It’s been an action packed month with all of the announcements and updates coming from AWS this February! While this blog won’t include all of the February announcements, we’ve curated a list that could benefit the enterprise thought leader working to drive cloud adoption and efficiency within their organization. This month’s key announcements for the AWS enterprise user include a new desktop client for AWS Client VPN, a Serverless lens for the Well-Architected Tool, canary deployments to Amazon ECS using AWS CodeDeploy, and simplified deployments (even automated!) across accounts managed by AWS Organizations using AWS CloudFormation StackSets. Let’s dive in!
Desktop Client for AWS Client VPN
AWS Client VPN is a managed service launched in December 2018 that allows users to securely access their AWS environments and on premise networks from anywhere, using OpenVPN-based clients. As a fully-managed, highly available and elastic service, AWS Client VPN automatically scales up or down the number of available client connections based on user demand. No more having to procure the correct licensing model with for-pay third-party tools, or having to restrict your behavior to the “free tier” that third-party tool restrictions may impose. Being based on the OpenVPN framework made desktop clients fairly simple to find, but they only provided basic connectivity and lacked advanced authentication and management capabilities.
To change that, AWS has announced the launch of their own desktop client for AWS Client VPN. This client is built by AWS and is available for Windows and macOS. It is a simple download and install that allows you to create a profile using your VPN configuration file in a matter of moments.
AWS Client VPN offers the following features and functionality:
- Secure connections – It provides a secure TLS connection from any location using the OpenVPN client.
- Managed service – It is an AWS managed service, so it removes the operational burden of deploying and managing a third-party remote access VPN solution.
- High availability and elasticity – It automatically scales to the number of users connecting to your AWS resources and on-premises resources.
- Authentication – It supports client authentication using Active Directory and certificate-based authentication.
- Granular control – It enables you to implement custom security controls by defining network-based access rules. These rules can be configured at the granularity of Active Directory groups. You can also implement access control using security groups.
- Ease of use – It enables you to access your AWS resources and on-premises resources using a single VPN tunnel.
- Manageability – It enables you to view connection logs, which provide details on client connection attempts. You can also manage active client connections, with the ability to terminate active client connections.
- Deep integration – It integrates with existing AWS services, including AWS Directory Service and Amazon VPC.
Introducing Serverless lens in the AWS Well-Architected Tool
The AWS Well-Architected Framework was launched in 2015 to provide a formal approach for comparing how your architecture or environment stands up to AWS best practices and get specific guidance on how to improve. The AWS Well-Architected Tool is based on five pillars of the AWS Well-Architected Framework. These pillars are:
- Operational Excellence
- Performance Efficiency
- Cost Optimization
An AWS Well-Architected “lens” extends the AWS Well-Architected Framework to include workload-specific advice in addition to the general technology advice covered in the five pillars. Lenses are currently available for Serverless, High Performance Computing (HPC), and Internet of Things (IoT). February brought the announcement of being able to apply lenses from within the Well-Architected Tool itself, with the Serverless lens being the first one available. Now, when you visit the AWS Well-Architected Tool and define a workload, you can also apply the Serverless lens to evaluate Serverless architectures using the tool. Many enterprise users rely on regular AWS Well-Architected Reviews using the AWS Well-Architected Tool in the AWS Management Console. Now, including Serverless workloads in those reviews is much easier!
You can find the AWS Well-Architected Tool and announcement guidance here.
Canary Deployments for Amazon ECS using AWS CodeDeploy
This is an important announcement for enterprise users who use AWS CodeDeploy in conjunction with Amazon Elastic Container Service (ECS) for deployments. The announcement of linear and canary deployments for Amazon ECS allows for much greater flexibility in choosing how applications are cut-over during deployments. Canary deployments are a particularly useful pattern that allow for a small percentage of production traffic to be diverted to the new stack prior to full cut over. This allows for increased confidence in the deployment before fully cutting production traffic over.
To learn more about how to use canary deployments in AWS CodeDeploy when deploying to Amazon ECS, check out the documentation here.
AWS CloudFormation StackSets integration with AWS Organizations
AWS CloudFormation StackSets allow for the launch of AWS CloudFormation stacks in multiple accounts. This can greatly simplify the management of AWS CloudFormation stacks by providing a single pane of glass to view and organize the stacks, while allowing them to have “downstream” reach for the launch of the resources they represent. The announcement of the integration of AWS CloudFormation StackSets with AWS Organizations extends this functionality by allowing resources from a StackSet to be deployed across your Organization or a specific Organizational Unit (OU).
Further extending the functionality is the option to automatically create or remove AWS CloudFormation stacks when a new AWS account joins or quits your Organization. It isn’t necessary to manually connect the new account or remember to tear down infrastructure when the account is removed from your Organization. The stack will be removed from the management of StackSets when the account leaves the organization, though you can choose to retain the resources managed by the stack if desired.
To get started, check out the announcement here.
To follow these monthly updates and gain insights on how they can impact your business, subscribe to our blog!