AWS This Week

AWS This Week: CodeGuru Reviewer log injection detector, lower latency EFS, AWS Budgets auto-adjust

Episode description

Stephen is back with your AWS news! This week, CodeGuru Reviewer has a new Detector Library and log injection detection, Amazon EFS supports sub-millisecond latency, WAF launches its new account takeover prevention feature, and AWS Budgets now has an auto-adjusting option.

Introduction to AWS latest news (0:00)
Amazon CodeGuru Reviewer updates (0:33)
Amazon EFS supports sub-millisecond read latency (1:41)
AWS Web Application Firewall Fraud Control (2:29)
AWS Budgets auto-adjusting (3:25)

Get unlimited cloud learning for less with our limited time offer! Save 40% on all Personal Annual plans and take your career to the cloud(s)!

Subscribe to A Cloud Guru for weekly AWS updates and service announcements

Like us on Facebook!

Follow us on Twitter!

Join the conversation on Discord!

Series description

Join our ACG hosts as they recap the most important developments in the AWS world from the past week. Keeping up with ever-changing world of cloud can be difficult, so let us do the hard work sifting through announcements to bring you the best of what's new with AWS This Week.

Hello, Cloud Gurus and welcome to another episode of AWS this week, where we process the goings on of the last week to bring you only the finest AWS news. This week, we'll be covering: CodeGuru Reviewer now has a new detector library and log injection detection, EFS now supports sub-millisecond latency, Web Application Firewall launches its new account takeover prevention feature, and AWS Budgets now have an option for auto adjusting limits. I'm Steven Sennett here to bring you another episode of AWS this week. Amazon's CodeGuru Reviewer - no relation - has had two new interesting updates with the new detector library being announced and new security detectors for log injection vulnerabilities. We only need to cast our minds back to December when security researchers from Alibaba cloud published a now infamous log4shell vulnerability with the popular Java logging utility log4J.

This impacted everything from Twitter to Minecraft, to internet connected toasters. Anyone involved in remediating this issue in their organization will know what a challenge it was. This new log injection detector makes it easier to ensure our applications are preventing forged malicious entries from being made to applications we're developing. Granted this won't solve everything, but it gets us to step closer. The new detector library contains information on all the different security and quality detectors used by CodeGuru, including examples of the code, compliance indicators and other information to help you dive deeper, to understand their findings. Also, if you're not entirely familiar with the log4shell vulnerability, our team at Pluralsight have put together a really cool blog post explaining it further, and also have an upcoming webinar discussing the aftermath and remaining concerns, both of which you can find in the links below.

Amazon Elastic File System now supports sub millisecond read latency for general purpose storage. The distributed nature of EFS has meant that it incurred some latency dealing with files across such a distributed system. While many applications may be able to tolerate this latency, solutions with high performance standards need that leaner efficiency. How long it takes for that first byte to arrive makes a difference and dropping that latency as low as 600 milliseconds cut those times in half. Write operations for general purpose EFS are still in the low single digit millisecond range while EFS max IO latency remains higher.

The trade off for higher throughput is still worth for many scenarios. For full details, check out the AWS documentation on EFS performance, linked in description. This is available right now in all regions where EFS is available and requires no changes to take effect for those general purpose volumes. The new AWS Web Application Firewall fraud control account takeover prevention solution (breathes) has been launched to help you protect your web app login pages against a range of threats. Account takeover prevention looks at the attempted login activities and registers any anomalous behavior, which may indicate attempted compromise such as credential stuffing, where an attacker attempts to use a variety of stolen credentials from previous data breaches, or brute forcing by simply throwing random passwords at the login page until it works. It's only available in a few regions so far,

and there is an additional cost to activate this feature. With both monthly subscription fee and a cost of $1 per thousand login attempt,. it's certainly not cheap, but for large enterprises, that's a small cost overall. And since it's part of the Web Application Firewall and blocking attacks at network edge, I'd expect bruteforce attacks to be shut down before they incur substantial costs. If you're running your own login solution that doesn't already have this protection included, it's probably worth checking out.

AWS budgets now supports auto adjusting budgets, which can dynamically update their limits based on your usage. Alongside fixed and planned budgets, auto adjusting budgets, track your average spend across your previous budgeting period and uses it to set a new baseline, while sending the alert about the updated limit to any budget subscribers. Now to address the elephant in the room, yes, this is AWS taking a service design to limit your spending with a feature designed to increase your spending. Corey Quinn summarizes this brilliantly with his tweet explaining "AWS budget go brrrrr." One of the challenges of organizations and their cloud bills is financial management is often second tier to just building stuff.

This means when your newly deployed database cluster starts running up an extra $20,000 a month. It's sometimes not accounted for in the budget forecast. Costs go up, alerts get triggered and they just become white noise until someone readjusts the budget with the new levels, often weeks or months after the changes was first made. This is what auto adjusting budgets aims to smooth out. Organizations need to have solid management practices for understanding their cloud costs. You absolutely can't grow a mature cloud organization without it, but where organizations would otherwise completely ignore budgeting as just being too hard. I could see this being a handy feature,

if used with the absolute care it deserves. That's it for the news this week. We hope you've enjoyed it. If you're enjoying our content, we're currently running a special promo to help you boost your cloud career with our personal plans available at 40% off until March 7th. This includes access to all of our courses, hands on labs and cloud playgrounds, check out the link to get started. So until next time go forth and learn all the things and as always keeping awesome Cloud Gurus.

More videos in this series

Master the Cloud with ACG

Sign In
Welcome Back!

Psst…this one if you’ve been moved to ACG!

Get Started
Who’s going to be learning?