AWS Partner Network (APN) Blog

AWS MSP Partner Program – Raising the Bar

by Barbara Kessler | on | in APN Consulting Partners, Cloud Managed Services, DevOps on AWS, MSPs on AWS | | Comments

By Barbara Kessler and Thomas Robinson

In our last post about the evolution of managed services, we wrote about how the landscape is evolving for managed service providers (MSPs) who are working with customers in hyperscale cloud environments. In our opinion, established MSPs can no longer focus exclusively on running and operating their customers’ environments and must expand their reach further up the stack and into what has traditionally been the purview of consulting companies to include professional services and greater involvement in customers’ requirements such as compliance and development practices. This evolution also opens the door for established Consulting Partners to expand their reach into what has traditionally been the purview of MSPs, but now includes next gen capabilities. This evolution is driving a convergence that allows both types of APN Partners to fulfill customers’ full lifecycle needs: plan/design >> build/migrate >> run/operate >> optimize. Let’s now expand that discussion to review the AWS Managed Service Provider Program for APN Partners and how this program recognizes and validates the capabilities of the next generation of bar-raising MSPs.

This program has grown out of customers asking AWS to help them identify not what they have traditionally viewed as MSPs, but consulting and professional services APN Partners who can help them with this full lifecycle. We have in turn built this program to connect this request from customers to the best qualified APN Partners to deliver the kind of experience that is being sought. The program introduces a rigorous set of validation requirements in the AWS MSP Partner Validation Checklist that are assessed in a 3rd party audit process. These requirements address each of the areas discussed in our previous post:

Design, architect, automate

Next gen MSPs must be AWS experts. They must possess a depth and breadth of knowledge around AWS services and features, so they are asked to demonstrate this knowledge and provide examples of customer use cases as a critical part of their MSP audit. APN Partners must then expand this to show evidence of detailed designs and implemented customer solutions. These APN Partners must also demonstrate the ability to identify when solutions such as Amazon DynamoDB, AWS Lambda, or Amazon Redshift would provide a more efficient and less costly solution in their customers’ environments. We are looking to see that these leading edge APN Partners are leveraging their knowledge and using documented AWS best practices, as well as their own extensive experience, to create intelligent and highly automated architectures that allow customers to take advantage of the agility that the AWS Cloud enables.

Software/Cloud-based solutions

The move to cloud-based solutions has also driven changes in how MSPs handle billing and cost management for their customers. AWS MSPs are often also AWS Resellers and as such they become experts in AWS tools and services that allow depth of visibility and understanding around customers’ usage of various services. These MSPs typically leverage 3rd party or homegrown software solutions that enable robust rebilling capabilities and insights including proactive recommendations and proposed buying strategies, including proactive recommendations on instance sizing, reserved instance purchases, and use of managed solutions such as Amazon RDS. All AWS Resellers are asked to demonstrate this knowledge and their tools during their MSP validation audit.

Distributed operations and resources

We also dive deep into our partners’ support capabilities to validate the maturity of their operations and ability to consistently deliver an excellent customer experience. In addition to meeting industry standards for IT service management (ITSM), AWS MSPs demonstrate how these capabilities apply specifically to their AWS practices in areas such as service intelligence monitoring, customer dashboards, event/incident/problem management, change management, as well as release and deployment management. We believe that this foundation is critical to delivering a highly valuable experience for customers. APN Partners who are looking to expand into cloud operations capabilities can also consider incorporating the new AWS Managed Services for automating AWS infrastructure operations such as patch management, security, backup, and provisioning to add to their applications management capabilities.

Solution/Application-based SLAs

MSPs have traditionally provided Service Level Agreements (SLAs) to customers to address foundational concerns, such as response and restoration times, as well as infrastructure uptime, but this further evolves for next gen MSPs. Infrastructure SLAs for cloud-centric customers focus not on the uptime of hardware, but on uptime based on high availability architecture provided and maintained by the MSP. These SLAs should then expand into the customers’ workloads and application performance to focus on the outcome of experience of the customer. Review of these SLAs, documentation, processes, metrics and continual improvements are a valuable aspect of the MSP Program audit.

DevOps – CI/CD

AWS MSPs enable additional agility and efficiency for their customers through integration of DevOps practices and principles. ITSM standards for infrastructure and application release and deployment management are already broadly adopted by next gen MSPs and are baseline requirements for AWS MSP Program Partners. APN Partners demonstrate how they enable and/or manage continual integration and continual deployment (CI/CD) pipelines, as well as deployment and release management with repeatable and reusable mechanisms. APN Partners are asked to evidence this capability with a demonstration and customer examples during their 3rd party audit. We also encourage APN Partners to further build and enhance their DevOps practices through attainment of the DevOps Competency for Consulting Partners, which garners additional credit in the audit process.

Dynamic monitoring with anomaly detection

By designing and implementing advanced and intelligent environments, leveraging auto scaling, infrastructure as code and self-healing elements, next gen MSPs enable a significant shift in the focus of their ongoing monitoring and management efforts. AWS MSPs embrace a new approach utilizing next generation monitoring capabilities. Rather than setting a pre-defined static monitoring thresholds, these APN Partners often incorporate machine learning to determine normal state for their customers’ dynamic environments and they are able identify anomalies outside of normal patterns of behavior. These APN Partners then use this knowledge to deliver valuable management services and insights to their customers, the technology for which they demonstrate during the AWS MSP audit.

Security by design

Significant focus on security is another bar-raising element of the AWS MSP Partner Program. Next gen MSPs are engaging with customers earlier in the plan/design phase and they are able to address security needs from the onset of a project. During the AWS MSP audit, partners are asked to provide evidence and demonstrate their capabilities to protect their customers’ environments, as well as their own, using industry standards and AWS best practices. They are also asked to review access management strategy, security event logging and retention, disaster recovery practices, and use of appropriate AWS tools. APN Partners are then given an opportunity to demonstrate how they use these tools and practices to deliver continuous compliance solutions to help customers achieve various regulatory compliance and reduce potential exposure in this capacity.

Trusted advisor and partner

In addition to reviewing APN partners’ specific technical capabilities in each of these categories, AWS works with APN Partners and our 3rd party auditors to provide an objective validation of broader business practices and capabilities. During their audit, APN Partners provide an overview of their business, including financial assessments, risk mitigation, succession planning, employee satisfaction, resource planning, and supplier management, amongst other controls. They also provide evidence of their process to solicit and collect objective customer feedback, respond to that feedback, and conduct regular reviews with their customers. We also look to AWS MSPs to be vocal thought leaders who evangelize the next gen MSP point of view and work to educate customers on the evolution of cloud managed services and specifically the value of DevOps enabled automation. Due to the invaluable role of the AWS MSP, APN Partners must demonstrate in the third-party audit the viability of their business, their obsessive focus on customers, and their thought leadership to enable them to earn and maintain a trusted advisor role with their customers.

Raising the Bar

The AWS MSP Partner Program recognizes APN Partners who embrace this new approach to providing cloud managed services and who are experts that can unlock agility and innovation for their customers. The rigorous process of the program validation audit is designed to be consultative in nature to continually share best practices and deliver significant value for the APN Partners participating, while also giving customers a means to confidently identify those APN Partners whose have raised the bar in managed services. Please see the MSP Program webpage to learn more and to find the current list of validated APN Partners.

What are your thoughts on the evolution of next gen MSPs? Talk to us in the comments section!

Partner SA Roundup – January 2017

by Kate Miller | on | in APN Partner Highlight, APN Technology Partners, AWS Partner Solutions Architect (SA) Guest Post | | Comments

Last year, we hosted a wealth of content from our Partner SAs (read all about our Partner SA guest posts), including a couple of posts recapping innovative ISV solutions on AWS. This year our SAs are back at it, and we’re going to kick off 2017 with Ian Scofield and Mike Kalberer, two Partner SAs who work closely with a number of APN Partners, who discuss solutions from CloudHealth Technologies, Saviynt, and Turbot.

CloudHealth Technologies

By Ian Scofield

CloudHealthOptimizing your cloud infrastructure for cost is a core component of the AWS Well-Architected Framework.  To save money, AWS customers can purchase Reserved Instances (RIs) at deeply discounted rates compared to On-Demand pricing.  AWS recently released Convertible and Regional Benefits for RIs, which provide improved purchasing flexibility.  To provide additional insight into these features from their perspective, APN Partner CloudHealth Technologies recently wrote a two-part blog series explaining the benefits of Convertible RIs and when to choose them over Standard RIs, as well as when to consider leveraging the Regional scope option.

CloudHealth not only helps you identify areas where leveraging RIs can save you money, but also allows you to automatically modify RIs whenever there is an opportunity for cost savings.  Beyond RI management, CloudHealth provides visibility into your cloud infrastructure and analyzes current usage to identify optimizations focusing on cost, usage, performance, and security.  CloudHeath users can also define governance policies to help automate basic operational tasks, such as identifying untagged resources and terminating them after giving owners a specified time to comply. CloudHealth can also provide security benefits like identifying overly permissive security groups and recommend steps to remediate.

For more information on the benefits of using CloudHealth or to sign up for a free trial, head on over to their website.


By Mike Kalberer

Saviynt-Single-Color-Logo-OutlinedIt’s important to be able to provision access to AWS resources across a single or multiple accounts seamlessly. The workflow needs to be able to identify and manage the risks of granting that access, while also providing ease of use to users.

APN Partner Saviynt recently added privileged access management (PAM) to its existing AWS security offering. Granting least privileges via roles in order to complete a required task is considered best practice. This new feature gives customers visibility into which users have access to these privileged roles, and helps limit privilege creep or egregious permissions. PAM also provides an audit trail of the actions performed by users in these roles to give a complete picture of who had access and which actions they performed with that access.

Common tasks are usually associated with permissions that are typical and essential for performing those individual tasks; for example, a user does not need access to Amazon RDS if they’re only working with Amazon EC2. The PAM module includes self-service functionality against pre-defined, high privileged roles. This allows users to request access to these high privileged roles with multi-stage approvals. Auto provisioning can be configured for single or multiple AWS accounts, with additional controls like time-bound expiration.

Once the access has expired, PAM can automatically de-provision access from the AWS account(s) and pull audit trail information from AWS CloudTrail for automated review or certification. Since the user sessions are created using temporary credentials, PAM is able to associate these credentials with users to ensure that the audit trails are correctly correlated.

Saviynt’s security management solution integrates with various AWS services, including IAM, AWS CloudTrail, Amazon EC2, Amazon S3, and Amazon RDS. Saviynt’s Security Manager is available with a 30-day free trial on AWS Marketplace. For more information regarding the new PAM feature, see the Saviynt blog.


By Ian Scofield

turbot-icon-wordmark-1237x282Managing policies and access across multiple, even hundreds of, AWS accounts can require additional work to integrate with your existing workflow.  Ensuring that policies are applied identically across all accounts and detecting when configuration drift has occurred is very important.  This is where APN Partners like Turbot, who is also an AWS Life Sciences Competency Partner, can help by providing you with the tooling to automate these tasks, and additional confidence that your AWS infrastructure will remain exactly how you’ve configured it.

Turbot provides users with centralized access to all of their AWS accounts and resources.  By leveraging single sign-in, it allows users to use the AWS console they’re familiar with for their application, with a benefit of additional control guardrails in place.  Turbot provides other features like LDAP integration with predefined policies, predefined security group rules across accounts, automatic encryption and backup rotation, etc.

Turbot is also quick to react to various AWS feature and Region releases; for instance, they already support the recently launched London and Canada Regions, as well as the AWS Server Migration Service, AWS Shield, AWS Step Functions, and AWS X-Ray. For more information regarding this product and its features, check out the Turbot website. To schedule a demo, reach out to Turbot directly at


Have You Registered for the Upcoming AWS Partner Summit – Canada?

by Kate Miller | on | in AWS Events, AWS Marketing, Canada | | Comments

We are just over a week away from our very first AWS Partner Summit – Canada. We’re excited to connect with APN Partners from across Canada to discuss AWS, the APN, and the Canadian Cloud market!

This free event is open exclusively to APN members and is geared at business, sales and pre-sales leaders building software solutions or client practices on AWS.

If you haven’t yet registered, it’s not too late. Space is limited, so register now.



Location and Time

Westin Harbour Castle

1 Harbour Square, Toronto, ON M5J 1A6

January 24th, 8:00 AM – 5:50 PM



The keynote will be hosted by Terry Wise, VP, Global Alliances, Ecosystem and Channels, Amazon Web Services.



IDC Overview

Hear from IDC’s Steve White and David Senf on what is happening specifically in the Canadian Cloud market, and opportunities both near- and longer-term for APN Partners.



Join us for Eight Breakout Sessions

Choose from eight different sessions in the business and technical tracks to increase your AWS Cloud knowledge.

Technical Track:

  • AWS re:Invent 2016 Overview and New Solutions
  • Advanced Networking on AWS
  • Microsoft Workloads on AWS: Best Practices, Architecture, Patterns, Migrations, and Licensing
  • Benefits of AWS Cloud Security

Business Track:

  • A Path To Success: Your APN Journey Starts Now
  • Realising the Benefits of Strategic AWS Services for Canadian Businesses
  • Expanding your Cloud Business with ISV Partners
  • Panel Discussion: Selling with AWS — Understanding the Canadian Go-To-Market and Partner Best Practices




At the end of the event, we’ll be hosting a networking reception for all attendees. Take advantage of this time to connect with AWS team members and other APN Partners.


Whether you are a Consulting or Technology Partner, join us to gain a clear understanding of how to leverage the APN program and take advantage of the market momentum. Register now!

Driving Customer Success – A Splunk and AWS Blog

by Kate Miller | on | in APN Technology Partners, AWS Competencies, Big Data, Big Data Competency, Partner Guest Post | | Comments

This is a guest blog from Tony Bolander, Manager, Global Strategic Alliances, Splunk 

AWS and Splunk have developed a powerful relationship through the AWS Partner Network (APN) over the past couple years, buoyed by shared customer focus and strategic alignment across executive leadership, engineering, and marketing teams. As I reflect on our work together, it becomes increasingly clear how we have been able to collaborate so well: We’ve found that the principles that form the foundation of what each company does, the Amazon Leadership Principles and Splunk Values, are closely aligned. They gave us a solid foundation to start from, and build upon. Today, I want to discuss how we’ve driven customer success as an APN Advanced Technology Partner by focusing on our customers, building a dedicated AWS-focused team within Splunk, driving innovation and experimentation through a think big mentality, and successfully educating customers and going to market with AWS.

It All Comes Down to the Customer

AWS and Splunk customers innovate at a rapid pace – they introduce new, diverse, and sizable workloads onto AWS and need to ensure security, visibility and operational intelligence are consistent with or better than their previous on-premises experiences. This customer consideration has been the cornerstone of Splunk solution development on AWS, as demonstrated in customer case studies like Autodesk and EnerNOC.  Strong collaboration between the product teams has also been essential for us. Splunk often participates in AWS’s early release and Beta programs to help ensure our customers’ needs are getting visibility as new services from AWS are introduced. Splunk’s own value of “Passionate” has a beautiful synergy with the customer obsession we see at AWS, as we embrace customer requirements and challenges to deliver a best in class solution. Most recently, our collaboration manifested in Splunk being the launch APN partner for AWS Personal Health Dashboard. Splunk was the sole APN Partner fully integrated with the AWS Personal Health Dashboard at launch!

Deep Ownership and Transparency

To be an effective APN Partner, Splunk moves beyond a traditional business development rhythm. There is a global Splunk team dedicated to the AWS relationship. This team owns the overall relationship and coordinates activity with the rest of Splunk. This allows us to better align AWS & Splunk colleagues responsible for demand generation, marketing, social media, public relations, sales, technical services, professional services, product management, development, operations and support. By applying Splunk’s own value of “Open”, we work closely through honest interactions that positively impact our collective goals and objectives.

