Amazon Web Services open source newsletter, #192

API
海外精选
开源
Amazon Cloud Development Kit (Amazon CDK)
Amazon CloudFront
海外精选的内容汇集了全球优质的亚马逊云科技相关技术内容。同时,内容中提到的“AWS” 是 “Amazon Web Services” 的缩写,在此网站不作为商标展示。
0
0
## Edition #192 Welcome to issue #192 of the Amazon Web Services open source newsletter, the newsletter where we try and provide you the best open source on Amazon Web Services content. As always, this week we start with a round up of some freshly baked new projects for you to practice your four freedoms. A wide variety this week, and we have projects that help you create architecture diagrams from your YAML, visualise and create dashboards for compliance and reporting purposes, a new multi-cloud threat detection tool, a Go implementation of Cedar, an example of load testing your large language models, and more! For the readers out there, we have plenty to keep you busy with posts covering open source projects such as Amazon CDK, OpenSearch, Airbyte, PySpark, Jupyter, PostgreSQL, Dash, Amazon SAM, Bref, Kubernetes, Apache Airflow, LocalStack, Cedar, Spring Boot, Amazon Distro for OpenTelemetry, Prometheus, MySQL, Amazon Linux 2023, RabbitMQ, Credentials Fetcher, and Istio. As always, don't skip the end of the newsletter, where we feature open source events and meet ups that you need to know about. Speaking of which.... **OpenSearchCon Call for Papers** OpenSearchCon Europe is happening on May 6th and 7th at Cafe Moskau in Berlin, Germany (see Events section). The Call for Papers is open until March 25th, so you still have plenty of time to submit a talk for the event. Read more about the event below, and check out the [Call for Papers link here](https://aws-oss.beachgeek.co.uk/3pm?trk=cndc-detail). ### Latest open source projects *The great thing about open source projects is that you can review the source code. If you like the look of these projects, make sure you that take a look at the code, and if it is useful to you, get in touch with the maintainer to provide feedback, suggestions or even submit a contribution. The projects mentioned here do not represent any formal recommendation or endorsement, I am just sharing for greater awareness as I think they look useful and interesting!* ### Tools **diagram-as-code** [diagram-as-code](https://aws-oss.beachgeek.co.uk/3ql?trk=cndc-detail) is a command line interface (CLI) tool enables drawing infrastructure diagrams for Amazon Web Services through YAML code. It facilitates diagram-as-code without relying on image libraries. The CLI tool promotes code reuse, testing, integration, and automating the diagramming process. It allows managing diagrams with Git by writing human-readable YAML. The README provides an example diagram (and the source that this tool used to generate it). **CloudGrappler** [CloudGrappler](https://aws-oss.beachgeek.co.uk/3qb?trk=cndc-detail) is a purpose-built tool designed for effortless querying of high-fidelity and single-event detections related to well-known threat actors in Amazon Web Services. Andi Ahmeti has put together a blog post, [Introducing CloudGrappler: A Powerful Open-Source Threat Detection Tool for Cloud Environments](https://aws-oss.beachgeek.co.uk/3qc?trk=cndc-detail), that provides an overview of how this works with examples. **powerpipe** [powerpipe](https://aws-oss.beachgeek.co.uk/3qd?trk=cndc-detail) is dashboards and benchmarks as code. Use it to visualise any data source, and run compliance benchmarks and controls, for effective decision-making and ongoing compliance monitoring. As with all the Turbot open source projects, excellent documentation, and they have included a video that provides a demo of this at work. https://youtu.be/-h6RSpvR0FE?trk=cndc-detail **language-server-runtimes** [language-server-runtimes](https://aws-oss.beachgeek.co.uk/3qe?trk=cndc-detail) is a JSON-RPC based protocol for interactions between servers and clients (typically embedded in development tools). The README covers details around specification support and features supported, that will help you tailor this to your needs. ![image.png](https://dev-media.amazoncloud.cn/ca76a9e55008453b87b703abe0856ced_image.png "image.png") **cedar-go** [cedar-go](https://aws-oss.beachgeek.co.uk/3qf?trk=cndc-detail) provides the Go implementation of the Cedar policy language. Check out the README for a quick