AWS re:Invent 2022 Recap
In this blog
AWS re:Invent 2022 is in the bag! The 11th iteration of the annual cloud conference saw more than 50,000 partners and customers descend on Las Vegas in person, accompanied by more than 300,000 remote attendees.
The event featured excellent keynote speakers, product announcements, training and certification opportunities, hands-on technical sessions and much more. Our experts witnessed all of the fun, fully embracing AWS CEO Adam Selipsky's message that now is the perfect time to "lean in harder" to help clients accelerate their journey to the cloud.
Read on for our immediate reactions to re:Invent 2022, plus our spin on some interesting product announcements.
Going into re:Invent 2022, I was talking with some of my fellow AWS Heroes about re:Invents past and what we were hoping to see this year.
AWS has built a lot of amazing services over the years. There are hundreds of "two-pizza teams" inside AWS creating amazing products at a very high velocity. However, something that has been lacking in my opinion has been an opinionated way to help these services work better together.
The past few years it feels like AWS has concentrated more on the container ecosystem and not as much on helping developers turn ideas into products faster. A good step forward in addressing this was the announcement of Amazon EventBridge Pipes:
With optional filtering steps between your source and target, developers can leverage this service instead of creating bespoke "glue" code for their event driven applications.
AWS CodeCatalyst is another service that I'm excited to get my hands on capable of increasing developer velocity and enablement. Starting a new project can be tough. Picking your tooling, CI/CD environment and collaboration mechanisms can all take time away from making a product.
CodeCatalyst (still in preview) promises to "automatically setup everything you need to start a new software development project, including CI/CD, deployable code, issue tracking, and AWS services configured according to best practices." Currently, there are 14 pre-generated blueprints, plus the option to start from scratch:
If these services deliver on their promise and allow for external service integrations (Werner actually said the name "Github" on stage during his keynote speech... TWICE!!), then these services will go a long way toward shortening that "idea to production iteration" time window.
Re:Invent 2022 had a different feel this year. First, it felt like we were back to full capacity post-COVID. The energy, crowds, morning-to-night sessions, meetings and events were enough to keep us all very busy. I loved it.
Second, this year appeared to represent a small shift in AWS messaging. For so many years we've heard AWS present on why organizations should move to the cloud. "The scale, security, service redundancy, and maturity of the AWS cloud is ready for your workloads!" But this year, there was not as much "come on in, the water is nice" talk. There was more of "you are here, now look how we're making it easier for you to do more!" feel.
I wonder if this is simply the natural progression as AWS matures its services catalog and cloud adoption continues to grow. Or if it is a more intentional go-to-market shift from Andy Jassy to Adam Selipsky.
I spent a lot of time meeting with ISV/OEM partners and AWS teams during my week at re:Invent. Two major themes continued to surface: Marketplace and Integrated Solutions.
WWT continues to see rapid growth in demand for transactions through the AWS Marketplace. It was good to see enhancements and new capabilities announced.
For example, we saw new Data Visualization Dashboards for Marketplace, Vendor Insights for Risk Assessments, Containers Supports Direct Deployment to EKS Clusters and AWS Data Exchange for AWS Lake Formation.
In addition to the feature and release announcements, Marketplace was a recurring theme in the partner keynote. It was also an obvious area they wanted to continue investing in with their partner channel.
Overall, the partners we met with were slightly cautious but primarily excited about Marketplace. This is an area that should continue to grow for consulting/system integrator partners like WWT and the ever-growing list of technology partners available through the AWS Marketplace.
Regarding integrated solutions, this is a sweet spot for WWT: simplifying the complex is in our DNA. Almost all of the ISV and OEM partners we met with wanted to talk about how we could build accelerators for industry solutions, integrated offerings with other complementary partners, and of course — how we could market it all through the AWS Marketplace.
Industry, vertical and integrated solutions were all complimentary themes I picked up on during the AWS Keynote and breakout sessions, as was AWS Supply Chain. Focusing on these types of prebuilt frameworks will make cloud adoption easier for more organizations.
AWS Networking updates from re:Invent 2022 were small in number but big in impact.
When many organizations get started with AWS, EC2 instances running within virtual private clouds (VPCs) are their typical introduction to cloud computing. As users become more experienced, containers, PaaS services and even serverless start expanding their cloud footprint. This inevitably leads to VPCs that are much more complex and service connectivity that can be harder to scale.
AWS announced the release of Amazon VPC Lattice to help simplify and automate service connectivity across VPCs and accounts. VPC Lattice is an overlay into VPCs that will allow common connectivity and security across a variety of services, including EC2, EKS and Lambda.
