Thank you for tuning back in to our TL;DR of the AWS re:Invent conference. Day three kicked off with a keynote by AWS CEO Andy Jassy where he announced a large number of new services that really go above and beyond, and cement AWS as the premier cloud platform for organizations large and small. I was also able to sneak into a couple of great talks and sessions after the keynote, but the highlight of the day was the keynote. Here's a TL;DR of all the announcements.
New EC2 Instances
— Peter Joseph (@CloudyNetwork) November 29, 2017
AWS already has one of the broadest sets of compute offerings. Today, they announced three more elastic compute instances: M5, H1, and I3M, a bare metal offering for organizations wanting to have direct access to the hardware. In addition to the new instances, they also announced a new pricing model for their spot instances, which allows developers to use EC2 resources at reduced prices.
ECS for Kubernetes
Kubernetes is making some pretty large waves in the container orchestration space and until now it was very much a manual process to set up Kubernetes on AWS. That is about to change with Amazon Elastic Container Service for Kubernetes or EKS which is launching in preview this week. Amazon EKS fully manages the availability and scalability of the Kubernetes control plane for each cluster and will allow organizations to easily run Kubernetes without having expert Kubernetes knowledge.
— AWS re:Invent (@AWSreInvent) November 29, 2017
What if you didn't want to manage container clusters at all? AWS may just have a solution for that as well. AWS Fargate is a service that they announced today that can deploy and manage containers for you so you don't have to manage any of the underlying architecture.
I have a love/hate relationship with databases. They power the applications that I build and I actually have fun working with traditional relational database systems, especially PostgreSQL, but I hate setting up database servers. Andy had a few announcements in the database space that really got me excited for the future of database management—or should I say lack of management?
Amazon Aurora Serverless
— Mark Nunnikhoven (@marknca) November 29, 2017
We already have serverless functionality for our applications, why not our databases? That is the question Amazon is asking as well. Aurora Serverless aims to bring the benefits of serverless computing to database management where you only get charged for the resources that you consume. This is perhaps the biggest announcement of Andy's keynote for me personally, and in my opinion, a real game-changer in the database management space.
Amazon DynamoDB Global Tables
DynamoDB is Amazon's key/value database offering and it is a pretty impressive one at that. During Prime Day, DynamoDB served over 12.9 million requests per second bringing a whole new meaning to the term big data and web scale. Over 3.34 trillion requests were served for Prime Day in total. DynamoDB Global Tables provides a fully managed multi-region NoSQL database that allows you to provide localized reads and writes to your data wherever your users may be.
Graph databases have been growing in popularity recently and Amazon will have an official player in the game with Amazon Neptune. The promise of this graph database is that it will be fast, reliable, and of course fully managed by AWS. Another big benefit of Neptune is the ability to use multiple graph query languages such as TinkerPop and SPARQL.
If "Big Data" was the buzzword that dominated our industry the last five years, "Machine Learning" will be the buzzword that dominates the next five. The promise of machine learning is that it will allow organizations the ability to provide much more personal and relevant experiences to each and every user. We're seeing machine learning used in everything from image recognition, recommendation engines, to healthcare. AWS had lots of announcements in this space.
Amazon Rekognition Video
The Amazon Rekognition service provides developers with an API to make sense of images. For example, you feed it an image and it will tell you what it sees, for example, correctly identifying humans and other objects. Amazon Rekognition Video does the same exact thing, but for video content. It will be able to track people, detect various activities, recognize various objects, celebrities, and even inappropriate objects. This can be done with existing video and even live streams, which opens up a wide array of potential use cases.
Amazon Transcribe will equip developers with automatic speech recognition (ASR), allowing them to easily add speech-to-text capability to their applications.
With more and more apps reaching a global audience, having correct localized translations for various languages is a challenge that Amazon Translate is hoping to tackle with its neural machine translation service. The service promises to allow developers to localize websites and applications for international users with ease.
— AWS re:Invent (@AWSreInvent) November 29, 2017
Amazon Comprehend is an interesting service that uses natural language processing and machine learning to find insights and relationships in text. Developers can use this API to extract places, people, brands, and events to get a better understanding of what is presented in the text. Analyzing large quantities of documents, developers will be able to extract key topics and meaning from their datasets.
If you aren't looking to translate, transcribe, or understand your content, perhaps you want to do something else with it. Amazon SageMaker is a fully managed service enabling data scientists to build, train, and deploy machine learning models for any dataset. SageMaker will work with a variety of different platforms such as TenserFlow, MXNet, and others. Through its managed capability, it will help data scientists make sense of their data faster and with greater accuracy.
AWS DeepLens is a wireless video camera and development kit that allows developers to get a better understanding of machine learning concepts. DeepLens will be released next year and will come with various samples to help developers learn more about what's possible with machine learning and how to get started.
IoT is another buzzword that has been around for a little while but seems ready to take the world by storm. AWS had many announcements that will make working with IoT a much more pleasant experience than before.
AWS IoT 1-Click
AWS IoT 1-Click is a service that makes it easy to trigger AWS Lambda functions from devices. If you've used Amazon Dash buttons in the past, the concept is fairly similar, only applied to any IoT device.
AWS IoT Analytics
AWS IoT Analytics will give developers greater insight into the data their IoT devices collect. This fully managed service will collect, process, enrich, and analyze IoT device data at scale.
Amazon FreeRTOS is an IoT operating system for low-power edge devices that is easy to program, deploy, secure, connect to, and maintain. It is available free of charge, is fully open source, and best of all, available to all today.
Security, Identity, and Compliance
I was very excited to learn about what identity and security announcements Amazon was going to announce today, and I have to say, I did not leave disappointed. Cognito is becoming a fully fledged identity platform, but that's not all Andy had up his sleeve.
Advanced Security Features for Amazon Cognito
Amazon announced a number of advanced security features for Amazon Cognito including multifactor authentication, breached password detection, and various anomaly detection features. All of these features launched in beta today. If you need these features in a production-ready capacity right now, we at Auth0 also provide multifactor authentication, breached password detection, and anomaly detection.
Keeping your servers secure is important. Amazon GuardDuty aims to make security a little easier by providing a managed threat detection service that allows your DevOps team to continuously monitor and protect your AWS accounts and workloads. The best part? It can be enabled with a few simple toggles in the AWS management console.
That sums up the major announcements from today's keynote. I'm sure we missed a couple as they were coming at us one after another. Werner Vogels, CTO of AWS, will deliver his two-hour keynote tomorrow and we will be sure to cover all of the announcements that he makes as well. As for the sessions I attended today, two really stood out:
Session: AWS Security State of the Union
Steve Schmidt, chief information security officer of AWS, delivered the AWS Security State of the Union talk. The key takeaway from his talk was his mechanisms to drive security in an organization, and they are:
- Buy-in from leadership
- security cannot be an afterthought.
- Radically restricting and monitoring human access to data
- humans and data don't mix, follow the principle of least privilege.
- Source code security.
- everybody hates doing it, but it must be done.
- Log retention duration
- storage is fairly cheap; once deleted, logs are lost forever.
- Credential blast radius detection
- use IAM roles properly to ensure that if credentials are leaked, damage will be minimal.
- Credentials lifespan reduction
- no long-lived tokens and continuous rotation of credentials.
- TLS implementation
- encrypt data in motion and at rest.
- AWS encryption everywhere.
- Canaries and invariants for security functionality.
At Auth0, we follow many of these principles to the T to ensure that we are delivering the most secure platform for our customers and users.
— Teri Radichel (@TeriRadichel) November 29, 2017
Session: Best Security Practices in the Intelligence Community
This breakout session included guest speakers from the US Intelligence Community, including Scott Kaplan, Deputy Chief of the NGA and John Nicely, Chief of Cloud Security for the US Government. They shared their lessons learned from moving their infrastructures from on-premise deployments to the cloud and how it allowed their organizations to respond quicker and with greater accuracy. This is definitely a talk I look forward to revisiting once it is posted online after AWS re:Invent 2017 concludes.
Aside: Auth0 and AWS
If you are using AWS to manage your infrastructure, whether it be traditional, serverless, or a mix, and are looking to better manage identity in your applications, Auth0 can help you to:
- Add authentication through traditional username/password databases.
- Add support for linking different user accounts with the same user.
- Support for generating signed JSON Web Tokens to call your APIs and flow the user identity securely.
- Analytics of how, when, and where users are logging in.
- Achieve SSO (Single Sign-On) seamlessly.
for a free account today and enjoy fast, seamless, and hassle-free authentication in your apps.
Day three of AWS re:Invent 2017 was very eventful. Andy's keynote has set the tone for the rest of the conference and that tone is "everything is everything." AWS wants to give you the best infrastructure to build and deploy your applications. Currently, the number of services offered by AWS is approaching 4,000! I can't wait to see what tomorrow has in store for us.