Let's have a look at this week's AWS Updates!

  1. Client VPN now supports MFA for AD.
  2. Bare metal arm based EC2 instances is now available
  3. Amazon Athena now provides an interface VPC endpoint.
  4. AWS Security Hub in GA.

Client VPN now supports MFA for AD

AWS client VPN now supports Multi-factor authentication for Active Directory. The client VPN is a fully managed virtual private network which allows you to securely access your AWS infrastructure from your on-premise network or data centre. This new announcement means that you can now use MFA for any client with VPN connections authenticated using Active Directory. This is a great new feature because it gives an added layer of security when authenticating client VPN connections.

Bare metal arm based EC2 instances are now available

Bare metal arm based EC2 instances are now available. Last year Amazon announced a new type of EC2 instance the A1 instance powered by arm based AWS Graviton Processors. This family is a great fit for scale-out workloads for things like web servers, containerized microservices, caching fleets, and distributed data stores. AWS has now announced that bare metal instances are now available for the A1 instances family. So your operating system runs directly on the underlying hardware with direct access to the processor. This is useful for where you need access to physical resources and low-level hardware features such as performance counters that are not always fully available or supported in a virtualized environment. It's also useful for applications that are intended to run directly on the hardware or license and is supported for use in a non-virtualized environment.

Amazon Athena now provides an interface VPC endpoint

Amazon Athena now has its VPC endpoint and you can deploy this endpoint in your VPC. All traffic to the Athena service will no longer have to traverse the internet making your VPC even more secure. You can create a VPC endpoint to connect to Athena either using the AWS console or the CLI. This is now available in all regions except for the Stockholm region and on government clouds.

AWS Security Hub in GA

AWS Security Hub is now in general availability. This is a great new service which helps you understand the security of your own AWS infrastructure. As you know, under the shared responsibility model, the customer is responsible for the security of the cloud such as the configuration of guest operating systems and network as well as the security configurations of your applications. The security Hub enables you to get a much better understanding of the security profile of your AWS infrastructure by running automated compliance checks based on a predefined standard like the centre for Internet Security. It also includes a dashboard which aggregates findings from existing security tools like Amazon GuardDuty, Amazon Inspector and  Amazon Macie. .