Time flies, it’s already the 3rd day at AWS re:Invent in Las Vegas. As I like to have dedicated time for hands-on I started again the day with another workshop. It’s a lot of knowledge to process daily, when taking the workshop here, AWS provides a temporary account and prepared environments but hopefully most of the workshops can be done on your own accounts later. The topic was the multi-account strategy and how to create/manage them. An account can be seen as a strong security boundary, at dbi services, as a best practice we recommend to apply the landing zone concept. The key is to split the workloads across different accounts, for example the shared services in an infrastructure account while the logs are centralised in another account so they cannot be tempered.
Network is one of the most important core service connecting applications and users. To get some insights on another part of the cloud journey, I went to a session about NetDevOps. I was curious to see how to apply the concepts of pipelines and CI/CD to the network. Below are 2 slides I think showing important best practices or pre-requisites for CI/CD.
In order to be able to scale, you need to break down in smaller pieces. Once your shared platform is ready, you can give the ownership to application teams. Of course, you’ll need to enforce some compliance. The best way to achieve it is to write your own validated Infrastructure as Code template they can reuse. It was very interesting.
Some people from GE then came to the stage to explain how they applied those principles when they migrated to AWS Transit Gateway.
I work now more on architecture and operation side. But I was a developer in the past and I wanted to complete the tour. I attended another workshop about building a Serverless SaaS (Software as a Service) application in AWS. The workshop is inspired by the SaaS Factory Serverless SaaS reference solution available on Github. I had the opportunity to deploy a full application using only serverless and managed services like S3, API Gateway and AWS Lambda. The workshop then guided us through some challenges developers faces when creating a SaaS solution like Identity and multi-tenancy management. Unfortunately I was not able to complete the workshop till the end as I faced an issue with deploying one part of the update to the application with Cloud Formation. I’ll try to catch up later as it’s interesting to understand better the developer needs.
AWS re:Invent is also available virtually this year. Just join https://virtual.reinvent.awsevents.com/ if you’re interested.