PREDICTif reCap: AWS re:Invent 2021
Follow along with us as we breakdown the latest news and talks from AWS re:Invent 2020-2021.
Building out a serverless application with Amazon QLDB
by Lindsie Dinh | Posted 15 January 2021 at 3:15 PM CST |
An Amazon Quantum Ledger Database (QLDB) is a NoSQL database. An immutable, transparent, and cryptographically verifiable transactional log managed by a central authority.
QLDB provides a digital audit trail of any change that can be easily queried. The data is permanent, and the documents are cryptographically verifiable. It is becoming extremely necessary within a digital environment because of the need for confidence and regulatory and protection enforcement.
Applications communicate with QLDB through a PartiQL-compatible SQL database. All modifications to information stored in the QLDB are made through database transactions. Data is committed only after it has been written. QLDB uses Optimistic Concurrency Control (OCC).
The QLDB is a journal-first architecture. New submissions can be rendered only when submitted to a journal first. When trying to submit a transaction, the document declares what the changes will do and what information has been read.

a serverless application with Amazon QLDB

Amazon QLDB enables you to create and manage a stream of journal data from your ledger to Amazon Kinesis Data Streams. The QLDB stream captures every revision committed to your journal and sends it to a Kinesis stream.
- QLDB Streams provides a constant stream of data from a specified ledger.
- QLDB streams ensures a delivery at-least-once.
- With multiple streams you can have different start and end dates. This empowers the ability to go back to a specific point in time and view previous revisions.
- Up to 20 Kinesis customers can consume data from a Kinesis stream.
using Lambda to interact with QLDB
One stack exposes APIs via AWS API Gateway that invoke AWS Lambda functions and communicate with QLDB. Another stack supports a QLDB stream which includes an AWS Lambda function triggered by Kinesis. This feature updates a DynamoDB table with only a subset of the QLDB results, with all personally identifying details excluded.
Reinforcement learning and robotics
by Jeff Huang | Posted 14 January 2021 at 3:44 PM CST |
The speaker provides a great overview of what reinforcement learning is and how it is applied in robotics. He explains how AWS RoboMaker can be used to run simulations in a serverless manner to train and develop artificial intelligence (AI) models. AWS just released a new product, WorldForge (AWS RoboMaker WorldForge), which helps create environments for the type of reinforcement learning in a residential setting. I’m anticipating that it will be extended to create other real environments. This is a very informative session on reinforcement learning.
Predicting anomalies before critical failures happen using ML & AWS IoT
by Jeff Huang | Posted 14 January 2021 at 3:44 PM CST |
The speakers discussed the Kinesis built-in algorithm, Random Cut Forest, and gave their solutions to some of the challenges that you will see in working on this use case:
Challenge | Kinesis Analytics Solution |
Stagnant periodic measurement | First order derivative |
Drifted periodic measurement | Sliding window |
Out-of-phase periodic measurement | Several different techniques |
The solution architecture was also provided and it can be used as a reference architecture for this type of solutions using AWS:

Detecting fraud faster with Amazon SageMaker, featuring Coinbase
by Mohammed Ahtesham | Posted 14 January 2021 at 1:44 PM CST |
With fraud detection being an apparent use case for ML you can now get started within minutes by leveraging Customized Amazon SageMaker Solutions – like Amazon Fraud Detector.
Did you know? – There are a bunch of use case solutions shared on AWS. Simply go to the Sagemaker page and click “Getting Started”. A list of Use Cases along with their GitHub links are available to share. Build your own versions to adapt to your needs on top of these highly pointed solutions.
Soji Adeshina, an AWS Machine Learning Engineer takes us through the steps of building fraud detection models on Amazon SageMaker.
Now let’s look at a real-life use case with Erik Reppel, Engineer Manager, ML Platform at Coinbase. He shows us how Coinbase combats fraud utilizing ML techniques on SageMaker that are secure, low latent & flexible.
Soji then shares 2 solution architectures using tabular data and Graph Neural Network respectively:


A defense-in-depth approach to Amazon S3 security and access
by Mohammed Ahtesham & Grace Hartzell | Posted 14 January 2021 at 11:51 AM CST |
Starting with a simple user and a bucket, this session takes us through a security strategy on Amazon S3 along with new secure access features introduced. None other than the very Product Manager of Amazon S3 himself, Paul Meighan, takes us through such a simple approach to a 300 Level session. Impressive!
Some S3 features I can guarantee many of us don’t know about:
- S3 Last Action
- (coming soon!) Interface Endpoints – expands on VPC endpoints
- S3 Access Points for shared datasets
- Access Analyzer
- Amazon S3 Bucket Keys
The following two images were helpful in creating a clear Amazon S3 Security mental model. Both were taken from the presentation:


