Upgrade to Pro — share decks privately, control downloads, hide ads and more …

re:Invent 2021 re:cap

re:Invent 2021 re:cap

A few of Jon Topper's picks from the announcements at 2021's AWS re:Invent

The Scale Factory

December 08, 2021
Tweet

More Decks by The Scale Factory

Other Decks in Technology

Transcript

  1. None
  2. POWERING HYPERGROWTH FOR SAAS_

  3. RE:INVENT RECAP_ Weds 8 December, 9.30am

  4. MY PICKS_ Cost savings Security Operations Migrations Simplification Sustainability Other

  5. I’D LIKE TO SAVE SOME MONEY_

  6. NEW EC2 INSTANCES_ EC2 M1 Mac Im4gn and Is4gen (Graviton

    2, high random I/O access to large data) C7g (Graviton 3, compute intensive) G5g (Graviton 2 + NVIDIA T4G Tensor Core GPU) M6a (AMD, general purpose) R6i (Intel Ice Lake, memory intensive) M6i, C6i (Ice Lake, bare metal) Trn1 (Trainium)
  7. GRAVITON 3_ ARM Neoverse core 25% more compute performance 2x

    floating point & cryptographic performance bfloat16 support for 3x better ML performance 60% less energy use than comparable x86 instances Pointer authentication
  8. DATA PRICE REDUCTION_ AWS Regions -> Internet: Free for up

    to 100GB per mo (prev. 1GB) From Amazon CloudFront: Free for up to 1TB/mo (up from 50GB) No longer limited to first 12 mo Free HTTP & HTTPS requests raised from 2M to 10M Removed 12 mo limit on 2M free CloudFront Function invocations
  9. S3 PRICE REDUCTION_ S3 (up to) 31% Standard-Infrequent Access One

    Zone-Infrequent Access S3 Glacier 10% Flexible Retrieval
  10. S3 INTELLIGENT TIERING_ Monitors your data access patterns Moves data

    to new tiers: 30 days: Infrequent Access 90 days: Archive Instant Access Up to 68% savings
  11. DYNAMODB STANDARD-IA_ Standard-Infrequent Access table class Cost reductions of up

    to 60%
  12. I’D LIKE TO GET MORE SECURE_

  13. AMAZON INSPECTOR v2_ Continual scans Automated EC2 and ECR discovery

    Integrations: AWS Organizations AWS Security Hub Amazon EventBridge Data from Snyk Security Intelligence
  14. S3 SECURITY_ “Bucket owner enforced” Disables object ACLs (Superseded by

    IAM policies)
  15. ECR PULL-THROUGH CACHE_ Sync images from publicly accessible registries Improve

    performance and security Use Image Scanning (from Snyk)
  16. CONTROL TOWER_ Specify which regions your customer data is stored/processed

    in 17 new Data Residency Guardrails • Deny access to AWS based on the requested AWS Region • Disallow internet access for an Amazon VPC instance managed by a customer • Disallow Amazon Virtual Private Network (VPN) connections • Disallow cross-region networking for Amazon EC2, Amazon CloudFront, and AWS Global Accelerator • Detect whether public IP addresses for Amazon EC2 autoscaling are enabled through launch con fi gurations • Detect whether replication instances for AWS Database Migration Service are public • Detect whether Amazon EBS snapshots are restorable by all AWS accounts • Detect whether any Amazon EC2 instance has an associated public IPv4 address • Detect whether Amazon S3 settings to block public access are set as true for the account • Detects whether an Amazon EKS endpoint is blocked from public access • Detect whether an Amazon OpenSearch Service domain is in Amazon VPC • Detect whether any Amazon EMR cluster master nodes have public IP addresses • Detect whether the AWS Lambda function policy attached to the Lambda resource blocks public access • Detect whether public routes exist in the route table for an Internet Gateway (IGW) • Detect whether Amazon Redshift clusters are blocked from public access • Detect whether an Amazon SageMaker notebook instance allows direct internet access • Detect whether any Amazon VPC subnets are assigned a public IP address • Detect whether AWS Systems Manager documents owned by the account are public •
  17. B2B SAAS FOUNDATIONS ON AWS_ Workload isolation AWS Account management

    Centralised Billing Centralised Audit Logging Threat Detection & Alerting Security Guardrails Account Factory for Terraform (AFT) just launched
  18. NETWORK ACCESS ANALYZER_ Uses automated reasoning Use pre-prepared scopes or

    write your own Eg. “Identify ingress paths into your VPCs from Internet Gateways, Peering Connections, VPC Service Endpoints, VPN and Transit Gateways.” Examine findings
  19. I’D LIKE TO IMPROVE OPERATIONS_

  20. EBS SNAPSHOTS RECYCLE BIN_ Recover from accidental snapshot deletion Enable

    for all snapshots or a subset
  21. AWS BACKUP FOR S3_ Create a backup policy Assign buckets

    by ID or tag Create periodic snapshots and continuous backups Single click point in time restore Track compliance in dashboard Use AWS Backup Vault Lock to prevent deletion
  22. PREDICTIVE AUTOSCALING_ Use custom CloudWatch metrics

  23. I’D LIKE TO MIGRATE_

  24. DATABASE MIGRATION_ AWS DMS Studio: AWS DMS Fleet Advisor AWS

    Schema Conversion Tool AWS DMS New sources: Azure SQL Managed instance Google Cloud SQL
  25. MAINFRAME MODERNIZATION_ Replatforming Automated refactoring

  26. I’D LIKE TO SIMPLIFY MY LIFE_

  27. SERVERLESS SERVICES_ Amazon EMR Serverless Amazon MSK Serverless Amazon Redshift

    Serverless Amazon Kinesis Data Streams On-Demand
  28. AMAZON RDS CUSTOM_ Oracle or SQL Server Deployment and management

    automation Access to underlying OS and database service
  29. AWS CDK v2_ Simplified packaging Semantic versioning of APIs Improved

    docs Reduced deployment time Assertions library for unit tests
  30. I’D LIKE TO BE MORE SUSTAINABLE_

  31. AWS WELL-ARCHITECTED_ New sustainability lens

  32. SUSTAINABILITY REPORTING_ AWS Customer Carbon Footprint Tool Shows emissions by

    region Emissions by service Shows how AWS’ investment in sustainability will impact these stats over time
  33. I’D LIKE TO HAVE A WILDCARD CATEGORY_

  34. S3 NOTIFICATIONS FOR EVENTBRIDGE_ Receive notifications when S3 events happen

    Build serverless applications more easily
  35. AMAZON FSx FOR OPENZFS_ Quickly create ZFS filesystems Access over

    NFS - both in AWS and on-prem 1M IOPS Latencies of 100-200ms 4 GB/s uncompressed throughput 12 GB/s compressed throughput
  36. AMAZON CLOUD WAN_ Global software defined WAN Define network segments

    and propagate them globally Connect VPCs across multiple regions Replace or augment existing network with AWS’ backbone Complements Direct Connect and Transit Gateway
  37. AWS PRIVATE 5G_ Service and hardware managed by AWS Provisions

    5G mobile networks in your facility Supports 4G/LTE too Pay for capacity and throughput
  38. AWS PARTNERSHIP_ New “partner paths” Building SaaS on AWS? Partnership

    might be interesting
  39. AWS GAMEDAY_ Microservices Energy Efficiency Security Financial Services

  40. KEEP IN TOUCH_ http:/ /www.scalefactory.com/ @scalefactory [email protected]