VPC Lattice will help network admins more easily configure and secure VPCs by defining policies AWS users can consume as network services without needing to know about the underlying VPC. This will further enable innovation in the cloud by leaving the networking and security policy to those who have specific operational knowledge within the organization.
Another new release announcement was AWS Verified Access. How users access applications and data is critical for organizations to thrive in this era of the remote workplace. For workloads that require remote private access, a point-to-site VPN is a common way for end users to connect to their data.
Many companies try to mirror their on-prem footprint within AWS by deploying third-party security appliances (e.g., from vendors like Cisco) into a VPC. When combined with native AWS VPC routing, this can actually be rather tricky when compared to on-prem VPN deployments.
While AWS also has their native Client VPN service, it requires an OpenVPN compatible client, which rules out common enterprise clients like AnyConnect. AWS Verified Access enables the use of existing corporate identity and device management to analyze application policies in real time and allow VPN-less access to applications.
Both of these new network services are currently in preview and will hopefully be available later in 2023.
Re:Invent 2022 seemed like it was back to normal. Throughout the conference, I noticed a permeating focus on security.
"Shift left" describes the needed change focus from infrastructure to applications in the context of cybersecurity. It allows organizations to modernize faster by developing applications with security and business outcomes top of mind.
Developers have always had a habit of finishing one project and quickly pulling another from the backlog. In the rush to get to what's next, security can tumble down the priorities list in the application development lifecycle. So at re:Invent, it was nice to hear about developers being empowered and trusted to take on the responsibility of securing code earlier in the development lifecycle, where the cost is much lower than when an application is in production.
Clint goes into more detail below.
As Neil mentioned, security was in the air at re:Invent 2022! You could see and hear it everywhere you went in Las Vegas.
It was quite refreshing to see security coming to forefront and being considered much earlier in application development lifecycles and cloud journeys. While security has typically been a late-stage gate for many years, it's exciting to see so many emerging players in the security space who are focused on APIs and allowing developers to be empowered so they too can embrace security.
It was no surprise to learn that the most mature organizations are those that have turned security into a business enabler. Ensuring consistent policies and frameworks around deploying applications and workloads in the public cloud and wrapping everything with standards. This is where WWT is engaging closely with clients, helping eliminate the noise and confusion caused by so many niche vendors in the app and cloud security space.
Much like network engineers have learned to embrace automation and network as code, developers are consuming security services as part of CI/CD and learning to adopt policy as code.
The challenges I heard most frequently at re:Invent 2022 included:
- Integrations, minimizing the number of tools, and consolidating wherever possible
- API security: Discovery and security of first- and third-party APIs
- Software Bill of Materials (SBOM)
- CI/CD pipeline integrations (SAST, DAST and SCA)
- Secure SDLC and aligning to a framework
- Policy as code
- Overall cloud security (including CSPM, CWPP, CNAPP)
These trends are the result of a lack of visibility, experience and trust in the cloud. The cloud can be safe and secure, but it is still new to many. And that's what is driving the surge around security in the cloud. Clients already there are slowing down and reassessing their security posture, while clients who are looking to adopt are pausing before playing (or paying) for cloud.
WWT is working with clients across the globe who are struggling to create a secure SDLC or development program that embraces cloud. Depending on the level of maturity in the organization, we may recommend tools or processes to secure code, containers and data, then provide visibility into any third-party software components so security teams can remediate vulnerabilities quicker.
One of the exciting announcements coming out of re:Invent 2022 was Amazon Security Lake. The Amazon Security Lake consists of many third-party tool integrations that help clients aggregate, manage and analyze logs and data to improve threat detection and aid in more thorough investigations and incident response.
The Amazon Security Lake conforms to the Open Cybersecurity Schema Framework (OCSF), which makes it easier to normalize data and share it with many of the best third-party security tools on the market today. Third-parties include companies like Palo Alto, CrowdStrike, Cisco, Laminar, Lacework, WIZ, zScaler, Netskope, Netscout, Okta and many others.
Security has moved to the front row, and the cost to ignore it getting higher every day.
When was the last time your clients thanked you for keeping an application on 99.999% of the time? How many times have they complained about slow application performance when the metrics, logs, events and traces (just to name a few) are all clean? Or asked whether it's possible that all telemetry data collected by CloudWatch be constrained to only AWS infrastructure?
Two announcements related to these questions caught my attention.
Enter Amazon CloudWatch Internet Monitor, available in public preview today in 20 AWS regions:
- In the Americas: US East (Ohio), US East (N. Virginia), US West (N. California), US West (Oregon), Canada (Central), South America (São Paulo).
- In Asia and Pacific: Asia Pacific (Hong Kong), Asia Pacific (Mumbai), Asia Pacific (Seoul), Asia Pacific (Singapore), Asia Pacific (Sydney), Asia Pacific (Tokyo).
- In Europe, Middle East, and Africa: Africa (Cape Town), Europe (Frankfurt), Europe (Ireland), Europe (London), Europe (Milan), Europe (Paris), Europe (Stockholm), Middle East (Bahrain)
CloudWatch Internet Monitor extends telemetry to thousands of internet peers to provide visibility into how internet issues impact the performance and availability of your applications. Not only can you get a performance and availability score, scaled from 0 to 100, but also you can also reroute traffic to workload through different AWS Regions.
For our clients who leverage their contact centers to resolve customer issues, can you answer the following questions?
- What will your future demand look like in 12 to 18 months?
- How many agents will you need to hire and staff in the long run (12 to 18 months)?
- How many agents are needed for each shift?
- Which agents are adhering to their scheduled activities, which agents are not?
If you fall within the top 95% of forecasts and optimized schedules, then you can skip this service. For the majority, though, Amazon Connect can help.
With the "Great Reflection" underway, contact centers are seeing very high attrition rates due to agent dissatisfaction. For most of our clients, Amazon Connect forecasting, capacity planning and scheduling can help optimize the contact center to deliver amazing customer experiences.
Amazon Connect forecasting, capacity planning and scheduling is generally available in four AWS Regions: US East (N. Virginia), US West (Oregon), Asia Pacific (Sydney), and Europe (London).
As data continues to grow in organizations, so does the need for tools and capabilities to turn the data into meaningful information through analytics that can help drive innovation and business initiatives for organizations. The tools and governance of this data (and the locations it lives) has become a major focus for many teams, and Amazon made some announcements that will help with some of the complexities.
Below, I cover some of the announcements made around data, data analytics and data governance made during re:Invent 2022.
Starting off with tools, the big announcement Amazon made was the new serverless option for the Amazon OpenSearch service. OpenSearch now joins the list of serverless analytical tools offered by AWS, meaning that every analytics tool offered by AWS now has a serverless option (e.g., Athena, Glue, EMR, Redshift, QuickSight and Kinesis).
The OpenSearch tool is used for operational data analysis and allows teams to do things like run interactive analytics, real-time application monitoring and website search. Teams can use this tool without worrying about provisioning, configuring or scaling the infrastructure, a trend we continue to see in the cloud.
The next set of announcements were focused on data integration.
In a world where data lives in various locations, owned by different resources, combining data to provide meaningful data sets to those who need them can be a challenge. A common method of doing this is ETL (Extract Transform Load), which is essentially moving data from various locations into a central repository to then be worked on.
Over the past few years, Amazon has been working to solve this problem in services like Athena, Redshift and SageMaker. Amazon announced this week that they now offer Aurora Zero-ETL Integration with Amazon Redshift, which will provide near-real time analytics and ML on transactional data without the need to build and maintain custom data pipelines between Aurora and Redshift. This is another serverless offering, which means no infrastructure to manage.
For those that utilize Apache Spark for analytics, Amazon also announced that they now have an Apache Spark integration for Redshift. This will allow users to run Spark queries on Redshift data from EMR, Glue and SageMaker.
Both of these announcements are a step forward for Amazon's vision of a zero-ETL future.
Now moving into the data governance part of the announcement.
Amazon announced Amazon DataZone, a new data management service that makes it faster and easier for customers to catalog, discover, share and govern data stored across AWS, on-premises and by third-party sources. This service is integrated with Athena, Redshift and QuickSight and provides an API for third-party sources. With Amazon DataZone, admins who oversee an organization's data assets can govern access to data with fine-grained controls to ensure the correct level of privileges. This makes it easy for engineers, data scientists, analysts and business users to access data throughout an organization so they can discover, use and collaborate with data to derive insights.
The final area I would like to cover announcements for in the data and analytics space is data insights. One of Amazons powerful insights tools, QuickSight, has a feature named "Q" that allows users to ask business questions and retrieve an output in the form of a visualization.
This makes getting insights easy, without needing to know query languages or ask someone else to do it for you. Getting insights from the past is great, but Amazon wanted to take it a step further, so they announced machine learning (ML) forecasting with QuickSight Q, a way to ask questions for the future: "What do sales for the next 12 months look like?"
This very powerful tool will make it easier for business users to get predictive data to help plan future business initiatives. On top of this, they also announced "Why" questions for Q. Users can now ask things like "Why were sales low in February?" and be able to analyze possible reasons from changes in the data. These solutions are generally available today.