AWS 的 us-east-1
上次加第五個 AZ 不知道是什麼時候了,找資料找不太到... 這次宣佈加第六個 AZ 進去了:「Sixth AZ in US East (N. Virginia) Region」。
依照 AWS 之前有提出來的架構,所有 AZ 之間都是有互向連接的... 所以 us-east-1 加 AZ 都會比其他區域辛苦不少...
幹壞事是進步最大的原動力
AWS 的 us-east-1
上次加第五個 AZ 不知道是什麼時候了,找資料找不太到... 這次宣佈加第六個 AZ 進去了:「Sixth AZ in US East (N. Virginia) Region」。
依照 AWS 之前有提出來的架構,所有 AZ 之間都是有互向連接的... 所以 us-east-1 加 AZ 都會比其他區域辛苦不少...
AWS 的 Lambda@Edge 宣佈 GA 了:「Lambda@Edge – Intelligent Processing of HTTP Requests at the Edge」。
最直接的應用就是在 CloudFront 的 edge 上執行一小段 code,修改 HTTP request 或是 HTTP response 了,不過可以看到一些限制:
不過要用來解哪些問題要再想一下...
AWS CloudWatch 推出了秒級的記錄功能:「New – High-Resolution Custom Metrics and Alarms for Amazon CloudWatch」。
從一分鐘變成一秒鐘讓之後的調整以及 debug 好用很多... 不過這次支援秒級的是 custom metrics,原先 AWS 自家服務的支援不在這次範圍:
Today we are adding support for high-resolution custom metrics, with plans to add support for AWS services over time. Your applications can now publish metrics to CloudWatch with 1-second resolution.
另外 alarm 的時間可以降到十秒:
You can watch the metrics scroll across your screen seconds after they are published and you can set up high-resolution CloudWatch Alarms that evaluate as frequently as every 10 seconds.
對於市場上一堆服務的衝擊應該不小 XD
看到 Amazon Route 53 要支援 DNS CAA 的消息:「Announcement: Announcement: CAA Record Support Coming Soon」。
裡面有提到 CA/Browser Forum 的決議,要求各瀏覽器支援 DNS CAA:
On March 8, 2017, the Certification Authority and Browser Forum (CA/Browser Forum) mandated that by September 8, 2017, CA’s are expected to check for the presence of a CAA DNS record and, if present, refuse issuance of certificates unless they find themselves on the whitelist <https://cabforum.org/2017/03/08/ballot-187-make-caa-checking-mandatory/>.
DNS CAA 可以設定哪些 SSL certificate 可以發出你的證書,除了自己以外,也可以讓第三者比較容易確認是否有誤發的行為:
We have seen a lot of interest in Amazon Route 53 support for Certification Authority Authorization (CAA) records, which let you control which certificate authorities (CA) can issue certificates for your domain name.
這次 Amazon EC2 推出了 G3 instance:「New – Next-Generation GPU-Powered EC2 Instances (G3)」。
這次開放的只有這幾區,亞洲目前還沒有在內:
You can launch these instances today in the US East (Ohio), US East (Northern Virginia), US West (Oregon), US West (Northern California), AWS GovCloud (US), and EU (Ireland) Regions as On-Demand, Reserved Instances, Spot Instances, and Dedicated Hosts, with more Regions coming soon.
這次使用的 GPU 是 Nvidia 的 Tesla M60:
Today we are taking a step forward and launching the G3 instance type. Powered by NVIDIA Tesla M60 GPUs, these instances are available in three sizes (all VPC-only and EBS-only)[.]
G3 (M60) 應該會比 G2 (K520) 快,但未必會比 P2 (K80) 快,尤其是 double precision 的部份,可以參考「Nvidia Tesla」這邊的數據。所以還是得看應用程式才能決定要用 G3 還是 P2...
在「Amazon EC2 Systems Manager Patch Manager now supports Linux」這邊 AWS 宣佈了 Patch Manager 支援 Linux 的消息。
目前支援的包括了:
連已經超過 LTS 支援期的 Ubuntu 12.04 都支援了... 不過 CentOS 看起來沒順便支援?
可以設計一些規定 (與組織內規範相關的,像是 approval process) 讓 Patch Manager 決定要怎麼佈:
可以用這個直接處理安全性更新...
以前要記錄行為會透過 AWS Lambda 轉丟到其他帳號下記錄,有一堆眉眉角角的東西要注意,現在則是直接支援了:「New – Cross-Account Delivery of CloudWatch Events」。
文章裡有提到兩種用途,其中一種就是做安全性的記錄:
Separation of Concerns – Customers would like to handle and respond to events in a separate account in order to implement advanced security schemes.
另外一種則是為了將記錄丟到同一個地方:
Rollup – Customers are using AWS Organizations and would like to track certain types of events across the entire organization, across a multitude of AWS accounts.
價錢看起來沒什麼問題,每一百萬次收 USD$1:
Events forwarded from one account to another are considered custom events. The sending account is charged $1 for every million events (see the CloudWatch Pricing page for more info).
雖然「MyISAM, small servers and sysbench at low concurrency」這篇標題是在講 MySQL 上的 MyISAM,但還是有提到一些 InnoDB 的東西...
其中提到了 innodb_purge_threads
對效能的影響:
the default value for innodb_purge_threads, which is 4, can cause too much mutex contention and a loss in QPS on small servers. For sysbench update-only I lose 25% of updates/second with 5.7.17 and 15% with 8.0.1 when going from innodb_purge_threads=1 to =4.
當機器不大的時候,innodb_purge_threads
對於效能帶來的影響其實頗大的?
另外從作者最近的一系列測試看起來,5.7 在小機器的效能比 5.6 差不少... 這點在考慮 RDS 的時候也許要注意 (因為 t2.* 應該不算大 XD)。
很簡單但也很直接的消息公佈,AWS 宣佈在東京區與新加坡區支援 Amazon Athena 了:「Amazon Athena is now available in Asia Pacific (Singapore) and Asia Pacific (Tokyo)」。
這樣就不需要在美國跑完丟回日本了...
AWS WAF 宣佈支援 Rate-based 條件了,不過目前只支援五分鐘為單位的限制:「Protect Web Sites & Services Using Rate-Based Rules for AWS WAF」。
算是還不錯的功能,雖然目前稍微陽春一點...