LogiCast AWS News

In Season 4, Episode 35, Karl and Jon dive into AWS Budget Controls with automated actions, explore DMS Data Resync for seamless database migrations, and look at CloudFront’s new support for IPv6 origins. They also compare Fargate and ECS for container orchestration and discuss the shift from the SysOps Admin exam to the new Cloud Ops Engineer certification. And after hearing Jon's DIY plans, thankfully Karl failes to recall his ex tractor fan joke, as it is rather long!
 
02:13 - AWS Budget Controls
AWS introduced a new solution for automating actions based on budget alerts. This architecture uses various AWS services like Config, EventBridge, DynamoDB, and Step Functions to automatically manage cloud costs. Users can set up actions to inform, stop, or terminate resources based on budget thresholds for specific services like EC2, SageMaker, Aurora, and OpenSearch.
10:01 - AWS DMS Data Resync 
AWS Database Migration Service (DMS) now offers a Data Resync feature for certain database engines, excluding MySQL. This feature addresses the challenge of maintaining data consistency during migrations, especially for large databases. It allows for quicker resynchronization of data without the need for a full dump and restore, which can be time-consuming for large datasets.
15:28 - Amazon CloudFront IPv6 Support 
Amazon CloudFront now supports IPv6 origins, enabling end-to-end IPv6 delivery. This update offers benefits such as non-NAT operation, lower latency, and higher connection scalability. It's particularly relevant for mobile-first markets where IPv6 adoption is high. The change may also lead to cost savings as IPv6 traffic is generally cheaper than IPv4.
19:35 - Fargate vs ECS
The article discusses the differences between AWS Fargate and Amazon ECS (Elastic Container Service). It clarifies that Fargate is a serverless compute engine for containers, while ECS is a container orchestration service. The comparison aims to address confusion among users about how these services interact and their respective roles in container deployment.
22:51 - AWS SysOps to Cloud Ops Exam Evolution 
AWS has renamed and updated the SysOps Administrator Associate exam to the Cloud Ops Engineer Associate exam. The new exam (SOA-C03) maintains similar content to its predecessor but includes some reorganization of topics and the addition of newer AWS services. The article discusses the implications for certification holders and the evolving nature of cloud operations roles.

In Season 4, Episode 34, Karl and Jon sit down with AWS Community Builder and Software Engineer Iyanuoluwa Ajao for a fast-paced chat on the latest in cloud and beyond. They cover the new AWS Budgets features for cross-account cost visibility, smart ways to optimize Amazon RDS and Aurora costs with Compute Optimizer, and advanced Graviton adoption strategies across regions. The conversation also dives into how AWS scaled to meet the demands of Prime Day 2025, and AWS CEO Matt Garman’s comments on why AI won’t replace junior developers. As always, the hosts veer into lighter territory—this time reminiscing about vintage computers, classic consoles, and coding in Basic.
Check out Iyanuoluwa’s blog The Rise of AI, and don’t miss Retro Reset, a tech charity close to Jon’s heart.
 
05:09 - AWS Budgets improvements 
AWS has introduced cross-account cost visibility in AWS Budgets, allowing users to view budgets across multiple accounts within an organization. This feature is particularly useful for managed service providers and large organizations with multiple business units. It enables teams to have a consolidated view of budgets relevant to their specific areas without needing access to the entire organization.
 
09:23 - Optimizing RDS and Aurora with AWS Compute Optimizer 
AWS Compute Optimizer now supports optimization recommendations for Amazon RDS and Aurora databases. This tool helps identify over-provisioned resources, unused instances, and opportunities for right-sizing. The article discusses the importance of database optimization due to its significant impact on overall cloud spending and provides guidance on using Compute Optimizer for databases.
 
16:04 - Advanced AWS Graviton adoption strategies 
The article discusses strategies for implementing AWS Graviton across different AWS regions. It highlights the importance of considering regional differences in instance availability and suggests using mixed instances and instance requirements rather than specific instance types. The article emphasizes the benefits of Graviton for price and performance optimization but notes that some workloads may still require x86 chips.
 
22:07 - AWS services scaling for Prime Day 2025 
AWS shared statistics on how their services scaled to handle Amazon's Prime Day 2025. Notable figures include deploying over 87,000 Inferentia and Trainium chips for Amazon Rufus, powering more than 40% of Amazon.com using Graviton, and processing 1.5 quadrillion daily requests on Amazon ElastiCache. This article demonstrates AWS's ability to handle massive scale and serves as a marketing tool for potential customers.
 
29:56 - AWS CEO on AI and junior developers
Matt Garman, CEO of AWS, stated that junior developers are not at risk of being replaced by AI. The discussion touched on the importance of understanding code versus relying solely on AI-generated solutions. The speakers emphasized the continued need for human developers, especially for smaller companies, and cautioned against over-reliance on AI in software development.

In Season 4, Episode 33, Karl and Jon chat with AWS Community Builder William Antonio Guzmán Bernal. They cover the new AWS Cost Management dashboards, a security issue in AWS Trusted Advisor related to public S3 buckets, how to build AI agents using AWS Serverless, and how to set up large-scale log ingestion pipelines with Amazon OpenSearch Service. They also reflect on ten years of Amazon Aurora innovation—and, once again, veer off into a tangent about painful sports injuries.
 
05:34 - AWS Cost Management Dashboards 
AWS has released new customized billing and cost management dashboards that allow users to display multiple views of billing and cost data on a single page. While not groundbreaking, it provides a more user-friendly interface for finance teams to visualize cost data. However, the speakers noted limitations in sharing this data outside of AWS accounts.
 
14:10 - AWS Trusted Advisor Security Flaw 
A security researcher discovered a flaw in AWS Trusted Advisor that allowed public S3 buckets to go unflagged under certain configurations. The speakers discussed that this was likely an intentional edge case used to test the system rather than a common misconfiguration. AWS has since fixed the issue, and the article was seen as somewhat sensationalized.
 
22:54 - Building AI Agents on AWS Serverless 
The article discusses using AWS Serverless to build AI agents. The speakers noted that while serverless is often a good starting point, this particular use case is quite advanced (300-level) for both AI and serverless technologies. They discussed the rapid pace of AI development and the new AWS Agents SDK, which simplifies the process of building AI agents.
 
29:47 - Enterprise-scale Log Ingestion with Amazon OpenSearch 
The article covers building large-scale log ingestion pipelines using Amazon OpenSearch. The speakers cautioned that while powerful, OpenSearch may be overkill and too expensive for smaller organizations. They emphasized the importance of considering budget and actual needs when choosing logging solutions.
 
36:23 - 10 Years of Amazon Aurora 
The podcast discussed various innovations in Amazon Aurora over the past decade, including cross-region read replicas, serverless capabilities, and increased storage capacity. The speakers highlighted features like synchronous read replicas and the simplicity of deployment options as particularly impressive or useful advancements.

In Season 4, Episode 32, Karl and Jon welcome AWS Community Builder and DynamoDB and Serverless technologies expert, Uriel Bitton. Together, they explore a range of fresh developments in the AWS ecosystem: the introduction of Amazon CloudWatch’s organization-wide VPC Flow Logs enablement, Amazon SQS’s expanded maximum message payload size to 1 MiB, and the arrival of OpenAI’s open-weight models on AWS Bedrock. They also delve into monitoring AWS Backup vault lock compliance across organizations and discuss how capacity constraints are limiting the growth of major cloud providers. The conversation then takes a playful turn, as the hosts debate whether SQS “FIFO” queues should be pronounced "FEEFO" or "FYFO", evoking childhood memories of Jack and the Beanstalk...
 
03:15 - Amazon CloudWatch's organization-wide VPC flow logs enablement 
This new feature allows users to enable VPC flow logs across an entire organization, rather than configuring them per VPC. It uses AWS Config for remediation, which can be expensive. The feature aims to simplify management and improve security monitoring across multiple accounts and regions.
09:58 - Amazon SQS increasing maximum message payload size 
AWS increased the maximum message payload size for Amazon SQS from 256 KiB to 1 MiB, a 4x increase. This change eliminates the need to use S3 as an intermediary for larger payloads, simplifying architectures and potentially reducing costs. It's particularly beneficial for AI-related workloads that often involve larger data transfers.
16:06 - OpenAI's open-weight models on AWS Bedrock 
AWS has made OpenAI's open-weight models available on their Bedrock platform, marking a significant collaboration between competitors. This addition expands the range of AI models available to AWS customers and demonstrates Amazon's commitment to providing diverse AI options, even from competitors.
22:16 - Monitoring AWS Backup vault lock compliance 
The article discusses how to monitor AWS Backup vault lock compliance across an organization. Vault lock is a feature that enforces retention policies for backups, crucial for ransomware protection. The monitoring solution described seems to offer an alternative to using compliance frameworks, potentially providing a simpler or more cost-effective approach.
29:03 - Capacity constraints affecting cloud vendor growth 
Major cloud providers, including AWS, Microsoft, and Google, have reported that data center capacity constraints are limiting their growth. This is particularly due to the increased demand from AI workloads, which require significant computing power and energy. The situation contrasts with earlier reports of canceled data center contracts, suggesting a complex landscape of expansion and optimization in the cloud industry.

