Amazon Kendra now supports PrivateLink
Want to build a search engine for your company which uses machine learning and understands natural language, use Amazon Kendra. An enterprise-level managed search service powered by machine learning. Just create an index, attach data sources like S3, RDS, SharePoint, Salesforce, OneDrive or other supported sources and deploy it. That’s all and you have a search engine ready to serve within minutes.
With the support of PrivateLink, just create VPC Interface Endpoint and your queries always stay within AWS and you don’t need to set up Internet or NAT Gateway to interact with Kendra. Unlike Gateway Endpoints, Interface Endpoints are not highly available so make sure to create yours in more than one AZ.
AWS Firewall Manager can now audit security groups
AWS Firewall Manager allows you to centrally manage and configure firewall rules across your accounts within an AWS Organization. You can easily rollout out WAF rules to CloudFront, Application Load Balancer and API Gateway or enable AWS Shield Protection for Load Balancer, EIP and CloudFront.
With the support of VPC Security Groups, customers can now manage security groups attached to EC2 instances or ENIs along with auditing security group rules which are wide open. For eg: All ports open or Source set to 0.0.0.0/0. Besides managed rules, customers can configure their custom rules and will still receive a detailed audit report enlisting which accounts are in violation of rules.
New managed rules for AWS Config
AWS Config is a managed service which constantly assesses, monitors and records your AWS service configuration using pre-defined managed rules or by creating your own rules using Lambda function and allows to automate the evaluation of recorded rules. It allows you to review changes with respect to a configuration over a timeline and revert back to a specific configuration in the past.
Some of the new managed rules:
- alb-waf-enabled: Checks if WAF is always attached to your application load balancer.
- dax-encryption-enabled: Checks if rest-side encryption is enabled on DynamoDB Accelerator(DAX) cluster.
- dynamodb-pitr-enabled: Verifies if point-in-time recovery is enabled for DynamoDB tables
And many more such rules are available to ease your audit and compliance management.
That’s all for now. Stay tuned to learn more about new weekly releases/updates by AWS.