AWS re:Invent 2023 took place in Las Vegas and I was fortunate to attend with a co-worker. This event mirrored the scale and impact of major tech conferences like Cisco LIVE. It featured content and sessions that were in sync with emerging trends in generative AI, security, compliance, and observability. The event provided an opportunity to thoroughly explore cloud and hybrid-cloud subjects, gain insights from industry leaders, and engage in hands-on learning through tailored labs.
Key Takeaways
- Technical debt continually accrues interest and eventually becomes unbearable. It must be repaid.
- Consider cost at all tiers of the application. Apply cost allocation tags everywhere and generate insights into the true cost of the infrastructure by business unit. Use myApplications to organize resources.
- Utilize AWS System Manager and CloudWatch agents to provide better observability. Configure Amazon Inspector to scan all compatible resources for CVEs. Ensure all infrastructure objects are logging and monitored.
- Adopt infrastructure as code everywhere and ensure all environments from development to production are covered.
- Amazon Q is the new AI engine trained specifically for AWS infrastructure and has capabilities to provide answers securely about our environment.
Schedule
Monday - 27 Nov
- 08:15: Arrive in LAS, registration, badge pickup, and certification verification
- 11:30: Attended "ARC330-R: Rapidly build a production-ready, full-stack application on AWS" session
- 13:00: Attended "BOA207: A developer's guide to cloud networking"
- 15:30: Hotel check-in
- 17:30: Dinner
- 19:00: Sphere Experience
Tuesday - 28 Nov
- 07:30: Breakfast
- 08:00: Keynote
- 11:00: Transit to Mandalay Bay
- 11:30: Attended "ANT325: Amazon Redshift: A decade of innovation in cloud data warehousing" session
- 12:30: Lunch
- 13:00: Self paced labs
- 16:00: Attended "ANT317: How Rivian builds real-time analytics from electric vehicles"
- 17:30: Dinner
- 19:00: Personal AWS R&D
Wednesday - 29 Nov
- 07:30: Breakfast
- 08:00: Keynote
- 09:00: Self paced labs
- 11:00: Expo floor exploring
- 13:00: Self paced labs
- 16:30: Expo happy hour
- 17:15: Dinner
- 18:00: After hours labs
- 20:00: Personal AWS R&D
Thursday - 30 Nov
- 07:30: Breakfast
- 08:00: Keynote
- 11:00: Lunch
- 11:45: Attended "COP343: Building observability to increase resilency"
- 12:30: Attended "SVS401: Best practices for serverless developers"
- 14:00: Attended "COP349: Demonstration of what's new with AWS observability and operations"
- 15:45: Depart
Sessions Summary
- BOA207: A developer's guide to cloud networking
- ANT325: Amazon Redshift: A decade of innovation in cloud data warehousing
- ANT317: How Rivian builds real-time analytics from electric vehicles
- ARC330-R: Rapidly build a production-ready, full-stack application on AWS
- KEY002-OF11: Adam Selipsky Keynote
- KEY005-OF4: Dr. Vogel Keynote
- COP343: Building observability to increase resilency
- SVS401: Best practices for serverless developers
- COP349: Demonstration of what's new with AWS observability and operations
- SMB206-R1: Data readiness for deriving business insight with analytics and AIML.
Labs Completed
- SPL-233: Scale Your Security Vulnerability Testing with Amazon Inspector
- SPL-73: Performing a Basic Audit of Your AWS Environment
- SPL-75: Auditing Your Security with AWS Trusted Advisor
- SPL-TF-200-SIAWAF-1: Filtering and blocking web incursions with AWS WAF
- SPL-TF-100-NWNIDL-1: Build, Secure, and Monitor Networks on AWS
- SPL-DD-300-DOTES2-1: Automate Deployment Testing and Continuous Monitoring with AWS Tools
Noteworthy Concepts
Cost Considerations
- Remember that the cost to build dwarfs the cost to operate.
- Applications have real world energy costs in terms of the amount of compute needed to operate. Rust is most efficient.
- Unchallenged success leads to assumptions so confront your beliefs. The Frugal Architect.
- Update WAF policies to include the AWSManagedRulesCommonRuleSet and AWSManagedRulesSQLiRuleSet managed rules.
Observability & Resilience
- Configure VPC flow logs for all network resources and ensure CloudWatch log groups are provisioned.
- Design ACLs for multi-tiered web applications by using security groups and the source/destination criteria.
- AWS X-Ray can help improve application insights, but needs to be included within function logic.
- .NET containerized workloads combined with Amazon RDS & ElastiCache could be viable for websites using .NET core.
- CodePipeline, CodeBuild, CodeCommit, and CloudFormation could be viable CI/CD pipelines for developers.
- Utilize API Gateway as an abstraction layer to provide access to organization data such as Active Directory.
- When migrating to serverless architecture, split application logic into separate lambda functions for better security and logging boundaries.
CI/CD & Development
- It isn't always possible to have a fully local development environment when working with cloud resources such as lambda. Ensure that CloudFormation or IaC templates exist to spin up environments quickly for developers.
- Cloud9, CodeWhisperer, and Q as tools could be useful for developers.
- When developing lambda functions, include only what you're using when it comes to dependencies.
- Use proactive controls such as CloudFormation Guard and Linter, AWS Config (proactive mode), and AWS signer prior to deploying resources.
- Use detective controls such as AWS Config (detective mode) and AWS Inspector after deploying resources
- CloudWatch provides detailed insights about application reliability and has machine learning abilities to aggregate log events
Labs to Explore Further
- SPL-87: Introduction to AWS Key Management Service
- SPL-TF-200-DBASV2-1: Effortless Relational Scalability with Amazon Aurora Serverless v2
- SPL-06: Using Amazon RDS for Applications
- SPL-32: Introduction to Amazon Aurora
- SPL-TF-300-SVLASS-1: Lift and Shift an Application to Serverless on AWS
Photo Gallery
Sphere Experience
PGA Tour Trophy
Snowball
Outpost
Lab Time
Showroom Theatre
High Roller
AWS Certification SWAG
Expo SWAG
