Managed Services for AWS

One ‘gotcha’ I’ve experienced when discussing cloud ecosystems is that the term ‘managed services’ has drastically different meanings depending on the context. This is unfortunate as it adds extra effort to get to truly valuable conversations around the power of cloud. Below I’ll spell out some of these different meanings in the context of Amazon Web Services (AWS) by answering three questions:

1. What does it mean when AWS says they offer AWS Managed Services?
2. What does it mean when a consulting company says they offer AWS Managed Services?
3. What does it mean when a product is a Managed Service?

What does it mean when AWS says they offer AWS Managed Services?

A: AWS is offering to serve as your outsourced I.T. Infrastructure Team (no DevOps).

AWS itself offers to be an outsourced team for the same services offered above, however they usually stay out of the DevOps business. This means you'll need another vendor to manage application development and the usual capabilities of DevOps (automation, some aspects of provisioning, builds and deployment, etc). AWS will maintain the:

• hardware (disk, CPU, etc)
• supporting virtualization software
• their portal (aka the AWS console)
• networking (as configured by you)
• software services (database, operating system, etc) - though patching and security updates are your responsibility

From a security standpoint relationship is called the AWS Shared Responsibility model, and is described visually below:

What does it mean when a cloud consulting partner says they offer “AWS Managed Services”?

A: They are offering to serve as your outsourced I.T. Infrastructure Team and your DevOps Team.

When your company does not have a dedicated capability in cloud infrastructure and DevOps, you’ll lean into an AWS Managed Services vendor to fill the gap. Generally speaking, the vendor always offers:

• 24x7 support with tight SLAs combined with robust monitoring
• Security, patching, and overall hygiene of the ecosystem
• Automation of builds and deployments
• Provisioning, change management, and cost controls
• Collaboration with developers and stakeholders for continuous improvement

One important element that may be absent here is application feature and security support. While this is a service that can be procured from certain AWS managed service providers, the majority of managed services contracts assume that you have an internal software development team that is focused on those facets of your application.  Even if feature development is not taking place, security updates and updates to keep up with changing devices (new versions of phones, etc.) are an important consideration.

When it comes to security, returning to the AWS shared responsibility model above, the consulting partner should take on a number of activities (described visually below):

Importantly, none of these activities should be taken for granted; this is what Metal Toad provides and some other AWS cloud consulting partners may have different exclusions or fees for service. However, this can provide a jumping off point or talking point where you can achieve clarity around who does what.

What does it mean when a product is a Managed Service?

A: The product abstracts away the underlying infrastructure so your developers can solely focus on application development.

Most cloud services can be broken up into a rule of thirds as so:

• Application: These services are for developers exclusively, and the cloud handles all the managed services away from view.
  • Examples: Amazon Rekognition, AWS Lambda
• Platform: These services are a mix.  In some cases, you can manage the underlying infrastructure, in other cases the underlying infrastructure is viewable but not something you manage. 
  • Examples: Amazon RDS, Amazon Lightsail 
• Infrastructure: These services are the classic ‘hardware in the cloud’, where you move your physical data centers to virtualized machines in the cloud.
  • Examples: Amazon EC2

When talking about products that are ‘fully managed service’, we are mostly talking about the ‘Application’ services above. In some cases, ‘Platform’ services fit in this category as well.

Let us know if you’d like to learn more about cloud services, and the complex approaches to achieving a right-sized outsourcing model for your I.T. teams when the capabilities are not available in house.