My Top Ten announcements at AWS re:Invent

…for public- and third-sector organisations

AWS re:Invent has been and gone for another year though, unfortunately, I wasn’t able to get there this year. As usual, the number of announcements was pretty mind blowing… see https://aws.amazon.com/new/reinvent/ for a good summary. 82 significant product announcements by my count (one is repeated in two categories). Matt Johnson of AWS, who gave an excellent re:Invent Roundup at our recent AWS Bath User Group, spoke for about 2 hours and still didn’t quite manage to cover everything.

Here’s a quick breakdown by category.

Note that these categories are how AWS is now grouping its services.

No surprise that Machine Learning tops the pile I guess — AWS have been banging the ‘democratisation of ML’ drum for some time now. But what this breakdown really highlights is the continuing breadth and depth of the AWS offer — AWS isn’t, and never has been, just “someone else’s datacentre”. (And the same is true for Azure, Google Cloud Platform and Alibaba of course).

So, out of these announcements, here’s my personal ‘top 10 things that I think public- and third-sector organisations should take a look at and/or start using’. I have to say, choosing a top 10 from this list is pretty tough so I have cheated slightly by separating out things that are still in preview.

Alright pop-pickers,, in no particular order…

AWS Step Functions + Workflow Automation

You can now use AWS Step Functions to automate workflows that start jobs on AWS Batch, Amazon Elastic Container Service (ECS), and AWS Fargate; store and retrieve data payloads on Amazon DynamoDB; and post messages to Amazon SNS and Amazon SQS. These new integrations make workflows faster to build, simpler to secure, and easier to monitor.

To be honest, I haven’t spent much time looking at AWS Step Functions but I think that needs to change. If automation is important to you, and it should be, AWS Step Functions need to be on the list of services you are interested in.

Amazon Managed Blockchain / Amazon Quantum Ledger Database

Half joking!

Amazon Quantum Ledger Database (QLDB) is a fully managed, purpose-built ledger database that provides an immutable and cryptographically verifiable history of all changes made to your application’s data.

Blockchain is interesting right, and I’ve been surprised that AWS has kept out of the blockchain space for so long, but we are a way off finding valid use-cases in my opinion. That said, Amazon Quantum Ledger Database (QLDB), which is built on top of it, provides a verifiable history of all changes made to your application’s data. I can see that this may be worth keeping an eye on.

On-Demand Hibernated

On-Demand Hibernated allows you to pause and resume your Amazon EC2 Instances. You can hibernate instances to maintain a fleet of pre-warmed instances with a memory footprint that can quickly get to a productive state.

Support for other operating systems is presumably coming.

AWS License Manager

AWS License Manager makes it easy to manage licenses from software vendors like Oracle, Microsoft, and SAP both on AWS and on premises. AWS License Manager helps administrators track, control and see all their licenses from a single dashboard and lets them create rules to prevent misuse.

If they’ve done it right, which I expect they have, this has the potential to seriously disrupt the established players in this market — Snow, I’m looking at you. It’ll be interesting to see how this develops.

DynamoDB On-Demand

A new billing option enabling customers to pay for only the resources they consume. The new billing option provides preconfigured throughput so workloads can ramp instantly from zero to thousands of requests per second making DynamoDB the first database to offer the combination of internet-scale performance and a fully managed experience with no capacity planning of servers, storage or throughput.

More pay-as-you-go goodness, removing the need to configure capacity in advance. This won’t be the right answer in all cases but it’s a useful addition to the toolkit.

Amazon CloudWatch Logs Insights

Amazon CloudWatch Logs Insights is a fully integrated, interactive, and pay-as-you-go log analytics service for CloudWatch. CloudWatch Logs Insights enables you to explore, analyze, and visualize your logs instantly allowing you to troubleshoot operational problems with ease.

Again, this will eat into the space currently occupied by various third-party marketplace vendors — I’m in two minds about that. But if you want to better understand what CloudWatch is telling you, this tool may be a good starting point.

AWS Well-Architected Tool

The AWS Well-Architected Tool helps you review your workloads and compares them to the latest AWS architectural best practices. The tool is based on the AWS Well-Architected Framework, which has been used in tens of thousands of workload reviews conducted by the AWS solution architecture team. The AWS Well-Architected tool provides architectural guidance across five conceptual pillars to help implement designs that scale with application needs over time.

The well-architected framework is a great starting point for designing and building robust, secure and well-managed solutions. This tool helps to put the power of that framework directly into your hands.

AWS Transfer for SFTP

AWS Transfer for SFTP provides a fully managed secure file transfer service that works with Amazon S3, eliminating the need for you to run SFTP infrastructure. It helps you seamlessly migrate file transfer workflows to AWS without disrupting your partners or customers client apps or processes by integrating with your existing Active Directory or LDAP authentication systems, if you want.

