AWS re:Invent 2023 has kicked off in Las Vegas! Our consultants - Mark Noorman, Tom Eigenraam and Hugo van Duijn - are on the frontline, soaking up the latest innovations and industry breakthroughs. Through this blog, we bring you a daily dose of re:Invent highlights and crucial updates, ensuring that even if you're not physically present, you're aware of the most insights from AWS re:Invent 2023.
New Feature: IAM Identity Center – Trusted Identity Propagation
What: AWS is introducing the IAM Identity Center – Trusted Identity Propagation, a groundbreaking feature designed to simplify data access in Redshift, EMR, QuickSight, LakeFormation, and more, by leveraging IAM identities. Regardless of whether your applications use OAuth or SigV4, this feature ensures that IAM identities (e.g., SSO users/roles) are linked to a traceable token. The result? End-to-end traceability of user interactions with data, central management of access, and seamless entry for users of all roles, from business professionals to database administrators.
Why It's Interesting:
- End-to-End Traceability: Achieve comprehensive visibility into user interactions with data, tracked seamlessly in CloudTrail.
- Centralized Access Management: Manage access to data and analytics applications across diverse user roles.
- Federation Compatibility: Integrate with your identity store (e.g., AzureAD, Okta) for a unified identity management experience.
Learn more about this new feature.
Optimizing Business Outcomes with Well-Architected Reviews
What: Delved into a session that explored an efficient and effective approach for Well-Architected Reviews, outlining the basis for a continuous lifecycle of improvement. The session emphasized creating a matrix to position risks and remediation actions against impact vs. ease, aiding customers in identifying where to kickstart their improvement journey.
Why It's Interesting:
Customers often know where they want to be with their cloud environment, but ask us: where to start? Creating a matrix to position each risk and remediation action against impact vs. ease axes could help the customer to understand where to start their lifecycle of improvement. Achieving the defined business outcomes means having a good preparation with the right stakeholders, staying on topic, having a clear scope and staying away from solutioning during the review.
Sustainability Matters: Measure, Optimize, Improve Costs
What: Dove into the often-overlooked realm of sustainability in workload architecture design. Explored how prioritizing a lower infrastructure footprint aligns with broader goals of cost optimization and performance efficiency.
Why It's Interesting:
You can use the Lambda Power Tuning Tool to optimize sustainability of your serverless infrastructure by analyzing memory and execution time, to find the sweet spot in configuring both memory and compute hardware (arm64 vs. x86_64). Moreover, significant optimizations can be achieved by analyzing the code blocks of your function with CodeGuru Profiler. This will tell you which areas of code can be altered to have more cost- and energy-efficient executions. In some cases, choosing a different programming language (Java over Python) can make a large difference as well when it comes to sustainable and efficient function executions.
Explore Lambda Power Tuning Tool
Elevating VPC Security: Insights from the Layered Security Workshop
What: Mark participated in a workshop on implementing layered security for AWS VPC, uncovering new dimensions of AWS services and gaining fresh perspectives on customer architectures. Here are some key takeaways:
- Visibility Enhancement with DNS Firewall: Gain deeper insights into VPC activity by implementing a DNS firewall, ensuring a robust security layer.
- Traffic Mirroring for Analysis: Implement traffic mirroring to analyze and scrutinize network traffic effectively within the VPC.
- Route53 Logging and Querying: Enhance your ability to analyze traffic patterns by adding Route53 logging and querying functionalities.
- AWS Network Firewall Implementation: Fortify your security posture by implementing AWS Network Firewall, updating routing configurations, and defining rules.
- Web Application Protection with WAF: Safeguard web applications by integrating and implementing AWS WAF for enhanced security measures.
Navigating Hybrid Environments: Insights from the Management Integration Session
What: In Mark's second session, the focus shifted to the intricacies of managing hybrid environments, emphasizing the seamless integration of AWS services to create a unified management interface. Here's a glimpse of the key insights:
- Systems Manager for Universal Management: Regardless of the cloud it operates in, Systems Manager emerges as a powerful tool for initial management tasks.
- Secure Management Access with KMS: Elevate the security of management access using Key Management Service (KMS) for robust encryption.
- OpenTelemetry for Vendor-Agnostic Monitoring: Explore the versatility of OpenTelemetry, a vendor-agnostic protocol, ideal for integrating monitoring across diverse systems and platforms.
- Prometheus for Data Collection: Utilize Prometheus for efficient data collection, paving the way for comprehensive insights into performance metrics.
- Managed Grafana for Custom Dashboards: Leverage Managed Grafana to craft bespoke dashboards, offering a centralized view of performance metrics.
- Ingesting Data for Insights: By ingesting data from sources like Azure or on-premises systems, uncover valuable insights into performance, patch compliance, and more.
Stay tuned for more insights from the AWS re:Invent 2023 journey!