Notes from the Field: AWS re:Invent 2018

Tim Woods

AWS re:Invent 2018 is in the books, and this one did not disappoint, with presentations and sessions spread across five hotel conference centers populated by more than 65,000 attendees – a whopping 20,000 more than last year!

The increased attendance shouldn’t really surprise us; it underscores the booming growth of connected cloud applications and real-time data sources. And, the need for continuous access to data and the rate at which developers are developing will only accelerate. Businesses recognize that they must capitalize on the new dynamics offered by real-time cloud services if they are to remain competitive and relevant – and because of this, it would not surprise me if AWS re:Invent attracts 100,000 attendees before we ring in 2020. 

There was something for everybody at this show, with more than 450 re:Invent sessions ranging from big data and analytics, to database advances, serverless architecture deployments, containers, micro services, machine learning, AI and security. Here are some of the highlights from my point of view:


Highlight #1: Go Deep Racer, Go!

The most fun announcement at AWS re:Invent this year centered around a new fully autonomous 1/18th scale race car named DeepRacer. Aside from being a cool little car, DeepRacer’s real job is to train developers on reinforcement learning (RL), an advanced machine learning (ML) technique, which, you might have guessed, is what gives DeepRacer its autonomous driving capabilities. Along with DeepRacer, AWS also announced a supporting 3D racing simulator and a global racing league with annual competitions. What a fun way to learn ML!

Beyond DeepRacer and other fun stuff, storage resiliency took center stage at the show, but I was extremely pleased to see a strong emphasis placed on the many advancements in cloud security. One takeaway quote I captured was: “Security should not be a tax, but rather an enabler. The minute you say ‘no’ people will, and do, look for a way around you.”


Highlight #2: AWS Goes SOC-less

Did you know that AWS does not have a traditional SOC?  They believe that if you have to wait for a human to catch something on a monitor, you’re already too late. Moreover, AWS places priority on mechanisms for automation and reducing human access to data. One recent initiative challenged the AWS teams to reduce human access to data by 80%. The general response was “you’re crazy!” but the result of the challenge achieved new levels of automation efficiencies they had never before seen.


Another goal was to minimize the AWS attack surface area, which, in practical terms, means “if the code isn’t there, it can’t be exploited.”  This also holds true for limiting access. Access to data should only be by design and should always be secure. Only make available what is necessary to meet the objectives of the business. These are good principles for anyone to follow.

Highlight #3: Plugging those Pesky S3 Bucket Leaks

No doubt AWS was not pleased with the attention they received over the last year around leaky S3 buckets. While there have always been sufficient controls in place to limit unintended S3 bucket access, it was obvious that configuration mistakes were still taking place all too frequently. As a result, AWS announced a new “Amazon S3 Block Public Access” setting. 

This new feature is designed to make it easier to protect buckets and objects. As AWS puts it, “If an AWS account is used to host a data lake or another business application, blocking public access will serve as an account-level guard against accidental public exposure.”

This particular announcement was met with robust applause from the audience!

Read about new functionality to block s3 bucket public access

Highlight #4: AWS Control Tower 

AWS made it clear to all builders and architects in the house: “We are listening!”

AWS had received a significant amount of feedback from customers that they would be willing to sacrifice some control and granularity in exchange for pre-built blueprints that offer a faster and easier way to set up and manage a baseline AWS environment or landing zone. And, AWS has delivered with AWS Control Tower.

As they describe it: “AWS Control Tower automates the set-up of a baseline environment, or landing zone, that is a secure, well-architected multi-account AWS environment. The configuration of the landing zone is based on best practices that have been established by working with thousands of enterprise customers to create a secure environment that makes it easier to govern AWS workloads with rules for security, operations, and compliance.”


Highlight #5: Security Takes Center Stage!

Another announcement I found exciting, and definitely one that FireMon will be contributing to, is the new AWS Security Hub.  Security Hub offers aggregated findings across your cloud infrastructure of AWS services and partner solutions, pre-configured and custom security insights, and multi-account support. 

AWS announced they have added 239 new security related items over the last 12 months!


Highlight #6: VMWARE Cloud on AWS



In closing, I will also say it was good to see the continued strong partnership between AWS and VMware.   VMware’s CEO Pat Gelsinger took the stage with AWS CEO Andy Jassy to talk about the continued growing relationship between AWS and VMware. If you’re not familiar with this relationship, it brings VMware’s enterprise-class SDDC software to the AWS Cloud with optimized access to native AWS services… it’s what we in “the business” call a Win-Win. 

I’ve only touched on a small portion of everything that was presented at this year’s show, but I hope it’s enough to encourage people to attend next year. It’s well worth the time and effort… and you may just be the attendee to push attendance over 100,000!