What’s new with AWS this week? Well, there’s a whole lot of Amazon EC2 updates, with EC2 key pairs gaining new management features and support for NitroTMP and EUFI Secure Boot. Plus, CloudWatch Events can now receive notifications generated by Amazon Machine Images, and registration is open for the AWS EMEA Summit Online. Let’s get into it!
Your keys to a better career
Get started with ACG today to transform your career with courses and real hands-on labs in AWS, Microsoft Azure, Google Cloud, and beyond.
New management features for Amazon EC2 key pairs
Amazon Elastic Compute Cloud (Amazon EC2) recently gained some new management features.
A key pair, which consists of a public key and a private key, is a pair of security credentials that proves your identity when connecting to an EC2 instance. Using the AWS console or CLI, you can now view creation dates and public key material for all key pairs created in your AWS account. Previously, you could only view a list of key pairs and their assigned tags. With this new feature, you can audit your key creation dates and rotate keys in line with your company policies.
In addition to this, you can now also create and delete key pairs using CloudFormation templates.
EC2 supports NitroTPM
The AWS Nitro System is the underlying platform for the next generation of EC2 instances. A key feature of this is NitroTPM, a Trusted Platform Module. This represents an international standard for dedicated, separate crypto-processors designed to carry out cryptographic operations like generating, storing, and controlling access to encryption keys at a hardware level.
This technology is now available for EC2 instances that run on NitroTPM-powered hypervisors. This allows Nitro-based EC2 instances to generate, store, and use cryptographic keys without even having to access them. It also handles platform device authentication using the TPM’s unique RSA key, which is burned into the physical hardware.
This is great for workloads that have very specific security requirements that, up until now, could only be satisfied by running the workload on your own hardware.
EC2 supports UEFI Secure Boot
The Unified Extensible Firmware Interface (UEFI) is another industry standard specification, this time for the software interface that handles communication between an operating system and platform firmware.
Secure Boot is a feature that uses a digital signature to verify the integrity of software that boots and runs on your EC2 instance. It even halts the boot process if the signature verification fails, like if a malicious actor alters or tampers with the software.
To get started, check out the UEFI Secure Boot user guide.
Amazon CloudWatch events support AMI status changes
And in even more EC2 news, EC2 can now send notifications to CloudWatch Events for a variety of Amazon Machine Image (AMI) status changes, like the creation, registration, and deregistration of an AMI.
Why is this handy? Because it allows you to initiate further actions based on these events, such as triggering Lambda to automatically launch a new instance using a new AMI, or sending out an SNS notification about the deregistration of an existing AMI.
Register for the AWS EMEA Summit Online
Registration is now open for the AWS EMEA Summit Online, which is happening on June 29. This free event is a great way to hear from AWS experts and participate in breakout sessions, demos, and workshops. I’m excited for it!