What’s new with AWS this week? Amazon EFS now supports replication, there’s a new EC2 instance type available, and GuardDuty can now able to detect if your EC2 instance credentials are compromised and being used by another AWS account. Want the full story on the latest AWS news? Read on for more!
Accelerate your career
Amazon EFS now supports replication
- Replication traffic remains on the AWS global network
- Most changes should be replicated within 1 minute
- And EFS Replication is designed to meet a recovery point objective (or RPO) of 15 minutes
Zippy new X2iezn EC2 instance type designed for EDA workloads
X2iezn instances are powered by Intel Xeon processors, which support speeds of up to 4.5 GHz, which AWS claim to be fastest processors in the cloud.
This new instance type supports up to 48 of these processors, as well as a huge 1500 Gigs of memory.
X2iezn instances will be great for high-performance computing, and they’re particularly suitable for Electronic Design Automation (EDA) workloads — the automated tools that are used to design circuitry and microelectronics.
GuardDuty beefs up compromised credential detection
Earlier this month, AWS announced Amazon GuardDuty is now able to detect if your EC2 instance credentials are compromised, and being used by another AWS account.
If you haven’t used Guard Duty before, it is a machine-learning powered threat-detection service that monitors your account for malicious activity. It can even detect if your EC2 instance is being used for bitcoin mining.
If your EC2 instance has an IAM role attached, the workloads running on the instance are able to access temporary secure credentials from your instance metadata, allowing them to interact with AWS services, assuming the permissions that are allowed by the role.
If your EC2 instance was ever compromised and a malicious actor managed to access these credentials from the instance metadata, then you’d probably want to be alerted. And Guard Duty has always been able to do that . . . if the request is from an IP address outside of AWS. But this new announcement means that even if the attack is coming from another AWS account — inside the AWS network — Guard Duty should detect it.
More info is available here.