LogiCast AWS News: Cloud Provider Market Power, CodeBuild Security, and Q Developer CLI

In the latest episode of LogiCast, the AWS News podcast brought to you by Logicata, host Karl Robinson and co-host Jon Goodall were joined by returning guest Warren Parad, CTO of Authress, to discuss the latest developments in the world of AWS and cloud computing.

AWS Managed Microsoft Active Directory Security

The first topic of discussion was a recent AWS Security blog post about automatically disabling users in AWS Managed Microsoft Active Directory based on GuardDuty findings. Jon expressed his frustration with the complexity of the solution, describing it as a “Rube Goldberg machine” – a term for an unnecessarily complicated contraption designed to perform a simple task.

According to Jon, “This thing is a beast, honestly. It’s quite challenging to get up and running. If you go and deploy the AWS managed active directory to your AWS account, you may spend an hour or more waiting for it just to get deployed, and it doesn’t come with its own API.”

Warren added, “If you’re stuck in this situation, then unfortunately, you need this whole math just to make it happen.” Both experts agreed that the solution seems overly complex for what should be a relatively straightforward task.

Amazon Q Developer CLI and Modern Serverless Solutions

The conversation then shifted to a blog post about building modern serverless solutions using Amazon Q Developer CLI. Warren expressed skepticism about the claims made in the post, stating, “The interesting thing is that all it does is it adds plug-ins to Q Developer to do serverless-like things that it didn’t know how to do before. Unfortunately, even in the examples in this blog post, they aren’t good recommendations.”

Jon echoed this sentiment, saying, “I don’t know, like I say, MCP is a bit beyond me. It’s one of those things that’s come out of left field. And I don’t know, I’m hoping it’s a flash in the pan and it’ll all go away again.”

Defense in Depth Security for CodeBuild Pipelines

The discussion then moved to an article about defense in depth security for CodeBuild pipelines. Warren explained the potential use case: “You may get pull requests into your repository, and those pull requests are going to be from your local team, and you may want to deploy some infrastructure to test that pull request. And when you’re going about that, you may be concerned that the software or the code changes that are in that pull request are malicious in nature.”

Jon expressed confusion about the necessity of such measures, stating, “How much defense in depth security do you need for something that you shouldn’t be running in a public workspace, you shouldn’t be running publicly anyway, and should be behind, you know, security groups and doing all that sort of thing.”

Cloud Provider Quarterly Results

The podcast then delved into the recent quarterly results announcements from major cloud providers. Warren noted that Amazon’s operating income had increased from $9 billion to $10 billion year-over-year. He also highlighted the significant growth differences between cloud providers, with Google Cloud Platform (GCP) and Microsoft Azure reporting growth rates of nearly 40%, compared to AWS’s 18-19% growth.

Jon cautioned against drawing too many conclusions from these numbers, stating, “I struggle with numbers this big and you think it’s nearly 40% growth for the other players and it’s only 18%, but it’s on these ridiculous billions and billions of numbers.”

Warren added that it’s difficult to make direct comparisons due to the different ways companies report their cloud revenue, noting that Microsoft often includes Office 365 in their cloud earnings.

UK Competition and Markets Authority Probe

The final topic of discussion was the ongoing probe by the UK’s Competition and Markets Authority (CMA) into major cloud service providers. The CMA has found that both Microsoft and Amazon have “significant unilateral market power” in the UK cloud market, while Google was not included in this finding.

Jon expressed frustration with the lengthy investigation, stating, “The CMA just needs to sod off at this point. This has been going on for so long, I’m bored of it now.”

Warren offered an international perspective, noting that in Switzerland, there’s less concern about cloud provider dominance due to the slower adoption of cloud services in sectors like banking and healthcare. He also criticized the regulatory approach, suggesting that rewarding smaller providers for compliance might be more effective than punishing larger ones: “If you comply with this regulation and get audited, we will give you $1 million or, or euros or pounds or whatever, because that €1 million pounds, francs, whatever is worthless to Google and Azure, um, and AWS, but it’s worth a lot to smaller companies.”

The hosts and guest agreed that the barrier to entry for new cloud providers is extremely high, making it difficult for smaller players to compete with the established hyperscalers.

Conclusion

As the cloud computing landscape continues to evolve, issues of market dominance, security, and regulatory oversight remain at the forefront of industry discussions. While the major cloud providers continue to grow and innovate, concerns about their market power and the challenges faced by smaller competitors persist. As always, the LogiCast team will continue to monitor these developments and provide insights for AWS users and the broader cloud community.

This is an AI generated piece of content, based on the Logicast Podcast Season 4 Episode 31.