AWS This Week

AWS This Week: EFS replication, new EC2 instance type, GuardDuty detects compromised EC2 credentials

Episode description

Faye is back with your AWS news! This week, EFS now supports replication to regions, new types of EC2 instances are now available, and GuardDuty is now able to detect if your EC2 instance credentials are compromised and being used by another AWS account.

Introduction (0:00)
Amazon EFS replication (0:30)
New Amazon EC2 instance type X2iezn (1:16)
New GuardDuty finding (1:59)

Sign up for a free A Cloud Guru plan to get access to free courses, quizzes, learning paths, and web series

Subscribe to A Cloud Guru for weekly Amazon news and AWS services announcements

Like us on Facebook!

Follow us on Twitter!

Join the conversation on Discord!

Series description

Join our ACG hosts as they recap the most important developments in the AWS world from the past week. Keeping up with ever-changing world of cloud can be difficult, so let us do the hard work sifting through announcements to bring you the best of what's new with AWS This Week.

Hello, Cloud Gurus and welcome to AWS this week. And there are some awesome announcements this week, including EFS now supports replication. There's a new EC2 instance type available and GuardDuty is now able to detect if your EC2 instance, credentials are compromised and being used by another AWS account. You're watching AWS this week with me, Faye Ellis. EFS now supports replication. And if you are not familiar with EFS,

it is a fully managed shared file system, which enables you to securely share files them between thousands of EC2 instances using the NFS protocol. So it now supports replication to either the same region or a different region, which is great for disaster recovery and business continuity planning. Replication traffic remains on the AWS global network. Most changes should be replicated within one minute. And EFS replication is designed to meet a recovery point objective or RPO of 15 minutes.

So your data in the replica file system should never be more than 15 minutes out of date. There is a new EC2 instance type available, and it's called X2IEZN - what a mouthful. And these new instances are powered by Intel Zion processes, which support speeds of up to 4.5 gigahertz, which AWS claim to be the fastest processors in the cloud. And these new instance types support up to 48 of these processors as well as a huge 5,000 gigs of memory.

And these new instances will be great for high performance computing and they are particularly suitable for electronic design automation workloads. So automated tools that are used to design circuitry and micro electronics. Amazon GuardDuty is now able to detect if your EC2 instance credentials are compromised and being used by another AWS account. And if you haven't used GuardDuty before, it's a machine learning powered threat detection service, which monitors your account for malicious activity, and it can even detect if your EC2 instance is being used for Bitcoin mining. Now, if your EC2 instance has an identity and access management role attached, then the workloads running on the instance are able to access temporary secure credentials from your instance metadata, allowing them to interact with AWS services and assuming the permissions that are allowed by the instance role. Now,

if your EC2 instance was ever compromised and a malicious actor managed to access these credentials from the instance metadata, then you'd probably want to be alerted and GuardDuty has always been able to do that if the request is from an IP address outside of AWS, but this new announcement means that even if the attack is coming from another AWS account inside the AWS network, then GuardDuty should detect it. Well, that is all for this week. Keep being awesome, Cloud Gurus, take care of yourselves, and I will see you next time.

More videos in this series

Master the Cloud with ACG

Sign In
Welcome Back!

Psst…this one if you’ve been moved to ACG!

Get Started
Who’s going to be learning?