Amazon Web Services Inc. is following up the new security capabilities it debuted at the start of the week with yet more features for defending application environments running on its cloud platform. 

The first of the additions, which were announced late Thursday, is a tool called EC2 Instance Connect. It aims to provide more security for the information technology personnel who manage a company’s cloud environment.

When performing sensitive tasks such as configuration updates, administrators normally use a protocol called SSH to establish an encrypted connection to the system being modified. The technology is used near-universally in both on-premises and cloud environments. With EC2 Instance Connect, companies can manage SSH sessions using AWS’ built-in access control mechanisms.

The tool integrates with the AWS IEM directory system to let IT departments limit which instances each team member can access based on their role. An administrator at a remote branch office, for instance, could be given access only to the cloud instances that belong to that office. EC2 Instance Connect also makes it possible to log SSH sessions using the AWS CloudTrail auditing service.

As an additional precaution, the tool provides the option to generate a new cryptographic key for every single SSH connection. The benefit of onetime keys is that they can’t be reused by would-be hackers to connect to a company’s cloud instances if they’re somehow leaked.

Alongside EC2 Instance Connect, AWS introduced new access controls for ECS, its software container management system. Like the SSH tool, the access controls provide the ability to limit administrators’ permissions based on their area of responsibility. IT departments can now specify access rules down to specific hardware resources and tasks, as well as group assets with tags that likewise lends themselves to defining usage restrictions.  

The rapid frequency at which AWS rolls out new management features is a big part of how it has managed to maintain its leadership position in the cloud market. For the same reason, the Amazon.com Inc. subsidiary is also pursuing an aggressive release schedule on the hardware front. 

AWS on Thursday added four new instance configurations to its portfolio. The first pair, dubbed m5.16xlarge and m5.8xlarge, pack 32 and 64 processing cores, respectively, along with 1.8 to 3.6 gigabytes of storage. They’re aimed at general-purpose workloads. The two other new instances, the r5.8xlarge and r5.16xlarge, have nearly identical specifications except they include twice as much RAM to support memory-hungry applications such as analytics tools. 

Photo: Tony Webster/Flickr