Here's a cloud round up of all things GCP, Azure and AWS for the week ending Friday 11th February 2022
To stay in the loop, make sure you subscribe using the box on the right of this page.
Of course we'd love to keep in touch at the usual places. Come and say hello on:
Source: aws.amazon.com
AWS Glue DataBrew customers are now able to custom sort one or multiple columns on their datasets in DataBrew. It enables customers to search and group column values more easily. This transformation is intended for users who want to arrange their data in one or more dimensions using various sorting orders without writing any code.
Customers can sort columns in ascending/descending order. Custom sorting allows you to create a specific order to arrange the column values according to your particular needs. You can also view an ordered column immediately without specifying a transformation. Customers can use sorting to organize and experiment with the columns for preliminary analysis on the console, and define sorting transformations for data analysis and reporting.
AWS ParallelCluster is a fully supported and maintained open source cluster management tool that makes it easier for scientists, researchers, and IT administrators to deploy and manage high performance computing (HPC) clusters on AWS. AWS ParallelCluster uses a simple text file to model and provision all the resources needed for your HPC applications in an automated and secure manner.
Starting this week, the AWS Billing console has a new Home page experience, providing an at-a-glance view of your AWS charges.
The AWS Billing console allows you to easily understand your AWS spend, view and pay invoices, manage billing preferences and tax settings, and access additional Cloud Financial Management services. The Billing console Home page helps Finance, DevOps, or FinOps users quickly understand AWS spend and identify top drivers.
AWS Managed Services (AMS) Accelerate is now generally available in AWS GovCloud (US), giving customers in both the public and commercial sectors and their partners the benefit of AWS Managed Services’ operational capabilities in the GovCloud region.
AWS Managed Services (AMS) helps you adopt AWS at scale and operate more efficiently and securely. We leverage standard AWS services and offer operational guidance with specialized automations, skills, and experience that are contextual to your environment and applications. AMS provides proactive, preventative, and detective capabilities that raise the operational bar and help reduce risk without constraining agility, allowing you to focus on innovation. AMS Accelerate Operations Plan extends your team with operational capabilities including monitoring, incident detection, security, patch, backup, and cost optimization.
This week, AWS announced new functionality in AWS Control Tower to align AWS Control Tower with recent updates to the AWS Foundational Security Best Practices. As new best practices and controls are identified and developed, it is periodically necessary for AWS Control Tower to add functionality to ensure that your AWS accounts and workloads are in alignment.
The new functionality in this release includes support for lifecycle policy and access logging for the access log bucket as well as adding a dead letter queue for Lambda functions. Additionally, this release updates AWS Control Tower to use AWS Config’s Service Linked Role to setup and manage Config rules to match AWS Config best practices. This change will streamline the AWS Control Tower KMS configuration process for encrypting Config data and improve the related status messaging in CloudTrail.
AWS announces the general availability of AWS CloudFormation Hooks, a feature that allows customers to invoke custom logic to automate actions or inspect resource configurations prior to a create, update or delete CloudFormation stack operation. Over 1 million customers use AWS CloudFormation every week to model, provision, and manage their cloud applications and infrastructure in a safe, predictable, and repeatable way.
With AWS CloudFormation Hooks, customers can now validate resource properties and send a warning, or prevent the provisioning operation, for non-compliant resources to reduce security and compliance risk, lower operational overhead, and optimize cost.
This week, AWS are enhancing the AWS Organizations console to enable you to centrally view and update the alternate contacts for your AWS accounts. To ensure that you receive important notifications about your AWS accounts, AWS previously released the Accounts SDK that enabled you to programmatically manage billing, operations, and security contacts for accounts in your organization. With this launch, you can now also use the console to easily perform this operation without logging into each account. Support for additional account settings will be available in future releases.
Amazon Rekognition can detect and read text in an image or video, and return bounding boxes for each word found. On 11/17/2021, AWS launched support for 7 new languages in Amazon Rekognition text detection in images - Arabic, Russian, German, French, Italian, Portuguese and Spanish. Amazon Rekognition can automatically detect and extract text in images in all the supported languages, without requiring a language parameter as user input. In addition, Amazon Rekognition delivers higher overall accuracy, with improvements for vertical and curved text.
AWS App Runner services can now communicate with other applications hosted in an Amazon Virtual Private Cloud (Amazon VPC). You can now connect your App Runner services to databases in Amazon Relational Database Service (Amazon RDS), to Redis caches in Amazon ElastiCache, or to message queues in Amazon MQ. You can also connect your services to your own applications in Amazon Elastic Container Service (Amazon ECS), Amazon Elastic Kubernetes Service (Amazon EKS), or Amazon Elastic Compute Cloud (Amazon EC2). As a result, web applications and APIs running on App Runner can now get powerful support from data services on AWS to build production architectures.
Starting this week, AWS Transfer Family is available in the Asia Pacific (Osaka) Region.
AWS Transfer Family provides fully managed file transfers for Amazon Simple Storage Service (Amazon S3) and Amazon Elastic File System (EFS). With this launch, AWS Transfer Family is now available in 21 commercial AWS regions, AWS GovCloud (US) Regions, Amazon China (Beijing) Region, operated by Sinnet, and the Amazon China (Ningxia) Region, operated by NWCD.
Ready to fast-track application refactoring? AWS Migration Hub Refactor Spaces is the new starting point for incremental app refactoring. Using Refactor Spaces, AWS customers focus on refactoring their applications, and not the creation and management of the underlying infrastructure that makes refactoring possible. Refactor Spaces orchestrates AWS services across multiple accounts to create a refactor environment for incrementally evolving an application that helps customers realize value earlier.
This new Migration Hub feature reduces the business risk of evolving applications into microservices or extending existing applications with new features written in microservices.
AWS are excited to announce the launch of a new geolocation enrichment feature for Amazon Fraud Detector machine learning (ML) models that automatically calculates the distance between the IP address, billing address, and shipping address provided for an event. This helps you to prevent more fraud, particularly when a user attempts to create an account with someone else’s information or make a transaction with someone else’s credit card.
Distributor, a capability of AWS Systems Manager, allows you to select from available third-party agents to install and manage on your instances. With this launch, you can deploy the pre-built Alert Logic Managed Detection and Response (MDR) Agent directly from Distributor to your EC2 or on-premises instances without having to create or maintain any software packages.
The Alert Logic MDR is now available along with third-party and AWS agents that are already available by default. You can use Distributor to install or update any of these available agents on your instances or create your own software packages to distribute. Your software packages are stored in Systems Manager, providing a centralized repository with version control.
Amazon SageMaker Autopilot automatically builds, trains, and tunes the best machine learning models based on your data, while allowing you to maintain full control and visibility. Starting today, SageMaker Autopilot provides new metrics and reports that provide you better visibility into model performance for classification problems. You can leverage these metrics to gather more insights about the best model in the Model leaderboard.
Starting this week, you can use the AWS managed prefix list for Amazon CloudFront to limit the inbound HTTP/HTTPS traffic to your origins from only the IP addresses that belong to CloudFront’s origin-facing servers. CloudFront keeps the managed prefix list up-to-date with the IP addresses of CloudFront’s origin-facing servers, so you no longer have to maintain a prefix list yourself.
Incident Manager, from AWS Systems Manager, now supports AWS PrivateLink, providing direct access to incident data via managed VPC endpoints within your virtual private network. AWS Systems Manager is the operations hub for your AWS applications and resources, providing a secure end-to-end management solution for hybrid cloud environments.
A security vulnerability, CVE-2021-4034, has been discovered in pkexec, a part of the Linux policy kit package (polkit), that allows an authenticated user to perform a privilege escalation attack. PolicyKit is generally used only on Linux desktop systems to allow non-root users to perform actions such as rebooting the system, installing packages, restarting services, and so forth, as governed by a policy.
For instructions and more details, see the GCP-2022-004 security bulletin.
BigQuery
BigQuery Omni now supports INFORMATION_SCHEMA.JOBS_* and INFORMATION_SCHEMA.RESERVATION* views. This feature is in Preview. For more information, see View resource metadata (AWS) and View resource metadata (Azure).
Cloud Billing
Starting in February 2022, if you have committed use discounts (CUDs), Google Cloud Billing calculates the attribution for your fees and credits every hour, to help you track costs faster and more accurately.
Learn about how your CUD fees and credits are attributed across your resources.
Cloud Build
Cloud Build's Bitbucket Server and Bitbucket Data Center integration is now generally available. Users can build repositories from Bitbucket Server and Bitbucket Data Center, including on-premises instances. For more information, see Building repositories from Bitbucket Server and Building repositories from Bitbucket Data Center.
Cloud Load Balancing
Network Load Balancing now supports load-balancing ESP (Encapsulating Security Payload) and ICMP (Internet Control Message Protocol) traffic. To handle these protocols, you specify the new L3_DEFAULT protocol on the load balancer's forwarding rule.
For details, see:
This feature is available in General Availability.
External TCP/UDP Network Load Balancing now allows you to configure a connection tracking policy. A connection tracking policy introduces the following new properties to let you customize your load balancer's connection tracking behavior:
To learn about how connection tracking works, see Backend selection and connection tracking.
To learn how to configure a connection tracking policy, see Configure a connection tracking policy.
This feature is available in General Availability.
Network Load Balancing introduces a new monitoring resource type loadbalancing.googleapis.com/ExternalNetworkLoadBalancerRule that lets you monitor all the supported protocols including TCP, UDP, ESP, and ICMP.
For details, see Monitoring Network Load Balancing.
This feature is available in Preview.
Cloud Logging
Compute Engine resource names, alongside their corresponding resource IDs, are now supported in the Logs Explorer. For details, see View Compute Engine logs.
Cloud Monitoring
You can now view information about your user-defined metrics by using the Diagnostics tab located on the Metrics Explorer page. The Diagnostics tab displays summary information about the user-defined metrics your project injests, charts usage metrics, lists all user-defined metrics. You can use features on this page to create alerts, view audit logs, and get detailed information about individual metrics. For more information, see View metric diagnostics.
Using the new Integrations page in the Google Cloud Console, you can now configure third-party application integrations that the Ops Agent supports. The Integrations page provides links to install instructions, displays example dashboards, and lists the metrics and logs that the Ops Agent collects for each integration. For more information, see Manage integrations
Cloud Router
Bidirectional Forwarding Detection (BFD) for Cloud Router is Generally Available (GA).
Cloud Spanner
Query statistics now cover DML statements, including inserts, updates, and deletes.
Cloud Spanner's CPU Utilization metrics now provide grouping by all task priorities: low, medium, and high.
Relatedly, Cloud Spanner's monitoring console now lets you view the CPU utilization of your instance by operation type, filtered by task priority.
Cloud SQL for PostgreSQL
Cloud SQL supports the max_parallel_maintenance_workers, max_parallel_workers,max_parallel_workers_per_gather, and max_pred_locks_per_transaction flags:
max_parallel_maintenance_workers sets the maximum number of parallel workers that can be started by a single utility command.max_parallel_workers sets the maximum number of workers that the system can support for parallel operations.max_parallel_workers_per_gather sets the maximum number of workers that can be started by a single Gather or Gather Merge node.max_pred_locks_per_transaction controls the average number of object locks allocated for each transaction.For more information, see Supported flags.
Cloud SQL supports the wal_receiver_timeout and wal_sender_timeout flags:
wal_receiver_timeout flag ends replication connections that are inactive for the specified time.wal_sender_timeout flag, which is for detection by the ending server, ends replication connections that are inactive for the specified time.For more information, see Supported flags.
Cloud SQL for SQL Server
Cross-region replication is now generally available in Cloud SQL for SQL Server.
You can use replication to scale the use of data in a database without degrading performance. Other reasons include migrating or maintaining data duplicates between regions.
For more information, see Replication in Cloud SQL.
SQL Server 2019 is now the default version. See Database versions and version policies.
Compute Engine
Public Preview: You can now use the security keys registered for 2-Step Verification in your Google account to connect to VMs that use OS Login. For more information, see Enable security keys with OS Login.
Dataproc
Added cluster_type field to job and operation metrics in Cloud Monitoring.
Google Cloud Armor
Google Cloud Armor Rate Limiting is now in General Availability.
GKE
Versions 1.21.9-gke.300, 1.22.6-gke.300, and 1.23.2-gke.300 contain a fix for a race condition which could result in erroneously detaching all endpoints from network endpoint groups for a short period.
Memorystore for Redis
Added support for upgrading the Redis version of an instance to any higher version.
Security Command Center
Access-related details are now available as finding attributes for all Security Command Center services. These attributes relate to an access event associated with a finding. They contain details such as the caller's IP address, which service and method was called, and what region the access event occurred in. Although access-related attributes are available across all built-in and integrated services, they're only populated by Event Threat Detection at this time.
Previously, the following Event Threat Detection rules were made temporarily unavailable because they were generating extraneous findings:
Persistence: New API MethodPersistence: New GeographyThe underlying issue has been resolved. These rules are now operational. For more information, see Event Threat Detection rules.
Storage Transfer Service
Support for agent pools is now generally available (GA) .
You can use agent pools to create isolated groups of agents as a source or sink entity in a transfer job. This enables you to transfer data from multiple data centers and filesystems concurrently, without creating multiple projects for a large transfer spanning multiple filesystems and data centers.
Microsoft Azure Releases And Updates
Source: azure.microsoft.com
Easily find developer resources and sample code for building Azure IoT Central solutions at the new Azure IoT Central GitHub repository.
New FAQ articles and a re-organized landing page and table of contents improves your ability to find the information you need about Azure IoT Central.
Filtering and highlighting matched values have been added to IoT Central search results allowing for richer search experience.
Review the improvements and fixes provided in Update Rollup 60.
Azure Bastion offers support for file transfer between your target VM and local computer using Bastion and a native RDP or SSH client.
The extended recovery points give you flexibility in how you want to manage recovery points and the ability to recover older recovery points if you missed detecting them.
All previously created IoT Central applications in a geography are now mapped to standard Azure region.
AKS persistent volume backup provides backup and restore ability for the persistent volumes of your Azure Kubernetes Service (AKS) cluster.
Have you tried Hava automated diagrams for AWS, Azure and GCP. Get back your precious time and sanity and rid yourself of manual drag and drop diagram builders forever.
Hava automatically generates accurate fully interactive cloud infrastructure and security diagrams when connected to your AWS, Azure or GCP accounts. Once diagrams are created, they are kept up to date, hands free.
When changes are detected, new diagrams are auto-generated and the superseded documentation is moved to a version history. Older diagrams are also interactive, so can be opened and individual resources inspected interactively, just like the live diagrams.
Check it out for free here: