Amazon Web Services (AWS) kicked off its annual re:Invent conference on Wednesday with the introduction of a handful of new additions to its cloud computing service.

The rollout includes a tool to test apps for security flaws, plus a business intelligence (BI) service, and a new way to physically toss data into Amazon's cloud.

For applications running on AWS, a new Amazon Inspector utility will try to uncover potential security bugs and misconfigurations in virtual machines. The internet giant hopes the tool will help its customers find weak points in their software and data-protection compliance issues before hackers and auditors do.

Inspector monitors EC2 instances' "network, file system, and process activity," to identify exploitable blunders.

"It also collects other information including details of communication with AWS services, use of secure channels, network traffic between instances, and so forth. This information provides Inspector with a complete picture of the application and its potential security or compliance issues," Amazon noted.

Amazon said the early release of Inspector will include a PCI DSS 3.0 compliance assessor as well as tests for common vulnerabilities, and a set of best practice checks for network security, authentication, application security, and operating system security. The service is not available to all customers just yet, we're told, but will be.

Bulk transfers

AWS users have a couple of new ways to upload and download data stored in Jeff Bezos's cloud. Dubbed "Snowball" and "Firehose," the two tools are aimed at migrating large stores of data.

Snowball is a physical box (pictured above) you can order from Amazon that can hold up to 50TB of data encrypted using AES-256. When you get it, you copy your data to the appliance via Ethernet, and ship the box back to an AWS data center, where the data is transferred into your AWS account, and the appliance wiped. The encryption is in place just in case the box is nicked during transit; the decryption key is uploaded separately.

Amazon believes that by simply shipping appliances to customers to load up themselves, it can eliminate the need to spend hundreds of hours trying to siphon the data via an internet connection. This is similar the Import/Export service Amazon introduced in 2009, in which customers posted physical drives of information to the cloud goliath.

For customers looking to migrate a smaller store of data into AWS, Amazon is pitching the Database Migration Service. This pay-by-the-hour service is for organizations running on-premises Oracle, SQL Server, MySQL, and PostgreSQL databases that wish to shift records and tables into AWS.

Firehose, meanwhile, will provide a way for customers running the Amazon Kinesis service to transfer their massive streams of incoming data into Amazon S3 or Redshift storage buckets.

Solving a problem like MariaDB

For those looking to run MariaDB deployment, Amazon has built support for the database platform into its RDS offering. Customers will be able to set up and launch MariaDB instances through the Amazon Management Console and scale the databases up to 6TB and 30,000 IOPS.

Signs of intelligence

Additionally, Amazon is posting a business intelligence service offering for AWS customers. For a monthly charge of $9.99 per user, AWS QuickSight will allow companies to crunch data from AWS services using its SPICE in-memory calculation tool. The service will aim to cut down on the time needed to run calculations in AWS data sets.

Obey the rules

Amazon will also add a new Rules function to its Config feature: these will allow administrators to enforce particular security requirements when launching or configuring new instances.

"Rules can be targeted at specific resources (by id), specific types of resources, or at resources tagged in a particular way," explained AWS evangelist Jeff Barr.

"Rules are run when those resources are created or changed, and can also be evaluated on a periodic basis (hourly, daily, and so forth)."

Finally, Amazon said it would be tying up with Accenture on a business initiative to train Accenture consultants on helping companies migrate their databases into AWS. The multi-year program aims to train 1,000 Accenture employees and certify another 500 on using AWS.

Accenture rolled out a similar deal with Oracle earlier this year. ®