This week's roundup of all the cloud news.
Here's a round up of all things GCP, Azure and AWS for the week ending Friday 16th April 2021.
Here at Hava our dev teams have been busy continuing to refine our self-hosted deployment and adding more security options around the sign on and team management process. The design team have been working on some new branding (see our social media channels for a sneak preview) and there has been some major work underway on additional support of resources across all three platforms currently supported by Hava.
To stay in the loop, make sure you subscribe on the right - There's a new Newsletter series starting soon that will keep you up to date with all our new releases, enhancements and capabilities and will also showcase lesser known but powerful features that you may not be aware of.
Of course we'd love to keep in touch at the usual places. Come and say hello on:
AWS Updates and Releases
Starting this week, AWS Transit Gateway Connect is now available in the Europe (Milan), Asia Pacific (Hong Kong), Africa (Cape Town), and Middle East (Bahrain) Regions.
AWS are excited to announce the launch of Machine Learning Essentials for Business and Technical Decision Makers, a series of three free digital courses. These on-demand courses are designed to help business and technical decision makers without Machine Learning (ML) experience understand ML basics and develop the skills to plan an ML strategy for their organization.
AWS Security Hub Automated Response & Remediation Solution adds support for AWS Foundational Security Best Practices standard
AWS Security Hub Automated Response & Remediation solution supports 11 new AWS Foundational Security Best Practices controls
AMAZON MACIE ADDS CLOUDWATCH LOGGING FOR JOB STATUS AND HEALTH MONITORING OF SENSITIVE DATA DISCOVERY JOBS
Amazon Macie now publishes job status and health logs to CloudWatch, providing you with continuous visibility into operations of your sensitive data discovery jobs to quickly identify, investigate, and address errors.
Now reference latest AWS Systems Manager parameter values in AWS CloudFormation templates without specifying parameter versions
AWS CloudFormation enhances the existing dynamic referencing of AWS Systems Manager Parameter Store parameters in CloudFormation templates. You can now reference the latest Systems Manager parameter values in CloudFormation templates without specifying parameter versions. If you choose not to specify the parameter versions in the template, CloudFormation will automatically fetch the latest parameter values from Parameter Store.
Amazon EventBridge now supports cross-Region event bus as a target, allowing customers to aggregate events in a central Region. Customers can now have all their event information in one place. This makes it easier for developers to find those events and write code that reacts to them, manage permissions for access to sensitive events, and generate insights that stem from events generated across the entire organization. Customers can also reduce operational burden by removing the need to manage duplicate infrastructure in multiple Regions.
Amazon Elasticsearch Service now supports integrating with Microsoft Power BI , a business analytics service that delivers insights to enable fast, informed decisions. Powered by the Open Distro for Elasticsearch ODBC Driver you can now integrate your Microsoft Power BI environment with you Amazon Elasticsearch Service domains using the Open Distro for Elasticsearch SQL Engine.
Amazon RDS for PostgreSQL adds support for the pg_bigm extension for faster full text search of languages that require multi-byte character sets such as Japanese, Chinese, and Korean.
AWS Data Exchange now gives customers an easy way to set up export jobs upon subscribing to products. Instead of navigating to separate screens, subscribers can use the AWS Data Exchange console to configure export jobs that will begin automatically after their subscription is completed. This functionality reduces friction and time to value for customers. For subscribers just getting started on AWS Data Exchange, setting up data exports to Amazon S3 is a critical first step towards downstream analysis in a variety of AWS services.
AWS Network Firewall is now available in Asia Pacific (Mumbai), Asia Pacific (Singapore), and EU (London)
Starting today, AWS Network Firewall is now available in Asia Pacific (Mumbai), Asia Pacific (Singapore), and EU (London) regions
Amazon Connect now allows agents to select which speaker, microphone, and ringer device to use in the Contact Control Panel (CCP). For example, agents can change the ringer device from their headset to their speaker if they need to step away from their desk. Then, when a call comes in, the agent will hear the ring from speakers even if they are away from their computer.
AWS Storage Gateway has achieved Federal Risk and Authorization Management Program (FedRAMP) Moderate authorization, approved by the FedRAMP Joint Authorization Board (JAB), for the AWS US East (N. Virginia), US East (Ohio), US West (N. California), US West (Oregon) Regions. You can use AWS Storage Gateway to store and manage your critical data in AWS with up to the Moderate impact level.
AQUA (Advanced Query Accelerator) for Amazon Redshift is generally available now. AQUA provides a new distributed and hardware accelerated cache that brings compute to the storage layer for Amazon Redshift and delivers up to 10x faster query performance than other enterprise cloud data warehouses.
AWS CloudShell is now available in the Asia Pacific (Mumbai), Asia Pacific (Sydney), and Europe (Frankfurt) regions
AWS CloudShell is now generally available in the Asia Pacific (Mumbai), Asia Pacific (Sydney), and Europe (Frankfurt) regions.
Starting today, AWS CodeArtifact is now available in the Europe (Paris), Europe (London), and Europe (Milan) Regions
AWS CodeCommit is now available in the Asia Pacific (Osaka) region. AWS CodeCommit is a secure, highly scalable, managed source control service that hosts private Git repositories. CodeCommit eliminates the need for you to manage your own source control system or worry about scaling its infrastructure. You can use CodeCommit to store anything from code to binaries. It supports the standard functionality of Git, so it works seamlessly with your existing Git-based tools.
Amazon RDS for PostgreSQL can now make calls to AWS Lambda functions. AWS Lambda lets you run code without provisioning or managing servers, and without worrying about scalability.
AWS CloudFormation Modules encapsulate one or more AWS resources and their respective properties for reuse across your organization. Modules make it simple to use the specific resources you need, while keeping resource configurations aligned with organizational best practices. You can now create YAML-formatted Modules in your CloudFormation templates. YAML-formatted Modules follow the same anatomy as existing JSON-formatted Modules. We have also added delimiter support for Modules
AWS Batch has increased a variety of performance characteristics, including job scheduling speed for EC2 Compute Environments, EC2 instance scaling reactivity, and most AWS Batch APIs.
AWS Identity and Access Management now makes it easier to relate a user's IAM role activity to their corporate identity
AWS Identity and Access Management (IAM) now provides the ability to easily identify the user responsible for an AWS action performed while assuming an IAM role. By setting the new source identity attribute , which gets logged in AWS CloudTrail for most actions, you can easily find out who is responsible for actions performed using IAM roles.
Amazon Redshift data sharing allows you to share live data across Redshift clusters for read purposes without the complexity and delays associated with data copies and data movement. Redshift already allows you to pause and resume your data sharing consumer clusters on-demand or based on schedule according to your workload demands. With this new capability, producer clusters can also be paused while still allowing data sharing with consumer clusters.
Amazon RDS for MySQL M6g and R6g instances now available in N. California, Canada, São Paulo, and London regions
Amazon Relational Database Service (RDS) for MySQL now supports AWS Graviton2-based (https://aws.amazon.com/ec2/graviton/) database instances in the additional regions of US West (N. California), Canada (Central), South America (São Paulo), and Europe (London). Graviton2 instances provide up to 35% performance improvement and up to 52% price/performance improvement over comparable current generation x86-based instances for RDS open source databases depending on database engine, version, and workload.
Amazon Kinesis Data Streams for Amazon DynamoDB now supports AWS CloudFormation, which means you can enable streaming to an Amazon Kinesis data stream on your DynamoDB tables with CloudFormation templates. By streaming your DynamoDB data changes to a Kinesis data stream, you can build advanced streaming applications with Amazon Kinesis services. For example, Amazon Kinesis Data Analytics reduces the complexity of building, managing, and integrating with Apache Flink, and provides built-in functions to filter, aggregate, and transform streaming data for advanced analytics. You also can use Amazon Kinesis Data Firehose to take advantage of managed streaming delivery of DynamoDB table data to other AWS services such as Amazon Elasticsearch Service, Amazon Redshift, and Amazon S3.
Amazon FSx and AWS Backup announce support for copying file system backups across AWS Regions and AWS accounts
Amazon FSx and AWS Backup now enable you to copy your Amazon FSx file system backups (both Amazon FSx for Windows File Server and Amazon FSx for Lustre) across AWS Regions, AWS accounts, or both. With cross-region backups, you can store a copy of your backup data in AWS Regions other than where your primary backups are stored, helping you meet business continuity, disaster recovery, and compliance requirements. In addition, cross-account backups enable you to copy backups into a secondary backup account to provide an additional layer of protection, should the main backup account experience disruption from accidental or malicious deletion, disaster, or ransomware. Customers may use their AWS Organizations management account to designate certain accounts as secondary backup accounts, allowing them to copy backups only to trusted accounts in the organization.
Google Cloud Releases and Updates
Anthos clusters on VMware
Anthos Config Management
Anthos GKE on AWS
Anthos Service Mesh
App Engine ( Go / Java / Node.js / PHP / Python / Ruby )
Serverless VPC Access support for Shared VPC is now generally available.
The BigQuery Admin Resource Charts Preview is now available for Reservation users, enabling administrators to more easily monitor and troubleshoot their BigQuery environment. It provides visibility into key metrics such as slot consumption, job concurrency, and job execution time across the entire organization.
