In Cloud Computing This Week [Apr 28th 2023]

AWS Lambda now supports Java 17 as both a managed runtime and a container base image. Developers creating serverless applications in Lambda with Java 17 can take advantage of new language features including Java records, sealed classes and multi-line strings. The Lambda Java 17 runtime also has numerous performance improvements, including optimizations when running Lambda functions on Graviton 2 processors.

It supports AWS Lambda Snap Start (in supported Regions) for fast cold starts, and the latest versions of the popular Spring Boot 3 and Micronaut 4 application frameworks. For more information on Lambda’s support for Java 17, see our blog post at Java 17 runtime now available in AWS Lambda.

To deploy Lambda functions using Java 17, upload the code through the Lambda console and select the Java 17 runtime. You can also use the AWS CLI, AWS Serverless Application Model (AWS SAM) and AWS CloudFormation to deploy and manage serverless applications written in Java 17. Additionally, you can also use the AWS-provided Java 17 base image to build and deploy Java 17 functions using a container image.

To migrate existing Lambda functions running earlier Java versions, review your code for compatibility with Java 17 and then update the function runtime to Java 17 when redeploying you function.

This runtime is based on the AWS Corretto distribution of OpenJDK. AWS will automatically apply updates to the Java 17 managed runtime and to the AWS-provided Java 17 base image, as they become available.

AWS are excited to announce Amazon CloudWatch Logs data protection is now available in Middle East (UAE), Asia Pacific (Hyderabad), Europe (Spain), Europe (Zurich), and Asia Pacific (Melbourne). Data protection is a feature that leverages pattern matching and machine learning capabilities to detect and protect sensitive log data-in-transit.

Amazon CloudWatch Logs enables you to centralize the logs from all of your systems, applications, and AWS services, in a single, highly scalable service. With log data protection in Amazon CloudWatch Logs, you can now detect and protect sensitive log data in-transit such as, Credit Card Numbers or Government ID’s logged by your systems, and applications.

Start discovering and masking sensitive data in Amazon CloudWatch Logs using the AWS Software Development Kit (SDK), AWS Command Line Interface (CLI), AWS CloudFormation templates, or CloudWatch in the AWS Management Console.

AWS Network Firewall now supports Transport Layer Security (TLS) inspection for ingress VPC traffic in 8 additional regions for a total of 10 regions. Starting today, you can use AWS Network Firewall to decrypt, inspect, and re-encrypt inbound TLS traffic in Asia Pacific (Sydney), Asia Pacific (Jakarta), Asia Pacific (Mumbai), Asia Pacific (Singapore), Asia Pacific (Tokyo), Europe (Ireland), Europe (Stockholm), Europe (Frankfurt), South America (Sao Paulo), and US East (N. Virginia).

AWS Network Firewall is a managed firewall service that makes it easy to deploy essential network protections for all your Amazon VPCs. Starting today, you can decrypt TLS sessions and inspect inbound VPC traffic without having to deploy and manage any additional network security infrastructure in these additional regions.

Fleet Manager now enables a console-based management experience for Windows instances in the AWS GovCloud (US) Regions. This feature provides customers a full graphical interface to setup secure connections to and manage Windows instances. You no longer need to install additional software, set up additional servers, or open direct inbound access to ports on the instance.

Fleet Manager is a console based experience in Systems Manager that provides you with visual tools to manage your Windows, Linux, and macOS servers. Fleet Manager now provides a simple browser-based means to access Windows servers using Remote Desktop Protocol, or RDP, with security protocols.

Remote Desktop Protocol (RDP) connections into Windows servers are established through a few simple steps in the console providing access to your server or server-based application. With this feature, you can simultaneously open connections to multiple servers at once and access them from the same console removing the need to switch back and forth between tabs.

This week, Amazon Location Service added support for long distance matrix routing, making it easier for customers to quickly calculate driving time and driving distance between multiple origins and destinations, no matter how far apart they are. Developers can now make a single API request to calculate up to 122,500 routes (350 origins and 350 destinations) within a 180 km region or up to 100 routes without any distance limitation.

With Amazon Location’s matrix routing, developers can reduce the latency associated with multiple routing calculations, allowing them to simplify their code and improve the experience of their customers. For example, an application that plans delivery routes from warehouses to retail locations can now use Amazon Location’s matrix routing to request the driving time and distance between locations hundreds of kilometers apart, by making one request for up to 100 route calculations.

Amazon Location Service is a fully managed service that helps developers easily and securely add maps, points of interest, geocoding, routing, tracking, and geofencing to their applications without compromising on data quality, user privacy, or cost. With Amazon Location Service, you retain control of your location data, protecting your privacy and reducing enterprise security risks.

Amazon MQ now provides support for RabbitMQ version 3.10.20 and RabbitMQ 3.9.27, which include several important fixes and performance optimizations to the previously supported versions. Amazon MQ is a managed message broker service for Apache ActiveMQ and RabbitMQ that makes it easier to set up and operate message brokers on AWS.

You can reduce your operational burden by using Amazon MQ to manage the provisioning, setup, and maintenance of message brokers. Because Amazon MQ connects to your current applications with industry-standard APIs and protocols, you can more easily migrate to AWS without having to rewrite code.

If you are running a version of RabbitMQ earlier than 3.10.20 or 3.9.27, AWS encourage you to upgrade to the latest versions to get access to the latest security, performance and feature enhancements. This can be accomplished with just a few clicks in the AWS Management Console. If your broker has automatic minor versions upgrade enabled and is currently running version 3.10.10 or 3.10.17, Amazon MQ will automatically upgrade the broker to version 3.10.20 during a future maintenance window.

To learn more about upgrading, please see - Managing Amazon MQ for RabbitMQ engine versions in the Amazon MQ Developer Guide. This new version is available in all regions where Amazon MQ is available. For a full list of available regions see the AWS Region Table.

This week Amazon OpenSearch Service announces Amazon OpenSearch Ingestion, a new fully managed data ingestion tier that allows you to ingest and process petabyte-scale data before indexing it in OpenSearch-managed clusters or serverless collections. OpenSearch Ingestion provides a no-code capability to filter, transform, redact, and route data prior to indexing it in OpenSearch. OpenSearch Ingestion automatically provisions and scales the underlying resources for even the most demanding and unpredictable workloads. 

OpenSearch Ingestion is powered by OpenSearch Data Prepper, an open-source, data pipeline for preprocessing telemetry data (logs, distributed traces, and metrics) to prepare it for analysis and visualization in OpenSearch.

OpenSearch Ingestion can be used as an alternate to self-managing Logstash or other streaming data pipelines. Because OpenSearch Ingestion is a fully managed serverless service, it removes the complexities of managing a multi-node cluster for data ingestion like choosing the right instance types, applying security patches, and adding or removing nodes to optimize for data volume fluctuations, enabling your team to focus on more critical work.

To get started with OpenSearch Ingestion, you can create a pipeline in the AWS Management Console and define your source, processors, and the destination cluster or collection. You can also start from a blueprint for the most common ingestion use cases.

This week, AWS announced the general availability of Amazon SageMaker with TensorBoard, which provides a hosted TensorBoard experience. This launch allows you to use TensorBoard to visualize and debug model convergence issues for Amazon SageMaker training jobs. 

TensorBoard is an observability tool commonly used by data scientists to track model accuracy and log loss on training and validation sets. With this capability, data scientists can save development time by visualizing the model architecture to identify and remediate convergence issues, such as validation loss not converging or vanishing gradients.

Further, the access and management of this capability is automated using Amazon SageMaker Python SDK. By providing TensorBoard as a hosted experience, data scientists will gain optimized S3 read access for TensorBoard log data and will not have to manually install and configure TensorBoard.

Amazon SageMaker with TensorBoard is available in the following regions: US East (Ohio), US East (N. Virginia), US West (Oregon), Europe (Frankfurt), and Europe (Ireland) using ml.r5.large instance types. AWS are providing SageMaker with TensorBoard for free for the next 2 months to all SageMaker customers. Please see here information on pricing that will apply following the 2 month period.

This week, AWS AppSync released enhanced support for TypeScript in JavaScript resolvers, along with integrated support for source maps in bundled JavaScript code. Plus, they’ve released updated guidance to help you during your development process, and are updating the AppSync utility library to provide better type and generics support.

Developers love writing their code in TypeScript, an extension of JavaScript. It is designed to provide a better developer experience with compile-time type safety and enhanced auto-completion support in most IDEs. With this update, you can take advantage of TypeScript features when you write JavaScript resolvers.

With the updated libraries, you get improved support for types and generics in AppSync’s utility functions. The updated AppSync documentation provides guidance on how to get started and how to bundle your code when you want to use TypeScript or work in a multi file configuration.

When working in a multi-file configuration, AppSync now allows you to provide a source map in your AppSync resolver or function code. With source maps, you can see the original source file name and location when you log data to Amazon Cloudwatch Logs, and in reported runtime errors.

AWS Global Accelerator now supports traffic through two new AWS edge locations in Lima, Peru and Nashville, Tennessee (United States). With the addition of these two edge locations, Global Accelerator is now available through 106 Points of Presence globally and supports application endpoints in 21 AWS Regions.

AWS Global Accelerator is a service that improves the availability, security, and performance of your internet-facing applications. By using the congestion-free AWS network, end-user traffic to your applications benefits from increased availability, DDoS protection at the edge, and higher performance relative to public internet.

Global Accelerator provides static IP addresses that act as fixed entry endpoints for your application resources in one or more AWS Regions, such as your Application Load Balancers, Network Load Balancers, Amazon EC2 instances, or Elastic IPs. Global Accelerator continually monitors the health of your application endpoints and offers deterministic fail-over for multi-region workloads without any DNS dependencies.

Contact Lens for Amazon Connect now provides a set of evaluation capabilities (GA) that enable contact center managers to create evaluation forms with criteria (e.g., agent adherence to talk scripts or compliance with sensitive data collection practices) that can be scored using Contact Lens’ machine learning powered speech analytics, and view aggregated agent performance results.

Contact centers can also use public APIs to ingest data (e.g., customer satisfaction scores, sales records, etc.) from third-party sources such as CSAT survey tools or CRM systems, and have all relevant agent performance data and insights across cohorts of agents over time, in a single easy-to-use web interface.

Managers can now assess aggregated agent performance results alongside contact details, recordings, transcripts, and summaries, without the need to switch applications. They can receive automated notifications when an evaluation is completed, and can search for evaluation results based on a set of criteria such as evaluation scores.

These alerts and analytics enable managers to assess more agent/customer interactions while reducing the amount of time they spend identifying performance issues and coaching agents to perform their best.

AWS are announcing the general availability of AWS DataSync Discovery, giving you visibility into on-premises storage performance and utilization, and providing recommendations to simplify and accelerate data migration to AWS. DataSync Discovery enables you to understand your on-premises storage performance and capacity through automated data collection and analysis.

It helps you quickly identify data to be migrated and evaluate suggested AWS Storage services that align to your performance and capacity needs. Capabilities added since preview include support for NetApp ONTAP 9.7, recommendations at cluster and storage virtual machine (SVM) levels, and discovery job events in Amazon EventBridge.

To get started, configure DataSync Discovery to connect to your on-premises storage and then run discovery jobs to collect information about your storage system. While your discovery jobs run, you can view collected information on dashboards in the console. When completed, you can generate recommendations for migrating your resources to AWS Storage services such as Amazon FSx for NetApp ONTAP, Amazon FSx for Windows File Server, or Amazon Elastic File System (EFS).

These recommendations help you select the optimal AWS Storage service and you can then use AWS DataSync to move your data to your selected storage service. DataSync Discovery provides a fully managed discovery process for on-premises storage systems, minimizing the time, effort, and costs associated with planning and executing data migrations to AWS.

If you deliver multichannel audio experiences, you can now use AWS Elemental Link UHD to pass through Dolby Digital and Dolby Digital Plus audio to your AWS Elemental MediaLive channel.

Dolby Digital and Dolby Digital Plus are established audio technologies used to deliver surround sound experiences for home theater, broadcast, and cinema. Dolby Digital supports stereo/2.0 to 5.1 channels, and Dolby Digital Plus supports up to 7.1 channels.

For more information on how MediaLive takes advantage of Dolby Digital and Digital Plus audio passthrough for Link UHD, visit MediaLive audio sources. Dolby passthrough support is available at no additional cost.

AWS Resource Access Manager (AWS RAM) now supports customer managed permissions so you can author and maintain fine-grained resource access controls for supported resource types. AWS RAM helps you securely share your resources across AWS accounts, within your organization or organizational units (OUs), and with AWS Identity and Access Management (IAM) roles and users. With customer managed permissions, you can apply the principles of least privilege, or the minimum permissions required to perform a task.

You can now define the granularity of your customer managed permissions by precisely specifying who can do what under which conditions for the resource types included in your resource share. For example, as a cloud security admin, you can author tailored customer managed permissions for Amazon Virtual Private Cloud IP Address Manager (IPAM) pools, which help manage your IP addresses at scale.

Then the network admin can share the IPAM pools using the tailored permissions so that developers can assign IP addresses but not view the range of IP addresses other developer accounts assign. For granting access to sensitive actions such as viewing the IP address range in an IPAM pool, you can add conditions such as requiring the actions are performed by users authenticated using multi-factor authentication.

Amazon Keyspaces (for Apache Cassandra), a scalable, serverless, highly available, and fully managed Apache Cassandra-compatible database service, now supports the use of the IN operator in SELECT queries of Cassandra Query Language (CQL).

This week, Amazon Keyspaces added support for the IN operator in CQL SELECT queries. This support allows Cassandra developers to write queries that are less complex and more compatible with Cassandra. Additionally, support for the IN operator in SELECT queries provides an easier way to filter and access data that is spread over multiple partitions.

The IN operator for SELECT is available in all commercial AWS Regions and the AWS GovCloud (US) Regions where AWS offers Amazon Keyspaces. If you’re new to Amazon Keyspaces, the getting started guide shows you how to provision a keyspace and explore the query and scaling capabilities of Amazon Keyspaces.

Amazon SageMaker Python SDK is an open source library for training and deploying machine-learning models on Amazon SageMaker. AWS are excited to announce SageMaker Python SDK now helps data scientists execute any local ML code authored in their preferred IDE and local notebooks along with the associated runtime dependencies as large-scale ML model training jobs with minimal code changes.

Data scientists need to add only a line of code (a Python decorator) to their local ML code and SageMaker Python SDK takes their code, datasets, and workspace environment setup and runs it as a SageMaker Training job. This decorator mode helps data scientists start their ML workflows on SageMaker more easily by reducing the need for custom code constructs and environment variable management.

Further, this enhancement to local code to jobs experience reduces the time spent on container management via auto-capture and replication of local runtime so that data scientists can spend lesser time recreating their local environment in production-grade jobs. 

AWS are excited to announce the General Availability of AWS IoT Core Device Advisor support for MQTT over WebSocket. AWS IoT Core Device Advisor is a cloud-based, fully managed test capability that validates AWS IoT device software for reliable and secure connectivity with AWS IoT Core. With this update, customers can run all three test suites of AWS IoT Core Device Advisor - qualification, custom, and long duration tests - using Signature Version 4 for MQTT over WebSocket. Signature Version 4 is a protocol for authenticating inbound API requests to AWS services, in all AWS Regions. 

In addition, all existing connectivity and security test cases within AWS IoT Device Advisor now support MQTT3.1.1 and MQTT5 over WebSocket, making it easier for customers to validate MQTT functionality during device software development before on-boarding them to AWS IoT Core. 

AWS IoT Core Device Advisor is a regional service which is accessible globally but is hosted in US East (N. Virginia), US West (Oregon), Asia Pacific (Tokyo) and Europe (Ireland) regions.

AWS Glue Crawlers extract the data schema and partitions from Amazon S3 and populate the AWS Glue Data Catalog, keeping metadata current. Today, AWS Glue Crawler support is expanded to automatically add partition indexes for newly discovered tables that will help analytics services such as Amazon Athena and AWS Glue to optimize partition processing to help with query performance on highly partitioned tables. 

The number of partitions in a given table can grow significantly over time. As analytics services like Amazon Athena query a table containing millions of partitions, the time needed to retrieve the partition increases and can cause query runtime to increase. With this release, when the AWS Glue Crawler creates a new AWS Glue Data Catalog table, it will also create a partition index by default without needing to create it manually.

The AWS Glue Data Catalog will then create a fast, searchable index based on the partition index keys, reducing the time required to retrieve and filter partition metadata on tables with millions of partitions. The creation of partition indexes benefits the analytics workloads running on Amazon Athena, Amazon EMR, Amazon Redshift Spectrum, and AWS Glue.

This week, AWS announces the general availability of AWS Support in Korean in all commercial regions. Customers can now select Korean, in addition to Chinese, English, and Japanese as their preferred language to interact with our team of support engineers and customer service representatives. Customers will receive personalized support in the language of their choice with predictable response times as per their Support plan at no additional cost.

AWS customers with the Enterprise, Enterprise On-Ramp, or Business Support plan can get technical support in Korean 24/7. AWS customers with the Developer Support plan can receive technical support in Korean during business hours generally defined as 8:00 AM to 6:00 PM in the customer country as set in My Account console, excluding holidays and weekends.

These times may vary in countries with multiple time zones. Account and billing support in Korean is available to AWS customers during 9:00 AM to 6:00 PM Korean Standard time (UTC+9), excluding holidays and weekends.

AWS License Manager announces a new feature to upgrade EC2 instances with Ubuntu LTS (Long Term Support) operating system to Ubuntu Pro. With Ubuntu Pro subscription, customers get five years of Expanded Security Maintenance (ESM) on the Ubuntu LTS releases from Canonical. Using this License Manager feature, customers can upgrade their Ubuntu LTS instances in-place to Ubuntu Pro without needing to migrate to a new Ubuntu Pro Amazon Machine Image (AMI). For the use of upgraded EC2 instances with Ubuntu Pro, you will be charged on a per-second basis at the applicable On-Demand or Savings Plan rates for Ubuntu Pro.

In addition to five more years of security maintenance, Ubuntu Pro provides features such as security coverage for approximately 23000+ packages in Ubuntu Universe repository and live kernel patching. For example, Ubuntu 18.04 LTS will reach end of standard support on May 31, 2023. You can upgrade the Ubuntu 18.04 LTS instances to Ubuntu Pro 18.04 LTS in License Manager to receive security updates until April 2028. To learn more about Ubuntu Pro on EC2, please see this announcement.

This feature is available in all AWS Regions where AWS License Manager is available, except the AWS GovCloud(US) and China Regions. To get started, visit AWS License Manager console, choose License type conversion from the left pane and select ‘Create license type conversion’. You can select ‘Ubuntu’ as the Source Operating System and follow the steps mentioned in the AWS License Manager user guide to upgrade to Ubuntu Pro.

You can now add data overlays and text annotations in the AWS IoT TwinMaker Scene Composer. Data overlay and text annotations provide context in scenes like access to key performance metrics and sensor data, making it easier to navigate your twins and monitor your facilities with AWS IoT TwinMaker.

Data overlay allows you to add data overlay panels to existing tags in your scenes. The data overlay panel can show text descriptions of equipment, sensor metrics, hyperlink to specification sheet, and other data supported by markdown format. Dataoverlay consolidates information from different data panels in your dashboard so you can click on tags and review key performance metrics in the AWS IoT TwinMaker Scene Viewer. You can also open multiple data overlay panels to monitor different objects at the same time. In this way, data overlay helps you monitor operating facilities more efficiently.

Text annotation allows you to place text labels in your scenes and provide context through labels, descriptions, instructions and more. For example, you can display the name of a device on its 3D model, label the product name on its production line or describe a inspection checklist. Text annotation makes it easier to navigate, understand and investigate complex scenes.

Starting today, Amazon EC2 High Memory instances with 6TiB (u-6tb1.56xlarge, u-6tb1.112xlarge) of memory are now available in the Europe (Zurich) Region. Customers can start using these new High Memory instances with On Demand and Savings Plan purchase options.

Amazon EC2 High Memory instances are certified by SAP for running Business Suite on HANA, SAP S/4HANA, Data Mart Solutions on HANA, Business Warehouse on HANA, and SAP BW/4HANA in production environments. For details, see the Certified and Supported SAP HANA Hardware Directory.

For information on how to get started with your SAP HANA migration to EC2 High Memory instances, view the Migrating SAP HANA on AWS to an EC2 High Memory Instance documentation. To hear from Steven Jones, GM for SAP on AWS on what this launch means for our SAP customers, you can read his launch blog.

Starting today, customers with multiple organizational units (OU’s), and accounts can now create up to 10 AWS Firewall Manager administrator accounts from AWS Organizations service to manage their firewall policies. Customers can delegate responsibility for firewall administration at a granular scope by restricting access based on OU, account, policy type, and region, thereby enabling policy management tasks to be implemented faster and more effectively.

With administrative scope extending to policy types, customers can assign responsibility for managing particular firewall policies to users who have expertise in different AWS services, such as AWS WAF or AWS Network Firewall. Also, using centralized controls, default administrators can establish baseline security policies across multiple accounts while enabling application developers to manage their own policies under separate administrator accounts.

Application Manager, a capability of AWS Systems Manager that helps DevOps engineers investigate and remediate issues in the context of their applications, now supports AWS CDK applications. Customers who use CDK to model their cloud infrastructure can view their CDK constructs grouped as applications in the Application Manager console. 

Application Manager enables customers to monitor the operational status, metrics, and compliance of their applications from a central console through integration with Amazon CloudWatch and AWS Config. The new feature extends this experience to AWS CDK customers. CDK customers can now visualize their application, view application structure including the underlying resources, view alerts, investigate and remediate operational issues, and track costs using Application Manager.

App Engine standard environment Go

App Engine standard environment Java

App Engine standard environment Python

Apigee X

Effective May 31, 2023, the default value for the OAuthv2 policy RefreshTokenExpiresIn element has new behavior. Starting May 31, RefreshTokenExpiresIn defaults to '30' for all policies where this element is not set.

Container Optimised OS

Updated app-admin/google-osconfig-agent to 20230403.00.

Upgrade app-misc/jq to v1.7_pre20201109-r1

Updated the Linux kernel to v6.1.25.

Fallback to installing compatible drivers when installer is invoked for certain GPU devices and incompatible drivers.

Added Restart=always to chronyd config.

Updated containerd to v1.7.0.

Upgraded sys-fs/lvm2 to v2-2.03.20.

Upgraded net-libs/libnetfilter_conntrack to v1.0.9-r1.

Upgraded sys-apps/coreutils to v9.3.

Upgraded net-firewall/iptables to v1.8.9.

Upgraded sys-fs/e2fsprogs to v2fsprogs-1.47.0-r1.

Updated dev-lang/go to v1.20.3. This resolves CVE-2023-24536, CVE-2023-24537, CVE-2023-24538.

Firestore