Hava Blog and Latest News

In Cloud Computing This Week [Apr 29th 2022]

Written by Team Hava | April 29, 2022

This week's roundup of all the cloud news.

 

Here's a cloud round up of all things Hava, GCP, Azure and AWS for the week ending Friday 29th April 2022

To stay in the loop, make sure you subscribe using the box on the right of this page.

Of course we'd love to keep in touch at the usual places. Come and say hello on:

Facebook.      Linkedin.     Twitter.

AWS Updates and Releases

Source: aws.amazon.com

Amazon Polly now offers a new Neural TTS voice in Brazilian Portuguese

Amazon Polly is a service that turns text into lifelike speech. This week, AWS were excited to announce the general availability of a neural version of Vitória, Polly’s Brazilian Portuguese female text to speech (TTS) voice.

TTS voices simplify the way you can create, implement, update, and maintain your speech-enabled applications and products. You can use Amazon Polly to enhance the user experience and improve the accessibility of your text content with the power of voice. Common use cases include interactive voice response (IVR) systems, audiobooks, newsreaders, eLearning content, and virtual assistants.

Amazon Polly launched the Brazilian Portuguese voice Vitória using standard technology in 2016, and as of today a neural version of Vitória is also available. The new voice offers a more natural sounding rhythm, intonation, and sound articulation. In addition to Vitória, Polly also offers a second Brazilian Portuguese neural voice, Camila.

AWS Network Firewall now supports AWS Managed Threat Signatures

AWS Network Firewall now supports AWS Managed Threat Signatures to detect threats and block attacks against known vulnerabilities so you can stay up to date on the latest security threats without writing and maintaining your own rules.

AWS Network Firewall’s flexible rules engine lets you define firewall rules that give you fine-grained control over network traffic. Starting today, you can enable stateful managed rules for intrusion detection and prevention signatures that protect against threats such as malware, botnets, web attacks, and emerging events. You have full visibility into managed threat signature rule content across 11 categories. You can select managed rule groups to add to your AWS Network Firewall policies, or you can copy and modify rule groups to meet your specific needs. AWS Network Firewall provides notifications of managed rule group updates through Amazon Simple Notification Service (SNS).

Clone AWS Launch Wizard inputs to simplify future SAP deployments

AWS Launch Wizard now allows you to clone the inputs when you deploy an SAP system for use in future deployments. In most cases, the majority of these parameters will remain the same across deployments. Today’s launch eliminates the need to re-enter every parameter manually for subsequent deployments, allowing you to save time and reduce error by instead focusing on the few that make each deployment unique.

For instance, when you deploy your production system, you can clone the parameters from your pre-production system also deployed with AWS Launch Wizard. Launch Wizard will pre-populate those parameters, and all you have to do is change the few that are unique to the production system like SAPSID, instance numbers, and host name, while keeping common components like the SAP software and infrastructure the same.

Amazon RDS for PostgreSQL now supports M6i and R6i instances with new instance sizes up to 128 vCPUs and 1,024 GiB RAM

Amazon Relational Database Service (Amazon RDS) for PostgreSQL, version 11 and higher, now supports M6i and R6i instances. M6i instances are the 6th generation of Amazon EC2 x86-based General Purpose compute instances, designed to provide a balance of compute, memory, storage, and network resources. R6i instances are the 6th generation of Amazon EC2 memory optimized instances, designed for memory-intensive workloads. Both M6i and R6i instances are built on the AWS Nitro System, a combination of dedicated hardware and lightweight hypervisor, which delivers practically all of the compute and memory resources of the host hardware to your instances.

M6i and R6i instances are powered by 3rd generation Intel Xeon Scalable processors with an all-core turbo frequency of 3.5 GHz, delivering up to 20% better transaction throughput over equivalent M5 and R5 instances. To meet customer demands for increased scalability, M6i and R6i instances provide a new instance size of 32xlarge with 128 vCPUs and 33% more memory than the largest M5 and R5 instances. M6i.32xlarge has 512 GiB of memory and R6i.32xlarge has 1,024 GiB of memory. They also provide up to 20% higher memory bandwidth per vCPU compared to the previous 5th generation instances. These instances give customers up to 50 Gbps of networking speed and 40 Gbps of bandwidth to the Amazon Elastic Block Store (Amazon EBS), 2x that of M5 and R5 instances.

Amazon Rekognition introduces Streaming Video Events to provide real-time alerts on live video streams

This week, AWS announced the general availability of Amazon Rekognition Streaming Video Events, a fully managed service for camera manufacturers and service providers that uses machine learning (ML) to detect objects such as people, pets, and packages in live video streams from connected cameras. Amazon Rekognition Streaming Video Events sends them a notification as soon as the desired object is detected in the live video stream. With these event notifications, service providers can send timely and actionable smart alerts to their users such as “Pet detected in the backyard,” enable home automation experiences such as turning on garage lights when a person is detected, build custom in-app experiences such as a smart search to find specific video events of packages without scrolling through hours of footage, or integrate these alerts with Echo devices for Alexa announcements such as “A package was detected at the front door” when the doorbell detects a delivery person dropping off a package – all while keeping cost and latency low. Learn more about Amazon Rekognition Streaming Video Events.

Many camera manufacturers and security service providers offer home security solutions that include doorbells, indoor and outdoor cameras, and value-added notification services to help their users understand what is happening on their property. Cameras with built-in motion detectors are placed at entry or exit points of the home to notify users of any activity in real time, such as “Motion detected in the backyard.” However, motion detectors are noisy, can be set off by innocuous events like wind and rain, creating notification fatigue, and resulting in clunky home automation setup. Building the right user experience for smart alerts, search, or even browsing video clips requires ML and automation that is hard to get right and can be expensive.

Amazon Rekognition Streaming Video Events lowers the costs of value-added video analytics by providing a low-cost, low-latency, fully managed ML service that can detect objects (such as people, pets, and packages) in real time on video streams from connected cameras. The service starts analyzing the video clip only when a motion event is triggered by the camera and sends a notification as soon as the desired object is detected.

Amazon MSK Serverless is now generally available

AWS are pleased to announce the general availability of Amazon MSK Serverless, a type of Amazon MSK cluster that makes it easier for developers to run Apache Kafka without having to manage capacity. MSK Serverless automatically provisions and scales compute and storage resources and offers throughput-based pricing, so you can use Apache Kafka on demand and pay for the data you stream and retain.

With a few clicks in the AWS management console, you can set up secure and highly available clusters that automatically scale as your application I/O scales. MSK Serverless is fully compatible with Apache Kafka, so you can run existing applications without any code changes or create new applications using familiar tools and APIs. With pay-as-you-go pricing, there are no upfront commitments or minimum fees. You pay an hourly rate per cluster and an hourly rate for each partition that you create. Additionally, you pay per GB of data throughput and storage. MSK Serverless also provides private connectivity via AWS PrivateLink, secure client access via AWS Identity and Access Management (IAM), serverless stream processing and analytics via Amazon Kinesis Data Analytics and AWS Lambda, and schema evolution control via AWS Glue Schema Registry. In addition to these features, MSK Serverless is compliant with GDPR and provides a 99.9% availability SLA.

Amazon RDS for MySQL now supports M6i and R6i instances with new instance sizes up to 128 vCPUs and 1,024 GiB RAM

Amazon Relational Database Service (Amazon RDS) for MySQL version 8.0 now supports M6i and R6i instances. M6i instances are the 6th generation of Amazon EC2 x86-based General Purpose compute instances, designed to provide a balance of compute, memory, storage, and network resources. R6i instances are the 6th generation of Amazon EC2 memory optimized instances, designed for memory-intensive workloads. Both M6i and R6i instances are built on the AWS Nitro System, a combination of dedicated hardware and lightweight hypervisor, which delivers practically all of the compute and memory resources of the host hardware to your instances.

M6i and R6i instances are powered by 3rd generation Intel Xeon Scalable processors with an all-core turbo frequency of 3.5 GHz, delivering up to 20% better transaction throughput over equivalent M5 and R5 instances. To meet customer demands for increased scalability, M6i and R6i instances provide a new instance size of 32xlarge with 128 vCPUs and 33% more memory than the largest M5 and R5 instances. M6i.32xlarge has 512 GiB of memory and R6i.32xlarge has 1,024 GiB of memory. They also provide up to 20% higher memory bandwidth per vCPU compared to the previous 5th generation instances. These instances give customers up to 50 Gbps of networking speed and 40 Gbps of bandwidth to the Amazon Elastic Block Store (Amazon EBS), 2x that of M5 and R5 instances.

AWS Service Catalog support for the AWS Cloud Development Kit (AWS CDK) is now available

AWS Service Catalog constructs for the AWS Cloud Development Kit (AWS CDK) are now available. Service Catalog administrators can now define their catalog in code within a CDK application that deploys through AWS CloudFormation. They can also define a Service Catalog product entirely in code in CDK without having to upload and reference CloudFormation templates in Amazon Simple Storage Service (Amazon S3) or AWS CodeCommit first.

Introducing Amazon EC2 I4i instances

Amazon Web Services (AWS) announces the general availability of Amazon EC2 I4i instances. Designed for storage I/O intensive workloads, I4i instances are powered by 3rd generation Intel Xeon Scalable processors (code named Ice Lake) with an all-core turbo frequency of 3.5 GHz, offer up to 30% better compute price performance over I3 instances, and always-on memory encryption using Intel Total Memory Encryption (TME).

I4i instances offer up to 30 TB of NVMe storage from AWS Nitro SSDs. Nitro SSDs are NVMe-based and custom-designed by AWS to provide high I/O performance, low latency, minimal latency variability, and security with always-on encryption. I4i instances provide up to 60% lower storage I/O latency, and 75% lower storage I/O latency variability compared to I3 instances. These instances deliver the highest local storage performance within Amazon EC2 and are designed for databases such as MySQL, Oracle DB, and Microsoft SQL Server, and NoSQL databases such as MongoDB, Couchbase, Aerospike, and Redis where low latency local NVMe storage is needed in order to meet application service level agreements (SLAs). I4i instances are built on the AWS Nitro System, a combination of dedicated hardware and lightweight hypervisor, which delivers practically all of the compute and memory resources of the host hardware to your instances.

Get insights into Data and Data Quality with Amazon SageMaker Data Wrangler

Amazon SageMaker Data Wrangler reduces the time it takes to aggregate and prepare data for machine learning (ML) from weeks to minutes. With SageMaker Data Wrangler, you can simplify the process of data preparation and feature engineering, and complete each step of the data preparation workflow, including data selection, cleansing, exploration, and visualization from a single visual interface. With SageMaker Data Wrangler’s data selection tool, you can quickly select data from multiple data sources, such as Amazon S3, Amazon Athena, Amazon Redshift, AWS Lake Formation, Amazon SageMaker Feature Store, Databricks Delta Lake, and Snowflake.

AWS Snow Family now enables you to remotely monitor and operate your connected Snowball Edge devices

AWS Snowball customers can now remotely monitor and operate their devices from AWS OpsHub or the AWS Command Line Interface (CLI). This enables customers to manage one or thousands of Snowball Edge devices, even when they are geographically dispersed. For Snowball Edge devices connected to the network, customers can remotely view a central dashboard to see whether a device is online, is unlocked, and monitor usage metrics such as available storage and compute capacity. Additionally, customers can now remotely unlock or reboot devices deployed in the field.

Before this launch, customers were able to manage Snowball Edge devices that were physically present and on the same local network. As customers expand the number of sites they deployed Snowball Edge devices to, they want a scalable way to manage all their devices from one central place without having to be physically present with the devices. With this launch, Snowball Edge devices can now be securely connected to an AWS region to enable customers to view information about all their devices in a single dashboard and to remotely reboot or unlock devices.

Amazon Route 53 Resolver endpoints for hybrid cloud Are Now Available in the Asia Pacific (Jakarta) Region

You can now use Amazon Route 53 Resolver endpoints for hybrid cloud configurations in the Asia Pacific (Jakarta) Region.

Amazon Route 53 is a highly available and scalable cloud Domain Name System (DNS) service. Amazon Route 53 Resolver endpoints make hybrid cloud configurations easier to manage by enabling seamless DNS query resolution across your entire hybrid cloud. Create DNS endpoints and conditional forwarding rules to allow resolution of DNS namespaces between your on-premises data center and Amazon Virtual Private Cloud (Amazon VPC).

ElastiCache data tiering is now available in 3 additional regions

You can now use data tiering for Amazon ElastiCache for Redis as a lower cost way to scale your clusters to up to hundreds of terabytes of capacity in the Asia Pacific (Mumbai), Canada (Central), and South America (Sao Paulo) Regions. Data tiering provides a new price-performance option for Redis workloads by utilizing lower-cost solid state drives (SSDs) in each cluster node in addition to storing data in memory. It is ideal for workloads that access up to 20% of their overall dataset regularly, and for applications that can tolerate additional latency when accessing data on SSD.

When using clusters with data tiering, ElastiCache is designed to automatically and transparently move the least recently used items from memory to locally attached NVMe SSDs when available memory capacity is completely consumed. When an item that moves to SSD is subsequently accessed, ElastiCache moves it back to memory asynchronously before serving the request. Assuming 500-byte String values, you can expect an additional 300µs latency on average for requests to data stored on SSD compared to requests to data in memory.

ElastiCache data tiering is available when using Redis version 6.2 and above on Graviton2-based R6gd nodes. R6gd nodes have nearly 5x more total capacity (memory + SSD) and can help you achieve over 60% savings when running at maximum utilization compared to R6g nodes (memory only).

Amazon SageMaker Data Wrangler now supports random sampling and stratified sampling

Amazon SageMaker Data Wrangler reduces the time it takes to aggregate and prepare data for machine learning (ML) from weeks to minutes. With SageMaker Data Wrangler, you can simplify the process of data preparation and feature engineering, and complete each step of the data preparation workflow, including data selection, cleansing, exploration, and visualization from a single visual interface. With SageMaker Data Wrangler’s data selection tool, you can quickly select data from multiple data sources, such as Amazon S3, Amazon Athena, Amazon Redshift, AWS Lake Formation, Amazon SageMaker Feature Store, Databricks Delta Lake, and Snowflake.

This week AWS announced the general availability of random sampling of data when importing from S3 and new transforms to create random or stratified samples of your datasets with Amazon SageMaker Data Wrangler in Amazon SageMaker Studio. Previously, you would have to write code to create random samples or stratified samples of their data when preparing data for ML applications. Today, with the random sampling option on import, you can now create a random sample of your data on S3 when importing your data into Data Wrangler. Additionally, with our new transforms for random and stratified sampling, you can create the following types of samples for your data set:

  • Random sample. Random samples are helpful when you have a data set that is too large to prepare interactively. With the random sampling transform you can randomly sample a proportion of your data set to prepare it for machine learning.
  • Stratified sample. Stratified samples are helpful when your data contains a rare event (such as fraudulent credit card transactions which occur much less than one percent of all credit card transactions) and you want to preserve the proportion of the rare event in your sampled data set.
  • First K sample. First K samples create a sample using the first K rows of your data set where K is some number. For example, if K is 1,000 then a sample of would be created containing the first 1,000 rows of your data set. First K sampling are helpful when you only need the correct column schema to prepare your data. An additional benefit of First K sample is that it is an extremely time-efficient operation.

AWS Snow launches Large Data Migration Manager for planning and managing large data migrations from your premises to AWS

This week, AWS Snow Family launched Large Data Migration Manager, a new feature that enables you to plan, track, and manage your large data migrations when using multiple Snowball Edge service products. You can now easily plan and monitor your jobs from a minimum of 500 Terrabytes to petabyte scale data migrations. Using Large Data Migration Manager eliminates the need for you to manually track all of your Snow jobs and the status of their data ingestion.  

The AWS Snow Family Large Data Migration Manager feature collects information about your data migration goals such as the data size to be moved to AWS, and the number of Snow devices you need in order to migrate data simultaneously. The Large Data Migration Manager then creates a projected schedule for your data migration project and recommends a job ordering schedule for your Snow jobs to meet your goals. The projected schedule is automatically adjusted as the project proceeds based on the amount of data ingested and the average time taken to complete a Snow job. Large Data Migration Manager’s projected job schedule allows you to focus on moving your data to AWS without having to worry about manually planning for or creating new Snow job orders. With Snow Large Data Migration Manager, you can now plan and track all your data migration needs and monitor the progress of the data ingestion in a single, centralized dashboard.

Amazon Chime SDK offers API endpoints for media pipeline in Oregon, Frankfurt, and Singapore

Amazon Chime SDK lets developers add intelligent real-time audio, video, screen share, and messaging to their web applications. Media Pipelines allow developers to capture the contents of Amazon Chime SDK WebRTC media sessions to the Amazon Simple Storage Service (Amazon S3) bucket of their choice. Starting today, the Amazon Chime SDK now has media pipeline API endpoints in US West (Oregon), Europe (Frankfurt), and Asia Pacific (Singapore) AWS Regions.

Customers can now use API endpoints in the same AWS Region for both media pipelines and WebRTC media session. This simplifies application architecture, and enables high availability architectures that use API endpoints in multiple AWS Regions. Customers who require endpoints with FIPS 140-2 validated cryptographic modules, now have a choice of US East (Northern Virginia) and US West (Oregon) AWS Regions.

Use IAM to control access to a resource based on the account, OU or organization that contains the resource

This week, AWS Identity and Access Management (IAM) introduced a new way that you can control access to your resources based on the account, Organizational Unit (OU) or organization in AWS Organizations that contains your resources. AWS recommends that you set up multiple accounts as your workloads grow. Using a multi-account environment has several benefits including flexible security controls by isolating workloads or applications that have specific security requirements. With this new IAM capability, you now can author IAM policies to enable your principals to access only resources inside specific AWS accounts, OUs, or organizations.

The new capability includes condition keys for the IAM policy language called aws:ResourceAccount, aws:ResourceOrgPaths, and aws:ResourceOrgID. The new keys support a wide variety of AWS services and actions, so you can apply similar controls across different use cases. For example, you can now easily prevent your IAM principals from assuming any IAM roles outside of your own AWS account, without needing to list any specific IAM roles in your policies. To accomplish this, configure an IAM policy to deny access to AWS Security Token Service (AWS STS) assume role actions unless aws:ResourceAccount matches your unique AWS account ID. With the policy in place, when an AWS STS request is made to an account not listed in the policy, this access is blocked by default. You can attach this policy to an IAM principal to apply this rule to a single role or user, or use service control policies in AWS Organizations to apply the rule broadly across your AWS accounts.

Amazon RDS Data API now supports returning SQL results as a simplified JSON string

Amazon Relational Database Service (Amazon RDS) Data API can now return results in a new simplified JSON format that makes it easier to convert JSON string to an object in your application. Previously, Amazon RDS Data API returned a JSON string as an array of data type and value pairs. This required developers to write custom code to parse the response and extract the values in order to manually translate the JSON string into an object. Instead, the new format returns an array of column names and values, which makes it easier for common JSON parsing libraries to convert the response JSON string to an object. The previous JSON format is still supported and existing applications using Amazon RDS Data API will work unchanged. To learn more about the new format and how to use it see our documentation.

Amazon Interactive Video Service adds stream chat feature

You can now build scalable stream chat rooms with built-in moderation options designed to accompany live streaming video using the new Amazon Interactive Video Service (Amazon IVS) stream chat feature. With this feature, streamers and viewers can build community relationships by asking questions and participating in discussions. Amazon IVS chat provides chat room resource management and a messaging API for sending, receiving, and moderating chat messages. Visit the Amazon IVS chat feature page to learn more.

Amazon Interactive Video Service (Amazon IVS) is a managed live streaming solution that is designed to be quick and easy to set up, and ideal for creating interactive video experiences. Send your live streams to Amazon IVS using the IVS mobile broadcast SDK or standard streaming software such as Open Broadcaster Software (OBS) and the service is designed to provide everything you need to make low-latency live video available to any viewer around the world, letting you focus on building interactive experiences alongside the live video.

AWS Snow Family now supports update of device certificates

This week AWS are launching the ability for AWS Snowball Edge customers to update device certificates for Snowball Edge devices deployed at edge locations. Customers, Solutions Architects, or Account Managers can open a support case with AWS Snow team to request software update package with new device certificate. Customers then use the existing software update process to apply the new device certificate to their Snow devices. This enables customers to deploy Snowball Edge devices for multiple years without having to replace devices to update their operating certificates.

Prior to this launch, AWS customers had to replace their Snowball Edge devices when the device certificate expired in 360 days. Customers could not update the device certificates on Snowball Edge devices deployed in the field. Replacing an existing Snow device with a new replacement snowball edge every 360 days caused disruption to customer’s continued operations in the field. With this launch, customers do not have to replace their devices due to device certificate expiry and can offline update the device certificate in the field.

AWS Control Tower now supports Python 3.9 runtime

This week, AWS announced an update to AWS Control Tower that includes a change to the Notification Forwarder Lambda to use the Python version 3.9 runtime. This update addresses the planned deprecation of Python version 3.6 runtime. Function invocations continue indefinitely after the runtime version reaches end of support. However, AWS strongly recommends that you migrate functions to a supported runtime version so that you continue to receive security patches and remain eligible for technical support. Please refer to the runtime deprecation policy for additional deprecation details.

To implement the updated Notification Forwarder Lambda, you can perform a landing zone update by going to the Landing Zone Settings page in your AWS Control Tower dashboard, selecting the 2.9 version and clicking the Update button. After updating your landing zone, you must then update all accounts that are governed by AWS Control Tower.

Amazon RDS for MariaDB now supports M6i and R6i instances with new instance sizes up to 128 vCPUs and 1,024 GiB RAM.

Amazon Relational Database Service (Amazon RDS) for MariaDB, version 10.4 and higher, now supports M6i and R6i instances. M6i instances are the 6th generation of Amazon EC2 x86-based General Purpose compute instances, designed to provide a balance of compute, memory, storage, and network resources. R6i instances are the 6th generation of Amazon EC2 memory optimized instances, designed for memory-intensive workloads. Both M6i and R6i instances are built on the AWS Nitro System, a combination of dedicated hardware and lightweight hypervisor, which delivers practically all of the compute and memory resources of the host hardware to your instances.

M6i and R6i instances are powered by 3rd generation Intel Xeon Scalable processors with an all-core turbo frequency of 3.5 GHz, delivering upto 20% better transaction throughput over equivalent M5 and R5 instances. To meet customer demands for increased scalability, M6i and R6i instances provide a new instance size of 32xlarge with 128 vCPUs and 33% more memory than the largest M5 and R5 instances. M6i.32xlarge has 512 GiB of memory and R6i.32xlarge has 1,024 GiB of memory. They also provide up to 20% higher memory bandwidth per vCPU compared to the previous 5th generation instances. These instances give customers up to 50 Gbps of networking speed and 40 Gbps of bandwidth to the Amazon Elastic Block Store (Amazon EBS), 2x that of M5 and R5 instances.

Amazon Polly now offers a Neural TTS voice in Portuguese

Amazon Polly is a service that turns text into lifelike speech. This week, AWS are excited to announce the general availability of a Neural version of Inês, Polly’s European Portuguese female text to speech (TTS) voice.

TTS voices simplify the way you can create, implement, update, and maintain your speech-enabled applications and products. You can use Amazon Polly to enhance the user experience and improve the accessibility of your text content with the power of voice. Common use cases include interactive voice response (IVR) systems, audiobooks, newsreaders, eLearning content, and virtual assistants.

Inês, the European Portuguese TTS voice, has been available as a Standard voice. Neural Inês offers a more natural sounding voice with better rhythm, pausing, and sound articulation. With this launch, Amazon Polly now supports Standard and Neural voices in Brazilian and European Portuguese.

Amazon Lightsail load balancers now support automatic HTTPS redirects and configurable TLS security policy

Amazon Lightsail has added two new security features for the Lightsail load balancer: the ability to automatically redirect HTTP requests to HTTPS and the ability to configure the security policy used for TLS termination of the HTTPS requests. With these features, you can easily make your websites more secure, meet compliance goals, achieve better search ranking and high SSL/TLS scores just by configuring a Lightsail load balancer with the Lightsail instances hosting your websites.

With just a click, the automatic redirect feature forces all load balancer HTTP traffic on port 80 to HTTPS on port 443. This ensures all requests to your load balancer are served securely over HTTPS. Further, with this update you now have the flexibility to pick from predefined security policies for your TLS listener, including a TLS 1.2 only policy (security policy defines a combination of protocols and ciphers used for TLS termination). Both of these features can be configured on existing and new Lightsail load balancers, either via the Lightsail console, AWS CLI, and AWS SDKs. There is no additional cost for using these features with your load balancers.  

Amazon EC2 R6gd instances powered by AWS Graviton2 now available in South America (São Paulo)

Starting this week, memory-optimized Amazon EC2 R6gd instances with local NVMe-based SSD storage are available in South America (São Paulo). R6gd instances provide up to 40 percent better price-performance and up to 50% more NVMe storage GB/vCPU over comparable x86-based instances for memory-intensive workloads such as open-source databases, in-memory caches, and real time big data analytics. They are ideal for applications that need access to high-speed, low latency storage, as well as for temporary storage of data such as batch and log processing, and for high-speed caches and scratch files. Amazon EC2 R6gd instances are powered by AWS Graviton2 processors that are custom-designed by AWS to enable the best price performance in Amazon EC2.

AWS Backup for Amazon FSx is now available in the AWS Asia Pacific (Osaka) Region

AWS Backup’s policy-based data protection capabilities are now available for Amazon FSx in the AWS Asia Pacific (Osaka) Region. You can now use AWS Backup to centrally automate backup and restore of your application data stored in Amazon FSx along with other AWS services for compute, storage, and database in the Osaka Region.

Amazon Elastic Kubernetes Service (EKS) announces Karpenter v0.9.0 with support for Pod Affinity

Amazon Elastic Kubernetes Service (EKS) is announcing v0.9.0 of the Karpenter open-source cluster autoscaling project. Karpenter is a flexible, high-performance Kubernetes cluster autoscaler that helps improve application availability and resource utilization. Karpenter v0.9.0 adds supports for Kubernetes podAffinity and podAntiAffinity scheduling constraints, which increases its compatibility with popular third-party Helm charts and expands support for high-availability use cases.

AWS Announces general availability of the first AWS Wavelength Zone in Canada

This week, AWS are announcing the general availability of AWS Wavelength on the Bell 5G network in Toronto. Enterprises, application developers, and Independent Software Vendors (ISVs), can now use the AWS Wavelength Zone in Toronto to build ultra-low latency applications for mobile devices and end-users in Canada.

Wavelength Zones embed AWS compute and storage services at the edge of communications service providers’ 5G networks while providing seamless access to cloud services running in an AWS Region. By doing so, AWS Wavelength minimizes the latency and network hops required to connect from a 5G device to an application hosted on AWS. With AWS Wavelength and Bell 5G, applications developers can now build the ultra-low latency applications needed for use cases like autonomous robots, drone-based deliveries, video analytics and machine learning inference at the edge, and augmented and virtual reality-enhanced experiences.

Amazon Connect launches API to search for users by name, agent hierarchies, and tags

Amazon Connect now provides a new API to search for user records in your Amazon Connect instance. This new API provides a programmatic and flexible way to search for users by first name, last name, username, routing profile, security profile, agent hierarchies or tags. For example, you can now use this API to search for all users tagged with a Department:A key value pair. You can also quickly find a list of all users assigned to a specific security profile, routing profile, or agent hierarchy. To learn more about this new API, see the API documentation.

Amazon SES V2 now supports email size of up to 40MB for inbound and outbound emails by default

With V2 of Amazon Simple Email Service (SES), you can now send and receive emails of up to 40MB message size (including the email text, images, attachments, and the MIME encoding).

With this launch, the default message size limit in Amazon SES V2 increases from 10MB for email sending and 30MB for email receiving, to 40MB for both sending and receiving .

Amazon EC2 C6i, M6i and R6i Instances available in the AWS GovCloud (US) Regions

Amazon EC2 C6i, M6i and R6i instances are available in the AWS GovCloud (US) Regions. These instances are powered by 3rd Gen Intel Xeon Scalable processors (code named Ice Lake) with an all-core turbo frequency of 3.5 GHz, offering up to 15% better compute price performance over comparable Gen5 instances for a wide variety of workloads, and always-on memory encryption using Intel Total Memory Encryption (TME).

Amazon Redshift launches RA3 instances in the Asia Pacific (Osaka), Europe (Milan), Middle East (Bahrain) and Africa (Cape Town) regions

Amazon Redshift RA3 instances are now available in the Asia Pacific (Osaka), Europe (Milan), Middle East (Bahrain) and Africa (Cape Town) regions. Amazon Redshift RA3 instances with managed storage allow you to scale and pay for compute and storage independently for fast query performance and lower costs, and also enable you to more securely and more easily share live data across Amazon Redshift clusters. RA3 is available in three different node types, RA3.16xlarge, RA3.4xlarge, and RA3.xlplus to help you to balance price and performance depending upon your workload requirements.

Announcing consolidated view of Lambda Insights via Application Insights

You can now easily setup AWS Lambda monitoring and view the health of the Lambda functions via Amazon CloudWatch Application Insights problems directly from the Amazon CloudWatch Lambda Insights console. This integration makes it easier to dive deep into issues, troubleshoot problems and reduce mean time to resolution for your Lambda functions. The simple set up and problem analysis of Application Insights now combines with the monitoring details and troubleshooting of Lambda Insights to provide a consolidated view of the health and performance of your Lambda functions running on AWS.

Amazon Nimble Studio is now available in the Asia Pacific (Tokyo) Region

Amazon Nimble Studio is now available in the Asia Pacific (Tokyo) Region. Deploying Nimble Studio in your local region provides users with a more responsive experience. In just a few hours, you can create a new studio environment in which creative talent can access virtual workstations powered by Amazon Elastic Compute Cloud (EC2) G4dn instances, with NVIDIA Graphical Processing Units (GPUs), and high-speed storage enabled by Amazon FSx. With support for both Windows and Linux operating systems, artists can work with their creative tools of choice using Amazon Machine Images (AMIs) enabling a seamless on-premises to cloud migration. When ready to render images, Nimble Studio allows customers to scale compute resources with AWS Thinkbox Deadline.

Amazon Connect adds near real-time insights into voice call, chat, and task activity in the AWS GovCloud (US-West) Region

Amazon Connect now allows customers to subscribe to a near real-time stream of contact (voice calls, chat, and task) events (e.g., call is queued) in your Amazon Connect contact center in the AWS GovCloud (US-West) Region. These events include when a voice call, chat, or task is initiated, queued to be assigned to an agent, connected to an agent, transferred to another agent or queue, and disconnected. Contact events can be used to create analytics dashboards to monitor and track contact activity, integrate into workforce management (WFM) solutions to better understand contact center performance, or to integrate applications that react to events (e.g., call disconnected) in real-time. Amazon Connect contact events are published via Amazon EventBridge, and can be set up in a couple of clicks by going to the Amazon EventBridge AWS console and creating a new rule.

 
Google Cloud Releases and Updates
Source: cloud.google.com

Anthos Clusters on bare metal

Anthos clusters on bare metal 1.9.7 is now available for download. To upgrade, see Upgrading Anthos on bare metal. Anthos clusters on bare metal 1.9.7 runs on Kubernetes 1.21.

Anthos Clusters on VMWare

Two security vulnerabilities, CVE-2022-1055 and CVE-2022-27666, have been discovered in the Linux kernel. Each can lead to a local attacker being able to perform a container breakout, privilege escalation on the host, or both. These vulnerabilities affect all Linux node operating systems (Container-Optimized OS and Ubuntu). For instructions and more details, see the GCP-2022-014 security bulletin.

Anthos clusters on VMware 1.11.0-gke.543 is now available. To upgrade, see Upgrading Anthos clusters on VMware. Anthos clusters on VMware 1.11.0-gke.543 runs on Kubernetes v1.22.8-gke.200.

The supported versions offering the latest patches and updates for security vulnerabilities, exposures, and issues impacting Anthos clusters on VMware are 1.11, 1.10, and 1.9.

  • Kubernetes 1.22 has deprecated certain APIs, a list of which can be found in Kubernetes 1.22 deprecated APIs. In your manifests and API clients, you need to replace references to the deprecated APIs with references to the newer API calls. For more information, see the What to do section in the Deprecated API Migration Guide.

  • Several Anthos metrics have been deprecated for which data is no longer collected. For a list of deprecated metrics, including instructions to migrate to replacement metrics, see Replace deprecated metrics in dashboard.

 

BigQuery

The ability to configure the time travel window is now in Preview. You can specify the duration of the time travel window, from a minimum of two days to a maximum of seven days.

Three new INFORMATION_SCHEMA views that show table storage metadata are now in Preview.

BigQuery Admin Resource Charts are now generally available (GA) for on-demand users, enabling administrators to monitor key metrics and troubleshoot issues across the entire organization. Previously, it was only available for reservation users. A new permission, bigquery.jobs.listExecutionMetadata, has been added to make it easier to gain access to the full UI.

Chronicle

The following supported default parsers have changed (listed by product name and ingestion label):

  • Apache Tomcat (TOMCAT)
  • Azure AD (AZURE_AD)
  • BIND (BIND_DNS)
  • Bitdefender (BITDEFENDER)
  • Blue Coat Proxy (BLUECOAT_WEBPROXY)
  • Cisco ACS (CISCO_ACS)
  • Cisco Email Security (CISCO_EMAIL_SECURITY)
  • Cisco Firepower NGFW (CISCO_FIREPOWER_FIREWALL)
  • Cisco ISE (CISCO_ISE)
  • Citrix Netscaler (CITRIX_NETSCALER)
  • CrowdStrike Falcon (CS_EDR)
  • Darktrace (DARKTRACE)
  • Dell EMC Data Domain (DELL_EMC_DATA_DOMAIN)
  • Elastic Windows Event Log Beats (ELASTIC_WINLOGBEAT)
  • EPIC Systems (EPIC)
  • F5 ASM (F5_ASM)
  • GCP Cloud Identity Device Users (GCP_CLOUDIDENTITY_DEVICEUSERS)
  • GMV Checker ATM Security (GMV_CHECKER)
  • HCL BigFix (HCL_BIGFIX)
  • Layer7 SiteMinder (SITEMINDER_SSO)
  • Microsoft Azure NSG Flow (AZURE_NSG_FLOW)
  • Microsoft Defender for Identity(MICROSOFT_DEFENDER_IDENTITY)
  • Microsoft Powershell (POWERSHELL)
  • Mobileiron (MOBILEIRON)
  • Office 365 (OFFICE_365)
  • Salesforce (SALESFORCE)
  • SecureAuth (SECUREAUTH_SSO)
  • SentinelOne EDR (SENTINEL_EDR)
  • Windows Event (WINEVTLOG)
  • Workspace Activities (WORKSPACE_ACTIVITY)
  • ZScaler NGFW (ZSCALER_FIREWALL)

For details about the changes in each parser, see Supported default parsers.

Rules run frequency

Rules can now be run at different frequencies. Rule run frequency impacts the latency with which detections are discovered for each rule. Longer run frequencies increase the amount of time between when an event occurs and when a detection is processed for that event. Rules with a window size of at least one hour are limited to either 1 hour or 24 hour run frequencies.

Cloud Billing

Cost table report now supports updated filters, project ancestry, and report sharing

In the Cloud Billing Console Cost table report, we've updated the report's filters and invoice month selector to function similarly to the Cloud Billing Reports page and Cost breakdown page, added project ancestry functionality, and enabled report sharing.

Updated filters: You use the cost table report to access the details of your invoices and statements. The report's filters and other settings allow you to configure the report views when you are analyzing the usage and cost data. You can also download the cost table data to CSV for offline analysis. When you download the report to CSV, the data that downloads is limited by any filters that you have set and includes only the columns that you have selected to view.

Project ancestry: A new table column has been added to display project ancestry data. Starting with the January 2022 invoice month:

Report sharing: Along with the updated report filters, the cost table report now supports URL bookmarking and sharing. As you configure your cost table report by setting the invoice month, table view cost grouping options, and report filters, the cost table URL updates to include your selections. You can save your report settings by bookmarking the URL. You can share the cost table report by copying the URL.

For more details about the cost table report and using the updated features and functionality, see the documentation.

Cloud Functions

Cloud Functions has added support for the following new runtimes at the Preview release level:

Cloud Logging

You can now comment within your Logging queries. For more information, see Logging query language: comments.

You can now do the following in the improved Logs Explorer:

When querying your logs data in the Logs Explorer, you can now select queries from a library, making it easier to explore your data and find logs during time-critical troubleshooting sessions.

The Cloud Logging API now supports the following regions:

  • Europe:
    • europe-southwest1
    • europe-west6
    • europe-west8
    • europe-west9
  • South America:
    • southamerica-west1

For more information, see Data Regionality for Cloud Logging.

Cloud SQL for MySQL

You can now accept a maintenance update on your instance outside of the normal flow of scheduled maintenance.

While Cloud SQL schedules maintenance updates once every few months to ensure you have the latest maintenance version, you might want to use self-service maintenance if:

  • You need an update sooner than your next scheduled maintenance event.
  • You want to catch up to the latest maintenance version after skipping your most recent scheduled maintenance event.
  • You want to gain more control over when maintenance is applied

Cloud SQL now supports maintenance changelogs. Maintenance changelogs provide information about updates available in new maintenance versions, such as database minor version upgrades and patches for security vulnerabilities. For links to current maintenance changelogs for each major database version, see Cloud SQL maintenance changelogs.

Cloud SQL for PostgreSQL

You can now accept a maintenance update on your instance outside of the normal flow of scheduled maintenance.

While Cloud SQL schedules maintenance updates once every few months to ensure you have the latest maintenance version, you might want to use self-service maintenance if:

  • You need an update sooner than your next scheduled maintenance event.
  • You want to catch up to the latest maintenance version after skipping your most recent scheduled maintenance event.
  • You want to gain more control over when maintenance is applied

Cloud SQL now supports maintenance changelogs. Maintenance changelogs provide information about updates available in new maintenance versions, such as database minor version upgrades and patches for security vulnerabilities. For links to current maintenance changelogs for each major database version, see Cloud SQL maintenance changelogs.

The following PostgreSQL minor versions and extension versions are now available. If you use maintenance windows, you might not yet have these versions. In this case, you will see the new versions after your maintenance update occurs. To find your maintenance window or manage maintenance updates, see Finding and setting maintenance windows.

  • 14.1 is upgraded to 14.2.
  • 13.5 is upgraded to 13.6.
  • 12.9 is upgraded to 12.10.
  • 11.14 is upgraded to 11.15.
  • 10.19 is upgraded to 10.20.

Cloud SQL for SQL Server

You can now accept a maintenance update on your instance outside of the normal flow of scheduled maintenance.

While Cloud SQL schedules maintenance updates once every few months to ensure you have the latest maintenance version, you might want to use self-service maintenance if:

  • You need an update sooner than your next scheduled maintenance event.
  • You want to catch up to the latest maintenance version after skipping your most recent scheduled maintenance event.
  • You want to gain more control over when maintenance is applied

Cloud SQL now supports maintenance changelogs. Maintenance changelogs provide information about updates available in new maintenance versions, such as database minor version upgrades and patches for security vulnerabilities. For links to current maintenance changelogs for each major database version, see Cloud SQL maintenance changelogs.

Config Connector

Config Connector version 1.83.0 is now available.

Made the spec.resourceRef.apiVersion field in IAMPolicy, IAMPartialPolicy, IAMPolicyMember, IAMAuditConfig optional.

Datastore

 

The datastore.databases.getMetadata permission now supports custom Identity and Access Management roles. You can use custom roles with this permission to unlink your database from App Engine. 

Dialogflow

Dialogflow ES has added preview support for the following languages:

Afrikaans, Albanian, Amharic, Armenian, Azerbaijani, Basque, Belarusian, Bosnian, Bulgarian, Catalan, Cebuano, Chichewa, Corsican, Croatian, Czech, Esperanto, Estonian, Frisian, Galician, Georgian, Greek, Gujarati, Haitian Creole, Hausa, Hmong, Hungarian, Icelandic, Igbo, Irish, Javanese, Kannada, Kazakh, Khmer, Kinyarwanda, Kurdish, Kyrgyz, Latin, Latvian, Lithuanian, Luxembourgish, Macedonian, Malagasy, Malayalam, Maltese, Maori, Mongolian, Nepali, Oriya/Odia, Punjabi, Samoan, Scots Gaelic, Serbian - Cyrillic, Serbian - Latin, Sesotho, Shona, Slovak, Slovenian, Somali, Sundanese, Swahili, Tajik, Tatar, Turkmen, Uzbek, Welsh, Xhosa, Yoruba, Zulu

Firestore

The datastore.databases.getMetadata permission now supports custom Identity and Access Management roles.

GKE

Two security vulnerabilities, CVE-2022-1055 and CVE-2022-27666 have been discovered in the Linux kernel. Each can lead to a local attacker being able to perform a container breakout, privilege escalation on the host, or both. These vulnerabilities affect all GKE node operating systems (Container-Optimized OS and Ubuntu). For instructions and more details, see the GCP-2022-014 security bulletin. 

Security Command Centre

Security Command Center error detectors are generally available (GA). Error detectors report configuration errors that prevent Security Command Center and its services from functioning properly. Remediation guidance is provided for each finding type. For more information, see Security Command Center errors.

The connections[] and description attributes were added to the Finding object.

  • The connections[] attribute contains information about the IP connection associated with the finding. It includes the destination IP address, the destination port, the source IP address, the source port, and the protocol.
  • The description attribute provides an explanation of the finding.

For more information, see the API documentation for the Finding object.

T-Systems Sovereign Cloud

T-Systems Sovereign Cloud is now generally available. To get started, see the following topics:

VPC

Automatic DNS configuration for Private Service Connect endpoints is available in General Availability.

For service producers: When you publish a managed service with Private Service Connect, you can optionally specify a domain name for the service.

For service consumers: When you create a Private Service Connect endpoint to connect to a managed service that has a specified domain name, a DNS entry for the Private Service Connect endpoint is created in a Service Directory DNS zone.

 


Microsoft Azure Releases And Updates
Source: azure.microsoft.com
 

Generally Available: Automated key rotation in Azure Key Vault

Key Vault now enables you to automatically rotate keys for encryption of your data.

Public preview: Azure Lab Services April 2022 update

Improve performance, reliability, and scalability for Azure Lab Services in the latest update.

Generally available: Azure Functions Linux Elastic Premium plan increased maximum scale-out limits

Maximum scale-out limits for Functions Linux Premium plans have been increased in a number of regions.

Public preview: Azure Compute Gallery feature ‘community gallery’

 

New Azure Compute Gallery feature ‘community gallery’ makes your private images public.

Generally available: Azure SQL Database storage limits increase for selected compute sizes

Data storage limits have increased over 30% for selected mid-size compute configurations to help reduce costs.

Azure SQL—Generally available updates for late April 2022

Generally available enhancements and updates released for Azure SQL.

Azure SQL—Public preview updates for late April 2022

Public preview enhancements and updates released for Azure SQL.

Generally available: Azure Database for MySQL – Flexible Server higher burstable compute

Azure Database for MySQL - Flexible Server is now offering more options for burstable compute for you to choose from depending on your workload.

Generally available: Azure Database for PostgreSQL – Hyperscale (Citus) now includes PgBouncer 1.17

Create a Hyperscale Citus) server group using the latest 1.7 version of PgBouncer, a popular connection pooler for Postgres used with Azure Database for PostgreSQL – Hyperscale (Citus).

Public preview: Azure Managed Instance for Apache Cassandra enhancements

Azure Managed Instance for Apache Cassandra now includes support for deploying Cassandra 4.0 clusters and running nodetool commands using Azure CLI.

Generally available: Database templates in Azure Synapse Analytics

Azure Synapse database templates are industry-specific schema definitions that provide a standardized way for you to store and shape data, enabling rapid digital transformation.

General availability: Azure Synapse Link now supports existing Azure Cosmos DB containers

Enable Azure Synapse Link on your existing Azure Cosmos DB containers using the SQL API for Azure Cosmos DB.

General availability: Azure Cosmos DB portal—Azure Synapse Link seamless Power BI

Build Power BI reports using Azure Synapse Link from the Azure Cosmos DB portal.

General availability: Unique partial indexes in Azure Cosmos DB API for MongoDB

Specify a partialFilterExpression along with the 'unique' constraint in your Azure Cosmos DB API for MongoDB index.

Public preview: Azure Storage as share in Windows Code in App Service

Mount Azure Files as a local share in Windows Code in Azure App Service.

Public preview: Azure Functions now supports PowerShell 7.2

You can now use the latest version of PowerShell with Azure Functions.

Public preview: Static Web Apps now supports Gitlab and Bitbucket for CI/CD

You can now use Gitlab and Bitbucket as your CI/CD providers for Static Web Apps.

Public preview: Azure Static Web Apps now support skipping API builds

You can now choose to skip your default API builds.

Generally available: Scale-down mode in AKS

You can now select if you would like your AKS nodes to be deleted or deallocated when scaled down.

Generally available: Node pool snapshot

You can now take a snapshot of the node pool configuration and then create a node pool from that snapshot.

Generally available: Group Managed Service Accounts security policy support on Windows

AKS now supports Group Managed Service Accounts (GMSA) configuration, as well as maintaining trust during scale operations in the Windows nodepool.

Public preview: Azure Container Apps built-in authentication Microsoft Azure Container Apps

Use configured identify providers to sign in to your container apps by writing little or no code.

Generally available: Controls to block domain fronting behavior on customer resources

Block domain fronting behavior on Azure Front Door, Azure Front Door (classic), and Azure CDN Standard from Microsoft (classic) resources.


 

Have you tried Hava automated diagrams for AWS, Azure and GCP.  Get back your precious time and sanity and rid yourself of manual drag and drop diagram builders forever.
 
Hava automatically generates accurate fully interactive cloud infrastructure and security diagrams when connected to your AWS, Azure or GCP accounts. Once diagrams are created, they are kept up to date, hands free. 

When changes are detected, new diagrams are auto-generated and the superseded documentation is moved to a version history. Older diagrams are also interactive, so can be opened and individual resources inspected interactively, just like the live diagrams.
 
Check out the 14 day free trial here: