List of features I'd love to see come to AWS. For the most part improved security, performance, feature parity with other services and data centres. If you work at AWS and would like to discuss some of these items, you can find me on the AWS Developers
Slack Workspace. I'm known for maintaining Middy, the NodeJS AWS Lambda middleware framework.
- Support storing ECDSA (P-384, P-521) certificates
- Support creating root and intermediate ECDSA certificates (https://letsencrypt.org/upcoming-features/#ecdsa-root-and-intermediates)
- Response Header Policy (easier to meet security best practice and reduce header size):
- Unable to set headers to blank (ie
Server
,X-Powered-By
) Content-Security-Policy
incorrectly applies to non-html- Add support for
Permissions-Policy
, apply to html and js files only - Add support to
Report-To
, apply to html files only - Maybe there needs to be an option to set the mime types a header should be applied to
- Unable to set headers to blank (ie
- Protocol Feature Parity w/ CloudFlare
- HTTP/2 PUSH (https://www.linkedin.com/pulse/dear-cloudfront-wheres-server-push-0-rtt-http3-almost-agarwalla/?articleId=6662735421019160577)
- HTTP/2 0-RTT
- HTTP/3
- Support filters or regexes for branch names. Currently only static and known before-hand branch names have a 1-to-1 relationship with CodeBuild/CodePipeline per static branch name.
FIPS 140 (https://aws.amazon.com/compliance/fips/)
- Support on ecr, ecs, iam, lambda, ses/email, sns, sqs, ssm, states, xray, etc in
ca-*
(feature parity tous-*
) - Plans to update to FIPS 140-3 (https://www.encryptionconsulting.com/knowing-the-new-fips-140-3/)
- NodeJS v18 runtime (aws/aws-lambda-base-images#47)
- arm64 support in
ca-*
(feature parity tous-*
) - NodeJS ESM runtime unable to access runtime or layer node_modules (Regession?)
- Unable to use X-Ray SDK with NodeJS ESM runtimes (aws/aws-xray-sdk-node#482)
- Inclusion of aws-sdk-v3-js in runtime or layer (aws/aws-sdk-js-v3#2149)
- All services support TLS v1.3 (https://docs.aws.amazon.com/sdk-for-javascript/v3/developer-guide/enforcing-tls.html)
- Support Server-Sent Events (SSE) (https://germano.dev/sse-websockets/#sse)
- Support for stream responses (middyjs/middy#678)
- arm64 support in
ca-*
(feature parity tous-*
) - Fargate tasks without a VPC, or lambda without time restriction
- Fargate tasks have 30s cold start time when being run as a task
- Cheaper / Smaller NAT Gateway, or serverless option
- Cheaper VPC Endpoints, or serverless option
- Aurora Serverless v2
- Data API Missing, support for
COPY TO/FROM
(https://www.lastweekinaws.com/blog/the-aurora-serverless-road-not-taken/) - Should scale down to zero ACUs (https://www.lastweekinaws.com/blog/the-aurora-serverless-road-not-taken/)
- Postgres v14 (feature parity with RDS)
- Data API Missing, support for
- Support for Postgres TimescaleDB extension (timescale/timescaledb#65)
- Cheaper RDS Proxy, or serverless option
- Support event sources (CloudFront, APIG HTTP, cloudwatch, s3, sns, console)
- Support for x-ray on CloudFront + WAF + lambda@edge
- Be able to measure during cold start (queue and connect to first request ID?)
- Be able to see longer time period (24-36h)
- Update
CIS AWS Foundations Benchmark
to v1.4.0 (https://docs.aws.amazon.com/config/latest/developerguide/operational-best-practices-for-cis_aws_benchmark_level_2.html) - Show enabled integrations in Security standards list for easy filtering and viewing (i.e. Prowler)
- Step Function Execution event history links back to specific log, not just log group for lambda and ECS
- X-Ray Traces link back to specific log for lambda and ECS
- Allow easy filtering for logs using Request Id
- CO2 Impact:
- Have
ca-central-1
&ca-west-1
classified as a green data centres - More granular details - by service
- Toggle egress estimate? CloudFront to IP transfer
- IPFS serverless service (Save files to s3, serverless node, serverless http gateway)