Blog   |   Cost Management   |   April 9, 2018

News You Can Use from AWS Summit San Francisco

Amazon held another AWS Summit on Wednesday, April 4, at the Moscone Center in San Francisco. They had a lot of room for presentations, learning, and even rewards for certified AWS professionals. AWS even broadcasted a live stream from the show floor, via Twitch, an Amazon company. Those sessions were recorded, so you can check it out if you missed it. All seven hours in fact. Or just read on, or watch our 15-minute webinar, for the highlights!

S3 One Zone-Infrequent Access

Amazon has had S3 Infrequent Access support for a long time. This lets you offload data that you rarely need access to using much cheaper storage. Think of old tax returns or baby photos. This saves Amazon money and they pass those savings on to you. We compare and contrast the different options in the following chart. You still benefit from the redundancy of multiple availability zones. But what if you don’t care about that redundancy, and want to save even more? You can now choose S3 One Zone-Infrequent Access for less important data that can be re-created or may already exist in another AWS Region. Pricing is 20% lower than for the S3 Standard-IA storage class.

S3 Storage Classes including the new S3 One Zone – Infrequent Access

S3 Select

Suppose you have data stored on an S3 bucket. If that data is stored in a large object, the entire object would need to be retrieved to gain access to even a small entry within that object. With S3 Select, you can retrieve a subset of data from within that S3 object, boosting performance by up to 400%. This new API works with Java, Python and the Command Line Interface. If the term Select sounds familiar, it’s because S3 Select works like a SQL database, using Select commands, but they are basically run on the S3 server, and only the desired data is retrieved. But there’s a cost of $0.002 per GB scanned and $0.0007 per GB returned.

S3 Select for optimized data retrieval

AWS Config Rules

One of the frustrating parts of managing a large enterprise with multiple accounts is you didn’t have a birds-eye view of your compliance status. You had to literally logout and login to each individual account to see that account’s status, or use custom software and leverage Amazon’s APIs. (Or, just use a tool like CloudCheckr.)
Now, you can create a dashboard in AWS Config to display a summary. This is a nice step forward, but keep in mind that it’s not a complete picture. You just see the total count of non-compliant rules across the organization, and only the Top Five non-compliant rules and Top Five accounts, (maybe that should be called the Bottom Five, since it’s the five worst offenders!) So while it is helpful, it’s not a cure-all.
CloudCheckr’s Multi-Account View doesn’t have these limitations, and also can be used for cost optimization as well. In fact, CloudCheckr has over 540 Best Practice Checks, and there is no per-rule fee, unlike AWS, which charges a minimum of $2 per rule, per month, per account. AWS only allows 50 rules per account, by default. While that helps avoid racking up a huge bill, it’s also limiting.

AWS Certificate Manager Private Certificate Authority

If you want to use Secure Sockets Layer encryption for traffic, you will need SSL certificates, and those certificates need to be signed by a certificate authority. Otherwise you get those annoying errors. But the cost of generating those certificates can add up. Now Amazon offers the ability to manage private certificates in one place with a secure, pay as you go, managed private certificate authority service. There’s even API support so you can manage renewals and avoid expiring certificates.

AWS Secrets Manager

As passwords get more complex, software developers have offered password managers, so you can have really complex passwords, but you don’t need to remember them. Instead you login to the password manager and it knows your passwords. Amazon’s new Secrets Manager works like a password manager but not just for passwords. After all, passwords are not the only secrets you need to manage. You also need to protect things like API keys, database credentials, or other types of secret information. This not only helps for securing and accessing passwords, but it helps for auditing and managing those secrets, including rotation. And because it’s built by Amazon, it has built-in support for Amazon’s database offerings. As with many AWS offerings, pricing is pay-as-you-go.

AWS Firewall Manager

AWS Firewall Manager is a new service that lets you create consistent rules for filtering traffic and apply those across your entire infrastructure, including new resources as they come online. Keep in mind that, like with other services, it’s free but they charge per rule per region by the hour, so your fees could add up. By comparison, CloudCheckr’s 540 Best Practice Checks, including blocklist filtering and security groups, come without any extra charges.
We were busy all day, but we were absolutely packed during our drone raffles. Our popular I CloudCheck AWS t-shirts went quickly.
Learn more about what CloudCheckr can do for AWS users.

Large crowds at the CloudCheckr booth at AWS Summit

Todd Bernhard headshot
About the Author

Todd Bernhard has been with CloudCheckr handling Product Marketing and Technical Evangelism roles since 2017. He holds multiple certifications including AWS Solutions Architect Associate, Microsoft Azure Fundamentals, Google Cloud Associate Engineer and FinOps Certified Practitioner. Prior to joining CloudCheckr, Mr. Bernhard was an award-winning, bestselling mobile app developer and entrepreneur and previously worked for Sun Microsystems, as an Evangelist, Sales and Technical Trainer and Product Marketing Manager for Sun’s high-end data center servers.