If you were at Amazon Web Services Re:Invent this year—or watching the news from your office —it is clear that there has never been a better time to be an AWS customer.
Yet again, new AWS services launched that have the potential to disrupt entire tech verticals and change the way we think about things like databases and data transfer. Logicworks had over a dozen senior engineers at the event and needless to say, they are extremely excited to share new services with our clients.
While AWS IoT was probably the “hottest” announcement, there were several other updates for services that will significantly impact any automated AWS environment. We will be taking advantage of these four new services right away:
AWS Lambda (Update)
Last week’s Re:Invent keynotes made one thing very clear: AWS wants to make it easier than ever for enterprises to move to the cloud. That includes enabling development teams to launch and run code on AWS without having to think about AWS resources at all. As Werner Vogels said at the Re:Invent keynote, “No server is easier to manage than no server.”
AWS Lambda, announced in November 2014, is a service that allows you to run your code without managing instances or networks. The updates announced at this year’s Re:Invent include scheduled jobs, longer function duration (5 minutes), Python support, and function versioning. AWS Lambda scales by running many instances of your function in parallel, and can be used to run everything from background workers to full web apps. You can think of this as one level of abstraction higher than containers:
As an example, most of our current clients have AWS CloudTrail configured to track history for compliance. Currently, we have instances that run scheduled jobs to configure CloudTrail — but we need to maintain those instances, make sure they are backed up, configure auto scaling, etc. All of this administrative overhead is required to run servers to do this work. Instead, now we will set that up as a scheduled Lambda job that runs every hour, scans across our client base, and ensures that CloudTrail is configured on all instances with a certain tag.
We are in the midst of a total sea-change in the definition of infrastructure management, and AWS Lambda is one step towards a serverless IT world. In the long run, this means we have the ability to more quickly introduce improvements across clients because we do not have to worry about managing infrastructure for these background jobs.
AWS Snowball (New Service)
AWS continues to improve the ease of data transfer onto its platform with the announcement of its new import service, AWS Snowball. Despite its somewhat playful name, Snowball is a serious offering. The new physical appliance that will allow users to ship up to 50TB of data at a time to AWS S3 for just $200.
This service is a clear answer to traditional offsite backup problems and stands in direct competition with traditional data management and offsite tape vaulting providers. Copying a dataset of more than 50TB to S3 over your network is costly and potentially time-consuming. With end-to-end trackability via API calls, complete accountability for data, zero data transfer costs into S3, and at a fraction of the cost of traditional providers, we have no doubt that Snowball will be a popular solution for enterprise clients.
With this new service, AWS is targeting any areas of friction in cloud adoption and pricing aggressively to make migration easy. Data transfer should no longer be a barrier for AWS adoption.
AWS Config Rules (New Service)
AWS Config is a service that provides resource inventory and configuration history for compliance, and the new Config Rules service takes this one step further by continuously evaluating configuration against a set of custom or pre-built rules. For instance, AWS has pre-built a set of AWS Config Rules for PCI DSS compliance, and a dashboard will highlight any resource that does not meet the desired Configuration Item (CI) attribute values.
Going forward, Config Rules allows us to enforce some of the design decisions that we made on Day 1. Rather than just having a document that defines an environment’s best practices, you have a living monitoring dashboard service to “put some teeth” in your prescriptive documentation.
AWS Inspector (New Service)
Like AWS Config, AWS Inspector provides insight into security and compliance vulnerabilities — but on the application level. Inspector identifies deviations from security best practices that are continually updated from the AWS security organization as well as define custom standards. From now on, we will bake in AWS Inspector into our common build set, so our clients can reduce the risk of introducing security issues during development.
Both AWS Inspector and Config Rules provide built-in security automation to enterprise environments. Again, this is a sign of the changing definition of infrastructure management: As systems evolve, security automation not only eliminates the risk of human error, but also significantly improve your ability to guarantee the maintenance of security policies throughout the lifecycle of the infrastructure. Manual work is always risk, but manual security work exposes enterprises to huge financial and regulatory dangers. Security automation will be the way forward.
What services stood out for you at Re:Invent 2015? We would love to hear your thoughts in comments (below) or at Logicworks.
by Jason McKay
SVP and CTO, Logicworks