up on our slack channel for more info.

AWS

08:12 It’s the re:Invent recap!

Did you make any announcement predictions? Let’s see how our hosts’ predictions stacked up to reality.

Matt – 1

• Large Green Computing Reinvent
• LLM at the Edge
• Something new on S3✅

Ryan (AI) – 1

• Improved serverless observability tools
• Expansion of AI Driven workflows in datalakes✅
• Greater Focus on Multi-Account or Multi-region orchestration, centralized compliance management, or enhanced security services

Jonathan – 0

1. New Edge Computing Capabilities better global application deployment type features. (Cloudflare competitor maybe)
2. New automated cost optimization tools
3. Automated RAG/vector to S3

Justin – 2

1. 1. Managed Backstage or platform like service

• New LLM multi-modal replacement or upgrade to Titan✅

1. Competitor VM offering to Broadcom✅

Honorable Mentions:

Jonathan:

Deeper integration between serverless and container services

New region

Enhanced Observability with AI driven debugging tool✅

Justin:

Multicloud management – in a bigger way (Anthos competitor)

Agentic AI toolings

New ARM graviton chip

How many will AI or Artificial Intelligence be said: 45

Justin – 35✅

Jonathan – 72

Pre:Invent

There were over 180 announcements, and yes – we have them all listed here for you. You’re welcome.

17:12 Time-based snapshot copy for Amazon EBS

• Now you can specify a desired completion duration, from 15 minutes to 48 hours when you copy an Amazon EBS snapshot within or between Amazon regions or accounts.
• This will allow you to meet your time-based compliance and business requirements for critical workloads, mostly around DR capabilities.
• We’re just glad to see this one finally, because having it built in directly to the console to guarantee that EBS snapshots make it to the other region is a big quality of life enhancement.

Announcing future-dated Amazon EC2 On-Demand Capacity Reservations

Introducing a new experience for AWS Systems Manager

Introducing new capabilities to AWS CloudTrail Lake to enhance your cloud visibility and investigations

Improve your app authentication workflow with new Amazon Cognito features

Track performance of serverless applications built using AWS Lambda with Application Signals

Announcing a visual update to the AWS Management Console (preview)

Introducing Amazon CloudFront VPC origins: Enhanced security and streamlined operations for your applications

Amazon CloudFront now accepts your applications’ gRPC calls

20:50 Amazon and Anthropic deepen strategic collaboration

• Amazon and Anthropic deepened their strategic collaboration with another $4 billion investment from Amazon to also use their Neutronium chips, which came up later on Mainstage at Monday Night Live and as well as on Matt’s presentation.

Introducing Amazon GuardDuty Extended Threat Detection: AI/ML attack sequence identification for enhanced cloud security

Container Insights with enhanced observability now available in Amazon ECS

AWS Clean Rooms now supports multiple clouds and data sources

21:34 New physical AWS Data Transfer Terminals let you upload to the cloud faster

• New physical AWS data transfer terminals let you upload to the cloud faster.
• So, we got rid of the trucks.
• We got rid of the disks that we send you in the mail.
• BUT If you have your own disks that you’d like to bring to a physical location in either Los Angeles or New York, you can connect them with the cable directly to the Amazon cloud through a public endpoint that is available. (We assume it’s in a secure building or something.)
• Basically you reserve a time slot to visit your nearest location and upload that data quickly to your AWS public endpoint.

Enhance your productivity with new extensions and integrations in Amazon Q Business

Announcing Amazon FSx Intelligent-Tiering, a new storage class for FSx for OpenZFS

New RAG evaluation and LLM-as-a-judge capabilities in Amazon Bedrock

Securely share AWS resources across VPC and account boundaries with PrivateLink, VPC Lattice, EventBridge, and Step Functions

23: 52 New AWS Security Incident Response helps organizations respond to and

recover from security events

• AWS announced that the new AWS Security Incident Response Service designed to help organizations manage security events quickly and effectively, services purpose-built to help customers prepare for, respond to, and recover from various security events, including account takeovers, data breaches, and ransomware is now available. It essentially automates the triage, and there’s 24 hour customer service for assistance.
• Your security response team will appreciate this one.
• We approve.

New APIs in Amazon Bedrock to enhance RAG applications, now available

Connect users to data through your apps with Storage Browser for Amazon S3

Introducing new PartyRock capabilities and free daily usage

Amazon MemoryDB Multi-Region is now generally available

Introducing default data integrity protections for new objects in Amazon S3

AWS Database Migration Service now automates time-intensive schema conversion tasks using generative AI

Simplify governance with declarative policies

AWS Verified Access now supports secure access to resources over non-HTTP(S) protocols (in preview)

Announcing AWS Transfer Family web apps for fully managed Amazon S3 file transfers

Introducing Amazon OpenSearch Service and Amazon Security Lake integration to simplify security analytics

Use your on-premises infrastructure in Amazon EKS clusters with Amazon EKS Hybrid Nodes

Streamline Kubernetes cluster management with new Amazon EKS Auto Mode

Introducing storage optimized Amazon EC2 I8g instances powered by AWS Graviton4 processors and 3rd gen AWS Nitro SSDs

Now available: Storage optimized Amazon EC2 I7ie instances

New Amazon CloudWatch Database Insights: Comprehensive database observability from fleets to instances

New Amazon CloudWatch and Amazon OpenSearch Service launch an integrated analytics experience

Amazon FSx for Lustre increases throughput to GPU instances by up to 12x

Networking

AWS announces Block Public Access for Amazon Virtual Private Cloud

25:39 AWS PrivateLink now supports cross-region connectivity

• PrivateLink now supports cross-region connectivity.
• Until now, interface VPC endpoints only support connectivity to VPC endpoint services in the same region.
• This allows neighboring customers to connect to VPC endpoint services hosted in other AWS regions in the same AWS partition over interface endpoints.
• We like this one, because some of the limitations of being restricted to specific regional targets was a bit difficult.

AWS Cloud WAN simplifies on-premises connectivity via AWS Direct Connect

AWS Application Load Balancer introduces Certificate Authority advertisement to simplify client behavior while using Mutual TLS

Cross-zone enabled Application Load Balancer now supports zonal shift and zonal autoshift

AWS Application Load Balancer introduces header modification for enhanced traffic control and security

Amazon VPC IPAM now supports enabling IPAM for organizational units within AWS Organizations

26:23 Amazon CloudFront announces VPC origins

• Amazon CloudFront now announces VPC Origins.
• This is a feature Justin especially has wanted forever. It basically allows a customer to use CloudFront to deliver content from applications hosted in VPC private subnets, and with the VPC Origins, customers can have their ALB, NLB, or EC2 instance in that private subnet that’s accessible only through their CloudFront distribution.
• Now you don’t have to do the dance where you go from CloudFront to a public endpoint to go to your private endpoint anymore. Woohoo!

Load Balancer Capacity Unit Reservation for Application and Network Load Balancers

Amazon CloudFront now supports gRPC delivery

Compute

Amazon EC2 Auto Scaling introduces highly responsive scaling policies

Amazon EC2 introduces provisioning control to launch instances on On-Demand Capacity

AWS Resilience Hub introduces a summary view

Amazon EC2 added New CPU-Performance Attribute for Instance Type Selection

27:36 Amazon EC2 now provides lineage information for your AMIs

• Amazon EC2 has taken the great container lineage capabilities you have there, where you can see where the container got created and then how many times people added or modified it.
• They brought that to you AMIs.
• So if you want AMI lineage, you can now get that.
• You can easily trace and copy or find the derived AMI back to the original AMI source through the records, which is important for some organizations who have heavy duty FOM requirements and/or they have image factory type solutions that basically create golden images of AMIs and they need to be able to see if it’s the one.

37:14 Matthew – “…this solves a Lambda that they posted, I think, probably like five, seven years ago, which was just a Lambda that watches the public endpoints, IP addresses for CloudFront, and just would update your security group rules so that you could only have that accessing it. I think I’ve deployed like 30 times, and every time you have to do a security group expansion, because it’s over 50 IP ranges, it’s always fun.”

Databases

Announcing Provisioned Timestream Compute Units (TCUs) for Amazon Timestream for LiveAnalytics

Amazon Redshift multi-data warehouse writes through data sharing is now generally available

28:25 AWS DMS now supports Data Masking

• Amazon database migration service now supports data masking, allowing you to automatically remove sensitive data at the column level during migrations to help comply with GDPR, et cetera.
• This makes DMS now even more interesting if you’re trying to keep a dev environment replicated with somewhat accurate production data without having actual customer data there.
• DMS is more than just migrations; it can also keep things in sync, so this is a nice capability, that you don’t have to build in glue or some other terrible ETL process.

AWS DMS now delivers improved performance for data validation

Amazon RDS Blue/Green Deployments Green storage fully performant prior to switchover

Amazon ElastiCache version 8.0 for Valkey brings faster scaling and improved memory efficiency

Amazon RDS Blue/Green Deployments support storage volume shrink

Amazon Aurora Serverless v2 supports scaling to zero capacity

Storage

Amazon EBS announces Time-based Copy for EBS Snapshots

29:01 Amazon S3 now supports enforcement of conditional write operations for S3 general purpose buckets

• Amazon S3 now supports enforcement of conditional write operations for S3 general purpose buckets.
• Using bucket policies, this enforcement of conditional writes, you can mandate the S3 check the existence of an object before creating it in your bucket.
• Then you can also mandate the S3 check the state of the object content before updating your bucket.
• This will help you simplify distributed apps for preventing unintentional data overwrites, especially in high concurrency and multi-writer scenarios.
• So… it only took them how many years to fix this problem? Thanks.

Amazon S3 adds new functionality for conditional writes

Mountpoint for Amazon S3 now supports a high performance shared cache

AWS Backup for Amazon S3 adds new restore parameter

Announcing customized delete protection for Amazon EBS Snapshots and EBS-backed AMIs

Containers

Amazon ECS announces AZ rebalancing that speeds up mean time to recovery after an infrastructure event

AWS announces support for predictive scaling for Amazon ECS services

Devops/System Management

30:03 The new AWS Systems Manager experience: Simplifying node management

• They now streamline your node management, and now provide you access to see if it’s an EC2 instance, if it’s an on-prem instance, or if it’s a hybrid instance on top of Outpost or something else.
• This wasn’t quite what we were looking for in the systems manager improvement camp, but that’s what they gave us. Wop wop.

AWS CloudFormation Hooks now allows AWS Cloud Control API resource configurations evaluation

Announcing AWS CloudFormation support for Recycle Bin rules

Observability

Application Signals provides OTEL support via X-Ray OTLP endpoint for traces

Announcing new Amazon CloudWatch Metrics for AWS Lambda Event Source Mappings (ESMs)

Amazon CloudWatch launches full visibility into application transactions

Amazon CloudWatch Internet Monitor adds AWS Local Zones support for VPC subnets

Amazon CloudWatch Application Signals launches support for Runtime Metrics

AI/Machine Learning

Amazon Bedrock Agents now supports custom orchestration

Introducing Advanced Scaling in Amazon EMR Managed Scaling

Announcing InlineAgents for Agents for Amazon Bedrock

Amazon EC2 Capacity Blocks now supports instant start times and extensions

Amazon Bedrock Flows is now generally available with two new capabilities

Introducing Prompt Optimization in Preview in Amazon Bedrock

Q

Amazon Q Business now available as browser extension

Amazon Q Developer Pro tier introduces a new, improved dashboard for user activity

Amazon Q Developer can now provide more personalized chat answers based on console context

Introducing Amazon Q Apps with private sharing

Amazon Q Apps introduces data collection (Preview)

Amazon Q Developer Chat Customizations is now generally available

Smartsheet connector for Amazon Q Business is now generally available

SES Mail Manager adds delivery of email to Amazon Q Business applications

AWS Announces Amazon Q account resources chat in the AWS Console Mobile App

Amazon Q Business now supports answers from tables embedded in documents

Finops

Amazon Q Developer now provides natural language cost analysis

31:51 AWS delivers enhanced root cause insights to help explain cost anomalies AWS Billing and Cost Management announces Savings Plans Purchase Analyzer

