Originally posted on 2022-04-06 in 2 forms:

  • Public: https://alkoclick.medium.com/insights-from-aws-summit-brussels-eed749b93d0
  • Internal: No link here ;)

Not for public disclosure until some filtering is done

AWS Summit Brussels 2022 is the first post-covid conference I attended. This document summarizes my insights from the conference.

Schedule

AWS Summit was a daily event and I attended the following presentations:

  • Practical guide to incident response with NXP
  • AWS Well-Architected Framework for sustainability
  • Keynote
  • Simplify cloud governance with AWS Control Tower
  • Highly Regulated workloads on AWS
  • Build a zero-trust architecture on AWS (I accidentally got in the wrong room so I watched about VMWare Tanzu instead)

Feel free to reach out if youā€™d like to discuss about the specifics of any presentation!

Key Learnings

  • Incident response (IR):
    • Nearly impossible to do IR without a definition of a Cloud Consumer within the company, explicitly accountable as resource owner
    • It takes years to build and automate such a process, but you can start by just writing response playbooks after a few events and executing them manually
    • Donā€™t forget the post-mortem! People often do
    • Plan to have security controls that cover both both Preventive (before) and Detective (after) measures
    • AWS has a managed service for IR: AWS Systems Manager Incident Manager.
    • Responders who acknowledge an event can be required to provide some authentication (e.g an access code sent by mail).
  • Sustainability:
    • AWS has reduced their timeline for hitting net 0 carbon from 2030 to 2025. Iā€™m not sure how much theyā€™re ā€œcheatingā€ (e.g buying CO2 credits) or just legitimately good at converting to renewable energy, probably both. Either way, climate targets seem poasible to hit and the industry is picking up steam.
    • AWS has released a report that allows you to see the total carbon footprint of your organization. Cloudflare also has such a report feature, I donā€™t know about other providers
    • Resilience and Sustainability may have opposite pulls in SLAs, prepare to balance them
    • Sustainability has been added as the 6th pillar of the AWS Well-Architected Framework
    • Sustainable scheduling: Reducing peaks optimizes your resource usage, schedule smartly to distribute load on low periods and vice-versa
    • Hardware patterns: Aim for 70-80% utilization in a CPU, Graviton=good, Graviton3=better
    • Data patterns: Optimize your log storage, set up deletion policies, consider ZSTD instead of Gzip/LZ4 as a compression algorithm
  • Migrations:
    • KPN found it easier not to lift-n-shift but rather rebuild a lot of apps for the Cloud
    • Cloud Council of European Commissionā€™s position on cloud providers: ā€œhappy to stay, if we are free to leaveā€
    • (EU Commission) Serverless but not cloud native
    • (EU Commission) ā€œThe business people think ā€˜our data is not safe in the cloudā€™, the technicians think the oppositeā€
  • Platform
    • Data Residency includes both storage and processing of data but people often forget or ignore the latter
    • GDPR compliance is much harder when you need to have people from different organizations working together
    • AWS LandingZone is no longer maintained
    • ā€œChoose applicationā€ - ā€œChoose datasetā€ - ā€œChoose storageā€ are the 3 choices presented to cloud consumers at SURF
    • To help research orgs get in the cloud, SURF have the concept of ā€œIT supporterā€, who is someone who helps the team onboard into tooling
  • In a post-covid world, conference halls can fill up quickly. I entered the conf hall at 8:30, at 09:30 queues were longer than 30 minutes and at around 10:00 they locked the event. If I had gone with a daily train I would probably not have been able to make it. Being early a conference is pretty worth it in the current state of things.

Thoughts & Actions

  • We should review our carbon footprint report. Iā€™ve skimmed our Cloudflare one already, but probably itā€™s good to discuss both reports with the entire team. Possibly good to have an expert for insights as well
  • Iā€™ve asked VMWare when CloudHealth is expected to support Carbon Footprint information and to what granularity, and they told me theyā€™d check their product roadmap and get back to me.
  • I talked to Couchbase and theyā€™d love to do a demo workshop to us on a Developer Day. Can we check if there is dev interest?
  • We should really be looking into enabling AWS Config, GuardDuty and other resources with preconfigured rules. What is the best way to approach this?