In Season 4, Episode 31, Karl and Jon are joined by Warren Parad, CTO of Authress. Together, they discuss a range of topics including AWS Managed Microsoft Active Directory and best practices for security, the Amazon Q Developer CLI and serverless solutions, implementing defense-in-depth security for CodeBuild pipelines, and the latest quarterly financial results from AWS, Microsoft, and Google Cloud. They also cover the UK Competition and Markets Authority’s investigation into cloud service providers — all while Karl battles network issues ahead of his upcoming fibre installation.
 
03:47 - AWS managed Microsoft Active Directory 
The article discusses how to automatically disable users in AWS managed Microsoft Active Directory based on GuardDuty findings. The process involves a complex setup described as a "Rube Goldberg machine," including Event Bridge, Step Functions, and Systems Manager. The speakers debate the practicality of this solution and suggest alternatives like using Azure Active Directory instead.
 
08:40 - Amazon Q developer CLI and serverless solutions 
This article from the AWS artificial intelligence blog discusses building modern serverless solutions using Amazon Q developer CLI. The speakers express skepticism about the quality of the recommendations provided by the tool, noting that even the examples in the blog post don't adhere to best practices. They discuss the concept of MCP (Multi-Cloud Platforms) and its relevance in the context of AI and API interactions.
 
13:16 - Defense in depth security for CodeBuild pipelines 
The article focuses on implementing defense in depth security measures for CodeBuild pipelines. The speakers discuss the relevance of such measures, especially in the context of open-source projects and potential security risks from pull requests. They also touch on the recent security incident with AWS tools for Q developer and the need for transparency in such situations.
 
22:52 - Cloud providers' quarterly financial results 
The discussion covers the quarterly financial results of major cloud providers (AWS, Microsoft Azure, and Google Cloud). The speakers analyze the growth rates, revenue numbers, and the challenges in comparing these figures due to differences in how each company reports their cloud-related earnings. They also discuss the impact of AI investments on these results.
 
33:36 - UK Competition and Markets Authority probe 
The podcast covers the ongoing probe by the UK Competition and Markets Authority into major cloud service providers. The investigation has focused on Microsoft and Amazon, finding that both have "significant unilateral market power." The speakers discuss the implications of this finding, the challenges faced by smaller cloud providers, and the potential impact on issues like egress fees.

In Season 4, Episode 30, Karl and Jon are joined by Pieter VanIperen, CISO at AlphaSense. They discussed AWS security best practices and authentication methods, the Security Reference Architecture (SRA) and the SRA Verify tool, as well as the Model Context Protocol (MCP) and its implications for CIOs. They also covered the CLOUD Act and its impact on data access, and a compromised Amazon Q extension that posed a security risk. Finally, the guys discovered that Jon's interest in karate extends to Japanese electoral politics.
 
06:17 -  Beyond IAM Access Keys: Modern Authentication Approaches for AWS
This article discusses the shift from traditional IAM users and access keys to more secure authentication methods. It recommends using Cloud Shell for CLI access, Identity Center for permissions management, and emphasizes the principle of least privilege. The article also covers scenarios where access keys might still be necessary and suggests alternatives like OIDC for better security.
 
15:20 - Introducing SRA Verify: An AWS Security Reference Architecture Assessment Tool 
The article introduces SRA Verify, a tool for assessing compliance with AWS Security Reference Architecture guidelines. It provides automated checks for various security services like CloudTrail, GuardDuty, and Security Hub. The tool aims to simplify the deployment and assessment of security measures in AWS environments.
 
23:09 -  MCP Doesn't Stand for Many Critical Problems, but Maybe It Should for CIOs 
This article discusses the challenges and potential risks associated with Model Context Protocol (MCP) for CIOs. While MCP offers new possibilities for AI integration, it also raises concerns about data security, context poisoning, and the need for proper scoping and permissions management. The discussion highlights that many organizations are still in the early adoption phase of MCP.
 
30:42 -  5 Facts About How the CLOUD Act Actually Works 
AWS published an article addressing misconceptions about the CLOUD Act, a US law from 2018. The article aims to clarify that the Act doesn't give unrestricted access to data and that proper encryption and security measures can protect customer data. It emphasizes that AWS prioritizes customer data privacy and security.
 
40:33 - Compromised Amazon Q Extension Told AI to Delete Everything 
This article discusses a security incident where a malicious actor compromised an Amazon Q extension for VS Code. The compromised extension contained a destructive AI prompt that could potentially delete user files. The incident highlights the importance of code review and the potential risks in the open-source ecosystem.

In Season 4, Episode 29, Karl and Jon are joined by AWS Community Builder and Ambassador Niklas Westerstråhle to discuss the AWS Free Tier overhaul, the new Cloud Operations Engineer certification, the launch of the Amazon Kiro AI, and a security issue with misconfigured AWS Organizations policies. They wrap up with thoughts on the latest Amazon/AWS layoffs—and a fun debate over whether Niklas should keep wearing his gold AWS jacket after his certifications expire, like it's some kind of sacred relic that loses its powers.
 
04:15 - AWS Free Tier Overhaul 
The AWS Free Tier has been significantly updated. New accounts now receive up to $200 in credits valid for 6 months instead of the previous 12-month free tier offerings. Users can earn additional credits by completing certain tasks. The new system aims to be more developer-friendly and reduce surprise bills. Accounts are automatically closed after 6 months unless upgraded to paid plans.
15:03 - New AWS Cloud Operations Engineer Certification 
AWS is updating the SysOps Administrator certification to become the AWS Certified Cloud Ops Engineer. The exam will include new content on containers and other topics. Existing SysOps Administrator certificate holders will need to take the new exam to earn the Cloud Ops Engineer certification. The change has caused some debate about recertification requirements for those holding multiple AWS certifications.
28:58 - Amazon Kiro AI Coding Assistant 
AWS launched Kiro, a new AI-powered coding assistant, currently in preview. It's based on Visual Studio Code and uses Anthropic's AI models. Kiro aims to assist with coding tasks and project setup. AWS is running a competition with $100,000 in prizes for developers to build applications using Kiro
28:23 - AWS Organizations Misconfigured Managed Policy 
A security issue was discovered in the AmazonGuardDutyFullAccess managed policy, which could potentially allow attackers to gain full AWS organizational control. AWS has fixed the issue by creating a new version of the policy (with "_V2" appended). Users are advised to review and update their environments to use the new policy version.
34:15 - Amazon/AWS Layoffs
Reuters reported that AWS is cutting hundreds of jobs in its latest round of layoffs. The speakers discussed the scale of these layoffs in context of Amazon's overall workforce and debated the potential impact of AI on employment in the tech industry. They also critiqued the article's presentation of the information, noting that it seemed to conflate Amazon and AWS employee numbers.

In Season 4, Episode 28, Karl and Jon are joined by AWS Community Builder Mahendran Selvakumar. Together, they dive into topics including Amazon’s development of cooling equipment for NVIDIA GPUs to support AI acceleration, the launch of the new AWS Builder Center for the AWS Builder Community, and Amazon's massive AI supercluster—Project Rainier—built for Anthropic. They also explore the upcoming changes to the AWS Free Tier, which will introduce a new credit-based system. And in true Karl fashion, he deftly steers the conversation away from a tangent on uneven sun tans.
 
05:23 - AWS Transform for VMware 
AWS has shifted its strategy from supporting VMware workloads to encouraging migration off VMware entirely. The new AWS Transform for VMware service helps migrate VMware workloads to native AWS services, potentially reducing licensing costs and manual efforts. It supports various migration tasks like network conversion and instance sizing.
12:08 - Amazon cooling equipment for Nvidia GPUs 
As AI workloads increase power demands, Amazon is developing in-row heat exchangers to cool Nvidia GPUs more efficiently. This liquid cooling solution can be retrofitted into existing data centers and is designed to handle the extreme heat generated by high-density GPU racks used for AI applications.
17:50 - Amazon CloudWatch and Application Signals MCP servers for AI-assisted troubleshooting 
AWS launched two open-source MCP servers for CloudWatch and Application Signals, enabling AI agents to troubleshoot issues via natural language—accessing metrics, logs, traces, and SLOs for faster root cause analysis.
22:23 - New AWS Builder Center 
AWS has launched a new Builder Center to unify various community programs and resources. It provides a centralized platform for learning, building, and connecting within the AWS ecosystem. The center includes features like wishlists for suggesting ideas to AWS and supports multiple languages for broader accessibility.
29:17 - Amazon's AI supercluster for Anthropic (Project Rainier) 
Amazon is building a massive AI supercomputer cluster for Anthropic, using custom-designed AI chips instead of traditional GPUs. This project demonstrates significant investment in AI capabilities and includes a custom network fabric for high-bandwidth communication between nodes.
34:39 - Changes to AWS Free Tier 
AWS is replacing its traditional free tier with a new credit-based system. New accounts will receive $100 in credits valid for 6 months, with restrictions on certain high-usage services. This change aims to simplify the free tier and prevent unexpected charges for new users.

In Season 4, Episode 27, Karl and Jon are joined by AWS Community Member, Tim Dodd. They discuss Amazon DynamoDB Global Tables with multi-region strong consistency, Amazon ECS-optimized Windows Server 2025 AMIs, AWS Backup support for copying S3 backups across regions/accounts in GovCloud, a Chrome extension using AI to summarize web pages, and building a generative AI landing zone on AWS and then the guys realized they’d spent more time talking about the world’s weather than any of the AWS articles.
 
03:19 - Amazon DynamoDB Global Tables with multi-region strong consistency
This feature allows for strongly consistent multi-region DynamoDB tables, similar to Aurora DSQL. It's currently limited to major AWS regions but enables applications to have the same consistent data across multiple geographic locations. This is useful for disaster recovery, high availability, and serving users in different regions with the same synchronized dataset.
08:49 -Amazon ECS optimized Windows Server 2025 AMIs 
AWS has released new Amazon ECS optimized Windows Server 2025 AMIs. While not groundbreaking, this update ensures Windows container users can run workloads on up-to-date host systems. It highlights the ongoing need to support Windows workloads in containerized environments, despite limitations compared to Linux containers.
13:30 - AWS Backup support for copying S3 backups across regions/accounts in GovCloud
This feature allows GovCloud users to copy S3 backups across regions and accounts, bringing capabilities already available in commercial AWS regions to GovCloud. It's particularly relevant for government agencies adopting cloud-first strategies and implementing best practices for data backup and disaster recovery.
20:12 - Chrome extension using AI to summarize web pages 
A developer created a Chrome extension that uses AI to summarize web page content. This tool addresses short attention spans and language barriers by providing quick summaries of long articles or content in unfamiliar languages. It demonstrates a practical application of AI for improving web accessibility and information consumption.
26:59 - Building a generative AI landing zone on AWS 
This article discusses how to build a generative AI landing zone on AWS, adapting traditional landing zone concepts to AI workloads. It covers foundational guardrails, development fast lanes, composable building blocks, observability, and governance specific to AI applications. The approach aims to provide a secure, compliant, and efficient foundation for deploying AI workloads on AWS.
 

In Season 4, Episode 25, Karl and Jon are joined by AWS Community Hero Stephen Sennett. They discuss recent AWS security enhancements and active defense measures, including the introduction of exportable public SSL/TLS certificates from AWS Certificate Manager, the enforcement of 100% MFA for AWS root users, and Amazon Inspector’s new code security feature. The conversation also covers AWS’s $20 billion investment in Australian data center infrastructure. The episode wraps up with a light-hearted segment where the hosts compare their sports tape collections, each trying to outdo the other with increasingly outrageous injury stories.
 
05:45 - AWS improves active defense to empower customers 
This article discusses AWS's internal security tools like Madopt, Mythroat, and Sonaris, which help protect customers at scale. It highlights the decreasing trend in global malicious vulnerability exploit attempts and emphasizes AWS's ability to provide security measures that individual organizations cannot match.
16:40 - AWS Certificate Manager introduces exportable public SSL/TLS certificates
AWS now offers exportable public SSL/TLS certificates at competitive prices ($15 for single domain, $150 for wildcard). This new feature allows for end-to-end encryption within the AWS ecosystem and provides a more cost-effective and manageable solution compared to traditional certificate authorities.
26:14 - AWS enforces 100% MFA for root users
AWS has achieved 100% MFA enforcement for root users, addressing a long-standing security concern. This change alters the login flow for new accounts, requiring MFA setup before access is granted. The guys also discusse the importance of hardware MFA solutions for organizations.
35:48 - Amazon Inspector launches code security feature 
Amazon Inspector now includes a code security feature that scans code for vulnerabilities and security issues. While not as comprehensive as some existing tools, it provides a convenient option for AWS customers who want to keep their security tooling within the AWS ecosystem.
42:32 - AWS invests $20 billion in Australian data center infrastructure 
AWS is investing $20 billion AUD (about $12.8 billion USD) to expand its data center infrastructure in Australia. This investment aims to strengthen Australia's AI capabilities, improve renewable energy usage, and address data sovereignty concerns. The article also mentions AWS's commitment to training 400,000+ people in Australia in cloud skills since 2017.