Drive Simplicity and Innovation

Splunk’s own journey to the AWS Cloud is the epitome of invention and simplification, and combined with our own company value of “Innovative”, we were able to quickly launch Splunk Cloud, a global SaaS offering for machine-data analytics powered by AWS. Splunk has since become an “all-in” AWS customer and is supported by the AWS Partner Network, Sales, Solution Architects, Professional Services, and Executives. AWS also promotes APN Partner invention through a full range of AWS acceleration programs via the AWS Partner Network (APN). These programs help Splunk to quickly and cost-effectively develop new AWS-focused solutions for our customers on AWS. Customers benefit from a simplified process of gaining global insights from their AWS-generated data.

Go Big or Go Home

For Splunk, we think big with Big Data and apply our own value of “Disruptive” when identifying new ways for customers to quickly gain business insights at scale. Most importantly, we ask our customers to Think Big when asking questions of their data through Splunk – this has resulted in a growing set of joint AWS & Splunk success stories including FamilySearch and Adobe. Other AWS partners are also thinking big – this was most notable at AWS re:Invent where Atlassian & Puppet demonstrated their Splunk Apps and Accenture showcased Splunk as part of their Cyber Defense Platform as shown here:

Image 1


Educate and Drive Customer Success

Before taking our solutions to market, Splunk and AWS collaborate early and often to identify ways to serve our customers. Ultimately, it comes down to the following equation for us: leveraging AWS Agility + Splunk Visibility = Cloud Success. With security being the top priority for AWS, we want to ensure our customers hear a clear message from both AWS and Splunk, resulting in a co-authored AWS & Splunk Security Whitepaper. We also deliver an AWS-centric solution that both an advanced AWS user and a new Splunk user can gain value from within a few hours – this manifests itself in the Splunk App for AWS, a fantastic testimony of collaboration, innovation and advanced integration.

Bringing it all together at AWS re:Invent 2016

“Fun” is the final Splunk value, and while it’s not written down – we know our friends at AWS embrace this attitude as well.

In fact, they provided plenty of fun at AWS re:Invent 2016!  This was a fantastic opportunity for AWS customers to get hands-on with AWS & Splunk at the Security Jam or track their water, food, and meds with the Splunk and AWS IoT-based First Responder Service!  We also worked with AWS Marketplace to promote a new version of Splunk Light, bundled with the App for AWS for 6 months for free – we invite you to try it out! *(AWS service charges still apply)

Image 2

This alignment has definitely paid off. Our CEOs recently got together to discuss the importance of collaboration and the results it drives for customers.

Happy Splunking,

Tony Bolander, Manager, Global Strategic Alliances (@tonybolander)

The content and opinions in this blog are those of the third party author and AWS is not responsible for the content or accuracy of this post.

Trends in IoT on AWS, and a Look Back at IoT re:Invent 2016 Announcements

by Kate Miller | on | in APN Technology Partners, AWS Competencies, AWS IoT, IoT, re:Invent 2016 | | Comments

This is a guest post from Tim Mattison. Tim is a Partner SA at AWS who focuses on the IoT segment. 

In a broad sense, IoT is the convergence of embedded systems, communications technology, and cloud. As processing, communication technology and storage costs continue to drop, we find the industry is realizing the value of data previously locked away inside closed, on-premises systems or from legacy systems previously unconnected. The IoT ecosystem can be thought of as the combination of all components enabling customers to remotely manage connected devices, acquire and analyze the data, act intelligently on the data, and adjust the system as required to provide ongoing process improvements. As we jump into 2017, I want to take a moment to recap some of the key trends we saw emerge in IoT on AWS in 2016, and discuss some of the recent announcements we made pertaining to IoT on AWS.

IoT on AWS and Trends in the AWS IoT Partner Ecosytem

At re:Invent we announced the AWS IoT Competency. The AWS IoT Competency consists of five elements that we see as the building blocks of IoT. Edge technology partners build the base layer that defines where and how IoT data is collected. Gateway technology partners aggregate and process edge device data to be delivered to the cloud. Connectivity partners provide mobile data coverage, and device and subscription management to simplify the deployment and management of fleets of edge devices and gateways. Platform technology partners acquire data, analyze and act on it, and adjust the behavior of the system over time. Consulting partners weave all of these elements into systems with specific business value for their customers. The APN Partners that have achieved the AWS IoT Competency have helped us identify several trends in IoT on AWS:

Platform Technology Partners continue to see a steady increase in the types of data, sources of data, and volumes of data ingested every month. Some of this data is stored in data lakes where information can be shared across an organization. This gives teams the freedom to innovate and find new ways to turn vast amounts of data into value for their customers. Some of this data is fed into systems that utilize machine learning that provides focused, actionable data (e.g. predictive maintenance). The industry has only begun to understand what can be done with the vast amount of data ingested and stored in the cloud.

Edge Technology Partners have seen a shift from a large number of proprietary data formats to more open formats such as JavaScript Object Notation (JSON), Amazon Ion, and protocol buffers. Also, companies are moving from long product cycles where functionality is locked in at manufacture time to shorter product cycles where devices are continually updated over-the-air (OTA), increasing the device’s capabilities and value over time. Look no further than Tesla as an example of this, where pushing a software update to the vehicle enables new features for the owner. This highlights how embedded product development is evolving in similar style to the application space, incorporating devops practices to enable rapid innovation and iteration. However, this continual delivery path to the device requires high quality out-of-the-box connectivity.

Gateway Technology Partners have shown us that we are in the midst of a new era of communications technology. There is an increasing number of mature and nascent connectivity choices embedded engineers and application developers can evaluate when developing products and systems for IoT use cases. In the cellular band we see a rapid evolution of low cost options for device connectivity such as Narrow Band Long Term Evolution (NB-LTE) and LTE-M. The Low Power Wide-Area Network (LP-WAN) technologies such as Sigfox and LoRa are maturing at a rapid pace. We are seeing these technologies applied in new classes of devices that can operate on battery power for several years.

Connectivity Technology Partners are innovating in the device and subscription management space in direct response to the increasing number of devices leveraging these next generation connectivity solutions. These systems are designed for fleets of devices at a global scale, providing private networks enabling a secure and direct connectivity channel to the cloud. These platforms often provide tight integration with the connectivity infrastructure to offer secure device provisioning and world-wide connectivity. In addition, there is also a trend toward using new Low-Power Wide-Area Network (LPWAN) technology to create devices that can run on battery power for years and be deployed in locations that were not possible just a few years ago. This is pushing the power of the cloud out even further and propelling the IoT flywheel.

Finally, our Consulting Partners carry the expertise in fusing these solutions together, staying on top of and ahead of the curve, and building solutions that provide greater value than simply the sum of their parts.  They have shown us that there is a clear benefit to IoT partners interoperating to facilitate building the systems their customers need.

AWS has continued to innovate within the IoT space as well. Over the course of the year, our core IoT service, AWS IoT, released several new features driven by customer requirements. Bring-Your-Own-Certificate (BYOC) provides customers greater flexibility in maintaining and managing the chain of trust for the device certificates. Just-In-Time-Registration (JITR) enables customers to customize how new devices are authenticated in the cloud. Websockets and Android SDK support allow developers to build mobile experiences that tie directly into their IoT systems. AWS Elasticsearch integration simplifies visualizing data, creating dashboards, and gaining actionable intelligence with Kibana. Authorization policy updates further enhance the customer’s ability to create fine grained security policies for a single device or a global device fleet.

Greengrass – re:Invent 2016

At re:Invent, AWS announced Greengrass. Greengrass, now in preview, is software that allows customers to accelerate their development of cloud connected sensors, edge devices, and gateways by integrating directly with AWS. Greengrass provides a foundation for on-premises functionality required for many kinds of IoT workloads. With AWS Greengrass, connected devices can run AWS Lambda functions, keep device data in sync, and communicate with other devices securely – even when not connected to the Internet. The AWS Greengrass Core provides support for AWS Lambda and AWS IoT Device Shadows, local messaging, and secure communication.

For our gateway partners, Greengrass allows them to focus on their mission of providing data aggregation, device management, security, and other value added services instead of undifferentiated edge device connectivity. As more devices become Greengrass aware, gateway partners will grow their base of supported edge devices as well as the customer base that their solutions can address. As additional Greengrass features are developed again the value of these systems increase.

For our edge partners, making their devices Greengrass-aware allows them to focus on their mission of providing sensors and edge devices that enable business transformation. Connecting to a Greengrass-enabled gateway means that the same product can be used in on-premises, hybrid, or cloud solutions alleviating the need to develop up to three distinct products. Leveraging the AWS IoT Device SDK with Greengrass functionality means all of the higher level services like AWS IoT Device Shadows are available from the gateway whether the gateway is online or offline.

Whether the workload is latency or bandwidth sensitive, or if availability of connectivity is not guaranteed, Greengrass provides a way to develop using services customers are familiar with and shift intelligence to the edge when it is needed.

Learn More About IoT on AWS

Interested in learning more? Go to AWS IoT, read the documentation and white papers in our developer resources.

Want to dive in immediately? Head over to Getting Started with AWS IoT where you can get up and running in a few minutes, buy an AWS IoT button, or purchase a developer kit.

Do you want to keep on top of what’s new? Go to The Internet of Things on AWS blog, check out our webinars.

Do you have an IoT project that you want to build and are looking for a consulting or technology partner? Use the AWS Partner Solutions Finder to find our full list of AWS IoT partners.

Hear from two of our AWS IoT Competency Partners, C3 IoT and MachineShop, as they discuss why their customers are moving to AWS, and how customers take advantage of their software on AWS:

C3 IoT


How to Best Architect Your AWS Marketplace SaaS Subscription Across Multiple AWS Accounts

by Kate Miller | on | in AWS Marketplace, AWS Partner Solutions Architect (SA) Guest Post, SaaS on AWS | | Comments

This is a guest post from David Aiken. David is a Partner SA who focuses on AWS Marketplace.  

In my first post following the launch of AWS Marketplace SaaS Subscriptions, I provided a quick overview to describe the concepts, integration points, and how to get started with the AWS Marketplace SaaS Subscription feature. In this post, I walk through best practices for architecting your AWS Marketplace SaaS Subscription across multiple AWS accounts. Let’s begin!


Calls to the SaaS Subscriptions APIs, ResolveCustomer and BatchMeterUsage, must be signed by credentials from your AWS Marketplace Seller account. This does not mean that your SaaS code needs to run in the AWS MP Seller account. The best practice is to host your production code in a separate AWS account, and use cross-account roles and sts:AssumeRole to obtain temporary credentials which can then be used to call the AWS MP Metering APIs. This post walks you through how this can be implemented.


In our example, there are two AWS accounts:

  • AWS Marketplace Seller Account – this is the account your organization has registered as a seller in AWS Marketplace. API calls must be authenticated from credentials in this account.
  • AWS Accounts for Production Code – this is the AWS account where your SaaS service is hosted.

Why Use Separate Accounts?

Sellers should only use a single AWS Account as the AWS Marketplace account. This simplifies management and avoids any confusion for customers viewing an ISV’s products and services.

Separating the Seller account from the product accounts means each SaaS service can have its own AWS account, which provides a good security and management boundary. When a seller has multiple products, multiple AWS accounts can be used to further separate environments across teams.

Using different AWS Marketplace seller and production accounts

In this scenario, there are 2 AWS accounts in play. The AWS account registered as an AWS Marketplace Seller (222222222222) and the AWS account where the production code resides (111111111111).

Best Architect_AWS_Marketplace_SaaS_Subscriptions

The Seller Account is registered with AWS Marketplace and does have permissions to call the Metering APIs. The seller account contains an IAM Role, with the appropriate IAM Policy to allow access to the Metering API as well as the permission for the role to be assumed from the Production Account.

The IAM Role in the Seller Account in our example is called productx-saas-role. This has the AWSMarketplaceMeteringFullAccess managed policy attached. The IAM Role has a trust relationship as shown below:

  "Version": "2012-10-17",
  "Statement": [
      "Effect": "Allow",
      "Principal": {
        "AWS": "arn:aws:iam::111111111111:root"
      "Action": "sts:AssumeRole",
      "Condition": {
        "StringEquals": {
          "sts:ExternalId": "someid"

The SaaS application is hosted in the Production Account. This account is not authorized to call the Metering APIs. This account contains an IAM Role and Policy which is attached to the EC2 instances running the hosting application via an EC2 Instance Profile. This provides the instance with temporary credentials which can be used to sign requests to AWS API calls. These temporary credentials are used to call the sts:AssumeRole method, which returns temporary credentials from the seller account. These are used to call the Metering API.

The permissions required to perform the sts:AssumeRole command are:

    "Version": "2012-10-17",
    "Statement": {
        "Effect": "Allow",
        "Action": "sts:AssumeRole",
        "Resource": "arn:aws:iam::222222222222:role/productx-saas-role"

In order for the application to make a call to the Metering API, it must first assume the role in the seller account. This is done by calling the sts:AssumeRole method. If successful, this call returns temporary credentials (secret/access keys). These credentials can then be used to call the Metering API.

The following code snippet shows how you can call the assume_role function in python to obtain the temporary credentials from the seller account.

import boto3

sts_client = boto3.client('sts')

assumedRoleObject = sts_client.assume_role(

credentials = assumedRoleObject['Credentials']

client = boto3.client('marketplace-metering','us-east-1', 
    aws_access_key_id = credentials['AccessKeyId'], 
    aws_session_token = credentials['SessionToken'])


Using a single AWS Account for AWS Marketplace avoids confusion and mistakes. Using cross-account roles allows you to avoid hosting production code in the AWS Account registered as a seller. For more information on SaaS Subscriptions, please visit the AWS Marketplace SaaS Subscriptions page.

Delivering Real-Time Insights to Enterprise Customers – New Relic, an AWS Migration Competency Partner

by Kate Miller | on | in APN Competency Partner, APN Technology Partners, Enterprise, Migration, re:Invent 2016, SaaS on AWS | | Comments

We launched the AWS Migration Competency in June 2016 with one simple goal in mind: to help customers connect with AWS Partners who’ve proven their expertise helping customers of all sizes successfully migrate to AWS. The principle of simplicity has driven the launch of all of our Competencies. Our mission is to make it as easy as possible for customers to find AWS Partners who’ve demonstrated deep expertise in particular solution areas, and we plan to continue to launch Competencies in different areas to reach more use cases on AWS.

New Relic is an Advanced APN Technology Partner who holds the AWS DevOps, AWS Mobile, and AWS Migration Competencies, with particular focus on application testing and monitoring. New Relic offers solutions that provide real-time end-to-end intelligence across customer experiences, application performance, and dynamic infrastructure. As an Advanced APN Partner, the company has built a mature AWS-based business, and has helped a wide range of Enterprise customers successfully take advantage of the benefits of AWS, including, Fairfax Media, FlightStats, MLBAM, and News Corp. NewRelic continues to innovate on AWS, and has recently expanded its solutions portfolio to include New Relic Infrastructure, an infrastructure monitoring solution on AWS. Learn more at

We recently caught up with the New Relic team to learn a little more about what makes them unique as an ISV, how they work with AWS, the migration trends the team is seeing within its customer base, and what’s next for the company on AWS.

Who is New Relic?

New Relic is a leading digital intelligence company that delivers full-stack visibility and analytics to more than 14,000 customers, including more than 40 percent of the Fortune 100. “Our customers include digital-first companies like AirBnB, as well as large enterprises looking to transform for digital era, including GE and MLB Advanced Media,” says John Gray, SVP of Business Development at New Relic. “New Relic helps organizations understand if their apps are up and running, how to improve their digital customer experience, and realize the promise of their digital investments.”

As an Advanced Technology Partner, New Relic works closely with AWS to ensure the performance and success of customers’ applications and infrastructure utilizing AWS services.

Why AWS?

With a deep focus on end customers and their wide range of use cases, New Relic saw the potential to build solutions for customers on AWS. “With a large customer base building cloud-native applications, New Relic recognized the market opportunity to align with companies shifting to cloud usage. AWS provides a flexible and highly scalable solution that allows us to build high availability, highly scalable services in a very timely manner. As a result, it made sense to offer an application and infrastructure performance monitoring solution on AWS,” explains Lee Atchison, Principal Cloud Architect at New Relic. “We use AWS to develop our applications, and deploy highly scalable production services.”

Innovating on AWS

A pure, multi-tenant SaaS platform, the New Relic Digital Intelligence Platform provides visibility into how customers make use of cloud-based services, such as AWS, from within the application and infrastructure running on AWS services. New Relic also provides active monitoring of Amazon Elastic Compute Cloud (Amazon EC2) servers to provide infrastructure-level monitoring and configuration management. “We offer companies the ability to increase their understanding of the behaviors of the AWS services they use, code running on AWS services, trends in digital experiences, and the business outcomes of those experiences,” says Atchison. With the recent addition of New Relic Infrastructure, it includes out of the box integrations to provide expanded native monitoring with popular AWS Services such as Amazon CloudFront, Amazon RDS, AWS Elastic Load Balancing, and more.

As the company continued to build and grow on AWS, New Relic chose to become an APN Partner to demonstrate its strong relationship with AWS to both current and prospective customers.

Customer Migrations to AWS

By helping customers identify, benchmark, and troubleshoot application performance through New Relic Application Performance Monitoring (New Relic APM), New Relic has helped a number of customers successfully migrate to AWS. Fairfax Media, a leading media company in Australia and New Zealand, used New Relic on their on-premises systems while migrating to AWS, and were able to identify potential application issues and fix them before the migration. Dedalus, a Premier AWS Consulting Partner and Systems Integrator, has used New Relic to extend monitoring beyond infrastructure to the application layer, and monitor application queries and health for over 100 of its customers. “Through New Relic APM and New Relic Infrastructure, we’re able to provide customers a seamless diagnostics experience with full stack visibility for their applications running on Amazon EC2,” says Atchison.

For customers about to undergo a large-scale cloud migration, the New Relic team recommends investing in both infrastructure and application-layer performance monitoring. “Monitoring your cloud infrastructure is important, so you don’t find yourself over-provisioned, or under-provisioned in a critical area,” explains Atchison. “However, monitoring infrastructure shouldn’t be the only avenue to monitor your performance. A single query from an application can be the true cause of why your infrastructure isn’t performing as you’d expect. Monitoring performance at the application level to catch these irregularities is also critical.”

New Relic was a launch partner for the AWS Migration Competency, and believes the Competency helps customers understand the company’s level of expertise within the space. “We believe the AWS Migration Competency assures customers and prospects that New Relic has a deep understanding of the migration process to AWS,” says John Gray, SVP of Business Development.

What’s Next?

With the recent launch of New Relic Infrastructure, which is now offered on AWS Marketplace through AWS Marketplace SaaS Subscriptions, the company is looking beyond its expertise in the application performance monitoring space to provide customers the ability to have an end-to-end view of their environment on AWS. “New Relic Infrastructure provides customer with easy dynamic instance monitoring, and the ability to efficiently understand their EC2 usage and optimize usage and cost,” explains Gray.

As an APN Partner, New Relic is working with AWS to explore new marketing opportunities such as videos, shared customer speaking experiences at AWS and New Relic events, workshops, and more. As previously mentioned, New Relic recently listed New Relic Infrastructure on AWS Marketplace and is looking to expand products available on AWS Marketplace.

Lee Atchison, Principal Cloud Architect at New Relic, held two speaking sessions at AWS re:Invent 2016. Check them out:

To learn more about New Relic, visit the company’s listing in the AWS Partner Finder.

Have You Read Our 2016 AWS Partner Solutions Architect Guest Posts?

by Kate Miller | on | in Amazon DynamoDB, Amazon ECS, APN Competency Partner, APN Partner Highlight, APN Technical Content Launch, APN Technology Partners, Automation, AWS CloudFormation, AWS Lambda, AWS Marketplace, AWS Partner Solutions Architect (SA) Guest Post, AWS Product Launch, AWS Quick Starts, Big Data, Containers, Database, DevOps on AWS, Digital Media, Docker, Financial Services, Healthcare, NAT, Networking, Red Hat, SaaS on AWS, Security, Storage | | Comments

In 2016, we hosted 38 guest posts from AWS Partner Solutions Architects (SAs), who work very closely with both Consulting and Technology Partners as they build solutions on AWS. As we kick off 2017, I want to take a look back at all of the fantastic content created by our SAs. A few key themes emerged throughout SA content in 2016, including a focus on building SaaS on AWS, DevOps and how to take advantage of particular AWS DevOps Competency Partner tools on AWS, Healthcare and Life Sciences, Networking, and AWS Quick Starts.

Partner SA Guest Posts

There’ll be plenty more to come from our SAs in 2017, and we want to hear from you. What topics would you like to see our SAs discuss on the APN Blog? What would be most helpful for you as you continue to take advantage of AWS and build your business? Tell us in the comments. We look forward to hearing from you!


The Top 10 Most Popular APN Blog Posts of 2016

by Kate Miller | on | in AWS Partner Solutions Architect (SA) Guest Post, Partner Guest Post | | Comments

What a year it’s been! The goal of the APN Blog was to bring you information on all of the latest news from the APN throughout the year, while also delivering content on a number of technical topics developed by both AWS and APN Partners. Before we wrap up 2016, we want to take a moment and tell you about the most popular blogs published this year.

