Single Account Limitations in AWS

Single Account Limitations in AWS

Today we’ll be taking a look at the different single account limitations imposed on any AWS implementation and the factors that influence these limitations (as well as those that may alleviate them).

Resilience and Network Connectivity | Two halves that need to combine for optimal service provision

Resiliency is a somewhat elusive term, especially for IT laymen. When we think of resilient systems or connections, we think of critical systems that must be made as resistant to failure as possible. While this is a workable definition for practical purposes, it doesn’t capture the true essence of resiliency.

Your first assumption when trying to build a resilient system should be that everything fails. While it may be possible in certain cases, some failures cannot be prevented by proactive action and may only be addressed once the event occurs. Resiliency, then, becomes less about preventing failure than it is about reducing the impact a particular failure has on service delivery. You’re not building systems that won’t fail, but rather, systems that won’t noticeably fail. This involves adding redundancies to your architecture so that a failed system can be readily abandoned in favor of a working one. How resilient your system is becoming is how quickly and painlessly this switch can be orchestrated.

Resilience within a cloud infrastructure is only as useful as your connection to those services is robust. If your network connectivity fails you or lags, your experience of cloud-based services will naturally suffer. While the AWS service suite does account for this to some degree, especially with the introduction of AWS Direct Connect (which is a private connection between you and Amazon and thus doesn’t rely on your ISP), these services come with additional overheads that many enterprises simply cannot afford.

Availability and Instance and Service Limits | an example of technical limitations that can be improved but not overcome

You might have heard of the nines of availability or a five-nine system. The nines are a measure of the degree of service providers you can expect to maintain over a period of time. Two nines would mean a system that is available 99 percent of the time, while five-nines describe a system available 99.999 percent of the time. While both of those numbers seem pretty high in the context of a single day, you can see the difference between them as you scale from days to months and then to years.

99 percent availability means roughly 15 minutes of downtime in a day, around 7 hours in a month, and over three days of downtime in a year. To compare, five-nines availability means less than one second of downtime in a day and under six minutes every year.

Coming back to systems, software applications that are of the utmost importance, such as payment settlement, require that even the near-zero downtime of five nine availability be mitigated to where it’s actually non-existent. This means having concurrent active systems running at all times and in different locations (for disaster-proofing purposes). While most resource management won’t be as critical, there are still multiple options available for people who want to manage their other dependencies flexibly without leaving too much room for things to go wrong.

Instance and service limits are also very difficult variables to track, especially if you’re working with multiple instances and a plethora of services. You can manage these to an extent through your dashboard, but again, it’s many numbers to constantly keep in mind. In terms of the limits themselves, you can overcome them by operating multiple accounts. These accounts do provide you with better security (as in through a Multi-account infrastructure, though this might be difficult to scale, especially if you don’t have access to the necessary professional talent, but more on that under the next subtopic).

Hiring AWS professionals Vs. Paying more for less

The AWS Systems Suite has evolved to meet the needs of the day, sure, but it’s also grown to the point where it’s practically a domain within computer science on its own. You can probably count on your fingertips the number of people who have experience or knowledge of Amazon’s entire offering. Consulting for AWS services has developed into an industry of its own, and helping businesses plan out the best AWS implementation for them is a very lucrative skill.

We’re saying that AWS is a massive subject area that requires years of dedicated study and experience to master, and all the while, it’s still expanding rapidly. Cloud implementations can be difficult enough when they’re generic, but when you’re working with AWS, you’ll need people who can manage your implementation for you, requesting additional resources and helping you scale it as the need arises. This is a very complex process, with many options available to you at every step of the way, so hiring the right person for the job is critical. This might not be preferable for some businesses, especially considering the price tag associated with the skillset (remember, it’s both extremely current, complex, and rapidly evolving; that’s a recipe for a high value professional if we’ve ever seen one).

The Alternative is subscribing to a service like Amazon Transit Gateway, making your resource management virtually automatic. You still have to plan out your software suite, but luckily, Amazon’s happy to do that for you – for a price. Depending on which level of package you’ve opted for within your services, you’ll only get a certain amount of Technical Support before having to pay more, and those costs add up quickly. For high value, high volume services like Amazon EMR and Amazon Redshift, some large-scale enterprises pay in the hundreds of thousands of dollars just to be able to adequately manage and use their suite, whether it’s in salaries or checks to Amazon.

Recommendations for Single Account Limitations in AWS

When faced with single account limitations in AWS, consider using multiple AWS accounts. This approach improves security as systems can be segmented for further controls in access and sharing of AWS resources. So, use multiple AWS accounts when you hit the limitations of a single AWS account.

Further blogs within this Single Account Limitations in AWS and Cut Legacy Systems into MicroServices category.