example of how to use Cedar within your Go applications, and am looking forward to seeing how Go developers start to incorporate this into their applications. **load-test-llm-with-locust** [load-test-llm-with-locust](https://aws-oss.beachgeek.co.uk/3qg?trk=cndc-detail) provides an example of how to perform load testing on the LLM API to evaluate your production requirements. The code is developed within a SageMaker Notebook and utilises the command line interface to conduct load testing on both the SageMaker and Bedrock LLM API. If you are not familiar with Locust, it is an open source load testing tool, and is a popular framework for load testing HTTP and other protocols. Its developer friendly approach lets you to define your tests in regular Python code. Locust tests can be run from command line or using its web-based UI. Throughput, response times and errors can be viewed in real time and/or exported for later analysis. ### Demos, Samples, Solutions and Workshops **song-identification-on-aws** [song-identification-on-aws](https://aws-oss.beachgeek.co.uk/3qj?trk=cndc-detail) This repo contains sample code that demonstrates how you can "fingerprint" your songs, and then detect the presence of your songs in either stored audio files like MP3s, or within streaming media. The underlying idea is to convert audio data into a spectrogram, and then isolate important markers within the spectrogram that will allow us to identify music. Roughly 10000 to 25000 fingerprints will be created for an average length song. Each fingerprint is stored as a large integer. See the blog post for more details about how the system works. ![image.png](https://dev-media.amazoncloud.cn/aa3e4fc096eb41fabc9e21aa306113da_image.png "image.png") **public-file-browser-for-amazon-s3** [public-file-browser-for-amazon-s3](https://aws-oss.beachgeek.co.uk/3qk?trk=cndc-detail) allows customers to create a simple PUBLIC file repository using [Amazon S3](https://aws.amazon.com/cn/s3/?trk=cndc-detail) and [Amazon CloudFront](https://aws.amazon.com/cn/cloudfront/?trk=cndc-detail). This sample code deploys a website and a public files S3 bucket which can be loaded with any files they wish to publish publicly online. ![image.png](https://dev-media.amazoncloud.cn/d7bae00fa47f4ff59c527fedbdc3b753_image.png "image.png") ![image.png](https://dev-media.amazoncloud.cn/551ec650e6de4f26b40831e2d7925324_image.png "image.png") ### Amazon Web Services and Community blog posts Each week I spent a lot of time reading posts from across the Amazon Web Services community on open source topics. In this section I share what personally caught my eye and interest, and I hope that many of you will also find them interesting. **The best from around the Community** We have another great selection of community sourced open source content for you this week, and starting us off this week is Amazon Web Services Community Builder Dakota Lewallen who has put together a short post on his thoughts on how to organise and approach creating your Amazon CDK resources. This post has made me think about my own use of Amazon CDK, so why not check it out yourself by diving into [Organize Your CDK lib Folder by Function Not Service](https://aws-oss.beachgeek.co.uk/3q1?trk=cndc-detail). Sticking with Amazon CDK, and adding a sprinkling of OpenSearch, we have Amazon Community Builder Peter McAree who has put together [Optimising your OpenSearch Ingestion pipeline using Amazon CDK](https://aws-oss.beachgeek.co.uk/3q3?trk=cndc-detail), where he shows you how you can leverage EventBridge Scheduler to optimise your OpenSearch Ingestion pipeline costs. Airbyte is an open source Extract, Load, Transform (ELT) platform that enables the creation of data pipelines for data ingestion and replication from various sources to different destinations, and Amazon Web Services Community Builder User avatar Anish Shilpakar has put together [Unleashing the power of ELT in Amazon Web Services using Airbyte](https://aws-oss.beachgeek.co.uk/3q4?trk=cndc-detail), a tutorial where you'll learn how to connect Airbyte with your [Amazon S3](https://aws.amazon.com/cn/s3/?trk=cndc-detail) data lake and perform ELT operations from a REST API. Stick with data, Amazon Web Services Community Builder Mostefa Brougui shares a quick hands on guide on how you can encrypt and decrypt sensitive data columns using PySpark in a Jupyter Notebook in his post, [Enhancing Data Security with Spark: A Guide to Column-Level Encryption - Part 1](https://aws-oss.beachgeek.co.uk/3q5?trk=cndc-detail). Diving deep into PostgreSQL this week we have Amazon Web Services Hero Franck Pachot who takes a closer look at PostgreSQL bloat and vacuum, providing a detailed explanation of what they are and how they work, in his post [Postgres dead tuple space reused without vacuum](https://aws-oss.beachgeek.co.uk/3q8?trk=cndc-detail). We have a couple of programming language related posts this week. First up is Amazon Web Services Community Builder Maurice Borgmeier who shows you how to deploy a Dash app in a Lambda Function behind an API Gateway in the post, [Deploying a Serverless Dash App with Amazon Web Services SAM and Lambda](https://aws-oss.beachgeek.co.uk/3q6?trk=cndc-detail). Dash is a popular open source Python framework for building interactive frontend applications without writing a single line of Javascript. From Python to PHP, and Amazon Web Services Community Builder Rafael Araújo who kicks of the first in a series of posts that demonstrate PHP serverless applications using Bref, in his post [A bref Amazon Web Services PHP story – Part 1](https://aws-oss.beachgeek.co.uk/3q7?trk=cndc-detail). To finish up this week we have a couple of cloud native posts. First up is Amazon Web Services Community Builder Kondala Rao Patibandla who has put together [Automate Cluster Autoscaler in EKS](https://aws-oss.beachgeek.co.uk/3q9?trk=cndc-detail), that provides a hands on guide to show you how you can automate the process of creating and configuring Cluster Autoscaler and HPA in [Amazon Elastic Kubernetes Service](https://aws.amazon.com/cn/eks/?trk=cndc-detail) (EKS). To close up this week, Amazon Web Services Community Builder Eric Johnson helps you keep on top of your Kubernetes security in his post, [Auditing Amazon EKS Pod Permissions](https://aws-oss.beachgeek.co.uk/3qa?trk=cndc-detail). Go check it out. **Apache Airflow** Whilst not open source, I had to share this really cool project that has been put together by Kamen Sharlandjiev. Kamen has used PartyRock (a really cool generative AI playground that allows you to experiment, explore, and learn about how to use generative AI and large language models to do cool things) to help Apache Airflow developers. As regular readers will know, I have been doing a fair bit of work with Apache Airflow, so I am not a stranger when it comes to authoring workflows in Apache Airflow (or DAGs). Kamen has put together a tool that reviews your DAGs and make some recommendations. How cool is that? Way cool is what I thought, so why not try this out for yourself, go have a play over at the PartyRock page, [MWAA / Apache Airflow DAG Tuning Assistant](https://aws-oss.beachgeek.co.uk/3px?trk=cndc-detail) **LocalStack** If you have not heard of [LocalStack](https://aws-oss.beachgeek.co.uk/3pr) before, it is an open source tool that helps developers build and test applications locally, emulating Amazon services locally. Sarath Krishnan, Waldemar Hummer, and Harsh Mishra have put together a post that demonstrates how you can use LocalStack on your developer machine to test your Amazon CDK projects locally. Sound interesting? If so, you can go read [Accelerating software delivery using LocalStack Cloud Emulator from Amazon Web Services Marketplace](https://aws-oss.beachgeek.co.uk/3ps) \[hands on] **Cedar** This popped up on my socials last week, a scientific paper that takes a look at some of the performance characteristics of Cedar, that demonstrates how it was designed to scale. Check out this [tweet from Sarah Cecchetti](https://aws-oss.beachgeek.co.uk/3pz?trk=cndc-detail), and then grab a cup of your favourite beverage whilst you sit down to enjoy, [Cedar: A New Language for Expressive, Fast, Safe, and Analyzable Authorization](https://aws-oss.beachgeek.co.uk/3q0?trk=cndc-detail) **Other posts and quick reads** * [Petabyte-scale log analytics with Amazon S3, Amazon OpenSearch Service, and Amazon OpenSearch Ingestion](https://aws-oss.beachgeek.co.uk/3pq?trk=cndc-detail) looks at solutions that enable petabyte-scale log analytics using OpenSearch Service in a modern data architecture \[hands on] * [Using CRaC to reduce Java startup times on Amazon