Our expert opinion on cloud.

Weolcan at AWS re:Invent 2017 - Day 2

Posted by Koen van Schijndel on 30-nov-2017 9:00:00
Find me on:

For Koen, Day 2 started with the 4KM Charity Run over the streets of Las Vegas, with the goal to support the Girls Who Code foundation, which is aimed at closing the gender gap in tech. Looking at the average visitor of re:Invent 2017 (over 80% men?) this is definetely needed. We'll use this day's blog to bundle insights from several sessions that we've followed.

Setting-up and automating AWS accounts at scale

No matter the size of your company, you always need multiple accounts to set-up an AWS environment if you want to do it right. Remember that an AWS account is the highest level of separation that can be achieved. A selection of some pressing reasons for using multiple accounts include:

  • Different business units, DevOps teams, workloads, etc. have different requirements
  • API limits and throtlling
  • Billing separation
Using AWS Organizations, which provides policy-based management for multiple accounts, a lot can be automated using Service Control Policies (SCP). An example of an SCP is enforcing the use of CloudTrail for auditing purposes in all accounts. Besides an Organizational Master Account (e.g. used for central policies, consolidated billing and volume discounts) some interesting use-cases for which to use a separte account are:
  • SecOps-account: for centralizing security control with the help of logging and scanning services. This account should have read/write access to other accounts, to be able to intervene if needed. Make sure to limit (unneccesary) access to this account as much as possible.
  • Sandbox-account: for providing a playground environment. This account does not need full permissions, but if the account inflation is similar to a production account, a great idea can easily be promoted to production.

In a seperate blog we'll elaborate further on what an enterprise multi-account framework looks like.

Barclays' experiences on banking in the cloud

Despite being highly-regulated, banks leveraging Public Cloud is not new, but does comes with some challenges. Therefore, Barclays story about their journey to the cloud turned out to be valuable. Barclays shared some examples of so-called cloud design anti-patterns used to tackle bank-specific issues and the choices it has made with regard to multiple accounts and region access to establish granular security control and compliance. Their key conclusions about the transition are:

  • Operate as a development team
  • Automate controls and react to user activity
  • AWS Identity and Access Management (IAM) is critical code, so test it thoroughly
  • Federate accountability; it's an integral part of DevOps
  • Enable many patterns to achieve optimisations

The end result is a cloud environment which is properly balanced between Governance and Control vs. Agility vs. Autonomy.

reinvent-Barclays-2.png

Amazon's voice service Alexa is changing the way we design applications

Think of a mobile app on your phone, for example one to place an online order. These kind of apps are based on flowchart-like information flows that contain specific sequential steps. If you build a Conversational UI application with AWS Alexa, the information flow is based on conversational interaction between humans. You can imagine that this kind of interaction can be far from structured and sequential. Real-life examples of succesful Alexa 'skills' include a skill build by Capital One, which allows its customer to interact with their accounts through their voices and Alexa.

Leverage AI for Industry 4.0 on AWS

Despite the fact that most manufacturing companies are in essence relatively innovative, a lot of them currently have to deal with the so-called 'handicap of a head start'. As their (IT) systems have grown organically over the years, quite impactful transformations are needed to get their automation 'up to par' with for example competiting start-ups in their industry. In this interesting session, AWS explained how to leverage its platform to overcome some of the challenges in the manufacturing industry, including:

  • Leverage analytics services on AWS to enrich the design and production process.
  • Use the Alexa Voice Service to guide engineers when performing maintenance and troubleshooting for complex industrial machines.
  • Leverage AWS Greengrass which can be used to run local compute, messaging, data caching, sync, and ML inference capabilities for connected devices in a secure way, even when the device is not connected to the internet.
  • Migrating relatively complex back-end systems for Product Lifecycle Management and ERP to AWS, which eases integration, for example with data analytices services.


Want to learn more?

Christian and Koen are at AWS re:Invent 2017 in Las Vegas. Check our blog for new updates in the upcoming days and follow us on Twitter.

 

Topics: AWS re:Invent 2017