AWS re:Invent greetings from Thursday and Friday
Today I woke up again without an alarm at 7 am. Sunny walk to the Venetian via the Caesar Forum. It is an easy 20 minute walk from the Paris hotel.
Dr. Werner Vogels Keynote (KEY005)
The keynote started with an extremely entertaining and educational video about how the world is basically asynchronous. The video showed an example about a synchronous world when Dr. Vogels visited a restaurant. For example each customer walked in one at the time, order could be done only one item at the time, food was prepared one item at the time and so on. Basically a busy restaurant is a great example of how working asynchronously speeds up the service.
He reminded us world is asynchronous. The synchronising is just an illusion and a simplification. The most systems need to be event driven at least for background processing.
The announcement of the AWS CodeCatalyst was important. It is a Unified Software Development Service. Wait a minute, Why it is important? During the last few years GitHub’s ecosystem has risen to a dominant market position. More major player competition is needed strongly. GitHub also published their equal product called CodeSpaces a while ago. The whole idea of running development environments in the cloud can change development work dramatically in a few years.
Dr Vogels talked then about the new era of 3D modeling and the Unreal’s demos were impressive. The most natural language for humans is visualization. AWS wants to visualize everything. Spatial intelligence is another major thing. It allows us to think how objects react with the physical world, eg. trying out new shoes virtually.
To short visit to Expo
After the keynote I visited the serverlesspresso in the Expo area to catch a cup of cappuccino. It is a concrete sample of coffee shop where you don’t need to be in a queue and the running cost for software cost less than 100 USD per month. The first step is to scan coffee shop’s QR Code with your phone’s camera. Then you choose what to order, and finally pickup the order after a couple of minutes.
APIs: Critical for data transfer, but how do you keep them secure? (NET316)
AWS APIGW with edge-optimized is a good choice to publish APIs by default. It protects you automatically from the “internet noise” up to OSI layer 4 (TCP). To have more complete protection it is good to add Web Application Firewall (WAF) to have protection up to layer 7 (Application). For example it adds protection against malicious HTTP requests (SQL injection, XSS etc.), and block traffic from known bad ip traffics.
Here is two newest features on AWS WAF summarized by AWS:
- AWS WAF Bot Control gives you visibility and control over common and pervasive bot traffic that can consume excess resources, skew metrics, cause downtime, or perform other undesired activities.
- AWS WAF Fraud Control – Account Takeover Prevention is a managed rule group that monitors your application’s login page for unauthorized access to user accounts using compromised credentials.
I had missed the feature that WAF supports custom responses for blocked requests, eg. JSON response with 200 OK code.
Introducing AWS KMS external keys (SEC336)
Before we could use AWS managed HSM clusters (normal KMS CMK) or use our own AWS CloudHSM cluster. AWS announced support for external HSM providers (XKS). In XKS setup you can purchase HSM from any other HSM vendor that supports AWS open source XKS specification. The external HSM can work as a “kill switch” for all data in AWS. If you block key usage, AWS or any 3rd party cannot open the data anymore.
The KMS service will connect the external HSM directly via public interface or via customer’s VPC using customer’s managed XKS proxy service. The XKS Proxy can be a Fargate service where a customer runs an image provided by AWS. You can use any connection method towards the external HSM from the proxy, eg. direct connection or VPN service.
This can be a very important feature for sensitive private or public sector data. In most cases the AWS KMS CMK is more than enough service and it is certified for credit card, health care, etc. data.
re:Play and heading back home on Friday
The re:Play is the main festival of AWS re:Invent conference. The festival is held in the Las Vegas festival area 2 miles North from venues.
It is a massive transportation challenge to move tens of thousands of people in a short period of time. This year the transportation was a bit of a hassle. My friends were first in the line and were waiting still the bus for 30 minutes. My bus was waiting for 20 minutes for unloading. Finally our full bus was directed just to leave the unloading area accidentally. Finally we unloaded in the middle of the way out from the unloading area. All good after that.
At the festival area are multiple stages, game area, head-phone listening area with bar, food areas, you name it. Everything worked nicely in the area. The main show was DJ Martin Garrix. Awesome atmosphere in the main stage’s massive tent.
My flight leaves in 30 minutes (fingers crossed). The overall experience of the conference was extremely good, so much to see, learn and experience.