AWS Compute Optimizer now supports idle resource recommendation

• New enhanced root cause insights are available to help explain cost anomalies.
• They’ll tell you why your cost has ballooned three or four thousand dollars, without you having to go figure it out yourself, which is handy.
• They also gave you a new savings plan purchase analyzer, which allows you to quickly estimate the cost, coverage, and utilization impact of your plan savings plan purchase.
• That’s sort of the opposite of giving you the prediction – or like giving you the recommender is now saying, okay, if you bought the recommendation, here’s what it actually would do. So now you get both directions of modeling, which is good.
• AWS compute optimizer now supports idle resource recommendations for you as well.
• So three nice Finops improvements.

AWS announces Invoice Configuration

Quicksight

Amazon QuickSight now supports import visual capability (preview)

Amazon QuickSight launches Highcharts visual (preview)

Amazon QuickSight launches Image component

Amazon QuickSight launches Layer Map

Serverless

AWS Lambda announces Provisioned Mode for Kafka event source mappings (ESMs)

34:25 AWS Lambda supports application performance monitoring (APM) via CloudWatch Application Signals

• Amazon Lambda now supports application performance monitoring or APM via CloudWatch application signals.
• This gives you the ability to see the health and performance of the service application built using Lambda, and makes it easy for you to identify and troubleshoot performance issues to minimize the MTTR and operational costs of running your service app, which you only wanted for a thousand years to have better telemetry inside of Lambda.
• We’ve only wanted this for a thousand years, so thank you for finally delivering that.

AWS Lambda supports Amazon S3 as a failed-event destination for asynchronous and stream event sources

Security

Announcing new feature tiers: Essentials and Plus for Amazon Cognito

AWS Amplify introduces passwordless authentication with Amazon Cognito

Amazon Cognito now supports passwordless authentication for low-friction and secure logins

AWS Control Tower improves Hooks management for proactive controls and extends proactive controls support in additional regions

Amazon EC2 introduces Allowed AMIs to enhance AMI governance

Other

Amazon WorkSpaces introduces support for Rocky Linux

RE:INVENT

36:07 Monday Night Live – Said AI or Artificial Intelligence – 10

• Only one announcement during MNL.
• If you’re a hardware nerd, this is definitely the talk to watch.
• Introducing latency-optimized inference for foundation models in Amazon Bedrock

37:14 Jonathan – “It’s hard to connect to as a consumer or a user because it’s not off the shelf stuff. You don’t read about it in PC Magazine and then think, wow, Amazon’s deployed 10,000 of these things. It’s like, no, they built this thing. They designed this thing for this very specific purpose and it’s absolutely amazing and you’re never going to get your hands on it.”

38:02 Tuesday – Matt Garman – Said AI or Artificial Intelligence – 19

• Probably the worst “what is AWS” intro, but we’ll forgive him for that.
• Introducing Amazon Nova: Frontier intelligence and industry leading price performance
• Amazon Nova – replacement for Titan.
• Has 4 models; will be a complex reasoning model.
• Nova also understands rag functions, and has multiple additional components, including:
  • Nova Canvas – image generating function
  • Nova Reel – state of the art video generation model (Hello, Amazon Prime content.)

43:39 S3 Tables

• Introducing queryable object metadata for Amazon S3 buckets (preview)
• New Amazon S3 Tables: Storage optimized for analytics workloads
• This is their new native Apache iceberg format support inside of S3.
• It comes as a competitor to Parquet files, and allows you to have basically table buckets that can act as iceberg tables, which can be handy for your AI ML use cases and training models.
• They also announced inquirable object metadata for Amazon S3 buckets, which the guys kind of mocked earlier.
• This is basically providing a rich metadata service that’ll allow you to store 20 elements, including the bucket name, object key, creation, modification time, storage class, encryption status, tags, and user metadata that you can define.
• They showed on stage an example of this using a hike image and basically showed several of the parameters of an image, including the image size, et cetera.