Without further ado, here are the top 10 most popular APN Blog posts published in 2016:

Stay tuned to the APN Blog throughout the next year for more news on the APN and content on a wide range of business and technical topics. Have a Happy New Year, and we will see you in 2017!

Financial Services Segment re:Invent Recap

by Kate Miller | on | in AWS Competencies, AWS Partner Solutions Architect (SA) Guest Post, Financial Services, re:Invent 2016 | | Comments

This is a guest post from Peter Williams. Peter is a Partner Solutions Architect (SA), and he focuses on the Financial Services segment. 

This year’s AWS re:Invent conference keynotes reminded us that we are at a seminal moment in the history of technological innovation. Businesses are transforming their operating model to take advantage of disruptive technologies enabled by AWS. While this is pertinent to every industry, I believe that it is especially true for Financial Services. Having traditionally been one of the more conservative industries with regard to cloud adoption, banks and insurance companies are now deciding to get out of the data center business and take advantage of the agility and cost savings of building on the AWS Cloud.

A Critical Mass for Financial Services

As Financial Services organizations have leveraged AWS’ pace of innovation and new offerings that simplify accessibility to technologies such as big data analytics, high performance computing and deep learning, a critical mass has formed. Leaps forward in time-to-market are becoming the new normal, replacing incremental evolutionary steps of recent years past. Capitalizing on the newfound elasticity and velocity, firms are enabled to respond to regulatory and customer needs at an unprecedented pace.

Banks and Insurers are now engaged in full-scale transformations to reduce the cost of infrastructure and other non-core competencies, and redirecting their technology investment to expanding and improving their capabilities to serve the customer and advance their market share.

Product and Program Launches

To support this industry transformation, many new capabilities and programs were launched at this year’s AWS re:Invent conference in Las Vegas.  First and foremost was the launch of the AWS Financial Services Competency.  This program helps customers identify and connect with industry-leading Consulting and Technology Partners with solutions for banking and payments, capital markets, and insurance. APN Partners who have achieved the AWS Financial Services Competency have demonstrated industry expertise, readily implemented solutions that align with AWS architectural best practices, and built a deep bench of AWS Trained & Certified individuals.

The launch of the AWS Partner Solutions Finder will also help customers more easily find APN Partners with expertise in the Financial Services industry. Customers can select by industry, use case, and AWS product of interest to identify APN Partners with depth in their area of need.

This re:Invent had no shortage of new product offerings that can help Financial Services organizations optimize their technology investment. Below, I’d like to discuss just a few of the product announcements and how they may impact Financial Services customers and partners. New compute capabilities enable richer functionality, such as the Amazon EC2 F1 Instance, now in preview, with field programmable gate arrays (FPGAs), which customers can program to create custom hardware accelerations for their applications.  New instance types were also announced for the R, T, I and C instance classes, bringing improvements to memory, compute, and I/O throughput.

New AWS service offerings include the fully managed ETL service AWS Glue, which simplifies and automates traditionally difficult and time consuming data discovery, conversion, mapping, and job scheduling tasks. AWS Glue guides you through the process of moving your data with an easy-to-use console that helps you understand your data sources, prepare the data for analytics, and load it reliably from data sources to destinations.

Customers have asked for tools to help them mine transactions, policies, and other types of data stored on Amazon S3. Amazon Athena helps to simplify this process. Amazon Athena is an interactive query service that makes it easy to analyze data in Amazon S3 using standard SQL. Athena is serverless, so there is no infrastructure to manage, and you pay only for the queries that you run.

Large Financial Services firms often need tools to help them run thousands of batch jobs to support applications such as high-performance computing, post-trade analytics, and fraud surveillance. AWS Batch was announced to address these and many other use cases. AWS Batch enables developers to easily and efficiently run hundreds of thousands of computing jobs on AWS, and dynamically provisions the optimal quantity and type of compute resources based on the volume and specific resource requirements of the batch jobs submitted.

Trends for 2017

For Financial Services Partners, one of the key trends discussed at the re:Invent Partner Summit is the move to a software-as-a-service (SaaS) model. Prior to re:Invent, we launched AWS Marketplace SaaS Subscriptions, which you can learn more about here.

SaaS solutions can alleviate the need for customers to manage the software they use.  By eliminating the overhead of managing version upgrades, customers can reduce their total cost of ownership, while taking advantage of new features as soon as they are available. APN Partners can enjoy the competitive advantage of being able to make new features available to all customers without waiting for customer migrations, as well as the lower support cost of maintaining a single version of software. This will be a major driver in 2017 for many Financial Services Partners as they support banks and insurance companies.


We believe 2017 will be transformational for banking, capital markets, and insurance companies, as they continue to realize the benefits of moving to the AWS Cloud. Consulting Partners specializing in end-to-end cloud transformation can catalyze wide-scale adoption across firms transitioning to a new, more agile approach to technology delivery.  And we believe that Technology Partners will play an increasingly important role as customers use their products in new ways to capitalize on a new pace of innovation. Hear from two of our AWS Financial Services Competency Partners, EIS Group and IHS Markit, as they discuss why their customers are moving to AWS, and how customers take advantage of their software on AWS:

EIS Group:

IHS Markit:

Do you want to learn more about Financial Services on AWS? Visit our AWS Financial Services webpage. For more information about the AWS Financial Services Competency, click here.