In Cloud Computing This Week [Apr 16th 2021]

AWS Updates and Releases

Starting this week, AWS Transit Gateway Connect is now available in the Europe (Milan), Asia Pacific (Hong Kong), Africa (Cape Town), and Middle East (Bahrain) Regions.

AWS are excited to announce the launch of Machine Learning Essentials for Business and Technical Decision Makers, a series of three free digital courses. These on-demand courses are designed to help business and technical decision makers without Machine Learning (ML) experience understand ML basics and develop the skills to plan an ML strategy for their organization.

AWS Security Hub Automated Response & Remediation solution supports 11 new AWS Foundational Security Best Practices controls

Amazon Macie now publishes job status and health logs to CloudWatch, providing you with continuous visibility into operations of your sensitive data discovery jobs to quickly identify, investigate, and address errors.

AWS CloudFormation enhances the existing dynamic referencing of AWS Systems Manager Parameter Store  parameters in CloudFormation templates. You can now reference the latest Systems Manager parameter values in CloudFormation templates without specifying parameter versions. If you choose not to specify the parameter versions in the template, CloudFormation will automatically fetch the latest parameter values from Parameter Store. 

Amazon EventBridge now supports cross-Region event bus as a target, allowing customers to aggregate events in a central Region. Customers can now have all their event information in one place. This makes it easier for developers to find those events and write code that reacts to them, manage permissions for access to sensitive events, and generate insights that stem from events generated across the entire organization. Customers can also reduce operational burden by removing the need to manage duplicate infrastructure in multiple Regions.

Amazon Elasticsearch Service now supports integrating with Microsoft Power BI , a business analytics service that delivers insights to enable fast, informed decisions. Powered by the Open Distro for Elasticsearch ODBC Driver  you can now integrate your Microsoft Power BI environment with you Amazon Elasticsearch Service domains using the Open Distro for Elasticsearch SQL Engine.

Amazon RDS for PostgreSQL adds support for the pg_bigm  extension for faster full text search of languages that require multi-byte character sets such as Japanese, Chinese, and Korean.

AWS Data Exchange now gives customers an easy way to set up export jobs upon subscribing to products. Instead of navigating to separate screens, subscribers can use the AWS Data Exchange console to configure export jobs that will begin automatically after their subscription is completed. This functionality reduces friction and time to value for customers. For subscribers just getting started on AWS Data Exchange, setting up data exports to Amazon S3 is a critical first step towards downstream analysis in a variety of AWS services.

Starting today, AWS Network Firewall is now available in Asia Pacific (Mumbai), Asia Pacific (Singapore), and EU (London) regions

Amazon Connect now allows agents to select which speaker, microphone, and ringer device to use in the Contact Control Panel (CCP). For example, agents can change the ringer device from their headset to their speaker if they need to step away from their desk. Then, when a call comes in, the agent will hear the ring from speakers even if they are away from their computer.

AWS Storage Gateway has achieved Federal Risk and Authorization Management Program (FedRAMP) Moderate authorization, approved by the FedRAMP Joint Authorization Board (JAB), for the AWS US East (N. Virginia), US East (Ohio), US West (N. California), US West (Oregon) Regions. You can use AWS Storage Gateway to store and manage your critical data in AWS with up to the Moderate impact level.

AQUA (Advanced Query Accelerator) for Amazon Redshift is generally available now. AQUA provides a new distributed and hardware accelerated cache that brings compute to the storage layer for Amazon Redshift and delivers up to 10x faster query performance than other enterprise cloud data warehouses.

AWS CloudShell is now generally available in the Asia Pacific (Mumbai), Asia Pacific (Sydney), and Europe (Frankfurt) regions.

Starting today, AWS CodeArtifact is now available in the Europe (Paris), Europe (London), and Europe (Milan) Regions

AWS CodeCommit is now available in the Asia Pacific (Osaka) region. AWS CodeCommit is a secure, highly scalable, managed source control service that hosts private Git repositories. CodeCommit eliminates the need for you to manage your own source control system or worry about scaling its infrastructure. You can use CodeCommit to store anything from code to binaries. It supports the standard functionality of Git, so it works seamlessly with your existing Git-based tools.

Amazon RDS for PostgreSQL can now make calls to AWS Lambda functions. AWS Lambda lets you run code without provisioning or managing servers, and without worrying about scalability.

AWS CloudFormation Modules  encapsulate one or more AWS resources and their respective properties for reuse across your organization. Modules make it simple to use the specific resources you need, while keeping resource configurations aligned with organizational best practices. You can now create YAML-formatted Modules in your CloudFormation templates. YAML-formatted Modules follow the same anatomy as existing JSON-formatted Modules. We have also added delimiter support for Modules

AWS Batch has increased a variety of performance characteristics, including job scheduling speed for EC2 Compute Environments, EC2 instance scaling reactivity, and most AWS Batch APIs.

AWS Identity and Access Management (IAM) now provides the ability to easily identify the user responsible for an AWS action performed while assuming an IAM role. By setting the new source identity attribute , which gets logged in AWS CloudTrail for most actions, you can easily find out who is responsible for actions performed using IAM roles.  

Amazon Redshift data sharing allows you to share live data across Redshift clusters for read purposes without the complexity and delays associated with data copies and data movement. Redshift already allows you to pause and resume your data sharing consumer clusters on-demand or based on schedule according to your workload demands. With this new capability, producer clusters can also be paused while still allowing data sharing with consumer clusters.  

Amazon Relational Database Service (RDS) for MySQL now supports AWS Graviton2-based (https://aws.amazon.com/ec2/graviton/) database instances in the additional regions of US West (N. California), Canada (Central), South America (São Paulo), and Europe (London). Graviton2 instances provide up to 35% performance improvement and up to 52% price/performance improvement over comparable current generation x86-based instances for RDS open source databases depending on database engine, version, and workload.

Amazon Kinesis Data Streams for Amazon DynamoDB  now supports AWS CloudFormation, which means you can enable streaming to an Amazon Kinesis data stream on your DynamoDB tables with CloudFormation templates. By streaming your DynamoDB data changes to a Kinesis data stream, you can build advanced streaming applications with Amazon Kinesis services. For example, Amazon Kinesis Data Analytics reduces the complexity of building, managing, and integrating with Apache Flink, and provides built-in functions to filter, aggregate, and transform streaming data for advanced analytics. You also can use Amazon Kinesis Data Firehose to take advantage of managed streaming delivery of DynamoDB table data to other AWS services such as Amazon Elasticsearch Service, Amazon Redshift, and Amazon S3. 

Amazon FSx and AWS Backup now enable you to copy your Amazon FSx file system backups (both Amazon FSx for Windows File Server and Amazon FSx for Lustre) across AWS Regions, AWS accounts, or both. With cross-region backups, you can store a copy of your backup data in AWS Regions other than where your primary backups are stored, helping you meet business continuity, disaster recovery, and compliance requirements. In addition, cross-account backups enable you to copy backups into a secondary backup account to provide an additional layer of protection, should the main backup account experience disruption from accidental or malicious deletion, disaster, or ransomware. Customers may use their AWS Organizations management account to designate certain accounts as secondary backup accounts, allowing them to copy backups only to trusted accounts in the organization.

Generally available: VM Manager integration with VPC Service Control.

Generally available: You can now configure schedule-based autoscaling for your managed instance groups. Schedule-based autoscaling lets you improve the availability of your application by scheduling capacity ahead of anticipated load.

Preview launch of the Voximplant integration for Dialogflow CX.

Preview launch of the Facebook Messenger integration for Dialogflow CX.

Preview launch of the LINE integration for Dialogflow CX.

Subscribers of Managed Protection Plus are now eligible to receive reactive or proactive DDoS response support from Google's DDoS mitigation experts to help triage and mitigate ongoing attacks, as well as DDoS bill protection to provide credits for some bill spikes caused by increased GCP usage as a result being target by a DDoS attack.

For more information, see the public docs.

Managed Protection Plus subscribers are also eligible to receive reactive or proactive DDoS response support from Google's DDoS mitigation experts to help triage and mitigate ongoing attacks, as well as DDoS bill protection to provide credits for some bill spikes caused by increased GCP usage as a result being target by a DDoS attack.

For more information, see the public docs.

Subscribers of Managed Protection Plus are also eligible to receive reactive or proactive DDoS response support from Google's DDoS mitigation experts to help triage and mitigate ongoing attacks, as well as DDoS bill protection to provide credits for some bill spikes caused by increased GCP usage as a result being target by a DDoS attack.

1.19 GA

GKE version 1.19 is now generally available (GA).

Before upgrading to 1.19, read the Kubernetes 1.19 Release Notes especially the Urgent upgrade notes.

See below for notable changes and features in version 1.19.

The basic authentication method is no longer available starting with Kubernetes version 1.19. GKE clusters also no longer support basic authentication as they gradually upgrade to Kubernetes version 1.19. Basic authentication has been disabled by default for new GKE clusters since GKE version 1.12 and its usage has been discouraged in the Hardening your cluster's security guide. Migrate away from basic authentication before your cluster control planes are upgraded to Kubernetes version 1.19 to ensure your API clients can continue accessing the API server. To learn more about recommended authentication methods in GKE, see Authenticating to the Kubernetes API Server.

Admission webhooks and custom resource conversion webhooks must use serving certificates that contain the server name in a subjectAltName extension. Server names in the certificate CommonName will not be honored in future versions.

kube-proxy now uses EndpointSlices by default.

With the release of GKE node version 1.19, the Container-Optimized OS with Docker (cos) variant is deprecated. Please migrate to the Container-Optimized OS with Containerd (cos_containerd) variant, which is now the default GKE node image. For instructions, see Containerd images

UPComing Training & Events: