Cloud is *facepalm* sometimes

As I was doing a newsletter to let customers know about our cloud audit product I was realising how far I've come in my own AWS journey. BUT also how difficult Public Cloud can be.

The reality is that after using AWS for over 10 years now and helping customers and some of the top AWS partners for at least the last 8 years.... AWS still makes me want to bury my head in the sand some days.

I loved AWS when they first started out, I could do 1 of 3 things:

• Spin up an EC2

• Store stuff in an S3 bucket

• Setup an SQS messaging queue.


Now.. AWS has over 150 something services and each service has dozens if not hundreds of configuration options and sub features. This literally makes AWS the most complex Public Cloud provider of choice.

Isn’t there a saying “With great power comes great responsibility”?

This is ever true of Public Cloud and specifically Amazon Web Services. I’m not saying I prefer to do stuff on premise or with traditional approaches to IT, BUT you can’t go into this cloud game in a mad rush, expecting to get the best out of it.

Examples:

Example 1: Launch a server

If you want to launch an EC2 Instance, just a simple EC2 instance it requires you to either go through 7 steps (and about 25 form fields) before you can launch just an instance or alternatively write a CloudFormation template or CLI command (by the way CloudFormation is by far the most repeatable and manageable way if you have a template - see end of this for links to some templates to get started).

This speaks nothing of knowing how to secure the instance, knowing what to do next e.g. login with your PEM key and then ensure only the correct ports are used.

But launching an EC2 instance by itself does not provide or get much value out of AWS, ideally you want to be launching Autoscaling groups and Application Load Balancers with well defined security groups. Again… Knowing where to start is often the key - and that is another issue… Go to the docs and read piles of documentation before actually getting something up and running.

Example 2: Setup a new Account

Setting up a new account is easy. HOWEVER… when you setup a new AWS Account and if you are completely new to AWS you have several things to now consider:

• What is the purpose of my AWS Account? Is it just for dev? Or am I an Enterprise that wants to deploy several apps and migrate data?
• What region do I want to launch in? (24 and growing)
• Which Availability Zone do I want to use?

You have this default VPC (Virtual Private Cloud) that has the exact same CIDR as everyone else’s account. So do you use the default one or think about connectivity to my other apps/network/WAN/on premise/other clouds…. If you are an Enterprise… you need a strategy just for VPC Design….

Ingress/Egress, storage options (S3 etc), Backups, Default security, performance requirements etc. etc…

Landing Zones seeks to remove some of the burden of AWS Account structure and security, setup etc… in the Enterprise… But again more complexity

Example 3: Data Migration

There are so many options for migrating and storing data in AWS that it can become confusing… getting it there may be a matter of clicking a few buttons and now you have your data migrated. But that’s just the beginning.

There are several questions to answer about your data, including policies, governance, speed of access, use cases, storage types, application usage, reporting, analytics, the list is endless etc…

Example 4: Billing

Billing seems simple, AWS provide a ton of great tools (Cost Explorer etc…) to make reporting on your bill easier… but if you’ve had either Bill Shock or just plain confused about what makes up the invoice you’re not alone!

This is just the tip of the iceberg. When you move to AWS you are opening a world of opportunities, but you are also opening up a can of worms. Go in with your eyes wide open - Don’t buy into the hype of “It’s easy”. It is at first, but it’s when you open it up across your organisation - moving from innovation and “Proof of Concept” to delivery.

This leads me to some other thoughts which I’ve shared before and that is the “How you approach cloud” question.

The best way I know how is not to migrate everything straight away - that takes careful planning. One thing I really go for is new projects and new innovation - pick a problem and go after it on AWS.

Get to know some of the services available - Serverless products, Sage Maker, IOT, AWS Marketplace. These can help you accelerate better outcomes without using traditional, long project life cycles.

If you get stuck… you know what to do :) Flick me a message, email (ben@teem.cloud)...