This week's roundup of all the cloud news.
Here's a cloud round up of all things GCP, Azure and AWS for the week ending Friday 21st January 2022
Here are Hava we released a stack of new features including several improvements to the AWS security group view, launched the much anticipated Azure security view, made a change to how connections are displayed on infrastructure diagrams and released SSO for business accounts. You can read all about the January releases here:
To stay in the loop, make sure you subscribe using the box on the right of this page.
Of course we'd love to keep in touch at the usual places. Come and say hello on:
AWS Updates and Releases
AWS are announcing the support of using Apache Spark SQL to update Glue Data Catalog tables when using Amazon EMR integration with AWS Lake Formation.
Amazon EMR integration with AWS Lake Formation allows you to define and enforce database, table, and column-level permissions when Apache Spark users access data in Amazon S3 through the Glue Data Catalog. Previously, with AWS Lake Formation integration is enabled, you were limited to only being able to read data using Spark SQL statements such as SHOW DATABASES and DESCRIBE TABLE. Now, you can also insert data into, or update the Glue Data Catalog tables with these statements: INSERT INTO, INSERT OVERWRITE, and ALTER TABLE.
Starting this week, AWS customers can use ED25519 keys to prove their identity when connecting to EC2 instances using EC2 Instance Connect and EC2 Serial Console from the CLI.
EC2 Instance Connect is a simple and secure way to connect to your instances using Secure Shell (SSH). Aside from leveraging the one time use SSH keys generated each time an authorized user connects, you can also connect your existing SSH keys. In addition to RSA based keys, EC2 customers can now use ED25519 key pairs, an elliptic curve based public-key system commonly used for SSH authentication, to authenticate with EC2 Instance Connect.
AWS Lambda now supports Max Batching Window, a new feature that allows developers to fine tune Lambda invocation for cost optimization. This feature gives you additional control on batching behavior when processing data from Amazon MSK, Apache Kafka, Amazon MQ for Apache Active MQ and RabbitMQ as event sources.
Amazon FSx for NetApp ONTAP now provides metrics in Amazon CloudWatch, enabling you to monitor and alarm on performance and storage usage metrics for your file systems and volumes.
FSx for ONTAP is a storage service that provides the familiar features, performance, capabilities, and APIs of NetApp file systems with the agility, scalability, and simplicity of a fully managed AWS service. Starting today, you can monitor your file systems and volumes without any additional configuration in the Amazon FSx and Amazon CloudWatch consoles.
AWS Panorama is now available in the Asia Pacific (Sydney), and Asia Pacific (Singapore) Regions.
AWS Panorama is a machine learning (ML) appliance and software development kit (SDK) that brings computer vision (CV) to on-premises internet protocol (IP) cameras. With AWS Panorama, companies can use compute power at the edge (without streaming video to the cloud) to improve their operations, by automating visual inspection tasks like evaluating manufacturing quality, finding bottlenecks in industrial processes, and assessing worker safety within their facilities.
Trusted Advisor provides recommendations that help you follow AWS best practices. Trusted Advisor uses checks to evaluate your account, which identify ways to optimize your AWS infrastructure, improve security and performance, reduce costs, and monitor service quotas. With this launch, not only can you view a more in-depth assessment of your security posture without leaving Trusted Advisor, but your AWS Technical Account Managers have more context to quickly assist you in improving your security posture.
This week, AWS announced the availability of four new AWS Wavelength Zones on Verizon’s 5G Ultra Wideband network in Charlotte, Detroit, Los Angeles, and Minneapolis. Wavelength Zones are now available in 17 major cities in the US, including the previously announced cities of Atlanta, Boston, Chicago, Dallas, Denver, Houston, Las Vegas, Miami, New York City, Phoenix, San Francisco, Seattle, and Washington DC.
AWS Wavelength and Verizon 5G Edge bring the power of the world’s leading cloud closer to mobile and connected devices at the edge of the Verizon 5G Ultra Wideband network. Wavelength embeds AWS compute and storage services at the edge of communications service providers’ 5G networks while providing seamless access to cloud services running in an AWS Region. By doing so, AWS Wavelength minimizes the latency and network hops required to connect from a 5G device to an application hosted on AWS.
Amazon MQ now provides support for RabbitMQ version 3.8.26. This patch update to RabbitMQ contains several fixes and enhancements compared to the previously supported version, RabbitMQ 3.8.23.
Amazon MQ is a managed message broker service for Apache ActiveMQ and RabbitMQ that makes it easier to set up and operate message brokers on AWS. Amazon MQ reduces your operational responsibilities by managing the provisioning, setup, and maintenance of message brokers for you. Because Amazon MQ connects to your current applications with industry-standard APIs and protocols, you can more easily migrate to AWS without having to rewrite code.
Amazon Nimble Studio today supports the ability for administrators to validate their launch profile configurations directly from the console, which can help them enhance the artist’s experience when provisioning a workstation.
Nimble Studio customers can utilize launch profiles to define access to AWS resources and thereby allow artists to connect to managed workstations. As the needs of studios change, administrators may update their AWS resources such as their VPC, storage systems, license servers, and their corresponding launch profiles which can inadvertently result in instance launch failures that prevent artists accessing a workstation. Starting today, administrators can validate launch profile configuration changes on the same workstations an artist uses for tasks directly from the Nimble Studio console, and can see launch profiles marked as “Ready” or “Impaired” based on validation results. The new launch profile validation feature is designed to help administrators reduce failed launches of virtual workstations, thereby reducing the negative impact on artists.
Google Cloud Releases and Updates
Anthos Service Mesh
Version 1.12 is now available for managed Anthos Service Mesh and is rolling out into the Rapid Release Channel.
Version 1.11 has been promoted to the Regular Release Channel, and version 1.10 has been promoted to the Stable Release Channel.
See Select a managed Anthos Service Mesh release channel for more information.
Managed Anthos Service Mesh now supports GKE Autopilot in the Regular and Rapid channels. For more information, see Configure managed Anthos Service Mesh.
Managed Anthos Service Mesh control plane now displays its provisioning status in the ControlPlaneRevision API. For more information, see Verify the control plane has been provisioned.
Managed Anthos Service Mesh now supports deploying a proxy built on the distroless base image. Note that distroless proxy images do not work with managed data plane.
The distroless base image ensures that the proxy image contains the minimal number of packages required to run the proxy. This improves security posture by reducing the overall attack surface of the image and gets cleaner results with CVE scanners. See Distroless proxy image for more information.
App Engine standard environment Java
Updated Java SDK to version 1.9.94.
App Engine standard environment Python
Google Cloud Deploy now automatically applies provenance labels to deployed resources.
Cloud Load Balancing
The default behavior for HTTP/3 and Google QUIC is changing for global external HTTP(S) load balancers. The default setting of
quicOverride=NONE will now advertise support for HTTP/3 to your clients. This change is currently rolling out globally.
If you don't want this behavior to change, you can disable HTTP/3 by setting
DISABLE. For instructions, see Configuring HTTP/3.
Learn about the differences between multi-tenancy and sole-tenancy by reading the new About VM tenancy document.
Generally available: You can now use the SSH troubleshooting tool to help you determine the cause of failed SSH connections.
Generally Available: Configure commitments to renew automatically. For more information, see Renew commitments automatically.
Added support for Dataproc Metastore's beta
NetworkConfig field. Beta services using this field can now be used in conjunction with v1 Dataproc clusters.
Dataproc extracts the warehouse directory from the Dataproc Metastore service for the cluster-local warehouse directory.
New sub-minor versions of Dataproc images:
Migrated to Eclipse Temurin JDK in image versions 1.4, 1.5, and 2.0.
Upgraded Log4j version to 2.17.1 in image versions 1.4, 1.5, and 2.0.
The Cloud Storage connector jar is installed on the Solr server (even if
dataproc:solr.gcs.path property is not set). Applies to image versions 1.4, 1.5, and 2.0.
Dialogflow CX now provides an IDENTITY system function, which is useful to copy a composite parameter object in a parameter preset field.
VPC-scoped DNS for GKE using Cloud DNS is now generally available for GKE versions 1.21 and later. This allows for seamless VPC-wide DNS resolution of GKE Services. Note that cluster-scoped DNS using Cloud DNS is still in public preview.
