Slide 1

Slide 1 text

No content

Slide 2

Slide 2 text

POWERING HYPERGROWTH FOR SAAS_

Slide 3

Slide 3 text

RE:INVENT RECAP_ Weds 8 December, 9.30am

Slide 4

Slide 4 text

MY PICKS_ Cost savings Security Operations Migrations Simplification Sustainability Other

Slide 5

Slide 5 text

I’D LIKE TO SAVE SOME MONEY_

Slide 6

Slide 6 text

NEW EC2 INSTANCES_ EC2 M1 Mac Im4gn and Is4gen (Graviton 2, high random I/O access to large data) C7g (Graviton 3, compute intensive) G5g (Graviton 2 + NVIDIA T4G Tensor Core GPU) M6a (AMD, general purpose) R6i (Intel Ice Lake, memory intensive) M6i, C6i (Ice Lake, bare metal) Trn1 (Trainium)

Slide 7

Slide 7 text

GRAVITON 3_ ARM Neoverse core 25% more compute performance 2x floating point & cryptographic performance bfloat16 support for 3x better ML performance 60% less energy use than comparable x86 instances Pointer authentication

Slide 8

Slide 8 text

DATA PRICE REDUCTION_ AWS Regions -> Internet: Free for up to 100GB per mo (prev. 1GB) From Amazon CloudFront: Free for up to 1TB/mo (up from 50GB) No longer limited to first 12 mo Free HTTP & HTTPS requests raised from 2M to 10M Removed 12 mo limit on 2M free CloudFront Function invocations

Slide 9

Slide 9 text

S3 PRICE REDUCTION_ S3 (up to) 31% Standard-Infrequent Access One Zone-Infrequent Access S3 Glacier 10% Flexible Retrieval

Slide 10

Slide 10 text

S3 INTELLIGENT TIERING_ Monitors your data access patterns Moves data to new tiers: 30 days: Infrequent Access 90 days: Archive Instant Access Up to 68% savings

Slide 11

Slide 11 text

DYNAMODB STANDARD-IA_ Standard-Infrequent Access table class Cost reductions of up to 60%

Slide 12

Slide 12 text

I’D LIKE TO GET MORE SECURE_

Slide 13

Slide 13 text

AMAZON INSPECTOR v2_ Continual scans Automated EC2 and ECR discovery Integrations: AWS Organizations AWS Security Hub Amazon EventBridge Data from Snyk Security Intelligence

Slide 14

Slide 14 text

S3 SECURITY_ “Bucket owner enforced” Disables object ACLs (Superseded by IAM policies)

Slide 15

Slide 15 text

ECR PULL-THROUGH CACHE_ Sync images from publicly accessible registries Improve performance and security Use Image Scanning (from Snyk)

Slide 16

Slide 16 text

CONTROL TOWER_ Specify which regions your customer data is stored/processed in 17 new Data Residency Guardrails • Deny access to AWS based on the requested AWS Region • Disallow internet access for an Amazon VPC instance managed by a customer • Disallow Amazon Virtual Private Network (VPN) connections • Disallow cross-region networking for Amazon EC2, Amazon CloudFront, and AWS Global Accelerator • Detect whether public IP addresses for Amazon EC2 autoscaling are enabled through launch con fi gurations • Detect whether replication instances for AWS Database Migration Service are public • Detect whether Amazon EBS snapshots are restorable by all AWS accounts • Detect whether any Amazon EC2 instance has an associated public IPv4 address • Detect whether Amazon S3 settings to block public access are set as true for the account • Detects whether an Amazon EKS endpoint is blocked from public access • Detect whether an Amazon OpenSearch Service domain is in Amazon VPC • Detect whether any Amazon EMR cluster master nodes have public IP addresses • Detect whether the AWS Lambda function policy attached to the Lambda resource blocks public access • Detect whether public routes exist in the route table for an Internet Gateway (IGW) • Detect whether Amazon Redshift clusters are blocked from public access • Detect whether an Amazon SageMaker notebook instance allows direct internet access • Detect whether any Amazon VPC subnets are assigned a public IP address • Detect whether AWS Systems Manager documents owned by the account are public •

