Analysing the latest AWS services: Certificate Manager, Lambda, and DevSecOps
The Amazon Web Services (AWS) cloud is continuing its pace of rapid, iterative service improvements in 2016. It has already announced several hundred updates in the last few months alone, proving yet again why it is a top choice for enterprises: not only are core AWS services stable and mature, but AWS is constantly improving services and software — innovation that comes “built in” by using the AWS platform.
Here are the 2016 AWS service announcements that the senior DevOps engineering team at Logicworks are especially excited about:
AWS Certificate Manager
For any systems administrator that has experienced downtime from misconfigured or expired certificates – in other words, every systems administrator – AWS Certificate Manager is an ideal solution. Released in January 2016, Certificate Manager removes the everyday “annoying” parts of managing SSL certificates and allows you to provision, manage, and renew SSL certificates for AWS resources.
The certificates are free and self-renewing, but currently can only be deployed to AWS resources like Elastic Load Balancer or a CloudFront distribution. There are many 3rd party services that perform the same function, but Certificate Manager is sure to appeal to enterprises that need to maintain encryption standards and centrally manage certifications across large, complex AWS environments.
AWS Lambda – VPC access
Released in mid-February 2016, AWS Lambda can now access services within a Virtual Private Cloud (VPC). This means your Lambda functions can now access resources that are “behind” a VPC like RDS databases, ElasticCache nodes etc. or you can use VPC NAT gateway to give Lambda access the internet.
AWS Lambda is in many ways the future of infrastructure-as-code and cloud automation. Lambda allows you to run code without managing instances or networks, and can be used in conjunction with other automation tools like Puppet, Chef, AWS CloudFormation and CodeDeploy to create infrastructure that is truly built, managed and secured with code. (We talk more about why we love Lambda here.) Although it is likely not being adopted by many AWS cloud consumers at this point, it has generated buzz since its spotlight at Re:Invent 2015 and will likely reach many more milestones in 2016.
Scheduled reserved instances
Managing cloud costs remains a top concern for SMBs and enterprises, and around 30% rely on AWS Reserved Instances (RIs) to optimise cloud costs. They will likely be pleased by a new type of RI: Scheduled Reserved Instances, released in mid-January 2016.
Scheduled Reserved Instances allow you to reserve EC2 capacity in advance for recurring jobs. You can think of it like a highly reliable version of an AWS Spot Instance that cannot fail mid-job and is provisioned on a regular schedule. This will be very useful for companies that run batch jobs once a month, such as periodic business intelligence “data crunching” jobs or Elastic Map Reduce (EMR) workloads. That said, for the vast majority of use cases, an enterprise can just purchase a group of standard RIs to receive the 30-70% discount.
CodeDeploy push notifications
AWS CodeDeploy is a very simple, language agnostic platform that allows enterprises to create fully automated deployment pipelines. The best part is that they can easily reuse existing setup code or software release processes in CodeDeploy, making it easy to setup and use.
However, in the past it has been difficult to find out the live status of a deployment — the only option was actively monitoring updates. In mid-February 2016, AWS remedied this problem by adding push notification support for CodeDeploy, meaning that your developers or systems staff can receive notifications for CodeDeploy events (e.g. deployment failure) directly to email, text, pager, etc. This means engineers can respond more rapidly to troubleshoot and remedy deployment errors.
As AWS continues to emphasise the benefits of DevOps tooling and practices, expect more service updates around AWS Developer Tools (CodeDeploy, CodePipeline, CodeCommit, etc.) this year.
New DevSecOps documentation
Recently AWS has increased its output of documentation and whitepapers related to DevOps tooling, security and governance on the cloud, which they call DevSecOps. Although not technically a new service, this documentation can make a huge difference for enterprises looking to achieve compliance or architect for better security policies on AWS.
Here are a few of the resources that every security professional should check out:
- The Automating HIPAA Compliance Series on the AWS Security Blog; interesting for any security professional, not just at healthcare organisations
- Videos and Slide Decks from Re:Invent 2015 related to security, especially Architecting for End-To-End Security in the Enterprise
- Shannon Lietz’s now classic presentation on DevSecOps (from 2014)
- AWS Security by Design and AWS GoldBase: a set of AWS CloudFormation templates and documents describing secure, compliant AWS cloud configurations (from late 2015)
The post New 2016 AWS Services: Certificate Manager, Lambda, DevSecOps appeared first on Logicworks Gathering Clouds.
- » IBM CEO Ginni Rometty to step down: Analysing the cloud strategy and in-tray for the new boss
- » Amazon wins injunction to temporarily halt Microsoft JEDI contract award – reports
- » Google Cloud secures $2.6bn quarterly revenues at 53% growth as Alphabet reveals all for first time
- » Human error and misconfigurations primary source of Kubernetes security snafus, report says
- » Oracle and Microsoft extend cloud connectivity partnership with Amsterdam hub