AWS Puts Up a New VPC Lattice to Ease the Growth of Your Connectivity
AKA Welcome to April (how is it April already?) This week, Justin, Jonathan, and Matt are your guides through all the latest and greatest in Cloud news; including VPC Lattice from AWS, the one and only time we’ll talk about Service Catalog, and an ultra premium DDoS experience. All this week on The Cloud Pod.
This week’s alternate title(s):
- AWS Finally makes service catalogs good with Terraform
- Amazon continues to believe retailers with supply chain will give all their data to them
- Azure copies your data from S3… AWS copies your data from Azure Blobs… or how I set money on fire with data egress charges
News this Week:
AWS
@00:56 - Lots from AWS – Terraform and Service Catalog, Supply Chain and its crazy pricing, and VPC Lattice
-
Self-service provisioning of Terraform open source configured with AWS Service Catalog. This means you can define your service catalog resources with either cloud formation *or* Terraform. And yes, Service Catalog inception is potentially a viable thing.
Matt: “It’s useful when you want to give people who don’t know what they’re doing very specific things; if you’re in a large organization, really just defining exactly what people can do…but to me it really starts to remove a lot of the innovation… but if you really want your teams to leverage the cloud and innovate I feel like it does start to limit some of the different aspects of the cloud.”
Justin: “Don’t drink the ITSM kool-aid on Service Catalog.”
@ 04:32 -
AWS Supply Chain is now generally available; and yes, this is the same Supply Chain that was introduced at re:Invent. AWS says it will help mitigate risks, lower costs, increase visibility and help give actual insights on the supply chain.
-Honestly, we’re talking about Supply Chain because the pricing is all over the place. For example, the first 100,000 Supply Chain insights are .40/each; the next 900,000 are .13/each, and over 900,000 its .065/each.
@ 09:26 -
VPC Lattice is finally here! Also announced at re:Invent, this gives you the ability to connect, secure, & monitor communications between services. It also gives the ability to refine policies for both traffic management and network access.
-Since the announcement, a few new capabilities have been added, including the ability to use custom domains, deploy open source AWS gateway API controllers to use Lattice with a Kubernetes-native experience, as well as giving the ability to configure SSL/TLS certificates when using HTTPS that matches the custom domain.
You can also:
- use the Kubernetes gateway API to connect services across multiple clusters
- use an ALB or an NLB as a target for service
- support IPv6 connectivity with IP address target type
- -be confused by pricing
Justin: “Their examples of Lattice pricing hurts my brain just a little bit.”
@ 13:36 -
Guard Duty now supports Amazon EKS Runtime monitoring, which lets you detect Runtime threats from over 30 security findings via an EKS add on, which gives increased visibility on individual container Runtime activity. Guard Duty can tell you which potential containers are compromised, and it can be combined with audit logs. It’s kind of nice to see AWS growing the Guard Duty platform.
@ 18:40 -
AWS Data Sync now supports copying data from Azure Blob in a moment of “us too” when compared to Blob’s data sync.
Justin: “Now you can set up a really cool loop, where you can have your AWS data sync take your Blob data and then your Blob sync take the data back from S3 and that’s how you can burn a lot of money really quickly.”
GCP
@20:23 - Nothing of interest from GCP this week, just like last week. They had two things in their “what's new this week” but neither of those things were really new. One of them centered around the
Looker Modeler for BI metrics. So that happened.
Azure
@ 21:24 - Announcing!
Firewall enhancements for Azure! Now you have the ability to troubleshoot network performance and traffic visibility. The announcement included enhancements to logging and metrics, and offered a preview of three new tools for network administrators, including latency probe metrics, a flow trace log, and the unfortunately named fat flows (or top flows) log. It’s fine if you want to prove it’s not your firewall causing the problems, but otherwise, is it too much to ask for this all to just *work*?
Justin: “Of course Azure firewall is a cloud native firewall, so I don't want any of those things; just provide those to me in a dashboard or a security tool that would tell me these things are broken…instead you’re going to charge me a bunch of money for those other three tools, so thanks for that… but I prefer not worrying about this in my cloud.”
Jonathan: “I like the visibility, but I don’t want to have to worry about this stuff.”
@ 24:44 -
DDos IP protection is entering general availability - a whole new skew on DDoS protection! This is geared towards small businesses, although the guys agree that you must be a REALLY small business to make this make sense monetarily, since Rapid Response Support, cost protection, and Azure Firewall Manager, and AWAF discounts are all missing from the base package. As a group, we’re just really looking forward to that ultra-premium DDos experience from Azure.
Oracle
- No Oracle news today. Not even any mud slinging.
Continuing our Cloud Journey Series Talks
- We WERE going to talk about Kubernetes, because let’s be real. Who *isn’t* talking about Kubernetes. But Ryan decided he didn’t want to get out of bed this week, so we’re skipping our Cloud Journey series for this week, until he can rejoin us.
Spotted on the Horizon
- Next week on the podcast we’re hopeful Ryan will grace us with his presence. Then we’ll get back into our Cloud Journey series.
News That Didn’t Make the Main Show
AWS
GCP
Azure
Oracle