AWS re:Invent 2016 Sets Records for New Services and Attendance

What You Need to Know About the Top 7 AWS Security Issues

Read BlogRead

Interested in attending AWS re:Invent 2017? Take a look at what we’ll be up to.


AWS re:Invent 2016 has come and gone and what an event it was! This year had a record-breaking attendance of more than 30,000 people, showing the tremendous interest in all the advantages that the cloud has to offer. The expo floor (where Threat Stack was a Gold Sponsor) mirrored this growth with many new vendors to full-scale enterprise offerings with multi-floor architectures. It’s clear from this year’s re:Invent that the cloud industry has moved out of its infancy into full scale adoption across a vast number of  implementations.

So, what were our team’s key takeaways? It’s become clear that security is no longer a tax, but rather an investment into long-term organizational growth and success. Given the cloud’s explosive growth, security must be considered early on rather than as an afterthought. In addition to a strong interest in security, AWS launched many new services that will help to accelerate cloud adoption and enable companies to move even faster.

New From Amazon

Each year during the conference, Amazon unveils new features and products to expand or enhance the AWS ecosystem so that more workloads can be migrated to their cloud and to make adopting them easier.

This year Amazon announced several new services that made headlines. Amazon Athena is a new interactive query service that let’s you directly analyze data stored in S3. No more clusters to manage and tune as well as pay for when not in use, or significant load times for large data sets when trying to use other on-demand data query services. Store the data set once in S3 and start querying.

AWS Snowmobile was another hit. Large data sets that cannot be transferred in a timely manner through conventional means can now be transferred via a semi-truck and shipping container.

Screen Shot 2016-12-05 at 10.11.13 AM.png

Snowmobile will hold 100 PB of data and provides encryption while in transit as well as GPS, video surveillance, monitoring, and an optional escort.

While these are all interesting, the event unveiled some new features and services that have received less attention. They are, however, useful for enhancing an organization’s security and DevOps capabilities.

New EC2 Instance Types and Families

First, these are widely covered, but no list of what’s new from re:Invent would be complete without covering the new EC2 instance types and families:

Screen Shot 2016-12-05 at 11.02.49 AM.png

  • T2: new t2.xlarge and t2.2xlarge instances
    The T2 family of instances is designed for burstable workloads. The new instance types feature 16 GiB of memory and 4 vCPU, and 32 GiB of memory and 8 vCPU respectively.
  • C5: new compute optimized family
    The C series of EC2 instances is for compute intensive workloads. The family, expected in early 2017, will be their first based on Intel’s next-generation Skylake Xeon® processors. They will be able to scale up to 72 vCPUs and 144 GiB of memory.
  • I3: new I/O optimized family
    The I series of instances is for I/O intensive workloads. They can have up to 15.2 TB of locally attached storage featuring low-latency, Non-Volatile Memory Express (NVMe) based SSDs. They can deliver up to 3.3 million random IOPS at 4 KB block size and up to 16 GBs of sequential disk throughput. They provide enhanced networking and are EBS-optimized at no additional cost. The family will scale up to 64 vCPUs and 488 GiB of memory.
  • R4: new memory-optimized family
    The R family serves memory-intensive workloads, and the latest generation does it more cheaply per GiB of RAM than the previous generation. This generation also has improved networking bandwidth and latency when using Elastic Network Adapter. The family scales to 64 vCPUs and 488 GiB of DDR4 memory.

AWS Personal Health Dashboard

Quick, name a few of your usual AWS troubleshooting tools when trying to determine whether the problem is you or AWS. Twitter? Slack? How often are you asking, “Is anyone else seeing networking issues in us-east-1 this afternoon?” The AWS Personal Health Dashboard provides a view into the performance and availability of the AWS services you are using and alerts you to the changes in the health of those services. It also provides a central view of the upcoming infrastructure changes that might affect your resources, and allows you to plan accordingly. The Personal Health Dashboard provides a central location that enables you to review the health of the AWS resources you use and plan to maintain your reliability.

AWS Shield

The Mirai botnet has renewed focus on the dangers of DDoS attacks. DDos Attacks will probably only increase as the consumer space is being filled with a proliferation of connected devices. AWS Shield is an additional layer of protection that prevents against the most frequent forms of DDoS attacks that affect ELBs, CloudFront, and Route53. All this comes to AWS customers for no charge. If you require additional DDoS protection, AWS Shield Advanced provides AWS WAF for additional application layer protection and 24X7 access to the DDoS Response Team.

AWS OpsWork for Chef Automate

One of the hardest parts of bootstrapping a new environment is providing the configuration management for it. AWS OpsWorks for Chef Automate now provides a fully managed Chef server that enables you to use all the Chef-related tools you’re accustomed to such as chef-client, knife, and Chef DK and reduce the operational footprint of Chef down to managing your cookbooks.

AWS Organizations

Have multiple AWS accounts? Using multiple AWS accounts to segregate environments based on importance (e.g., development vs. production) or business units is a great way to keep a single AWS security breach from spreading through your organization. A misconfigured development environment doesn’t have to mean that an attacker can reach the production environment or that a unit within an organization can manage its own resources with reduced fear it will affect the greater organization.

While multiple accounts is a great means of isolating environments with different means, managing them can be frustrating and time consuming. Consolidated billing makes managing the finances easy, but what about providing oversight of those environments? The Business Intelligence team may benefit from its own organization, but does that team need access to all the services from AWS? Does it need to be exposing services via an ELB? Does it need to manage DNS via Route53? To solve that, AWS Organizations is now in preview and open for signup. This will let you centrally manage your AWS accounts by providing the ability to provision new accounts and lock down the services that are available in those accounts.

Amazon Aurora and RDS PostgresQL are HIPAA-eligible

If you’re in the healthcare space, you’re concerned with HIPAA compliance. If you already have a Business Associate Agreement (BAA) with AWS, you now have greater database flexibility as Amazon Aurora or Amazon RDS for PostgreSQL becomes a part of your HIPAA-compliant applications to store healthcare-related information, including protected health information (PHI).

The Takeaway

With all these exciting additions to the AWS portfolio, it’s no surprise that this event was such a success. We hope you had a great time and learned some valuable new things. Here at Threat Stack, we’re looking forward to the next AWS re:Invent with even more great attendees, vendors, and AWS services to come.


Interested in attending AWS re:Invent 2017? Take a look at what we’ll be up to.

What You Need to Know About the Top 7 AWS Security Issues

Read BlogRead