This content is part of the Essential Guide: An insider's look at AWS re:Invent 2014
News Stay informed about the latest enterprise technology news and product updates.

Devil's in the details with AWS Config, Aurora

AWS delivered the Aurora distributed relational database preview, AWS Config and Key Management at re:Invent this week but left some important details out of the keynote.

LAS VEGAS — Amazon Web Services introduced several new products at its re:Invent conference here this week, but breakout sessions detailed important fine print on cloud services it released to public and private beta. 

Among the news creating a splash here was the introduction of the Aurora distributed relational database, which is expected to remain in private preview through the rest of this year. Executives on the keynote stage touted Aurora’s performance, which Amazon claims is five times that of any other product offered through its Relational Database Service.

The database can also perform six-way replication to three availability zones and boasts a starting price of $0.29 per hour. Users also no longer have to think about provisioning storage or IOPS with the new service, as it automatically grows storage volumes as demand increases.

The Aurora service is self-healing, so up to two write nodes out of six can be lost, and the transaction rate will not change. Crash recovery is practically instantaneous, and the cache, decoupled from logging and storage, can survive a crash without requiring a warm-up to recover. Finally, the service requires no up-front licenses, and users can migrate to and from MySQL databases, on which the service is loosely based.

However, limitations in Aurora were revealed during a breakout session on the product preview led by Anurag Gupta, general manager for the product at AWS.

For example, Amazon’s new Key Management Service, in which users control keys, is not supported in the preview, though it is expected by launch time in early 2015. Audience members at the breakout session asked if PostgreSQL databases would also be supported, to which Gupta answered, not yet. Copy-on-write volumes doesn’t exist in the product yet, either. Multi-master deployments and cross-region replication are similarly unsupported today, Gupta said.

Also, instance types supported on Aurora today start at the r3.large and scale up to the r3.8xlarge, which leaves small and midsized businesses and startups that prefer smaller instances out in the cold.

“We would like to see support for smaller instances,” said Julian Weisser, a developer for FARO Technologies, a 3D laser measurement and imaging firm headquartered in Stuttgart, Germany. In the absence of that support, Aurora is something Weisser said he’ll watch with interest, but won’t yet deploy.

“If our company grows, we will definitely consider it,” he said.

AWS Config turns heads, but caveats also apply

IT pros here were also intrigued with the possibilities for AWS Config, a service which expands the auditing support offered previously by the AWS CloudTrail product to include resources beyond API calls.  

AWS Config generates streams of audit data in the form of JSON documents which can then be programmatically consumed to detect configuration changes.

“Some of my enterprise clients don’t feel they have the right visibility into Amazon yet,” said Kristen Henry, an independent cloud computing consultant with KH Computing Inc., based in Highlands Ranch, Colo. “They’re used to having programmatic visibility in the data center. This will help them get trained more quickly.”

AWS Config is supported with the Elastic Compute Cloud, Elastic Block Store, Virtual Private Cloud and CloudTrail in its preview stage. The remainder of the AWS product catalog is not yet supported with this service, though integration with the Elastic Load Balancer, Relational Database Service, and Auto-Scaling Groups is next on the docket, said AWS product manager Prashant Prahlad during a standing-room-only breakout session here this week. AWS Config is also only available as yet in the US-East region, though global expansion is planned.

“In true Amazon fashion…we are releasing a kernel we will then build around,” Prahlad said.

AWS Config is also an all-or-nothing service today;it can’t be set to monitor a subset of resources yet. If users want alerting about certain changes, they have to either write their own code or turn to AWS Config launch partners such as Red Hat, Inc. or 2nd Watch to provide that capability.  

Another limitation uncovered during the session is that AWS Config information can't be fed into CloudFormation to generate deployment templates. AWS Config will be priced at $0.003 per configuration item recorded, and Simple Storage Service and Simple Notification Service charges will also apply, as those services underpin AWS Config. During the product preview, there will be no charge for the service.

AWS puts key management in customers’ hands

A long-awaited feature now available is the AWS Key Management Service, which allows customers to supply their own encryption keys and control much more of their management than was possible previously. AWS manages the encryption as well for activities such as key rotation.

Greater control over encryption keys has been high on the AWS customer wish list. AWS had previously announced user-controlled encryption keys for S3, but Amazon still controlled EBS keys until now.

“I’m thrilled about key management,” said Henry. “Some of these things are imperative, but they didn’t exist before.”

Still, some analysts cast a jaundiced eye on the service.

“The essential point is that AWS provides no way for the customer to fully trust its infrastructure, so they have to build this system of key management so the customer doesn't have to trust AWS,” said Carl Brooks, analyst with 451 Research in Boston.

Other hosting providers offer customers access to their data centers to verify security rather than creating such a service, Brooks said.

The Key Management Service is available immediately. Each key that customers create costs $1 per month. If customers opt-in to have a key automatically rotated each year, each newly rotated version will also cost $1 per month. AWS will support up to 20,000 key requests per month in its free tier – beyond that there will be a charge of $0.03 per 10,000 requests.

Service Catalog, developer tools round out product news

AWS also introduced another product preview of a Service Catalog offering which will allow IT pros to create customized catalogs of products through a self-service portal.

That portal can be created using APIs by the customer, or can be administered through the Service Catalog management console. Pricing for Service Catalog, expected to hit general availability in early 2015, has not yet been determined.

Finally, Amazon delivered three new tools to help developers deploy code on the AWS cloud: a service that’s generally available now called CodeDeploy, and two previews of services due out in early 2015 called CodePipeline and CodeCommit.

CodeDeploy, which is based on an internal AWS code deployment framework called Apollo and can perform rolling code updates across EC2 infrastructure, deployment health tracking and central monitoring and control of code deployments, will be offered to customers free of charge, though EC2 prices will still apply.

CodePipeline, a workflow management service for code development and CodeCommit, an AWS-hosted managed code repository, have not yet been priced.

Beth Pariseau is senior news writer for SearchAWS. Write to her at or follow @PariseauTT on Twitter.

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.