re:Invent 2022 Tech Recap
AWS re:Invent 2022 is now finished, and as per AWS released a large number of tech announcements leading up to and during the event. This year we had six Kainos people attend in person and many more attend remotely keeping up with the huge amount of content streaming out of the event.
If you missed re:Invent, you still have time to catch up — the Keynotes are online here and the excellent Breakout Sessions are available on the same link. Here is a rundown of the tech announcements we found most interesting!
Amazon Omics
Genomic research requires access to petabytes of data that needs to be analysed and transformed into some form of readable form to be able to generate insights from that data. This service is to be used by bioinformaticians, researchers, and scientists to store, query, and analyse data in one place. Once the data is imported to Omics you can use workflows and integrated tools to prepare and analyse the data without worrying about what's running in the background. Omics automatically provisions and scales out the cloud infrastructure it needs in the background.
This is a groundbreaking service and with the recent pandemic and even more research needing to be done the power of the cloud is there to be harnessed using this tool. The benefit of the cloud being near infinite scalable resources — the downside is paying for it.
ECS Service Connect
This is an exciting piece of functionality from AWS. Essentially it creates a simple way to connect microservice A to microservice B through Service Connect. This is one we’re looking forward to using in practice. Now back to trying not to call it service bus!
Lambda SnapStart
TL:DR — Speeds up the starting phase of Java-based Lambdas to milliseconds. The way it does this though is pretty cool. Essentially, depending on the application, framework used and code itself the ‘init’ phase of the Lambda process could be very slow. This solves the problem by performing the init phase of the Lambda ahead of time, then snapshotting the memory and disk at that point and running all other Lambdas from that snapshot. The next time you update your code a new snapshot is taken. Very cool.
Security hub in Control Tower
AWS Security Hub is now integrated with AWS Control Tower meaning you can pair SH detective controls with CT’s proactive or preventative controls and manage them together. What AWS says about this: “AWS Security Hub controls are now mapped to related control objectives in the AWS Control Tower control library, providing you with a holistic view of the controls required to meet a specific control objective. This combination of over 160 detective controls from AWS Security Hub, with the AWS Control Tower built-in automation for multi-account environments, gives you a strong baseline of governance and off-the-shelf controls required to scale your business using new AWS workloads and services. This combination of controls also helps you monitor whether your multi-account AWS environment is secure and managed in accordance with best practices, such as the AWS Foundational Security Best Practices standard.”
This will be very useful if it works as expected however the missing link for control tower, in general, is the remaining lack of control from Terraform using the AWS provider. Especially when managing multiple proactive and preventative rules doing so from Terraform would be useful.
AWS Security Hub now integrates with AWS Control Tower
RDS Blue Green deployments
Built-in RDS blue/green deployments — yes, please. Essentially allowing you to create a staging environment from your production DB to test on, change, upgrade etc and then promote it to be the production DB once complete.
Announcing Amazon RDS Blue/Green Deployments for safer, simpler, and faster updates
S3 Multi-Region Access Points Failover Controls
S3 Multi-Region access points allow for a single global endpoint to access data from S3 buckets in multiple regions. With this announcement, AWS has created the ability to have S3 Multi-Region Access Points in active-passive configuration where one Region will server all S3 requests and the passive Region will only be routed to when it's made active.
Amazon Verified Permissions
This is in preview at the moment but essentially allows developers of custom applications to manage their end-user permissions through a centralised service. This will work with any identity provider as well as Cognito. Essentially, it allows you to develop an application without having to write its own permission set to map to users — you can do that through this service instead.
Only available at the moment in the following AWS Regions: US East (Ohio), US East (N. Virginia), US West (Oregon), Asia Pacific (Tokyo), and Europe (Ireland).
AWS announces Amazon Verified Permissions (Preview)
Fault isolation boundaries
This wasn’t an announcement at re:Invent but came out just before it. This white paper is a very good read explaining exactly how separate AWS makes things when it comes to Regions and Availability Zones and other services. Reading it gives you an understanding of how AWS make their service fault-tolerant and how one fault could affect another etc. This is a white paper I will be happy to show my customers to give them warm fuzzy feelings when it comes to failure scenarios.