re:Invent 2021 re:cap

Transcript

1. View Slide

2. POWERING
   
   
   HYPERGROWTH
   
   
   FOR SAAS_
   

   View Slide

3. RE:INVENT
   
   
   RECAP_
   Weds 8 December, 9.30am
   

   View Slide

4. MY
   
   
   PICKS_
   Cost savings
   
   
   Security
   
   
   Operations
   
   
   Migrations
   
   
   Simplification
   
   
   Sustainability
   
   
   Other
   

   View Slide

5. I’D LIKE TO
   
   
   SAVE SOME MONEY_
   

   View Slide

6. NEW EC2
   
   
   INSTANCES_
   EC2 M1 Mac
   
   
   Im4gn and Is4gen (Graviton 2, high random I/O
   access to large data)
   
   
   C7g (Graviton 3, compute intensive)
   
   
   G5g (Graviton 2 + NVIDIA T4G Tensor Core GPU)
   
   
   M6a (AMD, general purpose)
   
   
   R6i (Intel Ice Lake, memory intensive)
   
   
   M6i, C6i (Ice Lake, bare metal)
   
   
   Trn1 (Trainium)
   

   View Slide

7. GRAVITON
   
   
   3_
   ARM Neoverse core
   
   
   25% more compute performance
   
   
   2x floating point & cryptographic performance
   
   
   bfloat16 support for 3x better ML performance
   
   
   60% less energy use than comparable x86
   instances
   
   
   Pointer authentication
   

   View Slide

8. DATA PRICE
   
   
   REDUCTION_
   AWS Regions -> Internet:
   
   
   Free for up to 100GB per mo (prev. 1GB)
   
   
   From Amazon CloudFront:
   
   
   Free for up to 1TB/mo (up from 50GB)
   
   
   No longer limited to first 12 mo
   
   
   Free HTTP & HTTPS requests raised from 2M
   to 10M
   
   
   Removed 12 mo limit on 2M free CloudFront
   Function invocations
   

   View Slide

9. S3 PRICE
   
   
   REDUCTION_
   S3 (up to) 31%
   
   
   Standard-Infrequent Access
   
   
   One Zone-Infrequent Access
   
   
   S3 Glacier 10%
   
   
   Flexible Retrieval
   

   View Slide

10. S3 INTELLIGENT
    
    
    TIERING_
    Monitors your data access patterns
    
    
    Moves data to new tiers:
    
    
    30 days: Infrequent Access
    
    
    90 days: Archive Instant Access
    
    
    Up to 68% savings
    

    View Slide

11. DYNAMODB
    
    
    STANDARD-IA_
    Standard-Infrequent Access table class
    
    
    Cost reductions of up to 60%
    

    View Slide

12. I’D LIKE TO
    
    
    GET MORE SECURE_
    

    View Slide

13. AMAZON
    
    
    INSPECTOR v2_
    Continual scans
    
    
    Automated EC2 and ECR discovery
    
    
    Integrations:
    
    
    AWS Organizations
    
    
    AWS Security Hub
    
    
    Amazon EventBridge
    
    
    Data from Snyk Security Intelligence
    
    
    

    View Slide

14. S3
    
    
    SECURITY_
    “Bucket owner enforced”
    
    
    Disables object ACLs
    
    
    (Superseded by IAM policies)
    

    View Slide

15. ECR PULL-THROUGH
    
    
    CACHE_
    Sync images from publicly accessible
    registries
    
    
    Improve performance and security
    
    
    Use Image Scanning (from Snyk)
    

    View Slide

16. CONTROL
    
    
    TOWER_
    Specify which regions your customer data is
    stored/processed in
    
    
    17 new Data Residency Guardrails
    
    
    • Deny access to AWS based on the requested AWS Region
    • Disallow internet access for an Amazon VPC instance managed by a customer
    • Disallow Amazon Virtual Private Network (VPN) connections
    • Disallow cross-region networking for Amazon EC2, Amazon CloudFront, and AWS Global
    Accelerator
    • Detect whether public IP addresses for Amazon EC2 autoscaling are enabled through
    launch con
    fi
    gurations
    • Detect whether replication instances for AWS Database Migration Service are public
    • Detect whether Amazon EBS snapshots are restorable by all AWS accounts
    • Detect whether any Amazon EC2 instance has an associated public IPv4 address
    • Detect whether Amazon S3 settings to block public access are set as true for the account
    • Detects whether an Amazon EKS endpoint is blocked from public access
    • Detect whether an Amazon OpenSearch Service domain is in Amazon VPC
    • Detect whether any Amazon EMR cluster master nodes have public IP addresses
    • Detect whether the AWS Lambda function policy attached to the Lambda resource blocks
    public access
    • Detect whether public routes exist in the route table for an Internet Gateway (IGW)
    • Detect whether Amazon Redshift clusters are blocked from public access
    • Detect whether an Amazon SageMaker notebook instance allows direct internet access
    • Detect whether any Amazon VPC subnets are assigned a public IP address
    • Detect whether AWS Systems Manager documents owned by the account are public
    •
    

    View Slide

17. B2B SAAS
    
    
    FOUNDATIONS
    
    
    ON AWS_
    Workload isolation
    
    
    AWS Account management
    
    
    Centralised Billing
    
    
    Centralised Audit Logging
    
    
    Threat Detection & Alerting
    
    
    Security Guardrails
    Account Factory for Terraform (AFT) just launched
    

    View Slide

18. NETWORK
    
    
    ACCESS
    
    
    ANALYZER_
    Uses automated reasoning
    
    
    Use pre-prepared scopes or write your own
    
    
    Eg. “Identify ingress paths into your VPCs
    from Internet Gateways, Peering
    Connections, VPC Service Endpoints,
    VPN and Transit Gateways.”
    
