AWS re:Invent re:Cap Pt. 3
Five years ago I attended the first ever AWS re:Invent conference, and this year, 2017 was the 6th conference. That year in his keynote, AWS CTO Werner Vogels introduced us to the notion of Modern Architecture. Modern Architecture concepts move IT management beyond the limitations that fixed storage and compute to a world of elastic compute, infinite storage and Infrastructure as code. He introduced a lot of new concepts in that first year that changed the way many of us have architected our applications since.
- Ephemeral application instances – Store nothing locally because instances in modern architectures do not live long lives and are not relied upon as the source of truth for infrastructure state.
- Decoupled application architectures – AWS introduced standard architectures that were more resilient because each application component operates independently, relying on SQS queues to provide execution assurance in the case that one of the components became unavailable. The application as a whole is more resilient.
- Autoscaling applications – On-demand compute that can scale to meet the required demand from user’s activities on the application, and can handle spikes in demand based on defined scaling metrics.
- Infinite, on-demand Storage – In 2010 I sat through a series of meetings over 2 weeks gathering expected storage requirements for 2011. Each of these meetings were an hour long and were attended by at least 10 people. This meeting lead our team to ultimately decided to double our storage footprint and in 2011 our business used approximately ¼ of that purchased storage. During that time, Processes changed, implementations shifted and the over provisioned storage was never used.
AWS S3 provides infinite, on-demand storage that meets the need of business without all the planning and over provisioning. This capability changes the way we manage IT requirements and reduces the resources required to perform that management.
Dr. Vogels’ message was clear: innovate at a lower cost without commitment of capital and gain resiliency, performance and availability at the same time.
At re:Invent 2017 Vogels again focused his keynote on innovation and modern architectures. In addition to this, his keynote inspired us to innovate the way we work with technology and the backend architectures that are required to support that innovation. AWS also announced some new features and services that will give us more options for designing and building our modern architectures.
- Inter-Region VPC Peering – This service allows us to connect resources over the network from one region to another without the requirement of a transit VPC (the transit VPC design can be seen here), and instead resources can connect over the AWS provided network from VPC to VPC across regions just as previously done with VPC Peering. This removes a lot of network management overhead and routing solutions previously required.
- AWS PrivateLink – PrivateLink is a B2B solution that connects Customer and Partner VPCs. It is similar to the concept of Direct Connect and allows the service provider to control which endpoints can connect to their resources. This service will simplify architectures involving multiple AWS accounts, and provide a means to perform secure B2B transactions without the need of complicated VPN network solutions.
- API Gateway Private VPC Integrations – A frustration with API Gateway has been that it only works as a Regional service available with a public internet endpoint. Among other concerns, this limitation meant that if I had 2 services that needed to communicate through gateway and both services were in the VPC, the call had to exit the VPC to the public endpoint and back. This limitation prevented some customers from adopting API Gateway. This limitation has now been removed and API Gateway can now terminate HTTPS endpoints inside the VPC.
- Amazon GuardDuty – Last year AWS announced AWS Inspector which automated the scan and audit of application vulnerabilities and application security best practices with a fully managed service. AWS wants the workloads we run in on the platform to be secure and to aid with that they introduced GuardDuty.
GuardDuty provides a managed Threat Detection Service that scans and monitors CloudTrail and VPC Flow Logs to identify threats. GuardDuty uses Machine Learning to identify when activity is not normal. Like when a group of IPs from an unusual geolocation starts send large volumes of traffic to your resources in AWS.
- Hibernation for Spot Instances – Spot instance workloads have always been a great way to manage cost of running batch processing jobs, but what happens when the spot market drives above your bid mid processing? One could write some spot monitoring mechanisms and spin up on-demand instances to finish the workload. However, some workloads have processes that once interrupted or terminated, lose state and must restart. Enter Hibernation for Spot Instances, now when the spot price is driven above your bid, the spot instance can be put into hibernation until the spot market falls below your bid and your instance picks up with state preserved.
- Amazon Time Sync Service – Time drift. Time drift has always been a problem for virtual infrastructure. The time is perfectly in sync when the instance starts, but 1 day later it believes the date to be some 2 days in the future or the time to be 12 hours off. NTP (Network Time Protocol) was developed to solve for these problems. Each machine checks in with the NTP server and synchronizes its local time with the NTP provided date/time. Until now, this is what infrastructure customers in AWS were responsible to provide. Amazon Time Sync Service will provide the NTP services to AWS infrastructure as a service, just simply configure NTPd or Chrony and all is done.
- Amazon ECS for Kubernetes (EKS) – Container Services Management is a hot topic all over IT as organizations try to architect to modern architecture designs while also stacking density in virtualization to gain ultimate cost efficiency. AWS previously released ECS (Elastic Container Service) which solved stacking containers for compute density, but not for deployment and management of container cluster environments. Kubernetes is the most popular of the Container management solutions, but Kubernetes is in itself a bit of a management challenge in and of itself.
EKS offers Kubernetes as a service. This PaaS offering will make it easy for us to deploy Kubernetes clusters, and as a fully managed service, EKS will make it easy to manage. As with any PaaS, there are tradeoffs. Kubernetes is a very flexible platform with many options for how to run everything from networking and load balancing, to deployments and frameworks. AWS will certainly be making some of these decisions for their customers in order to provide a manageable, reliable cluster solution. Ultimately, unless your application benefits from this extreme level of customization of the platform it runs on, using EKS will make your deployments fast and easy, and your cluster reliable.
- AWS Fargate – One of our core philosophies is to get customers to focus on the activities that differentiate them in their market. Every recommendation we make is based on this philosophy because very few businesses make more revenue building and managing infrastructure, or even virtualization and containerization.
Fargate delivers Containers as a Service. Simply give the API a container and the parameters for running the container (parameters like scale and number of AZ’s) and AWS Fargate takes care of the rest. No management of clusters or deployment mechanisms are needed, just focus on functionality that provides business value.
Technology is changing quickly. Now is the most exciting time to be a technologist. It is easier today to get at the solutions that advance businesses capabilities in the marketplace and provide those services with resilience and security at maximum availability.