AWS Partner Network (APN) Blog

Partner SA Roundup- June 2017

For this month’s Partner SA roundup, AWS Partner SAs Juan Villa, Pratap Ramamurthy, and David Potes discuss three APN Technology Partners: Cloud Conformity, Kinetica, and Vault. Let’s dive in!


Cloud Conformity, by Juan Villa


Have you ever wanted to have an always-available advisor who specializes in cloud operations? An advisor that can find opportunities to increase the security, reliability, performance, and operational excellence of your systems, while also helping you decrease costs? Cloud Conformity is a SaaS platform that does exactly this. They have built a continuous assurance tool that builds on the AWS Well-Architected Framework, as well as additional best practices, to provide you with detailed and accurate advice.

Getting started is easy. All you have to do is create an account on their website, and then follow the setup wizard. This wizard will instruct you to create a cross-account role in your AWS account to give Cloud Conformity read-only access to your resources. Cloud Conformity uses this information, along with over 250 rules, to drive the automated logic that powers the advisor and ultimately the recommendations they make to you.

You might be wondering how Cloud Conformity improves your security posture or provides you with recommendations to reduce cost. Let’s consider two examples. To see how they handle security, let’s say you’ve created a Linux-based EC2 instance and configured it with a security group that allows access to the SSH port from anywhere in the world. That’s probably the easiest way to get started, but it isn’t best practice from a security standpoint. Cloud Conformity’s engine constantly scans your account, taking into consideration all the configured rules. One of these is a rule to detect security groups that have broad open access to the Internet. When Cloud Conformity detects the insecure security group, it generates an alert to notify you, and even provides you with detailed steps on how to remediate this issue.

For our second example, Cloud Conformity can find opportunities for cost optimization in many areas.  For example, it analyzes the usage of EC2 instances by using Amazon CloudWatch metrics, such as CPU usage, reported by the instance. As the administrator of the Cloud Conformity account, you can configure the usage thresholds that define a mostly idle instance, and Cloud Conformity will help identify oversized instances. It will even help you find possible cost saving opportunities by identifying instances that would benefit from Reserved Instance allocations!

We’ve only scratched the surface of what Cloud Conformity can do. Cloud Conformity currently has over 250 rules in its engine, and this list is growing. They have detailed and thorough documentation and a very easy to use platform. I encourage you to check them out at and get started today!


Kinetica, by Pratap Ramamurthy and Juan Villa


Some applications generate rapid streams of information like Twitter feeds and equity trades. These streams can be stored and analyzed to derive insights at a later point in time. However, analyzing streams in real time and taking automated actions can provide much higher value to the business. Real-time analysis can be difficult though, due to factors such as the volume and size of the stream, scaling, and the dimensions of the data being analyzed; for example, in geospatial location analysis and advanced analysis like natural language processing (NLP).

There are now new ways of using graphics processing unit (GPU) technology. While GPUs were originally intended for video rendering and gaming applications, their power can be harnessed for other tasks as well. A single GPU instance, such as the AWS p2.16xlarge instance type, contains 16 NVIDIA Tesla K80 GPUs, each with 4992 NVIDIA CUDA cores and 24 GiB of on-board memory.

Kinetica, is a GPU-accelerated, in-memory database for powering analytics workloads. It is designed to take advantage of the parallel processing ability of GPUs to provide low-latency, high-performance analytics on large datasets at rest or streaming. It makes processing of complex real-time data faster and easier on AWS and you can feed a real-time stream into a Kinetica database, and run SQL queries on the stream in real time.  Kinetica integrates with several different data sources, as well as feeding various BI, GIS and other third-party applications for visualization and additional analysis.

With Kinetica, an orchestration layer with user-defined functions enables organizations to develop sophisticated data science models on the same database platform they’re using for business analytics. This means that companies can bypass the arduous step of first transforming the data and moving it back and forth between a database and a separate data science system.

Kinetica also provides a web-based visualization framework called Reveal that makes it easy and quick to explore geospatial data, as shown in the following screenshot.

This framework also integrates with the Kinetica geospatial pipeline for advanced mapping and interactive location-based analytics.  With Kinetica, machine learning, deep learning, natural language processing, and OLAP workloads can all now be performed from a single solution through C++, Java, Python, SQL, and your favorite point-and-click BI tool.

I encourage you to check out Kinetica’s product on the AWS Marketplace. You can also read additional information on the features and benefits of Kinetica on AWS by reading their most recent partner brief.



Vault, by David Potes


Managing secrets in a cloud infrastructure presents new opportunities and challenges for developers and administrators who are looking to improve security by securing, storing, and tightly controlling secrets.  With Vault, by Hashicorp, you have a powerful tool that tightly integrates with AWS to help administrators manage this infrastructure.

Vault has a notion of auth backends, one of which they have developed specifically for authenticating to your AWS resources. This backend treats AWS as a trusted third party, which means, in most cases, that no pre-provisioning of security-sensitive credentials (e.g., tokens, passwords, client certificates) is necessary. It handles leasing, key revocation, key rolling, and auditing. Users can access an encrypted key/value store and generate IAM and AWS STS credentials.

HashiCorp is an AWS standard partner and holds the DevOps competency, focusing on Configuration Management.

It’s easy to give Vault a try! Check out the interactive tutorial that HashiCorp provides, or use our Vault Quick Start to spin up an instance for yourself. If you’d like to learn more about how Fanatics, the online retailer for licensed sports apparel, uses Vault to secure their highly elastic AWS infrastructure, take a look at this webinar I presented with Seth Vargo and Paulo Machado from HashiCorp.