LogiCast AWS News

In Season 4, Episode 38, Karl and Jon welcome AWS Community Builder Luis Valdivia. They discuss the new ECS managed instances for containerized applications on AWS, the cost-effectiveness of serverless architecture at scale, and the latest Anthropic Claude Sonnet 4.5 model now available in Amazon Bedrock. They also cover the general availability of the AWS Knowledge MCP server and a recent social engineering attack on a software platform that exploited AWS domain registration. The episode wraps up with a lighthearted moment as the hosts spend ten minutes trying to determine whether Jon’s background had actually changed or not.   06:05 - ECS managed instances for containerized applications  AWS introduced a new way to run containers called ECS managed instances. This option sits between unmanaged EC2 instances and Fargate, offering more control than Fargate but less management overhead than unmanaged EC2. The pricing model is based on instance type, with a management fee added. This new option provides more flexibility but also adds complexity to the decision-making process for container deployment.   16:17 - Serverless cost-effectiveness at scale  An article by AWS hero Evandro Pires argues that serverless is not inherently expensive at scale, but rather becomes costly when implemented incorrectly. The discussion highlights that serverless encompasses more than just Lambda functions and that proper architecture is crucial for cost-effective serverless deployments. The speakers agree that bad architecture, rather than the serverless approach itself, is often the root cause of high costs.   23:44 - Anthropic Claude Sonnet 4.5 model in Amazon Bedrock  AWS announced the availability of Anthropic's latest AI model, Claude Sonnet 4.5, in Amazon Bedrock. This model is described as Anthropic's most intelligent, particularly for coding and complex agents. The speakers discuss the benefits of having this model integrated into AWS's ecosystem, including enhanced security and data privacy. They also note the incremental improvements over previous versions and its capabilities compared to other models.   30:11 - AWS Knowledge MCP server  AWS released the Knowledge MCP server, which allows large language models (LLMs) to access AWS documentation and knowledge bases. This tool aims to reduce hallucinations and provide more accurate information when using AI for AWS-related tasks. The speakers highlight its potential to improve the reliability of AI-generated code and documentation for AWS services.   36:14 - Social engineering attack on AWS domain registration  A software company called Kodex experienced an outage due to a social engineering attack that targeted their domain registration through AWS. The speakers discuss that while the attack occurred through AWS's systems, it's not entirely fair to blame AWS as it was a human vulnerability rather than a technical exploit. They suggest that AWS and other providers may need to tighten verification policies for domain management, especially for high-profile targets.

In Season 4, Episode 37, Karl and Jon welcome AWS Community Builder Mahmoud Khatib to the show. Together, they dive into some of the latest AWS announcements, including Amazon EC2 Auto Scaling’s new support for forced cancellation of instance refreshes, Amazon RDS enabling cross-region and cross-account snapshot copy, and the expansion of AWS Organizations service control policies to cover the full IAM language. They also explore how log management can be simplified through Amazon CloudWatch centralization, and reflect on AWS being named a leader in the 2023 Gartner Magic Quadrant for AI code assistance. Somewhere along the way, the conversation takes an entertaining detour into the world of tech relics, from floppy disks to Amazon Dash Buttons.   09:19 - EC2 Auto Scaling Forced Cancellation  This new feature allows for immediate cancellation of instance refreshes, which is particularly useful when pushing out bad updates. Previously, users had to wait for in-progress refreshes to finish before canceling, potentially causing more issues. The new feature enables instant cancellation, reducing stress for on-call engineers.   15:52 - RDS Cross-Region and Cross-Account Snapshot Copy  This feature simplifies the process of copying RDS snapshots between regions and accounts. Previously, it required two steps, but now it can be done in one command. This saves time and potentially reduces costs associated with orphaned snapshots.   21:13 - AWS Organizations Service Control Policy  The update allows for full IAM language support in service control policies (SCPs). This enables more granular control and simplifies policy management, potentially replacing some use cases for permissions boundaries. The speakers were particularly excited about the improved wildcard support and the ability to centralize policies.   30:27 - CloudWatch Logs Centralization  This new feature simplifies log management by allowing easier centralization of logs from multiple accounts. It's particularly useful for organizations with multiple single-tenant applications or those needing to collect logs from customer accounts. The process is now simpler, requiring fewer steps and potentially reducing costs.   37:51 - AWS in Gartner Magic Quadrant for AI Code Assistance  AWS was named a leader in the 2023 Gartner Magic Quadrant for AI code assistance. The speakers discussed their experiences with AWS's AI coding tools, including Q Developer and Kiro, noting significant improvements in recent versions. They also expressed some skepticism about the exclusion of certain tools from the Magic Quadrant.   You can connect with Mahmoud online: LinkedIn: https://www.linkedin.com/in/mahmoud-khatib-45900052/ Medium: https://medium.com/@khatib.edge ResearchGate: https://www.researchgate.net/profile/Mahmoud-Khatib-2

In Season 4, Episode 36, Karl and Jon welcome AWS Community Builder Neeraj Sharma to the show. Their conversation covers a wide range of updates and insights, including AWS Organizations’ new Account State Information feature, the migration from Claude 3.5 Sonnet to Claude 4 Sonnet on Amazon Bedrock, and the introduction of Amazon GuardDuty’s new protection plans with extended threat detection capabilities. They also explore the transition from AWS CodeDeploy to Amazon ECS for blue-green deployments, while reflecting on AWS being named a leader in Gartner’s Magic Quadrant for cloud-native application platforms and container management. And, in true podcast style, we also discover a surprising fact: Jon’s forearm happens to be the perfect diameter for fitting a standard extractor fan vent.   09:29 - AWS Organizations' Account State Information  AWS Organizations has introduced new, more granular account states to improve account lifecycle management. This update provides clearer information about account status, including pending activation, active, suspended, pending closure, closed, and post-closure periods. The new states offer better visibility into account status, potentially improving compliance and automation workflows.   16:52 -Migrating from Claude 3.5 Sonnet to Claude 4 Sonnet  Amazon Bedrock is deprecating Claude 3.5 Sonnet and encouraging users to migrate to Claude 4 Sonnet. The migration process involves more than just changing the model flag, requiring code changes and possibly prompt engineering adjustments. The article discusses the challenges of this migration, including potential increases in token usage and changes in output format.   23:52 - Amazon GuardDuty Protection Plans  AWS has introduced new protection plans for GuardDuty, including options for S3, EKS, EC2, RDS, and Lambda. These plans offer extended threat detection capabilities and are designed to improve security monitoring across various AWS services. The article discusses the benefits and potential concerns of these new features, including automatic enablement and cost considerations.   30:47 - Migrating from AWS CodeDeploy to Amazon ECS for Blue-Green Deployments  AWS is recommending users migrate from CodeDeploy to native ECS blue-green deployments for container workloads. This change simplifies the deployment process by eliminating the need for separate appspec files and reducing complexity. The article discusses the benefits of this migration and the continuing relevance of CodeDeploy for other deployment scenarios.   37:33 - AWS in Gartner's Magic Quadrant  AWS has been named a leader in Gartner's Magic Quadrant for cloud-native application platforms and container management. The discussion covers AWS's position relative to other cloud providers like Microsoft Azure and Google Cloud, and the implications of these rankings for enterprise decision-making and cloud strategy.

In Season 4, Episode 35, Karl and Jon dive into AWS Budget Controls with automated actions, explore DMS Data Resync for seamless database migrations, and look at CloudFront’s new support for IPv6 origins. They also compare Fargate and ECS for container orchestration and discuss the shift from the SysOps Admin exam to the new Cloud Ops Engineer certification. And after hearing Jon's DIY plans, thankfully Karl failes to recall his ex tractor fan joke, as it is rather long!   02:13 - AWS Budget Controls AWS introduced a new solution for automating actions based on budget alerts. This architecture uses various AWS services like Config, EventBridge, DynamoDB, and Step Functions to automatically manage cloud costs. Users can set up actions to inform, stop, or terminate resources based on budget thresholds for specific services like EC2, SageMaker, Aurora, and OpenSearch. 10:01 - AWS DMS Data Resync  AWS Database Migration Service (DMS) now offers a Data Resync feature for certain database engines, excluding MySQL. This feature addresses the challenge of maintaining data consistency during migrations, especially for large databases. It allows for quicker resynchronization of data without the need for a full dump and restore, which can be time-consuming for large datasets. 15:28 - Amazon CloudFront IPv6 Support  Amazon CloudFront now supports IPv6 origins, enabling end-to-end IPv6 delivery. This update offers benefits such as non-NAT operation, lower latency, and higher connection scalability. It's particularly relevant for mobile-first markets where IPv6 adoption is high. The change may also lead to cost savings as IPv6 traffic is generally cheaper than IPv4. 19:35 - Fargate vs ECS The article discusses the differences between AWS Fargate and Amazon ECS (Elastic Container Service). It clarifies that Fargate is a serverless compute engine for containers, while ECS is a container orchestration service. The comparison aims to address confusion among users about how these services interact and their respective roles in container deployment. 22:51 - AWS SysOps to Cloud Ops Exam Evolution  AWS has renamed and updated the SysOps Administrator Associate exam to the Cloud Ops Engineer Associate exam. The new exam (SOA-C03) maintains similar content to its predecessor but includes some reorganization of topics and the addition of newer AWS services. The article discusses the implications for certification holders and the evolving nature of cloud operations roles.

In Season 4, Episode 34, Karl and Jon sit down with AWS Community Builder and Software Engineer Iyanuoluwa Ajao for a fast-paced chat on the latest in cloud and beyond. They cover the new AWS Budgets features for cross-account cost visibility, smart ways to optimize Amazon RDS and Aurora costs with Compute Optimizer, and advanced Graviton adoption strategies across regions. The conversation also dives into how AWS scaled to meet the demands of Prime Day 2025, and AWS CEO Matt Garman’s comments on why AI won’t replace junior developers. As always, the hosts veer into lighter territory—this time reminiscing about vintage computers, classic consoles, and coding in Basic. Check out Iyanuoluwa’s blog The Rise of AI, and don’t miss Retro Reset, a tech charity close to Jon’s heart.   05:09 - AWS Budgets improvements  AWS has introduced cross-account cost visibility in AWS Budgets, allowing users to view budgets across multiple accounts within an organization. This feature is particularly useful for managed service providers and large organizations with multiple business units. It enables teams to have a consolidated view of budgets relevant to their specific areas without needing access to the entire organization.   09:23 - Optimizing RDS and Aurora with AWS Compute Optimizer  AWS Compute Optimizer now supports optimization recommendations for Amazon RDS and Aurora databases. This tool helps identify over-provisioned resources, unused instances, and opportunities for right-sizing. The article discusses the importance of database optimization due to its significant impact on overall cloud spending and provides guidance on using Compute Optimizer for databases.   16:04 - Advanced AWS Graviton adoption strategies  The article discusses strategies for implementing AWS Graviton across different AWS regions. It highlights the importance of considering regional differences in instance availability and suggests using mixed instances and instance requirements rather than specific instance types. The article emphasizes the benefits of Graviton for price and performance optimization but notes that some workloads may still require x86 chips.   22:07 - AWS services scaling for Prime Day 2025  AWS shared statistics on how their services scaled to handle Amazon's Prime Day 2025. Notable figures include deploying over 87,000 Inferentia and Trainium chips for Amazon Rufus, powering more than 40% of Amazon.com using Graviton, and processing 1.5 quadrillion daily requests on Amazon ElastiCache. This article demonstrates AWS's ability to handle massive scale and serves as a marketing tool for potential customers.   29:56 - AWS CEO on AI and junior developers Matt Garman, CEO of AWS, stated that junior developers are not at risk of being replaced by AI. The discussion touched on the importance of understanding code versus relying solely on AI-generated solutions. The speakers emphasized the continued need for human developers, especially for smaller companies, and cautioned against over-reliance on AI in software development.

In Season 4, Episode 33, Karl and Jon chat with AWS Community Builder William Antonio Guzmán Bernal. They cover the new AWS Cost Management dashboards, a security issue in AWS Trusted Advisor related to public S3 buckets, how to build AI agents using AWS Serverless, and how to set up large-scale log ingestion pipelines with Amazon OpenSearch Service. They also reflect on ten years of Amazon Aurora innovation—and, once again, veer off into a tangent about painful sports injuries.   05:34 - AWS Cost Management Dashboards  AWS has released new customized billing and cost management dashboards that allow users to display multiple views of billing and cost data on a single page. While not groundbreaking, it provides a more user-friendly interface for finance teams to visualize cost data. However, the speakers noted limitations in sharing this data outside of AWS accounts.   14:10 - AWS Trusted Advisor Security Flaw  A security researcher discovered a flaw in AWS Trusted Advisor that allowed public S3 buckets to go unflagged under certain configurations. The speakers discussed that this was likely an intentional edge case used to test the system rather than a common misconfiguration. AWS has since fixed the issue, and the article was seen as somewhat sensationalized.   22:54 - Building AI Agents on AWS Serverless  The article discusses using AWS Serverless to build AI agents. The speakers noted that while serverless is often a good starting point, this particular use case is quite advanced (300-level) for both AI and serverless technologies. They discussed the rapid pace of AI development and the new AWS Agents SDK, which simplifies the process of building AI agents.   29:47 - Enterprise-scale Log Ingestion with Amazon OpenSearch  The article covers building large-scale log ingestion pipelines using Amazon OpenSearch. The speakers cautioned that while powerful, OpenSearch may be overkill and too expensive for smaller organizations. They emphasized the importance of considering budget and actual needs when choosing logging solutions.   36:23 - 10 Years of Amazon Aurora  The podcast discussed various innovations in Amazon Aurora over the past decade, including cross-region read replicas, serverless capabilities, and increased storage capacity. The speakers highlighted features like synchronous read replicas and the simplicity of deployment options as particularly impressive or useful advancements.

In Season 4, Episode 32, Karl and Jon welcome AWS Community Builder and DynamoDB and Serverless technologies expert, Uriel Bitton. Together, they explore a range of fresh developments in the AWS ecosystem: the introduction of Amazon CloudWatch’s organization-wide VPC Flow Logs enablement, Amazon SQS’s expanded maximum message payload size to 1 MiB, and the arrival of OpenAI’s open-weight models on AWS Bedrock. They also delve into monitoring AWS Backup vault lock compliance across organizations and discuss how capacity constraints are limiting the growth of major cloud providers. The conversation then takes a playful turn, as the hosts debate whether SQS “FIFO” queues should be pronounced "FEEFO" or "FYFO", evoking childhood memories of Jack and the Beanstalk...   03:15 - Amazon CloudWatch's organization-wide VPC flow logs enablement  This new feature allows users to enable VPC flow logs across an entire organization, rather than configuring them per VPC. It uses AWS Config for remediation, which can be expensive. The feature aims to simplify management and improve security monitoring across multiple accounts and regions. 09:58 - Amazon SQS increasing maximum message payload size  AWS increased the maximum message payload size for Amazon SQS from 256 KiB to 1 MiB, a 4x increase. This change eliminates the need to use S3 as an intermediary for larger payloads, simplifying architectures and potentially reducing costs. It's particularly beneficial for AI-related workloads that often involve larger data transfers. 16:06 - OpenAI's open-weight models on AWS Bedrock  AWS has made OpenAI's open-weight models available on their Bedrock platform, marking a significant collaboration between competitors. This addition expands the range of AI models available to AWS customers and demonstrates Amazon's commitment to providing diverse AI options, even from competitors. 22:16 - Monitoring AWS Backup vault lock compliance  The article discusses how to monitor AWS Backup vault lock compliance across an organization. Vault lock is a feature that enforces retention policies for backups, crucial for ransomware protection. The monitoring solution described seems to offer an alternative to using compliance frameworks, potentially providing a simpler or more cost-effective approach. 29:03 - Capacity constraints affecting cloud vendor growth  Major cloud providers, including AWS, Microsoft, and Google, have reported that data center capacity constraints are limiting their growth. This is particularly due to the increased demand from AI workloads, which require significant computing power and energy. The situation contrasts with earlier reports of canceled data center contracts, suggesting a complex landscape of expansion and optimization in the cloud industry.

In Season 4, Episode 31, Karl and Jon are joined by Warren Parad, CTO of Authress. Together, they discuss a range of topics including AWS Managed Microsoft Active Directory and best practices for security, the Amazon Q Developer CLI and serverless solutions, implementing defense-in-depth security for CodeBuild pipelines, and the latest quarterly financial results from AWS, Microsoft, and Google Cloud. They also cover the UK Competition and Markets Authority’s investigation into cloud service providers — all while Karl battles network issues ahead of his upcoming fibre installation.   03:47 - AWS managed Microsoft Active Directory  The article discusses how to automatically disable users in AWS managed Microsoft Active Directory based on GuardDuty findings. The process involves a complex setup described as a "Rube Goldberg machine," including Event Bridge, Step Functions, and Systems Manager. The speakers debate the practicality of this solution and suggest alternatives like using Azure Active Directory instead.   08:40 - Amazon Q developer CLI and serverless solutions  This article from the AWS artificial intelligence blog discusses building modern serverless solutions using Amazon Q developer CLI. The speakers express skepticism about the quality of the recommendations provided by the tool, noting that even the examples in the blog post don't adhere to best practices. They discuss the concept of MCP (Multi-Cloud Platforms) and its relevance in the context of AI and API interactions.   13:16 - Defense in depth security for CodeBuild pipelines  The article focuses on implementing defense in depth security measures for CodeBuild pipelines. The speakers discuss the relevance of such measures, especially in the context of open-source projects and potential security risks from pull requests. They also touch on the recent security incident with AWS tools for Q developer and the need for transparency in such situations.   22:52 - Cloud providers' quarterly financial results  The discussion covers the quarterly financial results of major cloud providers (AWS, Microsoft Azure, and Google Cloud). The speakers analyze the growth rates, revenue numbers, and the challenges in comparing these figures due to differences in how each company reports their cloud-related earnings. They also discuss the impact of AI investments on these results.   33:36 - UK Competition and Markets Authority probe  The podcast covers the ongoing probe by the UK Competition and Markets Authority into major cloud service providers. The investigation has focused on Microsoft and Amazon, finding that both have "significant unilateral market power." The speakers discuss the implications of this finding, the challenges faced by smaller cloud providers, and the potential impact on issues like egress fees.

In Season 4, Episode 30, Karl and Jon are joined by Pieter VanIperen, CISO at AlphaSense. They discussed AWS security best practices and authentication methods, the Security Reference Architecture (SRA) and the SRA Verify tool, as well as the Model Context Protocol (MCP) and its implications for CIOs. They also covered the CLOUD Act and its impact on data access, and a compromised Amazon Q extension that posed a security risk. Finally, the guys discovered that Jon's interest in karate extends to Japanese electoral politics.   06:17 -  Beyond IAM Access Keys: Modern Authentication Approaches for AWS This article discusses the shift from traditional IAM users and access keys to more secure authentication methods. It recommends using Cloud Shell for CLI access, Identity Center for permissions management, and emphasizes the principle of least privilege. The article also covers scenarios where access keys might still be necessary and suggests alternatives like OIDC for better security.   15:20 - Introducing SRA Verify: An AWS Security Reference Architecture Assessment Tool  The article introduces SRA Verify, a tool for assessing compliance with AWS Security Reference Architecture guidelines. It provides automated checks for various security services like CloudTrail, GuardDuty, and Security Hub. The tool aims to simplify the deployment and assessment of security measures in AWS environments.   23:09 -  MCP Doesn't Stand for Many Critical Problems, but Maybe It Should for CIOs  This article discusses the challenges and potential risks associated with Model Context Protocol (MCP) for CIOs. While MCP offers new possibilities for AI integration, it also raises concerns about data security, context poisoning, and the need for proper scoping and permissions management. The discussion highlights that many organizations are still in the early adoption phase of MCP.   30:42 -  5 Facts About How the CLOUD Act Actually Works  AWS published an article addressing misconceptions about the CLOUD Act, a US law from 2018. The article aims to clarify that the Act doesn't give unrestricted access to data and that proper encryption and security measures can protect customer data. It emphasizes that AWS prioritizes customer data privacy and security.   40:33 - Compromised Amazon Q Extension Told AI to Delete Everything  This article discusses a security incident where a malicious actor compromised an Amazon Q extension for VS Code. The compromised extension contained a destructive AI prompt that could potentially delete user files. The incident highlights the importance of code review and the potential risks in the open-source ecosystem.

In Season 4, Episode 29, Karl and Jon are joined by AWS Community Builder and Ambassador Niklas Westerstråhle to discuss the AWS Free Tier overhaul, the new Cloud Operations Engineer certification, the launch of the Amazon Kiro AI, and a security issue with misconfigured AWS Organizations policies. They wrap up with thoughts on the latest Amazon/AWS layoffs—and a fun debate over whether Niklas should keep wearing his gold AWS jacket after his certifications expire, like it's some kind of sacred relic that loses its powers.   04:15 - AWS Free Tier Overhaul  The AWS Free Tier has been significantly updated. New accounts now receive up to $200 in credits valid for 6 months instead of the previous 12-month free tier offerings. Users can earn additional credits by completing certain tasks. The new system aims to be more developer-friendly and reduce surprise bills. Accounts are automatically closed after 6 months unless upgraded to paid plans. 15:03 - New AWS Cloud Operations Engineer Certification  AWS is updating the SysOps Administrator certification to become the AWS Certified Cloud Ops Engineer. The exam will include new content on containers and other topics. Existing SysOps Administrator certificate holders will need to take the new exam to earn the Cloud Ops Engineer certification. The change has caused some debate about recertification requirements for those holding multiple AWS certifications. 28:58 - Amazon Kiro AI Coding Assistant  AWS launched Kiro, a new AI-powered coding assistant, currently in preview. It's based on Visual Studio Code and uses Anthropic's AI models. Kiro aims to assist with coding tasks and project setup. AWS is running a competition with $100,000 in prizes for developers to build applications using Kiro 28:23 - AWS Organizations Misconfigured Managed Policy  A security issue was discovered in the AmazonGuardDutyFullAccess managed policy, which could potentially allow attackers to gain full AWS organizational control. AWS has fixed the issue by creating a new version of the policy (with "_V2" appended). Users are advised to review and update their environments to use the new policy version. 34:15 - Amazon/AWS Layoffs Reuters reported that AWS is cutting hundreds of jobs in its latest round of layoffs. The speakers discussed the scale of these layoffs in context of Amazon's overall workforce and debated the potential impact of AI on employment in the tech industry. They also critiqued the article's presentation of the information, noting that it seemed to conflate Amazon and AWS employee numbers.

In Season 4, Episode 28, Karl and Jon are joined by AWS Community Builder Mahendran Selvakumar. Together, they dive into topics including Amazon’s development of cooling equipment for NVIDIA GPUs to support AI acceleration, the launch of the new AWS Builder Center for the AWS Builder Community, and Amazon's massive AI supercluster—Project Rainier—built for Anthropic. They also explore the upcoming changes to the AWS Free Tier, which will introduce a new credit-based system. And in true Karl fashion, he deftly steers the conversation away from a tangent on uneven sun tans.   05:23 - AWS Transform for VMware  AWS has shifted its strategy from supporting VMware workloads to encouraging migration off VMware entirely. The new AWS Transform for VMware service helps migrate VMware workloads to native AWS services, potentially reducing licensing costs and manual efforts. It supports various migration tasks like network conversion and instance sizing. 12:08 - Amazon cooling equipment for Nvidia GPUs  As AI workloads increase power demands, Amazon is developing in-row heat exchangers to cool Nvidia GPUs more efficiently. This liquid cooling solution can be retrofitted into existing data centers and is designed to handle the extreme heat generated by high-density GPU racks used for AI applications. 17:50 - Amazon CloudWatch and Application Signals MCP servers for AI-assisted troubleshooting  AWS launched two open-source MCP servers for CloudWatch and Application Signals, enabling AI agents to troubleshoot issues via natural language—accessing metrics, logs, traces, and SLOs for faster root cause analysis. 22:23 - New AWS Builder Center  AWS has launched a new Builder Center to unify various community programs and resources. It provides a centralized platform for learning, building, and connecting within the AWS ecosystem. The center includes features like wishlists for suggesting ideas to AWS and supports multiple languages for broader accessibility. 29:17 - Amazon's AI supercluster for Anthropic (Project Rainier)  Amazon is building a massive AI supercomputer cluster for Anthropic, using custom-designed AI chips instead of traditional GPUs. This project demonstrates significant investment in AI capabilities and includes a custom network fabric for high-bandwidth communication between nodes. 34:39 - Changes to AWS Free Tier  AWS is replacing its traditional free tier with a new credit-based system. New accounts will receive $100 in credits valid for 6 months, with restrictions on certain high-usage services. This change aims to simplify the free tier and prevent unexpected charges for new users.

In Season 4, Episode 27, Karl and Jon are joined by AWS Community Member, Tim Dodd. They discuss Amazon DynamoDB Global Tables with multi-region strong consistency, Amazon ECS-optimized Windows Server 2025 AMIs, AWS Backup support for copying S3 backups across regions/accounts in GovCloud, a Chrome extension using AI to summarize web pages, and building a generative AI landing zone on AWS and then the guys realized they’d spent more time talking about the world’s weather than any of the AWS articles.   03:19 - Amazon DynamoDB Global Tables with multi-region strong consistency This feature allows for strongly consistent multi-region DynamoDB tables, similar to Aurora DSQL. It's currently limited to major AWS regions but enables applications to have the same consistent data across multiple geographic locations. This is useful for disaster recovery, high availability, and serving users in different regions with the same synchronized dataset. 08:49 -Amazon ECS optimized Windows Server 2025 AMIs  AWS has released new Amazon ECS optimized Windows Server 2025 AMIs. While not groundbreaking, this update ensures Windows container users can run workloads on up-to-date host systems. It highlights the ongoing need to support Windows workloads in containerized environments, despite limitations compared to Linux containers. 13:30 - AWS Backup support for copying S3 backups across regions/accounts in GovCloud This feature allows GovCloud users to copy S3 backups across regions and accounts, bringing capabilities already available in commercial AWS regions to GovCloud. It's particularly relevant for government agencies adopting cloud-first strategies and implementing best practices for data backup and disaster recovery. 20:12 - Chrome extension using AI to summarize web pages  A developer created a Chrome extension that uses AI to summarize web page content. This tool addresses short attention spans and language barriers by providing quick summaries of long articles or content in unfamiliar languages. It demonstrates a practical application of AI for improving web accessibility and information consumption. 26:59 - Building a generative AI landing zone on AWS  This article discusses how to build a generative AI landing zone on AWS, adapting traditional landing zone concepts to AI workloads. It covers foundational guardrails, development fast lanes, composable building blocks, observability, and governance specific to AI applications. The approach aims to provide a secure, compliant, and efficient foundation for deploying AI workloads on AWS.  

In Season 4, Episode 25, Karl and Jon are joined by AWS Community Hero Stephen Sennett. They discuss recent AWS security enhancements and active defense measures, including the introduction of exportable public SSL/TLS certificates from AWS Certificate Manager, the enforcement of 100% MFA for AWS root users, and Amazon Inspector’s new code security feature. The conversation also covers AWS’s $20 billion investment in Australian data center infrastructure. The episode wraps up with a light-hearted segment where the hosts compare their sports tape collections, each trying to outdo the other with increasingly outrageous injury stories.   05:45 - AWS improves active defense to empower customers  This article discusses AWS's internal security tools like Madopt, Mythroat, and Sonaris, which help protect customers at scale. It highlights the decreasing trend in global malicious vulnerability exploit attempts and emphasizes AWS's ability to provide security measures that individual organizations cannot match. 16:40 - AWS Certificate Manager introduces exportable public SSL/TLS certificates AWS now offers exportable public SSL/TLS certificates at competitive prices ($15 for single domain, $150 for wildcard). This new feature allows for end-to-end encryption within the AWS ecosystem and provides a more cost-effective and manageable solution compared to traditional certificate authorities. 26:14 - AWS enforces 100% MFA for root users AWS has achieved 100% MFA enforcement for root users, addressing a long-standing security concern. This change alters the login flow for new accounts, requiring MFA setup before access is granted. The guys also discusse the importance of hardware MFA solutions for organizations. 35:48 - Amazon Inspector launches code security feature  Amazon Inspector now includes a code security feature that scans code for vulnerabilities and security issues. While not as comprehensive as some existing tools, it provides a convenient option for AWS customers who want to keep their security tooling within the AWS ecosystem. 42:32 - AWS invests $20 billion in Australian data center infrastructure  AWS is investing $20 billion AUD (about $12.8 billion USD) to expand its data center infrastructure in Australia. This investment aims to strengthen Australia's AI capabilities, improve renewable energy usage, and address data sovereignty concerns. The article also mentions AWS's commitment to training 400,000+ people in Australia in cloud skills since 2017.  

In Season 4, Episode 24, Karl and Jon are joined by Randall Hunt, CTO of Caylent, for a dynamic and insightful conversation that blends cutting-edge cloud developments with a dash of humor. They dive into some of the latest updates from AWS, including the launch of on-demand key rotation for imported keys via AWS Key Management Service, new application layer 7 DDoS protection for customers using AWS Web Application Firewall and AWS Shield Advanced, and enhanced CloudTrail logging for Amazon S3’s delete objects API, which offers improved auditability and operational visibility. The discussion also explores Amazon’s ambitious investment plans in global data center infrastructure and the introduction of AWS’s new liquid cooling technology designed for next-generation AI data centers. As always, the episode takes an entertaining turn when the conversation veers into a lighthearted tangent about IKEA meatballs and flat-pack furniture.   04:04 - AWS Key Management Service (KMS) on-demand key rotation  This new feature allows users to rotate imported keys, which was previously not possible. It improves key management and security while maintaining backwards compatibility. The pricing model includes additional charges for the first two rotations, with a cap after that. 08:44 - New application layer 7 DOS protection  AWS introduced enhanced DDoS protection for Web Application Firewall and Shield Advanced customers. This feature uses machine learning to quickly learn normal traffic patterns and protect against complex layer 7 attacks, especially with the challenges posed by HTTP/3 and newer protocols. 14:17 - AWS CloudTrail enhanced logging for S3 delete objects API  CloudTrail now provides more detailed logging for S3 delete operations, including bulk deletes. This closes a gap in logging capabilities, making it easier to track and audit object deletions without relying on expensive bucket-level logging. 19:22 - Amazon's data center infrastructure investments  AWS announced significant investments in data center infrastructure globally, including $20 billion in Pennsylvania, $10 billion in North Carolina, and $5 billion in Taiwan. These investments demonstrate AWS's commitment to expanding its cloud infrastructure despite recent reports of AI data center project delays. 26:58 - AWS liquid cooling technology for AI data centers   AWS introduced a new liquid cooling system for its next-generation AI data centers. This closed-loop system allows for more efficient cooling of high-density racks, particularly for GPU workloads. The technology provides flexibility in deployment and doesn't significantly increase water consumption.

In Season 4, Episode 23, Karl and Jon are joined by Cloud Security Consultant, Deep Shankar Yadav for a wide-ranging discussion on recent cloud updates and innovations. They cover the latest enhancements to the AWS Pricing Calculator, including support for discounts and purchase commitments, making it easier for users to estimate and plan costs more accurately. The conversation moves to Amazon EC2's new feature that allows for the deletion of underlying EBS snapshots when deregistering AMIs, helping users streamline storage management. They also explore how Amazon GuardDuty and Amazon Detective can be used together to detect and investigate EC2 malware, providing stronger security insights. The episode highlights how developers can boost productivity with Claude Code and take advantage of prompt caching in Amazon Bedrock. They also reflect on AWS’s launch of a new sovereign cloud in Europe, aimed at addressing data residency and regulatory requirements. To cap it all off, the trio dives into a fun debate over whether karate is fundamentally more offensive or defensive in nature.   04:26 - AWS Pricing Calculator  The AWS Pricing Calculator now supports discounts and purchase commitments, allowing users to get more accurate cost estimates. This update is particularly useful for product businesses and internal teams, but may add complexity for consulting businesses when explaining costs to clients. The tool's effectiveness still depends on accurately knowing usage patterns. 13:25 - Amazon EC2 and EBS snapshots  Amazon EC2 now allows users to delete underlying EBS snapshots when deregistering AMIs. This feature helps clean up orphaned snapshots and reduces storage costs. Users need to enable this option manually, and it won't delete snapshots associated with multiple AMIs. 20:37 - Detecting EC2 malware  The article discusses using Amazon GuardDuty and Amazon Detective together to detect and investigate EC2 malware. While this combination provides a good workflow for security investigations, it requires manual setup and lacks some features found in commercial malware protection offerings, such as automatic quarantine. 27:22 - Claude Code and Bedrock prompt caching  Anthropic's Claude Code is entering the AI coding assistant market, competing with GitHub Copilot and Amazon's Q Developer. The article highlights the benefits of using Claude Code through AWS Bedrock, including data privacy and prompt caching for improved efficiency. 33:24 -AWS sovereign cloud in Europe  AWS is launching a sovereign cloud in Europe, starting in Germany, to address data sovereignty concerns. This separate entity will be governed independently from Amazon Inc. and AWS. The move is seen as a response to growing demands for data localization and sovereignty, particularly in regions like the Middle East.  

In Season 4, Episode 22, Karl and Jon are joined by AWS Community Builder Mohit Saxena to unpack the latest in AWS news. They kick things off with the general availability of Amazon Aurora DSQL, followed by updates to Amazon ECS, which now provides more detailed exit reason messages. The conversation moves into developer tools, highlighting how Amazon Q’s Developer CLI agents can be used to automatically generate architecture diagrams. They also explore a new cost comparison feature in AWS Cost Explorer and improvements to the Cost Optimization Hub, which now supports preferences for savings plans and reserved instances. The episode also touches on a recent survey reflecting growing dissatisfaction with the rising costs of cloud computing. Just as the discussion hits full technical stride, things take an unexpected (and hilarious) turn when the trio dives into a spirited debate over the best way to fold a wrap—completely derailing the AWS updates in favor of culinary strategy.   04:58 - Aurora DSQL General Availability  Aurora DSQL, announced at re:Invent 2023, is now generally available. It offers a globally distributed database service with millisecond-level time synchronization, solving distributed time issues. It provides active-active distributed architectures with high availability (99.99% within a single region, 99.999% multi-region) and no single point of failure.   10:54 - ECS Exit Reason Message Increase Amazon ECS has increased the exit reason message character limit from 255 to 1,024 characters. This change makes debugging failed container starts significantly easier by providing more detailed information. The extended message can be accessed through both the management console and the describe tasks API.   14:28 - Architecture Diagrams with Amazon Q Faye Ellis wrote about creating architecture diagrams using the Amazon Q developer CLI agent. This tool can generate mermaid diagrams or Draw.io compatible diagrams from YAML templates or CloudFormation code. It's a useful feature for visualizing and understanding complex architectures quickly.   20:32 - Cost Explorer and Cost Optimisation Hub  AWS Cost Explorer now offers a new cost comparison feature allowing users to overlay and compare costs from different time periods more easily. It also includes a new widget on the cost management home page showing the top 10 cost variations in the previous two months, making it easier to identify and analyze cost trends.The Cost Optimization Hub now supports savings plans and reservations preferences. Users can set their preferences for upfront payments and commitment terms, allowing for more realistic and aligned cost-saving recommendations based on their financial situation and needs.   30:35 - Cloud Cost Dissatisfaction Survey A Gartner survey revealed growing dissatisfaction with cloud computing costs. The article suggests that many organizations moved to the cloud without proper planning or workload analysis, leading to higher than expected costs. It highlights the importance of due diligence and proper cloud migration strategies to realize the full benefits of cloud computing.

In Season 4, Episode 21, Karl and Jon are joined by Community Builder Ayhan Setirekli to discuss a range of AWS updates and industry news. Topics include the new EC2 feature: customer-initiated reboot migrations for scheduled events, enhancements to Amazon Inspector for container security, the launch of the AWS Product Lifecycle page, and updates on service availability. They also cover a report revealing that generative AI spending is now surpassing security spending in some organizations, and a widespread misconfiguration in cloud storage buckets exposing over 200 billion files and then the conversation shifted to plumbing—almost as if they were trying to fix a leaky S3 bucket!   06:09 -EC2 Customer-initiated reboot migrations  This feature simplifies the process of rebooting EC2 instances for scheduled maintenance events. Previously, users had to manually stop and start instances, which could be time-consuming. The new feature allows for a simpler reboot process, making it easier for users to manage their instances during maintenance windows. 09:36 - Amazon Inspector container security enhancement  Amazon Inspector now maps Amazon ECR images to running containers, improving visibility and security for containerized workloads. This feature helps users identify vulnerabilities in container images and track where these images are running, making it easier to manage and secure container deployments across ECS and EKS environments. 17:22 - AWS Product Lifecycle page and service availability updates AWS has introduced a new page that provides information on service deprecations and end-of-life announcements. This addresses previous criticism about lack of communication regarding service discontinuations. The page includes details on end of support dates, migration plans, and access restrictions for new customers, improving transparency for AWS users 24:01 - Generative AI spending overtaking security  A report suggests that some organizations are prioritizing generative AI spending over security budgets. This trend raises concerns about potential security risks, especially as AI adoption introduces new vulnerabilities. The shift in spending priorities is more pronounced in larger companies, while smaller businesses still tend to focus on security investments. 29:15 - Cloud storage bucket misconfiguration  A study revealed that 660,000 misconfigured cloud storage buckets have exposed 200 billion files across multiple cloud providers. This highlights ongoing issues with cloud security practices, despite efforts by providers to improve default security settings. The problem appears to be worsening, with a 30% increase in exposed buckets compared to the previous year.  

In Season 4, Episode 20, Karl and Jon are joined by AWS Ambassador and Community Builder, Jenn Bergstrom for a wide-ranging discussion on key developments in cloud and infrastructure. They explore AWS CloudTrail network activity events for VPC endpoints, strategies for enhancing application resiliency using Amazon Q Developer, and how AWS security services can be mapped to MITRE frameworks for improved threat detection and mitigation. The episode also touches on AWS’s push for chip production in the UK amid the growing energy demands of AI, and the country’s increasing reliance on nuclear power to support data centers. Wrapping up on a lighter note, the trio jokes about launching “Nuclear Reactor as a Service” for AWS’s mobile data centers—complete with trailer-sized reactors to power them anywhere. 06:44 - AWS Cloud Trail Network Activity events for VPC Endpoints  The article discusses the introduction of Cloud Trail Network Activity events for VPC Endpoints. The hosts debate whether this feature is new or was previously announced. They discuss the importance of having proper auditability for cloud services from day one and question why Cloud Trail integration isn't a standard feature for new AWS services. 11:31 - Enhancing application resiliency using Amazon Q developer https://aws.amazon.com/blogs/devops/how-to-enhance-your-application-resiliency-using-amazon-q-developer/ This article focuses on how Amazon Q developer can be used to improve application resiliency. Jen, as a chaos engineering practitioner, explains how this tool can help identify single points of failure and provide recommendations to improve architecture. The hosts discuss the potential of Q to upskill junior architects and its integration with existing dev tools. 18:27 - Mapping AWS security services to Mitre frameworks  The article discusses how AWS security services map to Mitre frameworks for threat detection and mitigation. The hosts talk about the importance of these frameworks in the security community and recent funding issues with Mitre. They also discuss the EU's creation of its own vulnerability database and the mapping of AWS services to different aspects of the Mitre framework. 28:56 - AWS pushing UK chip plans amid AI energy crunch  This article focuses on AWS's promotion of their custom silicon, including Graviton chips, in response to the increasing energy demands of AI workloads. The hosts discuss the benefits of ARM-based chips in terms of energy efficiency and performance, and how this relates to the sustainability of data center growth for AI applications. 37:56 - UK's need for more nuclear power to support AI and data centers  The final article discusses Amazon's stance on the need for more nuclear power in the UK to support AI and data center growth. The hosts debate the pros and cons of nuclear energy, its safety compared to other power sources, and the potential for small-scale reactors to power individual data centers.

In Season 4, Episode 19, Karl and Jon are joined by Rob Pankow, Simplyblock CEO, to discuss the new AWS EBS snapshot acceleration feature, the evolution of AI agents, AWS’s guide for responsible AI adoption in financial services, and how to use Amazon Q Business to gain insights from AWS Trusted Advisor. They also touch on cloud hyperscaler earnings and market share—before realizing they had spent more time talking about Jon’s t-shirt than the actual AWS news.   04:55 - AWS EBS snapshot acceleration feature  This new feature allows users to accelerate the transfer of data from an Amazon EBS snapshot to a new EBS volume. It offers two tiers of initialization rates, ranging from 100-200 Mbps and 200-300 Mbps, with associated costs. While it provides faster restoration and initialization, especially beneficial for disaster recovery and high-performance computing, it comes with additional costs that may be significant for large-scale users. 15:19 - AI agents and their development The article discusses the concept of AI agents, which are more advanced than foundation models and can perform tasks beyond their initial training data. It explores how to build AI agents using JavaScript and highlights their potential impact on various industries. The discussion touches on the challenges of widespread adoption and the need for reliability in production environments. 23:36 - AWS guide for responsible AI adoption in financial services  AWS has released a guide on governance, risk, and compliance for responsible AI adoption within the financial services industry. The guide, available through AWS Artifact, aims to help financial institutions navigate the complexities of implementing AI technologies while adhering to regulatory requirements and best practices. The article's disappearance from the AWS Security blog raised questions about potential updates or revisions to the guide. 30:21 - Using Amazon Q Business for AWS Trusted Advisor insights  This article explores how Amazon Q Business can be used to obtain faster and more actionable insights from AWS Trusted Advisor. The setup involves creating a custom business application, integrating with Trusted Advisor data, and connecting to project management tools like Jira. While the concept is promising, the implementation requires significant effort and may not be as seamless as desired. 39:08 -Cloud hyperscaler earnings and market share    The article discusses the recent earnings announcements from major cloud providers (AWS, Microsoft Azure, and Google Cloud). It highlights the continued growth of the cloud industry, with AWS maintaining its market leadership despite slower growth rates. The discussion touches on the inconsistent reporting methods between providers and the significant financial resources required to build and maintain a hyperscale cloud infrastructure.  

In Season 4, Episode 18 Karl & Jon are joined by AWS Hero Renato Losio. They discuss the introduction of tiered pricing for Amazon CloudWatch logs, new logging destinations, and standardized billing for the init phase in AWS Lambda; the launch of just-in-time node access via AWS Systems Manager; the use of AWS Transfer Family and GuardDuty for enhanced malware protection; the ongoing AI data center boom and its potential slowdown; and Jon’s return to the group, gracing them once more despite his rise as an internationally recognized tech conference speaker.   08:46 - AWS Lambda introduces tiered pricing for Amazon CloudWatch logs and additional logging destinations  AWS is now charging for the init phase of Lambda functions across all runtimes, which was previously free for some. This change is seen as a standardization effort but also as a price increase. While it may force developers to optimize their init phase, there are concerns about the impact on costs, especially for larger-scale users. 16:11 - AWS Lambda standardizes billing for init phase  This new feature allows for temporary, just-in-time access to nodes, improving security by reducing standing access. While the functionality is praised, especially for large enterprises and highly regulated industries, the pricing ($10 per node per month) is considered expensive. The feature includes approval workflows and integration with communication tools like Slack. 23:10 - Introduction of just-in-time node access using AWS Systems Manager  This new feature allows for temporary, just-in-time access to nodes, improving security by reducing standing access. While the functionality is praised, especially for large enterprises and highly regulated industries, the pricing ($10 per node per month) is considered expensive. The feature includes approval workflows and integration with communication tools like Slack. 31:44 - Using AWS Transfer Family and GuardDuty for malware protection  The article describes how to use AWS Transfer Family (for SFTP) and GuardDuty for malware scanning of uploaded files. While the solution is praised for its architecture and implementation, there are criticisms about the continued use of SFTP and questions about why AWS doesn't offer this as a managed service. 38:54 - AI data center boom and potential slowdown in big tech companies' data center investments The article discusses recent news about big tech companies like AWS and Microsoft pulling back on some data center investments. The podcast hosts and guest are not particularly concerned, viewing this as part of the normal cyclical nature of data center investments. They suggest that factors like improved hardware efficiency and geopolitical issues may be influencing these decisions rather than a true slowdown in AI-related growth.   Guest was Renato Losio https://cloudiamo.com/