This post was written by Rich Bosomworth.
The 2017 AWS Summit in London took place on June 28th at the ICC London, ExCeL. Skelton Thatcher Consulting team members were in attendance to check out the latest developments from AWS, and to evaluate the myriad of third party vendor offerings.
As expected the event was extremely popular. We arrived at ‘peak ingress’ so it took a while to navigate the mammoth queue and register, as such we missed the opening keynote. For future reference an early start is highly recommend to avoid queues on both public transport and at the venue itself.
Cloud security is of core interest to me and the first session I attended was Security at Scale with AWS. This session was hosted by Dave Walker, Security Solutions Architect with Amazon Web Services. The session opened with deep insight into how AWS handle their systems security at scale, as well as providing an overview of the shared responsibility model.
Dave highlighted the importance of log metrics and introduced AWS Organisations. AWS Organisations extend the concept of consolidated billing with policy based management for multiple AWS accounts, including account creation. To follow up I looked deeper into the service as from a previous life amongst Microsoft’s Active Directory I identify strongly with the concept of OUs (Organisational Units).
An OU in the context of AWS Organisations allows you to group multiple (AWS) accounts into a single unit, with the ability to then create and apply single or multiple OU policies. This provides a notable step up for account management, compliance and control above the basics of consolidated billing.
Another core point was the recommendation for using benchmarks provided by the Center for Internet Security (CIS). This was of interest to us as Skelton Thatcher Consulting have implemented both Linux and Windows based CIS hardened instances for several clients and recommend adoption as part of our AWS Infrastructure Security Healthcheck.
DevSecOps is a term you may have heard and was introduced in this session as embedding a security resource within the software development life-cycle, allowing for dynamic validation without slowing down (the life-cycle). This could be in the form of a SecOps (engineer) placed within the DevOps team.
A further area covered was the AWS EC2 Systems Manager + Capabilities, and again this was of interest to us at Skelton Thatcher Consulting, with it being another AWS service we have recommended and implemented for clients. EC2 Systems Manager currently offers an excellent array of comprehensive security and patch management options for Windows server based deployments. It was advised that similarly extensive methods for Linux patching and security are coming soon.
Between sessions I took time to explore the extensive vendor area. I found it most productive being able to discuss product interest with technical teams from services Skelton Thatcher Consulting are recently exploring.
My first port of call was with Cloudability. They offer a cloud management service geared to increasing efficiency whilst reducing costs, similar to the AWS Trusted Advisor but with a slightly different implementation and cost model. Again this was of interest as Skelton Thatcher Consulting offer an AWS Cloud Cost Optimisation tier and are always looking at options to enhance and improve the services we provide.
Next stop was SpotInst. Their service offers an enhanced toolset for management of EC2 spot instances. Spot instances are EC2 instances you run based on a bid-price of your choosing. They can provide cost savings of up to 80% however there are considerations. For example, should the bid-price rise above your chosen threshold then the spot instances you are running will terminate. As such having some method for the management of ‘spots’ is most useful, and this is what SpotInst offer. Skelton Thatcher Consulting are looking to implement a SpotInst component to compliment our ongoing direction for Container Clustering with Rancher Server. As SpotInst are both a Rancher and Terraform partner (we use Terraform for our Rancher deployment) it proved most useful to discuss options directly.
As described, the event was incredibly well attended and it was nice to encounter one of our core Skelton Thatcher Consulting clients. We took the opportunity to have a coffee and discuss future potential for assisting them with their DevOps integrations.
I have had quite a degree of exposure to running database clusters, in particular Percona XtraDB. Come the advent of AWS RDS my focus shifted, although I do still have a keen interest in the operational aspects of database server support and management. With this in mind I was very keen to attend one of the final sessions of the day – Migrating Your Databases to AWS: Deep Dive on Amazon RDS and AWS Database Migration Service.
The session started with an overview of the AWS RDS service, quickly moving into aspects of the Database Migration Service (DMS) and Schema Migration Tool (SCT). If you have legacy database deployments, perhaps running on self managed clusters, then having an option to easily migrate them into the ease and safety of RDS is quite alluring, and this is what the DMS and SCT offer. I didn’t realise the full extent of what the SCT offers, but for dynamically converting between database formats the options it provides are very impressive.
No AWS RDS session would be complete without mentioning AWS Aurora and the tagline from the AWS Aurora product page says it all:
MySQL and PostgreSQL compatible relational database with several times better performance.
Security, availability, and reliability of commercial databases at 1/10th the cost.
High availability is core to Aurora, with volume striping as default across x3 Availability Zones (AZs) and six copies of data in each (AZ). It is a truly impressive managed database solution.
The day was over far too quickly. There was so much on offer it wasn’t physically possible to catch everything of interest, although the curtain sectioned arena could confusingly provide a ‘2 for 1’ experience, depending on the host volume of the adjacent presentation (this wasn’t a good thing).
I will be checking out the many sessions I wasn’t able to fit in online and I am already looking forward to next year, although I shall be setting my alarm clock for an early start.
AWS Summit London June 2017 – Keynote