Hava Blog and Latest News

In Cloud Computing This Week [Feb 4th 2022]

Written by Team Hava | February 4, 2022

This week's roundup of all the cloud news.

 

Here's a cloud round up of all things GCP, Azure and AWS for the week ending Friday 4th February 2022

To stay in the loop, make sure you subscribe using the box on the right of this page.

Of course we'd love to keep in touch at the usual places. Come and say hello on:

Facebook.      Linkedin.     Twitter.

AWS Updates and Releases

Source: aws.amazon.com

 
Amazon Keyspaces is in scope for FedRAMP-Moderate compliance in the US East (N. Virginia), US East (Ohio), US West (Northern California), and US West (Oregon) AWS Regions.

 

Amazon FSx for OpenZFS now supports full-copy volumes to make it easier to clone and experiment with your data, enabling you to quickly capture the results of your cloning-based testing for long-term use.

Amazon FSx for OpenZFS provides fully managed file storage built on the popular OpenZFS file system, offering a rich set of ZFS-powered capabilities for working with data. It supports organizing your file system data into individual data containers called volumes, as well as creating point-in-time copies of these volumes called “clone volumes”. These clone volumes are instantly available and space-efficient — only storing the incremental changes to your source data — making it quick and easy to test new changes to your data and applications.


 
You can now build custom connectors for Amazon AppFlow using the Custom Connector Software Development Kit (SDK). With the SDK, you can connect to private APIs, on-premise proprietary systems, and other cloud services by adding to AppFlow's library of connectors. It is open source and available for both Java and Python.

 

Amazon RDS for MariaDB now supports MariaDB version 10.6. This release introduces multiple MariaDB features to enhance the performance, scalability, reliability and manageability of your workloads, including:

  • MyRocks storage engine: You can use the MyRocks storage engine with RDS for MariaDB to optimize storage consumption of your write-intensive, high-performance web applications.
  • IAM integration: You can now configure AWS’s Identity and Access Management (IAM) with your Amazon RDS for MariaDB instances to simplify access management of your AWS resources. With IAM, you can manage user access to all AWS resources from a single location and avoid issues caused by out-of-sync permissions on different AWS resources.
  • Flexible Upgrades: You can upgrade to RDS for MariaDB 10.6 from any prior MariaDB major release (10.2, 10.3, 10.4, 10.5) in a single step. You can also take a snapshot of an existing MySQL 5.6 or 5.7 instance and use the RDS snapshot restore feature to convert it into a MariaDB 10.6 instance.
  • Delayed replication: You can now set a configurable time period for which a read replica lags behind the source database, as a disaster recovery strategy. In a standard MariaDB replication configuration, there is minimal replication delay between the source and the replica.
  • Oracle PL/SQL compatibility: With an increased set of PL/SQL compatibility functions (e.g. ROWNUM(), TO_CHAR(), ADD_MONTHS()), you can migrate your legacy Oracle stored procedures as-is to RDS for MariaDB 10.6.
  • Atomic DDL: Your DDL statements will now be crash-safe with RDS for MariaDB 10.6. CREATE TABLE, ALTER TABLE, RENAME TABLE, DROP TABLE, DROP DATABASE and related DDL statements are now atomic. Previously a crash during a DDL operation could lead to undetermined results and introduce errors during replication. With atomic DDL, either a DDL operation is either fully done or not done at all. Therefore, recovery from crashes during DDL operations are deterministic and binlog remains consistent across any server crashes.
  • Other enhancements: JSON_TABLE function for transforming JSON data to relational format within SQL, faster empty table data load with Innodb, new sys_schema for analysis & troubleshooting, optimizer enhancement for ignoring unused indexes and performance improvements.

 
You can now use AWS PrivateLink to privately access Amazon MemoryDB for Redis from your Amazon Virtual Private Cloud (Amazon VPC). AWS PrivateLink provides private connectivity between VPCs, AWS services, and on-premises networks, without exposing traffic to the public internet and securing your network traffic. The Amazon MemoryDB for Redis API supports AWS PrivateLink in all regions where Amazon MemoryDB for Redis is available

 
You can now use Recycle Bin for Amazon Machine Images (AMIs) to recover from accidental deletions to meet your business continuity needs. Previously, you could not recover AMIs if you accidentally deregistered them.
With Recycle Bin, you can specify a retention time period and recover a deregistered AMI if needed, before the expiration of the retention period. A recovered AMI would retain its attributes such as tags, permissions, and encryption status, which it had prior to deletion, and can be used immediately for launches.

 
Amazon Connect is now available in the Africa (Cape Town) AWS Region, increasing the number of AWS Regions where Amazon Connect is available to eleven. You can now claim South African toll-free and local telephone numbers.

 
Amazon SageMaker Data Wrangler reduces the time it takes to aggregate and prepare data for machine learning (ML) from weeks to minutes. With SageMaker Data Wrangler, you can simplify the process of data preparation and feature engineering, and complete each step of the data preparation workflow, including data selection, cleansing, exploration, and visualization from a single visual interface. With SageMaker Data Wrangler’s data selection tool, you can quickly select data from multiple data sources, such as Amazon S3, Amazon Athena, Amazon Redshift, AWS Lake Formation, Amazon SageMaker Feature Store, and Snowflake.

 
Amazon Comprehend now supports model copy functionality which allows customers to copy Comprehend custom classification or custom entity recognition models from a source AWS account to a designated target AWS account in the same AWS region.

 
Amazon Simple Queue Service (SQS) announces support of dead-letter queue (DLQ) redrive to source queue in both AWS GovCloud (US) Regions, giving you better control over the life cycle of unconsumed messages. Dead-letter queues are an existing feature of Amazon SQS that allows customers to store messages that applications could not successfully consume.

 
AWS Secrets Manager now supports the ability to schedule secret rotations within specific time windows. With this feature, you can limit secret rotations to specific hours on specific days.

 
Amazon Redshift now simplifies the use of other services such as Amazon S3, Amazon SageMaker, AWS Lambda, Amazon Aurora, and AWS Glue by allowing customers to create an IAM role from the Redshift console and assigning it as the default IAM role while creating an Amazon Redshift cluster. 

 
AWS Solutions has updated the Maintaining Personalized Experiences with Machine Learning solution, which is an AWS Solutions Implementation that provides end-to-end automation and scheduling for your Amazon Personalize resources. This solution keeps your item and user data current and manages re-training for your models to ensure that recommendations are kept up-to-date with recent user activity and to retain their relevance for your users.

 
You can now configure AWS IoT device-specific logging using devices’ client ID, source IP, or principal ID. Until now, customers were able to configure logging at account level and for a specific thing group.
Starting this week, AWS IoT now also supports setting fine-grained logging level using client ID, source IP, and principal ID. This enhancement makes it easy for customers to diagnose device specific issues without having to register devices as a thing or define additional thing groups. Customers can now target very specific resources for more detailed logging.

 
Amazon FSx for Windows File Server is now authorized as FedRAMP Moderate in US East (N. Virginia), US East (Ohio), US West (N. California), US West (Oregon) and as FedRAMP High in AWS GovCloud (US-West) and AWS GovCloud (US-East). Amazon FSx for Windows File Server is also approved as Department of Defense Cloud Computing Security Requirements Guide Impact Level 2 (DoD SRG IL-2) in these regions.

 
Amazon FSx for Lustre is now authorized as FedRAMP Moderate in US East (N. Virginia), US East (Ohio), US West (N. California), US West (Oregon) and as FedRAMP High in AWS GovCloud (US-West) and AWS GovCloud (US-East). Amazon FSx for Lustre is also approved as Department of Defense Cloud Computing Security Requirements Guide Impact Level 2 (DoD SRG IL-2) in these regions.

 
Amazon Lex is a service for building conversational interfaces into any application using voice and text. We are excited to announce multiple transcripts and confidence scores support for speech input. The transcripts provide alternate interpretations of the user's speech input. Each transcript is associated with a confidence score that indicates the likelihood of a match. The transcripts along with the confidence scores can be used to enhance the conversation design.

 

AWS Step Functions Local, a runtime for debugging and testing state machine based workflows locally, is now designed to support mocking for service integrations, allowing you to run state machines without the need to call downstream services.

AWS Step Functions is a visual workflow service capable of orchestrating over 9,000 API actions from over 200 AWS services. Step Functions Local is a downloadable version of Step Functions that is designed to enable you to run, debug, and test state machines without leaving your development environment. Now, with Step Functions Local, you can mock the responses from your service integrations, helping save time and lower development efforts when building state machines.


