29 min read

In Cloud Computing This Week [Jan 21st 2022]

January 21, 2022

This week's roundup of all the cloud news.

 

Cloud_News_Roundup

Here's a cloud round up of all things GCP, Azure and AWS for the week ending Friday 21st January 2022

Here are Hava we released a stack of new features including several improvements to the AWS security group view, launched the much anticipated Azure security view, made a change to how connections are displayed on infrastructure diagrams and released SSO for business accounts. You can read all about the January releases here: 

https://www.hava.io/blog/hava-updates-january-2022 

To stay in the loop, make sure you subscribe using the box on the right of this page.

Of course we'd love to keep in touch at the usual places. Come and say hello on:

Facebook.      Linkedin.     Twitter.


Getting_Started_aws_logo

AWS Updates and Releases

Source: aws.amazon.com

 
AWS Security Hub is now integrated with AWS Health and automatically receives security-related findings from AWS Health to provide you with a more complete view of your AWS security posture. AWS Health delivers alerts about your resource performance and the availability of your AWS services and accounts. AWS Health alerts also cover some security topics, and those security-related alerts are now sent to Security Hub. Examples of security-related alerts from AWS Health include alerts about compromised AWS access keys, security alerts about an AWS service (e.g., an older version of a AWS RDS database that needs to be upgraded due to a known vulnerability), or alerts about operational issues associated with an AWS security service (e.g., a regional outage).

 

AWS are announcing the support of using Apache Spark SQL to update Glue Data Catalog tables when using Amazon EMR integration with AWS Lake Formation.

Amazon EMR integration with AWS Lake Formation allows you to define and enforce database, table, and column-level permissions when Apache Spark users access data in Amazon S3 through the Glue Data Catalog. Previously, with AWS Lake Formation integration is enabled, you were limited to only being able to read data using Spark SQL statements such as SHOW DATABASES and DESCRIBE TABLE. Now, you can also insert data into, or update the Glue Data Catalog tables with these statements: INSERT INTO, INSERT OVERWRITE, and ALTER TABLE.

 
Amazon Rekognition content moderation is a deep learning-based feature that can detect inappropriate, unwanted, or offensive images and videos, making it easier to find and remove such content at scale. Amazon Rekognition provides a detailed taxonomy across 35 sub-categories and 10 distinct top-level moderation categories

 
You can now use the Amazon S3 Object Ownership setting, Bucket owner enforced, to disable access control lists (ACLs) in the AWS China (Beijing), AWS China (Ningxia), and AWS GovCloud (US) Regions, simplifying access management for data stored in S3. When you apply this bucket-level setting, every object in an S3 bucket is owned by the bucket owner, and ACLs are no longer used to grant permissions. As a result, access to your data is based on policies, including AWS Identity and Access Management (IAM) policies applied to IAM identities, session policies, Amazon S3 bucket and access point policies, and Virtual Private Cloud (VPC) endpoint policies. This setting applies to both new and existing objects in a bucket, and you can control access to this setting using IAM policies. With the new S3 Object Ownership setting, you can easily review, manage, and modify access to your shared data sets in Amazon S3 using only policies.

 
ROSA provides a managed OpenShift experience integrated with AWS. Customers can accelerate application development by leveraging OpenShift APIs and tools for deployments on AWS. Starting now, you can enable ROSA from the AWS Console and launch ROSA clusters in the Asia Pacific (Osaka) Region.

 
AWS Client VPN now provides the ability for all customers to display a customizable banner on the AWS Client VPN Desktop application when a VPN session is established. The banner text can contain privacy and security notices that will be displayed to end-users before granting VPN access. Customers will now be able to configure the banner text using the AWS Console or API, and be displayed on the AWS Client Desktop applications (AWS Client VPN for Windows v2.0.0 or higher, AWS Client VPN for MacOS v2.0.0 or higher, AWS Client VPN for Ubuntu Linux v2.0.0 or higher). Customers will also be able to configure the maximum session duration to can help them meet certain security and compliance requirements. The maximum session duration is a trigger by which end-users are required to re-authenticate prior to establishing a VPN session.

 

Starting this week, AWS customers can use ED25519 keys to prove their identity when connecting to EC2 instances using EC2 Instance Connect and EC2 Serial Console from the CLI.

EC2 Instance Connect is a simple and secure way to connect to your instances using Secure Shell (SSH). Aside from leveraging the one time use SSH keys generated each time an authorized user connects, you can also connect your existing SSH keys. In addition to RSA based keys, EC2 customers can now use ED25519 key pairs, an elliptic curve based public-key system commonly used for SSH authentication, to authenticate with EC2 Instance Connect. 


 
Amazon Relational Database Service (Amazon RDS) in Asia Pacific (Osaka) now offers export of snapshot data to Amazon S3 in Apache Parquet format, an efficient open columnar storage format for analytics. The Parquet format is up to 2x faster to export and consumes up to 6x less storage in Amazon S3, compared to text formats. The exported data can be analyzed using AWS tools such as Amazon Athena and Amazon SageMaker, or an open source big data framework such as Apache Spark.

 

AWS Lambda now supports Max Batching Window, a new feature that allows developers to fine tune Lambda invocation for cost optimization. This feature gives you additional control on batching behavior when processing data from Amazon MSK, Apache Kafka, Amazon MQ for Apache Active MQ and RabbitMQ as event sources.

 

Amazon FSx for NetApp ONTAP now provides metrics in Amazon CloudWatch, enabling you to monitor and alarm on performance and storage usage metrics for your file systems and volumes.

FSx for ONTAP is a storage service that provides the familiar features, performance, capabilities, and APIs of NetApp file systems with the agility, scalability, and simplicity of a fully managed AWS service. Starting today, you can monitor your file systems and volumes without any additional configuration in the Amazon FSx and Amazon CloudWatch consoles.

 

AWS Panorama is now available in the Asia Pacific (Sydney), and Asia Pacific (Singapore) Regions. 

AWS Panorama is a machine learning (ML) appliance and software development kit (SDK) that brings computer vision (CV) to on-premises internet protocol (IP) cameras. With AWS Panorama, companies can use compute power at the edge (without streaming video to the cloud) to improve their operations, by automating visual inspection tasks like evaluating manufacturing quality, finding bottlenecks in industrial processes, and assessing worker safety within their facilities.

 
This week, Amazon Location Service added matrix routing, making it easier for customers to quickly calculate driving time and driving distance between multiple origins and destinations. With matrix routing, developers can use a single API request to reduce the latency associated with multiple routing calculations, allowing them to simplify their code, and improve the experience of their customers.
For example, an application that plans delivery routes can now use Amazon Location’s matrix routing capabilities to request the driving time and distance for all deliveries for a given period. They can reduce the number of requests and latency by making one request of up to 350 origins by 350 destination to retrieve 122,500 drive times and distances.

 

This week, AWS Trusted Advisor added 111 checks automatically ingested from AWS Security Hub's Foundational Security Best Practices. You can find the full list of Security Hub checks here.

Trusted Advisor provides recommendations that help you follow AWS best practices. Trusted Advisor uses checks to evaluate your account, which identify ways to optimize your AWS infrastructure, improve security and performance, reduce costs, and monitor service quotas. With this launch, not only can you view a more in-depth assessment of your security posture without leaving Trusted Advisor, but your AWS Technical Account Managers have more context to quickly assist you in improving your security posture. 

 
Amazon Location Service now offers request-based pricing for all customer use cases, including those with asset-based applications. For instance, if a developer building a delivery application needs to find the positions (latitude/longitude) associated with delivery addresses, they can pay per address searched.
With Amazon Location, there are no upfront fees, no required minimum commitments, and no long-term contracts. Now it’s even easier for developers to add location awareness to their asset-based applications.

 
Now you can easily and automatically setup monitoring, alarms and dashboards for your Microsoft Active Directory and Microsoft SharePoint setups running on AWS with CloudWatch Application Insights.
CloudWatch Application Insights is a service that helps customers monitor and troubleshoot their enterprise applications running on AWS resources.
The new feature adds automatic discovery of Active Directory and SharePoint workloads, determines their underlying EC2 resources and sets up the metrics, telemetry and logs for monitoring their health and wellness.

 
With Amazon Interactive Video Service (Amazon IVS) you can now configure how often thumbnails are generated for your live stream. Amazon IVS generates thumbnail images every 60 seconds for standard live channels by default.
With this feature you can generate thumbnails more frequently, up to 12 images every 60 seconds (one every 5 seconds) or you can disable thumbnail generation.
More frequent images gives your users a more current view of what is happening in a live stream when they are browsing an app or website that uses thumbnails for preview images.

 
New minor versions of Microsoft SQL Server are now available on Amazon RDS for SQL Server, offering performance and security fixes. Amazon RDS for SQL Server supports the new minor versions for Microsoft SQL Server 2019 and 2017 on the Express, Web, Standard, and Enterprise Editions.

