Amazon ECS announces CloudFormation support for Amazon EFS volumes
AWS has released the support for EFS volumes for Fargate back in April. This has excited many people as this opened up a lot of opportunities for optimizing container workloads that need to share a common storage area.
However many people were disappointed that CloudFormation did not follow the new feature straight away. If you want to use this new feature you will have to do it either via the API, CLI, the console, or write a custom resource for CloudFormation, which is not an easy task. We are very excited to see the official support for this feature in CloudFormation. This will surely increase the adoption rate for this feature and more people onto using Fargate. With the inclusion of Fargate compute resources in Savings Plan, run your ECS workload on Fargate is a no-brainer.
VPC PrivateLink support for additional services
We have been including NAT gateways as a default component of every VPC setup for a while. However the latest best practice for designing a private subnet is not to include any NAT gateways, so the resources in the private subnets are truly private without any outbound connectivity. This improves security posture by preventing data leaks and malicious network activities. To allow resources in these subnets access to AWS resources and APIs, you can use VPC Endpoints for S3 and DynamoDB and PrivateLinks for everything else. However not all AWS services provide PrivateLink yet, forcing many applications to revert to the NAT gateway option.
AWS has released VPC PrivateLink support for 3 additional services. They are,
- Announcing AWS PrivateLink Support for Amazon Comprehend
- AWS CodeDeploy now supports deployments to VPC endpoints
- AWS Certificate Manager Private Certificate Authority now supports Private Link endpoints
AWS has also released a new digital course: Configure and Deploy AWS PrivateLink to help you get started on using PrivateLink.
Amazon Linux 2 based runtimes for AWS Lambda
AWS Lambda has come a long way. If you are not aware, you can write custom runtimes on Lambda for languages it does not officially support, for example, Bash scripts. This exposes the underlying operating system that powers the Lambda runtime. We have a lot of customers using Amazon Linux 2 for a while and often times it is desirable to breakout some ad-hoc functionalities into Lambda. AWS has announced the following releases,
- AWS Lambda now supports custom runtimes on Amazon Linux 2
- AWS Lambda now supports Java 8 (Corretto) (on Amazon Linux 2)
- AWS Lambda now supports Go on Amazon Linux 2
Amazon Linux 2 provides the latest runtime environment for your code. The custom runtime support is particularly helpful as this will ease the transition of shell-based programs.
AWS Glue enhancements
AWS Glue is a managed ETL service based on Apache Spark. It integrates with many other AWS big-data products and services such as Athena, Redshift, etc. It was a resource-heavy service reflected by the slow start-up time. For this reason it is not commonly used for real-time processing use-cases. AWS announced 2 releases for AWS Glue,
- AWS Glue version 2.0 featuring 10x faster job start times and 1-minute minimum billing duration
- AWS Glue now provides the ability to stop and restart your Glue workflows
These made Glue a lot more responsive and flexible, thus making it possible to handle time-sensitive workloads. Before making the jump to the new version, please make sure you read the Release Notes as it outlines a few features not available in 2.0.