News Feed

Accelerate the transfer of data from an Amazon EBS snapshot to a new EBS volume

~ Reporter ~ Leave a comment

Today we are announcing the general availability of Amazon Elastic Block Store (Amazon EBS) Provisioned Rate for Volume Initialization, a feature that accelerates the transfer of data from an EBS snapshot, a highly durable backup of volumes stored in Amazon Simple Storage Service (Amazon S3) to a new EBS volume.

With Amazon EBS Provisioned Rate for Volume Initialization, you can create fully performant EBS volumes within a predictable amount of time. You can use this feature to speed up the initialization of hundreds of concurrent volumes and instances. You can also use this feature when you need to recover from an existing EBS Snapshot and need your EBS volume to be created and initialized as quickly as possible. You can use this feature to quickly create copies of EBS volumes with EBS Snapshots in a different Availability Zone, AWS Region, or AWS account. Provisioned Rate for Volume Initialization for each volume is charged based on the full snapshot size and the specified volume initialization rate.

This new feature expedites the volume initialization process by fetching the data from an EBS Snapshot to an EBS volume at a consistent rate that you specify between 100 MiB/s and 300 MiB/s. You can specify this volume initialization rate at which the snapshot blocks are to be downloaded from Amazon S3 to the volume.

With specifying the volume initialization rate, you can create a fully performant volume in a predictable time, enabling increased operational efficiency and visibility on the expected time of completion. If you run utilities like fio/dd to expedite volume initialization for your workflows like application recovery and volume copy for testing and development, it will remove the operational burden of managing such scripts with the consistency and predictability to your workflows.

Get started with specifying the volume initialization rate
To get started, you can choose the volume initialization rate when you launch your EC2 instance or create your volume from the snapshot.

1. Create a volume in the EC2 launch wizard
When launching new EC2 instances in the launch wizard of EC2 console, you can enter a desired Volume initialization rate in the Storage (volumes) section.

You can also set the volume initialization rate when creating and modifying the EC2 Launch Templates.

In the AWS Command Line Interface (AWS CLI), you can add VolumeInitializationRate parameter to the block device mappings when call run-instances command.

aws ec2 run-instances \
    --image-id ami-0abcdef1234567890 \
    --instance-type t2.micro \
    --subnet-id subnet-08fc749671b2d077c \
    --security-group-ids sg-0b0384b66d7d692f9 \
    --key-name MyKeyPair \
    --block-device-mappings file://mapping.json

Contents of mapping.json. This example adds /dev/sdh an empty EBS volume with a size of 8 GiB.

[
    {
        "DeviceName": "/dev/sdh",
        "Ebs": {
            "VolumeSize": 8
            "VolumeType": "gp3",            
            "VolumeInitializationRate": 300
		 } 
     } 
]

To learn more, visit block device mapping options, which defines the EBS volumes and instance store volumes to attach to the instance at launch.

2. Create a volume from snapshots
When you create a volume from snapshots, you can also choose Create volume in the EC2 console and specify the Volume initialization rate.

Confirm your new volume with the initialization rate.

In the AWS CLI, you can use VolumeInitializationRate parameter and when calling create-volume command.

aws ec2 create-volume --region us-east-1 --cli-input-json '{
    "AvailabilityZone": "us-east-1a",
    "VolumeType": "gp3",
    "SnapshotId": "snap-07f411eed12ef613a",
    "VolumeInitializationRate": 300
}'

If the command is run successfully, you will receive the result below.

{
    "AvailabilityZone": "us-east-1a",
    "CreateTime": "2025-01-03T21:44:53.000Z",
    "Encrypted": false,
    "Size": 100,
    "SnapshotId": "snap-07f411eed12ef613a",
    "State": "creating",
    "VolumeId": "vol-0ba4ed2a280fab5f9",
    "Iops": 300,
    "Tags": [],
    "VolumeType": "gp2",
    "MultiAttachEnabled": false,
    "VolumeInitializationRate": 300
}

You can also set the volume initialization rate when replacing root volumes of EC2 instances and provisioning EBS volumes using the EBS Container Storage Interface (CSI) driver.

After creation of the volume, EBS will keep track of the hydration progress and publish an Amazon EventBridge notification for EBS to your account when the hydration completes so that they can be certain when their volume is fully performant.

To learn more, visit Create an Amazon EBS volume and Initialize Amazon EBS volumes in the Amazon EBS User Guide.

Now available
Amazon EBS Provisioned Rate for Volume Initialization is now available and supported for all EBS volume types today. You will be charged based on the full snapshot size and the specified volume initialization rate. To learn more, visit Amazon EBS Pricing page.

To learn more about Amazon EBS including this feature, take the free digital course on the AWS Skill Builder portal. Course includes use cases, architecture diagrams and demos.

Give this feature a try in the Amazon EC2 console today and send feedback to AWS re:Post for Amazon EBS or through your usual AWS Support contacts.

— Channy

How is the News Blog doing? Take this 1 minute survey!

(This survey is hosted by an external company. AWS handles your information as described in the AWS Privacy Notice. AWS will own the data gathered via this survey and will not share the information collected with survey respondents.)

from AWS News Blog https://ift.tt/rbuLpV4
via IFTTT

Strengthening Cybersecurity in the Vulnerable Educational System

~ Reporter ~ Leave a comment

School systems may not immediately come to mind as targets for cybersecurity attacks. However, threat actors have increasingly turned their attention to them, recognizing that the extensive digital infrastructure supporting schools contains a wealth of sensitive information that can be stolen or exploited for financial gain.

It was reported earlier this year that hackers stole private data of over 700,000 current and former Chicago Public Schools (CPS) students in a ransomware attack, subsequently posting it on the Dark Web. Exploiting a vulnerability in a technology vendor’s software that  CPS was using to share data, hackers accessed a server and compromised information from the district and over 60 other organizations nationwide. The stolen data included students’ names, birth dates, genders, and CPS student ID numbers.

There was also the PowerSchool breach that is currently on track to become one of the biggest breaches of the year. The company stated that hackers used compromised credentials to breach its customer support portal, further allowing access to the company’s school information system, which houses sensitive information such as student records, grades, attendance, and enrollment. 

Teachers, administrators, students, and even parents/guardians urgently need to reduce the likelihood of a cyberattack, no matter the time of year. With the right tools, skills, and awareness, school districts can strengthen their cybersecurity posture and remain well-protected from the evolving threat landscape.

Much like the business sector, the education system has integrated digital infrastructure to support day-to-day activities and administrative duties. Students rely on computers to complete and submit assignments, teachers use them to manage their students’ progress, and administrators depend on them for communication, analytics, and record-keeping. This reliance on technology has resulted in school districts accumulating a massive reserve of personal and sensitive information, including phone numbers, email addresses, social security numbers, and even medical records and credit card information—all of which can be exploited by threat actors.

Many high-ranking members within the education system fail to realize what a treasure trove the data within their systems could turn out to be to a cybercriminal. As a result, many school districts lack the necessary cybersecurity infrastructure, training programs, and general awareness to stay protected against attacks. This vulnerability has led threat actors to target schools, hoping to exploit under-protected systems and easily hijack valuable data.

School districts with inadequate cybersecurity measures and training programs are much more vulnerable to sophisticated network attacks or software exploits. However, the lack of cyber defense training among both students and staff poses an even greater risk for successful social engineering or phishing exploits. As a result, attacks are easier to execute, allowing threat actors to hijack private credentials or attach viruses, malware, or ransomware to seemingly innocent communications.

While summer vacation is approaching and the semester will be coming to a close soon, it is  imperative that school districts integrate a new wave of cybersecurity operations into their systems to avoid these issues as they could arise at any time. Simultaneously, threat actors are likely to target school infrastructure and unsuspecting users in hopes of an easy payday. With this in mind, schools should take proactive steps to safeguard against cyber threats, both through robust cybersecurity infrastructure and comprehensive, ongoing school-wide training.

First, school districts must implement fundamental cybersecurity measures as a baseline level of protection. This includes next-gen, AI-powered email security solutions, advanced threat detection and response, endpoint security, patch management, as well as strong passwords backed with multi-factor authentication (MFA). Phishing resistant MFA is also highly useful for all official school accounts.

Secondly, school districts must ensure that all private and sensitive information is securely backed up with immutable storage. In the event of a breach or a ransomware attack, or if systems become compromised, districts can be reassured that stored data isn’t lost. Properly storing data also prevents threat actors from extorting school districts, as they have access to backed-up data even if the original versions are rendered inaccessible.

Lastly, it is critical to foster a student body and administration that is knowledgeable about cybersecurity best practices. Through regular training and thorough awareness programs, school districts can create a “human firewall” that significantly reduces the likelihood of a successful attack.

To build an effective human firewall, school districts can adopt the ‘mindset-skillset-toolset’ triad:

  • Mindset – Raise awareness among students and staff about growing cyber threats
  • Skillset – Combine awareness training with simulations for workers and students
  • Toolset – Incorporate tools that support secure behavior by employees and students

This approach should be applied holistically, but it’s important to note that specific demographics require tailored approaches to training. Key differences to consider include:

  • Students, teachers, and administrators use devices and accounts for specific purposes, with some handling more sensitive information than others.
  • Faculty and administrators, who regularly use school devices, likely have the most up-to-date software and protection from private Wi-Fi and Ethernet connections. However, their contact information is often publicly available on school websites, making them particularly high-risk targets.
  • Parents and guardians are less likely to use school devices but should be educated about cyber risks to help their children understand potential dangers and serve as a resource if suspicious activity occurs. 
  • School districts need to implement age-appropriate training that teachers and parents/guardians can ensure is closely followed both in class and at home, with the sophistication of training gradually increasing for older age groups.

School systems may be at a higher risk of cyber attacks than ever before, but they are not powerless to prevent threat actors from disrupting their activities. By implementing robust security infrastructure, fostering awareness, and providing regular training, school systems can ensure that their students and staff are prepared to mitigate any potential cyber threats at any point throughout the school year.

__

Daniel Blank, COO at Hornetsecurity

Daniel Blank has over 15 years of experience selling complex IT products, and 13 years of various managerial positions in the cloud security environment. Daniel joined Hornetsecurity in 2010 as Key Account Manager, quickly becoming Director of Sales, and finally assuming the role of COO in 2014. Today, Daniel is responsible for Sales, Presales/ Education, and Human Resources at Hornetsecurity.

 

The post Strengthening Cybersecurity in the Vulnerable Educational System first appeared on Cybersecurity Insiders.

The post Strengthening Cybersecurity in the Vulnerable Educational System appeared first on Cybersecurity Insiders.

from Cybersecurity Insiders https://ift.tt/OSWeotc
via IFTTT

Microsoft Warns Default Helm Charts Could Leave Kubernetes Apps Exposed to Data Leaks

~ Reporter ~ Leave a comment

Microsoft has warned that using pre-made templates, such as out-of-the-box Helm charts, during Kubernetes deployments could open the door to misconfigurations and leak valuable data.
“While these ‘plug-and-play’ options greatly simplify the setup process, they often prioritize ease of use over security,” Michael Katchinskiy and Yossi Weizman from the Microsoft Defender for Cloud Research team

from The Hacker News https://ift.tt/7TAUZXa
via IFTTT

Entra ID Data Protection: Essential or Overkill?

~ Reporter ~ Leave a comment

Microsoft Entra ID (formerly Azure Active Directory) is the backbone of modern identity management, enabling secure access to the applications, data, and services your business relies on. As hybrid work and cloud adoption accelerate, Entra ID plays an even more central role — managing authentication, enforcing policy, and connecting users across distributed environments.
That prominence also

from The Hacker News https://ift.tt/2jpOCA7
via IFTTT

Stealth Tunnels: The Dawn of Undetectable Remote Access

~ Reporter ~ Leave a comment

In today’s world, more employees work from home, coffee shops, or satellite offices than ever before. While remote access tools like VPNs have kept us connected, they’re increasingly easy for network gatekeepers to spot—and sometimes block or slow down. Enter stealth tunnels: an innovative way to disguise secure connections so they glide past firewalls and inspection tools unnoticed. In this article, we’ll explain what makes stealth tunnels different, why they matter, and how businesses can use them to keep their remote workers safe, productive, and uninterrupted.

In this deep dive, we’ll explore how stealth tunnels work, why they outperform legacy Virtual Private Network (VPN)s, and how enterprises can deploy them securely at scale.

Why Traditional VPNs Aren’t Enough

Imagine you’re trying to drive into a city through one of its main gates. A standard VPN is like a marked delivery truck: the guards know exactly what it is and can choose to let it through, inspect it, or stop it altogether. That’s because traditional VPNs use well-known ports and protocols—digital “signatures” that deep-packet inspection (DPI) tools and firewalls easily recognize.

When a business firewall sees VPN traffic, it can slow it down or block it outright, interrupting video conferences, halting large file transfers, or preventing access to critical systems. For employees in high-security environments—financial traders, healthcare technicians, or field engineers—these interruptions mean lost time, missed opportunities, and mounting frustration.

Stealth vs. Legacy VPN: A Feature Comparison

What Makes a Tunnel “Stealth”

Stealth tunnels wrap VPN traffic inside a form that looks, to the network’s gatekeepers, like harmless web browsing or random data. Think of it as putting our delivery truck inside an unmarked van that looks like any other car on the road. 

The key techniques include:

HTTPS Wrapping: The VPN connection is hidden inside a standard web-secure (HTTPS) session. Since almost all websites use HTTPS these days, this traffic simply blends in with normal browsing.

Port Hopping & Padding: Instead of listening on one fixed port, the tunnel randomly changes its port every few minutes. Network tools can’t easily predict which port to watch. Adding a bit of “padding”—small dummy data packets—further disguises the true nature of the traffic.

Handshake Obfuscation: Most VPNs follow a predictable “handshake” when connecting. Stealth tunnels randomize the timing and structure of this handshake so it doesn’t match known VPN patterns

Combined, these methods make the encrypted tunnel look like any other benign data flow, effectively slipping past DPI and firewall scrutiny.

Benefits of Stealth Tunnels

Uninterrupted Productivity

Because network tools can’t identify stealth tunnels, remote workers enjoy smoother video calls, faster file transfers, and reliable access to enterprise applications—no matter where they connect from.

Better Security

Stealth tunnels still use strong encryption under the hood. Even if someone tried to intercept the data, they’d see only scrambled bits inside a standard web stream.

Resilience Against Censorship & Throttling

In regions where VPNs are blocked or heavily slowed down, stealth tunnels can maintain connectivity by masquerading as regular web traffic. This is critical for global teams working in restrictive environments.

Explaining with Example: 

1.Traditional VPN: You launch your VPN client, which opens a connection on UDP port 1194. The café’s network equipment spots this, slows it down by 80%, and you struggle through a choppy video call.

2.Stealth Tunnel: You toggle “Stealth Mode” in your remote-access app. Your traffic is wrapped inside HTTPS on port 443, then jumps ports and adds padding. The café’s equipment treats it like normal web traffic—your call remains crystal clear.

How Businesses Can Deploy Stealth Tunnels

1. Choose a Stealth-Ready Solution

Look for remote-access platforms that offer an easy “stealth mode” switch. This often relies on the widely supported Wire Guard or OpenVPN technologies under the hood, enhanced with obfuscation modules.

2. Setup Stealth Gateways

Deploy one or more servers—called stealth gateways—in locations your users can reach, such as cloud regions or branch offices. These gateways unwrap the disguised traffic and forward it to your corporate network.

3. Roll Out Stealth Clients

Install or update the client apps on user devices (laptops, tablets, phones). A single toggle in the app enables all obfuscation features—no manual port configuration or scripting required.

4. Monitor and Rotate

Regularly update handshake parameters, encryption keys, and port ranges. A central management console can automate this, ensuring the tunnels remain undiscoverable over time.

Looking Ahead

As DPI and network monitoring tools become more powerful, stealth tunnels will continue to evolve. Future enhancements may include machine-learning to adapt obfuscation on the fly, quantum-safe encryption for extra peace of mind, and deeper integration with software-defined networks. Businesses that adopt stealth-capable remote access today will gain a crucial edge—keeping their distributed workforces connected, productive, and secure, no matter where they roam.

___

 

About the Author

Vikram Gupta is the Founder and CEO of Fibmesh, a trailblazer in software-defined mesh networks and secure remote-access solutions. With an experience in network engineering and a passion for democratizing connectivity, he leads the development of next-generation systems that empower organizations to build their own secure, adaptive infrastructures.

 

The post Stealth Tunnels: The Dawn of Undetectable Remote Access first appeared on Cybersecurity Insiders.

The post Stealth Tunnels: The Dawn of Undetectable Remote Access appeared first on Cybersecurity Insiders.

from Cybersecurity Insiders https://ift.tt/1s6AJ4f
via IFTTT

AWS Weekly Roundup: Amazon Nova Premier, Amazon Q Developer, Amazon Q CLI, Amazon CloudFront, AWS Outposts, and more (May 5, 2025)

~ Reporter ~ Leave a comment

Last week I went to Thailand to attend the AWS Summit Bangkok. It was an energizing and exciting event. We hosted the Developer Lounge, where developers can meet, discuss ideas, enjoy lightning talks, win SWAGs at AWS Builder ID Prize Wheel, take a challenge at Amazon Q Developer Coding Challenge, or learn Generative AI at Learn Amazon Bedrock booth.

Here’s a quick look:

Thank you to AWS Heroes, AWS Community Builders, AWS User Group leaders and developers for your collaboration.

Coming up next in ASEAN is AWS Summit Singapore—make sure you don’t miss it by registering now.

Last Week’s Launches
Here are some launches last week that caught my attention:

  • Amazon Nova Premier Now Generally Available — Amazon Nova Premier, our most capable model for complex tasks and teacher for model distillation, is now generally available in Amazon Bedrock. It excels at complex tasks requiring deep context understanding and multistep planning, while processing text, images, and videos with a 1M token context length. With Nova Premier and Amazon Bedrock Model Distillation, you can create highly capable, cost-effective, and low-latency versions of Nova Pro, Lite, and Micro, for your specific needs.

  • Amazon Q Developer elevates the IDE experience with new agentic coding experience — This new interactive, agentic coding experience for Visual Studio Code allows Q Developer to intelligently take actions on behalf of the developer. Amazon Q Developer introduces an interactive coding experience in Visual Studio Code, offering real-time collaboration for coding, documentation, and testing. It provides transparent reasoning, and supports automated or step-by-step changes in multiple languages.

  • New Foundation Models in Amazon Bedrock — Amazon Bedrock expands its model offerings with two significant additions:
    • Writer’s Palmyra X5 and X4 models feature extensive context windows (1M and 128K tokens respectively) and excel in complex reasoning for enterprise applications. They support multistep tool-calling and adaptive thinking with high reliability standards.
    • Meta’s Llama 4 Scout 17B and Maverick 17B models offer natively multimodal capabilities using mixture-of-experts architecture for enhanced reasoning and image understanding. They support multiple languages and extended context processing, with simplified integration through the Bedrock Converse API.
  • Second-Generation AWS Outposts Racks Released AWS announces the general availability of second-generation Outposts racks with significant enhancements including the latest x86 EC2 instances, simplified networking, and accelerated networking options. These improvements deliver doubled vCPU, memory, and network bandwidth, 40% better performance, and support for ultra-low latency workloads, making them ideal for demanding on-premises deployments.
  • Amazon CloudFront SaaS Manager Launches — Amazon CloudFront SaaS Manager helps SaaS providers and web hosting platforms efficiently manage content delivery across multiple customer domains. The service dramatically reduces operational complexity while providing high-performance content delivery and enterprise-grade security for every customer domain.

  • Amazon Aurora Now Supports PostgreSQL 17 — Amazon Aurora now supports PostgreSQL 17.4, offering community improvements and Aurora-specific enhancements like optimized memory management and faster failovers. The release includes new features for Babelfish, security fixes, and updated extensions, available in all AWS Regions.
  • CloudWatch Introduces Tiered Pricing for Lambda Logs — Amazon CloudWatch launches tiered pricing for AWS Lambda logs and new delivery destinations. Pricing in US East starts at $0.50/GB for CloudWatch and $0.25/GB for S3 and Firehose, both tiering down to $0.05/GB. This update enhances flexibility in log management across all supporting Regions.
  • RDS for MySQL Updates Minor VersionsAmazon RDS for MySQL now supports minor versions 8.0.42 and 8.4.5, delivering security fixes, bug fixes, and performance improvements. Users can upgrade automatically during maintenance windows or use Blue/Green deployments for safer updates.
  • Amazon Bedrock Model Distillation Generally AvailableAmazon Bedrock Model Distillation is now generally available, supporting new models like Amazon Nova and Claude 3.5. It enables smaller models to accurately predict function calling for Agents, delivering up to 500% faster responses and 75% lower costs with minimal accuracy loss for RAG use cases. The service includes automated workflows for data synthesis and student model training.
  • AI Search Flow Builder for Amazon OpenSearch Service Amazon OpenSearch Service now offers an AI search flow builder for OpenSearch 2.19+ domains. This low-code designer enables creation of sophisticated AI-enhanced search flows using AWS and third-party services, supporting use cases like RAG, query rewriting, and semantic encoding.

From Community.AWS
Here’s my personal favorites posts from community.aws:

Upcoming AWS events
Check your calendars and sign up for these upcoming AWS events:

  • AWS Summit — Join free online and in-person events that bring the cloud computing community together to connect, collaborate, and learn about AWS. Register in your nearest city: Poland (6 May), Bengaluru (May 7 – 8), Hong Kong (May 8), Seoul (May 14-15), Singapore (May 29), and Sydney (June 4–5).
  • AWS re:Inforce – Mark your calendars for AWS re:Inforce (June 16–18) in Philadelphia, PA. AWS re:Inforce is a learning conference focused on AWS security solutions, cloud security, compliance, and identity. You can subscribe for event updates now!
  • AWS Partners Events – You’ll find a variety of AWS Partner events that will inspire and educate you, whether you are just getting started on your cloud journey or you are looking to solve new business challenges.
  • AWS Community Days – Join community-led conferences that feature technical discussions, workshops, and hands-on labs led by expert AWS users and industry leaders from around the world: Yerevan, Armenia (May 24), Zurich, Switzerland (May 25), and Bengaluru, India (May 25).

You can browse all upcoming in-person and virtual events.

That’s all for this week. Check back next Monday for another Weekly Roundup!

How is the News Blog doing? Take this 1 minute survey!

(This survey is hosted by an external company. AWS handles your information as described in the AWS Privacy Notice. AWS will own the data gathered via this survey and will not share the information collected with survey respondents.)

from AWS News Blog https://ift.tt/g8ioX5k
via IFTTT

Amazon Q Developer in GitHub (in preview) accelerates code generation

~ Reporter ~ Leave a comment

Starting today, you can now use Amazon Q Developer in GitHub in preview! This is fantastic news for the millions of developers who use GitHub on a daily basis, whether at work or for personal projects. They can now use Amazon Q Developer for feature development, code reviews, and Java code migration directly within the GitHub interface.

To demonstrate, I’m going to use Amazon Q Developer to help me create an application from zero called StoryBook Teller. I want this to be an ASP.Core website using .NET 9 that takes three images from the user and uses Amazon Bedrock with Anthropic’s Claude to generate a story based on them.

Let me show you how this works.

Installation

The first thing you need to do is install the Amazon Q Developer application in GitHub, and you can begin using it immediately without connecting to an AWS account.

You’ll then be presented with a choice to add it to all your repositories or select specific ones. In this case, I want to add it to my storybook-teller-demo repo, so I choose Only selected repositories and type in the name to find it.

This is all you need to do to make the Amazon Q Developer app ready to use inside your selected repos. You can verify that the app is installed by navigating to your GitHub account Settings and the app should be listed in the Applications page.

You can choose Configure to view permissions and add Amazon Q Developer to repositories or remove it at any time.

Now let’s use Amazon Q Developer to help us build our application.

Feature development
When Amazon Q Developer is installed into a repository, you can assign GitHub issues to the Amazon Q development agent to develop features for you. It will then generate code using the whole codebase in your repository as context as well as the issue’s description. This is why it’s important to list your requirements as accurately and clearly as possible in your GitHub issues, the same way that you should always strive for anyway.

I have created five issues in my StoryBook Teller repository that cover all my requirements for this app, from creating a skeleton .NET 9 project to implementing frontend and backend.

Let’s use Amazon Q Developer to develop the application from scratch and help us implement all these features!

To begin with, I want Amazon Q Developer to help me create the .NET project. To do this, I open the first issue, and in the Labels section, I find and select Amazon Q development agent.

That’s all there is to it! The issue is now assigned to Amazon Q Developer. After the label is added, the Amazon Q development agent automatically starts working behind the scenes providing progress updates through the comments, starting with one saying, I'm working on it.

As you might expect, the amount of time it takes will depend on the complexity of the feature. When it’s done, it will automatically create a pull request with all the changes.

The next thing I want to do is make sure that the generated code works, so I’m going to download the code changes and run the app locally on my computer.

I go to my terminal and type git fetch origin pull/6/head:pr-6 to get the code for the pull request it created. I double-check the contents and I can see that I do indeed have an ASP.Core project generated using .NET 9, as I expected.

I then run dotnet run and open the app with the URL given in the output.

Brilliant, it works! Amazon Q Developer took care of implementing this one exactly as I wanted based on the requirements I provided in the GitHub issue. Now that I have tested that the app works, I want to review the code itself before I accept the changes.

Code review
I go back to GitHub and open the pull request. The first thing I notice is that Amazon Q Developer has performed some automatic checks on the generated code.

This is great! It has already done quite a bit of the work for me. However, I want to review it before I merge the pull request. To do that, I navigate to the Files changed tab.

I review the code, and I like what I see! However, looking at the contents of .gitignore, I notice something that I want to change. I can see that Amazon Q Developer made good assumptions and added exclusion rules for Visual Studio (VS) Code files. However, JetBrains Rider is my favorite integrated development environment (IDE) for .NET development, so I want to add rules for it, too.

You can ask Amazon Q Developer to reiterate and make changes by using the normal code review flow in the GitHub interface. In this case, I add a comment to the .gitignore code saying, add patterns to ignore Rider IDE files. I then choose Start a review, which will queue the change in the review.

I select Finish your review and Request changes.

Soon after I submit the review, I’m redirected to the Conversation tab. Amazon Q Developer starts working on it, resuming the same feedback loop and encouraging me to continue with the review process until I’m satisfied.

Every time Q Developer makes changes, it will run the automated checks on the generated code. In this case, the code was somewhat straightforward, so it was expected that the automatic code review wouldn’t raise any issues. But what happens if we have more complex code?

Let’s take another example and use Amazon Q Developer to implement the feature for enabling image uploads on the website. I use the same flow I described in the previous section. However, I notice that the automated checks on the pull request flagged a warning this time, stating that the API generated to support image uploads on the backend is missing authorization checks effectively allowing direct public access. It explains the security risk in detail and provides useful links.

It then automatically generates a suggested code fix.

When it’s done, you can review the code and choose to Commit changes if you’re happy with the changes.

After fixing this and testing it, I’m happy with the code for this issue and move on applying the same process to other ones. I assign the Amazon Q development agent to each one of my remaining issues, wait for it to generate the code, and go through the iterative review process asking it to fix any issues for me along the way. I then test my application at the end of that software cycle and am very pleased to see that Amazon Q Developer managed to handle all issues, from project setup, to boilerplate code, to more complex backend and frontend. A true full-stack developer!

I did notice some things that I wanted to change along the way. For example, it defaulted to using the Invoke API to send the uploaded images to Amazon Bedrock instead of the Converse API. However, because I didn’t state this in my requirements, it had no way of knowing. This highlights the importance of being as precise as possible in your issue’s titles and descriptions to give Q Developer the necessary context and make the development process as efficient as possible.

Having said that, it’s still straightforward to review the generated code on the pull requests, add comments, and let the Amazon Q Developer agent keep working on changes until you’re happy with the final result. Alternatively, you can accept the changes in the pull request and create separate issues that you can assign to Q Developer later when you’re ready to develop them.

Code transformation
You can also transform legacy Java codebases to modern versions with Q Developer. Currently, it can update applications from Java 8 or Java 11 to Java 17, with more options coming in future releases.

The process is very similar to the one I demonstrated earlier in this post, except for a few things.

First, you need to create an issue within a GitHub repository containing a Java 8 or Java 11 application. The title and description don’t really matter in this case. It might even be a short title such as “Migration,” leaving the description empty. Then, on Labels, you assign the Amazon Q transform agent label to the issue.

Much like before, Amazon Q Developer will start working immediately behind the scenes before generating the code on a pull request that you can review. This time, however, it’s the Amazon Q transform agent doing the work which is specialized in code migration and will take all the necessary steps to analyze and migrate the code from Java 8 to Java 17.

Notice that it also needs a workflow to be created, as per the documentation. If you don’t have it enabled yet, it will display clear instructions to help you get everything set up before trying again.

As expected, the amount of time needed to perform a migration depends on the size and complexity of your application.

Conclusion
Using Amazon Q Developer in GitHub is like having a full-stack developer that you can collaborate with to develop new features, accelerate the code review process, and rely on to enhance the security posture and quality of your code. You can also use it to automate migration from Java 8 and 11 applications to Java 17 making it much easier to get started on that migration project that you might have been postponing for a while. Best of all, you can do all this from the comfort of your own GitHub environment.

Now available
You can now start using Amazon Q Developer today for free in GitHub, no AWS account setup needed.

Amazon Q Developer in GitHub is currently in preview.

Matheus Guimaraes | codingmatheus

How is the News Blog doing? Take this 1 minute survey!

(This survey is hosted by an external company. AWS handles your information as described in the AWS Privacy Notice. AWS will own the data gathered via this survey and will not share the information collected with survey respondents.)

from AWS News Blog https://ift.tt/n1wPod2
via IFTTT