re:Invent 2024 Well-Architected re:Cap

2321 words • 12 min reading time

Hero image

AWS re:Invent 2024 was, as usual, quite the spectacle. With 124 new features or services announced during the week of the conference itself and an additional 422 during the period affectionately known as pre:Invent, trying to digest what’s new in the world of AWS is no mean feat.

Fear not, I’m here to help! I’m going to pick just 10 of these announcements to dive into in more depth, particularly those that’ll help you better adhere to the Well-Architected Framework either generally-speaking, or in relation to the use of a particular service.

As expected, many announcements were related to AI/ML - particularly Generative AI - but I believe that many of the best announcements were outside of this specific domain. As such, I’ve included a mixture of announcements across various use-cases.

Announcements

Amazon EventBridge and AWS Step Functions integration with private APIs

Let’s start off with a feature added to two of my favourite services, EventBridge and Step Functions.

Event-driven or workflow-driven architectures often need to interact with services that are outside of the AWS ecosystem. For example, perhaps you’re modernising a legacy system where some components exist on-premises and others are in the cloud. In such a scenario, you might want to use EventBridge to send events between services, and/or Step Functions to orchestrate the workflow.

Prior to this announcement, you’d need to implement a custom solution to proxy these interactions with what would typically be a Lambda function deployed in a VPC. Leveraging new functionality built on top of VPC Lattice and PrivateLink, EventBridge and Step Functions are now able to directly connect to private APIs. We’ll talk a bit about these new VPC Lattice and PrivateLink capabilities in a moment.

This helps you to better adhere to the best practices in the Operational Excellence pillar, ensuring that you’re offloading responsibility to AWS managed services where sensible.

The AWS announcement is available here, and the launch blog post is available here.

AWS SageMaker Unified Studio

In somewhat of a jumble of naming changes, AWS SageMaker Unified Studio has emerged as a new one-stop-shop for data and AI development.

What used to be known as AWS SageMaker is now known as ‘AWS SageMaker AI’, with Unified Studio now forming part of the ‘AWS SageMaker NextGen’ product offering.

SageMaker Unified Studio builds upon previous capabilities offered in SageMaker Studio and SageMaker Studio Classic, adding Generative AI functionality such as the ‘Amazon Bedrock IDE’ and data governance capabilities courtesy of AWS DataZone. The idea is that developers can use SageMaker Unified Studio to service all of their data and AI development needs in one place, leveraging wider parts of the ecosystem as and when required.

The announcement for AWS SageMaker Unified Studio can be found here, and the wider announcement for AWS SageMaker NextGen can be found here.

Amazon S3 Tables & S3 Metadata

A 2-for-1 announcement - lucky you!

Amazon S3 is already extensively used for data lakes, or data lakehouses with a wide variety of open table formats (e.g. Apache Iceberg, Delta Lake). Combined with Glue Data Catalog and Lake Formation, there’s a fairly compelling offering. But the table itself is still self-managed. For example, Apache Iceberg tables need continuous maintenance to ensure performance and cost are optimal.

With Amazon S3 Tables, this is now no longer the case. S3 Tables introduce a new type of bucket (table bucket) that’s specifically designed for storing and managing data in Apache Iceberg tables. Typical maintenance tasks like compaction are handled automatically by AWS, reducing the management overhead.

Leveraging this new feature is Amazon S3 Metadata. This new feature enables the automated capture of metadata from objects when they are uploaded to S3 buckets, storing them in an easily queryable format using S3 Tables. Metadata isn’t just limited to AWS-defined keys like size, but can also be extended to custom metadata that relates to your workloads. This makes finding objects in buckets significantly easier, especially at scale.

Pushing more responsibility onto AWS-managed services and features does come with an increased cost, but should hopefully reduce your total cost of operation (TCO) helping you to better adhere to the Cost Optimization and Performance Efficiency pillars.

Review the AWS announcements for S3 Tables and S3 Metadata for more information, or the launch blog posts for S3 Tables and S3 Metadata for practical implementation examples.

Amazon GuardDuty Extended Threat Detection

Amazon GuardDuty is AWS’ first-party threat detection service. Using a variety of log sources, such as DNS logs, VPC flow logs, and CloudTrail audit logs, it detects and alerts on malicious activity that could be taking place in your AWS account (or Organization) in near-realtime.

Whilst detection of malicious activity is important, it’s only part of the story. You also need to understand how an actor has managed to reach the point of taking that malicious activity, as well as whether the attack has resulted in multiple compromises as part of the same attack sequence.

With the release of Amazon GuardDuty Extended Threat Detection, the service can now do just that. GuardDuty can generate ‘attack sequence findings’ that cover multiple resources over an extended period of time.

This new feature goes a long way to helping you meet almost all detection and response best practices of the Security pillar.

To learn more, take a look at the AWS announcement here.

Amazon Nova Foundation Models

During the Tuesday morning Keynote, AWS CEO Matt Garman welcomed to the stage a previous AWS CEO, Andy Jassy, now CEO of Amazon. He shared his insights on the future direction of AWS, offering a unique perspective from his current role overseeing the entire Amazon organisation. One key message that he emphasised was the importance of having a choice of foundation models when building and operating Generative AI workloads.

With this, he announced a new family of foundation models from Amazon called Amazon Nova. This family is made up of a variety of models of varying sizes, price points and modalities.

  • Amazon Nova Micro - “a text only model that delivers the lowest latency responses at very low cost”
  • Amazon Nova Lite - “a very low-cost multimodal model that is lightning fast for processing image, video, and text inputs”
  • Amazon Nova Pro - “a highly capable multimodal model with the best combination of accuracy, speed, and cost for a wide range of tasks”
  • Amazon Nova Canvas - “a state-of-the-art image generation model”
  • Amazon Nova Reel - “a state-of-the-art video generation model”

In addition to these, Andy Jassy shared that Amazon Nova Premier as well as a speech-to-speech and any-to-any modality models were targeted for release in 2025.

Amazon have published their own evaluation of these models using industry benchmarks here. The models all perform well, especially considering the low cost. I’m really excited to see how these models perform in the real world.

Continually evaluating which foundation models are the most optimal for your use case helps to ensure your Generative AI workloads are adhering to the best practices in the Cost Optimization and Performance Efficiency pillars of the Well-Architected Framework. Understanding the price/performance balance is the key to ensuring that you’re getting the best value for your money.

The AWS announcement can be found here and the launch blog post can be found here

This is another 2-for-1 announcement. AWS announced on Dec 1st that PrivateLink now supports sharing any VPC resource and doesn’t require a Network Load Balancer or Gateway Load Balancer to be provisioned in front of the service. This means that resources such as database clusters, single EC2 instances, or even just an IP address (in AWS, or on-premises) can be exposed by PrivateLink and shared across AWS accounts and VPCs using AWS Resource Access Manager.

On Dec 2nd, AWS then announced that VPC Lattice now also supports TCP. This announcement builds upon the PrivateLink enhancements by also allowing you to expose these resources inside a VPC Lattice Service Network rather than just as a PrivateLink resource endpoint.

The combination of these two announcements really starts to cover a lot of the use cases that you’d usually reach to Transit Gateway (TGW) for, with an awful lot less complexity. I’m looking forward to properly trying this out and seeing how far it can be pushed before TGW becomes a necessity.

The launch blog post is the same as that linked to the EventBridge and Step Functions announcement - as a reminder it’s here.

Preview of Amazon Aurora DSQL

This was somewhat a surprise announcement, but looks to be really cool.

Amazon Aurora DSQL is a brand-new distributed, serverless, PostgreSQL-compatible database offering from AWS. It’s a new way to deploy and manage a distributed database, with the ability to scale out and scale in as you need to.

Typically with a distributed database, especially when operating in active-active configuration, you have to consider aspects such as sharding, replication, strong vs. eventual consistency and more. With Amazon Aurora DSQL, you’re able to focus on creating business value from the functionality and access to data without having to focus on the underlying details.

It offers 99.99% availability when deployed in a single-region and 99.999% availability when deployed multi-region.

All of this helps you to reduce your operational overhead, working to the best practices in the Operational Excellence pillar. In addition, the fully-managed nature and scalable nature of the service helps to ensure your workload is resilient to failure and adheres to the Reliability pillar best practices.

If you’re interested in learning more about how Aurora DSQL works, this talk from Mark Brooker is a great place to start.

The AWS announcement can be reviewed here.

Amazon Bedrock Marketplace brings over 100 models to Amazon Bedrock

We’ve already talked about how Andy Jassy emphasised the need for a wide choice of foundation models when building Generative AI applications. Whilst Amazon Bedrock already offers a great selection of models for on-demand usage, the release of Amazon Bedrock Marketplace makes it easy to discover and utilise over 100 new models from other model providers.

These models could be designed for specific industry use cases such as finance or healthcare, or be especially good with a particular language or modality. The key difference with the Amazon Bedrock Marketplace, compared to on-demand, is that you have to provision and pay for the underlying SageMaker infrastructure used to host the model for inference. Some models may charge an additional fee for usage on top of the AWS infrasture cost. This does likely make it a more expensive option than on-demand throughput for small, peaky usage. However, for consistent and high-throughput workloads where a very niche model is required, Amazon Bedrock Marketplace with its required provisioned throughput is a great option.

Using the right model and access pattern for your use case helps achieve the ‘Consider mechanical sympathy’ design principle within the Performance Efficiency pillar.

The AWS announcement can be found here and the launch blog post can be found here.

Preview of Amazon Bedrock Model Distillation

The announcement of Amazon Bedrock Model Distillation (in preview) provides a new way to build and fine-tune foundation models to your specific use case whilst also reducing latency and improving the price-performance.

At a high-level, model distillation is a process where a large foundation model is used to generate synthetic responses for a specific use-case and then these synthetic responses are used to fine-tune a smaller model to produce more specific and faster responses at a lower price. AWS claim that model distillation can be used to achieve up to a 75% reduction in cost and up to 5x reduction in latency all whilst sacrificing less than 2% accuracy for RAG applications. Model distillation only works within the same model family, for example Llama 3.1 405B Instruct could be used as the ‘teacher’ model and Llama 3.1 Instruct 8B could be used as the ‘student’ model.

The resulting ‘student’ model is deployed via Amazon Bedrock Provisioned Throughput.

Amazon Bedrock Model Distillation helps you to adhere to Cost Optimization and Performance Efficiency best practices by enabling you to achieve the best price-performance balance for your specific use case.

To find out more, read the AWS announcement here and the launch blog post here.

AWS Organizations Declarative Policies

Declarative Policies are a new addition to existing policy types available through AWS Organizations such as Service Control Policies (SCPs). SCPs are designed to allow you to limit the maximum available API actions to IAM principals within accounts, for example ‘Deny all access to the eu-west-1 region’. Declarative Policies are designed to enable you to define a baseline service configuration that can be enforced across the entire organisation, even when a service adds new feature or API actions. They are API-agnostic and are enforced on the service’s control-plane. An example would be a Declarative Policy that controls whether EBS snapshots are publicly accessible.

This policy would prevent individuals creating new snapshots that are publicly accessible, as well as highlighting those across the Organization that do not comply with the policy.

There are a limited number of services that support Declarative Policies at the moment (see here), but with the potential it offers, I hope to see more added to the list over time.

This new feature can help you increase your adherence to the Security pillar’s best practices, by ensuring individuals cannot create resources with an insecure configuration, as well as the Operational Excellence pillar by improving top-level visibility of resource compliance without additional tools like AWS Config.

You can find the announcement here and the launch blog post here.

Summary

In summary, I was pleased to see that AWS didn’t focus entirely on GenAI announcements. Whilst it’s important that AWS continue to focus on GenAI to avoid falling behind other players, it’s also important to focus on other areas and offerings to avoid them becoming stale.

I’m really excited to see what direction AWS take in 2025, and you can be sure that I’ll be here on the Well-Architected Advocate blog

#re:Invent

Read Next

Getting started with Amazon Bedrock inference profiles

Featured //
AWS have released a native way to apportion model invocation cost and usage, as well as spread requests across models hosted in multiple regions for increased resiliency. Learn how to get started!