EKS](https://aws-oss.beachgeek.co.uk/3pt?trk=cndc-detail) provides a great overview of the impact of Coordinated Restore at Checkpoint (CRaC) on the startup time of a Spring Boot application running on [Amazon EKS](https://aws.amazon.com/cn/eks/?trk=cndc-detail) \[hands on] ![image.png](https://dev-media.amazoncloud.cn/34e4c2692aea4ea38623484530e1e5b5_image.png "image.png") * [Automating Amazon EC2 Instances Monitoring with Prometheus EC2 Service Discovery and Amazon Distro for OpenTelemetry](https://aws-oss.beachgeek.co.uk/3pu?trk=cndc-detail) demonstrates how you can use EC2 service discovery with Amazon Distro for OpenTelemetry (ADOT) collector in order to automatically identify targets for scraping Prometheus metrics from dynamic EC2 environments \[hands on] ![image.png](https://dev-media.amazoncloud.cn/d90d3597298343fca633f2487065a8d5_image.png "image.png") * [Implement advanced replication features with Amazon RDS for MySQL and Amazon Aurora MySQL using intermediate replication servers](https://aws-oss.beachgeek.co.uk/3pv?trk=cndc-detail) helps you understand how you can use advanced replication features between MySQL-compatible databases such as [Amazon Aurora](https://aws.amazon.com/cn/rds/aurora/?trk=cndc-detail) MySQL-Compatible Edition clusters or Amazon Relational Database Service ([Amazon RDS](https://aws.amazon.com/cn/rds/?trk=cndc-detail)) for MySQL instances \[hands on] * [Deploy Next.js 14 SSR apps with Amazon Amplify Hosting’s Amazon Linux 2023 Support](https://aws-oss.beachgeek.co.uk/3pw?trk=cndc-detail) provides an overview of how to update your Amplify Hosting applications to use Amazon Linux 2023 as the build image \[hands on] * [Enhancing security in OpenSearch 2.12.0: The end of the default admin password](https://aws-oss.beachgeek.co.uk/3py?trk=cndc-detail) explains an important security related update that you should check out ### Quick updates **ECS Compose-X** Great news from Amazon Web Services Community Builder John Preston, [ECS Compose-X 1.0.0](https://aws-oss.beachgeek.co.uk/3qh?trk=cndc-detail)was released over the weekend. If you are not familiar with [ECS Compose-X](https://aws-oss.beachgeek.co.uk/20s?trk=cndc-detail), it is an open source tool that helps you simplify how to deploy your applications and services onto [Amazon ECS](https://aws.amazon.com/cn/ecs/?trk=cndc-detail) in a few simple steps. Go check it out if you have not already done so (and if you are coming to the Amazon Summit London, John will be demoing this at the open source booth on the Amazon Village) **OpenSearch** Last week saw the release of OpenSearch and OpenSearch Dashboards 1.3.15. You can read the full [release notes here](https://aws-oss.beachgeek.co.uk/3po?trk=cndc-detail). Also announced last week was news that Amazon OpenSearch Serverless is enhancing access controls for VPC endpoints. With this feature, administrators can attach endpoint policies to control which Amazon Web Services principals are allowed or denied access to the OpenSearch resources through their VPC endpoint(s). With a VPC endpoint policy, users can also combine actions along with Amazon Web Services principals and resources to have finer control on the allowing or denying the traffic through their VPC endpoint(s). **Kubernetes** As of last week, you can now use private cluster endpoints with Amazon Batch on [Amazon Elastic Kubernetes Service](https://aws.amazon.com/cn/eks/?trk=cndc-detail) ([Amazon EKS](https://aws.amazon.com/cn/eks/?trk=cndc-detail)). You can bring existing private [Amazon EKS](https://aws.amazon.com/cn/eks/?trk=cndc-detail) clusters and create a compute environment on Amazon Batch. This setup enables [Amazon EKS](https://aws.amazon.com/cn/eks/?trk=cndc-detail) jobs to run private endpoints using Amaozn Batch. Previously, Amazon Batch allowed only for public [Amazon EKS](https://aws.amazon.com/cn/eks/?trk=cndc-detail) clusters to run [Amazon EKS](https://aws.amazon.com/cn/eks/?trk=cndc-detail) workloads through Amazon Batch. With this feature, you can now use private [Amazon EKS](https://aws.amazon.com/cn/eks/?trk=cndc-detail) cluster endpoints with Amazon Batch. This unlocks key benefits for security-sensitive applications and leverage Amazon Batch's managed job scheduling and provisioning without compromising security or compliance policies. **RabbitMQ** [Amazon MQ](https://aws.amazon.com/cn/amazon-mq/?trk=cndc-detail) now provides support for RabbitMQ version 3.11.28, which includes several fixes and performance improvements to the previous versions of RabbitMQ supported by [Amazon MQ](https://aws.amazon.com/cn/amazon-mq/?trk=cndc-detail). If you are running earlier versions of RabbitMQ, such as 3.10, 3.9 or 3.8, we strongly encourage you to upgrade to RabbitMQ 3.11.28 or higher. This can be accomplished with just a few clicks in the Amazon Web Services Management Console. We also encourage you to enable automatic minor version upgrades on RabbitMQ 3.11.28 to help ensure your brokers take advantage of future fixes and improvements. **gMSA authentication for Linux** Group Managed Service Account (gMSA) is a managed account that provides automatic password management, service principal name (SPN) management, and the ability to delegate management to administrators over multiple servers or instances. This allows multiple containers or resources to share an AD account without having to authenticate each container or resource individually, or without having access to network-shared resources such as SQL Server hosts, or file-shares. [Amazon Elastic Container Service](https://aws.amazon.com/cn/ecs/?trk=cndc-detail) (ECS) now supports Group Managed Service Account (gMSA) for Linux containers running on Amazon Fargate. With this support, applications running on Amazon Fargate can easily authenticate with Microsoft Active Directory (AD) to access network shared resources. Until this update, customers could use gMSA with [Amazon ECS](https://aws.amazon.com/cn/ecs/?trk=cndc-detail) Linux containers on EC2 using credentials-fetcher integration. Now, the same capability is available for containers running on Amazon Fargate without having to manage servers or clusters of [Amazon EC2 ](https://aws.amazon.com/cn/ec2/?trk=cndc-detail)instances. Cristobal Espinosa and Sai Kiran Akula have put together a post, [Windows authentication with gMSA on Linux containers on Amazon ECS with Amazon Fargate](https://aws-oss.beachgeek.co.uk/3pp?trk=cndc-detail), with supporting code, that shows you how to use the integration of Credentials Fetcher with Amazon Fargate on [Amazon ECS](https://aws.amazon.com/cn/ecs/?trk=cndc-detail). ![image.png](https://dev-media.amazoncloud.cn/f882094885264318ad3a383b1d227307_image.png "image.png") ### Videos of the week **Istio Ambient Mesh - Ditch the Sidecar!** Ram Vennam (solo.io) joins host Sai Vennam (Amazon Web Services) to talk about Istio Service Mesh in Ambient Mode. With its sidecar-less approach, [Istio Ambient Mesh](https://aws-oss.beachgeek.co.uk/3pl?trk=cndc-detail)allows for simplified configuration and improved performance. After taking a look at the architecture, Sai and Ram walk you through a hands-on demo. https://youtu.be/bbfiYMzHtH0?trk=cndc-detail ### Events for your diary If you are planning any events in 2024, either virtual, in person, or hybrid, get in touch as I would love to share details of your event with readers. I recently found this GitHub repo, [open-source-events](https://aws-oss.beachgeek.co.uk/3jt?trk=cndc-detail) that is a curated set of open source events for 2024. Go check it out and see what 2024 is looking like. **KubeCon / CloudNativeCon**\ **Paris, 19th-22nd March** Join Amazon Web Services speakers at KubeCon Europe as they dive into the latest open source innovations innovations that make Amazon Web Services the best place for customers to build and run open source software in the cloud. Amazon Web Services conference speakers will be talking about Karpenter, Argo CD apps, the integration of AI in the CloudNative world, multi-tenant scalable Prometheus with Cortex, eBPF, Cloud Native CAKES stack for Zero Trust, chaos engineering, Kubernetes controllers, OpenTelemetry, and zonal outages. Don’t miss this opportunity to enhance your knowledge and connect with Amazon Web Services experts. Find out more by checking out the post from Chris Potter, [Amazon Web Services at KubeCon + CloudNativeCon Europe 2024](https://aws-oss.beachgeek.co.uk/3pk?trk=cndc-detail) **FOSSASIA**\ **April 8th-10th, Hanoi, Vietnam** The FOSSASIA Summit is one of Asia's Premier Open Technology conference with thousands of participants and an Open Tech exhibition taking place every year in March, and this year it will be in the vibrant city of Hanoi, Vietnam. A number of my Amazon Web Services colleagues will be there as well as myself, so I look forward to meeting with some of you. You can find out more details about this event by checking out the [FOSSASIA event page](https://aws-oss.beachgeek.co.uk/3ni?trk=cndc-detail) **Everything Open**\ **April 16th-18th, Gladstone Australia** Everything Open is an open source event where the open source community come together for three days to share updates on their projects and learn about the latest in open technologies from leading community members. The conference will cover a broad range of topics across three days. You can expect to see talks from areas such as the Linux ecosystem, including the Kernel, distros and drivers. There will also be a number of presentations on open source software and open hardware, alongside talks on Galleries, Libraries, Archives and Museums (GLAM), open data, open government, and much more. Another key feature will be talks on building and managing communities around open technologies. I will be attending and doing some open source talks, as well as finding out more about the local open source community. Check out [the event website](https://aws-oss.beachgeek.co.uk/3nh?trk=cndc-detail)for more details, and hope to see some of you there. **OpenSearchCon Europe**\ **May 6th-7th, Berlin Germany** I am happy to share news of the launch of a European edition of OpenSearchCon, so make sure you mark these dates in your diary. OpenSearchCon Europe has now joined OpenSearchCon North America on our 2024 conference schedule. Read more about the event in the post, [Announcing OpenSearchCon Europe 2024](https://aws-oss.beachgeek.co.uk/3pn?trk=cndc-detail) **Cortex**\ **Every other Thursday, next one 16th February** The Cortex community call happens every two weeks on Thursday, alternating at 1200 UTC and 1700 UTC. You can check out the GitHub project for more details, go to the [Community Meetings](https://aws-oss.beachgeek.co.uk/2h5?trk=cndc-detail) section. The community calls keep a rolling doc of previous meetings, so you can catch up on the previous discussions. Check the [Cortex Community Meetings Notes](https://aws-oss.beachgeek.co.uk/2h6?trk=cndc-detail) for more info. **OpenSearch**\ **Every other Tuesday, 3pm GMT** This regular meet-up is for anyone interested in OpenSearch & Open Distro. All skill levels are welcome and they cover and welcome talks on topics including: search, logging, log analytics, and data visualisation. Sign up to the next session, [OpenSearch Community Meeting](https://aws-oss.beachgeek.co.uk/1az?trk=cndc-detail) ### Celebrating open source contributors The articles and projects shared in this newsletter are only possible thanks to the many contributors in open source. I would like to shout out and thank those folks who really do power open source and enable us all to learn and build on top of what they have created. So thank you to the following open source heroes: Andi Ahmeti, John Preston, Dakota Lewallen, Peter McAree, Jagadish Kumar, Muthu Pitchaimani, Sam Selvan, Cristobal Espinosa, Sai Kiran Akula, Ram Vennam, Sai Vennam, Chris Potter, Islam Mahgoub, Raglin Anthony, Owen Hawkins, Sascha Moellering, Sarath Krishnan, Waldemar Hummer, Harsh Mishra, Jay Joshi, Shyam Sunder Rakhecha, Szymon Komendera, Neha Sharma, Matt Auerbach, Kamen Sharlandjiev, Darshit Chanpura, Kondala Rao Patibandla, Eric Johnson, Maurice Borgmeier, Rafael Araújo, Anish Shilpakar, Mostefa Brougui, and Franck Pachot. **Feedback** Please please please take 1 minute to [complete this short survey](https://www.pulse.aws/promotion/10NT4XZQ?trk=cndc-detail). ### Stay in touch with open source at Amazon Web Services Remember to check out the [Open Source homepage](https://aws.amazon.com/opensource/?opensource-all.sort-by=item.additionalFields.startDate\\&opensource-all.sort-order=asc&trk=cndc-detail) for more open source goodness. One of the pieces of feedback I received in 2023 was to create a repo where all the projects featured in this newsletter are listed. Where I can hear you all ask? Well as you ask so nicely, you can meander over to[ newsletter-oss-projects](https://aws-oss.beachgeek.co.uk/3l8?trk=cndc-detail). Made with ♥ from DevRel
目录
亚马逊云科技解决方案 基于行业客户应用场景及技术领域的解决方案
联系亚马逊云科技专家
亚马逊云科技解决方案
基于行业客户应用场景及技术领域的解决方案
联系专家
0
目录
关闭