Help us to make this transcription better! If you find an error, please
submit a PR with your corrections.
Luciano: Hello and welcome. This is AWS Bites episode 136. We were not planning on doing a pre-invent episode, but there has been so much new and exciting stuff coming out of AWS in the last few weeks that we really wanted to share our take, what we think are the best announcements, and really there has been a fire hose of announcements. But by the way, don't worry, we're not going to cover any GenAI stuff.
This is going to be purely a Gen AI free episode, so please stick around and hopefully you'll enjoy what we have to share. Of course, we are not going to cover every single announcement, but again, only what we think are our top picks from the last few weeks. My name is Luciano and today I'm joined by Eoin for another episode of AWS Bites podcast. AWS Bites is brought to you as always by fourTheorem. Sometimes AWS can be a little bit overwhelming and you might need someone to provide you a clear guidance in the fog of the cloud offerings. That someone is fourTheorem, so if that sounds interesting, check us out at fourtheorem.com. By the way, we have been updating our AWS Bites website. We added an amazing feature that allows you to search across all our episodes, including the transcripts, and this is powered by Orama Search. Our website is also all open source, so if you're curious, you can check out how we implemented all of that. We'll have a link in the show notes to the repo, and hopefully with this new feature, you can find all our episodes a little bit more easily. And if there is any topic that interests you with more than 130 episodes, hopefully there will be one episode covering what you're interested about. So please let us know what you think and if you find this feature useful. Okay, so let's get started. I think we want to cover a lot of announcements, but what's your first one, Eoin?
Eoin: We do a lot of stuff with Step Functions, and anyone who's worked with Step Functions will know that dealing with the JSONPath stuff, input path, output path, result selector, can be a little bit difficult. Now there's a whole new way to deal with state in Step Functions. So using JSONata, which is a standard I wasn't familiar with before, you can now have much larger state. You can have up to 10 megabytes of state stored in variables, each of which can be 256k, and you don't necessarily have to pass the state all the way through each step in your function. You can instead just have these variables in one state that you then reference later in another state. Now JSONata is much more powerful than JSON path, so it supports additional functions for transforming data, string manipulation, mathematics, doing daytime stuff, etc. And it's a lot more intuitive, and there's lots of like online playgrounds and stuff you can use to get familiar with it. Speaking of Step Functions, you can now also generate SAM and CloudFormation templates from the Step Functions console. So if you want to play around with the workflow editor, and then generate your SAM template, you can now do that.
Luciano: That's really cool. My first one is EC2 autoscaling, that now is much faster when doing target tracking. Used to be with the minute granularity, I believe, and now is going to the second. So that basically gives you much faster scaling up and down depending on your threshold. So that's pretty cool if you still rely on EC2 and you do lots of autoscaling groups. But going into a more serverless one, we have a couple of news regarding Lambda, and specifically regarding runtimes such as Node.js and Python, because finally we have two new amazing versions supported. So speaking of Node.js, we have Node.js 22 available for Lambda.
And this is a release that I really like for a couple of reasons. The first one is that Node.js 22 gives you native fetch, so you don't need to do polyfilling anymore. And the other one that I care about even more is that Node.js 22 gives you experimental require, which is basically a feature that allows you to use the require for ESM. So if you are working on ESM mode, you can still require CommonJS modules.
And this used to be a little bit of a problem for Middy, because when we published Middy 5, I think it was last year at some point, we decided to go a little bit wild and not support CommonJS anymore, because we wanted to be ESM first and actually ESM only, just for the simplicity of maintaining a package like that. And this had a little bit of a backlash in the community, because lots of people are still using CommonJS. And even if they want to migrate to ESM, it's not something you can just do overnight. So lots of people were effectively stuck with Middy 4.
Now, to be fair, Middy 5 wasn't really adding anything new. So sticking with Middy 4 was effectively the same experience. And we kept maintaining both for a long time. But now you can just use Middy 5 and stay up to date with the latest version and still use CommonJS if you have to. By the way, we just published Middy 6 as well, which comes with some polish and some improvement. So check it out, we'll have the release note in the show notes if you're curious. But yeah, excited about Node.js 22 and Middy 6 as well. And speaking about another runtime, Python as well got a new major release of the runtime. Now Python 3.13 is available as well. Now I don't use Python nearly as much as Node.js, so I wouldn't be able to say which new amazing features are becoming available with this new release. But I'm sure that if you are a Pythonista, you are excited about this one. And I'm sure that there are some amazing features that you can start to use in your Lambdas as well.
Eoin: I know that one of the things that 3.13 introduces, but it's still behind an experimental flag, is removing the GIL, the global interpreter lock from Python and adding free threading support. But it's really like the first step on the journey of adding that free threading support. So it doesn't apply if you're using Lambda because you won't get that experimental flag. But I think there's a lot of other improvements, nice language typing improvements, and also just performance improvements as well.
Luciano: That's nice. I wonder when the cold start benchmarks are going to come out, if there is any major revelation. But I don't know anything about that just yet. Okay, the next one I have is another exciting one in the serverless space, which is Aurora Serverless now scales to zero, which has been another big complaint for a long time. Because when Aurora Serverless v2 was announced, everyone was basically saying, well, this is not really serverless because it doesn't scale to zero. And now this is no longer the case. Now you can scale to zero and scale back up again. Basically takes around 15-20 seconds. So that makes Aurora truly a serverless database. And that's really exciting news. And I'm looking forward to start to play around with Aurora Serverless in, I guess, more context, because before I was only using it mostly for production use cases. Now it starts to become the case that you can use it even for development environments, because it's going to scale to zero when you are not actually using it. What else do we have?
Eoin: Well, on the topic of Lambda, Snapstart has been available for Java for a while. And now it's available for Python and .NET. And we got access to the beta for this before launch, and we were able to run some benchmarks. And with some heavy enough Python functions, we were able to get a 4x speedup, which is pretty impressive. You might remember we talked about Python cold start performance in a previous episode. So this is a really a good thing.
Now, there's always a downside when you've got these new features, there's always some trade-offs to consider. So just to mention, you have to use published versions for functions. So you can't just use $LATEST. And it's only available for ZIP-packaged functions. It's not available for OCI container images at the moment. Now, some people were surprised by the fact that you have to pay extra for Snapstart for Python and .NET, because that wasn't the case with Java. But since Lambda has to store your snapshots, and then when it's restoring them, it has to allocate resources, I suppose it makes sense. And maybe Java developers were just lucky to get a bit of a free ride on that one as it was introduced. But yeah, I think it's definitely worth checking it out if you're really concerned about cold starts in Python and .NET. Now, another thing we covered in a previous episode was Mountpoint for S3. We did a whole episode on it in 1995. Right now, you can use, you can, now you have extra caching available for Mountpoint for S3. So you can use an Express One Zone bucket as a read cache for Mountpoint. So I think Express One Zone was announced, announced that reinvented last year. It's a single availability zone bucket. So you don't get the high availability, but you get much better performance. So if you're using this as a read cache with Mountpoint, then your reads will be up to seven times faster, they say. And speaking of Express One Zone again, there's a really cool new feature for this, which is that you can now append data to existing objects. So if you're doing things like creating log files and appending to them, or doing live video streaming, this could definitely be very useful. And then how do you do it? Well, it's actually just a normal put object call, and now you just can add an offset header, and that will write an append block to your object. And on the topic of S3, if you have a serious bucket addiction, AWS definitely has you covered, because you can now create up to 1 million buckets. Coincidentally, this is about the same number of announcements AWS made in the last year, featuring the phrase Amazon Q. Now, like any good enabler, they give you the first 2,000 buckets for free, but there is actually a price per bucket after that, so don't go to town on your 1 million bucket limit. The next one I have is about DynamoDB, and it's about price slashing.
Luciano: Because now, if you use on-demand throughput, it's half the price than what it used to be. And also, global tables got interesting price slashing, because now they are one-third of the price. So this is super interesting to me, because I always try to use on-demand, but then I'm always a little bit concerned about price in production. And then I try to think, okay, where is the point where I need to start moving to provision mode and do all the calculation, and then make sure I scale accordingly and manage all of the stuff that, with the serverless mindset, I really don't want to manage. I just want the system to do everything on its own and be cheap at the same time. So I think now we are getting a little bit closer to that vision, and maybe I wouldn't have to worry so much anymore about provision concurrency. So I think now it's going to be easy for most people to just stick with on-demand throughput and have reasonable prices. Probably they would be even cheaper than on-demand prices for most cases, and they will scale much better without you having to do a lot of homework on your site. We'll have a link on the show notes if you are curious to read more about this particular announcement. But moving on to the next one, we have ALB headers, which is an interesting feature that seems like a small thing, but can actually be quite useful. But basically now with application load balancers, you can inject custom headers when effectively targeting your load balancer targets.
Eoin: It was a pretty unexpected move because AWS has given Cognito a lot of attention and just announced a whole lot of new features. And another unusual move was that they added these kind of SaaS-like pricing tiers, which is a bit of a departure from AWS's usual pricing model. So now there are three tiers, Lite, Essential, and Plus. So Lite is essentially what you used to get before. It's the legacy tier, really. And then all the new features are in the new tiers. So Essential will give you a new managed login UI. It has support for passwordless authentication, and it allows you to do things like customize access tokens as well. So if you're creating a new user pool now, it'll be in the Essentials tier rather than the Lite tier. And then there's a the plus tier is essentially for enterprise features like compromised password detection, audit logging, and risk-based adaptive authentication, which is basically trying to detect if it may be a malicious login and seeking extra verification from the user. So going on to the new features then, the managed login is an interesting one because previously we've used the hosted UI that they used to have. It's still there, but as part of the Lite package. The new managed sign-in allows you to do much more richer UI customization. I think there's a drag and drop UI as well. So I'm looking forward to looking at that and seeing how well that works. Then you also get passwordless authentication with pass keys, magic links, and SMS. And those are really, I think, great new additions. It's good to see Cognito getting this level of attention. There's also some add-ons that you can pay for, like if you want to do machine-to-machine authorization. And then there's also a whole set of packages you can buy at like fixed price per month that will allow you to get higher throughput on specific operations you want. So if you're really running Cognito at scale, that's definitely worth a look. Now, Lite and Essentials both have a free tier for 1,000, sorry, not 1,000, but 10,000 monthly active users. That's still a pretty generous free tier, I think. Now, the old Cognito pricing model, people often said it was ridiculously cheap. It was a real competitive advantage, actually, that kind of allowed people to adopt Cognito and take some of the pain that was associated with the Cognito developer experience. But I think if they are going to improve that developer experience and add new features and give it continuous love, then it makes sense to fund that work by having a more sensible pricing tier. So the pricing difference, Essentials is about two and a half times per user compared to the old pricing. So I don't think it's outrageous, but you'll have to do your own mathematics on it. And then if you're using the enterprise tier, it seems to be about an extra half a cent for monthly active user.
Luciano: The next one I have is VPC block public access. So if you heard about block public access for S3, it's basically the same thing for VPC, which means that you have a central control that blocks internet access to your VPC, regardless of any internet gateway that you can have in those VPCs. So pretty interesting if you are a network security nerd, I think you might like this one. And sticking with networking, we have another interesting feature announcement involving Lattice. So we spoke about VPC Lattice in episode 88. So check that out if you want to have refresher. And we talked about how you need to have a load balancer in front of an ECS in order to use it with Lattice. And we also said that maybe that would be improved in the future. So you wouldn't have to pay the extra cost and latency. Now that future is finally here. I don't know if it was just a coincidence or maybe somebody at AWS actually listened to that episode. We'd like to think that they did. But yeah, you can now plug ECS directly into Lattice without a load balance. So yeah, again, check out the announcement in the show notes if you're curious to find out more.
Eoin: Yeah, that's a good one. I think Lattice is underappreciated and underutilized. That was a blocker for people in the past. I can see more adoption now. There's a new type of policy. We've also done episodes, I think, on all of the different types of policy you can have with IAM and SCPs, permissions, boundaries. And now we have another one. So it's called resource control policies. And it's essentially like a service control policy, but for resources. So service control policies are policies that apply to all the principles in an account or in an organizational unit. RCPs, resource control policies, can be used to apply policies to all supported resources like S3 buckets, SQS Queues, that sort of thing. So with it, you can do things like centrally deny access to buckets from outside your organization. So it's a pretty nice way to do it rather than having to monitor each individual bucket's resource policy. Now, we seem to be getting a lot of free stuff and price reductions in this pre-reinvent, which is really nice. And one of them is that event bridge is even faster. I think back in episode 23, we talked about EventBridge. And one of the points we made then was how it was not the best compared to SNS, Kinesis, et cetera, when it came to latency. That was over two years ago. And performance has now improved massively, like over 90%, I think. So you can now expect delivery in around 130 milliseconds, which is pretty cool. So hats off to the EventBridge team.
Luciano: Nice. And the last one I have is AppSync WebSocket support. So AppSync now has a new way to do WebSockets. Previously, you had three options for WebSockets on AWS, AWS IoT, API Gateway, and AppSync with GraphQL. Now there is a whole dedicated service called AppSync Events, which should be much simpler to set up than all the other options I mentioned. So that's basically all we have for our pre-invent selection.
There might be maybe some last minute pre-invent announcement. Otherwise, we'd just be curious to see what comes up at re-invent. Oh, and by the way, I will personally go and attend re-invent. So if you are also there and you would like to catch up in person, I'd love to do that. So please reach out on our social channel and let's schedule something together. So that's all we have for today. I'm curious to know if you have any favorite pre-invent announcement. Let us know as well. And as always, we'd love to hear your opinion. And until that, we'll see you next time.