 
EMR Studio is an integrated development environment (IDE) that makes it easy for data scientists and data engineers to develop, visualize, and debug big data and analytics applications written in R, Python, Scala, and PySpark. This week, AWS were excited to announce that EMR Studio is now available in US West (N. California) region.

 
AWS Systems Manager now enables you to send notifications or take actions in third-party tools and applications using outbound webhooks. Outbound webhooks offer a simplified way to integrate with many of the tools you use, such as Slack.
Now you can invoke an outbound webhook as a step in your Automation runbook to easily integrate with the existing collaboration, monitoring, and incident response tools in your organization.

 
AWS Storage Gateway now makes it simpler and faster for you to get started with setting up and managing your hybrid cloud storage workflow. Using the Storage Gateway management console, you can now quickly create a new gateway in four easy steps: First, complete your local gateway setup. Second, connect your gateway to AWS. Third, activate your gateway. Fourth, finalize your gateway configuration.

 

This week, AWS announced the availability of four new AWS Wavelength Zones on Verizon’s 5G Ultra Wideband network in Charlotte, Detroit, Los Angeles, and Minneapolis. Wavelength Zones are now available in 17 major cities in the US, including the previously announced cities of Atlanta, Boston, Chicago, Dallas, Denver, Houston, Las Vegas, Miami, New York City, Phoenix, San Francisco, Seattle, and Washington DC.

AWS Wavelength and Verizon 5G Edge bring the power of the world’s leading cloud closer to mobile and connected devices at the edge of the Verizon 5G Ultra Wideband network. Wavelength embeds AWS compute and storage services at the edge of communications service providers’ 5G networks while providing seamless access to cloud services running in an AWS Region. By doing so, AWS Wavelength minimizes the latency and network hops required to connect from a 5G device to an application hosted on AWS.


 
AWS Elastic Disaster Recovery (AWS DRS) now supports automated, scalable failback to vCenter servers. The new DRS Mass Failback Automation client (DRSFA client) offers additional flexibility and speed for large-scale failback.
It allows you to fail back multiple vCenter servers to your primary vCenter environment at the same time. Using the DRSFA client, you can fail back all of your Recovery instances or a subset of Recovery instances.

 

Amazon MQ now provides support for RabbitMQ version 3.8.26. This patch update to RabbitMQ contains several fixes and enhancements compared to the previously supported version, RabbitMQ 3.8.23.

Amazon MQ is a managed message broker service for Apache ActiveMQ and RabbitMQ that makes it easier to set up and operate message brokers on AWS. Amazon MQ reduces your operational responsibilities by managing the provisioning, setup, and maintenance of message brokers for you. Because Amazon MQ connects to your current applications with industry-standard APIs and protocols, you can more easily migrate to AWS without having to rewrite code.

 
AWS Systems Manager Automation now allows you to execute runbooks from Slack to perform operational tasks, resolve issues, and take actions safely in your AWS environment using AWS Chatbot. You can now search for Automation runbooks, provide the necessary inputs, and execute the runbook directly from Slack channels. You can also track the progress and status of the runbook execution in Slack.

 
On January 18th, Amazon announced quarterly security and critical updates for Amazon Corretto Long-Term Supported (LTS) versions. Corretto 11.0.14 and 8.322 are now available for download. Amazon Corretto 17 updates will be available shortly after the release is tagged in the OpenJDK 17 repository. Amazon Corretto is a no-cost, multi-platform, production-ready distribution of OpenJDK.

 
Amazon DynamoDB supports PartiQL - a SQL-compatible query language that lets you query, insert, update, and delete table data in DynamoDB.
Now DynamoDB PartiQL APIs support ReturnConsumedCapacity, an optional parameter that returns the total read and write capacity consumed, along with statistics for the table and any indexes involved in an operation, to help you optimize your queries and throughput costs.

 

Amazon Nimble Studio today supports the ability for administrators to validate their launch profile configurations directly from the console, which can help them enhance the artist’s experience when provisioning a workstation.

Nimble Studio customers can utilize launch profiles to define access to AWS resources and thereby allow artists to connect to managed workstations. As the needs of studios change, administrators may update their AWS resources such as their VPC, storage systems, license servers, and their corresponding launch profiles which can inadvertently result in instance launch failures that prevent artists accessing a workstation. Starting today, administrators can validate launch profile configuration changes on the same workstations an artist uses for tasks directly from the Nimble Studio console, and can see launch profiles marked as “Ready” or “Impaired” based on validation results. The new launch profile validation feature is designed to help administrators reduce failed launches of virtual workstations, thereby reducing the negative impact on artists. 

Getting_Started_gcp_logo 
Google Cloud Releases and Updates
Source: cloud.google.com

 

Anthos Service Mesh 

Version 1.12 is now available for managed Anthos Service Mesh and is rolling out into the Rapid Release Channel.

Version 1.11 has been promoted to the Regular Release Channel, and version 1.10 has been promoted to the Stable Release Channel.

See Select a managed Anthos Service Mesh release channel for more information.

Managed Anthos Service Mesh now supports GKE Autopilot in the Regular and Rapid channels. For more information, see Configure managed Anthos Service Mesh.

Managed Anthos Service Mesh control plane now displays its provisioning status in the ControlPlaneRevision API. For more information, see Verify the control plane has been provisioned.

Managed Anthos Service Mesh now supports deploying a proxy built on the distroless base image. Note that distroless proxy images do not work with managed data plane.

The distroless base image ensures that the proxy image contains the minimal number of packages required to run the proxy. This improves security posture by reducing the overall attack surface of the image and gets cleaner results with CVE scanners. See Distroless proxy image for more information.

 

App Engine standard environment Java

 

Updated Java SDK to version 1.9.94.

App Engine standard environment Python

Users of the App Engine Bundled Services for Python 3 can now access BlobstoreDeferred, and Mail handlers in preview, through language-idiomatic libraries.

Cloud Deploy

Google Cloud Deploy now automatically applies provenance labels to deployed resources.

 

Cloud Load Balancing

The default behavior for HTTP/3 and Google QUIC is changing for global external HTTP(S) load balancers. The default setting of quicOverride=NONE will now advertise support for HTTP/3 to your clients. This change is currently rolling out globally.

If you don't want this behavior to change, you can disable HTTP/3 by setting quicOverride to DISABLE. For instructions, see Configuring HTTP/3.

Compute Engine

Learn about the differences between multi-tenancy and sole-tenancy by reading the new About VM tenancy document.

Generally available: You can now use the SSH troubleshooting tool to help you determine the cause of failed SSH connections.

Generally Available: Configure commitments to renew automatically. For more information, see Renew commitments automatically.

Dataproc

Announcing the General Availability (GA) release of Dataproc Serverless for Spark, which allows you to run your Spark jobs on Dataproc without having to spin up and manage your own cluster.

Added support for Dataproc Metastore's beta NetworkConfig field. Beta services using this field can now be used in conjunction with v1 Dataproc clusters.

Dataproc extracts the warehouse directory from the Dataproc Metastore service for the cluster-local warehouse directory.

New sub-minor versions of Dataproc images:

1.4.79-debian10 and 1.4.79-ubuntu18

1.5.55-debian10, 1.5.55-ubuntu18, and 1.5.55-centos8

2.0.29-debian10, 2.0.29-ubuntu18, and 2.0.29-centos8

Migrated to Eclipse Temurin JDK in image versions 1.4, 1.5, and 2.0.

Upgraded Log4j version to 2.17.1 in image versions 1.4, 1.5, and 2.0.

The Cloud Storage connector jar is installed on the Solr server (even if dataproc:solr.gcs.path property is not set). Applies to image versions 1.4, 1.5, and 2.0.

Dialogflow

Dialogflow CX now provides an IDENTITY system function, which is useful to copy a composite parameter object in a parameter preset field.

The Dialogflow CX QueryResult.match.event field previously only populated custom events. It is now also populated with no-match and no-input built-in events.

GKE

VPC-scoped DNS for GKE using Cloud DNS is now generally available for GKE versions 1.21 and later. This allows for seamless VPC-wide DNS resolution of GKE Services. Note that cluster-scoped DNS using Cloud DNS is still in public preview.

A new kubernetes metric, Network policy event count (kubernetes.io/pod/network/policy_event_count), is available (beta) for GKE Dataplane V2 clusters in GKE versions 1.22.3-gke.700 and later.

This metric can be viewed in the Metrics Explorer in Cloud Monitoring for resource type, Kubernetes Pod.

This metric provides visibility into network policy events and shows the Change in the number of network policy events seen in the dataplane, each event has the following metric labels:

    • verdict: Policy verdict, possible values: [allow, deny].
    • workload_kind: Kind of the workload, policy-enforced-pod belongs to, for example, "Deployment", "Replicaset", "StatefulSet", "DaemonSet", "Job", or "CronJob".
    • workload_name: Name of the workload, policy-enforced-pod belongs to.
    • direction: Direction of the traffic from the point of view of policy-enforced-pod, possible values: [ingress, egress].

In addition to these metric labels, customers can also see usual resource labels for resource type, Kubernetes Pod: project_id, location, cluster_name, namespace_name, and pod_name.

This metric can be used for setting up automated alerts for specific behaviors (denials higher than a threshold), identifying security issues, gaining better understanding of traffic flow, and troubleshooting.

Now available in Preview: Use a compact placement policy to specify that nodes within the node pool should be placed in closer physical proximity to each other within a zone. Having nodes closer to each other can reduce network latency between nodes, which can be useful for tightly-coupled batch workloads.
 

Network Intelligence Center

 

Overly permissive rule insights are now generally available. For information about these insights, see the Firewall Insights overview.

VPC Service Controls

Preview support for the following integration:

Workflows

Workflows is now certified as SOC 1 compliant.

 


Getting_Started_Azure_Logo

Microsoft Azure Releases And Updates
Source: azure.microsoft.com
 

Public Preview: Managed Certificate support for Azure API ManagemenT

Secure your custom domains with a free certificate provisioned, managed, and automatically renewed by Azure API Management.

General availability: Azure DevOps updates

You can now see multiple improvements to the Copy Dashboard preview and try out a new feature which automatically retry a task in a pipeline when it fails.

Generally available: Azure Monitor log alerts new version

Scheduled Query Rules API version 2021-08-01 is now available and fully supported, replacing API version 2021-02-01-preview.

Public preview: Support for managed identity in Azure Cache for Redis

Connect Azure Cache for Redis to storage accounts via managed identity.

Scheduled Query Rules API preview version 2021-02-01 will be retired on 31 January 2022

TARGET RETIREMENT DATE: JANUARY 31, 2022

Transition to Scheduled Query Rules API version 2021-08-01 before 31 January 2022.

Azure SQL—General availability updates for late January 2022

General Availability enhancements and updates released for Azure SQL

Azure Machine Learning Announcements – January 2022 General Availability Announcement

 

New features now available in General Availability include add multiple private endpoints for workspaces, and support for storage account IP firewall.

Public preview: Create multiple data export rules to the same event hub namespace

When exporting data to event hub, you now have the flexibility to create multiple rules and event hub names to the same event hub namespace. This feature is in preview.

General availability: One-minute frequency log alerts

With 1-minute frequency log alerts, query can be evaluated every minute for faster time to fire.

Generally available: A new and improved alert rule creation experience

The ‘Create alert rule’ experience has been simplified and converted into a step wizard, which is now generally available.

General availability: Ultra disks support on AKS

Data intensive AKS workloads can now take advantage of Azure ultra disks.

General availability: FIPS enabled node pool in Azure Kubernetes

You can now create FIPS 140-2 enabled node pools in AKS

Generally available: Containerd support for Windows in AKS

You can now run Windows workloads on containerd in AKS

Generally available: Azure Kubernetes support for upgrade event

Azure Kubernetes (AKS) now supports several new upgrade events to help customers understand and view their upgrade status in the portal or via the CLI.

Public preview: Kubernetes version alias support in AKS

You no longer need to specify the exact Kubernetes patch version number in your setup.

Generally available: Azure Database for PostgreSQL – Hyperscale (Citus): New certifications

New compliance certifications are now available on Azure Database for PostgreSQL – Hyperscale (Citus), a managed service running the open-source Postgres database on Azure

General availability: Azure Database for PostgreSQL – Hyperscale (Citus) in new regions

Azure Database for PostgreSQL – Hyperscale (Citus) is now available in the Central India and East Asia regions to distribute your Postgres database across multiple machines using sharding.

Generally available: Azure IoT Edge tools for Visual Studio extension now supports Visual Studio 2022

Download and install the Azure IoT Edge tools for Visual Studio extension that includes latest features and .NET 6 support in Visual Studio 2022.

General availability: Azure Sphere OS version 22.01 expected on Jan 26

Participate in the retail evaluation now to ensure full compatibility. The OS evaluation period provides 14 days for backward compatibility testing. 



 
All_Hava_Diagrams
Have you tried Hava automated diagrams for AWS, Azure and GCP.  Get back your precious time and sanity and rid yourself of manual drag and drop diagram builders forever.
 
Hava automatically generates accurate fully interactive cloud infrastructure and security diagrams when connected to your AWS, Azure or GCP accounts. Once diagrams are created, they are kept up to date, hands free. 

When changes are detected, new diagrams are auto-generated and the superseded documentation is moved to a version history. Older diagrams are also interactive, so can be opened and individual resources inspected interactively, just like the live diagrams.
 
Check it out for free here:
Try Hava For Free Today!

Topics: aws azure gcp news
Team Hava

Written by Team Hava

The Hava content team

Featured