re:Play party - re:Invent 2023

re:Invent 2023 recap

I’m back from re:Invent and still trying to adjust my sleep schedule (I’m on the East Coast and go to bed early; 6 pm Las Vegas time is my biological clock’s bedtime).

This year was one of my favorite re:Invents. I got to meet old and new co-workers and hang out with a lot of Community Builders and AWS Heroes, talk to service teams about what they should do to make their products work more for the security 99%. I got to a couple of good chalk talks on GenAI and GenAI security, which will help inform my poking at that over the holidays.

As for announcements, in the last seven days, there were 195 things posted to AWS What’s New. These are the ones I care to follow up on.

For simplicity, we’ll break them down into:

AWS Heroes
A group of Heroes is called a Bucket

Security Features

Security Hub


Amazon Inspector

Amazon Detective

Amazon Detective is a costly service, so I’ve avoided using it since the beta. However, I think it’s been a few years (four), and maybe it’s time to revisit it.

IAM Access Analyzer

I think it’s note worthy that while the original “is my bucket or queue public?” checks are free, IAM Access Analyzer is charging for these two new features:

Other Security stuff

Picture of a Mimosa
This is how I watch the keynotes
Picture of Chris & Corey
AWS Hero and AWS Villain

Cloud Governance & Costs

Serverless stuff

St. marks Sq in the Venetian
I'm always going to the _wrong_ St. Marks Square
Hanging out with former and future co-workers

GenAI & Bedrock

I first saw ChatGPT in action in the lounge on the way home from last year’s re:Invent. It was clear that re:Invent 2023 was always going to be the year of GenAI announcements.

Amazon Q

Amazon Q is AWS’s answer to ChatGPT. It’s an interactive Large Language Model (LLM) that’s all over. It’s a widget in the Console, and it’s an enterprise solution, and it’s a chatbot in Slack. It’s an omnipotent practical joker that can tell you about un-released features. It might very well be an internal Sev 2.

These are the announcements:

There is honestly nothing in the Q family (and let’s face it, this is like SageMaker or CloudWatch, a ton of products rolled under a single name for confusion marketing purposes) that is worth the hassle or risk.

Q Chat
Q Hallucinates Infinidash
Q Chat
Q Gets IAM Wrong

Q Chat
Q Can't tell the years 2022 and 2023 apart
Q Chat
Q Doesn't take correction like ChatGPT

From what I can gather from docs, There are three versions of Q: Amazon Q (For Business Use), Amazon Q (For AWS Builder Use) and Amazon Q in Connect.

There are two Q Boto3 services: Q Connect and Q Business.

The AWS IAM Service Authorization Reference lists three IAM prefixes: q for Amazon Q (For AWS Builder Use), qbusiness for Amazon Q (For Business Use), and wisdom for Amazon Q in Connect

These can be blocked via SCP.

GenAi Coding


Model Availability

Models are the “code” in these GenAI systems. They are trained on large data sets for a generic purpose. GPT-3 and GPT4 from OpenAI are also models.

I know nothing about these models other than Stable Diffusion does images, and it means I can use AWS rather than Discord to create the cool images I keep seeing on the internet.

Vector Database enhancements for your models

Vector Databases are how models “read” your internal private data. By making your data available via Vector search, the models can return results based on their generic training data in addition to your proprietary data.

Other nifty stuff that may only matter to me

I just wanna Snark

Selfie by the AWS Sign
Obligatory Selfie by the AWS Sign
Strip seen from the Airport
Till next year!

That’s it. My time in Vegas was long, and I’m glad to be home. Pro-tip for anyone doing sales dinners - the Sphere has club-level boxes, and sunday night only two were being used.