Next, we move on to Block Public Access (BPA). This applies protection against accidental public access at the bucket or account level. It can be applied to ACL access, bucket policy access, or both. Refer to the slides if you need a walkthrough of doing this.
Then the Access Analyzer for S3 comes into play. This analyzes permissions for all buckets in an AWS Region and provides a simple dashboard to show public buckets. Perhaps one of the best features, 1-click Block Public Access.
There are three best practices for managing public access:
- Run the Access Analyzer: be on top of how your buckets are shared.
- Use a dedicated AWS account for public buckets: this lets you enable account level BPA everywhere else.
- Bucket policies > ACLs
A day in the life of a machine learning data scientist at JP Morgan Chase
by Mohammed Ahtesham & Jeff Huang | Posted 14 January 2021 at 11:51 AM CST |
With 6000+ applications and close to 500 Petabytes of data JPMorgan Chase (JPMC) boasts of thousands of quant analysts, machine learning (ML) engineers, and data scientists. Let’s dive into their Omni AI platform to see how they keep it all together.
No matter how large the organization, the day-to-day barriers seem to fall into a few common categories:
- Data access
- Legacy infrastructure
- Multiple business lines and methods
- Compliance obligations
JPMC collaborated with AWS and the Amazon SageMaker team to construct a broad AI/ML platform and ecosystem from the ground up in order to get past the aforementioned barriers. The result is the OmniAI platform and ecosystem.
JPMC leveraged the full stack of AWS security technologies such as Key Management Service (KMS), AWS CloudHSM as well as S3 bucket policy to provide data governance.
“…use of AI-driven technology has already helped JPMorgan Chase save $150 million in expenses.”
Among the key takeaways, Daryush Laqab, Head of AI/ML Product Management at JPMC, says: “Embrace the separation of data scientist and ML engineer roles”. Additionally, customization is needed–even for regulated industries–so embrace that, too. Innovate through managing risk and finally, embrace the “ecosystem”.
See how JPMC manages ML over their private cloud but built on AWS (public cloud):

The Omni AI platform helps alleviate the variety of barriers that ML engineers face while providing the full-fledged capability of the SageMaker engine.
Closing the lid on public S3 buckets: Preventing S3 bucket exposure – Part 2
by Mohammed Ahtesham | Posted 13 January 2021 at 5:17 PM CST |
After looking at Account Inventory as the first step in their journey to adopt BPA, Mike takes us through the remaining 5 steps.
At AWS, everything is done at scale. So how do you close lids at scale? Well… There’s automation for that, of course! Build your own or checkout AWS Systems Manager (SSM) automation documents. Netflix built their own called Honey Bee.
Mike shares Netflix’s “Honey Bee” architecture to make sensitive security settings. Residing under a limited access “bee hive”, the queen bee assigns the desired “Config-as-code” to worker bees that can scale on AWS Lambda and apply those settings all across the infrastructure. Genius!
There is way more information in your Amazon S3 logs than you can imagine. Go back and peruse it again. Mike uses it obtain successful unauthenticated requests to narrow in on vulnerable objects.
Find useful BPA scripting guidelines as proposed by Mike that can help in your own journey adopting this Amazon S3 feature.
Read Part 1 of this story here.
How Disney+ deploys globally with Amazon ECS
by Jane Ivey | Posted 13 January 2021 at 2:32 PM CST |
Disney+ has been in development for many years. They have new features like group view, but needed a platform that was reliable and stable to make developments at scale.
The developer productivity team’s goal is to make it easier to develop in the cloud. Built tools in containers to do that. His team does deployment.
Building a platform: “Glue code as a service”. This makes life easier for everyone. It ensures everyone follows best practices and availability. Used Amazon ECS, AWS CloudFormation to safely create resources, and AWS Step Functions as the orchestration layer.
Goals of platform: make it easy to deploy, make it difficult to make a mistake, and have default best practices.
Closing the lid on public S3 buckets: Preventing S3 bucket exposure – Part 1
by Mohammed Ahtesham | Posted 13 January 2021 at 2:32 PM CST |
Don’t get caught with with open S3 buckets. Get schooled by Netflix’s Senior Cloud Security Engineer, Mike Grima.
Bucket policies is the way to go! That’s how Mike secures Netflix movies from leaking into the wild wild internet.
Mike reveals the underlying method of “How Amazon S3 authorizes a request”: a definite must-see for any developer involved in anything S3! (Read it THRICE, he said)
According to Gartner, “Through 2025, 99% of security issues will be caused due to customer error.”
Gulp!
Another safety feature in S3 that many do not know about: Block Public Access (BPA).
Mike takes us step-by-step through Netflix’s journey on how they successfully enabled BPA to fool-proof their S3 content.
For the continuation into more lids on S3, make sure to login to the Part 2 of this session later today or tomorrow.
For other S3 related sessions, see my snippet on Storage Lens under “Bytes to insights”.
Read Part 2 of this story here.
Win the market opportunity for Microsoft workloads on AWS
by Jane Ivey | Posted 13 January 2021 at 12:18 PM CST |
market opportunities
70% of enterprise apps are windows based, 18% are in the public cloud. Huge opportunity . SQL will migrate to cloud over the next few years. Move from SQL enterprise to sQL standard edition. AWS need more partners to be active in this area. People under impression should go to Azure because they’re on MS base. AWS has been running MS workloads for 14 years, before Azure was even invented.


