Hava Blog and Latest News

In Cloud Computing This Week [Feb 11th 2022]

Written by Team Hava | February 11, 2022

This week's roundup of all the cloud news.


Here's a cloud round up of all things GCP, Azure and AWS for the week ending Friday 11th February 2022

To stay in the loop, make sure you subscribe using the box on the right of this page.

Of course we'd love to keep in touch at the usual places. Come and say hello on:

Facebook.      Linkedin.     Twitter.

AWS Updates and Releases

Source: aws.amazon.com

AWS Glue DataBrew now supports E.164 phone number standardization as a transformation
AWS Glue DataBrew customers are now able to format phone numbers in their datasets to the E.164 standard phone number format using DataBrew’s interactive, point-and-click visual interface. E.164 is the international telephone numbering plan that standardizes a phone number as [+] [country code] [subscriber number including area code] and can have a maximum of fifteen digits. This transformation is intended for AWS users who want to accelerate the standardization of phone numbers for downstream software system integrations without writing any code. 

AWS Glue DataBrew now supports multi-column and custom sort as transformations

AWS Glue DataBrew customers are now able to custom sort one or multiple columns on their datasets in DataBrew. It enables customers to search and group column values more easily. This transformation is intended for users who want to arrange their data in one or more dimensions using various sorting orders without writing any code.

Customers can sort columns in ascending/descending order. Custom sorting allows you to create a specific order to arrange the column values according to your particular needs. You can also view an ordered column immediately without specifying a transformation. Customers can use sorting to organize and experiment with the columns for preliminary analysis on the console, and define sorting transformations for data analysis and reporting.

AWS ParallelCluster now supports multi-user environments through AWS Directory Service

AWS ParallelCluster is a fully supported and maintained open source cluster management tool that makes it easier for scientists, researchers, and IT administrators to deploy and manage high performance computing (HPC) clusters on AWS. AWS ParallelCluster uses a simple text file to model and provision all the resources needed for your HPC applications in an automated and secure manner.

Announcing a new AWS Billing console Home page experience

Starting this week, the AWS Billing console has a new Home page experience, providing an at-a-glance view of your AWS charges.

The AWS Billing console allows you to easily understand your AWS spend, view and pay invoices, manage billing preferences and tax settings, and access additional Cloud Financial Management services. The Billing console Home page helps Finance, DevOps, or FinOps users quickly understand AWS spend and identify top drivers.

AWS Managed Services now available in AWS GovCloud (US) Regions


AWS Managed Services (AMS) Accelerate is now generally available in AWS GovCloud (US), giving customers in both the public and commercial sectors and their partners the benefit of AWS Managed Services’ operational capabilities in the GovCloud region.

AWS Managed Services (AMS) helps you adopt AWS at scale and operate more efficiently and securely. We leverage standard AWS services and offer operational guidance with specialized automations, skills, and experience that are contextual to your environment and applications. AMS provides proactive, preventative, and detective capabilities that raise the operational bar and help reduce risk without constraining agility, allowing you to focus on innovation. AMS Accelerate Operations Plan extends your team with operational capabilities including monitoring, incident detection, security, patch, backup, and cost optimization.

AWS Control Tower now provides updated support for AWS best practices and Region deny

This week, AWS announced new functionality in AWS Control Tower to align AWS Control Tower with recent updates to the AWS Foundational Security Best Practices. As new best practices and controls are identified and developed, it is periodically necessary for AWS Control Tower to add functionality to ensure that your AWS accounts and workloads are in alignment.

The new functionality in this release includes support for lifecycle policy and access logging for the access log bucket as well as adding a dead letter queue for Lambda functions. Additionally, this release updates AWS Control Tower to use AWS Config’s Service Linked Role to setup and manage Config rules to match AWS Config best practices. This change will streamline the AWS Control Tower KMS configuration process for encrypting Config data and improve the related status messaging in CloudTrail.

AWS Announces the General Availability of AWS CloudFormation Hooks

AWS announces the general availability of AWS CloudFormation Hooks, a feature that allows customers to invoke custom logic to automate actions or inspect resource configurations prior to a create, update or delete CloudFormation stack operation. Over 1 million customers use AWS CloudFormation every week to model, provision, and manage their cloud applications and infrastructure in a safe, predictable, and repeatable way.

With AWS CloudFormation Hooks, customers can now validate resource properties and send a warning, or prevent the provisioning operation, for non-compliant resources to reduce security and compliance risk, lower operational overhead, and optimize cost. 

AWS Elemental MediaConnect now supports AWS PrivateLink
AWS Elemental MediaConnect now supports AWS PrivateLink, providing direct access to MediaConnect via a private endpoint within a customer’s virtual private network. Now you can access MediaConnect API using private IP addresses in your Virtual Private Cloud (VPC), eliminating the need to use public IPs.
Many AWS customers want to control live video flows with MediaConnect without using public IPs or proxy servers within their VPC. With support for PrivateLink, you can now provision interface endpoints for MediaConnect in your VPC to connect your on-premises applications directly with MediaConnect over AWS Direct Connect or AWS VPN. Interface VPC endpoints are private endpoints that are assigned private IPs.

AWS Organizations console now lets users centrally manage alternate contacts on AWS accounts

This week, AWS are enhancing the AWS Organizations console to enable you to centrally view and update the alternate contacts for your AWS accounts. To ensure that you receive important notifications about your AWS accounts, AWS previously released the Accounts SDK that enabled you to programmatically manage billing, operations, and security contacts for accounts in your organization. With this launch, you can now also use the console to easily perform this operation without logging into each account. Support for additional account settings will be available in future releases.

Amazon Rekognition Video supports 7 new languages and improves accuracy for text detection

Amazon Rekognition can detect and read text in an image or video, and return bounding boxes for each word found. On 11/17/2021, AWS launched support for 7 new languages in Amazon Rekognition text detection in images - Arabic, Russian, German, French, Italian, Portuguese and Spanish. Amazon Rekognition can automatically detect and extract text in images in all the supported languages, without requiring a language parameter as user input. In addition, Amazon Rekognition delivers higher overall accuracy, with improvements for vertical and curved text.

AWS App Runner adds support for Amazon VPC

AWS App Runner services can now communicate with other applications hosted in an Amazon Virtual Private Cloud (Amazon VPC). You can now connect your App Runner services to databases in Amazon Relational Database Service (Amazon RDS), to Redis caches in Amazon ElastiCache, or to message queues in Amazon MQ. You can also connect your services to your own applications in Amazon Elastic Container Service (Amazon ECS), Amazon Elastic Kubernetes Service (Amazon EKS), or Amazon Elastic Compute Cloud (Amazon EC2). As a result, web applications and APIs running on App Runner can now get powerful support from data services on AWS to build production architectures.

AWS Transfer Family is now available in the AWS Asia Pacific (Osaka) Region

Starting this week, AWS Transfer Family is available in the Asia Pacific (Osaka) Region.

AWS Transfer Family provides fully managed file transfers for Amazon Simple Storage Service (Amazon S3) and Amazon Elastic File System (EFS). With this launch, AWS Transfer Family is now available in 21 commercial AWS regions, AWS GovCloud (US) Regions, Amazon China (Beijing) Region, operated by Sinnet, and the Amazon China (Ningxia) Region, operated by NWCD.

AWS Migration Hub Refactor Spaces – Now Generally Available

Ready to fast-track application refactoring? AWS Migration Hub Refactor Spaces is the new starting point for incremental app refactoring. Using Refactor Spaces, AWS customers focus on refactoring their applications, and not the creation and management of the underlying infrastructure that makes refactoring possible. Refactor Spaces orchestrates AWS services across multiple accounts to create a refactor environment for incrementally evolving an application that helps customers realize value earlier.

This new Migration Hub feature reduces the business risk of evolving applications into microservices or extending existing applications with new features written in microservices.

AWS announces geolocation enrichment for Amazon Fraud Detector Models

AWS are excited to announce the launch of a new geolocation enrichment feature for Amazon Fraud Detector machine learning (ML) models that automatically calculates the distance between the IP address, billing address, and shipping address provided for an event. This helps you to prevent more fraud, particularly when a user attempts to create an account with someone else’s information or make a transaction with someone else’s credit card.

Now consistently deploy Alert Logic MDR Agent across EC2 and On-Premises instances using AWS Systems Manager

Distributor, a capability of AWS Systems Manager, allows you to select from available third-party agents to install and manage on your instances. With this launch, you can deploy the pre-built Alert Logic Managed Detection and Response (MDR) Agent directly from Distributor to your EC2 or on-premises instances without having to create or maintain any software packages.

The Alert Logic MDR is now available along with third-party and AWS agents that are already available by default. You can use Distributor to install or update any of these available agents on your instances or create your own software packages to distribute. Your software packages are stored in Systems Manager, providing a centralized repository with version control.

Amazon S3 Batch Replication synchronizes existing data between buckets
Amazon S3 Replication is an elastic, fully managed, low-cost feature that replicates newly uploaded objects across two or more Amazon S3 buckets, keeping buckets in sync. Now, with S3 Batch Replication, you can synchronize existing objects between buckets.
You can use S3 Batch Replication to backfill a newly created bucket with existing objects, retry objects that were previously unable to replicate, migrate data across accounts, or add new buckets to your data lake.
S3 Batch Replication works on any amount of data, giving you a fully managed way to meet your data sovereignty and compliance, disaster recovery, and performance optimization needs.
You can get started with S3 Batch Replication with just a few clicks in the S3 Console or a single API request.

Amazon SageMaker Autopilot now provides Confusion Matrix and additional new insights for classification problems.

Amazon SageMaker Autopilot automatically builds, trains, and tunes the best machine learning models based on your data, while allowing you to maintain full control and visibility. Starting today, SageMaker Autopilot provides new metrics and reports that provide you better visibility into model performance for classification problems. You can leverage these metrics to gather more insights about the best model in the Model leaderboard.

Amazon DocumentDB (with MongoDB compatibility) R6g and T4g instances are now available in Asia Pacific (Seoul), South America (Sao Paulo), and Europe (Paris) Regions
Amazon DocumentDB (with MongoDB compatibility) is a scalable, highly durable, and fully managed database service for operating mission-critical MongoDB workloads.
Amazon DocumentDB (with MongoDB compatibility) now supports the T4g.medium and R6g instance types (Graviton2 instances) in Asia Pacific (Seoul), South America (Sao Paulo), and Europe (Paris) Regions. Graviton2 instances provide up to 30% performance improvement for Amazon DocumentDB workloads depending on database size.

Amazon VPC now supports an AWS-managed prefix list for Amazon CloudFront

Starting this week, you can use the AWS managed prefix list for Amazon CloudFront to limit the inbound HTTP/HTTPS traffic to your origins from only the IP addresses that belong to CloudFront’s origin-facing servers. CloudFront keeps the managed prefix list up-to-date with the IP addresses of CloudFront’s origin-facing servers, so you no longer have to maintain a prefix list yourself.

Incident Manager from AWS Systems Manager now supports AWS PrivateLink

Incident Manager, from AWS Systems Manager, now supports AWS PrivateLink, providing direct access to incident data via managed VPC endpoints within your virtual private network. AWS Systems Manager is the operations hub for your AWS applications and resources, providing a secure end-to-end management solution for hybrid cloud environments.

IPv6-only subnets and EC2 instances now available in AWS Asia Pacific (Jakarta) region
Amazon Virtual Private Cloud (VPC) now allows you to create IPv6-only subnets in your dual-stack VPCs and launch EC2 instances built on Nitro System in these subnets in AWS Asia Pacific (Jakarta) Region.
AWS customers will be able to create an IPv6-only subnet in an existing dual-stack VPC using AWS Console or EC2 APIs. EC2 instances launched in an IPv6-only subnet and specifically the ENIs attached to them will no longer require private IPv4 addresses to be allocated and assigned. Instead, every ENI created and attached to an instance launched in an IPv6-only subnet will be assigned an IPv6 address from the subnet’s configured IPv6 CIDR range. These instances in the IPv6-only subnet are also able to call the on-instance services over IPv6 link local addresses.

Google Cloud Releases and Updates
Source: cloud.google.com

  Anthos clusters on VMware

A security vulnerability, CVE-2021-4034, has been discovered in pkexec, a part of the Linux policy kit package (polkit), that allows an authenticated user to perform a privilege escalation attack. PolicyKit is generally used only on Linux desktop systems to allow non-root users to perform actions such as rebooting the system, installing packages, restarting services, and so forth, as governed by a policy.

For instructions and more details, see the GCP-2022-004 security bulletin.


BigQuery Omni now supports INFORMATION_SCHEMA.JOBS_* and INFORMATION_SCHEMA.RESERVATION* views. This feature is in Preview. For more information, see View resource metadata (AWS) and View resource metadata (Azure).

Cloud Billing

Starting in February 2022, if you have committed use discounts (CUDs), Google Cloud Billing calculates the attribution for your fees and credits every hour, to help you track costs faster and more accurately.

Learn about how your CUD fees and credits are attributed across your resources.

Cloud Build

Cloud Build's Bitbucket Server and Bitbucket Data Center integration is now generally available. Users can build repositories from Bitbucket Server and Bitbucket Data Center, including on-premises instances. For more information, see Building repositories from Bitbucket Server and Building repositories from Bitbucket Data Center.

Cloud Load Balancing

Network Load Balancing now supports load-balancing ESP (Encapsulating Security Payload) and ICMP (Internet Control Message Protocol) traffic. To handle these protocols, you specify the new L3_DEFAULT protocol on the load balancer's forwarding rule.

For details, see:

This feature is available in General Availability.

External TCP/UDP Network Load Balancing now allows you to configure a connection tracking policy. A connection tracking policy introduces the following new properties to let you customize your load balancer's connection tracking behavior:

To learn about how connection tracking works, see Backend selection and connection tracking.

To learn how to configure a connection tracking policy, see Configure a connection tracking policy.

This feature is available in General Availability.

Network Load Balancing introduces a new monitoring resource type loadbalancing.googleapis.com/ExternalNetworkLoadBalancerRule that lets you monitor all the supported protocols including TCP, UDP, ESP, and ICMP.

For details, see Monitoring Network Load Balancing.

This feature is available in Preview. 

Cloud Logging

Compute Engine resource names, alongside their corresponding resource IDs, are now supported in the Logs Explorer. For details, see View Compute Engine logs.

Cloud Monitoring

You can now view information about your user-defined metrics by using the Diagnostics tab located on the Metrics Explorer page. The Diagnostics tab displays summary information about the user-defined metrics your project injests, charts usage metrics, lists all user-defined metrics. You can use features on this page to create alerts, view audit logs, and get detailed information about individual metrics. For more information, see View metric diagnostics.

Using the new Integrations page in the Google Cloud Console, you can now configure third-party application integrations that the Ops Agent supports. The Integrations page provides links to install instructions, displays example dashboards, and lists the metrics and logs that the Ops Agent collects for each integration. For more information, see Manage integrations

Cloud Router

Bidirectional Forwarding Detection (BFD) for Cloud Router is Generally Available (GA).

Cloud Spanner

Query statistics now cover DML statements, including inserts, updates, and deletes.

Cloud Spanner's CPU Utilization metrics now provide grouping by all task priorities: low, medium, and high.

Relatedly, Cloud Spanner's monitoring console now lets you view the CPU utilization of your instance by operation type, filtered by task priority.

Cloud SQL for PostgreSQL

Cloud SQL supports the max_parallel_maintenance_workers, max_parallel_workers,
max_parallel_workers_per_gather, and max_pred_locks_per_transaction flags:

    • max_parallel_maintenance_workers sets the maximum number of parallel workers that can be started by a single utility command.
    • max_parallel_workers sets the maximum number of workers that the system can support for parallel operations.
    • max_parallel_workers_per_gather sets the maximum number of workers that can be started by a single Gather or Gather Merge node.
    • max_pred_locks_per_transaction controls the average number of object locks allocated for each transaction.

For more information, see Supported flags.

Cloud SQL supports the wal_receiver_timeout and wal_sender_timeout flags:

    • The wal_receiver_timeout flag ends replication connections that are inactive for the specified time.
    • The wal_sender_timeout flag, which is for detection by the ending server, ends replication connections that are inactive for the specified time.

For more information, see Supported flags.

Cloud SQL for SQL Server

Cross-region replication is now generally available in Cloud SQL for SQL Server.

You can use replication to scale the use of data in a database without degrading performance. Other reasons include migrating or maintaining data duplicates between regions.

For more information, see Replication in Cloud SQL.

SQL Server 2019 is now the default version. See Database versions and version policies.

Compute Engine 

Public Preview: You can now use the security keys registered for 2-Step Verification in your Google account to connect to VMs that use OS Login. For more information, see Enable security keys with OS Login.


Added cluster_type field to job and operation metrics in Cloud Monitoring.

Google Cloud Armor

Google Cloud Armor Rate Limiting is now in General Availability.


Versions 1.21.9-gke.300, 1.22.6-gke.300, and 1.23.2-gke.300 contain a fix for a race condition which could result in erroneously detaching all endpoints from network endpoint groups for a short period.

Memorystore for Redis

Added support for upgrading the Redis version of an instance to any higher version.

Security Command Center


Access-related details are now available as finding attributes for all Security Command Center services. These attributes relate to an access event associated with a finding. They contain details such as the caller's IP address, which service and method was called, and what region the access event occurred in. Although access-related attributes are available across all built-in and integrated services, they're only populated by Event Threat Detection at this time.

Previously, the following Event Threat Detection rules were made temporarily unavailable because they were generating extraneous findings:

    • Persistence: New API Method
    • Persistence: New Geography

The underlying issue has been resolved. These rules are now operational. For more information, see Event Threat Detection rules.

Storage Transfer Service

Support for agent pools is now generally available (GA) .

You can use agent pools to create isolated groups of agents as a source or sink entity in a transfer job. This enables you to transfer data from multiple data centers and filesystems concurrently, without creating multiple projects for a large transfer spanning multiple filesystems and data centers.

Microsoft Azure Releases And Updates
Source: azure.microsoft.com

Generally available: Find developer resources easily with the IoT Central GitHub repository

Easily find developer resources and sample code for building Azure IoT Central solutions at the new Azure IoT Central GitHub repository.

Generally available: Improved getting started material in Azure IoT Central documentation

New FAQ articles and a re-organized landing page and table of contents improves your ability to find the information you need about Azure IoT Central.

Generally Available: Search results page improvements in Azure IoT Central

Filtering and highlighting matched values have been added to IoT Central search results allowing for richer search experience.

Generally available: Azure Site Recovery update rollup 60 - January 2022

Review the improvements and fixes provided in Update Rollup 60.

Public preview: Azure Bastion now supports file transfer via the native client

Azure Bastion offers support for file transfer between your target VM and local computer using Bastion and a native RDP or SSH client.

Generally Available: Recovery points extended to 15 days with Azure Site Recovery

The extended recovery points give you flexibility in how you want to manage recovery points and the ability to recover older recovery points if you missed detecting them.

Generally available: Regional deployments for all new and existing IoT Central applications

All previously created IoT Central applications in a geography are now mapped to standard Azure region.

Private preview: AKS cluster persistent volume backup

AKS persistent volume backup provides backup and restore ability for the persistent volumes of your Azure Kubernetes Service (AKS) cluster.


Have you tried Hava automated diagrams for AWS, Azure and GCP.  Get back your precious time and sanity and rid yourself of manual drag and drop diagram builders forever.
Hava automatically generates accurate fully interactive cloud infrastructure and security diagrams when connected to your AWS, Azure or GCP accounts. Once diagrams are created, they are kept up to date, hands free. 

When changes are detected, new diagrams are auto-generated and the superseded documentation is moved to a version history. Older diagrams are also interactive, so can be opened and individual resources inspected interactively, just like the live diagrams.
Check it out for free here: