Here's a cloud round up of all things GCP, Azure and AWS for the week ending Friday 1st April 2022
To stay in the loop, make sure you subscribe using the box on the right of this page.
Of course we'd love to keep in touch at the usual places. Come and say hello on:
Source: aws.amazon.com
Amazon ECS announces increased service quota for container instances per cluster
Amazon Elastic Container Service (Amazon ECS) this week increased the default service quota for container instances per cluster. You can now launch up to 5,000 instances per cluster, an increase from 2,000. The limit increase enables customers to scale further and improve manageability of their clusters.
The new limit applies in all regions. The higher limit is reflected in your account automatically and you do not have to take any action. If your account has an approved limit that is higher than the new limit, you will continue to have the higher limit. For more information, please see the ECS service quota documentation.
Sustainability Pillar is now available in AWS Well-Architected Tool
AWS introduced the Sustainability Pillar during re:Invent 2021 to help customers minimize the environmental impacts of running cloud workloads. Today, the Sustainability Pillar is available for customers to use during workload reviews in the AWS Well-Architected Tool, a central place for cloud architecture best practices and guidance. The Sustainability Pillar is designed to help CTOs, architects, developers, and operations team members contribute to an increasing number of sustainability targets set by their organizations.
The practice of sustainability involves understanding the impacts of the services used, quantifying impacts through the entire workload lifecycle, and applying design principles and best practices to reduce these impacts. Review your cloud architecture using the Sustainability Pillar in the AWS Well-Architected Tool to learn and measure energy consumption and the environmental impacts of your cloud workloads. After you have completed a review, the tool provides an improvement plan with direct actions to reduce resource usage and increase efficiency. Review your workloads periodically using the Sustainability Pillar to make informed decisions in balancing security, cost, performance, reliability, and operational excellence with sustainability outcomes for your cloud workloads.
Amazon CloudFront now supports Server Timing headers
Starting this week, you can configure your CloudFront distributions to include Server Timing headers to monitor CloudFront behavior and performance. Server Timing headers provide detailed performance information, such as whether content was served from cache when a request was received, how the request was routed to the CloudFront edge location, and how much time elapsed during each stage of the connection and response process.
Server Timing headers provide additional metadata in the form of HTTP headers in viewer responses and can be inspected or consumed by client-side application code. You can use Server Timing headers to gain more granular insights when troubleshooting CloudFront performance, to inspect CloudFront behavior, and to collect and aggregate metrics across user-requested transactions, such as cache misses, first byte latency, and last byte latency.
AWS Storage Gateway updates support for VMware and Microsoft hypervisors
AWS Storage Gateway adds support for VMware ESXi 7.0 and Microsoft Hyper-V 2022 and 2019 hypervisors, enabling you to deploy your gateway virtual machines on the latest versions of these hypervisors.
AWS Storage Gateway is a hybrid cloud storage service that provides on-premises applications access to virtually unlimited storage in the cloud. You can use AWS Storage Gateway for backing up and archiving data to AWS, providing on-premises file shares backed by cloud storage, and providing on-premises applications low latency access to data in the cloud.
Amazon Redshift launches Concurrency Scaling in the Europe (Stockholm) region
Amazon Redshift Concurrency Scaling is now available in the Europe (Stockholm) region.
Amazon Redshift Concurrency Scaling elastically scales query processing power to provide consistently fast performance for hundreds of concurrent queries. Concurrency Scaling resources are added to your Redshift cluster transparently in seconds, as concurrency increases, to process queries without wait time. Amazon Redshift customers with an active Redshift cluster earn up to one hour of free Concurrency Scaling credits, which is sufficient for the concurrency needs of most customers. Concurrency scaling allows you to specify usage control providing customers with predictability in their month-to-month cost, even during periods of fluctuating analytical demand. Refer to the Amazon Redshift pricing for more details.
The AWS Lambda console now supports bulk update of layers
You can now select all or a subset of the functions that use a Lambda layer, and update them simultaneously to a newer layer version in the Lambda console.
Lambda layers provide a convenient way to package libraries and other dependencies that you can use with your Lambda functions. Using layers reduces the size of uploaded deployment archives and makes it faster to deploy your code. Previously, it was challenging to identify and update all the functions that used a specific layer version. With this release, the Lambda console displays a list of all the functions using a given layer and allows you to select multiple functions to be updated with a newer layer version. This release eliminates the need to update one function at a time or utilize an external script to perform the update on multiple functions.
Amazon EC2 now reduces visibility of public Amazon Machine Images (AMIs) older than two years
Starting this week, all public AMIs will have the deprecation time set to two years after their creation date. This means that public AMIs that are more than two years old will by default be deprecated. Once an AMI is deprecated, it will no longer appear in DescribeImages API calls for users that aren’t the owner of the AMI. Deprecating an AMI only reduces the visibility of the AMI in untargeted searches, but continues to be usable and available to you. Users of a deprecated AMI can continue to launch instances and describe the deprecated AMI using its ID.
Previously all AMIs had the same level of visibility on the AMI catalog regardless of how long ago they were created. By deprecating older AMIs from the catalog, it reduces the likelihood of inadvertently launching instances using old images with possibly outdated software.
EKS add-ons support for EBS CSI driver is now generally available
Amazon Elastic Kubernetes Service (Amazon EKS) now supports using the Amazon EKS console, AWS Command Line Interface (CLI), and EKS API to install and manage the the Amazon Elastic Block Store (EBS) Container Storage Interface (CSI) driver. This launch enables a simple experience for attaching persistent storage to an EKS cluster.
The EBS CSI driver provides a CSI interface used by container orchestrators to manage the lifecycle of Amazon EBS volumes. Since announcing preview, EKS add-ons support now includes Windows compatibility, dynamic snapshotting and resizing of EBS volumes via the Kubernetes API, and backwards compatibility with the in-tree EBS driver. The EBS CSI driver can be installed, managed, and updated directly through the EKS console, CLI, and API. You can see available add-ons and compatible versions in the EKS API, select the version of the add-on you want to run on your cluster, and configure key settings such as the IAM role used by the add-on when it runs. Using EKS add-ons you can go from cluster creation to running applications in a single command and easily keep tooling in your cluster up to date.
Amazon AppStream 2.0 is now available in the AWS Canada (Central) region
You can now deploy Amazon AppStream 2.0 in the AWS Canada (Central) Region. Deploying AppStream 2.0 in your local region provides users with a more responsive experience and helps support your local data residency obligations. With this launch, you can deploy General Purpose, Compute Optimized, Memory Optimized, Graphics Design, Graphics Pro and Graphics G4 instances to meet the needs of your users.
AppStream 2.0 is a fully managed non-persistent desktop and application virtualization service that allows you to stream applications and desktops from AWS to users without acquiring, provisioning, and operating hardware or infrastructure. AppStream 2.0 can help you provide users with secure, instant-on access to the applications they need with a responsive, fluid user experience from anywhere on the device of their choice.
Amazon Pinpoint now supports template tagging and search in the console
This week, Amazon Pinpoint launched the ability to add tags to messaging templates in the template editor. Amazon Pinpoint is an omnichannel marketing and communication service that helps customers engage their users by sending messages through targeted messaging campaigns across email, SMS, push notification, in-app, and social media channels. A tag is a label that customers can define and associate with an AWS resource. Adding a tag to a messaging template lets customers control which users can view, edit, or use specific templates. Tags can be tailored to a customer’s organizational needs, allowing customers to organize templates by areas such as purpose, owner, region, or other criteria. With Amazon Pinpoint’s new template search feature, customers can also use tags to more easily find the template they need.
Using the Amazon Pinpoint console, a customer can add up to 50 tags to each template by simply editing the template. Each tag consists of a required tag key and an optional tag value, both of which the customer defines. Once tags are associated with a template, the relevant tag-based resource-level permissions in a customer’s AWS Identity and Access Management (IAM) policies will automatically apply. Using tags in this way, customers can implement granular controls over which groups and users have permission to view, edit, or use specific templates. For example, you can create a policy that restricts users who can edit a template to only those where their name is a value in the Owner tag.
AWS Firewall Manager now supports Palo Alto Networks Cloud Next Generation Firewalls
AWS Firewall Manager now enables you to centrally deploy and monitor Palo Alto Networks Cloud Next Generation Firewalls (NGFWs) across all AWS virtual private clouds (VPCs) in your AWS organization. With this release, customers will now have a single firewall management solution to deploy and manage both AWS native firewalls and Palo Alto Networks Cloud NGFWs.
You can use Firewall Manager to orchestrate the deployment of Palo Alto Networks Cloud NGFWs and get centralized visibility into non-compliant configurations across accounts in your organization. You can use Firewall Manager to handle the end-to-end set up of Palo Alto Networks Cloud NGFWs across accounts and VPCs. Firewall Manager ensures that Palo Alto Networks Cloud NGFWs are automatically and consistently added to new accounts and VPCs with no manual intervention, reducing any operational heavy-lifting required to monitor new accounts and add firewall protections. You can deploy Palo Alto Networks Cloud NGFWs in either a centralized or a distributed deployment model. Under a centralized deployment model, Firewall Manager will apply the Palo Alto Networks global rulestack configuration on firewall endpoints in an inspection VPC for centralized traffic inspection. Under a distributed deployment model, Firewall Manager will deploy firewall endpoints in all in-scope VPCs for local inspection.
AWS Glue 2.0 now supports fuzzy matching and deduplication using AWS Glue FindMatches
AWS Glue version 2.0 now supports the AWS Glue FindMatches machine learning transform. AWS Glue FindMatches automates the process of identifying partially matching records for use cases including linking customer records, deduplicating product catalogs, and fraud detection. Using Glue 2.0, ETL jobs that perform fuzzy matching using FindMatches start in under a minute and have 1-minute minimum billing.
Use the FindMatches transform to identify and then merge or deduplicate related records in your datasets. For example, it can recognize that records are matches despite spelling and formatting differences like “John Doe” vs. “Jhn Doe”, “JOHN_DOE@ANYCOMPANY.COM” vs. “johndoe@anycompany.com”, or “555-010-0000” vs. “+1-555-010-0000”.
Amazon FSx for NetApp ONTAP now enables you to change the throughput capacity of your file systems
Amazon FSx for NetApp ONTAP now enables you to change the throughput capacity of your file systems with the click of a button, providing you the flexibility to scale up or down to meet your evolving needs over time.
An FSx for ONTAP file system’s throughput capacity determines the level of network I/O performance that is supported by its file servers. Starting today, you can now dynamically adjust your file systems’ throughput capacity for cyclical workloads, for one-time bursts (such as time-sensitive migrations), or to accommodate your workloads’ increasing throughput needs over time.
AWS Security Hub launches 12 controls for security posture monitoring
AWS Security Hub has released 12 new controls for its Foundational Security Best Practice standard (FSBP) to enhance your Cloud Security Posture Management (CSPM). These controls conduct fully automatic checks against security best practices for Amazon Auto Scaling, Amazon CloudFront, AWS CodeBuild, Amazon EC2, Amazon Elastic Container Service (ECS), AWS Lambda, Amazon Network Firewall, Amazon Relational Database Service (Amazon RDS), Amazon Redshift, and Amazon Simple Storage Service (S3). If you have Security Hub set to automatically enable new controls and are already using AWS Foundational Security Best Practices, these controls are enabled by default. Security Hub now supports 187 security controls to automatically check your security posture in AWS.
The 12 FSBP controls that AWS have launched are:
Security Hub is available globally and is designed to give you a comprehensive view of your security posture across your AWS accounts. With Security Hub, you now have a single place that aggregates, organizes, and prioritizes your security alerts, or findings, from multiple AWS services, including Amazon GuardDuty, Amazon Inspector, Amazon Macie, AWS Firewall Manager, AWS Systems Manager Patch Manager, AWS Config, AWS Health, AWS IAM Access Analyzer, as well as from over 60 AWS Partner Network (APN) solutions.
You can also continuously monitor your environment using automated security checks based on standards, such as AWS Foundational Security Best Practices, the CIS AWS Foundations Benchmark, and the Payment Card Industry Data Security Standard. In addition, you can take action on these findings by investigating findings in Amazon Detective or AWS Systems Manager OpsCenter or by sending them to AWS Audit Manager or AWS Chatbot.
You can also use Amazon EventBridge rules to send the findings to ticketing, chat, Security Information and Event Management (SIEM), response and remediation workflows, and incident management tools.
Following the announcement of updates to the PostgreSQL database by the open source community, AWS have updated Amazon Aurora PostgreSQL-Compatible Edition to support PostgreSQL 13.6, 12.10, 11.15, and 10.20. These releases contain bug fixes and improvements by the PostgreSQL community. Refer to the Aurora version policy to help you to decide how often to upgrade and how to plan your upgrade process.
In addition, Babelfish for Aurora PostgreSQL version 1.2.0 has been released for PostgreSQL 13.6, providing improvements in support for GRANT, REVOKE , ROWVERSION , JSON_QUERY and more. Details are listed in the Babelfish 1.2.0 release notes.
Amazon CloudWatch adds option for easy monitoring set up
Now you can easily set up monitoring, alarms and dashboards for many of your resources and workloads automatically in CloudWatch. The new one-click option on the CloudWatch Getting Started page provides AWS customers a convenient means to launch CloudWatch Application Insights. Once launched, Application Insights will discover the underlying resources in your account or Resource Group and set up the recommended metrics, logs and alarms to monitor their health.
To get started, go to the CloudWatch console. If you haven’t set up any alarms or applications yet, then just below the Get started with CloudWatch cards you will find a new section, Get started with Application Insights. When you click on the Configure Application Insights button, the service will set up monitoring and create a widget in the Home Page along with dashboards that display alerts and problems. If you have already set up alarms, then you will the alarms as you normally would.
You can now centrally close member accounts in your AWS Organizations through the console and programmatically via the AWS Command Line Interface (CLI) and SDK. This feature makes it easier and more efficient for you to manage your Amazon Web Services workloads by enabling you to close member accounts from your organization’s management account without needing to login to each member account individually. You can also use IAM permissions to authorize IAM roles or users in your management account to securely perform account closures while protecting mission-critical accounts in your infrastructure.
AWS Organizations helps you centrally manage and govern your environment as you grow and scale your AWS resources. Using AWS Organizations, you can programmatically create new accounts, close decommissioned accounts and allocate resources, simplify billing by setting up a single payment method for all of your accounts, create groups of accounts to organize your workflows, and apply policies to these groups for governance. In addition, AWS Organizations is integrated with other AWS services so you can define central configurations, security mechanisms, and resource sharing across accounts in your organization.
Amazon EC2 now performs automatic recovery of instances by default
This week, Amazon EC2 announced automatic recovery by default, a new feature that makes it even easier for customers to recover their instance when it becomes unreachable. Automatic recovery improves instance availability by recovering the instance if it becomes impaired due to an underlying hardware issue. Automatic recovery migrates the instance to another hardware during an instance reboot while retaining its instance ID, private IP addresses, Elastic IP addresses, and all instance metadata.
The new feature further simplifies the configuration process for automatic recovery as supported instance types are configured to recover by default. Customers can choose to disable automatic recovery for their instance.
Amazon Textract announces updates to its tables and checkbox detection features
Amazon Textract is a machine learning service that makes it easy to extract text and data from virtually any document. AWS continuously improve the underlying machine learning models based on customer feedback to provide even better accuracy. This week, AWS were pleased to announce a few quality enhancements to both Tables and checkbox detection features.
The latest Tables models supports detecting merged cells and identifying column headers. Specifically, you can now detect merged cells on a document processed using the AnalyzeDocument-Tables feature through the "Type": "MERGED_CELL" and also identify cells that make up the column header through the "EntityTypes": ["COLUMN_HEADER"] identifier. In addition, we are pleased to announce quality enhancements to our Tables feature. Starting today, Textract more accurately detects outer table boundaries, row and column boundaries and table content. Customers can now expect higher accuracy with lower postprocessing on extracting tables within a wide variety of document types, including those found in lending, insurance, financial services, legal, healthcare, energy and the public sector.
Amazon EMR Managed Scaling is now Spark shuffle data aware
Amazon EMR Managed Scaling automatically resizes EMR clusters for best performance and resource utilization. This week, AWS were excited to announce a new capability in Managed Scaling that prevents it from scaling down instances that store intermediate shuffle data for Apache Spark. Intelligently scaling down clusters without removing the instances that store intermediate shuffle data prevents job re-attempts and re-computations, which leads to better performance, and lower cost.
With EMR Managed Scaling you specify the minimum and maximum compute limits for your clusters. EMR Managed Scaling can be used with Amazon EC2 Spot Instances, that let you take advantage of unused EC2 capacity for up to 90% discount from on-demand prices. EMR Managed Scaling continuously samples key metrics associated with the workloads running on clusters and resizes clusters based on workload and utilization. These metrics now include monitoring instances that have intermediate shuffle data for Apache Spark.
This capability is supported on Amazon EMR release version 5.34 and 6.4.0 and later. No further action is needed from your end. This feature is available across 20 AWS regions globally: US East (N. Virginia and Ohio), US West (Oregon and N. California), South America (São Paulo), Europe (Frankfurt, Ireland, London, Milan, Paris, and Stockholm), Canada (Central), Asia Pacific (Hong Kong, Mumbai, Seoul, Singapore, Sydney, and Tokyo), Middle East (Bahrain), and Africa (Cape Town).
Amazon Aurora PostgreSQL supports Foreign Data Wrapper for Microsoft SQL Server and Sybase databases
Amazon Aurora PostgreSQL-Compatible Edition now supports a foreign data wrapper that can connect to databases that use the Tabular Data Stream (TDS) protocol, such as Sybase databases and Microsoft SQL server. You can use this foreign data wrapper to connect to data sources in other databases eliminating the need to replicate or copy data.
Managed entitlements in AWS License Manager now supports license usage for AWS Marketplace licenses
AWS License Manager announces support for license usage tracking for customers granting entitlements from AWS Marketplace. This feature allows AWS Marketplace to track and meter license usage across AMI and metered SaaS products.
AWS Marketplace customers can now track their license usage in the AWS License Manager console and via Amazon CloudWatch metrics. Additionally, administrators can track usage metrics across the licenses they have granted to other AWS accounts in their organization.
Managed entitlements consists of two distinct experiences including Seller issued licenses and Granted licenses. Seller issued licenses allow Independent Software Vendors (ISV) and AWS Marketplace to create and distribute licenses to their end customers. Customers, upon receipt of a license, can use Granted licenses to more easily distribute entitlements access to their AWS accounts or organization. Using Granted licenses, AWS Marketplace customers can now track and monitor their license usage where available. License usage metrics are available via AWS License Manager console and Amazon CloudWatch.
Contact Lens for Amazon Connect now supports real-time streaming that helps businesses access Contact Lens analytics in real-time, eliminating the need to constantly make requests from existing Contact Lens API with rate limitations. The real-time streaming also offers additional data segments that consist of sentence-by-sentence transcripts for low latency requirements.
Businesses can now subscribe to four event types (started, segments, completed, failed) through real-time data streams to access the enriched analytics of Contact Lens in real-time. Additionally, the real-time data streams provides access to a new data segment called utterance that allows businesses to access partial transcripts, enabling businesses meet their low latency requirements to assist agents on live calls.
Amazon EventBridge Schema Registry extends support to Go language
Amazon EventBridge schema registry now supports Go language for generating code bindings for event schemas, making it easier to use your schema as objects in your code. You can generate these code bindings for a schema by using the EventBridge console, APIs, or AWS SDK toolkits for Jetbrains (Intellij, PyCharm, Webstorm, Rider) and VS Code. Previously, we have supported Java, Python, and Typescript for generating code bindings. With support for Go, you can download code bindings in your preferred IDE to take advantage of features like code validation and auto-completion.
Amazon EventBridge schema registry is a central registry for storing your schemas - or event structure - for all events published on your event bus. You can add schema to the registry yourself or turn on the Schema Discovery feature to automatically add all schema sent to an event bus to the registry. Any developer in your organization can easily search for and access events in the registry. Once you have a schema, you can download code bindings.
The EventBridge schema registry is available at no additional cost and customers only pay for schema discovery. The schema discovery feature has a free tier of 5 million ingested events per month, and a fee of $0.10 per million ingested events outside of the free tier. All ingested events are measured in 8KB chunks. For more info on pricing, please see the EventBridge pricing page.
Amazon Schema Registry support for Go language is available in the following regions: US East (Ohio and N. Virginia), US West (Oregon and N. California), Canada (Central), Europe (Stockholm, Paris, Ireland, Frankfurt, and London), Asia Pacific (Mumbai, Tokyo, Seoul, Singapore, Hong Kong, and Sydney), and South America (Sao Paulo).
Starting this week, the Amazon Relational Database Service (Amazon RDS) free tier will include db.t3.micro and AWS Graviton2- based db.t4g.micro instances in all commercial regions. This provides you with more options in addition to the db.t2.micro instance in the current AWS Free Tier for new AWS customers.
Customers new to AWS in the past 12 months and who were in regions where db.t2.micro was not available can now create free tier db.t3.micro or db.t4g.micro instances for the remainder of their first 12 months. In addition, the latest generation of db.t3.micro and db.t4g.micro instances offers two vCPUs compared to one vCPU in db.t2.micro instances. With this announcement, new AWS customers can now gain hands-on experience with Amazon RDS using their choice of db.t2.micro, db.t3.micro, or db.t4g.micro instances for up to 750 hours monthly for 12 months. The Amazon RDS Free Tier includes 20 GB of General Purpose (SSD) Database Storage and 20 GB of storage for automated database backups and any user-initiated database Snapshots
Anthos Clusters on Bare Metal
Anthos clusters on bare metal 1.11.0 is now available for download. To upgrade, see Upgrade Anthos on bare metal. Anthos clusters on bare metal 1.11.0 runs on Kubernetes 1.22.
Containerd is the default runtime in Anthos clusters on bare metal. Support for Docker as a container runtime on Kubernetes nodes will be removed from Anthos clusters on bare metal starting with version 1.13.0. If you use a node image based on Docker container runtime, please migrate your workloads to a Containerd node image as soon as possible. For more details, see Containerd node images.
The structure of the Anthos clusters on bare metal documentation is substantially different from previous versions. For details, see New documentation structure.
Kubernetes 1.22 has deprecated certain APIs, and a list of these deprecated APIs can be found in Kubernetes 1.22 deprecated APIs. In their manifests and API clients, customers need to replace references to the deprecated APIs with references to the newer API calls. For more information, see Deprecated API Migration Guide.
On January 31, 2022, CentOS 8 reached its end of life (EOL). As a result of the EOL, yam repositories stopped working for CentOS, which causes cluster creation and cluster upgrade operations to fail. For a workaround and more information, see Cluster creation or upgrades fail on CentOS.
Anthos Servicemesh
1.13.1-asm.1 is now available.
Anthos Service Mesh 1.13 includes the features of Istio 1.13 subject to the list of Anthos Service Mesh supported features.
Managed Anthos Service Mesh isn't rolling out to the rapid release channel at this time. You can periodically check this page for the announcement of the rollout of Managed Anthos Service Mesh to the rapid channel. See Select a managed Anthos Service Mesh release channel for more information.
Anthos Service Mesh now supports GKE on GCP and On-premise combined in a hybrid mesh as a public preview feature. See Install Anthos Service Mesh and Set up a multi-cluster mesh for more information.
Anthos Service Mesh now supports GKE on GCP and Amazon EKS combined in a multi-cloud mesh as a public preview feature. See Install Anthos Service Mesh and Set up a multi-cluster mesh for more information.
Apigee X
On March 29, 2022, GCP released an updated version of Apigee X (1-7-0-apigee-28).
Artifact Registry
Artifact Registry support for attaching tags to repositories is now in Preview. Tags are key-value pairs that you can use to group repositories and other resources across Google Cloud for reporting, auditing, and access control within your Google Cloud organization.. To learn more, see Tagging repositories.
BigQuery
The international public dataset for Data Signals for Google Search Trends is now available in Preview and available in the Google Cloud Marketplace and Analytics Hub.
ML - The Wide-and-Deep model is now generally available (GA). For more information, see the Wide-and-Deep sections in the end-to-end user journey page.
Cloud Asset Inventory
The following resource types are now publicly available through the Export APIs (ExportAssets
and BatchGetAssetsHistory
) and the Feed API:
dataplex.googleapis.com/Lake
dataplex.googleapis.com/Task
dataplex.googleapis.com/Zone
dataplex.googleapis.com/Asset
Cloud BigTable
Cloud Bigtable support for Cloud EKM is generally available (GA). You can now choose an externally managed key when you protect your data using customer managed encryption keys (CMEK). Cloud EKM includes Key Access Justification, which lets you view the reason for each Cloud EKM request.
Cloud Composer
Cloud Composer 1.18.4 and 2.0.8 release started on March 28, 2022. Get ready for upcoming changes and features as we roll out the new release to all regions. This release is in progress at the moment. Listed changes and features might not be available in some regions yet.
If the /dags
, /data
, /logs
, or /plugins
folder is deleted in an environment's bucket, Cloud Composer re-creates this folder.
New version aliases for Cloud Composer images. Now you can specify the latest version of Airflow 2 with composer-2-airflow-2
and composer-1-airflow-2
aliases. The new composer-1-airflow-1
alias points to the latest version of Airflow 1.
(Cloud Composer 2) Increased the safe interval for tasks executed during maintenance windows. Tasks that take less than 55 minutes to execute are not impacted by maintenance operations.
The description of Composer Compute CPU SKUs was changed from "CPU" to "mCPU", to simplify the invoice interpretation. There are no changes in the actual Cloud Composer pricing model.
Improved the validation of custom IP ranges that are specified when an environment is created. The validation is more extensive and redundant error messages were removed.
(Cloud Composer 2) Fixed a problem when an unhealthy web server is not restarted.
(Cloud Composer 1) In-cluster builds for PyPI package installations no longer fail when the constraints/compute.requireShieldedVm
policy is turned on.
(New Cloud Composer 1 environments) The minimum disk size for environment nodes is changed from 20 GB to 30 GB.
(Cloud Composer 1) Fixed problems with upgrading to Cloud Composer 1.18.* from earlier versions of Cloud Composer.
Fixed a problem with "Environment health" and "Worker Pod eviction" metrics occasionally not reporting new time-series points.
Cloud Composer 1.18.4 and 2.0.8 images are available:
Cloud Composer 1.15.1 has reached its end of full support period.
Cloud Key Management Service
Two new organization policy constraints are now available in Preview to help ensure CMEK usage across an organization:
constraints/gcp.restrictNonCmekServices
requires CMEK protection.constraints/gcp.restrictCmekCryptoKeyProjects
limits which Cloud KMS keys are used for CMEK protection.To learn more, see CMEK organization policies.
Cloud EKM now supports Cloud Bigtable and Log Storage in Cloud Logging. For more information, see Cloud External Key Manager.
Cloud Logging
Cloud Logging now supports organization policies that can enforce CMEK protection. For information, see CMEK organization policies.
Cloud Monitoring
User-defined labels are now included in PagerDuty, Pub/Sub, Webhooks, and email notifications, and you can also view these labels on the details pages of alerting policies and incidents. To learn how you can create user-defined labels that contain severity information and attach those labels to alerting policies or incidents, see Add severity levels to an alerting policy.
Cloud Run
Cloud Run reports a new Cloud Monitoring metric: Container Startup Latency, measuring the startup time of container instances.
Cloud Spanner
All instances with a compute capacity of at least one node (1,000 processing units) now have a data storage allotment of 4 TB per node, an increase from 2 TB per node. Relatedly, instances smaller than one node now have a data storage allotment of 409.6 GB for every 100 processing units.
Cloud Storage
Customer-managed encryption key (CMEK) organization policy constraints are now available in Preview. * constraints/gcp.restrictNonCmekServices
allows you to control which resources require the use of CMEK. * constraints/gcp.restrictCmekCryptoKeyProjects
allows you to control the projects from which a KMS key can be used to validate requests. * You can use both constraints together to enforce the use of CMEK from allowed projects.
Dataplex
Document AI
New & Updated processors available
The following Lending DocAI processors are now available for trusted testers. Access to the trusted testers program is limited and granted on a case by case basis. If you would like to be considered please fill out the DocAI Processor Access Request Form:
New Experimental processors to support new document types:
Updated Experimental processors:
Deep Learning VM Images
Eventarc
Support for creating an Eventarc trigger for a Workflows destination on the Eventarc page in the Cloud Console is now available in Preview.
GKE
The following versions are now available in the Stable channel:
Google Distributed Cloud Edge
This is the General Availability release of Google Distributed Cloud Edge (version 1.0.0).
For information about the latest known issues, see Known issues in this release of Distributed Cloud Edge.
Google Cloud VMware Engine
Added ability to set the number of cores available per node in a cluster to meet your application-specific requirements during cluster creation. When you use a custom core count, any future expansions or maintenance of that cluster will also use the custom core count.
The public IP service now supports the ICMP protocol, and default firewall rules for new projects expand the previous outbound rule to allow outbound TCP, UDP, and ICMP any.
Users with Google Cloud projects created before March 8, 2022 must contact Cloud Customer Care to enable the allow-icmp-to-internet
firewall rule.
Identity and Access Management
IAM Conditions now provides resource attributes for Apigee X. You can use these resource attributes to grant access to a subset of your Apigee X resources.
Memorystore for Memcached
Maintenance Windows are now Generally Available for Memorystore for Memcached.
Migrate for Anthos and GKE
Splitting IIS sites into individual containers
Previously to break down N discovered IIS sites into individual containers, you had to manually edit the migration plan to include one site at a time and generate containers artifacts N times. This new feature enables automatic breakdown of N discovered sites into N individual containers in one iteration through a parameter on the migration plan. For more information, see Split a single VM into multiple containers.
Replatform Tomcat applications to containers enhancements
The Tomcat application replatforming flow now enables you to manually specify a Tomcat server installation directory before the migration. This allows you to override the related automatic discovery in cases where you know and would like to provide an exact location. For more information see, Adding a target project.
Building and deploying containers with Skaffold
Skaffold yamls generated as part of the migration artifacts for Tomcat, WebSphere and Linux system container flows now help you to accelerate container image builds and deployments to GKE and Anthos clusters
Migrate for Compute Engine v5.0 as a migration support
Currently, Migrate for GKE and Anthos uses Migrate for Compute Engine 4.X to enable workload migration from VMWare on-premise, AWS EC2, and Azure VM environments to GCP. To simplify setup and elevate the operator experience migrating from inventories in these environments, we now offer using the new Migrate for Compute Engine v5.X managed service. This new integration is now in public preview. For more information, see Enabling Google services and configuring service accounts.
In-place migration on Anthos Bare Metal Clusters
Support has been added for implementing Anthos clusters on Bare Metal as processing clusters to perform migrations for on-premise workloads. This public preview offering will serve customers who would like to deploy on-premises workloads on Anthos Bare Metal clusters allowing the migration to containers to take place on-premise as well. For more information see, Configuring a processing cluster on Anthos on Bare Metal.
Replatform Websphere applications to containers
Version 1.11 introduces a new public offering for replatforming VMs based on WebSphere applications into containers using tWAS (traditional WebSphere Server) container image or Open Liberty community images. Migrate for Anthos and GKE now enables: * Detecting VMs that host WebSphere servers * Discovering WebSphere applications using the IBM binary scanner tool * Splitting the applications into individual containers to increase agility in deployment and operation management * Generating docker file, deployment spec and other artifacts that support deployment to Google modern application platforms and Day2 operations.
Storage Transfer Service
Creating and managing data transfers with the gcloud command-line tool is now generally available (GA).
You can use gcloud
commands to perform agent installation, manage agent pool lifecycles, and orchestrate transfer jobs. This launch simplifies writing scripts to automate transfer workflow.
The GA launch adds support for transfers between file systems, metadata preservation, and manifests. It also introduces the gcloud transfer authorize
command to inspect and grant required permissions for transfers.
Workflows
Support for creating an Eventarc trigger on the Workflows page in the Cloud Console is now available in Preview.
Workflows is now available in the following regions:
asia-east1
(Changhua County, Taiwan)asia-northeast1
(Tokyo, Japan)asia-south1
(Mumbai, India)australia-southeast1
(Sydney, Australia)northamerica-northeast1
(Montréal, Québec)us-west1
(The Dalles, Oregon)
Microsoft Azure Releases And Updates
Source: azure.microsoft.com
Azure Batch offers simplified, efficient node communication within the Batch pool and Azure resources (storage, AppPackage storage accounts, output files, and other resources).
Manage the lifecycle and guest OS operations of VMware vSphere VMs through Azure Arc by connecting your VMware vCenter servers (on-premises or on Azure VMware Solution) to Azure.
Azure Stream Analytics is a fully managed, real-time analytics service designed to help you analyze and process fast moving streams of data.