    
    Examine findings
    

    View Slide

19. I’D LIKE TO
    
    
    IMPROVE OPERATIONS_
    

    View Slide

20. EBS SNAPSHOTS
    
    
    RECYCLE BIN_
    Recover from accidental snapshot
    deletion
    
    
    Enable for all snapshots or a subset
    

    View Slide

21. AWS BACKUP
    
    
    FOR S3_
    Create a backup policy
    
    
    Assign buckets by ID or tag
    
    
    Create periodic snapshots and
    continuous backups
    
    
    Single click point in time
    restore
    
    
    Track compliance in dashboard
    
    
    Use AWS Backup Vault Lock to
    prevent deletion
    

    View Slide

22. PREDICTIVE
    
    
    AUTOSCALING_ Use custom CloudWatch metrics
    

    View Slide

23. I’D LIKE TO
    
    
    MIGRATE_
    

    View Slide

24. DATABASE
    
    
    MIGRATION_
    AWS DMS Studio:
    
    
    AWS DMS Fleet Advisor
    
    
    AWS Schema Conversion Tool
    
    
    AWS DMS
    
    
    New sources:
    
    
    Azure SQL Managed instance
    
    
    Google Cloud SQL
    

    View Slide

25. MAINFRAME
    
    
    MODERNIZATION_
    Replatforming
    
    
    Automated refactoring
    

    View Slide

26. I’D LIKE TO
    
    
    SIMPLIFY MY LIFE_
    

    View Slide

27. SERVERLESS
    
    
    SERVICES_
    Amazon EMR Serverless
    
    
    Amazon MSK Serverless
    
    
    Amazon Redshift Serverless
    
    
    Amazon Kinesis Data Streams On-Demand
    

    View Slide

28. AMAZON
    
    
    RDS CUSTOM_ Oracle or SQL Server
    
    
    Deployment and management
    automation
    
    
    Access to underlying OS and
    database service
    

    View Slide

29. AWS
    
    
    CDK v2_
    Simplified packaging
    
    
    Semantic versioning of APIs
    
    
    Improved docs
    
    
    Reduced deployment time
    
    
    Assertions library for unit tests
    

    View Slide

30. I’D LIKE TO
    
    
    BE MORE SUSTAINABLE_
    

    View Slide

31. AWS
    
    
    WELL-ARCHITECTED_ New sustainability lens
    

    View Slide

32. SUSTAINABILITY
    
    
    REPORTING_ AWS Customer Carbon Footprint Tool
    
    
    Shows emissions by region
    
    
    Emissions by service
    
    
    Shows how AWS’ investment in
    sustainability will impact these stats over
    time
    

    View Slide

33. I’D LIKE TO
    
    
    HAVE A WILDCARD CATEGORY_
    

    View Slide

34. S3 NOTIFICATIONS
    
    
    FOR EVENTBRIDGE_
    Receive notifications when S3 events
    happen
    
    
    Build serverless applications more
    easily
    

    View Slide

35. AMAZON FSx
    
    
    FOR OPENZFS_
    Quickly create ZFS filesystems
    
    
    Access over NFS - both in AWS and
    on-prem
    
    
    1M IOPS
    
    
    Latencies of 100-200ms
    
    
    4 GB/s uncompressed throughput
    
    
    12 GB/s compressed throughput
    

    View Slide

36. AMAZON
    
    
    CLOUD WAN_
    Global software defined WAN
    
    
    Define network segments and propagate
    them globally
    
    
    Connect VPCs across multiple regions
    
    
    Replace or augment existing network with
    AWS’ backbone
    
    
    Complements Direct Connect and Transit
    Gateway
    

    View Slide

37. AWS
    
    
    PRIVATE 5G_
    Service and hardware managed by AWS
    
    
    Provisions 5G mobile networks in your
    facility
    
    
    Supports 4G/LTE too
    
    
    Pay for capacity and throughput
    

    View Slide

38. AWS
    
    
    PARTNERSHIP_
    New “partner paths”
    
    
    Building SaaS on AWS? Partnership
    might be interesting
    

    View Slide

39. AWS
    
    
    GAMEDAY_
    Microservices
    
    
    Energy Efficiency
    
    
    Security
    
    
    Financial Services
    

    View Slide

40. KEEP IN
    
    
    TOUCH_
    http:/
    /www.scalefactory.com/
    @scalefactory
    [email protected]
    

    View Slide