A new kubernetes metric, Network policy event count (kubernetes.io/pod/network/policy_event_count), is available (beta) for GKE Dataplane V2 clusters in GKE versions 1.22.3-gke.700 and later.
This metric can be viewed in the Metrics Explorer in Cloud Monitoring for resource type, Kubernetes Pod.
This metric provides visibility into network policy events and shows the Change in the number of network policy events seen in the dataplane, each event has the following metric labels:
- verdict: Policy verdict, possible values: [allow, deny].
- workload_kind: Kind of the workload, policy-enforced-pod belongs to, for example, "Deployment", "Replicaset", "StatefulSet", "DaemonSet", "Job", or "CronJob".
- workload_name: Name of the workload, policy-enforced-pod belongs to.
- direction: Direction of the traffic from the point of view of policy-enforced-pod, possible values: [ingress, egress].
In addition to these metric labels, customers can also see usual resource labels for resource type, Kubernetes Pod: project_id, location, cluster_name, namespace_name, and pod_name.
This metric can be used for setting up automated alerts for specific behaviors (denials higher than a threshold), identifying security issues, gaining better understanding of traffic flow, and troubleshooting.
Network Intelligence Center
Overly permissive rule insights are now generally available. For information about these insights, see the Firewall Insights overview.
VPC Service Controls
Preview support for the following integration:
- Image streaming for container images stored in Artifact Registry.
Workflows is now certified as SOC 1 compliant.
Microsoft Azure Releases And Updates
Secure your custom domains with a free certificate provisioned, managed, and automatically renewed by Azure API Management.
You can now see multiple improvements to the Copy Dashboard preview and try out a new feature which automatically retry a task in a pipeline when it fails.
Scheduled Query Rules API version 2021-08-01 is now available and fully supported, replacing API version 2021-02-01-preview.
Connect Azure Cache for Redis to storage accounts via managed identity.
TARGET RETIREMENT DATE: JANUARY 31, 2022
Transition to Scheduled Query Rules API version 2021-08-01 before 31 January 2022.
General Availability enhancements and updates released for Azure SQL
New features now available in General Availability include add multiple private endpoints for workspaces, and support for storage account IP firewall.
When exporting data to event hub, you now have the flexibility to create multiple rules and event hub names to the same event hub namespace. This feature is in preview.
With 1-minute frequency log alerts, query can be evaluated every minute for faster time to fire.
The ‘Create alert rule’ experience has been simplified and converted into a step wizard, which is now generally available.
Data intensive AKS workloads can now take advantage of Azure ultra disks.
You can now create FIPS 140-2 enabled node pools in AKS
You can now run Windows workloads on containerd in AKS
Azure Kubernetes (AKS) now supports several new upgrade events to help customers understand and view their upgrade status in the portal or via the CLI.
You no longer need to specify the exact Kubernetes patch version number in your setup.
New compliance certifications are now available on Azure Database for PostgreSQL – Hyperscale (Citus), a managed service running the open-source Postgres database on Azure
Azure Database for PostgreSQL – Hyperscale (Citus) is now available in the Central India and East Asia regions to distribute your Postgres database across multiple machines using sharding.
Generally available: Azure IoT Edge tools for Visual Studio extension now supports Visual Studio 2022
Download and install the Azure IoT Edge tools for Visual Studio extension that includes latest features and .NET 6 support in Visual Studio 2022.
Participate in the retail evaluation now to ensure full compatibility. The OS evaluation period provides 14 days for backward compatibility testing.
Have you tried Hava automated diagrams for AWS, Azure and GCP. Get back your precious time and sanity and rid yourself of manual drag and drop diagram builders forever.
Hava automatically generates accurate fully interactive cloud infrastructure and security diagrams when connected to your AWS, Azure or GCP accounts. Once diagrams are created, they are kept up to date, hands free.
When changes are detected, new diagrams are auto-generated and the superseded documentation is moved to a version history. Older diagrams are also interactive, so can be opened and individual resources inspected interactively, just like the live diagrams.
Check it out for free here: