所以除了一般的 EC2 instance 可以設定 Auto Recovery 外，實體機的 Dedicated Instance 也可以設定了：「Amazon EC2 Auto Recovery is now available for Dedicated Instances」。
剛好今天才被問是不是可以在 Amazon Aurora (MySQL-Compatible Edition) 裡面翻出有哪些 Slow Query，剛好想到這幾天發表了這個功能：「Amazon Aurora Publishes General, Slow Query and Error Logs to Amazon CloudWatch」。
You can now configure the MySQL-compatible edition of Amazon Aurora to publish general logs, slow query logs, and error logs to Amazon CloudWatch Logs. Previously, you could only publish audit logs.
看起來是要另外開 (畢竟 CloudWatch Logs 不是免費的 XD)，不過以這類型的 log 產生速度與數量來說應該還行...
收到標題是「Upcoming Changes to SSL Certificates in Amazon CloudWatch Logs」的信件，說明 Amazon CloudWatch Logs 要換 SSL Certificate 的 CA，看起來是要換成自家的：
We will be updating the certificate authority (CA) for the certificates used by Amazon CloudWatch Logs domain(s), between 8 January 2018 and 22 January 2018. After the updates complete, the SSL/TLS certificates used by Amazon CloudWatch Logs will be issued by Amazon Trust Services (ATS), the same certificate authority (CA) used by AWS Certificate Manager.
然後有提到 cross-sign 的部份，有透過 Starfield 的 Root CA 簽，所以只要下面有任何一個有在 Root CA store 裡面就應該會信任：
The update means that customers accessing AWS webpages via HTTPS (for example, the Amazon CloudWatch Console, customer portal, or homepage) or accessing Amazon CloudWatch Logs API endpoints, whether through browsers or programmatically, will need to update the trusted CA list on their client machines if they do not already support any of the following CAs:
- "Amazon Root CA 1"
- "Starfield Services Root Certificate Authority - G2"
- "Starfield Class 2 Certification Authority"
另外條列出有哪些 API endpoint 會改變：
This upgrade notice covers the following endpoints:
* Operating Systems With ATS Support
- Microsoft Windows versions that have January 2005 or later updates installed, Windows Vista, Windows 7, Windows Server 2008, and newer versions
- Mac OS X 10.4 with Java for Mac OS X 10.4 Release 5, Mac OS X 10.5 and newer versions
- Red Hat Enterprise Linux 5 (March 2007), Linux 6, and Linux 7 and CentOS 5, CentOS 6, and CentOS 7
- Ubuntu 8.10
- Debian 5.0
- Amazon Linux (all versions)
- Java 1.4.2_12, Java 5 update 2, and all newer versions, including Java 6, Java 7, and Java 8
不過沒看到 Windows XP 耶，不知道是怎樣 XD
You can use the CloudWatch console to graph metric data generated by AWS services and your applications. Now, you can zoom into a shorter time period such as one minute or five minutes while viewing the metric graph at a longer interval.
Once zoomed, you can also pan the metric graph across your selected interval, but at a zoomed detail level.
Amazon SES 的新功能，讓使用者可以設定 policy，以確保 mail reputation 不會掉的太差：「Amazon SES introduces email pausing and reputation metrics for configuration sets」，介紹的文章在「Protect your Reputation with Email Pausing and Configuration Set Reputation Metrics」。
所以你可以設定某些條件，停用某個 configuration set，或是停用整個帳號：
This release includes API operations that allow you to temporarily pause email sending for a specific configuration set, or across your entire Amazon SES account. You can use this feature to automatically pause email sending when your reputation metrics cross certain thresholds that you define.
這應該是在一個帳號有多個服務使用的情境下，用來降低風險的方式... 某個服務突然送出一堆 bounce mail 時可以只停用有問題的服務，而不是被 Amazon SES 整包停用。
AWS 計畫把先前設計的 VPC Endpoint 都併到 AWS PrivateLink 裡，統一管理：「New – AWS PrivateLink for AWS Services: Kinesis, Service Catalog, EC2 Systems Manager, Amazon EC2 APIs, and ELB APIs in your VPC」。
Today we are announcing AWS PrivateLink, the newest generation of VPC Endpoints which is designed for customers to access AWS services in a highly available and scalable manner, while keeping all the traffic within the AWS network. Kinesis, Service Catalog, Amazon EC2, EC2 Systems Manager (SSM), and Elastic Load Balancing (ELB) APIs are now available to use inside your VPC, with support for more services coming soon such as Key Management Service (KMS) and Amazon Cloudwatch.
這樣就不用弄 proxy server 然後在上面管一堆 policy 了... (先不講自己搞 HA 的麻煩事，光是有些程式還得 patch 才能支援 proxy 就會想翻桌了 XD)
Amazon Route 53 可以收 query log 了，會丟到 CloudWatch Logs：「Amazon Route 53 Announces Support For DNS Query Logging」。
If you are using Amazon Route 53 as your public, authoritative DNS, you will now have the capability to easily log DNS queries received by Amazon Route 53 through integration with CloudWatch Logs.
從一分鐘變成一秒鐘讓之後的調整以及 debug 好用很多... 不過這次支援秒級的是 custom metrics，原先 AWS 自家服務的支援不在這次範圍：
Today we are adding support for high-resolution custom metrics, with plans to add support for AWS services over time. Your applications can now publish metrics to CloudWatch with 1-second resolution.
另外 alarm 的時間可以降到十秒：
You can watch the metrics scroll across your screen seconds after they are published and you can set up high-resolution CloudWatch Alarms that evaluate as frequently as every 10 seconds.
Separation of Concerns – Customers would like to handle and respond to events in a separate account in order to implement advanced security schemes.
Rollup – Customers are using AWS Organizations and would like to track certain types of events across the entire organization, across a multitude of AWS accounts.
Events forwarded from one account to another are considered custom events. The sending account is charged $1 for every million events (see the CloudWatch Pricing page for more info).
在「How to Visualize and Refine Your Network’s Security by Adding Security Group IDs to Your VPC Flow Logs」這篇雖然是講特定功能，但還是把怎麼架設從頭到尾都講了一次...