44:51 Ryan – “Yeah, I can’t remember if we were actually making fun of this during the show or when we were just preparing for the show, but it’s definitely a feature for Amazon themselves because it was… I’ve abused Amazon as three queries for this exact purpose. I’m sure I wasn’t alone.”

45:35 Q Continuum

Matt went a little off the deep end t walking about Q and Bedrock stuff, including:

• Amazon Q Business is adding new workflow automation capability and 50+ action integrations
• New capabilities from Amazon Q Business enable ISVs to enhance generative AI experiences
• New Amazon Q Developer agent capabilities include generating documentation, code reviews, and unit tests
• Announcing Amazon Q Developer transformation capabilities for .NET (preview)
• Announcing Amazon Q Developer transformation capabilities for .NET, mainframe, and VMware workloads (preview)
• Investigate and remediate operational issues with Amazon Q Developer (in preview)
• Introducing GitLab Duo with Amazon Q

Bedrock

• Introducing multi-agent collaboration capability for Amazon Bedrock (preview)
• Prevent factual errors from LLM hallucinations with mathematically sound Automated Reasoning checks (preview)
• Build faster, more cost-efficient, highly accurate models with Amazon Bedrock Model Distillation (preview)

50:39 Sagemaker – the next kitchen sink! It’s going to be really confusing; don’t say we didn’t warn you.

• Introducing the next generation of Amazon SageMaker: The center for all your data, analytics, and AI
• Amazon SageMaker Lakehouse and Amazon Redshift supports zero-ETL integrations from applications
• Amazon SageMaker Lakehouse integrated access controls now available in Amazon Athena federated queries
• Simplify analytics and AI/ML with new Amazon SageMaker Lakehouse
• New Amazon DynamoDB zero-ETL integration with Amazon SageMaker Lakehouse
• Discover, govern, and collaborate on data and AI securely with Amazon SageMaker Data and AI Governance
• Announcing the general availability of data lineage in the next generation of Amazon SageMaker and Amazon DataZone

52:21 Ryan- “I mean SageMaker was already a kitchen sink for ML solutions, right? Like all the different things that and it made it really difficult to sort of summarize what it was useful for. And now it’s so much worse.”

54:12 EC2 (Matt Garman’s favorite service)

• Matt mentioned that this was his favorite service, since he was the head of it for a while.
• Amazon EC2 Trn2 Instances and Trn2 UltraServers for AI/ML training and inference are now available
• New Amazon EC2 P5en instances with NVIDIA H200 Tensor Core GPUs and EFAv3 networking

56:48 Wednesday (Swamy) – 15 Times

• Accelerate foundation model training and fine-tuning with new Amazon SageMaker HyperPod recipes
• AWS announces Amazon SageMaker Partner AI Apps
• Amazon Bedrock Marketplace: Access over 100 foundation models in one place
• Reduce costs and latency with Amazon Bedrock Intelligent Prompt Routing and prompt caching (preview)
• Announcing GenAI Index in Amazon Kendra
• New Amazon Bedrock capabilities enhance data processing and retrieval
• Amazon Bedrock Guardrails now supports multimodal toxicity detection with image support (preview)
• Use Amazon Q Developer to build ML models in Amazon SageMaker Canvas
• Solve complex problems with new scenario analysis capability in Amazon Q in QuickSight

59:04 Non Keynote or at Partner Keynote

• Introducing Buy with AWS: an accelerated procurement experience on AWS Partner sites, powered by AWS Marketplace
• AWS Education Equity Initiative: Applying generative AI to educate the next wave of innovators

1:00:09 Thursday (Werner) – 1

Complexity isn’t bad.

No announcements

AI or Artificial Intelligence was said 45 times

1:00:25 Jonathan – “…complexity is weird though, because complexity kind of emerges from what he builds. Like, you never go out to build a complex system. It’s just something that naturally happens. And so I appreciated him calling it out and saying that it’s not inherently bad unless it’s something that becomes unreliable or unmanageable.”

Closing

And that is the week in the cloud! Visit our website, the home of the Cloud Pod where you can join our newsletter, slack team, send feedback or ask questions at theCloud Pod.net or tweet at us with hashtag #theCloudPod