AWS re:Invent 2018 is in full swing and the new service announcements are rolling in quickly. If you haven’t had a chance to follow along so far, we’ve already seen a large number of platform enhancements and new features to core services.  AWS also continues to push the innovation envelope by introducing new services for a number of emerging technology frontiers. A few examples include custom silicon with their A1 ARM-based instances, new services like RoboMaker for custom robotics programs, and Ground Station for satellite transmission, just to name a few.

Here are a handful of things that we’re particularly excited about here at Onica.

New Instances!

AWS has announced several new instances (which has become customary during re:Invent). Among the new instances (in addition to the A1 instances mentioned above) are C5n Instances, which offer an impressive 100 Gbps network capacity for their larger instance sizes. High network capacity is important for so many workloads that virtually everyone can benefit from this new specialized class, so whether you’re deploying High Performance Compute workloads in AWS or just trying to scale more containers in your Kubernetes cluster, you’ll be able to take advantage of the increased bandwidth.

A Service to Improve VPC Connections

Transit Gateway is a new service offering to take the place of what has been a traditionally clunky solution. Often our customers have multiple VPCs in multiple regions or across AWS accounts, while needing to maintain connectivity over one or more Direct Connects to datacenters. The traditional solution to this has been to create a Transit VPC, a specialized network hub that contains VPN appliances to connect all these other networks together. While this model has evolved and been successfully implemented in many places, it can become complicated, costly, and yet another resource on which to manage availability. By incorporating the features of a Transit VPC into one of their “Gateway” offerings, AWS has greatly simplified complex global architectures.

New Insights for CloudWatch Logs

CloudWatch Logs Insights is a new feature within CloudWatch Logs. We love CloudWatch Logs— it’s a great place to start aggregating log data in AWS because it’s easy and usable. In the past, the main downside has been that for in-depth analysis and querying you would really need to aggregate log data into a more specialized tool like Elasticsearch with Kibana, or an even fancier paid product, which can often generate unnecessary costs and management overhead. With the addition of Insights, you can now perform reasonably complex queries against your log data directly in CloudWatch Logs and generate visualizations for a given Log Group to easily find data or anomalies that you’re looking for. Larger log aggregation systems still have their place, but this simple task can now be accomplished without going into the deep end of unified logging!

Introducing Global Accelerator

Global Accelerator is a new service offering —think of it like a Content Delivery Network without caching. AWS has the opportunity to take advantage of their globally spanning network architecture, and allow your users to traverse more of the AWS internet instead of the wild-west that is the open internet. Once your AWS architecture is placed behind Global Accelerator, AWS will provide you with static IP addresses to use for your global customers. These IP addresses will direct users to the resources located closest to the users by geo-IP lookups, avoid sending them to regions that fail health-checks or have higher latency, and allow for cleaner solutions for global scale, failover and disaster recovery, and generally increased performance.

Tackling Serverless with Firecracker

Firecracker is possibly the most interesting announcement so far. Unfortunately this is a tough one to crack for a lot of people, and it took me a while to really understand the possibilities here. Firecracker boils down to a KVM-based virtualization platform, used to deploy “microVMs”. Essentially, this means that where an organization may not have been sold on the idea of using containers because of the potential security risks of sharing kernelspace, there’s a new opportunity to launch these small, ephemeral workloads in a more secure environment. KVM is tried and true, and has been trusted for years to secure and segregate workloads from each other. The more exciting aspect of this in my opinion is that Firecracker is an open source project, and can be deployed on either AWS baremetal instances or on any other baremetal system (on premise, laptops, etc). This opens the door for truly hybrid environments and the opportunity to start running functions-as-a-service in places other than AWS, including testing Lambda environments or localized deployments. It also means that industries concerned with the security around containerized workloads can rest easier knowing that KVM has their back.

These are just a taste of some of the AWSome things AWS is announcing at re:Invent 2018. Stay tuned for more as the week progresses by subscribing to our blog!


William Kray

About William Kray

William Kray is Lead DevOps Architect at Onica, and has designed and led many projects there. His work spans from small startups looking to optimize AWS workflows all the way to large enterprise migrations and complex architectures in the public cloud.