The lead up to re:Invent has started, so we’re getting a lot of announcements coming out of AWS. Two very interesting ones last week are the introduction of AMD instance types and Inspector’s agentless network assessment.

AMD on AWS

For a long time, Intel processors were the only option in AWS¹, but now you can use AMD EPYC processors as well. The initial release has 2 instance types, the M5a and R5a types. These are comparable to the regular M5 and R5 types that use the new Nitro hypervisor, but according to AWS should be used when you want to save some costs on instances that don’t use the full CPU capabilities.

Based on the marketing material and prices this shows that AWS believes that the Intel processors are more powerful than the AMD ones. Some initial benchmarks I’ve found seem to bear this out in general². It’s not uncommon for instances not to be able to use all of the CPU of an instance and the 10% price difference can then make a big difference.

That said, let’s take a look back at what this could mean in the future. First, it’s great to see even the possibility for some competition in this market, and I’m sure that other than offering more options AWS will also see this as a way to get better pricing from Intel and AMD. As AWS tends to lower prices quite regularly, that will likely mean lower prices for us as consumers of these instances. But how much of an impact will this actually make?

AWS currently has 17 latest generation instance types³, 2 of which are AMD based. With the promised introduction of the T3a this will become 18 and 3, which means that 1/6th of the instance types will be AMD.

Based on the way AWS talks about the AMD instances, I think it’s unlikely that an AMD option will come to any compute optimised instances so a C5a is unlikely at this time⁴like the C5s anytime either. Furthermore I believe that AWS will only release new types using the Nitro hypervisor, and there aren’t many instance types that have this. So they’re unlikely to release AMD types of the older types.

This doesn’t even take into account how many of the instances usually run on managed services like RDS or Elasticache. In the end, what I’m trying to say here is that AMD fans might not want to get their hopes up too much yet as it will likely still be a while before AMD will have a big impact on this market⁵.

Inspector Network Assessments

Amazon Inspector is a tool that you can use to look at how the security posture of your instances. It works by installing an agent on these instances and verifying them regularly based on the requirements you give it.

The latest feature of Inspector doesn’t require this however, and is focused solely on the networking part. The Network Assessments allow you to run a check of your network configuration for your instances. When doing this, it will take the entire environment into account, so your NACLs, security groups, and even routing tables. If you install the agent it will show some additional details as well, but in itself this will already give a good idea of any potential places where you can improve your security.

The idea is to run Inspector regularly, but if that is outside of your budget⁶ I would still recommend to run it at least while you’re building your environment so you can catch these things before you go live.