A fairly low-key announcement but one that will probably be useful to lots of people.

AWS Transit Gateway

AWS Transit Gateway easily scales your connectivity across thousands of Amazon VPCs, AWS accounts, and on-premises networks. AWS Transit Gateway acts as a hub that significantly simplifies management and reduces operational costs. Each network is simply connected to the AWS Transit Gateway and is then automatically available to every other network that is connected to the AWS Transit Gateway.

For those of you working with large numbers of accounts and VPCs this is probably one of the announcements with the most practical impact on how you design things day to day.

Amazon FSx for Windows File Server

Amazon FSx for Windows File Server provides a fully managed native Microsoft Windows file system that can be accessed from up to thousands of compute instances. Built on Windows Server and SSD storage, Amazon FSx provides Windows shared file storage with the compatibility, features, and performance that your Windows-based applications rely on, so you can easily move your Windows-based applications to AWS.

Essentially the Windows variant of EFS — think SMB rather than NFS — but (hopefully) without some of the weird performance issues.

Things in preview or coming soon

That’s my top ten. Clearly, there’s a whole bunch of other stuff as well. Here’s some of the things announced but not fully with us yet. Worth keeping an eye on…

AWS Lake Formation

Coming soon

AWS Lake Formation is a new service that will make it easy to set up a secure data lake in days — you will be able to ingest, catalog, clean, transform, and secure your data. AWS Lake Formation will make it easier to combine analytic tools, like Amazon EMR, Redshift, Athena, Sagemaker, and QuickSight around data in your data lake.

What do you do in a data lake? Fish for answers I guess.

AWS Outposts

Coming soon

AWS Outposts bring native AWS services, infrastructure, and operating models to virtually any data center, co-location space, or on-premises facility. With Outposts, you can use a single management plane for your entire enterprise IT environment and use the same automation, governance controls, policies, APIs, and developer tools to build and deploy modern cloud-native applications that can be deployed on-premises or in the cloud.

They told you AWS wasn’t in the business of on-premise solutions. They told you several times. Well, apparently, now they’ve changed their minds :-).

AWS Control Tower

Preview

AWS Control Tower is the easiest way to set up and govern a secure, compliant multi-account environment. Customers will be able to quickly set-up and configure their AWS environment with best practice blueprints, get on-going policy enforcement with guardrails, and view their dashboard for visibility into their AWS environment.

Definitely worth tracking if you are working in the public sector.

AWS Security Hub

Preview

AWS Security Hub gives you a comprehensive view of your high-priority security alerts and compliance status across AWS accounts by aggregating and prioritizing your security findings from multiple AWS and partner services. Using the interactive dashboards, you can continuously monitor your environment for potential issues, initiate actions to remedy those issues, and automate compliance checks to meet best practices and industry standards.

Ditto

Amazon S3 Glacier Deep Archive

Coming soon.

Amazon S3 Glacier Deep Archive is a new Amazon S3 storage class that provides secure, durable object storage for long-term data retention and digital preservation at costs that are the lowest of any AWS service. S3 Glacier Deep Archive is the ideal storage class for customers looking to make an archival, durable copy of data that rarely, if ever, needs to be accessed.

I think they are calling this the ‘tape killer’.

Amazon RDS on VMware

Preview

Amazon Relational Database Service (RDS) on VMware lets you deploy managed databases in on-premises and hybrid environments using the Amazon RDS technology enjoyed by hundreds of thousands of AWS customers. RDS on VMware makes it easy to set up, operate, and scale databases in VMware vSphere private data centers, or to migrate them to AWS.

I’m including this not because of this particular announcement but because I think that the whole VMware AWS relationship probably deserves moreconsideration. If you are an existing VMware customer (who isn’t?) then the various AWS VMware integrations probably make a strong contender for migrating services to the public cloud.

Things I want to play with

Finally, a couple of more personal recommendations.

Amazon Forecast

Preview

Based on the same technology used at Amazon.com, Amazon Forecast uses machine learning to combine time series data with additional variables to build highly-accurate forecasts. You don’t need any machine learning experience to get started with Amazon Forecast.

ML models as a Service, focused on processing any time series data.

Lambda Layers

AWS Lambda announces support for Lambda Layers, a simple way to manage common software and data across multiple functions. Previously, developers had to include all the software and data needed for their Lambda function such as application frameworks, SDKs, or machine learning models in a function’s deployment package. Now, customers can use Lambda Layers to centrally manage common software and data across multiple functions.

Summary

So there you have it. My summary of the key announcements from re:Invent 2018 if you work in the public- or third-sectors. Of course, you’ll probably disagree with all or most of my choices. After all, there’s so much to choose from. And, and this is the real kicker, there have already been a whole bunch of post-re:Invent announcements that I haven’t even considered. So, like any article on AWS, it’s already out of date.