Multicloud on AWS features

Managing multiple cloud environments can create operational challenges. With AWS, you can simplify and centralize your multicloud operations across environments for secure and seamless management, compliance, and observability. Using AWS Systems Manager you can manage, update, and patch nodes such as EC2 instances, servers and virtual machines (VMs) on AWS, on premises, and on other clouds such as Microsoft Azure. For example, you can automate tasks against Azure resources. Additionally, you can centralize configuration management and compliance reporting to monitor the configurations of tens of thousands of VMs, managed databases, storage, and networking components from AWS and other cloud providers with AWS Config. You can aggregate and immutably store activity logs from both AWS and other clouds, then analyze this data using SQL queries using AWS CloudTrail Lake, a single location of immutable user and API activity events for auditing and security investigations. If you use Infrastructure as Code (IaC) tools such as HashiCorp Terraform to manage multicloud infrastructure, you can also use the Terraform AWS Cloud Control (AWS CC) Provider to provision and manage AWS features and services with the latest AWS innovations.

If you have limited visibility across diverse cloud environments, AWS helps you monitor and understand the behavior, performance, and health of your resources across multicloud environments. Set alarms; collect logs, metrics, and events; and monitor workloads, VMs, and containers across environments with Amazon OpenSearch Service as well as Amazon CloudWatch, including Microsoft Azure and Google Cloud Platform. Amazon CloudWatch also supports data querying from multiple sources, such as Amazon OpenSearch Service, Amazon Managed Service for Prometheus, Azure Monitor, and your own custom data sources, enabling you to gain visibility and set alarms across your hybrid and multicloud metrics in a single view, without the extra costs of duplicating metrics or switching tools. You can also create custom alerts for application performance with Amazon Managed Service for Prometheus and create, explore, and share observability dashboards with Amazon Managed Grafana.

Building and deploying machine learning (ML) models and AI applications across cloud environments can be complicated and time-consuming. AWS services help you take advantage of large language models (LLMs) and ML technologies in a multicloud environment. You can build and train ML models in AWS and deploy it in another cloud provider. For example, you can train the model using Amazon SageMaker, store the model artifacts in Amazon S3, and deploy and run the model in Azure. In a few steps, you can easily use SageMaker Jumpstart to deploy pre-built foundation or third-party ML models. You can also use Amazon Bedrock to build and scale generative AI applications using foundation models from a variety of cloud providers. AWS provides support for scenarios where you bring your own model to SageMaker or into SageMaker Canvas for predictions.

Driving insights from disparate sources in a multicloud environment can require using multiple queries and workarounds to access the data. AWS offers analytics and ML services that allow you to gain insights from all your data, whether it’s stored on AWS or other clouds, on premises, at the edge, in SaaS applications, or in analytics services. Easily connect to data in applications including Adobe, Google Analytics, Google BigQuery, Salesforce, SAP, ServiceNow, and Zendesk and run analytics or machine learning.

You can query and surface insights from data stored in various external data sources—including relational, nonrelational, object, and other cloud data stores—without copying or transforming data with Amazon Athena. You can use Athena to run interactive queries across multiple systems of record, create unified datasets for business intelligence, and prepare data for use in ML training. For example, the Amazon Athena connector for Google BigQuery enables Amazon Athena to run SQL queries on your Google BigQuery data.

With Amazon AppFlow you can automate bi-directional data flows between SaaS applications and AWS services in just a few clicks. Run the data flows at the frequency chosen, whether on a schedule, in response to a business event, or on demand. Simplify data preparation with transformations, partitioning, and aggregation. Automate preparation and registration of your schema with the AWS Glue Data Catalog so you can discover and share data with AWS analytics and machine learning services.

Moving and preparing data in a multicloud environment can require repeatedly running and managing multiple scripts. You can move data between AWS, on-premises file systems, and other cloud storage services using AWS DataSync, a secure service that automates and accelerates the movement of data between storage systems without needing to write and run scripts to manage repeated transfers. With DataSync, you can access data across 12 storage locations spanning other clouds, on-premises, and edge, and move it to and from AWS to support workflows and processing.

Make data preparation easier with AWS Glue, a serverless data integration service. With AWS Glue, you can discover and connect to over 80 diverse data sources, including other cloud databases, such as Google BigQuery, and analytics services. You can also manage your data in a centralized data catalog, and visually create, run, and monitor ETL (extract, transform, and load) pipelines to load data into your data lakes. You can move data bidirectionally between Amazon S3, and either Azure Blob Storage or Azure Dake Lake Storage, via connectors. You can also leverage new database connectors for AWS Glue Apache Spark, including Teradata, SAP HANA, Azure SQL, Azure Cosmos DB, Vertica, and MongoDB.

Want to safely collaborate with your partners without copying or sharing source data, oftentimes with datasets stored outside AWS? With AWS Clean Rooms, you can leverage privacy-enhancing controls to gain insights collaborating with your partners’ datasets across multiple data sources and clouds, such as Amazon S3, Amazon Athena, and Snowflake, with zero ETL (extract, transform, and load) and without needing to copy, share, or move your underlying data.

Networking across multiple cloud environments adds operational complexity. AWS Transit Gateway and AWS Cloud WAN let you centrally manage and connect your Amazon VPCs and on-premises networks, including connections to multiple cloud providers, making it easier to create and manage complex network topologies while reducing operational overhead. AWS Direct Connect provides dedicated network connections from external cloud infrastructure to AWS. AWS Site-to-Site VPN creates encrypted tunnels between other cloud networks and AWS.

Deploying and configuring a multicloud Kubernetes cluster can be complex. Amazon Elastic Kubernetes Service (EKS) runs upstream Kubernetes and is certified Kubernetes-conformant, so you can use all the existing plug-ins and tooling from the Kubernetes community to save time in development and deployment in multicloud environments. Easily migrate any standard Kubernetes application to Amazon EKS without refactoring your code, and vice-versa, helping speed up migration or deployment in another cloud. Applications running on Amazon EKS are compatible with applications running on any standard Kubernetes environment, whether running in on other clouds or on-premises. And you can view and explore all of your Kubernetes clusters, applications, and associated cloud resources running in multicloud environments in the Amazon EKS console using the Amazon EKS Connector.

Analyzing security data and managing identities and permissions from across your multicloud environment means having to collect it from different sources and locations. Centralize and analyze security data in multicloud environments to improve the protection of your workloads, applications, and data. AWS Security Lake is the first data lake to support the open standard for security data defined by the Open Cybersecurity Schema Framework (OCSF), which was co-founded by AWS. With Security Lake, you can automatically collect and combine security data from AWS and a broad range of enterprise security data sources that support the OCSF standard. You can use AWS CloudTrail Lake as a single location of immutable user and API activity events for auditing and security investigations, and with AWS Secrets Manager, you can store and manage secrets in multicloud or on-premises workloads from a secure and central place.

Securely manage identities and permissions to AWS resources for your applications and infrastructure running in multicloud environments. With AWS IAM Identity Center, you can create and manage user identities in AWS or connect to your existing identity source, including Microsoft Active Directory, Okta, Ping Identity, JumpCloud, Google Workspace, and Azure Active Directory. You can also provide temporary AWS resource access for your server, container, and application workloads running in multicloud environments with AWS IAM Roles Anywhere.

Since its inception, AWS has been the best place to build and run open source software in the cloud. AWS offers a broad portfolio of managed open source services, allowing customers to choose the right open source solution for their needs with the added advantage of the agility, elasticity, cost savings, and global scale of our cloud.

AWS offers managed versions of popular open source software including Kubernetes, Apache Kafka, Apache Airflow, Grafana, Prometheus, PostgreSQL, MariaDB, MySQL, Jupyter, Envoy, and OpenZFS. Customers can also choose to deploy their preferred open source software on top of the Linux workload of their choice. To assist in this, we provide Amazon Linux, an application environment, and Amazon Linux 2, a Linux operating system, available at no additional cost to customers that offer long-term support with access to the latest open source innovations in Linux.

Additionally, AWS recognizes the importance to our customers of sustaining critical open source projects and has ongoing investments with Linux Foundation projects, such as OpenSearch and Valkey.

Accessing Oracle Database Services on OCI and migrating Oracle Exadata workloads can require database and application changes. Oracle Database@AWS, an offering from AWS and Oracle in limited preview, enables customers to access Oracle Database Services on Oracle Cloud Infrastructure (OCI) managed Exadata infrastructure within AWS data centers. Customers with Oracle Database services also deployed on other cloud providers can use this feature for their multicloud needs. You can easily and quickly migrate Oracle Database workloads, including Oracle Real Application Clusters (RAC) workloads, to Oracle Exadata Database Service within AWS with minimal to no changes. Modernize mission-critical applications and develop new intelligent applications with a low-latency network connection between Oracle databases and AWS services. Oracle Database@AWS also enables customers to maintain full feature and architecture compatibility, performance, and availability as on-premises environments, with a unified experience between Oracle and AWS for purchasing, management, operations, and support.

Some customers operate in a location where their primary cloud service provider has only one region. By adding AWS, they can improve their resilience. Each AWS Region is comprised of at least three independent, physically separate Availability Zones (AZs), enabling high availability and fault isolation for applications built across multiple AZs. From the ground-up, AWS builds resilience into its infrastructure, service design and deployment, operational models, and mechanisms, making AWS the most reliable cloud to build on.