Companies add new services and features based on customer feedback all the time, and Amazon is no exception. In fact, the company launches a staggering 95 percent of new products and services in response to what users want, Amazon CTO Werner Vogels said in his keynote at AWS re:Invent on Thursday.
A customer-driven approach is baked into the culture at Amazon and is even included at the top of its list of Leadership Principles: “Leaders start with the customer and work backwards. They work vigorously to earn and keep customer trust. Although leaders pay attention to competitors, they obsess over customers.”
This so-called customer obsession was seen in action this week at AWS re:Invent is Las Vegas, as the company unveiled new AWS services one after another, from a compute and storage rack for customers to run AWS cloud on-premises, to a machine learning inference chip, to a mini-racecar for developers to practice reinforcement learning, through Amazon SageMaker. The reality is, for every flashy new service, there are dozens more AWS services that may not get a standing ovation but are nevertheless important to how cloud pros do their jobs, saving them significant time.
One of those smaller news items is the immediate availability of hibernation for EC2 instances, which Amazon said will save users time when they need to reboot a cloud instance. While the cloud allows users to spin up resources and scale as needed within seconds, AWS said that booting the OS and application can take “considerable time.”
“Also, caches and other memory-centric application components can take some time (sometimes tens of minutes) to preload or warm up,” AWS cloud evangelist Jeff Barr said. “Both of these factors impose a delay that can force you to over-provision in case you need incremental capacity very quickly.”
The instance can pick up where it left off after hibernation because it stores the in-memory state of the instance, as well as its private and elastic IP addresses, AWS said. Customers pay for the EBS volumes and Elastic IP Addresses attached to instances in hibernation, but there are no other hourly charges.
Other AWS services designed to make its customers’ lives easier launched in preview this week include AWS Control Tower and AWS Security Hub.
AWS Control Tower automates the process of setting up a baseline environment, or landing zone, based on enterprise best practices, or blueprints, to create a secure multi-account AWS environment. Enterprises typically have many applications and distributed teams across AWS which can make it difficult to maintain a consistent level of security and compliance, AWS said.
AWS CEO Andy Jassy said that the blueprints allow administrators to set up an account factory so all employees in an organization know how to set up accounts the way an admin wants. To offer even more consistency, a feature called Guard Rails translates security and compliance rules to granular AWS policies and implements them.
“You should think of Guard Rails as pre-packaged rules that allow you to have the right security and operational control and compliance that you want,” Jassy said, “so you can pick things like don’t allow internet access for these specified accounts or disallow public readable storage or prevent any S3 object from being uploaded to an account where the object is not encrypted.”
This last control is of interest to anyone who has been following the security news over the past 24 months or so, where unencrypted Amazon S3 buckets have led to several data breaches.
“This is a much easier way with just a few clicks and a GUI for you to be able to manage your multi-account secure environment or landing zone in AWS,” Jassy said.
Taking this idea even further is AWS Security Hub, also available in preview starting this week. This service brings together security findings from all the software and tools – from third-party vendors and AWS – CISOs use to keep tabs on the security of their environments.
Jassy said the Security Hub will help CISOs “make sense of all the security findings from different software they use”, regardless of the data format or service. It will act as a place to centrally manage security and compliance and prioritize security findings based on their own preferences.