In Cloud Computing This Week [Apr 22nd 2022]

Amazon Aurora Serverless v2, the next version of Aurora Serverless, is now generally available. Aurora Serverless v2 scales instantly to support even the most demanding applications, delivering up to 90% cost savings compared to provisioning for peak capacity.

Aurora Serverless is an on-demand, automatic scaling configuration for Amazon Aurora. Aurora Serverless v2 scales database workloads to hundreds of thousands of transactions in a fraction of a second. It adjusts capacity in fine-grained increments to provide just the right amount of database resources for an application’s needs. You don’t need to manage database capacity, and you pay for only the resources consumed by your application.

Aurora Serverless v2 provides the full breadth of Amazon Aurora capabilities, including Multi-AZ support, Global Database, and read replicas. Amazon Aurora Serverless v2 is ideal for a broad set of applications. For example, enterprises that have hundreds of thousands of applications, or software as a service (SaaS) vendors that have multi-tenant environments with hundreds or thousands of databases, can use Aurora Serverless v2 to manage database capacity across the entire fleet.

Sensitive data detection and processing in AWS Glue is now generally available. This feature uses pattern matching and machine learning to automatically detect Personal Identifiable Information (PII) and other sensitive data at both the column and cell levels during an AWS Glue job run. AWS Glue includes options to log the type of PII and its location as well as to take action on it.

Sensitive data detection in AWS Glue identifies a variety of PII and other sensitive data like credit card numbers. It helps customers take action, such as tracking it for audit purposes or redacting the sensitive information before writing records into a data lake. AWS Glue Studio’s visual, no-code interface lets users include Sensitive Data Detection as a step in a data integration job. It lets customers choose the type of personal information to detect as well as specify follow-on actions including redaction and logging. Customers can also define their own custom detection patterns for their unique needs.

Amazon QuickSight now supports 1-click public embedding, a feature that allows you to embed your dashboards into public applications, wikis, and portals without any coding or development. Once enabled, anyone on the internet can start accessing these embedded dashboards with to up-to-date information instantly, without server deployments or infrastructure licensing needed! 1-click public embedding helps you empower your end users with access to insights in seconds. To access this feature in preview please contact quicksight-public-embedding-preview@amazon.com.

1-click public embedding is available in Amazon QuickSight Enterprise Edition, in the following AWS Regions - US East (Virginia), US West (Oregon), Canada (Central), Asia Pacific (Mumbai), Asia Pacific (Seoul), Asia Pacific (Sydney), Asia Pacific (Tokyo), Europe (Frankfurt), Europe (Ireland) and Europe (London).

Amazon MQ now provides support for ActiveMQ 5.16.4. This update to ActiveMQ contains several fixes and enhancements compared to the previously supported version, ActiveMQ 5.16.3

Amazon MQ is a managed message broker service for Apache ActiveMQ and RabbitMQ that makes it easier to set up and operate message brokers on AWS. Amazon MQ customers can reduce their operational burden by using Amazon MQ to manage the provisioning, setup, and maintenance of message brokers. Because Amazon MQ connects to your current applications with industry-standard APIs and protocols, you can more easily migrate to AWS without having to rewrite code.

AWS encourage you to consider upgrading to ActiveMQ 5.16.4 with just a few clicks in the AWS Management Console. Because this is the a minor update, your broker will will be automatically upgraded if you have enabled automatic minor version upgrade. To learn more about upgrading, please see: Managing Amazon MQ for ActiveMQ engine versions in the Amazon MQ Developer Guide.

Amazon Kendra is an intelligent search service powered by machine learning, enabling organizations to provide relevant information to customers and employees, when they need it. Starting this week, AWS customers can use the Amazon Kendra Box connector to index and search documents from Box.

Critical information can be scattered across multiple data sources in an enterprise, including internal and external websites. Amazon Kendra customers can now use the Kendra Box connector to index documents stored in Box (HTML, PDF, MS Word, MS PowerPoint, and Plain Text) and search for information across this content using Kendra Intelligent Search.

The Amazon Kendra Box connector is available in all AWS regions where Amazon Kendra is available. 

You can now schedule live content into a linear channel created using Channel Assembly with AWS Elemental MediaTailor. You could already re-use transcoded and packaged HLS and DASH streams from your existing video on demand (VOD) catalogs and now you can use live streams from an origin such as AWS Elemental MediaPackage as scheduled sources for a linear channel.

For VOD only channels, you can create a basic channel which is priced at the same existing Channel Assembly rates. When using VOD content and live sources, you need to create a standard channel configuration which has a higher per hour cost. Visit the MediaTailor pricing page for more details on basic and standard channel costs.

Using Channel Assembly with AWS Elemental MediaTailor, you can create linear channels that are delivered over-the-top (OTT) in a cost-efficient way, even for channels with low viewership. Virtual linear streams are created with a low running cost by using existing multi-bitrate encoded and packaged content which now can be either VOD or Live. You can also monetize Channel Assembly linear streams by inserting ad breaks in your programs without having to condition the content with SCTE-35 markers for VOD or Live sources, as the SCTE-35 ad break information is simply passed through.

You can now try Amazon Neptune for free with a 1-month free trial. First-time Neptune customers can get started with Neptune for free for 30 days, using up to 750 hours of the T3.medium instance, 10 million I/O requests, 1 GB of storage, and 1 GB of backup storage.

Amazon Neptune is a fast, reliable, and fully managed graph database service that helps customers build applications for fraud detection, identity resolution, knowledge management, and security posture assessment using highly connected datasets. With this free trial, you can use all the features that a T3.medium instance supports such as: multi-AZ deployments with up to 15 read replicas; high-throughput, low-latency queries in Gremlin, SPARQL, and openCypher; automated backups; database snapshots; CloudWatch monitoring, and more.

Amazon Elastic Kubernetes Service (Amazon EKS) now supports using the Amazon EKS console, AWS Command Line Interface (CLI), and EKS API to install and manage the AWS Distro for OpenTelemetry (ADOT) Operator. This launch enables a simplified experience for instrumenting your applications running on Amazon EKS to send metrics and traces to multiple monitoring services including AWS X-Ray, Amazon Managed Service for Prometheus, and Amazon CloudWatch. 

ADOT is designed as a secure, production-ready, AWS-supported distribution of the OpenTelemetry project, which provides open source APIs, libraries, and agents to collect distributed traces and metrics for application and cluster infrastructure monitoring. The ADOT Operator is an implementation of the Kubernetes Operator. The ADOT Operator manages collection agents that receive, process, and export telemetry data in multiple data formats to open source and vendor-service backends. With this launch, the ADOT Operator can now be installed, managed, and updated directly through the EKS Console, AWS CLI and EKS API. You can see available add-ons and compatible versions in the EKS API, select the version of the add-on you want to run on your cluster, and configure key settings such as the IAM role used by the add-on when it runs. Using EKS add-ons you can go from cluster creation to running applications in a single command and easily keep tooling in your cluster up to date.

AWS Glue Studio Job Notebooks are now generally available, providing interactive, notebook-based job authoring in AWS Glue. They help simplify the process of developing data integration jobs. Job Notebooks also provide a serverless, built-in interface for AWS Glue Interactive Sessions, another new feature that allows customers to run interactive Apache Spark workloads on demand.

AWS Glue Studio Job Notebooks need minimal setup so developers can get started quickly, and feature one-click conversion of notebooks into AWS Glue data integration jobs. They also support live data integration directly from the notebook, fast startup times, and built-in cost management.

AWS Glue Interactive Sessions are now generally available. They provide a new interface into AWS Glue's highly scalable Serverless Spark environment. They support interactive data integration job development, data exploration, and on-demand distributed data processing for customers' own applications.

AWS Glue is a serverless data integration service for both data engineers and data analysts. Interactive Sessions let them process data interactively using the Jupyter-based notebook or IDE of their choice. Sessions start in seconds and have built-in cost management, as well as the option to use either Glue version 2.0 or 3.0. As with AWS Glue jobs, customers pay for only the resources they use.

This week, AWS are excited to announce general availability of Amazon SageMaker Serverless Inference in all AWS Regions where SageMaker is generally available (except the AWS China regions). With SageMaker Serverless Inference, you can quickly deploy machine learning (ML) models for inference without having to configure or manage the underlying infrastructure. When deploying your ML models, simply select the serverless option and Amazon SageMaker automatically provisions, scales, and turns off compute capacity based on the volume of inference requests. With SageMaker Serverless Inference, you pay only for the compute capacity used to process inference requests (billed by the millisecond) and the amount of data processed; you do not pay for idle time. SageMaker Serverless Inference is ideal for applications with intermittent or unpredictable traffic.

Since the preview launch at re:Invent 2021, we have added support for Amazon SageMaker Python SDK, which offers abstractions to simplify model deployment, and support for Model Registry, which allows you to integrate your serverless inference endpoints with your MLOps workflow. AWS have also increased maximum concurrent invocations per endpoint limit to 200 (from 50 during preview), allowing you to use SageMaker Serverless Inference for high-traffic workloads.

Three new managed data identifiers have been added to Amazon Macie to expand its capabilities for discovering and identifying the locations of HTTP Basic Authentication Headers, HTTP Cookies, and JSON Web Tokens present in Amazon Simple Storage Service (Amazon S3). Knowing if and where these types of data are present in your S3 storage helps you to better plan the data security, governance, and privacy needs of your organization.

Amazon Macie also enhanced its existing managed data identifiers for identifying Passports, Mailing Addresses, and US Social Security Numbers (SSNs). This enhancement expands keyword support for discovering occurrences of SSNs and Passports, and the Macie pattern identification system now detects SSNs across a wider array of formats and delimiters. Additionally, the Amazon Macie machine learning models have been updated to improve accuracy in discovering mailing addresses in S3 objects. The updated models use additional checks to validate city names, ZIP codes, and Postal Codes to produce more accurate results. 

This week, AWS announced the general availability of AWS Amplify Studio Figma-to-React code capabilities, giving frontend developers a faster workflow for building full-stack apps. These new capabilities add to existing Amplify Studio backend creation and management capabilities, helping developers accelerate UI development. Typically, there is a lot of back and forth between frontend developers and designers, which can lead to suboptimal end-user experiences because of compromises made to ship on time. With Amplify Studio, developing UI as per design is as easy as “import from Figma, export to code, and extend code with custom logic.”

Amplify Studio uses Figma designs to automatically generate pixel-perfect React components that can be wired to your backend in a few clicks. Figma-to-React capabilities were launched in preview at re:Invent 2021, and new features have since been added to include interactivity, an enhanced experience to modify child UI element in code, and new theming capabilities.

This week AWS announced the general availability of 10 new data source connectors for Amazon Athena. With Athena, you can query data stored in relational, non-relational, object, and custom data sources without the need for ETL scripts to pre-process or copy data. This release expands the number of data sources you can query with Athena and helps analysts, data engineers, data scientists, and developers unlock business value from data stored in databases running on-premises or in the cloud.

You can now use Athena to query and surface insights from: SAP HANA (Express Edition), Teradata, Cloudera, Hortonworks, Snowflake, Microsoft SQL Server, Oracle, Azure Data Lake Storage (ADLS) Gen2, Azure Synapse, and Google BigQuery. For a complete list of supported data sources, see Using Athena Data Source Connectors.

With Athena, you can use your SQL knowledge to support a wide range of analytics use cases: you can run interactive queries on data stored in multiple systems of record, create unified datasets to enable self-service business intelligence, prepare input features for use in machine learning model training, build analytics solutions on top of on-premises data, and more. 

Amazon Textract is a machine learning service that automatically extracts text, handwriting, and data from any document or image. Textract now provides you the flexibility to specify the data you need to extract from documents using the new Queries features within Analyze Document API. You do not need to know the structure of the data in the document (table, form, implied field, nested data) or worry about variations across document versions and formats. Queries leverages a combination of visual, spatial, and language cues to extract the information you seek with high accuracy.

Traditional OCR solutions struggle to extract data accurately from most unstructured and semi-structured documents because of significant variations in how the data is laid out across multiple versions and formats of these documents. You need to implement custom post processing code or manually review the information extracted from these documents . You also need to parse through the entire OCR output to extract the information you need for your business processes. With Queries, you will be able to specify the information you need in the form of natural language questions (e.g., “What is the customer name”) and receive the exact information (e.g., ”John Doe”) as part of the API response. Queries also lets you assign an alias to each question, making it easy to integrate the output with your downstream systems. Additionally, Queries is pre-trained on a large variety of unstructured, semi-structured, and structured documents. Some example include paystubs, bank statements, W-2s, loan application forms, mortgage notes, vaccine and insurance cards.

This week, AWS announced that Amplify Geo for Android is now generally available, following the release of Amplify Geo for JavaScript and iOS. Amplify Geo for Android allows developers to add cloud-connected UI components for maps and location search to Android apps. In addition to AWS Amplify’s features like Auth, DataStore, and Storage, Amplify Geo provides a set of client libraries built on top of Amazon Location Service APIs, and includes cloud-connected map UI components that are based on the popular MapLibre open-source library.

With this release, developers can add location features like searching for points of interests (POIs), addresses, or coordinates, and display this data as customizable markers on a map or as a list. Amplify Geo Android also provides developers with map styling capabilities through its APIs that allows developers to tweak their map experience to match their apps’ theme. Amplify Geo also allows developers to create map resources via the Command Line Interface (CLI) tool. This tool helps developers provision necessary cloud services required to implement common mapping use cases.

Amazon DevOps Guru now provides Proactive Insights that helps you to increase availability, improve performance and optimize utilization of your application resources. Proactive monitoring is key to flagging potential issues with your applications and infrastructure early, enabling you to respond quickly and reduce costly downtime. Amazon DevOps Guru uses machine learning (ML) to analyze application resources, configurations and application metrics to identify potential future operational issues to prevent them from impacting your users and increase application uptime.

Amazon DevOps Guru Proactive Insights summarizes the metric anomaly, related events and recommends remediation actions to help mitigate the issue. Amazon DevOps Guru also identifies opportunities to optimize resource utilization by your application to reduce operating costs. For example, consider a Lambda based application with an API Gateway endpoint. The Lambda function has invocations beyond the currently provisioned function concurrency. This leads to continuous spillover of the requests causing cold starts, and consequently a degraded latency and potentially higher costs. Amazon DevOps Guru detects this issue and proactively recommends increasing Lambda function provisioned concurrency. 

The Amazon Chime SDK lets developers add intelligent real-time audio, video, and screen share to their web and mobile applications. The Amazon Chime SDK has achieved FedRAMP High authorization for AWS GovCloud (US) Regions. U.S. government agencies and contractors can now use Amazon Chime SDK to build applications for workloads that require FedRAMP High authorization. 

Amazon Chime SDK continues to be available in Northern Virginia and Oregon Regions with FedRAMP Moderate. In addition, Amazon Chime SDK is compliant with PCI DSS, and SOC. Amazon Chime SDK is also a HIPAA eligible service.

You can now set a default instance warm-up time for all scaling activities, health check replacements, and other replacement events in the Auto Scaling instance lifecycle. Amazon EC2 Auto Scaling is a service that allows you to automatically scale and manage logical groups of instances, known as Auto Scaling groups, that serve your application. EC2 Auto Scaling does this by monitoring various metrics, such as CPU utilization and application demand, to determine if an instance needs to be replaced, removed from, or added to your Auto Scaling group. Setting the default instance warm-up time parameter can simplify your Auto Scaling group configuration by ensuring that any scaling and replacement policies are aware of the time your instances typically take to be ready to serve demand.

Previously, you could only set a warm-up time for select scaling and replacement events — instance refresh, target tracking, and step scaling policies — and these needed to be configured individually. Now, by setting a default warm-up time parameter that applies to the whole Auto Scaling group, you can easily ensure that all instance scaling and replacement events — instance refresh, manual and dynamic scaling policies, scheduled actions, and health check replacements — use the same warm-up time to aggregate metrics to Amazon CloudWatch and determine your group capacity. Specifically, if your instances tend to spend a known amount of time to get ready to serve traffic after they are launched (e.g., to pre-load application data), setting the default instance warm-up time can help you avoid inadvertent scaling or replacement events in the following ways. First, instances won’t be counted toward your Auto Scaling group’s desired capacity until the warm-up time elapses. Second, instances’ CloudWatch metrics won’t be used to start scaling or replacement actions until after the warm-up time elapses.

You can now customize your AWS Identity and Access Management (IAM) policies that control access to your Amazon Neptune resources, like Neptune clusters or instances, with AWS global condition context keys. You can use AWS global condition context keys, which are specified in the Condition element of an IAM policy, to allow or disallow access to Neptune resources based on the set conditions.

For example, you can create a policy statement with the aws:SourceIp condition key to limit access to specific source IP addresses or ranges of IP addresses. You can also create a policy statement using the aws:SecureTransport condition key to limit access to requests sent over a Secure Sockets Layer (SSL) connection. The policy statement is effective only when the specified conditions are true.

AWS Step Functions expands integration with the AWS SDK by expanding support for over 20 new AWS SDK integrations and over 1000 new AWS API actions.

AWS Step Functions is a low-code, visual workflow service that developers use to build distributed applications, automate IT and business processes, and build data and machine learning pipelines using over 10,000 API actions from over 200+ AWS services. With this enhancement you can now integrate with new services such as AWS Panorama, a machine learning appliance and software development kit that brings computer vision to on-premise internet protocol cameras, improving supply chain visibility or monitoring congestions at airports.

This week, AWS announced the general availability of openCypher query language support with Amazon Neptune. Customers can now use openCypher with Amazon Neptune, giving them more choices to build or migrate graph applications to a highly available, secure, and fully managed graph database.

Customers like openCypher’s syntax, which is inspired by SQL, because it provides a familiar structure to compose queries for graph applications. With this week’s launch, Amazon Neptune now provides customers with the widest array of query language support including openCypher, Gremlin, and W3C SPARQL. Customers can use the openCypher and Gremlin query languages together over the same property graph data. Support for openCypher is compatible with the Bolt protocol, thus enabling customers to continue to run applications that use the Bolt protocol to connect to Neptune.

AWS Controllers for Kubernetes (ACK) controllers for Amazon EKS, Amazon ECR, Dynamo DB, Amazon S3, AWS Application Autoscaling, and AWS API Gateway v2 are now generally available.

ACK lets you define and use AWS service resources directly from Kubernetes. With ACK, you can take advantage of AWS managed services for your Kubernetes applications without needing to define resources outside of the cluster or run services that provide supporting capabilities like databases within the cluster.

Since the last update in January 2022, AWS CloudFormation Registry has expanded to include support for 35 new resource types (refer to the complete list below) between January and March 2022. A resource type includes schema (resource properties and handler permissions) and handlers that allow API interactions with the underlying AWS or third-party services. Customers can now configure, provision, and manage the lifecycle of these newly supported resources as part of their cloud infrastructure through CloudFormation, by treating them as infrastructure as code. Furthermore, we are pleased to announce that 1 new AWS service - AWS Billing Conductor added CloudFormation support on the day of launch. CloudFormation now supports 170+ AWS services spanning over 900 resource types, along with over 40 third-party resource types.

Customers can now centrally discover the schema associated with these 35 new resource types on the CloudFormation Registry. With the addition of these resource types to the Registry, customers can also benefit from the resource import feature of CloudFormation. For example, if you create an AWS Billing Conductor Pricing Rule through the AWS Management Console or the Command Line Interface, you can bring that resource into CloudFormation’s management using the resource import feature.

For feedback on the resources for which you want CloudFormation support, please refer to the aws-cloudformation-coverage-roadmap.

Now you can configure, provision, and manage the following 35 resource types with CloudFormation.

1. AWS::AppIntegrations::DataIntegration
2. AWS::AppRunner::VpcConnector
3. AWS::AppStream::ApplicationEntitlementAssociation
4. AWS::AppStream::Entitlement
5. AWS::BillingConductor::BillingGroup
6. AWS::BillingConductor::CustomLineItem
7. AWS::BillingConductor::PricingPlan
8. AWS::BillingConductor::PricingRule
9. AWS::CloudFormation::HookDefaultVersion
10. AWS::CloudFormation::HookTypeConfig
11. AWS::CloudFormation::HookVersion
12. AWS::DataSync::LocationFSxLustre
13. AWS::ECR::PullThroughCacheRule
14. AWS::EKS::IdentityProviderConfig
15. AWS::Forecast::Dataset
16. AWS::Forecast::DatasetGroup
17. AWS::InspectorV2::Filter
18. AWS::IoT::JobTemplate
19. AWS::IoTEvents::AlarmModel
20. AWS::KafkaConnect::Connector
21. AWS::Lightsail::Alarm
22. AWS::Lightsail::Bucket
23. AWS::Lightsail::Certificate
24. AWS::Lightsail::Container
25. AWS::Lightsail::Distribution
26. AWS::Lightsail::LoadBalancer
27. AWS::Lightsail::LoadBalancerTlsCertificate
28. AWS::MSK::BatchScramSecret
29. AWS::MSK::Configuration
30. AWS::Personalize::Dataset
31. AWS::Personalize::Dataset DatasetImportJob
32. AWS::Personalize::DatasetGroup
33. AWS::Personalize::Schema
34. AWS::Personalize::Solution
35. AWS::Personalize::Solution

Amazon Redshift now offers new enhancements for Audit Logging, which enables faster delivery of logs for analysis by minimizing latency while also adding Amazon CloudWatch as a new log destination. With this release, customers can choose to stream audit logs directly to Amazon CloudWatch, which enables customers to perform real-time monitoring.

Amazon Redshift provides customers the ability to generate audit logs to help meet security, compliance and diagnostic needs. AWS ran an internal test which showed the new enhancements to Audit Logging reduces the latency associated with delivering log data to Amazon S3 from up to 24 hours to less than 2 hours. By adding Amazon CloudWatch as a log destination, the latency of logs delivery is further reduced to less than 2 minutes. You can enable audit logging to Amazon CloudWatch via the AWS Management Console, API, or CLI. If you change the log destination from Amazon S3 to Amazon CloudWatch, you can still query the log data in the Amazon S3 buckets where it resides, and you will still be able to get your logs in the Amazon S3 bucket by using CloudWatch export to Amazon S3 feature.