Hello Cloud Gurus! Wondering what’s changed with AWS this month, but haven’t found the time to check through weeks of headlines? Here’s everything you need to know to keep in the loop.

Get started with ACG and transform your career with courses and real hands-on labs in AWS, Microsoft Azure, Google Cloud, and beyond.

The beginning of the month was all about AWS re:Invent! We were lucky enough to have many of your favourite gurus on the ground, providing updates and insights, and we even had a special AWS This Week episode from the event itself, which you can check out below.

There were SO many announcements at the event, but you can check out some of the biggest ones in our round-up post, and we'll list some of them below that you can read up on for more info!

• Accelerate Lambda functions with Lambda SnapStart
• AWS SimSpace Weaver city-sized simulations
• AWS Inferentia
• Introducing Amazon Omics
• Amazon CodeCatalyst
• AWS centralizes security data with Amazon Security Lake
• AWS Ambit Scenario Designer
• Amazon’s zero-ETL pledge
• Distributed Map for AWS Step Functions
• AWS Lake Formation for Redshift
• AWS EventBridge Pipes
• The future of quantum-powered solutions

Now for some post-re:Invent news!

The Amazon Inspector service scans for vulnerabilities in cloud deployments. Now, along with scanning EC2 instances and Container Registry images, Amazon Inspector supports Lambda functions. It works by continuously monitoring Lambda functions, servers, and container images for CVEs, also know as Common Vulnerabilities and Exposures.   

Once you turn on Amazon Inspector for Lambda, all functions in the corresponding region are scanned immediately and again when a function is redeployed. And if a new CVE is published, all functions are scanned again without you having to do anything. 

Any vulnerabilities found by the Inspector are reported in a central dashboard and can also be routed to other locations using EventBridge or the Simple Notification Service. 

The AWS Key Management Service (KMS), is a great solution for creating and managing cryptographic keys. Once these keys are in place, KMS allows other AWS services to protect data at rest, encrypt and decrypt sensitive data in transit, and also create and verify digital signatures. 

But some workloads require encryption keys to be managed outside of AWS. For example, a certain regulation might require encryption keys to be stored on premises or independently audited by a third party that can't access your AWS account. In these cases, users can benefit from using KMS as a proxy while keeping cryptographic keys under their own control. 

AWS KMS now supports external key store, giving more control over the keys used to encrypt and decrypt data in the cloud. 

If you're working remotely and connecting to resources on your corporate network, your VPN client is probably the main application you turn to. Wouldn't it be great to just connect to private resources without a VPN? 

That future is now available with the preview of AWS Verified Access, a service that provides secure, VPN-free access to corporate applications. 

Verified Access works by using multiple inputs to determine if access is allowed. These inputs can include the user's identity and role along with the device being used. And unlike traditional VPNs that allow access using policies and network controls, Verified Access checks each request sent to the application to make sure the request should be allowed. If anything changes, then access is revoked immediately. 

Amazon Lex allows developers to create applications with conversational interfaces using voice and text, and now the service supports 27 languages.   

With this latest update, Amazon Lex adds support for Arabic, Cantonese, Norwegian, Swedish, Polish, and Finnish.  This allows chatbots, virtual agents, and voice-based systems to accommodate users from even more countries all around the world. 

And if you haven't experimented with the AWS Lex service yet, now's the perfect time to get started. AWS Accounts within the free tier get ten thousand text requests and five thousand speech requests per month. 

Get the Cloud Dictionary of Pain
Speaking cloud doesn’t have to be hard. We analyzed millions of responses to ID the top concepts that trip people up. Grab this cloud guide for succinct definitions of some of the most painful cloud terms.

AWS Cost Anomaly Detection is a financial management service that allows you automate detection and root cause analysis of cost anomalies. You can define thresholds and set up notifications to alert you via email, Slack, Chime, etc. That's where the big news comes in. The details sent in those notifications is getting a boost. It will now include the account and monitor name as well as monitor type.

Email notifications are also getting a bit more, with start date, last detected date, and the duration of the anomaly. This information is a huge help when you are tracking down the cause of anything really. This new functionality is included using the console and APIs, so that's also good news.

Amazon EBS is Amazon's block storage solution. Attach an EBS volume to an EC2 instance to quickly start using the solution. It has a free tier and is very easy to use. You can create snapshots of those volumes easily as well, but don't forget to set up lifecycles on those snapshots so you don't have costs stacking up on any you no longer need.

On the topic of snapshots - you can access the contents of an EBS snapshot using EBS direct APIs. You might need to access a snapshot to spot the difference between two snapshots. These direct APIs now support IPv6. Before you get excited, the direct APIs endpoints are currently available in only 4 regions: Ohio, North Virginia, North California, and Oregon. So make sure your environment is using one of the four regions and enjoy!

Amazon S3 or Simple Storage Service is Amazon's object storage solution. With every solution there come ways to secure it. S3 has several ways to keep your object buckets safe such as blocking public access and even blocking access to individual objects with ACLs or access control lists.

Well, we got a heads up from Amazon about two changes to Amazon S3 security to buckets that will be rolled out starting in April 2023.

S3 Block Public Access will be automatically enabled on every new bucket, with ACLs automatically DISABLED for new buckets. This means that if you have any applications that need public access or use ACLS to access buckets, you will need to purposefully go in and configure those buckets to be public or use ACLs.

Consider using automation scripts or CloudFormation templates to configure these settings so that your environment can continue evolving with them. And take note, these settings will be applying to every new bucket in every region including GovCloud and China Regions.

Start building your cloud skills with these 10 fun hands-on projects to learn AWS.

That’s all the biggest December headlines for AWS! 

Check out AWS This Week for your weekly news roundup for all things AWS. Join our expert hosts as they cover everything you need to know about the past week’s developments, keeping it short, fun and informative. 

Whether you’re just beginning your cloud journey, or you know your stuff, there’s something for everyone!