Wednesday, November 30, 2016

AWS re:Invent Day 3

How do you feed 30,000 people?  Hangar 1
Intense day 3!
  • 5 breakout sessions.
  • Breakfast at 7:30am, first session 10:00, last session ends at 6:00pm.
  • Reception in the vendor hall from 6-7pm (lot's of tee shirts and goodies!)

Read on for some session recaps...

Session 1 - Born in the Cloud; Built like a Startup

Kickoff session in the Venetian Theatre.  Lot's of interest in this talk that presented the three patterns that are being used today in the cloud.

  • N-Tier using EC2 instances
  • N-Tier using Docker containers
  • Serverless using AWS Lambda and microservices
Each year the conference hints at a trend that will become relevant in the near future and as suspected, serverless applications are becoming "it".

The highlighted speaker was from a company called Polybit that has introduced a product called <stdlib>.  Yeah, I doubt the dude ever really used <stdlib.h>. Seems like all these startups and cloud entrepreneurs have just graduated from college a few years ago and were not forced to suffer the indignity of compiling source code and writing Makefiles (by the way bread WAS a nickel a loaf!).   And of course, a lot of them believe they've invented something new when in fact many of these patterns are well established, albeit in a less trendy browser setting.  Seems serverless is a little less than 1/2 baked right now and things are still crystallizing but it is intriguing.   I think this paper can get you jump started on serverless architectures.  It highlights the advantages and disadvantages and the things that need to be figured out before serverless becomes more ubiquitous and is more academic than hyperbolic.

Session 2 - Audit Your AWS Account Against Industry Best Practices: The CIS AWS Benchmarks

This talk highlighted the use of the Center for Internet Security Benchmarks to evaluate and secure your infrastructure.  The industry speaker was from Coinbase, a digital currency exchange platform that uses CIS and other standards to secure their infrastructure.  He highlighted their "Scorched Earth" exercise where they declared their infrastructure compromised and challenged themselves to rebuild their entire platform in 24 hours.  They were able to complete the challenge with about 15 minutes to spare.  Some takeaways:

  • No server in their farm lives for over 30 days
  • Servers are immutable once they are deployed to production
  • There are no administrative rights on servers
  • Configuration changes always trigger alerts
  • All devices are inventoried
  • All software on all devices is inventoried
  • Server prep/deployment is 99% automated with only the rare "snowflake" 

Session 3 - Mitigating DDoS Attacks on AWS: Five Vectors and Four Use Cases

Fascinating talk about how the Amazon global network and AWS WAF (Web Application Firewall) can be used along with some clever techniques to prevent and mitigate DDoS attacks.  Some techniques:

  • Let AWS Cloudfront handle HTTP->HTTPS redirects to prevent redirect flooding
  • Use Elastic IPs that can be removed from your front end when an attack is detected and re-provisioned with new ones - either creating a honeypot to collect forensics or to thwart that traffic
  • Use Lambda to analyze traffic in real-time to create new rulesets that update the AWS WAF

The goals here are to prevent your application from being taken down or for autoscaling groups to start to ramp up to handle bad traffic costing you money and additional application latency.

Session 4 - Building IoT Applications with AWS and Amazon Alexa

This breakout was a little disappointing as I was more interested in the Alexa voice application aspect of the talk, however the Amazon speaker explained the architecture of AWS IoT and how devices can report data to be stored and analyzed in the cloud.   To learn more you can just go here.

The industry speaker was from Boston Children's Hospital that is experimenting with Alexa to provide parents with answers to medical issues as part of their Kids.Md initiative.  In case you just crawled out of a cave, Alexa is the voice app inside Amazon's Echo device or more accurately the app that sits in the cloud.  The Boston Children's app was honestly not that impressive although the goal is great - credible information, easily accessible to parents on health issues - and I'm sure the technology they have developed is going to be just amazing.  The demo was just not that impressive.

Session 5 - Enterprise Fundamentals: Design Your Account and VPC Architecture for Enterprise Operating Models

This session surprised me at how something that sounds simple like choosing how to setup your Amazon accounts, can be broken down by smart people to reveal the complexity in order to create a reusable framework for making a sound decisions.

Given that most business will at least want to maintain a dev/test/prod environment should 1 Amazon account be used or multiple accounts?

Large (and even SMBs) that are moving to the cloud have to grapple with how to setup their Amazon account.  Security as well as financial issues need to be considered.  Since some enterprises are comprised of various lines of business (LOBs), it might be tempting to just set up 1 account for each LOB.  This talk described the 4 quadrants of the IT operating models and how you should align your account setup with the model that your organization uses.  By analyzing how your IT organization is structured you can better align the account setup with how your company works.  Very good talk.

I'll try to add the links to the talk slides once they are published.

No comments:

Post a Comment

Note: Only a member of this blog may post a comment.