Slide 17

Slide 17 text

B2B SAAS FOUNDATIONS ON AWS_ Workload isolation AWS Account management Centralised Billing Centralised Audit Logging Threat Detection & Alerting Security Guardrails Account Factory for Terraform (AFT) just launched

Slide 18

Slide 18 text

NETWORK ACCESS ANALYZER_ Uses automated reasoning Use pre-prepared scopes or write your own Eg. “Identify ingress paths into your VPCs from Internet Gateways, Peering Connections, VPC Service Endpoints, VPN and Transit Gateways.” Examine findings

Slide 19

Slide 19 text

I’D LIKE TO IMPROVE OPERATIONS_

Slide 20

Slide 20 text

EBS SNAPSHOTS RECYCLE BIN_ Recover from accidental snapshot deletion Enable for all snapshots or a subset

Slide 21

Slide 21 text

AWS BACKUP FOR S3_ Create a backup policy Assign buckets by ID or tag Create periodic snapshots and continuous backups Single click point in time restore Track compliance in dashboard Use AWS Backup Vault Lock to prevent deletion

Slide 22

Slide 22 text

PREDICTIVE AUTOSCALING_ Use custom CloudWatch metrics

Slide 23

Slide 23 text

I’D LIKE TO MIGRATE_

Slide 24

Slide 24 text

DATABASE MIGRATION_ AWS DMS Studio: AWS DMS Fleet Advisor AWS Schema Conversion Tool AWS DMS New sources: Azure SQL Managed instance Google Cloud SQL

Slide 25

Slide 25 text

MAINFRAME MODERNIZATION_ Replatforming Automated refactoring

Slide 26

Slide 26 text

I’D LIKE TO SIMPLIFY MY LIFE_

Slide 27

Slide 27 text

SERVERLESS SERVICES_ Amazon EMR Serverless Amazon MSK Serverless Amazon Redshift Serverless Amazon Kinesis Data Streams On-Demand

Slide 28

Slide 28 text

AMAZON RDS CUSTOM_ Oracle or SQL Server Deployment and management automation Access to underlying OS and database service

Slide 29

Slide 29 text

AWS CDK v2_ Simplified packaging Semantic versioning of APIs Improved docs Reduced deployment time Assertions library for unit tests

Slide 30

Slide 30 text

I’D LIKE TO BE MORE SUSTAINABLE_

Slide 31

Slide 31 text

AWS WELL-ARCHITECTED_ New sustainability lens

Slide 32

Slide 32 text

SUSTAINABILITY REPORTING_ AWS Customer Carbon Footprint Tool Shows emissions by region Emissions by service Shows how AWS’ investment in sustainability will impact these stats over time

Slide 33

Slide 33 text

I’D LIKE TO HAVE A WILDCARD CATEGORY_

Slide 34

Slide 34 text

S3 NOTIFICATIONS FOR EVENTBRIDGE_ Receive notifications when S3 events happen Build serverless applications more easily

Slide 35

Slide 35 text

AMAZON FSx FOR OPENZFS_ Quickly create ZFS filesystems Access over NFS - both in AWS and on-prem 1M IOPS Latencies of 100-200ms 4 GB/s uncompressed throughput 12 GB/s compressed throughput

Slide 36

Slide 36 text

AMAZON CLOUD WAN_ Global software defined WAN Define network segments and propagate them globally Connect VPCs across multiple regions Replace or augment existing network with AWS’ backbone Complements Direct Connect and Transit Gateway

Slide 37

Slide 37 text

AWS PRIVATE 5G_ Service and hardware managed by AWS Provisions 5G mobile networks in your facility Supports 4G/LTE too Pay for capacity and throughput

Slide 38

Slide 38 text

AWS PARTNERSHIP_ New “partner paths” Building SaaS on AWS? Partnership might be interesting

Slide 39

Slide 39 text

AWS GAMEDAY_ Microservices Energy Efficiency Security Financial Services

Slide 40

Slide 40 text

KEEP IN TOUCH_ http:/ /www.scalefactory.com/ @scalefactory [email protected]