Every year 10s of thousands of AWS customers and prospect customers desend on Las Vegas. For those of us to don’t make the trek Amazon live streams the the daily Key Notes. Those are where AWS announces it’s newest products and changes. Each year I build a list before November as AWS has a tendency to leak smaller items. This year my wish list for AWS was as follows:

1. Mixing sizes and types in ASG - Announced
2. DNS fixed for Collapsed AD - Announced
3. Cross regional replication for Aurora PostGreSQL - Regions expanded  still waiting on the cross regions to be announced 
4. Lambda and more Lambda integrations  - Announced 
5. AWS Config adding machine learning based on account.  
6. Account level S3 bucket control - Partly Announced 
7. 40Gbps Direct Connect 

There a lot of announcements, far too many to recap if interested in them all go read the AWS News Blog.   I do like to find two announcements which shock me and two things that seem interesting. 

The two items which shocked me were:

1. DynamoDB added transactional support (ACID).   This means someone could build an e-commerce or banking application which requires consistent transactions on dynamoDB.  
2. AWS Outposts and AWS RDS on VMware allows you to deploy AWS on-premise and AWS will manage this for you.   I can only assume this is to help with migrations or workloads so sensitive they can’t move off-premise.     It would be interesting to see how AWS manages storage capacity and compute resources as many companies struggle with these and how the management model will work.   However, given the push to move away from traditional data centers, so reserves that course.   It will be interesting to see how it plays out over the next year and what services this provides a company migrating to the cloud. 

On my passions is security, so the two things which interested me are

• AWS Security Hub and  AWS Control Tower  - I consider these one thing as they will be used in tandem.   Control Center will provide security launch zone for an organization while AWS Security Hub will provide governance and monitoring of security 
• The ARM processor in the a1 instances which Amazon developed internally.   Based on pricing these instances seem to offer cost advantages to the existing instance types.   

What did you find interesting, amusing or shocking?   What were you looking for which wasn’t announced? 

Sat the AWS Certified DevOps Engineer - Professional Exam last this afternoon.  The exam is hard, as it scenario based.   Most of the exam questions were to pick the best solution for deployments which comprised CloudFormation, Elastic Beanstalk and OpsWorks.   Every one of those questions had 2 good answers, it came down to which was more correct based on the keywords cost, speed, redundancy, roll back capabilities.  

I did the course on acloud.guru and a lot of AWS pages. At some point I will make a page of all the links I collected when studying for this exam.

The exam took me about two-thirds of the allowed time, I read fast and have a tendency to flag questions I don’t know the answer to and come back later and work thru them. This exam, I flagged 20 questions. Most of them I could figure out, once I thought about them for a while. But flagging questions and going back helps manage the time.

Upon submission, I got the “Congratulations! You have successfully completed the AWS Certified DevOps Engineer - Professional…”

I got my score email very quickly:

Overall Score: 82%

Topic Level Scoring:

That now makes my 7th AWS Certification.

Last week, I got the privilege to attend an Item Development Workshop for the Associate Architect Exam.   I participated as a Subject Matter Expert as the certification program pulls both Amazonians and industry professionals together to develop questions.   I’m not going to go into details about the workshop or share any content, because of the NDA.  I do want to share 3 observations I found during my time in the in the workshop:

1. AWS takes certification, the validity of certification and the value of certifications with immense regard.   The program is designed to recognize those who have AWS knowledge.  As the certification is not about memorization but the ability to learn, understand and apply.
2. The AWS certification team is amazing.
3. AWS people are very intelligent and have a deep understand of both AWS and technology.  

The experience was a learning fascinating experience and hope to continue to participate as an SME for other workshops.  

I was listening to the Architech podcast.  There was a question asked, ”Does everything today tie back to Kubernetes?”   The more general version of the question is, “Does everything today tie back to containers?”.    The answer is quickly becoming yes.    Something Google figured out years ago with its environment that everything was containerized is becoming mainstream.

To support this  Amazon now has 3 different Container technologies and one in the works.

ECS which is Amazon’s first container offering.    ECS is container orchestration which supports Docker containers.    

Fairgate ECS which is managed offering of ECS where all you do is deploy Docker images and AWS owns full management.  More exciting is that  Fairgate for EKS has been announced and pending release.  This will be a fully managed Kubernetes.    

EKS is the latest offering which was GA’d in June.   This is a fully managed control plane for Kubernetes.   The worker nodes are EC2 instances you manage, which can run an Amazon Linux AMI or one you create.

Lately, I’ve been exploring EKS so that will be the next blog article, how to get started on EKS.

In the meantime, what have you containerized today?

A new study sponsored by Capsule8, Duo Security, and Signal Sciences was published about Cloud Native Application Security.   Cloud Native Applications are applications specifically built for the Cloud.  The study entitled,  The State of Cloud Native Security.  The observations and conclusions of the survey are interesting.   What was surprising is the complete lack of discussion of moving the traditional SECOPS to a SecDevOps model.  

The other item, which found shocking with all the recent breaches, that page 22 shows that only  71% of the surveyed companies have a SECOPs function.