Five Pillars of Best Practices
- Build technical capability
- Develop service offerings
- Create GTM plan
- Use APN programs
- Engage with AWS

Multi-Region deployment – Part 2: Architectural best practices
by Mohammed Ahtesham | Posted 13 January 2021 at 11:32 PM CST |
After looking at latency and security compliance in terms of multi-region (Part 1) dive into disaster recovery (DR) with Eric Quinones, Solutions Developer, AWS.
Cost vs Complex: Where’s your sweet spot?

Depending on your application needs, AWS provides all tiers of DR strategy:
- Backup & restore
- Pilot Light
- Warm Standby
- Active/Active
Best practices for DR:
- Interrogate your workload
- Enable detailed monitoring
- Test your DR plan
Did you know you could access AWS vetted solutions deployments via their AWS Solutions Implementations catalog.
Access the multi-region application architecture discussed here.
You can access Part 1 of this session here.
Well-architected containers: 10x performance with DevOps
by Mohammed Ahtesham | Posted 12 January 2021 at 5:15 PM CST |
Play a retro-themed game presentation by Mai Nishotani, AWS. Help the DevOps character navigate the well-architected framework path to collect all the keys!

Get a taste of BLUE/GREEN deployment by Mitch Beaumont of AWS.
Peter Kiem, Lead Dev-Ops at Domain Group, continues the game through a real-life use case moving EC2 environment to an ECS environment while adding automation to enhance the pillars of well-architected framework.

Winner!
Understanding your serverless application’s TCO
by Jeff Huang | Posted 12 January 2021 at 3:58 PM CST |
Serverless architecture saves companies millions of dollars per year from infrastructure to development to maintenance.
- Infrastructure – pay as you go model and you never have to stand up a monster box just for 5% of the peak time
- Maintenance – time to deploy compute is reduced from days to less than 1 minute
- Development – productivity level of developers increase by 33%
AWS’ flagship serverless product – AWS Lambda natively supports Java, Go, PowerShell, Node. js, C#, Python, and Ruby code, and provides a Runtime API which allows you to use any additional programming languages to author your functions.
AWS’s data warehouse product – Amazon Redshift is also serverless, which can scale up your data pipeline as your analytics data grows.
Check out our case studies to understand how we help our customer leverage Lambda and Redshift to build analytics platforms.
Transforming collaboration on major capital projects
by Mohammed Ahtesham | Posted 12 January 2021 at 3:28 PM CST |
“It is the culture of innovation at AWS that separarted AWS”, said Jane Petty, Global Projects Digital Innovation Manager at ExxonMobil.
According to Erica Flaherty of ExxonMobil Global Projects, “The document review platform developed on AWS was so agile and easy to use that users WANTED to use it.”
End result? 30,000 man hours between client & EPC partners saved!
Utility meter data analytics and Quick Start walk-through
by Mohammed Ahtesham | Posted 12 January 2021 at 3:28 PM CST |
Yet another application of the booming machine learning technology. Join in if you’d like a walkthrough of Quick Start – a serverless architecture to ingest, store, and analyze utility meter data. Wow – this is so easy every power company should be doing it!
The next replay is in 13 hours. Watch it here.
Engage customers with skills that combine audio and visuals
by Jane Ivey | Posted 12 January 2021 at 3:28 PM CST |
Why use APL (Alexa Processing Language)? You can show clients how to create, real time information, simplify voice interaction. Able to offload and user friendly. Allows you to do what voice alone cannot. Creates a more immersive experience. The APL pillars: Reach, Richness, and Ease of Use. APL for Audio is being introduced. Bring in hi-fidelity audio, going to revolutionize it.
APL supports audio reach – echo, echo dot as well as multi-modal devices. Echo buds, frames, loop, fire tv’s and third-party devices like LGTV, Sonos and Bose. Allows you to mix audio with Alexa speech. Can mix multiple speech tracks.
Creation of responsive templates, they make sure they look great on every device. As they add new devices, they will continue to do so.
Animations are open source, can get an APL package with over 80 animations. Demo’d how to implement.
Dynamic Data – allows you to offload large amounts of data without slowing down your skill experience too much. Can add and delete data simply.
Fannie Mae: Transforming loan evaluation with machine learning on AWS
by Mohammed Ahtesham | Posted 12 January 2021 at 3:28 PM CST |
Having trouble translating your business problem to a machine learning problem? Check out the machine learning pipeline as presented by Paul Jeyasingh, pictured below.
Fannie Mae utilized Amazon’s Machine Learning tools and went from reducing the risk of troubled assets from a random cover rate of 3% to ML cover rate of 48%. That… is a lot of money!
Bytes to insights: Analyze and take action on your storage usage
by Mohammed Ahtesham | Posted 12 January 2021 at 11:28 AM CST |
Introducing Storage Lens – way more than what I was expecting!!
- Better understanding of your your storage – usage, fluctuations, trends, etc.
- Compare to best practices and recommendations compared to best practices
- All that with interactive dashboard visualizations
- Use cases: Summary insights, Outliers, Data Protection, Cost efficiency
- Bubble charts for bucket analysis to smartly reduce costs
- Start off with FREE metrics to get a feel of the service
Amazon S3 offers a variety of tools to assist in analyzing and optimizing your storage. Catch the replay later this evening here.
How I fed my cat with the Alexa Gadgets Toolkit
by Grace Hartzell | Posted 12 January 2021 at 10:58 AM CST |
Nathan Glover, Senior DevOps Consultant at Mechanical Rock, built an Amazon Alexa Gadget to turn a pet feeder into a smart cat food dispenser fully automated by Alexa.
Nathan opened the talk by addressing the state of IoT in 2020:
- IoT device market anticipated to reach $1.1 trillion by 2026
- 152,200 IoT devices per minute by 2025
- Over 100 million Alexa-enabled devices (start of 2019)
- 90,000 skills available for Alexa-enabled devices as of April 2019
Very few people have a full grasp of IoT devices, which opens the door to many potential risks. Companies have the responsibility to keep customers safe, so it’s important to make sure you’re using a tech stack that you can maintain.

This is where Alexa Gadgets come in. By removing the backend, hobbyists and product manufacturers can focus on building their devices. Alexa Gadgets offer the same functionality with less footprint and are arguably more secure. They can be anything from timers and alarms to tempo machines (like a dancing bear), speech (remember the Big Mouth Billy Bass?), and much more.

The remainder of the session was filled with a very detailed walkthrough on how Nathan created the cat feeder using an Echo Spot and a Raspberry Pi Zero W. Just about anyone could do this, especially with Nathan’s instruction, as long as they have a device with Bluetooth and internet connection, an Amazon Developer account, and an Echo device that is compatible with Alexa Gadgets.
Bottom line: Alexa Gadgets make things easier and more secure without demanding extensive cloud skills. They open the door to a unified customer experience and abide by the shared responsibility model.
An introduction to data lakes and analytics on AWS
by Jeff Huang | Posted 12 January 2021 at 10:56 AM CST |
If you asked me to use one word to describe AWS’ services for data lakes and analytics, I would say “easy”:
- Easy to move peta-bytes of data from your data centers to AWS, i.e. AWS Snow Family products.
- Easy to categorize and process a lot of data, i.e. Amazon Glue.
- Easy to store and analyze the data, i.e. Amazon Redshift.
- Easy to visualize and gain insights from the data, i.e. Amazon QuickSight and Amazon SageMaker.
Many of these services are serverless, meaning no setup and maintenance. Even better, it is cheap to get started, e.g. $1,000 per TB per year on Amazon Redshift!
Another interesting thing that I learned today was that AWS has started a Data Exchange, where you can find well-curated third-party data for things like weather or events to complement your internal data for your analytics.
Create sophisticated conversational experiences using Amazon Lex
by Mohammed Ahtesham | Posted 12 January 2021 at 10:41 AM CST |
“Deliver consistent service experience at (dynamic) scale instead of managing and training agents for static bot tasks while maintaining human touch.”
- Lex – Now expanding to more languages
- Scalability – not just in implementation, but also in terms of Lex skills development
Go back and watch Dropbox’s story on how they incorporated Lex into their customer service and got it to market sooner than expected. They called it “Dropbot”. Very clever!
Lex updates this year: Languages, Context understanding, Confidence scores, Barge-in support, Timeouts.
PREDICTif is a Select Consulting Partner with Amazon Web Services. For more information, check out our Amazon partner page.