Network Infrastructure & Observability on AWS

More often than not, in a traditional network engineering role, there's a lot of manual change, a lot of manual intervention, whereas operating in AWS, everything is codified. We take all of our network configurations and we manage that as code. So changes can be very iterative, they can be very safe, or you can replicate the same network infrastructure you might do in a development environment all the way up through production, and you have the ability to roll back changes and it's just a very safe way to approach networking in the cloud in terms of making breaking changes.

As we know, all things networking are very foundational. Anytime you make a significant change, it has the potential to impact everything. So it's very advantageous for network engineers. In the way that I've typically experienced that in my past as an application developer, it has been, "Okay, the networking team is very, very change averse and there's a long change process and people are nervous and they want to do this on a Sunday afternoon at 2 p.m. when you're supposed to be having brunch with your family”.

So networking on AWS allows a little bit of the velocity and flexibility that people expect to get out of the cloud because things are testable before you're making a big production change. By the time a change, especially significant breaking changes get to production level, you've already tested and vetted that in a lower tier environment, like a development or sandbox that will have no impact on anything production. So a lot of times those significant critical change windows will go a lot smoother with a much higher degree of confidence. 

Another thing that's interesting about the transition to AWS has been a change in visibility in the tooling and that network engineers are going to use to manage the environment. And AWS are coming along in their ability to observe the environment, bringing some new tools online.

One of the notable services is AWS Network Firewall. What are the hottest releases that we're seeing?

Traditionally, you would have to leverage a third party tool of some kind to get any sort of network visibility in AWS. They are continually releasing new services around that use case, where you can build your network traffic visibility into your overall observability solution regardless of what you're using. Like AWS Network Firewall - now, it gives you the ability to tie in other services like Contributor Insights and really get an easy view of who your top talkers are.

So finding out who is going where in your network - that's really useful because knowing that systems are talking to each other in a way that I do or don't expect, gives me the opportunity to make some changes. Maybe I can make some optimizations on the application side or the way that resources are distributed, that allows me to optimize the AWS environment & optimize applications.

If you’d like to leverage next generation infrastructure on AWS to take advantage of all the cloud’s advantages from scalability & security to networking optimization, get in touch with our team!