The Road to AWS re:Invent 2018 – Weekly Predictions, Part 3: Quality of Life
For the last two weeks, I’ve been making predictions of what might be announced at AWS’ upcoming re:Invent conference. In week 1, I made some guesses around potential serverless offerings. For week 2, I focused on data processing and data pipelines - e.g. data 2.0.
This week, I’m going to focus on some little changes that can just make things a little bit easier. These could easily be swept under the rug, but sometimes the little things make a big difference. Things like the recently announced S3 public access protection, and streaming support for Transcribe are great examples of little things that are quite impactful.
I’ll take a break from long descriptions and just punch out some bullet lists of predictions/wish-list items.
Improved Cross Account behavior
Given how much creating a multi-account organization is promoted - both from a security perspective, as well as a functional one (limits per-account, etc.), any improvements to this area would be greatly appreciated. The announcement of the start of cross account resource management is a great start. Some hopeful additional announcements in this area:
- Multi-account view within the console - especially for IAM - new Resource Access Manager is a good start - it feels a little ‘bolted on’ - but progress is good!
- CloudFormation support for individual resources to be created in another account
- Route53 subdomains being owned by different accounts for private zones
- Significant improvements in ease of auditability of sub-account/assumed role actions to source IAM user
- Consolidated CloudTrail of accounts by default
- Allowing usage of Certificate Manager provisioned HTTPS certificates across accounts
- Better web console experience for organizations and multiple accounts
IAM & Security Improvements
Authentication and security are obviously keystones in AWS - and improving anything in this area will significantly help all customers.
Some small improvements that will be highly impactful:
- Better MFA support in CLI actions - having to assume a role or do weird profile tricks is no fun and discourages MFA usage
- CloudTrail with MFA delete and an Athena table definition on by default for new accounts. Alternatively, allow setting MFA delete on a CloudTrail bucket without violating security practices (by issuing API key/secret as root account to run the command)
- While not really AWS’ responsibility, MFA ‘push’ notifications - one-click approval from unlocked mobile device
- Proactive security alerts - regularly send notifications should items be found - allow snooze/ignore - additionally ensure default settings for all services are in line with AWS’ own best practices, and force confirmation should users attempt to deploy features in a manner that doesn’t align with them.
There are a lot of other areas that can be improved by making a few minor adjustments:
- Nothing is GA unless CloudFormation supports it.
- All-in-one setup for S3 hosted websites - serve content, custom DNS name, https certificate, along with http -> https redirection by default. Add in some simple .htaccess - like support would be useful too
- Session Manager support for SSH connections - it was mentioned in its release announcement, but releasing it will be great.
- A better email management option - instead of per user per month model - let me pay based on email volume, or have a better email forwarding / management offering.
- Budget enforcement - disabling of either IAM keys or killing resources based on amount spent.
Obviously, most of these won’t happen. With re:Invent this week, this will be the last part in this series. While there, I’ll do a follow-up post to the keynote addresses to judge how well I did with these predictions - and to see what is announced that I didn’t see coming.
Hopefully by looking at the guesses I’ve made, you can think of some areas where leveraging the cloud can help your business in new ways - the massive toolbox that AWS (and other cloud vendors) provide you give you an entirely new way of looking at building products. By mixing and matching traditional infrastructure, ‘serverless’ tools, managed services, and your imagination - you can truly bring your products to your customers faster, cheaper, and in a more scalable manner than ever before.
Going to re:invent? Have some thoughts on this? What are your guesses on what will be announced? Comment below and let me know what you think.
[bctt tweet="The last in @MrDanGreene's 3-part series of predictions on what he expects to see at #reInvent revolve around general quality of life improvements for #AWS users. Read up to see how accurate Dan's crystal ball is! " username="3pillarglobal"]