49 min read

In Cloud Computing This Week [Apr 28th 2023]

April 28, 2023





Here's the weekly cloud round up of all things Hava, GCP, Azure and AWS for the week ending Friday April 21st 2023.

Last week we released Architectural Monitoring Alerts in Private Beta. It's nearly GA but to get access now please get in touch.

All the lastest Hava news can be found on our Linkedin Newsletter.

Subscribe On Linkedin

Of course we'd love to keep in touch at the other usual places. Come and say hello on:

Facebook.      Linkedin.     Twitter.


AWS Updates and Releases

Source: aws.amazon.com

AWS Lambda adds support for Java 17

AWS Lambda now supports Java 17 as both a managed runtime and a container base image. Developers creating serverless applications in Lambda with Java 17 can take advantage of new language features including Java records, sealed classes and multi-line strings. The Lambda Java 17 runtime also has numerous performance improvements, including optimizations when running Lambda functions on Graviton 2 processors.

It supports AWS Lambda Snap Start (in supported Regions) for fast cold starts, and the latest versions of the popular Spring Boot 3 and Micronaut 4 application frameworks. For more information on Lambda’s support for Java 17, see our blog post at Java 17 runtime now available in AWS Lambda.

To deploy Lambda functions using Java 17, upload the code through the Lambda console and select the Java 17 runtime. You can also use the AWS CLI, AWS Serverless Application Model (AWS SAM) and AWS CloudFormation to deploy and manage serverless applications written in Java 17. Additionally, you can also use the AWS-provided Java 17 base image to build and deploy Java 17 functions using a container image.

To migrate existing Lambda functions running earlier Java versions, review your code for compatibility with Java 17 and then update the function runtime to Java 17 when redeploying you function.

This runtime is based on the AWS Corretto distribution of OpenJDK. AWS will automatically apply updates to the Java 17 managed runtime and to the AWS-provided Java 17 base image, as they become available.

Amazon CloudWatch Logs data protection is now available in all AWS Commercial Regions

AWS are excited to announce Amazon CloudWatch Logs data protection is now available in Middle East (UAE), Asia Pacific (Hyderabad), Europe (Spain), Europe (Zurich), and Asia Pacific (Melbourne). Data protection is a feature that leverages pattern matching and machine learning capabilities to detect and protect sensitive log data-in-transit.

Amazon CloudWatch Logs enables you to centralize the logs from all of your systems, applications, and AWS services, in a single, highly scalable service. With log data protection in Amazon CloudWatch Logs, you can now detect and protect sensitive log data in-transit such as, Credit Card Numbers or Government ID’s logged by your systems, and applications.

Start discovering and masking sensitive data in Amazon CloudWatch Logs using the AWS Software Development Kit (SDK), AWS Command Line Interface (CLI), AWS CloudFormation templates, or CloudWatch in the AWS Management Console.

AWS Network Firewall ingress TLS inspection is now available in 8 additional regions

AWS Network Firewall now supports Transport Layer Security (TLS) inspection for ingress VPC traffic in 8 additional regions for a total of 10 regions. Starting today, you can use AWS Network Firewall to decrypt, inspect, and re-encrypt inbound TLS traffic in Asia Pacific (Sydney), Asia Pacific (Jakarta), Asia Pacific (Mumbai), Asia Pacific (Singapore), Asia Pacific (Tokyo), Europe (Ireland), Europe (Stockholm), Europe (Frankfurt), South America (Sao Paulo), and US East (N. Virginia).

AWS Network Firewall is a managed firewall service that makes it easy to deploy essential network protections for all your Amazon VPCs. Starting today, you can decrypt TLS sessions and inspect inbound VPC traffic without having to deploy and manage any additional network security infrastructure in these additional regions.

AWS Systems Manager Fleet Manager console based access to Windows instances now available in AWS GovCloud (US) Regions

Fleet Manager now enables a console-based management experience for Windows instances in the AWS GovCloud (US) Regions. This feature provides customers a full graphical interface to setup secure connections to and manage Windows instances. You no longer need to install additional software, set up additional servers, or open direct inbound access to ports on the instance.

Fleet Manager is a console based experience in Systems Manager that provides you with visual tools to manage your Windows, Linux, and macOS servers. Fleet Manager now provides a simple browser-based means to access Windows servers using Remote Desktop Protocol, or RDP, with security protocols.

Remote Desktop Protocol (RDP) connections into Windows servers are established through a few simple steps in the console providing access to your server or server-based application. With this feature, you can simultaneously open connections to multiple servers at once and access them from the same console removing the need to switch back and forth between tabs.

Amazon Location Service adds support for long distance matrix routing

This week, Amazon Location Service added support for long distance matrix routing, making it easier for customers to quickly calculate driving time and driving distance between multiple origins and destinations, no matter how far apart they are. Developers can now make a single API request to calculate up to 122,500 routes (350 origins and 350 destinations) within a 180 km region or up to 100 routes without any distance limitation.

With Amazon Location’s matrix routing, developers can reduce the latency associated with multiple routing calculations, allowing them to simplify their code and improve the experience of their customers. For example, an application that plans delivery routes from warehouses to retail locations can now use Amazon Location’s matrix routing to request the driving time and distance between locations hundreds of kilometers apart, by making one request for up to 100 route calculations.

Amazon Location Service is a fully managed service that helps developers easily and securely add maps, points of interest, geocoding, routing, tracking, and geofencing to their applications without compromising on data quality, user privacy, or cost. With Amazon Location Service, you retain control of your location data, protecting your privacy and reducing enterprise security risks.

Amazon MQ now supports RabbitMQ version 3.10.20 and 3.9.27

Amazon MQ now provides support for RabbitMQ version 3.10.20 and RabbitMQ 3.9.27, which include several important fixes and performance optimizations to the previously supported versions. Amazon MQ is a managed message broker service for Apache ActiveMQ and RabbitMQ that makes it easier to set up and operate message brokers on AWS.

You can reduce your operational burden by using Amazon MQ to manage the provisioning, setup, and maintenance of message brokers. Because Amazon MQ connects to your current applications with industry-standard APIs and protocols, you can more easily migrate to AWS without having to rewrite code.

If you are running a version of RabbitMQ earlier than 3.10.20 or 3.9.27, AWS encourage you to upgrade to the latest versions to get access to the latest security, performance and feature enhancements. This can be accomplished with just a few clicks in the AWS Management Console. If your broker has automatic minor versions upgrade enabled and is currently running version 3.10.10 or 3.10.17, Amazon MQ will automatically upgrade the broker to version 3.10.20 during a future maintenance window.

To learn more about upgrading, please see - Managing Amazon MQ for RabbitMQ engine versions in the Amazon MQ Developer Guide. This new version is available in all regions where Amazon MQ is available. For a full list of available regions see the AWS Region Table.

Amazon OpenSearch Service announces Amazon OpenSearch Ingestion

This week Amazon OpenSearch Service announces Amazon OpenSearch Ingestion, a new fully managed data ingestion tier that allows you to ingest and process petabyte-scale data before indexing it in OpenSearch-managed clusters or serverless collections. OpenSearch Ingestion provides a no-code capability to filter, transform, redact, and route data prior to indexing it in OpenSearch. OpenSearch Ingestion automatically provisions and scales the underlying resources for even the most demanding and unpredictable workloads. 

OpenSearch Ingestion is powered by OpenSearch Data Prepper, an open-source, data pipeline for preprocessing telemetry data (logs, distributed traces, and metrics) to prepare it for analysis and visualization in OpenSearch.

OpenSearch Ingestion can be used as an alternate to self-managing Logstash or other streaming data pipelines. Because OpenSearch Ingestion is a fully managed serverless service, it removes the complexities of managing a multi-node cluster for data ingestion like choosing the right instance types, applying security patches, and adding or removing nodes to optimize for data volume fluctuations, enabling your team to focus on more critical work.

To get started with OpenSearch Ingestion, you can create a pipeline in the AWS Management Console and define your source, processors, and the destination cluster or collection. You can also start from a blueprint for the most common ingestion use cases.

Amazon SageMaker now supports a hosted TensorBoard experience

This week, AWS announced the general availability of Amazon SageMaker with TensorBoard, which provides a hosted TensorBoard experience. This launch allows you to use TensorBoard to visualize and debug model convergence issues for Amazon SageMaker training jobs. 

TensorBoard is an observability tool commonly used by data scientists to track model accuracy and log loss on training and validation sets. With this capability, data scientists can save development time by visualizing the model architecture to identify and remediate convergence issues, such as validation loss not converging or vanishing gradients.

Further, the access and management of this capability is automated using Amazon SageMaker Python SDK. By providing TensorBoard as a hosted experience, data scientists will gain optimized S3 read access for TensorBoard log data and will not have to manually install and configure TensorBoard.

Amazon SageMaker with TensorBoard is available in the following regions: US East (Ohio), US East (N. Virginia), US West (Oregon), Europe (Frankfurt), and Europe (Ireland) using ml.r5.large instance types. AWS are providing SageMaker with TensorBoard for free for the next 2 months to all SageMaker customers. Please see here information on pricing that will apply following the 2 month period.

AWS AppSync supports TypeScript and source maps in JavaScript resolvers

This week, AWS AppSync released enhanced support for TypeScript in JavaScript resolvers, along with integrated support for source maps in bundled JavaScript code. Plus, they’ve released updated guidance to help you during your development process, and are updating the AppSync utility library to provide better type and generics support.

Developers love writing their code in TypeScript, an extension of JavaScript. It is designed to provide a better developer experience with compile-time type safety and enhanced auto-completion support in most IDEs. With this update, you can take advantage of TypeScript features when you write JavaScript resolvers.

With the updated libraries, you get improved support for types and generics in AppSync’s utility functions. The updated AppSync documentation provides guidance on how to get started and how to bundle your code when you want to use TypeScript or work in a multi file configuration.

When working in a multi-file configuration, AppSync now allows you to provide a source map in your AppSync resolver or function code. With source maps, you can see the original source file name and location when you log data to Amazon Cloudwatch Logs, and in reported runtime errors.

AWS Global Accelerator launches two new edge locations

AWS Global Accelerator now supports traffic through two new AWS edge locations in Lima, Peru and Nashville, Tennessee (United States). With the addition of these two edge locations, Global Accelerator is now available through 106 Points of Presence globally and supports application endpoints in 21 AWS Regions.

AWS Global Accelerator is a service that improves the availability, security, and performance of your internet-facing applications. By using the congestion-free AWS network, end-user traffic to your applications benefits from increased availability, DDoS protection at the edge, and higher performance relative to public internet.

Global Accelerator provides static IP addresses that act as fixed entry endpoints for your application resources in one or more AWS Regions, such as your Application Load Balancers, Network Load Balancers, Amazon EC2 instances, or Elastic IPs. Global Accelerator continually monitors the health of your application endpoints and offers deterministic fail-over for multi-region workloads without any DNS dependencies.

Contact Lens for Amazon Connect evaluation capabilities are now generally available

Contact Lens for Amazon Connect now provides a set of evaluation capabilities (GA) that enable contact center managers to create evaluation forms with criteria (e.g., agent adherence to talk scripts or compliance with sensitive data collection practices) that can be scored using Contact Lens’ machine learning powered speech analytics, and view aggregated agent performance results.

Contact centers can also use public APIs to ingest data (e.g., customer satisfaction scores, sales records, etc.) from third-party sources such as CSAT survey tools or CRM systems, and have all relevant agent performance data and insights across cohorts of agents over time, in a single easy-to-use web interface.

Managers can now assess aggregated agent performance results alongside contact details, recordings, transcripts, and summaries, without the need to switch applications. They can receive automated notifications when an evaluation is completed, and can search for evaluation results based on a set of criteria such as evaluation scores.

These alerts and analytics enable managers to assess more agent/customer interactions while reducing the amount of time they spend identifying performance issues and coaching agents to perform their best.

Announcing AWS DataSync Discovery general availability (GA)

AWS are announcing the general availability of AWS DataSync Discovery, giving you visibility into on-premises storage performance and utilization, and providing recommendations to simplify and accelerate data migration to AWS. DataSync Discovery enables you to understand your on-premises storage performance and capacity through automated data collection and analysis.

It helps you quickly identify data to be migrated and evaluate suggested AWS Storage services that align to your performance and capacity needs. Capabilities added since preview include support for NetApp ONTAP 9.7, recommendations at cluster and storage virtual machine (SVM) levels, and discovery job events in Amazon EventBridge.

To get started, configure DataSync Discovery to connect to your on-premises storage and then run discovery jobs to collect information about your storage system. While your discovery jobs run, you can view collected information on dashboards in the console. When completed, you can generate recommendations for migrating your resources to AWS Storage services such as Amazon FSx for NetApp ONTAP, Amazon FSx for Windows File Server, or Amazon Elastic File System (EFS).

These recommendations help you select the optimal AWS Storage service and you can then use AWS DataSync to move your data to your selected storage service. DataSync Discovery provides a fully managed discovery process for on-premises storage systems, minimizing the time, effort, and costs associated with planning and executing data migrations to AWS.

AWS Elemental Link UHD now supports Dolby Digital and Digital Plus

If you deliver multichannel audio experiences, you can now use AWS Elemental Link UHD to pass through Dolby Digital and Dolby Digital Plus audio to your AWS Elemental MediaLive channel.

Dolby Digital and Dolby Digital Plus are established audio technologies used to deliver surround sound experiences for home theater, broadcast, and cinema. Dolby Digital supports stereo/2.0 to 5.1 channels, and Dolby Digital Plus supports up to 7.1 channels.

For more information on how MediaLive takes advantage of Dolby Digital and Digital Plus audio passthrough for Link UHD, visit MediaLive audio sources. Dolby passthrough support is available at no additional cost.

AWS Resource Access Manager supports fine-grained customer managed permissions

AWS Resource Access Manager (AWS RAM) now supports customer managed permissions so you can author and maintain fine-grained resource access controls for supported resource types. AWS RAM helps you securely share your resources across AWS accounts, within your organization or organizational units (OUs), and with AWS Identity and Access Management (IAM) roles and users. With customer managed permissions, you can apply the principles of least privilege, or the minimum permissions required to perform a task.

You can now define the granularity of your customer managed permissions by precisely specifying who can do what under which conditions for the resource types included in your resource share. For example, as a cloud security admin, you can author tailored customer managed permissions for Amazon Virtual Private Cloud IP Address Manager (IPAM) pools, which help manage your IP addresses at scale.

Then the network admin can share the IPAM pools using the tailored permissions so that developers can assign IP addresses but not view the range of IP addresses other developer accounts assign. For granting access to sensitive actions such as viewing the IP address range in an IPAM pool, you can add conditions such as requiring the actions are performed by users authenticated using multi-factor authentication.

Amazon Keyspaces (for Apache Cassandra) supports IN operator for SELECT queries

Amazon Keyspaces (for Apache Cassandra), a scalable, serverless, highly available, and fully managed Apache Cassandra-compatible database service, now supports the use of the IN operator in SELECT queries of Cassandra Query Language (CQL).

This week, Amazon Keyspaces added support for the IN operator in CQL SELECT queries. This support allows Cassandra developers to write queries that are less complex and more compatible with Cassandra. Additionally, support for the IN operator in SELECT queries provides an easier way to filter and access data that is spread over multiple partitions.

The IN operator for SELECT is available in all commercial AWS Regions and the AWS GovCloud (US) Regions where AWS offers Amazon Keyspaces. If you’re new to Amazon Keyspaces, the getting started guide shows you how to provision a keyspace and explore the query and scaling capabilities of Amazon Keyspaces.

Amazon SageMaker accelerates local ML code conversion to remote jobs

Amazon SageMaker Python SDK is an open source library for training and deploying machine-learning models on Amazon SageMaker. AWS are excited to announce SageMaker Python SDK now helps data scientists execute any local ML code authored in their preferred IDE and local notebooks along with the associated runtime dependencies as large-scale ML model training jobs with minimal code changes.

Data scientists need to add only a line of code (a Python decorator) to their local ML code and SageMaker Python SDK takes their code, datasets, and workspace environment setup and runs it as a SageMaker Training job. This decorator mode helps data scientists start their ML workflows on SageMaker more easily by reducing the need for custom code constructs and environment variable management.

Further, this enhancement to local code to jobs experience reduces the time spent on container management via auto-capture and replication of local runtime so that data scientists can spend lesser time recreating their local environment in production-grade jobs. 

AWS IoT Core Device Advisor announces support for MQTT over WebSocket

AWS are excited to announce the General Availability of AWS IoT Core Device Advisor support for MQTT over WebSocket. AWS IoT Core Device Advisor is a cloud-based, fully managed test capability that validates AWS IoT device software for reliable and secure connectivity with AWS IoT Core. With this update, customers can run all three test suites of AWS IoT Core Device Advisor - qualification, custom, and long duration tests - using Signature Version 4 for MQTT over WebSocket. Signature Version 4 is a protocol for authenticating inbound API requests to AWS services, in all AWS Regions. 

In addition, all existing connectivity and security test cases within AWS IoT Device Advisor now support MQTT3.1.1 and MQTT5 over WebSocket, making it easier for customers to validate MQTT functionality during device software development before on-boarding them to AWS IoT Core

AWS IoT Core Device Advisor is a regional service which is accessible globally but is hosted in US East (N. Virginia), US West (Oregon), Asia Pacific (Tokyo) and Europe (Ireland) regions.

AWS Glue Crawlers now support creating partition indexes

AWS Glue Crawlers extract the data schema and partitions from Amazon S3 and populate the AWS Glue Data Catalog, keeping metadata current. Today, AWS Glue Crawler support is expanded to automatically add partition indexes for newly discovered tables that will help analytics services such as Amazon Athena and AWS Glue to optimize partition processing to help with query performance on highly partitioned tables. 

The number of partitions in a given table can grow significantly over time. As analytics services like Amazon Athena query a table containing millions of partitions, the time needed to retrieve the partition increases and can cause query runtime to increase. With this release, when the AWS Glue Crawler creates a new AWS Glue Data Catalog table, it will also create a partition index by default without needing to create it manually.

The AWS Glue Data Catalog will then create a fast, searchable index based on the partition index keys, reducing the time required to retrieve and filter partition metadata on tables with millions of partitions. The creation of partition indexes benefits the analytics workloads running on Amazon Athena, Amazon EMR, Amazon Redshift Spectrum, and AWS Glue.

AWS Support in Korean is now generally available

This week, AWS announces the general availability of AWS Support in Korean in all commercial regions. Customers can now select Korean, in addition to Chinese, English, and Japanese as their preferred language to interact with our team of support engineers and customer service representatives. Customers will receive personalized support in the language of their choice with predictable response times as per their Support plan at no additional cost.

AWS customers with the Enterprise, Enterprise On-Ramp, or Business Support plan can get technical support in Korean 24/7. AWS customers with the Developer Support plan can receive technical support in Korean during business hours generally defined as 8:00 AM to 6:00 PM in the customer country as set in My Account console, excluding holidays and weekends.

These times may vary in countries with multiple time zones. Account and billing support in Korean is available to AWS customers during 9:00 AM to 6:00 PM Korean Standard time (UTC+9), excluding holidays and weekends.

AWS License Manager now supports upgrading of EC2 Instances from Ubuntu to Ubuntu Pro operating system

AWS License Manager announces a new feature to upgrade EC2 instances with Ubuntu LTS (Long Term Support) operating system to Ubuntu Pro. With Ubuntu Pro subscription, customers get five years of Expanded Security Maintenance (ESM) on the Ubuntu LTS releases from Canonical. Using this License Manager feature, customers can upgrade their Ubuntu LTS instances in-place to Ubuntu Pro without needing to migrate to a new Ubuntu Pro Amazon Machine Image (AMI). For the use of upgraded EC2 instances with Ubuntu Pro, you will be charged on a per-second basis at the applicable On-Demand or Savings Plan rates for Ubuntu Pro.

In addition to five more years of security maintenance, Ubuntu Pro provides features such as security coverage for approximately 23000+ packages in Ubuntu Universe repository and live kernel patching. For example, Ubuntu 18.04 LTS will reach end of standard support on May 31, 2023. You can upgrade the Ubuntu 18.04 LTS instances to Ubuntu Pro 18.04 LTS in License Manager to receive security updates until April 2028. To learn more about Ubuntu Pro on EC2, please see this announcement.

This feature is available in all AWS Regions where AWS License Manager is available, except the AWS GovCloud(US) and China Regions. To get started, visit AWS License Manager console, choose License type conversion from the left pane and select ‘Create license type conversion’. You can select ‘Ubuntu’ as the Source Operating System and follow the steps mentioned in the AWS License Manager user guide to upgrade to Ubuntu Pro.

AWS IoT TwinMaker now supports data overlays and text annotations in 3D scenes

You can now add data overlays and text annotations in the AWS IoT TwinMaker Scene Composer. Data overlay and text annotations provide context in scenes like access to key performance metrics and sensor data, making it easier to navigate your twins and monitor your facilities with AWS IoT TwinMaker.

Data overlay allows you to add data overlay panels to existing tags in your scenes. The data overlay panel can show text descriptions of equipment, sensor metrics, hyperlink to specification sheet, and other data supported by markdown format. Dataoverlay consolidates information from different data panels in your dashboard so you can click on tags and review key performance metrics in the AWS IoT TwinMaker Scene Viewer. You can also open multiple data overlay panels to monitor different objects at the same time. In this way, data overlay helps you monitor operating facilities more efficiently.

Text annotation allows you to place text labels in your scenes and provide context through labels, descriptions, instructions and more. For example, you can display the name of a device on its 3D model, label the product name on its production line or describe a inspection checklist. Text annotation makes it easier to navigate, understand and investigate complex scenes.

Amazon EC2 High Memory instances are now available in the Europe (Zurich) Region

Starting today, Amazon EC2 High Memory instances with 6TiB (u-6tb1.56xlarge, u-6tb1.112xlarge) of memory are now available in the Europe (Zurich) Region. Customers can start using these new High Memory instances with On Demand and Savings Plan purchase options.

Amazon EC2 High Memory instances are certified by SAP for running Business Suite on HANA, SAP S/4HANA, Data Mart Solutions on HANA, Business Warehouse on HANA, and SAP BW/4HANA in production environments. For details, see the Certified and Supported SAP HANA Hardware Directory.

For information on how to get started with your SAP HANA migration to EC2 High Memory instances, view the Migrating SAP HANA on AWS to an EC2 High Memory Instance documentation. To hear from Steven Jones, GM for SAP on AWS on what this launch means for our SAP customers, you can read his launch blog.

AWS Firewall Manager adds support for multiple administrators

Starting today, customers with multiple organizational units (OU’s), and accounts can now create up to 10 AWS Firewall Manager administrator accounts from AWS Organizations service to manage their firewall policies. Customers can delegate responsibility for firewall administration at a granular scope by restricting access based on OU, account, policy type, and region, thereby enabling policy management tasks to be implemented faster and more effectively.

With administrative scope extending to policy types, customers can assign responsibility for managing particular firewall policies to users who have expertise in different AWS services, such as AWS WAF or AWS Network Firewall. Also, using centralized controls, default administrators can establish baseline security policies across multiple accounts while enabling application developers to manage their own policies under separate administrator accounts.

AWS Systems Manager now supports AWS Cloud Development Kit (CDK) applications

Application Manager, a capability of AWS Systems Manager that helps DevOps engineers investigate and remediate issues in the context of their applications, now supports AWS CDK applications. Customers who use CDK to model their cloud infrastructure can view their CDK constructs grouped as applications in the Application Manager console. 

Application Manager enables customers to monitor the operational status, metrics, and compliance of their applications from a central console through integration with Amazon CloudWatch and AWS Config. The new feature extends this experience to AWS CDK customers. CDK customers can now visualize their application, view application structure including the underlying resources, view alerts, investigate and remediate operational issues, and track costs using Application Manager.



Google Cloud Releases and Updates
Source: cloud.google.com


Anthos Clusters on bare metal

Anthos clusters on bare metal 1.13.7 is now available for download. To upgrade, see Upgrading Anthos on bare metal. Anthos clusters on bare metal 1.13.7 runs on Kubernetes 1.24.

Anthos Service Mesh

Three images for managed Anthos Service Mesh are now rolling out and contain a fix for FIPS compliance:

  • The image for 1.16.4-asm.8 is rolling out in the rapid release channel
  • The image for 1.15.7-asm.8 is rolling out in the regular release channel
  • The image for 1.14.6-asm.16 is rolling out in the stable release channel

See Select a managed Anthos Service Mesh release channel for more information.

1.17.2-asm.8 is now available for in-cluster Anthos Service Mesh.

Fixes build issues to achieve FIPS compliance. For details on upgrading Anthos Service Mesh, refer to Upgrade Anthos Service Mesh.

App Engine flexible environment Ruby

Ruby 3.2 is now available in preview. This version requires you to specify an operating system version in your app.yaml file. Learn more.r


App Engine standard environment Go


The Search API is now available in the App Engine legacy bundled services for second-generation runtimes. Access this legacy bundled service through the App Engine services SDK for Go 1.12+.

App Engine standard environment Java

The Search API is now available in the App Engine legacy bundled services for second-generation runtimes. Access this legacy bundled service through the App Engine API JAR.

App Engine standard environment Python

The Search API is now available in the App Engine legacy bundled services for second-generation runtimes. Access this legacy bundled service through the App Engine services SDK for Python 3.

Apigee X

Effective May 31, 2023, the default value for the OAuthv2 policy RefreshTokenExpiresIn element has new behavior. Starting May 31, RefreshTokenExpiresIn defaults to '30' for all policies where this element is not set.

For information on this element, see RefreshTokenExpiresIn.

Backup and DR


Backup and DR Service release is now available. This release includes the following features:

Backup and DR Service now supports archive snapshots for Compute Engine instance backups.

Simplified experience for updating backup/recovery appliances from the management console.

Backup and DR agent is enhanced to support RHEL 8.6, RHEL 8.7, and RHEL 9.0 operating system version. See Support matrix.

Backup and DR agent is enhanced to support Oracle Enterprise Linux 8.7 and 9.0 operating system version. See Support matrix.


Documentation has been added for an overview page that summarizes Batch content including pages, code samples, and videos. For more information, see Overview.


JSON data type mapping is now available for Cloud Spanner federated queries. This feature is generally available (GA).

BigLake and non-BigLake external tables now support Cloud Storage custom dual-regions. This feature is generally available (GA).

Dynamic data masking has been updated to allow masking on RECORD columns that have been set to REPEATED mode. Previously, querying such columns when data masking had been applied would return internal errors. This feature is generally available (GA).

The BigQuery Data Transfer Service for Google Ads supports the new Google Ads API. The Google Ads connector supports PMax and Discovery campaigns, a limit of 8000 leaf accounts per transfer, the --table_filter flag, and backwards compatibility. This feature is now generally available (GA).


Starting June 5, 2023, the default generic builder will begin using the Ubuntu 22 LTS base image. This means that builds using gcr.io/buildpacks/builder:latest will get the google-22 builder which addresses multiple security issues. You can read more about the google-22 builder in our announcement on Github.

You can preview the new builder by adding --builder=gcr.io/buildpacks/builder:google-22 to the gcloud builds submit --pack command when you build your application with a specific builder.

Certificate Authority Service

General Availability: Certificate Authority Service integrates with Certificate Manager to enable certificate issuance. The integration enables users to create a Google-managed certificate issued by their Certificate Authority Service instance. For information, see Create a Google-managed certificate issued by Certificate Authority Service.

Cloud Build

You can now configure Cloud Build to continue executing a build even if specified steps fail. This feature is generally available. To learn more, see the allowFailure and allowExitCodes topics in Build configuration file schema.

Cloud Composer


Cloud Composer 2.1.14 and 1.20.12 release started on April 25, 2023. Get ready for upcoming changes and features as AWS roll out the new release to all regions. This release is in progress at the moment. Listed changes and features might not be available in some regions yet.

Starting from March 2023, Cloud Composer 1 is in maintenance mode. Maintenance releases of Cloud Composer 1 will contain only bug fixes and small improvements. Support for new Airflow versions after 2.4.3 is not planned for Cloud Composer 1.

(Cloud Composer 2) Airflow 2.5.1 is available in Cloud Composer images.

(Airflow 2.5.1 and 2.4.3) Per-folder Roles Registration now correctly reassigns permissions if a DAG file is deleted and added back.

Cloud Composer 2.1.14 and 1.20.12 images are available:

  • composer-2.1.14-airflow-2.5.1
  • composer-2.1.14-airflow-2.4.3 (default)
  • composer-2.1.14-airflow-2.3.4
  • composer-1.20.12-airflow-2.4.3
  • composer-1.20.12-airflow-2.3.4
  • composer-1.20.12-airflow-1.10.15

Cloud Data Fusion

Cloud Data Fusion version 6.8.2 is generally available (GA). This release is in parallel with the CDAP 6.8.2 release.

Cloud Data Fusion version 6.8.2 fixes an issue in Cloud Data Fusion versions 6.8.0 and 6.8.1 that may cause the following error: Unsupported program type: Spark. The first time a pipeline that only contains actions runs on a newly created or upgraded instance, it succeeds. However, following pipeline runs that also include sources or sinks may fail with this error. For updated settings, see Troubleshooting.

Cloud Logging

Version 2.31.0 of the Ops Agent introduces built-in support for log rotation. For more information, see Configure log rotation in the Ops Agent.

Cloud Monitoring

Version 2.31.0 of the Ops Agent introduces built-in support for log rotation. For more information, see Configure log rotation in the Ops Agent.

The Observability tab on the VM instances page for Compute Engine has been enhanced. Disk and Network sections with additional charts have been added. The Integrations > Detected section lets you navigate to the dashboards for the third-party integrations, like Apache or NGINX, that you have configured. The page also includes a set of Recommended Alerts for setting up pre-configured alerting policies for CPU, memory, and disk utilization and for host errors.

Cloud Run

 Cloud Run jobs are now generally available (GA).

Starting June 5, 2023, the default generic builder will begin using the Ubuntu 22 LTS base image. This means that when you deploy from source code the google-22 builder is used, which addresses multiple security issues. You can read more about the google-22 builder in our announcement on Github.

You can preview the new builder by adding --builder=gcr.io/buildpacks/builder:google-22 to the gcloud builds submit --pack command when you build your application with a specific builder.

Compute Engine

In the Google Cloud console, the Observability tab on the VM instances page for Compute Engine has been enhanced. Disk and Network sections with additional charts have been added. The Integrations > Detected section lets you navigate to the dashboards for the third-party integrations that you have configured, like Apache or NGINX. The page also includes a set of recommended alerts for setting up pre-configured alerting policies for CPU, memory, and disk utilization and for host errors.

You can now create regional Persistent Disk volumes when creating a new VM either directly, or through instance templates. For more information, see Create a VM instance with additional non-boot disks or Create a new instance template.

Config Connector

Config Connector version 1.103.0 is now available.

Issue in resource PrivateCACAPool to support setting maxIssuerPathLength field as 0.

Added support for manual installation in GKE Autopilot.

Fixed set blockOwnerDeletion failures for OwnerReferencesPermissionEnforcement enabled clusters (#797).

Optimized ratelimiter for IAMPolicyMember controller to make sure new resources get reconciled timely.

Resource ArtifactRegistryRepository(v1beta1):

  • Added spec.dockerConfig field.

Resource BigQueryDataset(v1beta1):

  • Added spec.defaultCollation field.
  • Added spec.isCaseInsensitive field.

Resource ComputeInstance(v1beta1):

  • Added spec.scratchDisk.items.size field.

Resource ComputeInstanceTemplate(v1beta1):

  • Added status.selfLinkUnique field.

Resource ComputeNetwork(v1beta1):

  • Added spec.networkFirewallPolicyEnforcementOrder field.

Resource ComputeVPNGateway(v1beta1):

  • Added spec.stackType field.

Resource ContainerCluster(v1beta1):

  • Added spec.ipAllocationPolicy.podCidrOverprovisionConfig field.
  • Added spec.ipAllocationPolicy.stackType field.
  • Added spec.nodeConfig.advancedMachineFeatures field.
  • Added spec.nodeConfig.ephemeralStorageLocalSsdConfig field.
  • Added spec.nodeConfig.localNvmeSsdBlockConfig field.

Resource ContainerNodePool(v1beta1):

  • Added spec.networkConfig.podCidrOverprovisionConfig field.
  • Added spec.nodeConfig.advancedMachineFeatures field.
  • Added spec.nodeConfig.ephemeralStorageLocalSsdConfig field.
  • Added spec.nodeConfig.localNvmeSsdBlockConfig field.

Resource PrivateCACAPool(v1beta1):

  • Added spec.issuancePolicy.baselineValues.caOptions.zeroMaxIssuerPathLength field.

Resource PrivateCACertificateAuthority(v1beta1):

  • Added spec.config.x509Config.caOptions.zeroMaxIssuerPathLength field.

Resource StorageTransferJob(v1beta1):

  • Added spec.transferSpec.objectConditions.lastModifiedBefore field.
  • Added spec.transferSpec.objectConditions.lastModifiedSince field.

Contact Center AI Platform

Queue-level wrap-up settings: You can now customize wrap-up times for different queues, to ensure that agents have adequate time to complete their tasks without compromising service level agreements or taking another call/chat before they are ready. This is particularly useful for queues that handle escalations or complex issues, which may require more time to handle. See the Queue and Menu Setup documentation for details.

Custom CRM background screen pop for embedded adapters: GCP have improved the screen pop capability for our Custom CRM to better support embedded adapters. They now provide a way to do a CRM screen pop in the background, allowing for a smoother experience when using embedded adapters. For details, see the Custom CRM documentation.

Fixed a bug where some VA responses that should not be bargeable could be barged in to. There was a timing issue between parsing whether a response is bargeable and starting a new SAC stream, so some responses used the preceding response barge config instead of their own. This has been corrected to make sure the correct order of operations is always followed for this flow.

AWS have updated the Calls > Queued and Chats > Queued monitoring pages to retrieve data from the past 24 hours instead of only the current day. This update ensures consistency with the real-time queue metrics displayed on the Call and Chat dashboards, which also reflect the last 24 hours.

Fixed an issue that caused OEM Billing Service to take very long execution times (more than 4 hours) while executing 2.sql , after which our MySql server killed the query.

Container Optimised OS

Updated app-admin/google-osconfig-agent to 20230403.00.

Upgraded localtoast from v1.1.4.3 to v1.1.5.1.

Added support for L4 GPU in cos-gpu-installer and fix cached driver installation for prebuilt driver modules.

Enabled INET_DIAG_DESTROY kernel configuration.

Updated google-guest-agent to 20230330.00.

Runtime sysctl changes:

  • Added: kernel.oops_limit: 10000
  • Added: kernel.warn_limit: 0
  • Changed: net.core.bpf_jit_limit: 264241152 -> 528482304
  • Changed: net.netfilter.nf_conntrack_sctp_timeout_established: 432000 -> 210
  • Deleted: net.netfilter.nf_conntrack_sctp_timeout_heartbeat_acked: 210

Updated app-admin/google-osconfig-agent to 20230403.00.

Upgrade app-misc/jq to v1.7_pre20201109-r1

Updated the Linux kernel to v6.1.25.

Fallback to installing compatible drivers when installer is invoked for certain GPU devices and incompatible drivers.

Added Restart=always to chronyd config.

Updated containerd to v1.7.0.

Upgraded sys-fs/lvm2 to v2-2.03.20.

Upgraded net-libs/libnetfilter_conntrack to v1.0.9-r1.

Upgraded sys-apps/coreutils to v9.3.

Upgraded net-firewall/iptables to v1.8.9.

Upgraded sys-fs/e2fsprogs to v2fsprogs-1.47.0-r1.

Updated dev-lang/go to v1.20.3. This resolves CVE-2023-24536, CVE-2023-24537, CVE-2023-24538.


Dataproc now supports the usage of cross-project service account.

Autoscaler recommendation reasoning details are available now in Cloud Logging logs.

Default batch TTL is set to 4 hours for Dataproc Serverless for Spark runtime version 2.1.


Dialogflow CX now supports intent import/export and training phrase import.

Document AI

Launched the following features to improve the usability of the Document AI Workbench Custom Document Extractor (CDE):

  • CDE now supports an additional 42 global languages.
  • CDE lets you import processor versions across projects and processors to easily manage development and production environments.
  • CDE can automatically label documents in a dataset by using a deployed processor version to help you quickly prepare training data.

Document AI Workbench Custom Document Extractor (CDE) has also made the following enhancements:

  • The asynchronous prediction API can now extract data from documents up to 200 pages long.
  • Improved the accuracy of extracting checkboxes.


count() queries are now supported at the General Availability level.

Google Cloud Armor 


Google Cloud Armor now supports rate limiting based on multiple keys in General Availability. For more information, see Apply rate limiting. 


Google Cloud VMware Engine 

VMware Engine adds a VPC Service Controls guided opt-in and policy export that enables you to attach VMware Engine services to a new or existing VPC Service Controls perimeter. For more information, see VPC Service Controls.

Memory Store for Memcached

 Added support for Committed use discounts for Memorystore.

Storage Transfer Service

Storage Transfer Service now publishes the IP ranges from which it makes requests to your AWS or Azure storage resources when performing a transfer. This allows you to restrict your resources by IP, and still allow Storage Transfer Service access.

For details, see the IP restrictions section of the following documents:


Microsoft Azure Releases And Updates
Source: azure.microsoft.com


Generally Available: Operation Abort in AKS

You can now abort long running operations in AKS via the CLI.

Generally Available: Inbound IP restrictions for Azure Container Apps

You can now restrict inbound traffic by IP without using a custom solution.

Public preview: Session affinity for Azure Container Apps

You can now enable session affinity without writing code.

Generally Available: TCP support for Azure Container Apps

You can now expose arbitrary TCP ports from your container apps.

Generally available: Synthetic GraphQL


With Synthetic GraphQL, customers can create GraphQL APIs using their existing REST and SOAP APIs, allowing them to modernize their application API stack with minimal effort.

Generally available: API Management Authorizations

API Management Authorizations are now generally available, providing a simple and reliable way to unbundle and abstract authorizations from web APIs.

Public Preview: Support for Azure VMs using Premium SSD v2 in Azure Backup

Public preview for the support for Azure VMs using Premium SSD v2 in Azure Backup.

Azure Service Fabric 9.1 Third Refresh Release

This release includes new features and fixes.

Generally available: Cross-region service endpoints for Azure Storage

You can now connect Storage Accounts to Virtual Networks in all regions using global service endpoints (cross-region service endpoints).

 Preview: Introducing DCesv5 and ECesv5-series Confidential VMs with Intel TDX

This week, announced the expansion of our Confidential VM family with the launch of the DCesv5-series and ECesv5-series in preview. Featuring 4th Gen Intel® Xeon® Scalable processors, these VMs are backed by an all-new hardware-based Trusted Execution Environment called Intel® Trust Domain Extensions (TDX). Organizations can use these VMs to seamlessly bring confidential workloads to the cloud without any code changes to their applications.




Have you tried Hava automated diagrams for AWS, Azure, GCP and Kubernetes.  Get back your precious time and sanity and rid yourself of manual drag and drop diagram builders forever.

Not knowing exactly what is in your cloud accounts, or those of your client's can be a worry. What exactly is running in there and what is it costing? What obsolete resources are you still being charged for? What legacy dev/test environments can be switched off? What open ports are inviting in hackers? You can answer all these questions with Hava.
Hava automatically generates accurate fully interactive cloud infrastructure and security diagrams when connected to your AWS, Azure, GCP accounts or stand alone K8s clusters. Once diagrams are created, they are kept up to date, hands free. 

When changes are detected, new diagrams are auto-generated and the superseded documentation is moved to a version history. Older diagrams are also interactive, so can be opened and individual resources inspected interactively, just like the live diagrams.
Check out the 14 day free trial here (No credit card required and includes a forever free tier):

Learn More!


Topics: aws azure gcp news
Team Hava

Written by Team Hava

The Hava content team