Hava Blog and Latest News

In Cloud Computing This Week [Apr 1st 2022]

Written by Team Hava | April 1, 2022

This week's roundup of all the cloud news.


Here's a cloud round up of all things GCP, Azure and AWS for the week ending Friday 1st April 2022

To stay in the loop, make sure you subscribe using the box on the right of this page.

Of course we'd love to keep in touch at the usual places. Come and say hello on:

Facebook.      Linkedin.     Twitter.

AWS Updates and Releases

Source: aws.amazon.com

Amazon ECS announces increased service quota for container instances per cluster

Amazon Elastic Container Service (Amazon ECS) this week increased the default service quota for container instances per cluster. You can now launch up to 5,000 instances per cluster, an increase from 2,000. The limit increase enables customers to scale further and improve manageability of their clusters.

The new limit applies in all regions. The higher limit is reflected in your account automatically and you do not have to take any action. If your account has an approved limit that is higher than the new limit, you will continue to have the higher limit. For more information, please see the ECS service quota documentation.

Sustainability Pillar is now available in AWS Well-Architected Tool

AWS introduced the Sustainability Pillar during re:Invent 2021 to help customers minimize the environmental impacts of running cloud workloads. Today, the Sustainability Pillar is available for customers to use during workload reviews in the AWS Well-Architected Tool, a central place for cloud architecture best practices and guidance. The Sustainability Pillar is designed to help CTOs, architects, developers, and operations team members contribute to an increasing number of sustainability targets set by their organizations.

The practice of sustainability involves understanding the impacts of the services used, quantifying impacts through the entire workload lifecycle, and applying design principles and best practices to reduce these impacts. Review your cloud architecture using the Sustainability Pillar in the AWS Well-Architected Tool to learn and measure energy consumption and the environmental impacts of your cloud workloads. After you have completed a review, the tool provides an improvement plan with direct actions to reduce resource usage and increase efficiency. Review your workloads periodically using the Sustainability Pillar to make informed decisions in balancing security, cost, performance, reliability, and operational excellence with sustainability outcomes for your cloud workloads.

Amazon CloudFront now supports Server Timing headers

Starting this week, you can configure your CloudFront distributions to include Server Timing headers to monitor CloudFront behavior and performance. Server Timing headers provide detailed performance information, such as whether content was served from cache when a request was received, how the request was routed to the CloudFront edge location, and how much time elapsed during each stage of the connection and response process.

Server Timing headers provide additional metadata in the form of HTTP headers in viewer responses and can be inspected or consumed by client-side application code. You can use Server Timing headers to gain more granular insights when troubleshooting CloudFront performance, to inspect CloudFront behavior, and to collect and aggregate metrics across user-requested transactions, such as cache misses, first byte latency, and last byte latency.  

AWS Storage Gateway updates support for VMware and Microsoft hypervisors

AWS Storage Gateway adds support for VMware ESXi 7.0 and Microsoft Hyper-V 2022 and 2019 hypervisors, enabling you to deploy your gateway virtual machines on the latest versions of these hypervisors.  

AWS Storage Gateway is a hybrid cloud storage service that provides on-premises applications access to virtually unlimited storage in the cloud. You can use AWS Storage Gateway for backing up and archiving data to AWS, providing on-premises file shares backed by cloud storage, and providing on-premises applications low latency access to data in the cloud.

Amazon Redshift launches Concurrency Scaling in the Europe (Stockholm) region

Amazon Redshift Concurrency Scaling is now available in the Europe (Stockholm) region.

Amazon Redshift Concurrency Scaling elastically scales query processing power to provide consistently fast performance for hundreds of concurrent queries. Concurrency Scaling resources are added to your Redshift cluster transparently in seconds, as concurrency increases, to process queries without wait time. Amazon Redshift customers with an active Redshift cluster earn up to one hour of free Concurrency Scaling credits, which is sufficient for the concurrency needs of most customers. Concurrency scaling allows you to specify usage control providing customers with predictability in their month-to-month cost, even during periods of fluctuating analytical demand. Refer to the Amazon Redshift pricing for more details.

The AWS Lambda console now supports bulk update of layers

You can now select all or a subset of the functions that use a Lambda layer, and update them simultaneously to a newer layer version in the Lambda console.

Lambda layers provide a convenient way to package libraries and other dependencies that you can use with your Lambda functions. Using layers reduces the size of uploaded deployment archives and makes it faster to deploy your code. Previously, it was challenging to identify and update all the functions that used a specific layer version. With this release, the Lambda console displays a list of all the functions using a given layer and allows you to select multiple functions to be updated with a newer layer version. This release eliminates the need to update one function at a time or utilize an external script to perform the update on multiple functions.

Amazon EC2 now reduces visibility of public Amazon Machine Images (AMIs) older than two years

Starting this week, all public AMIs will have the deprecation time set to two years after their creation date. This means that public AMIs that are more than two years old will by default be deprecated. Once an AMI is deprecated, it will no longer appear in DescribeImages API calls for users that aren’t the owner of the AMI. Deprecating an AMI only reduces the visibility of the AMI in untargeted searches, but continues to be usable and available to you. Users of a deprecated AMI can continue to launch instances and describe the deprecated AMI using its ID.

Previously all AMIs had the same level of visibility on the AMI catalog regardless of how long ago they were created. By deprecating older AMIs from the catalog, it reduces the likelihood of inadvertently launching instances using old images with possibly outdated software.

EKS add-ons support for EBS CSI driver is now generally available

Amazon Elastic Kubernetes Service (Amazon EKS) now supports using the Amazon EKS console, AWS Command Line Interface (CLI), and EKS API to install and manage the the Amazon Elastic Block Store (EBS) Container Storage Interface (CSI) driver. This launch enables a simple experience for attaching persistent storage to an EKS cluster.

The EBS CSI driver provides a CSI interface used by container orchestrators to manage the lifecycle of Amazon EBS volumes. Since announcing preview, EKS add-ons support now includes Windows compatibility, dynamic snapshotting and resizing of EBS volumes via the Kubernetes API, and backwards compatibility with the in-tree EBS driver. The EBS CSI driver can be installed, managed, and updated directly through the EKS console, CLI, and API. You can see available add-ons and compatible versions in the EKS API, select the version of the add-on you want to run on your cluster, and configure key settings such as the IAM role used by the add-on when it runs. Using EKS add-ons you can go from cluster creation to running applications in a single command and easily keep tooling in your cluster up to date.


Amazon AppStream 2.0 is now available in the AWS Canada (Central) region

You can now deploy Amazon AppStream 2.0 in the AWS Canada (Central) Region. Deploying AppStream 2.0 in your local region provides users with a more responsive experience and helps support your local data residency obligations. With this launch, you can deploy General Purpose, Compute Optimized, Memory Optimized, Graphics Design, Graphics Pro and Graphics G4 instances to meet the needs of your users.

AppStream 2.0 is a fully managed non-persistent desktop and application virtualization service that allows you to stream applications and desktops from AWS to users without acquiring, provisioning, and operating hardware or infrastructure. AppStream 2.0 can help you provide users with secure, instant-on access to the applications they need with a responsive, fluid user experience from anywhere on the device of their choice.

Amazon Pinpoint now supports template tagging and search in the console

This week, Amazon Pinpoint launched the ability to add tags to messaging templates in the template editor. Amazon Pinpoint is an omnichannel marketing and communication service that helps customers engage their users by sending messages through targeted messaging campaigns across email, SMS, push notification, in-app, and social media channels. A tag is a label that customers can define and associate with an AWS resource. Adding a tag to a messaging template lets customers control which users can view, edit, or use specific templates. Tags can be tailored to a customer’s organizational needs, allowing customers to organize templates by areas such as purpose, owner, region, or other criteria. With Amazon Pinpoint’s new template search feature, customers can also use tags to more easily find the template they need.

Using the Amazon Pinpoint console, a customer can add up to 50 tags to each template by simply editing the template. Each tag consists of a required tag key and an optional tag value, both of which the customer defines. Once tags are associated with a template, the relevant tag-based resource-level permissions in a customer’s AWS Identity and Access Management (IAM) policies will automatically apply. Using tags in this way, customers can implement granular controls over which groups and users have permission to view, edit, or use specific templates. For example, you can create a policy that restricts users who can edit a template to only those where their name is a value in the Owner tag. 

AWS Firewall Manager now supports Palo Alto Networks Cloud Next Generation Firewalls

AWS Firewall Manager now enables you to centrally deploy and monitor Palo Alto Networks Cloud Next Generation Firewalls (NGFWs) across all AWS virtual private clouds (VPCs) in your AWS organization. With this release, customers will now have a single firewall management solution to deploy and manage both AWS native firewalls and Palo Alto Networks Cloud NGFWs.

You can use Firewall Manager to orchestrate the deployment of Palo Alto Networks Cloud NGFWs and get centralized visibility into non-compliant configurations across accounts in your organization. You can use Firewall Manager to handle the end-to-end set up of Palo Alto Networks Cloud NGFWs across accounts and VPCs. Firewall Manager ensures that Palo Alto Networks Cloud NGFWs are automatically and consistently added to new accounts and VPCs with no manual intervention, reducing any operational heavy-lifting required to monitor new accounts and add firewall protections. You can deploy Palo Alto Networks Cloud NGFWs in either a centralized or a distributed deployment model. Under a centralized deployment model, Firewall Manager will apply the Palo Alto Networks global rulestack configuration on firewall endpoints in an inspection VPC for centralized traffic inspection. Under a distributed deployment model, Firewall Manager will deploy firewall endpoints in all in-scope VPCs for local inspection.  

AWS Glue 2.0 now supports fuzzy matching and deduplication using AWS Glue FindMatches

AWS Glue version 2.0 now supports the AWS Glue FindMatches machine learning transform. AWS Glue FindMatches automates the process of identifying partially matching records for use cases including linking customer records, deduplicating product catalogs, and fraud detection. Using Glue 2.0, ETL jobs that perform fuzzy matching using FindMatches start in under a minute and have 1-minute minimum billing.

Use the FindMatches transform to identify and then merge or deduplicate related records in your datasets. For example, it can recognize that records are matches despite spelling and formatting differences like “John Doe” vs. “Jhn Doe”, “JOHN_DOE@ANYCOMPANY.COM” vs. “johndoe@anycompany.com”, or “555-010-0000” vs. “+1-555-010-0000”.

Amazon FSx for NetApp ONTAP now enables you to change the throughput capacity of your file systems

Amazon FSx for NetApp ONTAP now enables you to change the throughput capacity of your file systems with the click of a button, providing you the flexibility to scale up or down to meet your evolving needs over time.

An FSx for ONTAP file system’s throughput capacity determines the level of network I/O performance that is supported by its file servers. Starting today, you can now dynamically adjust your file systems’ throughput capacity for cyclical workloads, for one-time bursts (such as time-sensitive migrations), or to accommodate your workloads’ increasing throughput needs over time.

AWS Security Hub launches 12 controls for security posture monitoring

AWS Security Hub has released 12 new controls for its Foundational Security Best Practice standard (FSBP) to enhance your Cloud Security Posture Management (CSPM). These controls conduct fully automatic checks against security best practices for Amazon Auto Scaling, Amazon CloudFront, AWS CodeBuild, Amazon EC2, Amazon Elastic Container Service (ECS), AWS Lambda, Amazon Network Firewall, Amazon Relational Database Service (Amazon RDS), Amazon Redshift, and Amazon Simple Storage Service (S3). If you have Security Hub set to automatically enable new controls and are already using AWS Foundational Security Best Practices, these controls are enabled by default. Security Hub now supports 187 security controls to automatically check your security posture in AWS.

The 12 FSBP controls that AWS have launched are:

  • [AutoScaling.2] Amazon EC2 Auto Scaling group should cover multiple Availability Zones
  • [CloudFront.8] CloudFront distributions should use SNI to serve HTTPS requests
  • [CodeBuild.4] CodeBuild project environments should have a logging configuration
  • [CodeBuild.5] CodeBuild project environments should not have privileged mode enabled
  • [EC2.22] Unused EC2 security groups should be removed
  • [EC2.21] Network ACLs should not allow ingress from to port 22 or port 3389
  • [Lambda.5] VPC Lambda functions should operate in more than one Availability Zone
  • [NetworkFirewall.6] Stateless network firewall rule group should not be empty
  • [RDS.24] RDS database clusters should use a custom administrator username
  • [RDS.25] RDS database instance should use a custom administrator username
  • [Redshift.8] Amazon Redshift clusters should not use the default Admin username
  • [S3.10] S3 buckets with versioning enabled should have lifecycle policies configured

Security Hub is available globally and is designed to give you a comprehensive view of your security posture across your AWS accounts. With Security Hub, you now have a single place that aggregates, organizes, and prioritizes your security alerts, or findings, from multiple AWS services, including Amazon GuardDuty, Amazon Inspector, Amazon Macie, AWS Firewall Manager, AWS Systems Manager Patch Manager, AWS Config, AWS Health, AWS IAM Access Analyzer, as well as from over 60 AWS Partner Network (APN) solutions.

You can also continuously monitor your environment using automated security checks based on standards, such as AWS Foundational Security Best Practices, the CIS AWS Foundations Benchmark, and the Payment Card Industry Data Security Standard. In addition, you can take action on these findings by investigating findings in Amazon Detective or AWS Systems Manager OpsCenter or by sending them to AWS Audit Manager or AWS Chatbot.

You can also use Amazon EventBridge rules to send the findings to ticketing, chat, Security Information and Event Management (SIEM), response and remediation workflows, and incident management tools.

Amazon Aurora supports PostgreSQL 13.6, 12.10, 11.15, 10.20 and Babelfish for Aurora PostgreSQL 1.2.0

Following the announcement of updates to the PostgreSQL database by the open source community, AWS have updated Amazon Aurora PostgreSQL-Compatible Edition to support PostgreSQL 13.6, 12.10, 11.15, and 10.20. These releases contain bug fixes and improvements by the PostgreSQL community. Refer to the Aurora version policy to help you to decide how often to upgrade and how to plan your upgrade process.

In addition, Babelfish for Aurora PostgreSQL version 1.2.0 has been released for PostgreSQL 13.6, providing improvements in support for GRANT, REVOKE , ROWVERSION , JSON_QUERY and more. Details are listed in the Babelfish 1.2.0 release notes.

Amazon CloudWatch adds option for easy monitoring set up

Now you can easily set up monitoring, alarms and dashboards for many of your resources and workloads automatically in CloudWatch. The new one-click option on the CloudWatch Getting Started page provides AWS customers a convenient means to launch CloudWatch Application Insights. Once launched, Application Insights will discover the underlying resources in your account or Resource Group and set up the recommended metrics, logs and alarms to monitor their health.

To get started, go to the CloudWatch console. If you haven’t set up any alarms or applications yet, then just below the Get started with CloudWatch cards you will find a new section, Get started with Application Insights. When you click on the Configure Application Insights button, the service will set up monitoring and create a widget in the Home Page along with dashboards that display alerts and problems. If you have already set up alarms, then you will the alarms as you normally would.

AWS Organizations now provides central AWS account closure to enable easier end-to-end account lifecycle management

You can now centrally close member accounts in your AWS Organizations through the console and programmatically via the AWS Command Line Interface (CLI) and SDK. This feature makes it easier and more efficient for you to manage your Amazon Web Services workloads by enabling you to close member accounts from your organization’s management account without needing to login to each member account individually. You can also use IAM permissions to authorize IAM roles or users in your management account to securely perform account closures while protecting mission-critical accounts in your infrastructure. 

AWS Organizations helps you centrally manage and govern your environment as you grow and scale your AWS resources. Using AWS Organizations, you can programmatically create new accounts, close decommissioned accounts and allocate resources, simplify billing by setting up a single payment method for all of your accounts, create groups of accounts to organize your workflows, and apply policies to these groups for governance. In addition, AWS Organizations is integrated with other AWS services so you can define central configurations, security mechanisms, and resource sharing across accounts in your organization.

Amazon EC2 now performs automatic recovery of instances by default

This week, Amazon EC2 announced automatic recovery by default, a new feature that makes it even easier for customers to recover their instance when it becomes unreachable. Automatic recovery improves instance availability by recovering the instance if it becomes impaired due to an underlying hardware issue. Automatic recovery migrates the instance to another hardware during an instance reboot while retaining its instance ID, private IP addresses, Elastic IP addresses, and all instance metadata.

The new feature further simplifies the configuration process for automatic recovery as supported instance types are configured to recover by default. Customers can choose to disable automatic recovery for their instance.

Amazon Textract announces updates to its tables and checkbox detection features

Amazon Textract is a machine learning service that makes it easy to extract text and data from virtually any document. AWS continuously improve the underlying machine learning models based on customer feedback to provide even better accuracy. This week, AWS were pleased to announce a few quality enhancements to both Tables and checkbox detection features.

The latest Tables models supports detecting merged cells and identifying column headers. Specifically, you can now detect merged cells on a document processed using the AnalyzeDocument-Tables feature through the "Type": "MERGED_CELL" and also identify cells that make up the column header through the "EntityTypes": ["COLUMN_HEADER"] identifier. In addition, we are pleased to announce quality enhancements to our Tables feature. Starting today, Textract more accurately detects outer table boundaries, row and column boundaries and table content. Customers can now expect higher accuracy with lower postprocessing on extracting tables within a wide variety of document types, including those found in lending, insurance, financial services, legal, healthcare, energy and the public sector.

Amazon EMR Managed Scaling is now Spark shuffle data aware

Amazon EMR Managed Scaling automatically resizes EMR clusters for best performance and resource utilization. This week, AWS were excited to announce a new capability in Managed Scaling that prevents it from scaling down instances that store intermediate shuffle data for Apache Spark. Intelligently scaling down clusters without removing the instances that store intermediate shuffle data prevents job re-attempts and re-computations, which leads to better performance, and lower cost.

With EMR Managed Scaling you specify the minimum and maximum compute limits for your clusters. EMR Managed Scaling can be used with Amazon EC2 Spot Instances, that let you take advantage of unused EC2 capacity for up to 90% discount from on-demand prices. EMR Managed Scaling continuously samples key metrics associated with the workloads running on clusters and resizes clusters based on workload and utilization. These metrics now include monitoring instances that have intermediate shuffle data for Apache Spark.

This capability is supported on Amazon EMR release version 5.34 and 6.4.0 and later. No further action is needed from your end. This feature is available across 20 AWS regions globally: US East (N. Virginia and Ohio), US West (Oregon and N. California), South America (São Paulo), Europe (Frankfurt, Ireland, London, Milan, Paris, and Stockholm), Canada (Central), Asia Pacific (Hong Kong, Mumbai, Seoul, Singapore, Sydney, and Tokyo), Middle East (Bahrain), and Africa (Cape Town).

Amazon Aurora PostgreSQL supports Foreign Data Wrapper for Microsoft SQL Server and Sybase databases

Amazon Aurora PostgreSQL-Compatible Edition now supports a foreign data wrapper that can connect to databases that use the Tabular Data Stream (TDS) protocol, such as Sybase databases and Microsoft SQL server. You can use this foreign data wrapper to connect to data sources in other databases eliminating the need to replicate or copy data.

Managed entitlements in AWS License Manager now supports license usage for AWS Marketplace licenses

AWS License Manager announces support for license usage tracking for customers granting entitlements from AWS Marketplace. This feature allows AWS Marketplace to track and meter license usage across AMI and metered SaaS products.

AWS Marketplace customers can now track their license usage in the AWS License Manager console and via Amazon CloudWatch metrics. Additionally, administrators can track usage metrics across the licenses they have granted to other AWS accounts in their organization.

Managed entitlements consists of two distinct experiences including Seller issued licenses and Granted licenses. Seller issued licenses allow Independent Software Vendors (ISV) and AWS Marketplace to create and distribute licenses to their end customers. Customers, upon receipt of a license, can use Granted licenses to more easily distribute entitlements access to their AWS accounts or organization. Using Granted licenses, AWS Marketplace customers can now track and monitor their license usage where available. License usage metrics are available via AWS License Manager console and Amazon CloudWatch.

Contact Lens for Amazon Connect now offers real-time streaming for higher scale and low latency scenarios

Contact Lens for Amazon Connect now supports real-time streaming that helps businesses access Contact Lens analytics in real-time, eliminating the need to constantly make requests from existing Contact Lens API with rate limitations. The real-time streaming also offers additional data segments that consist of sentence-by-sentence transcripts for low latency requirements.

Businesses can now subscribe to four event types (started, segments, completed, failed) through real-time data streams to access the enriched analytics of Contact Lens in real-time. Additionally, the real-time data streams provides access to a new data segment called utterance that allows businesses to access partial transcripts, enabling businesses meet their low latency requirements to assist agents on live calls.

Amazon EventBridge Schema Registry extends support to Go language

Amazon EventBridge schema registry now supports Go language for generating code bindings for event schemas, making it easier to use your schema as objects in your code. You can generate these code bindings for a schema by using the EventBridge console, APIs, or AWS SDK toolkits for Jetbrains (Intellij, PyCharm, Webstorm, Rider) and VS Code. Previously, we have supported Java, Python, and Typescript for generating code bindings. With support for Go, you can download code bindings in your preferred IDE to take advantage of features like code validation and auto-completion.

Amazon EventBridge schema registry is a central registry for storing your schemas - or event structure - for all events published on your event bus. You can add schema to the registry yourself or turn on the Schema Discovery feature to automatically add all schema sent to an event bus to the registry. Any developer in your organization can easily search for and access events in the registry. Once you have a schema, you can download code bindings. 

The EventBridge schema registry is available at no additional cost and customers only pay for schema discovery. The schema discovery feature has a free tier of 5 million ingested events per month, and a fee of $0.10 per million ingested events outside of the free tier. All ingested events are measured in 8KB chunks. For more info on pricing, please see the EventBridge pricing page.

Amazon Schema Registry support for Go language is available in the following regions: US East (Ohio and N. Virginia), US West (Oregon and N. California), Canada (Central), Europe (Stockholm, Paris, Ireland, Frankfurt, and London), Asia Pacific (Mumbai, Tokyo, Seoul, Singapore, Hong Kong, and Sydney), and South America (Sao Paulo). 

Amazon RDS Free Tier now includes db.t3.micro, AWS Graviton2-based db.t4g.micro instances in all commercial regions

Starting this week, the Amazon Relational Database Service (Amazon RDS) free tier will include db.t3.micro and AWS Graviton2- based db.t4g.micro instances in all commercial regions. This provides you with more options in addition to the db.t2.micro instance in the current AWS Free Tier for new AWS customers.

Customers new to AWS in the past 12 months and who were in regions where db.t2.micro was not available can now create free tier db.t3.micro or db.t4g.micro instances for the remainder of their first 12 months. In addition, the latest generation of db.t3.micro and db.t4g.micro instances offers two vCPUs compared to one vCPU in db.t2.micro instances. With this announcement, new AWS customers can now gain hands-on experience with Amazon RDS using their choice of db.t2.micro, db.t3.micro, or db.t4g.micro instances for up to 750 hours monthly for 12 months. The Amazon RDS Free Tier includes 20 GB of General Purpose (SSD) Database Storage and 20 GB of storage for automated database backups and any user-initiated database Snapshots

Google Cloud Releases and Updates
Source: cloud.google.com


Anthos Clusters on Bare Metal

Anthos clusters on bare metal 1.11.0 is now available for download. To upgrade, see Upgrade Anthos on bare metal. Anthos clusters on bare metal 1.11.0 runs on Kubernetes 1.22.

Containerd is the default runtime in Anthos clusters on bare metal. Support for Docker as a container runtime on Kubernetes nodes will be removed from Anthos clusters on bare metal starting with version 1.13.0. If you use a node image based on Docker container runtime, please migrate your workloads to a Containerd node image as soon as possible. For more details, see Containerd node images.

The structure of the Anthos clusters on bare metal documentation is substantially different from previous versions. For details, see New documentation structure.

Kubernetes 1.22 has deprecated certain APIs, and a list of these deprecated APIs can be found in Kubernetes 1.22 deprecated APIs. In their manifests and API clients, customers need to replace references to the deprecated APIs with references to the newer API calls. For more information, see Deprecated API Migration Guide.

On January 31, 2022, CentOS 8 reached its end of life (EOL). As a result of the EOL, yam repositories stopped working for CentOS, which causes cluster creation and cluster upgrade operations to fail. For a workaround and more information, see Cluster creation or upgrades fail on CentOS.

Anthos Servicemesh

1.13.1-asm.1 is now available.

Anthos Service Mesh 1.13 includes the features of Istio 1.13 subject to the list of Anthos Service Mesh supported features.

Managed Anthos Service Mesh isn't rolling out to the rapid release channel at this time. You can periodically check this page for the announcement of the rollout of Managed Anthos Service Mesh to the rapid channel. See Select a managed Anthos Service Mesh release channel for more information.

Anthos Service Mesh now supports GKE on GCP and On-premise combined in a hybrid mesh as a public preview feature. See Install Anthos Service Mesh and Set up a multi-cluster mesh for more information.

Anthos Service Mesh now supports GKE on GCP and Amazon EKS combined in a multi-cloud mesh as a public preview feature. See Install Anthos Service Mesh and Set up a multi-cluster mesh for more information.


Apigee X

On March 29, 2022, GCP released an updated version of Apigee X (1-7-0-apigee-28).

Artifact Registry

Artifact Registry support for attaching tags to repositories is now in Preview. Tags are key-value pairs that you can use to group repositories and other resources across Google Cloud for reporting, auditing, and access control within your Google Cloud organization.. To learn more, see Tagging repositories.


The international public dataset for Data Signals for Google Search Trends is now available in Preview and available in the Google Cloud Marketplace and Analytics Hub.

ML - The Wide-and-Deep model is now generally available (GA). For more information, see the Wide-and-Deep sections in the end-to-end user journey page.

Cloud Asset Inventory

The following resource types are now publicly available through the Export APIs (ExportAssets and BatchGetAssetsHistory) and the Feed API:

  • Dataplex
    • dataplex.googleapis.com/Lake
    • dataplex.googleapis.com/Task
    • dataplex.googleapis.com/Zone
    • dataplex.googleapis.com/Asset

Cloud BigTable

Cloud Bigtable support for Cloud EKM is generally available (GA). You can now choose an externally managed key when you protect your data using customer managed encryption keys (CMEK). Cloud EKM includes Key Access Justification, which lets you view the reason for each Cloud EKM request.

Cloud Composer

Cloud Composer 1.18.4 and 2.0.8 release started on March 28, 2022. Get ready for upcoming changes and features as we roll out the new release to all regions. This release is in progress at the moment. Listed changes and features might not be available in some regions yet.

If the /dags, /data, /logs, or /plugins folder is deleted in an environment's bucket, Cloud Composer re-creates this folder.

New version aliases for Cloud Composer images. Now you can specify the latest version of Airflow 2 with composer-2-airflow-2 and composer-1-airflow-2 aliases. The new composer-1-airflow-1 alias points to the latest version of Airflow 1.

(Cloud Composer 2) Increased the safe interval for tasks executed during maintenance windows. Tasks that take less than 55 minutes to execute are not impacted by maintenance operations.

The description of Composer Compute CPU SKUs was changed from "CPU" to "mCPU", to simplify the invoice interpretation. There are no changes in the actual Cloud Composer pricing model.

Improved the validation of custom IP ranges that are specified when an environment is created. The validation is more extensive and redundant error messages were removed.

(Cloud Composer 2) Fixed a problem when an unhealthy web server is not restarted.

(Cloud Composer 1) In-cluster builds for PyPI package installations no longer fail when the constraints/compute.requireShieldedVm policy is turned on.

(New Cloud Composer 1 environments) The minimum disk size for environment nodes is changed from 20 GB to 30 GB.

(Cloud Composer 1) Fixed problems with upgrading to Cloud Composer 1.18.* from earlier versions of Cloud Composer.

Fixed a problem with "Environment health" and "Worker Pod eviction" metrics occasionally not reporting new time-series points.

Cloud Composer 1.18.4 and 2.0.8 images are available:

  • composer-2.0.8-airflow-2.2.3
  • composer-2.0.8-airflow-2.1.4
  • composer-1.18.4-airflow-2.2.3
  • composer-1.18.4-airflow-2.1.4
  • composer-1.18.4-airflow-1.10.15 (default)

Cloud Composer 1.15.1 has reached its end of full support period.

Cloud Key Management Service

Two new organization policy constraints are now available in Preview to help ensure CMEK usage across an organization:

  • constraints/gcp.restrictNonCmekServices requires CMEK protection.
  • constraints/gcp.restrictCmekCryptoKeyProjects limits which Cloud KMS keys are used for CMEK protection.

To learn more, see CMEK organization policies.

Cloud EKM now supports Cloud Bigtable and Log Storage in Cloud Logging. For more information, see Cloud External Key Manager.

Cloud Logging

Cloud Logging now supports organization policies that can enforce CMEK protection. For information, see CMEK organization policies.

Cloud Monitoring

User-defined labels are now included in PagerDuty, Pub/Sub, Webhooks, and email notifications, and you can also view these labels on the details pages of alerting policies and incidents. To learn how you can create user-defined labels that contain severity information and attach those labels to alerting policies or incidents, see Add severity levels to an alerting policy.

Cloud Run

Cloud Run reports a new Cloud Monitoring metric: Container Startup Latency, measuring the startup time of container instances.

Cloud Spanner

All instances with a compute capacity of at least one node (1,000 processing units) now have a data storage allotment of 4 TB per node, an increase from 2 TB per node. Relatedly, instances smaller than one node now have a data storage allotment of 409.6 GB for every 100 processing units.

Cloud Storage

Customer-managed encryption key (CMEK) organization policy constraints are now available in Preview. * constraints/gcp.restrictNonCmekServices allows you to control which resources require the use of CMEK. * constraints/gcp.restrictCmekCryptoKeyProjects allows you to control the projects from which a KMS key can be used to validate requests. * You can use both constraints together to enforce the use of CMEK from allowed projects.



A Dataplex source and sink are in available in Cloud Data Fusion in Alpha.

Document AI

New & Updated processors available

The following Lending DocAI processors are now available for trusted testers. Access to the trusted testers program is limited and granted on a case by case basis. If you would like to be considered please fill out the DocAI Processor Access Request Form:

New Experimental processors to support new document types:

  • Form VA Loan Discharge Statement Processor
  • Form USDA Conditional Statement Processor
  • Form 1017 Processor
  • Form Biweekly Payment Rider Processor
  • Form VBA26 1805 Processor
  • Form VBA26 6393 Processor
  • Form MERS Rider Processor

Updated Experimental processors:

  • Form 4506-T Processor
  • Form 4506-C Processor
  • Form HUD54114 Processor
  • Form HUD92900WS Processor
  • Form HUD92800 Processor
  • Form 1040-NR Processor
  • Form HUD92900LT Processor
  • Form VBA26 8923 Processor
  • Form HUD92900A Processor

Deep Learning VM Images



Support for creating an Eventarc trigger for a Workflows destination on the Eventarc page in the Cloud Console is now available in Preview.


Google Distributed Cloud Edge

This is the General Availability release of Google Distributed Cloud Edge (version 1.0.0).

For information about the latest known issues, see Known issues in this release of Distributed Cloud Edge.

Google Cloud VMware Engine

Added ability to set the number of cores available per node in a cluster to meet your application-specific requirements during cluster creation. When you use a custom core count, any future expansions or maintenance of that cluster will also use the custom core count.

The public IP service now supports the ICMP protocol, and default firewall rules for new projects expand the previous outbound rule to allow outbound TCP, UDP, and ICMP any.

Users with Google Cloud projects created before March 8, 2022 must contact Cloud Customer Care to enable the allow-icmp-to-internet firewall rule.

Identity and Access Management

IAM Conditions now provides resource attributes for Apigee X. You can use these resource attributes to grant access to a subset of your Apigee X resources.

Memorystore for Memcached

Maintenance Windows are now Generally Available for Memorystore for Memcached.

Migrate for Anthos and GKE

Splitting IIS sites into individual containers

Previously to break down N discovered IIS sites into individual containers, you had to manually edit the migration plan to include one site at a time and generate containers artifacts N times. This new feature enables automatic breakdown of N discovered sites into N individual containers in one iteration through a parameter on the migration plan. For more information, see Split a single VM into multiple containers.

Replatform Tomcat applications to containers enhancements

The Tomcat application replatforming flow now enables you to manually specify a Tomcat server installation directory before the migration. This allows you to override the related automatic discovery in cases where you know and would like to provide an exact location. For more information see, Adding a target project.

Building and deploying containers with Skaffold

Skaffold yamls generated as part of the migration artifacts for Tomcat, WebSphere and Linux system container flows now help you to accelerate container image builds and deployments to GKE and Anthos clusters

Migrate for Compute Engine v5.0 as a migration support

Currently, Migrate for GKE and Anthos uses Migrate for Compute Engine 4.X to enable workload migration from VMWare on-premise, AWS EC2, and Azure VM environments to GCP. To simplify setup and elevate the operator experience migrating from inventories in these environments, we now offer using the new Migrate for Compute Engine v5.X managed service. This new integration is now in public preview. For more information, see Enabling Google services and configuring service accounts.

In-place migration on Anthos Bare Metal Clusters

Support has been added for implementing Anthos clusters on Bare Metal as processing clusters to perform migrations for on-premise workloads. This public preview offering will serve customers who would like to deploy on-premises workloads on Anthos Bare Metal clusters allowing the migration to containers to take place on-premise as well. For more information see, Configuring a processing cluster on Anthos on Bare Metal.

Replatform Websphere applications to containers

Version 1.11 introduces a new public offering for replatforming VMs based on WebSphere applications into containers using tWAS (traditional WebSphere Server) container image or Open Liberty community images. Migrate for Anthos and GKE now enables: * Detecting VMs that host WebSphere servers * Discovering WebSphere applications using the IBM binary scanner tool * Splitting the applications into individual containers to increase agility in deployment and operation management * Generating docker file, deployment spec and other artifacts that support deployment to Google modern application platforms and Day2 operations.

Storage Transfer Service

Creating and managing data transfers with the gcloud command-line tool is now generally available (GA).

You can use gcloud commands to perform agent installation, manage agent pool lifecycles, and orchestrate transfer jobs. This launch simplifies writing scripts to automate transfer workflow.

The GA launch adds support for transfers between file systems, metadata preservation, and manifests. It also introduces the gcloud transfer authorize command to inspect and grant required permissions for transfers.


Support for creating an Eventarc trigger on the Workflows page in the Cloud Console is now available in Preview.

Workflows is now available in the following regions:

  • asia-east1 (Changhua County, Taiwan)
  • asia-northeast1 (Tokyo, Japan)
  • asia-south1 (Mumbai, India)
  • australia-southeast1 (Sydney, Australia)
  • northamerica-northeast1 (Montréal, Québec)
  • us-west1 (The Dalles, Oregon)


Microsoft Azure Releases And Updates
Source: azure.microsoft.com

Public preview: Simplified compute node communication


Azure Batch offers simplified, efficient node communication within the Batch pool and Azure resources (storage, AppPackage storage accounts, output files, and other resources).

Public preview: Azure Arc integration with VMware vSphere and Azure VMware Solution

Manage the lifecycle and guest OS operations of VMware vSphere VMs through Azure Arc by connecting your VMware vCenter servers (on-premises or on Azure VMware Solution) to Azure.

Generally available: Azure Stream Analytics in 10 new regions

Azure Stream Analytics is a fully managed, real-time analytics service designed to help you analyze and process fast moving streams of data.

General availability: Bring your own IP ranges to Azure

Bring your own public IP ranges to Azure to retain existing reputation or to prevent your customers from needing to modify dependencies (e.g. firewalls or other hardcoding) on their network.

General availability: Azure Data Explorer supports Conditional Access


Azure Data Explorer launches support for Azure Active Directory Conditional Access.

Azure SQL—Public preview updates for late March 2022


Public preview enhancements and updates released for Azure SQL in late March 2022.

Public preview: Azure SQL Migration extension with Azure PowerShell and CLI support

Leverage Azure PowerShell module (Az.DataMigration) or Azure CLI commands (az datamigration) for recommendations and migrate SQL Server databases using Azure Database Migration Service with Azure SQL Migration extensions for ADS.


General availability: Azure Database for PostgreSQL - Hyperscale (Citus) now FedRAMP High compliant

Azure Database for PostgreSQL – Hyperscale (Citus), a managed service running the open-source Postgres database on Azure is now compliant with FedRAMP High.

Public preview: Azure Cosmos DB partition key advisor notebook

The Azure Cosmos DB partition key advisor notebook helps recommend an optimal partition key based on information you provide about your workload traffic patterns and queries.

General availability: Always Encrypted for Azure Cosmos DB

The Always Encrypted feature brings client-side encryption capabilities to Azure Cosmos DB and allows you to put an extra level of protection on your sensitive data.

General availability: Azure Cognitive Search implements debug sessions

Streamline your Cognitive Search operations with debug sessions for building, testing, and modifying skillsets.

Public preview: Edge Device Image Builder

Edge Device Image Builder assists device builders and OEMs by providing a guided experience to build secure and customized Windows IoT Enterprise LTSC 2021 device images.

Generally available: Cross-region snapshot copy for Azure Disk Storage

Cross-region snapshot copy allows you to copy disk snapshots to any region for disaster recovery.

General availability: Azure Ultra Disk Storage in Sweden Central

Azure Ultra Disk Storage provides high-performance along with sub-millisecond latency for your most-demanding workloads.

Generally available: Node.js 16 in Azure Functions

Azure Functions support for Node.js 16.x is now generally available in Azure Functions runtime 4.0 on all hosting plans. 

Generally available: Support or Calico network policy for Windows node pools

Calico Network Policy for Windows node pools in AKS is now generally available.

Public preview: Capacity reservation support in AKS

You can now use reserved capacity with AKS via the capacity reservation feature.

Public preview: Azure dedicated host support in AKS

You can now use Azure Dedicated Hosts with the Azure Kubernetes Service (AKS)

Public preview: Node auto-drain for AKS


AKS now minimizes unexpected disruptions by handling maintenance events and offloading applications via auto-drain node feature.

Azure classic storage accounts will be retired on 31 August 2024


Migrate your classic storage accounts to Azure Resource Manager by 31 August 2024.

NV-series and NV Promo Azure Virtual Machines retirement extended to 31 August 2023


Move to GPU accelerated virtual machines by 31 August 2023.

ND-series Azure Virtual Machines retirement extended to 31 August 2023


Transition to new HPC virtual machines by 31 August 2023.

Update: NV-series and NV_Promo Azure Virtual Machines will be retired on 31 August 2023


Move to GPU accelerated virtual machines by 31 August 2023.

Update: ND-series Azure Virtual Machines will be retired on 31 August 2023


Transition to new HPC virtual machines by 31 August 2023.

Update: NC v2-series Azure Virtual Machines will be retired on 31 August 2023


Transition to new HPC virtual machines by 31 August 2023

NC v2-series Azure Virtual Machines retirement extended to 31 August 2023


Transition to new HPC virtual machines by 31 August 2023.

NC-series Azure Virtual Machines retirement extended to 31 August 2023


Transition to new HPC virtual machines by 31 August 2023.

Update: NC-series Azure Virtual Machines will be retired on 31 August 2023


Transition to new HPC virtual machines by 31 August 2023.

Generally available: Access time-based lifecycle management rules for Data Lake Storage Gen2

Access time tracking for objects and lifecycle management policies based on last accessed time in Azure Data Lake Storage Gen2.

Generally available: The new Azure Front Door – a modern cloud CDN service


Azure Front Door is a modern cloud CDN that enables you to accelerate the delivery of applications, APIs, and content on Azure or anywhere at scale.

App Service Environment version 1 and version 2 will be retired on 31 August 2024


Migrate to App Service Environment version 3 by 31 August 2024.

IoT connector preview feature in Azure API for FHIR retiring on 30 September 2022


Migrate to MedTech service feature which provides stronger security and supportability.

Generally available: Copy data directly to Archive Storage with Data Box

You can now use Data Box to copy data directly to Archive tier by indicating this when ordering and then copying to the corresponding share on the Data Box.

In development: New planned datacenter region in India (India South Central)

Microsoft has announced plans to bring a new datacenter region to India, including availability zones.

Generally available: On-demand capacity reservation with Azure Site Recovery safeguards VMs failover

Integrating Site Recovery with capacity reservation to reserve compute capacity in the disaster recovery region and use that for failover.

General availability: Azure Bastion native client support

Azure Bastion native client support brings you the ability to connect to target VMs from the command line and log in using your Azure Active Directory credentials.

General availability: On-demand capacity reservations

On-demand capacity reservations let you reserve compute capacity for one or more VM size(s) in an Azure region or availability zone for any length of time.

Generally available: Azure Batch supports Spot Virtual Machines


Azure Batch supports Spot Virtual Machine's in user-subscription mode and is offered at a significantly reduced price compared with dedicated virtual machines.

Public preview: Azure Percept DK March (2203) software update

The Azure Percept March update includes fixes related to security.


Have you tried Hava automated diagrams for AWS, Azure and GCP.  Get back your precious time and sanity and rid yourself of manual drag and drop diagram builders forever.
Hava automatically generates accurate fully interactive cloud infrastructure and security diagrams when connected to your AWS, Azure or GCP accounts. Once diagrams are created, they are kept up to date, hands free. 

When changes are detected, new diagrams are auto-generated and the superseded documentation is moved to a version history. Older diagrams are also interactive, so can be opened and individual resources inspected interactively, just like the live diagrams.
Check it out for free here: