No content

POWERING HYPERGROWTH FOR SAAS_

RE:INVENT RECAP_ Weds 8 December, 9.30am

MY PICKS_ Cost savings Security Operations Migrations Simplification Sustainability Other

I’D LIKE TO SAVE SOME MONEY_

NEW EC2 INSTANCES_ EC2 M1 Mac Im4gn and Is4gen (Graviton 2, high random I/O access to large data) C7g (Graviton 3, compute intensive) G5g (Graviton 2 + NVIDIA T4G Tensor Core GPU) M6a (AMD, general purpose) R6i (Intel Ice Lake, memory intensive) M6i, C6i (Ice Lake, bare metal) Trn1 (Trainium)

GRAVITON 3_ ARM Neoverse core 25% more compute performance 2x floating point & cryptographic performance bfloat16 support for 3x better ML performance 60% less energy use than comparable x86 instances Pointer authentication

DATA PRICE REDUCTION_ AWS Regions -> Internet: Free for up to 100GB per mo (prev. 1GB) From Amazon CloudFront: Free for up to 1TB/mo (up from 50GB) No longer limited to first 12 mo Free HTTP & HTTPS requests raised from 2M to 10M Removed 12 mo limit on 2M free CloudFront Function invocations

S3 PRICE REDUCTION_ S3 (up to) 31% Standard-Infrequent Access One Zone-Infrequent Access S3 Glacier 10% Flexible Retrieval

S3 INTELLIGENT TIERING_ Monitors your data access patterns Moves data to new tiers: 30 days: Infrequent Access 90 days: Archive Instant Access Up to 68% savings

DYNAMODB STANDARD-IA_ Standard-Infrequent Access table class Cost reductions of up to 60%

I’D LIKE TO GET MORE SECURE_

AMAZON INSPECTOR v2_ Continual scans Automated EC2 and ECR discovery Integrations: AWS Organizations AWS Security Hub Amazon EventBridge Data from Snyk Security Intelligence

S3 SECURITY_ “Bucket owner enforced” Disables object ACLs (Superseded by IAM policies)

ECR PULL-THROUGH CACHE_ Sync images from publicly accessible registries Improve performance and security Use Image Scanning (from Snyk)

CONTROL TOWER_ Specify which regions your customer data is stored/processed in 17 new Data Residency Guardrails • Deny access to AWS based on the requested AWS Region • Disallow internet access for an Amazon VPC instance managed by a customer • Disallow Amazon Virtual Private Network (VPN) connections • Disallow cross-region networking for Amazon EC2, Amazon CloudFront, and AWS Global Accelerator • Detect whether public IP addresses for Amazon EC2 autoscaling are enabled through launch con fi gurations • Detect whether replication instances for AWS Database Migration Service are public • Detect whether Amazon EBS snapshots are restorable by all AWS accounts • Detect whether any Amazon EC2 instance has an associated public IPv4 address • Detect whether Amazon S3 settings to block public access are set as true for the account • Detects whether an Amazon EKS endpoint is blocked from public access • Detect whether an Amazon OpenSearch Service domain is in Amazon VPC • Detect whether any Amazon EMR cluster master nodes have public IP addresses • Detect whether the AWS Lambda function policy attached to the Lambda resource blocks public access • Detect whether public routes exist in the route table for an Internet Gateway (IGW) • Detect whether Amazon Redshift clusters are blocked from public access • Detect whether an Amazon SageMaker notebook instance allows direct internet access • Detect whether any Amazon VPC subnets are assigned a public IP address • Detect whether AWS Systems Manager documents owned by the account are public •

B2B SAAS FOUNDATIONS ON AWS_ Workload isolation AWS Account management Centralised Billing Centralised Audit Logging Threat Detection & Alerting Security Guardrails Account Factory for Terraform (AFT) just launched

NETWORK ACCESS ANALYZER_ Uses automated reasoning Use pre-prepared scopes or write your own Eg. “Identify ingress paths into your VPCs from Internet Gateways, Peering Connections, VPC Service Endpoints, VPN and Transit Gateways.” Examine findings

I’D LIKE TO IMPROVE OPERATIONS_

EBS SNAPSHOTS RECYCLE BIN_ Recover from accidental snapshot deletion Enable for all snapshots or a subset

AWS BACKUP FOR S3_ Create a backup policy Assign buckets by ID or tag Create periodic snapshots and continuous backups Single click point in time restore Track compliance in dashboard Use AWS Backup Vault Lock to prevent deletion

PREDICTIVE AUTOSCALING_ Use custom CloudWatch metrics

I’D LIKE TO MIGRATE_

DATABASE MIGRATION_ AWS DMS Studio: AWS DMS Fleet Advisor AWS Schema Conversion Tool AWS DMS New sources: Azure SQL Managed instance Google Cloud SQL

MAINFRAME MODERNIZATION_ Replatforming Automated refactoring

I’D LIKE TO SIMPLIFY MY LIFE_

SERVERLESS SERVICES_ Amazon EMR Serverless Amazon MSK Serverless Amazon Redshift Serverless Amazon Kinesis Data Streams On-Demand

AMAZON RDS CUSTOM_ Oracle or SQL Server Deployment and management automation Access to underlying OS and database service

AWS CDK v2_ Simplified packaging Semantic versioning of APIs Improved docs Reduced deployment time Assertions library for unit tests

I’D LIKE TO BE MORE SUSTAINABLE_

AWS WELL-ARCHITECTED_ New sustainability lens

SUSTAINABILITY REPORTING_ AWS Customer Carbon Footprint Tool Shows emissions by region Emissions by service Shows how AWS’ investment in sustainability will impact these stats over time

I’D LIKE TO HAVE A WILDCARD CATEGORY_

S3 NOTIFICATIONS FOR EVENTBRIDGE_ Receive notifications when S3 events happen Build serverless applications more easily

AMAZON FSx FOR OPENZFS_ Quickly create ZFS filesystems Access over NFS - both in AWS and on-prem 1M IOPS Latencies of 100-200ms 4 GB/s uncompressed throughput 12 GB/s compressed throughput

AMAZON CLOUD WAN_ Global software defined WAN Define network segments and propagate them globally Connect VPCs across multiple regions Replace or augment existing network with AWS’ backbone Complements Direct Connect and Transit Gateway

AWS PRIVATE 5G_ Service and hardware managed by AWS Provisions 5G mobile networks in your facility Supports 4G/LTE too Pay for capacity and throughput

AWS PARTNERSHIP_ New “partner paths” Building SaaS on AWS? Partnership might be interesting

AWS GAMEDAY_ Microservices Energy Efficiency Security Financial Services

KEEP IN TOUCH_ http:/ /www.scalefactory.com/ @scalefactory jon@scalefactory.com