 
Amazon SageMaker JumpStart, a capability of Amazon SageMaker that accelerates your machine learning workflows with one-click access to popular model collections from TensorFlow Hub, PyTorch Hub and Hugging Face (also known as “model zoos”), and to 16 end-to-end solutions that solve common business problems such demand forecasting, fraud detection and document understanding.

 
Amazon OpenSearch Service (successor to Amazon Elasticsearch Service) now offers improved visibility into the progress of blue/green deployments to your Amazon OpenSearch Service domains. This includes visibility into the completion of different steps within an update, such as creation and deletion of instances, and the progress of shard migration.

 
Amazon Managed Streaming for Apache Kafka (Amazon MSK) now offers an option to provision storage throughput for Amazon MSK, enabling customers with high throughput workloads to seamlessly scale I/O without having to provision additional brokers. By provisioning up to 1000 MiB/s of throughput to Amazon MSK storage volumes, you can scale I/O requirements past 250 MiB/s without having to provision additional brokers. When configured, you pay a low rate for the amount of storage throughput provisioned in the clusters.

 
AWS Lambda has launched improved auto scaling for Amazon MSK and self-managed Kafka as event sources to improve performance and help lower costs for customers. Lambda starts with one consumer and checks the OffsetLag metric (measure of backlog at source) every minute and scales up or down every 3 minutes. Lambda allows up to one consumer per partition per topic for a Kafka cluster. Previously, Lambda used to start connection with Kafka clusters at 50% of maximum number of consumers, check for OffsetLag, and scale up consumers every 15 minutes.

 
Amazon Connect now allows you to configure your chat duration from 1 hour to 7 days. This enables you to define how long your customers have to resume a chat interaction before it expires. To configure the duration of chats in Amazon Connect, simply add an optional, new parameter when calling the StartChatContact API to create a new chat contact.




 
Google Cloud Releases and Updates
Source: cloud.google.com

  

BigQuery

The BigQuery migration assessment is now available in Preview. Use this feature to assess the complexity of migrating from your current data warehouse to BigQuery.

The WITH RECURSIVE feature has been added to Google Standard SQL for BigQuery and is now in Preview. This feature allows a query in a WITH clause to refer to either itself or to queries defined later in the WITH clause.

BigQuery now supports materialized views without aggregation and materialized views with inner join. This feature is generally available (GA).

Cloud Debugger

Cloud Debugger now has Preview support for VPC Service Controls.

Cloud Key Management Service

You can now use Cloud EKM with a Virtual Private Network (preview). This means you can access your external key manager with a private endpoint.

See Using Cloud EKM with VPC to learn more.

Cloud Monitoring

You can now save a copy of a chart on a predefined dashboard to one of your custom dashboards by selecting Add to Custom Dashboard from the More Options menu on the chart. When you select a custom dashboard, you also have the option of renaming the copied chart.

You can now view SLOs on a custom dashboard. For more information, see Display SLOs on a dashboard.

Cloud SQL for MySQL

The Key Access Justifications (KAJ) feature is now generally available in Cloud SQL. You can use KAJ as part of Cloud External Key Manager (EKM). KAJ enables you to view the reason for each Cloud EKM request. Additionally, based on the justification provided, you can automatically approve or deny a request. For related information, see the Overview.

Cloud SQL for PostgreSQL

Query Insights lets you configure the query sampling rate. For information, see Using Query Insights to improve query performance.

The Key Access Justifications (KAJ) feature is now generally available in Cloud SQL. You can use KAJ as part of Cloud External Key Manager (EKM). KAJ enables you to view the reason for each Cloud EKM request. Additionally, based on the justification provided, you can automatically approve or deny a request. For related information, see the Overview.

Cloud SQL for SQL Server

The Key Access Justifications (KAJ) feature is now generally available in Cloud SQL. You can use KAJ as part of Cloud External Key Manager (EKM). KAJ enables you to view the reason for each Cloud EKM request. Additionally, based on the justification provided, you can automatically approve or deny a request. For related information, see the Overview.

CloudTPU

Cloud TPU now supports Tensorflow 2.8.0. For more information, see TensorFlow 2.8.0 Release Notes.

Compute Engine

Rate limits for all Compute Engine requests have the following changes:

    • All per-user rate limits are removed.
    • Rate limits are now enforced in 1-minute (60-second) intervals instead of 100-second intervals.
    • Due to this change, you might receive more 403 rateLimitExceeded errors when bursting.
      • Although per-second rate limits increased slightly, the enforcement intervals are now shorter, so the maximum number of requests per enforcement interval is slightly reduced overall. For example, the default Queries group's rate limit is changing from 20 requests per second with a maximum of 2000 requests per 100 seconds to 25 requests per second with a maximum of 1500 requests per 60 seconds.

Additionally, rate limits are now documented for the following groups:

    • Instance list referrer requests
    • Instance get serial port output requests

As of February 1, 2022, all CentOS 8 images are deprecated. CentOS 8 reached EOL on December 31, 2021. If you use CentOS 8 images in your project, review CentOS 8 end of life.

Config Connector

Config Connector version 1.72.1 is now available.

Dataproc

Dataproc Serverless for Spark now uses runtime version 1.0.2, which updates Spark to 3.2.1 version.

Deep Learning Containers

M89 release

  

Google Cloud Deploy

Google Cloud Deploy is now available in the following regions:

    • northamerica-east1 (Montréal)
    • asia-northeast1 (Tokyo)

GKE

    • Version 1.22.3-gke.1500 is now available in the Regular channel.
    • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.19 to 1.20.12-gke.1500 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.20 to 1.21.6-gke.1500 with this release.
    • Version 1.22.4-gke.1501 is now the default version in the Rapid channel.
    • Version 1.21.9-gke.300 is now available in the Rapid channel.
    • Version 1.22.6-gke.300 is now available in the Rapid channel.
    • Version 1.23.2-gke.300 is now available in the Rapid channel.
    • Version 1.21.5-gke.1802 is no longer available in the Rapid channel.
    • Version 1.23.1-gke.500 is no longer available in the Rapid channel.
    • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.20 to 1.21.6-gke.1500 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.21 to 1.21.6-gke.1500 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.22 to 1.22.4-gke.1501 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.23 to 1.23.2-gke.300 with this release.

In GKE, you can now filter Pub/Sub cluster notifications by notification type. For more information, see Receive cluster notifications.

When creating a maintenance exclusion window, you can restrict the exclusion to specify types of maintenance. For example, during a specific time period you can exclude minor upgrades from occurring on your cluster. For more information, see Maintenance exclusions documentation.

 Pub/Sub Lite

Pub/Sub Lite now supports regional Lite topics that replicate data to a secondary zone.

Secret Manager

Secret manager now supports data checksums when adding or accessing a secret version.

Security Command Center

Event Threat Detection, a built-in service of Security Command Center, launched the Exfiltration: BigQuery Data to Google Drive rule to Preview. This rule detects events where the protected organization's BigQuery data is saved, through extraction operations, to a Google Drive folder. For more information, see Event Threat Detection rules.

Virtual Machine Threat Detection, a built-in service of Security Command Center Premium, is in Preview. During the Preview, VM Threat Detection detects cryptocurrency mining software, which is among the most common types of software installed in compromised cloud environments.

For more information, see Virtual Machine Threat Detection conceptual overview.

Web Security Scanner, a built-in service of Security Command Center, released the CACHEABLE_PASSWORD_INPUT and SESSION_ID_LEAK finding types.

For more information, see Web Security Scanner findings.

Web Security Scanner, a built-in service of Security Command Center, provides detectors for the OWASP Top 10 2017 and OWASP Top 10 2021. For more information, see Detectors and Compliance.

VPC Service Controls

General availability for the following integrations:

 

 




Microsoft Azure Releases And Updates
Source: azure.microsoft.com
 

 

Public preview: Microsoft Azure Communication Services Telephony capabilities in Denmark and UK

 

Customers in Denmark and the UK can now purchase Toll-Free and Geographic phone numbers.

 

General Availability: IoT Edge monitoring with Azure Monitor

 

Use the latest IoT Edge Metrics collector module to send metrics to Azure Monitor and leverage updated visualizations to monitor and troubleshoot your IoT Edge devices.

 

General Availability: The Azure Sphere OS 22.01 release is cancelled

The next release of Azure Sphere will be version 22.02.

 

General availability: Azure Database for PostgreSQL – Hyperscale (Citus): Private access support

 
 

Private access is now generally available for Hyperscale (Citus) on Azure Database for PostgreSQL, a managed service running the open-source Postgres database on Azure.

 

Public preview: Anomaly Detector adds synchronous multivariate detection and improved anomaly interpretation

 

Start using Anomaly Detector’s multivariate detection synchronously for quicker response, easier operations, and more informative result interpretation to help you analyze root causes.

 

General availability: Azure Database for PostgreSQL – Hyperscale (Citus) new certifications

 

New compliance certifications are now available on Azure Database for PostgreSQL – Hyperscale (Citus), a managed service running the open-source Postgres database on Azure.

General availability: Azure Database for PostgreSQL - Hyperscale (Citus) supports PostgreSQL minor versions

 

Use PostgreSQL 11.14, 12.9, 13.5, and 14.1 minor versions with Hyperscale (Citus) for Azure Database for PostgreSQL, a managed service running the open source Postgres database on Azure.

General availability: Enhanced storage configuration with tempdb

Manage your SQL Server on Azure Virtual Machine storage configuration with tempdb directly from the SQL virtual machine blade in the Azure portal.

General availability: Deployment enhancements for SQL Server on Azure Virtual Machines

 

Deploy SQL Server on Azure Virtual Machines with a setup-like experience where configuration of the instance is done during deployment of the Azure Marketplace image.

 

General availability: Automated backup enhancements for SQL Server on Azure Virtual Machines

 

The Automated backup feature on SQL Server for Azure Virtual Machines blade comes with the ability for increased retention and better manageability with your choice of storage container per instance.

General availability: Azure SQL updates for early February 2022

 

Generally available enhancements and updates released for Azure SQL.

Public preview: Azure SQL updates for early February 2022

 

Public preview enhancements and updates released for Azure SQL.

General availability: Azure Cache for Redis active geo-replication in enterprise tiers

Link cached data across regions for multi-primary writes and higher availability with active geo-replication in enterprise tiers for Azure Cache for Redis.

Public preview: Custom virtual network support in Azure Container Apps

Start deploying Azure Container Apps into your own Azure virtual netowrks.

Generally available: PowerShell on Linux OS in Azure Functions

Azure Functions now supports PowerShell on Linux.

 

Generally available: Azure Monitor diagnostic settings for Azure Storage

 

Azure Monitor diagnostic settings now supports Azure Storage logs in log analytics workspaces, Azure Event Hubs, Azure Storage, and select Marketplace partners.

 

Public preview: Azure IoT Edge for Linux on Windows (EFLOW) update

 

The update brings enhancements to IoT Edge 1.2, Microsoft Defender for IoT, and chipset support.

Generally available: Improved Syslog RFC compliance using the new Azure Monitor agent

 

Azure Monitor agent now supports additional syslog RFC formats collected from various networking devices.

 

Generally available: Azure Monitor agent extension support for automatic upgrade extension feature

Enable the ‘automatic extension upgrade’ feature on the Azure Monitor agent extension to automatically get new extension versions rolled out to your virtual machines and scale sets in Azure.

Public preview: Test action groups in Azure Monitor

Start testing your alert notification settings using the new test action groups functionality in Azure Monitor.

Public preview: Execute Azure Monitor Logs connector on an exact time range

Investigate alert incidences with Azure Monitor Logs connector scoped to an exact time range of alert.

 

Generally available: Azure PostgreSQL backup with long term retention

Azure Backup and Azure Database Services bring to you a new backup solution for your PostgreSQL servers that retains backups for up to 10 years.

Generally available: Azure Monitor Diagnostic settings for Azure Storage

With the general availability of Azure Monitor Diagnostic settings for Azure Storage, review the pricing model for Diagnostic settings for Azure Storage logs.

Public Preview: Microsoft Azure Payment HSM Service

Azure Payment HSM Service is now in public preview to accelerate the digital transformation of payment ecosystem in Azure


 

Have you tried Hava automated diagrams for AWS, Azure and GCP.  Get back your precious time and sanity and rid yourself of manual drag and drop diagram builders forever.
 
Hava automatically generates accurate fully interactive cloud infrastructure and security diagrams when connected to your AWS, Azure or GCP accounts. Once diagrams are created, they are kept up to date, hands free. 

When changes are detected, new diagrams are auto-generated and the superseded documentation is moved to a version history. Older diagrams are also interactive, so can be opened and individual resources inspected interactively, just like the live diagrams.
 
Check it out for free here: