AWS debuts EC2 X2iezn instances; EFS supports replication

What's new with AWS this week? Amazon EFS now supports replication, there’s a new EC2 instance type available, and GuardDuty can now able to detect if your EC2 instance credentials are compromised and being used by another AWS account. Want the full story on the latest AWS news? Read on for more!

Accelerate your career

A Cloud Guru makes it easy (and awesome) to level up your career — whether you're a novice or a certified guru. Check out ACG’s free courses or get started now with a free trial.

Last week, Amazon announced that EFS now supports replication.

What's EFS? EFS is a fully managed shared file system that enables you to securely share a filesystem between thousands of EC2 instances using the NFS protocol.

(Speaking of EFS, you can watch our resident llama whisperer and Azure super-fan Lars Klint try to experiment with EFS in this video challenge to see if it's easy learn AWS if you know Azure.)

EFS now supports replication to either the same region, or a different region, which is great for disaster recovery and business continuity planning.

• Replication traffic remains on the AWS global network
• Most changes should be replicated within 1 minute
• And EFS Replication is designed to meet a recovery point objective (or RPO) of 15 minutes

So your data in the replica file system should never be more than 15 minutes out of date.

AWS has announced there’s a new EC2 instance type available, and it's called X2iezn. (What a mouthful!)

X2iezn instances are powered by Intel Xeon processors, which support speeds of up to 4.5 GHz, which AWS claim to be fastest processors in the cloud.

This new instance type supports up to 48 of these processors, as well as a huge 1500 Gigs of memory.

X2iezn instances will be great for high-performance computing, and they're particularly suitable for Electronic Design Automation (EDA) workloads — the automated tools that are used to design circuitry and microelectronics.

Earlier this month, AWS announced Amazon GuardDuty is now able to detect if your EC2 instance credentials are compromised, and being used by another AWS account.

If you haven’t used Guard Duty before, it is a machine-learning powered threat-detection service that monitors your account for malicious activity. It can even detect if your EC2 instance is being used for bitcoin mining.

If your EC2 instance has an IAM role attached, the workloads running on the instance are able to access temporary secure credentials from your instance metadata, allowing them to interact with AWS services, assuming the permissions that are allowed by the role.

If your EC2 instance was ever compromised and a malicious actor managed to access these credentials from the instance metadata, then you’d probably want to be alerted. And Guard Duty has always been able to do that . . . if the request is from an IP address outside of AWS. But this new announcement means that even if the attack is coming from another AWS account — inside the AWS network — Guard Duty should detect it.

More info is available here.

Want to keep up with all things AWS? Follow ACG on Twitter and Facebook, subscribe to A Cloud Guru on YouTube for weekly AWS updates, and join the conversation on Discord.

Looking to learn more about cloud and AWS or begin your cloud career in 2022? Check out our rotating line-up of free courses, which are updated every month. (There’s no credit card required!)