AWS (re:Invent) 2022 in review
AWS re:Invent 2022 is now over, and with it its usual batch of new product annoncements, keynotes and breakout sessions. Among all those, what stands out? What should we take away?
(Context: this blog post was written while I was still Head of Architecture and Dev for my former employer)
Today, I share my personal picks of re:Invent, and some perspective on the wider AWS roadmap.
Top annoncements of re:Invent from the perspective of a Software Development manager
My current role, in a company that is quite new to the Cloud (with just one year and a half of track record), leads me to focus on serverless architecture, as my primary concern is for my dev team to be able to continuously deliver solutions on a reliable and scalable infrastructure, with little to no management by infrastructure team.
Lambda SnapStart
That’s not a formally a product announcement, but the technical challenge, in terms of underlying infrastructure, to get rid of Lambda coldstarts is such a huge breakthrough, that I can’t start without mentioning this evolution in the Lambda service. Just for that one, I might come back to Java/SpringBoot (which now starts in 100ms ^^)
Peter DeSantis’ keynote on the progress made on the low-level components of the Cloud (chips, CPUs and protocols) is a must-watch.
EventBridge Pipes
One ability that’s key to provide upgradeable and scalable solutions is the ability to design solutions that work asynchronously.ndeed, synchronous patterns lead to overloading bottlenecks, strong coupling (which make upgrades painful) and user apps desperately waiting for response from the backend.
Before EventBridge, service-to-service integration required a lot of glue code using Lambda to call third-party systems, manage retries in case of failure etc. EventBridge does that for us. Since its launch in July, 2019, new useful features have been added to the service (like being able to call a 3rd-party API and OAuth credentials management in this scenario).
But in any use case I could see, I always felt it lacked the ability to enrich an eventmagine a case where a customer puts an order: for delivery purpose, you’ll need the customer address. If the OrderFrontService that pushes the order does’t provide it, then the OrderProcessingService that processes the order needs to get the customer address from the CustomerService. That involves some coupling between the OrderProcessingService and the CustomerService. To get rid of this you want the “order” event to be enriched by the CustomerService before is it consumed by the OrderProcessingService. Here comes EventBridge Pipes.
Verified Permissions: managed permissions management
A typical serverless application involves a front-end app (stored on S3, delivered by CloudFront), an API Gateway and a identity provider such as Cognito. The user is authenticated on Cognito so the API Gateway know who is talking.
to it. But the API Gateway doesn’t know what that person is authorized to do (OAuth claims can be at api method level, but not at object level).So the first step of any processing behind the API Gateway currently involves custom code in a Lambda to check whether the user is authorized- before performing any business logic. With Verified Permissions, AWS intends to help us get rid of such custom code. I’ll register for the preview :)
Application Composer: a nice tool for Architects and Devs to discuss more efficiently
This service provides the missing link between architecture diagrams (whether you use draw.io, Python diagrams or just your whiteboard) and the developer’s IDE :)
A big regret, though.. at launch time, this service doesn’t come with Terraform compatibility. Let’s hope AWS fixes that big mistake real soon. Until then, I won’t ask for preview access ^^
CodeCatalyst: one ring to rule them all?
Imagine being able to kickstart a project, including setting up the dev environment, git repository, CI/CD pipeleines and project management tooling.. in a matter of minutes? That’s the promise behind CodeCatalyst.
I’m not sure how steep the AWS Code Family (CodeCommit, CodePipeline, etc.) adoption curve has been so far. AWS doesn’t have a reputation for great UI (they’re more about providing building bricks to play with like Lego) and the competition (namely, GitHub, that is, Microsoft) is fierce.
Nearly every developer on the planet fears vendor lock-in from the Big 2 (sorry Google, but I believe you’ve been out of this race for a while), as reflected in my remark on Application Composer.
But AWS is not used to being the challenger in the playground and seems to make third-party integration (so far with Jira, Github, IDE vendors) core to the product. If the product enables to manage a local-docker-hosted dev env, I’ll have a look. Otherwise, I’ll pass.
Some nice tooling for cross-account :)
f you work for a company big enough to have several dev teams, or with multiple business units like I do, it’s likely you use a classic multi-account landing zone, with dev/staging/prod accounts for each Organizational Unit (OU).
If that’s the case, well, you’ve probably face some reaaally painful limitations when working cross-account.
- Cloudwatch. I love CloudWatch. Since I use it, I’ve never wanted to use Datadog or the ELK stack. But dammit, AWS, why did it take you so long to be able to offer cross-account observability?
- Network Reachability AnalyzerThe analyzer is a GREAT tool to diagnose network connectivity issues between a source and a destination: why do VPC flow logs analytics (which can be painful) when static analysis can point you towards the missing ACL rule? One big limitation in a cross-account context is that analyzer had boundaries at the Transit Gateway attachments of each account. Being able to diagnose accross the Gateway will be a real time saver.
A disappointment: DocumentDB Elastic
My dev team is more and more into DynamoDB. But we still have quite a few workloads that use MongoDB and have been hoping for serverless version of DocumentDB (you know, just like Mongo Atlas offers a 0.10$/million queries).
Elastic cluster seems rather cut for those customer who need high-and-rapidly-changing-scale. Quite a disappointment here.
More from the CIO/CTO point of view
Nowadays, a few topics are of high concern to the CIO in a midsize utility company.
- Private infrastructure and remote workforce.Not all our workloads are in the Cloud. Far from there! And even some cloud-hosted apps are not meant to be exposed publicly (which involves making sure they’re resilient to DDOS or other attacks such as SQL injection).
In the meantime, our own colleagues and our partners’ workforce, including IT consultants, are working remotely on a regular basis. Providing VPN access or requesting fixed IP (which shifts the burden of providing a VPN to our partner) for whitelisting is always cumbersome. To that regard, AWS Verified Access pourrait changer la donneproviding public, authorization-based, access to private applications - Data management / Analytics / MLAWS has a great number of great data products. As often with AWS, they come as bricks that you assemble rather than a fully-featured closed products..
That makes a powerful environment (and a safe one too, since zero trust principles are everywhere), but also one that’s harder to harness than, say, SnowFlake.
We feel we have a clear need for a product unifying all those individual solutions, helping our non-specialized IT team set up proper data governance and build data-centric solutions. During re:Invent, AWS announced Datazone d’une manière inhabituelle : un communiqué de presse, pas un article de blog sur le service AWS What’s New. Datazone répondra-t-il à nos attentes ?
Some perspective on AWS’ 2022 roadmap.
Techcrunch fellows <a href="https://techcrunch.com/2022/12/02/the-era-of-constant-innovation-at-amazon-could-be-over/" closed AWS re:Invent by running “the era of constant innovation at Amazon may be over” as their headline. Though I had the same reaction after last year’s re:Invent, I now beg to differ.
Yes, maybe there won’t be in a near future many radically new concept. After all, apps are just services and databases, uh? Posing as a visionary may suit Zuckerberg (and fill Techcrunch.com with 52k Google search results on “metaverse”) or Elon Musk but it’s no guarantee of success. I’d rather be the customer of a company who’s customer-obsessed with my needs for incremental changes :)
AWS is a mix of IaaS, PaaS and SaaS.
I believe the aforementioned DeSantis keynote demonstrate how far ahead AWS is regarding IaaS. The announcements I mentioned in this blog post testify to their commitment to building a great PaaS. As for SaaS, I find quite reassuring that no company can be the lead innovator in every industry-specific solution… that leaves some work for the rest of us :)
Still, I’m happy AWS launched Amazon Omics, a solution dedicated to genomics researchers. I can tell first hand that many people in this area, even in famous research institutions, sill use NotePad as their IDE..
Where did AWS put their efforts in 2022? Is re:Invent a representative sample?
To get some perspective, I scraped AWS’ What’s New blog and, for each product, I compared the number of announcements made during re:Invent and out of re:Invent.
No surprise, EC2 (with the numerous hardware announcements) and data/AI products, SageMaker in particular, are leading both races. But what’s more surprising is that some products we totally under-covered during re:Invent. I’ll mention just 3 of them.
- RDS and Aurora didn’t I say before that an app, after all, is just services writing and reading data from a database ? :) RDS was totally absent during re:Invent. Still, it’s the #3 product in terms of new features in 2022!
- Amazon Connect the customer relationship suite is #4 with more than 60 feature announcements in 2022 just for himself (and that’s not including related products, such as Lex), but none during re:Invent. Probably a sign that Amazon feels the battle for marketing and customer contact automation can still be won.
That’s definitely an area I want to dig in in the next couple of years, as I believe AWS’ solution can be a source of disruption for companies that will adopt them. - EKS/ECS are #5 in the podium. Here AWS is fighting to win those customers who won’t go serverless for fear of vendor lock-in or because they have made a strategic decision for the sake of simplicity to put everything in Docker and K8s.
Those confirm, in my opinion, the fact that AWS is strengthening the basis of its pyramid (IaaS and PaaS) and gets into SaaS only when the technical foundations are important and require diversified skills (e.g. for Connect: telecoms, data management and machine learning).
That’s all for 2022! I’m looking forward to see how things evolve in 2023!