Cloud Database Migration Service
Cloud Load Balancing
Shared queries are now generally available (GA). To learn more, see Shared queries.
Cloud Run is now available in
Transaction statistics now includes information about commit retries to help users debug performance issues caused by transaction aborts.
Cloud SQL for PostgreSQL
Cloud SQL for SQL Server
Generally available: You can now configure schedule-based autoscaling for your managed instance groups. Schedule-based autoscaling lets you improve the availability of your application by scheduling capacity ahead of anticipated load.
Preview launch of the Voximplant integration for Dialogflow CX.
Preview launch of the Facebook Messenger integration for Dialogflow CX.
Preview launch of the LINE integration for Dialogflow CX.
Google Cloud Armor
Subscribers of Managed Protection Plus are now eligible to receive reactive or proactive DDoS response support from Google's DDoS mitigation experts to help triage and mitigate ongoing attacks, as well as DDoS bill protection to provide credits for some bill spikes caused by increased GCP usage as a result being target by a DDoS attack.
For more information, see the public docs.
Managed Protection Plus subscribers are also eligible to receive reactive or proactive DDoS response support from Google's DDoS mitigation experts to help triage and mitigate ongoing attacks, as well as DDoS bill protection to provide credits for some bill spikes caused by increased GCP usage as a result being target by a DDoS attack.
For more information, see the public docs.
Subscribers of Managed Protection Plus are also eligible to receive reactive or proactive DDoS response support from Google's DDoS mitigation experts to help triage and mitigate ongoing attacks, as well as DDoS bill protection to provide credits for some bill spikes caused by increased GCP usage as a result being target by a DDoS attack.
(2021-R12) Version updates
GKE cluster versions have been updated.
GKE version 1.19 is now generally available (GA).
See below for notable changes and features in version 1.19.
The basic authentication method is no longer available starting with Kubernetes version 1.19. GKE clusters also no longer support basic authentication as they gradually upgrade to Kubernetes version 1.19. Basic authentication has been disabled by default for new GKE clusters since GKE version 1.12 and its usage has been discouraged in the Hardening your cluster's security guide. Migrate away from basic authentication before your cluster control planes are upgraded to Kubernetes version 1.19 to ensure your API clients can continue accessing the API server. To learn more about recommended authentication methods in GKE, see Authenticating to the Kubernetes API Server.
Admission webhooks and custom resource conversion webhooks must use serving certificates that contain the server name in a
subjectAltName extension. Server names in the certificate
CommonName will not be honored in future versions.
kube-proxy now uses
EndpointSlices by default.
With the release of GKE node version 1.19, the Container-Optimized OS with Docker (
cos) variant is deprecated. Please migrate to the Container-Optimized OS with Containerd (
cos_containerd) variant, which is now the default GKE node image. For instructions, see Containerd images
New versions available for upgrades and new clusters
The following Kubernetes versions are now available for new clusters and for opt-in control plane upgrades and node upgrades for existing clusters. For more information on the Kubernetes versioning scheme, see Versioning.
Identity and Access Management
Security Command Center
Virtual Private Cloud
Access to Google APIs and services using Private Service Connect is now available in General Availability.
Microsoft Azure Releases And Updates
Participate in the retail evaluation now to ensure full compatibility. The OS evaluation period provides 14 days for backward compatibility testing.
Leverage user data to customize your VM instance provision and configuration.
The new event source start options feature in Azure Time Series Insights Gen2 gives you flexibility when configuring an event source.
Use managed identities now to authenticate runbooks to any Azure service that supports Azure AD authentication.
Apache Spark 3.0 public preview in HDInsight 4.0 is a major update to Apache Spark and brings significant improvements including better performance and better support for ANSI SQL.
Public preview - Support for multiple currencies on Retail Rates API for all Azure products/services
An unauthenticated experience to get retail prices in different currencies for all Azure products/services (including Reserved Instances).
Updated Computer Vision API now generally available to improve image tagging, content moderation, OCR language expansion, and more.
You can now use the same workspace name in deployments across all your environment without a conflict. This is useful in template deployments when the same name can be used for every deployment for consistency.
With Azure Monitor built-in policy definitions for data encryption, you can enforce organizational standards and assess compliance of data encryption settings in your environment.
We have upgraded the functions experience in log analytics, providing new UI and capabilities to allow you to do more with functions.
Enable organizations to identify anomalies across multiple variables with multivariate Anomaly Detector.
Azure Data Factory (ADF) has released a “quick re-use” option as public preview to the Azure Integration Runtime TTL to reduce data flow execution to from 2 mins to under 20 seconds
The Microsoft Build of OpenJDK is a new Long-Term Support distribution of OpenJDK for your Java workloads, in the cloud and everywhere else.
Our commitment is to simplify IoT for mainstream adoption. As such, we are announcing general availability of nesting capabilities for Azure IoT Edge for industrials to connect their equipment to the cloud through multiple network layers as recommended by the ANSI/ISA-95 standard.
General availability enhancements and updates released for Azure SQL Managed Instance in April 2021.
Now you can create read replicas of your Hyperscale (Citus) server group for enhanced read scalability.
You now have the ability to run Hyperscale (Citus) on a single node with Hyperscale (Citus) Basic, an easy way to be scale-out ready.
Now Hyperscale (Citus) supports custom schedules for maintenance – specify your preferred day of the week and 30-minute time window.
MSIX app attach capability is now generally available in the Azure portal and is integrated with Azure Resource Manager.
Enable the full power of VS Code connected to your Azure Machine Learning Compute with multiple new editing tasks.
Improve the resiliency of your API Management services with Availability Zones.
Azure IoT Edge 1.2.0 enables Azure Device Update for IoT Hub and IoT Edge devices in a nested configuration.
When moving from on premises, you no longer need to split your large files into separate parts to store and process in the cloud. Supporting a single object size up to 200TB removes one complexity when using Azure Storage.
Update to the newest Windows Agent. Now available with support fixes and a new troubleshooting tool.
UPComing Training & Events:
AWS Training and Certification has launched Getting Started with Data Analytics on AWS, a new self-paced digital course available on Coursera and edX. In this one-week course, you’ll learn how to go from raw data to meaningful insights using AWS services such as AWS CloudTrail, Amazon Athena, and Amazon QuickSight. This course is intended for business analysts, business intelligence analysts, data scientists, and SysOps administrators who are new to AWS data and analytics services.
AWS Training and Certification was excited to announce the launch our updated one-day classroom course, AWS Cloud Practitioner Essentials. Learn from an accredited AWS expert instructor with deep technical knowledge to explore the AWS Cloud via a mix of presentations, peer discussion, and interactive activities. Whether you’re in a technical or non-technical role, this course helps develop the knowledge and skills necessary to demonstrate an overall understanding of the AWS Cloud.
AWS announced the launch of the updated Advanced Architecting on AWS course this week. This instructor-led training course is designed for cloud architects who want to extend their baseline knowledge of AWS services. An expert AWS instructor will help you learn advanced architecting topics such as hybrid connectivity and hybrid AWS devices, networking with a focus on AWS Transit Gateway connectivity, AWS Container services, automation tools for CI/CD, security options, and much more.
AWS Training and Certification launched a new course entitled AWS Cloud Technical Essentials. Available for free on Coursera and edX, this course uses video lectures and demonstrations to teach the technical fundamentals of AWS. Upon course completion, learners will be able to make an informed decision about when and how to apply core AWS services for compute, storage, and database to different use cases.
New digital course: Amazon S3 Cost Optimization
AWS are excited to announce a free digital course: Amazon Simple Storage Service Cost Optimization. This advanced 60-minute course explores techniques and tools you can use to optimize your Amazon S3 costs. Designed for cloud architects, storage architects, developers, and operations engineers, it includes interactive lessons and video demonstrations.
Four new AWS digital training offerings for AWS End User Computing
AWS introduced four new digital training offerings that help you learn how to plan, deploy, secure, and manage cloud-based desktops and applications. The offerings are designed for desktop or virtual desktop infrastructure managers, IT administrators, and technical professionals interested in cloud-based virtualization. These free self-paced courses and curriculums include presentations, interactive e-learning modules, videos, demonstrations, and quizzes.
Azure Virtual Events
Microsoft have a full schedule of Virtual Events
A full list including session times and details are here : Azure Events
AWS events are pretty fluid at the moment, with most in-person events being cancelled or postponed. There are a number that have been taken online and full details can be found here: AWS Events
Thanks for reading again this week, we hope you found something useful.
hava.io allows users to visualise their AWS, GCP and Azure cloud environments in interactive diagram form including unique infrastructure, security and container views. hava.io continuously polls your cloud configuration and logs changes in a version history for later inspection which helps with issue resolution and provides history of all configs for audit and compliance purposes.
If you haven't opened a free hava.io account to see what the GCP, Azure and AWS automated diagram generator can do for your workflow, security and compliance needs, you can below - if you have questions, please get in touch.
You can reach us on chat, email firstname.lastname@example.org to book a callback or demo.
Read more about Hava Azure Infrastructure Diagrams here.
Read more about Hava AWS Architecture Diagrams here.
Read more about Hava GCP Architecture Diagrams here