When you are in the market for high-throughput and data-thirsty applications, you may have been left wondering where best to position the workload in terms of data storage. The various storage options available from Amazon Web Services - Amazon EFS, Amazon FSx for Windows and the trusty Amazon Elastic Block Store (EBS) - each have their place, however the need to get that last drop of performance from Amazon EBS have always been talked about. This is especially true for databases. With the launch of the new “io2” EBS volumes, that need has certainly been answered.

The new Provisioned IOPS SSD (io2) volumes features a higher durability at 99.999% and supports provisioning 500 IOPS for every provisioned GiB, giving you 100x better volume durability and a 10x higher IOPS to storage ratio.

As always, this sounds fantastic, but can I afford it? Honestly, this was the first thing that jumped to mind after seeing this announcement. This is probably the best part of the new service – all of the above comes at exactly the same price point as Provisioned IOPS SSD (io1) Volumes. Of course, you need to factor in that provisioning more IOPS will cost you more.

Knowing you can now quench the thirst of those data-heavy and business critical workloads is helpful when you are exploring running solutions such as SAP HANA, Microsoft SQL Server or Oracle databases.

A small catch in the fine-print – you can still only provision 64,000 IOPS per volume when connected to an EBS-optimised EC2 instance. The true business benefit is the 100X durability of 99.999% - and allowing you to run smaller volumes with higher IOPS.

Provisioned IOPS SSD (io1) Volumes are generally available in most commercial regions, including Asia Pacific (Sydney)

Amazon Cognito User Pools now offer custom token expiration

A little pet peeve I used to have with Amazon Cognito User Pools are the fairly rigid and not so user-friendly user token expiration times that are offered to the developer. Thinking back about two years, I am very sure my name has been added as a “+1” for this product feature request (PFR).

Well today is the day to celebrate the launch of support for customising both the refresh token and access token expiration times. The feature offers the following:

  • Access tokens can be configured to expire between 5 minutes and 24 hours.
  • Refresh tokens can be configured to expire in as little as one hour should you have a stringent security requirement, extending it to as long as 10 years (if you are feeling lucky) This feature may not sound like a big deal to the untrained eye – but for teams working in highly secure environments with a big compliance list to tick, having fixed expiration times on tokens posed a fairly big hurdle at times.

These customisations now offer organisations a mechanism to balance security and customer experience for their applications.

Customisation of token expiration is available in all regions where Amazon Cognito operates, including Asia Pacific (Sydney).

Worthy mentions

Two additional features are worthy mentions. Although not ground-breaking, these features are certainly welcome and will aid in building compliant and efficient AWS solutions.

Should you operate a regulatory compliant and secure environment, with a mandate to run all AWS Lambda Functions inside a VPC – have a look at this latest feature: IAM condition keys for VPC settings. These allow you to require Lambda functions be created within the context of a VPC.

When operating large multi-account ecosystems in AWS it is sometimes challenging for a centralised Cloud Management team to have a clear view of what is happening. AWS Systems Manager Explorer now provides a multi-account summary of the AWS Support cases to help ease the effort required in such central management function. It’s available now in most commercial regions, including Asia Pacific (Sydney).