Bring your own public IP ranges to Azure to retain existing reputation or to prevent your customers from needing to modify dependencies (e.g. firewalls or other hardcoding) on their network.
Azure Data Explorer launches support for Azure Active Directory Conditional Access.
Public preview enhancements and updates released for Azure SQL in late March 2022.
Leverage Azure PowerShell module (Az.DataMigration) or Azure CLI commands (az datamigration) for recommendations and migrate SQL Server databases using Azure Database Migration Service with Azure SQL Migration extensions for ADS.
Azure Database for PostgreSQL – Hyperscale (Citus), a managed service running the open-source Postgres database on Azure is now compliant with FedRAMP High.
The Azure Cosmos DB partition key advisor notebook helps recommend an optimal partition key based on information you provide about your workload traffic patterns and queries.
The Always Encrypted feature brings client-side encryption capabilities to Azure Cosmos DB and allows you to put an extra level of protection on your sensitive data.
Streamline your Cognitive Search operations with debug sessions for building, testing, and modifying skillsets.
Edge Device Image Builder assists device builders and OEMs by providing a guided experience to build secure and customized Windows IoT Enterprise LTSC 2021 device images.
Cross-region snapshot copy allows you to copy disk snapshots to any region for disaster recovery.
Azure Ultra Disk Storage provides high-performance along with sub-millisecond latency for your most-demanding workloads.
Azure Functions support for Node.js 16.x is now generally available in Azure Functions runtime 4.0 on all hosting plans.
Calico Network Policy for Windows node pools in AKS is now generally available.
You can now use reserved capacity with AKS via the capacity reservation feature.
You can now use Azure Dedicated Hosts with the Azure Kubernetes Service (AKS)
AKS now minimizes unexpected disruptions by handling maintenance events and offloading applications via auto-drain node feature.
TARGET RETIREMENT DATE: AUGUST 31, 2024
Migrate your classic storage accounts to Azure Resource Manager by 31 August 2024.
TARGET RETIREMENT DATE: AUGUST 31, 2023
Move to GPU accelerated virtual machines by 31 August 2023.
TARGET RETIREMENT DATE: AUGUST 31, 2023
Transition to new HPC virtual machines by 31 August 2023.
TARGET RETIREMENT DATE: AUGUST 31, 2023
Move to GPU accelerated virtual machines by 31 August 2023.
TARGET RETIREMENT DATE: AUGUST 31, 2023
Transition to new HPC virtual machines by 31 August 2023.
TARGET RETIREMENT DATE: AUGUST 31, 2023
Transition to new HPC virtual machines by 31 August 2023
TARGET RETIREMENT DATE: AUGUST 31, 2023
Transition to new HPC virtual machines by 31 August 2023.
TARGET RETIREMENT DATE: AUGUST 31, 2023
Transition to new HPC virtual machines by 31 August 2023.
TARGET RETIREMENT DATE: AUGUST 31, 2023
Transition to new HPC virtual machines by 31 August 2023.
Access time tracking for objects and lifecycle management policies based on last accessed time in Azure Data Lake Storage Gen2.
Azure Front Door is a modern cloud CDN that enables you to accelerate the delivery of applications, APIs, and content on Azure or anywhere at scale.
TARGET RETIREMENT DATE: AUGUST 31, 2024
Migrate to App Service Environment version 3 by 31 August 2024.
TARGET RETIREMENT DATE: SEPTEMBER 30, 2022
Migrate to MedTech service feature which provides stronger security and supportability.
You can now use Data Box to copy data directly to Archive tier by indicating this when ordering and then copying to the corresponding share on the Data Box.
Microsoft has announced plans to bring a new datacenter region to India, including availability zones.
Integrating Site Recovery with capacity reservation to reserve compute capacity in the disaster recovery region and use that for failover.
Azure Bastion native client support brings you the ability to connect to target VMs from the command line and log in using your Azure Active Directory credentials.
On-demand capacity reservations let you reserve compute capacity for one or more VM size(s) in an Azure region or availability zone for any length of time.
TARGET AVAILABILITY: Q1 2022
Azure Batch supports Spot Virtual Machine's in user-subscription mode and is offered at a significantly reduced price compared with dedicated virtual machines.
The Azure Percept March update includes fixes related to security.
Have you tried Hava automated diagrams for AWS, Azure and GCP. Get back your precious time and sanity and rid yourself of manual drag and drop diagram builders forever.
Hava automatically generates accurate fully interactive cloud infrastructure and security diagrams when connected to your AWS, Azure or GCP accounts. Once diagrams are created, they are kept up to date, hands free.
When changes are detected, new diagrams are auto-generated and the superseded documentation is moved to a version history. Older diagrams are also interactive, so can be opened and individual resources inspected interactively, just like the live diagrams.
Check it out for free here: