Favorite New AWS Products for 2017

Does the world need new 3D emojis?  No.  Does the world need serverless Aurora, canary deployments, container abstraction, and API logging?  Yes!!!  I guess I'm not the Apple fan boy that I used to be.

Here are my favorite AWS products announced this year at re:Invent 2017.

Serverless Aurora

This looks like an easier and cheaper way to use Aurora DB and Lambda functions.  Before this product was introduced, Lambda functions had to be properly configured in VPC in order to enable them to access Aurora DB.  This video I made illustrates this complexity.  Serverless Aurora is accessible via HTTP and should eliminate this heartburn.

Canary deployments for API GW/Lambda

This allows developers to "gently" roll out a new version of an API to a small percentage of customers.  Having the ability to do easily do this extremely cool!

AWS Fargate

When I first learned about ECS, I was surprised to the learn that its very server oriented.  Blah!  Fargate provides the much needed abstraction for containers.  

API Gateway Access Logging

API logging is very important in enterprise level applications.  I'm happy to see this feature and can't wait to use it.


These are just a few of my favorite new products from AWS this year.  Amazon continues to provide products that abstract the underlying servers at reasonable prices. This allows developers to focus on creating great apps and allows product owners to sleep at night knowing that there are no servers to manage.  Every year Amazon releases new products that solve real world problems faced by developers.  And that's no poo emoji. 

Serverless is Awesome

I recently built an API using the API Gateway and Lambda.  The API was built the "old fashioned way".   Zipping and uploading Node.js files was painful, and creating body mapping templates in the API Gateway was time consuming.

Serverless is essentially a deployment mechanism that abstracts the API Gateway, Lambda and other products from your favorite cloud provider.  It's a great way to create web API methods and cron jobs without worrying about Lambda functions, Cloud Watch events, and configuring with the API Gateway.  Apex is another tool that provides similar functionality.

Load Balancing Private EC2 Instances with AWS ELB

I got tripped up today while attempting to load balance a couple of EC2 instances in a private subnet using the ELB.  This backend architecture is typical of a highly available fault tolerant enterprise grade system.  It contains a public facing DMZ with a bastion server, a "private-ish" web tier and a private API tier.  

According to Amazon, when your VPC resembles this configuration you must create public subnets that reside in the same Availability Zone (AZ) as your private subnet in order to use ELB.  Otherwise your ELB will never connection to the web servers in the private subnets.

"When you create a load balancer, you must add one or more public subnets to the load balancer. If your instances are in private subnets, create public subnets in the same Availability Zones as the subnets with your instances; you will add these public subnets to the load balancer. " 

ELB must be associated with public subnets only.  I believe this is because ELB is nothing more than HA Proxy or some other equivalent under the hood.  Amazon recommends that subnets associated with ELB should be no smaller than /27, allowing 8 IPs to be used (if necessary) for ELB instances.

When you're building this stuff, it's a good idea to make sure everything is connected before code is deployed.  Python contains a simple HTTP server that you can use to simulate a web server on any port.  Simply create a directory, create an HTML file and execute the following in that directory:

  •  sudo python -m SimpleHTTPServer 80 &

CORRECTION: The text "Public Subnet for ELB/DMZ - us-east-1c" in the us-east-1d AZ should read: Public Subnet for ELB/DMZ - us-east-1d.



On September 06, 2016 I received my AWS Solutions Architect associate certification.  It was something that I wanted to do for awhile and I finally decided to buckle down and do it. 

The test was at a certified testing facility.  I had to empty my pockets of everything (keys, iPhone, etc) and lock them up in a locker.  I had to sign a waiver that acknowledged I was being video taped.  The classroom held about 50 people, however there was only one other person taking the same test.  The test was pretty tricky.  It was the fastest 80 minutes of my life.

An online class from Udemy helped me prepare for the test.  The class was 14 hours long with quizzes after each section.  It's amazing how large AWS has become over the years.  I believe everybody needs to take this class just to begin to understand AWS.  There's no need to reinvent the wheel when you can use a battle tested solution from AWS.