Hava Blog and Latest News

In Cloud Computing This Week [Apr 6th 2023]

Written by Team Hava | April 6, 2023



Here's the weekly cloud round up of all things Hava, GCP, Azure and AWS for the week ending Thursday April 6th 2023.

This week we released Azure self-hosted. If you are using Azure and would like to Host Hava on your own infrastructure, please get in touch.

All the lastest Hava news can be found on our Linkedin Newsletter.

Of course we'd love to keep in touch at the other usual places. Come and say hello on:

Facebook.      Linkedin.     Twitter.

AWS Updates and Releases

Source: aws.amazon.com

AWS App Runner adds 7 new compute configurations

AWS App Runner adds 7 new compute configurations to the App Runner service settings. App Runner makes it easier for developers to quickly deploy containerized web applications and APIs to the cloud, at scale, and without having to manage infrastructure. With App Runner, you do not have to manage any load balancers and auto-scaling groups.

When you create an App Runner service, you select a compute configuration, a combination of vCPU and compute memory, for your web application or API, and define maximum concurrency, the maximum number of concurrent requests one application instance can process. App Runner automatically scales your application instances based on concurrent requests that your App Runner service receives.

Until now, App Runner supported 4 compute configurations at 1 vCPU with 2 GB, 3 GB, and 4 GB compute memory, and 2 vCPU with 4 GB compute memory. Starting today, you can pick from 11 compute configurations starting at 0.25 vCPU (512 MB memory) and up to 4 vCPU (12 GB memory).

You can now save cost by choosing a lower compute configuration for applications that are not compute intensive such as a single threaded application that does not need a full vCPU. You can also choose a larger compute configuration such as 4 vCPU (12 GB memory) for compute intensive applications such as data processing and ML inference applications.

Amazon S3 adds new visibility into object replication status

Amazon S3 adds a new Amazon CloudWatch metric that can be used to diagnose and correct S3 Replication configuration issues more quickly. The OperationFailedReplication metric, available in both the S3 console and in Amazon CloudWatch, gives you per-minute visibility into the number of objects that did not replicate to the destination bucket for each of your replication rules.

You can use Amazon CloudWatch alarms with this metric to notify you when failures occur, so that you can quickly take corrective action. For example, S3 Replication relies on permissions that are granted by customers via AWS Identity and Access Management (IAM) roles. If an IAM role is set up incorrectly, customers may see objects that do not replicate as expected, due to insufficient permissions.

S3 Replication will mark these objects as failed, and will now generate a metric and alarm so that you can quickly correct your IAM role and reinitiate replication for the objects to keep your source and destination buckets in sync.

AWS Controllers for Kubernetes (ACK) for Amazon MemoryDB is now generally available

The AWS Controllers for Kubernetes (ACK) service controller for Amazon MemoryDB for Redis is now generally available. Customers can provision and manage MemoryDB resources using the ACK service controller.

Amazon MemoryDB for Redis is a Redis-compatible, durable, in-memory database service that is purpose built for modern applications with microservices architectures. It is well suited for applications requiring ultra-fast performance, high availability, durability and security making it ideal for containerized workloads.

ACK service controller for MemoryDB aims to simplify provisioning and managing your database by enabling you to define and use MemoryDB resources directly from your Kubernetes cluster. This lets you take advantage of MemoryDB to support your Kubernetes applications without needing to define MemoryDB resources outside of the cluster or run and manage in-memory database capabilities within the cluster.

AWS Glue now available in AWS Europe (Spain) and AWS Europe (Zurich)

AWS are happy to announce that AWS Glue, a serverless data integration service, is now available in the AWS Europe (Spain) and AWS Europe (Zurich) Regions.

AWS Glue is a serverless data integration service that makes it simple to discover, prepare, and combine data for analytics, machine learning, and application development. AWS Glue provides both visual and code-based interfaces to make data integration simpler so you can analyze your data and put it to use in minutes instead of months.

Amazon AppStream 2.0 Is Now Available in the AWS GovCloud (US-East) Region

Amazon AppStream 2.0 is now available in the AWS GovCloud (US-East) Region, an isolated AWS Region designed to host sensitive data and regulated workloads in the cloud for customers who have U.S. federal, state, or local government compliance requirements.

With this launch, you can deploy general purpose, compute-optimized, memory-optimized, accelerated computing, storage optimized, graphics pro, graphics-g4, and graphics pro-g4 streaming instances in both the AWS GovCloud (US-East) and AWS GovCloud (US-West) Regions to help meet the needs of your users.

AppStream 2.0 is a fully managed non-persistent desktop (Windows or Linux) and application virtualization service that allows you to stream applications and desktops from AWS to users without acquiring, provisioning, and operating hardware or infrastructure. AppStream 2.0 can help you provide users with secure, instant-on access to the applications they need with a responsive, fluid user experience from anywhere on the device of their choice.

Amazon AppStream 2.0 offers you pay-as-you-go pricing for the streaming resources that you provision plus a small monthly fee per streaming user depending on the operating system chosen. See Amazon AppStream 2.0 Pricing for more information.

AWS Network Firewall now supports IPv6-only subnets

AWS Network Firewall now supports IPv6-only subnets, in addition to dual stack (IPv4 and IPv6) subnets. Starting today, you can filter IPv6 traffic to and from the public internet, on-premises network, or any endpoint in your IPv6-enabled Amazon Virtual Private Cloud (VPC) with IPv6-only subnets.

AWS Network Firewall is a managed firewall service that makes it easy to deploy essential network protections for all your Amazon VPCs. IPv6-only subnet support allows you to enforce your AWS Network Firewall rules and policies consistently across your entire network, making it easier to manage your network security posture. Additionally, with this launch, you will be able to meet business or regulatory requirements for adoption of IPv6-only network environments on AWS.

IPv6 is supported in all AWS Regions where AWS Network Firewall is available today, including the AWS GovCloud (US) Regions. For more information about the AWS Regions where AWS Network Firewall is available, see the AWS Region table.

Amazon SageMaker is now available in Asia Pacific (Hyderabad) Region

Starting this week, you can build, train, and deploy machine learning (ML) models in Asia Pacific (Hyderabad) Region.

Amazon SageMaker is a fully managed platform that provides every developer and data scientist with the ability to build, train, and deploy machine learning (ML) models quickly. SageMaker removes the heavy lifting from each step of the machine learning process to make it easier to develop high quality models.

Announcing CSV Export for AWS Resource Explorer Search Results

This week, AWS are pleased to announce that AWS Resource Explorer now supports export and download of search results in comma-separated values (CSV) format. You can use this new capability to export resource search results from the AWS Resource Explorer console and continue your workflow in third-party applications that support CSV import.

When exported, the CSV file includes the resource identifier, service, resource type, Region, AWS account ID, the total number of tags, and a column for each unique tag key in the collection. Exporting and analyzing your search results can help you maintain an offline record of search query results, determine where there are overlaps or inconsistencies across resources, or develop a tagging strategy for resources in your organization based on gaps in current tags.

Amazon Kinesis Data Analytics is now available in additional AWS regions

Amazon Kinesis Data Analytics for Apache Flink is now available in three additional AWS regions: Europe (Spain), Europe (Zurich), and Asia Pacific (Hyderabad).

Amazon Kinesis Data Analytics makes it easier to transform and analyze streaming data in real time with Apache Flink. Apache Flink is an open source framework and engine for processing data streams. Amazon Kinesis Data Analytics reduces the complexity of building and managing Apache Flink applications.

Amazon Kinesis Data Analytics for Apache Flink integrates with Amazon Managed Streaming for Apache Kafka (Amazon MSK), Amazon Kinesis Data Streams, Amazon OpenSearch Service, Amazon DynamoDB streams, Amazon Simple Storage Service (Amazon S3), custom integrations, and more using built-in connectors.

You can learn more about Amazon Kinesis Data Analytics for Apache Flink here.

Amazon CloudFront supports S3 Object Lambda Access Point origin

Starting this week, Amazon CloudFront supports the use of S3 Object Lambda Access Points as origins. This means that you can now use S3 Object Lambda Access Point aliases to configure an S3 bucket-style CloudFront origin, and take advantage of CloudFront's 480+ global edge locations to accelerate the delivery of data transformed by your S3 Object Lambda function.

S3 Object Lambda allows you to add your own code to S3 GET, HEAD, and LIST requests to modify and process data as it is returned to an application. Prior to this launch, you were required to use Lambda@Edge as the signing principal with AWS Signature Version 4 (SigV4) for authentication with the origin.

You can now use CloudFront as the signing principal for SigV4 authentication with the S3 Object Lambda Access Point origin. This makes it simpler to use CloudFront to accelerate the distribution of data that the S3 Object Lambda function has transformed, such as filtered rows, dynamically resized images, data with confidential information redacted, and much more.

Amazon CloudFront's support for S3 Object Lambda Access Points origin is now available worldwide. To get started, obtain the S3 Object Lambda Access Points alias in your S3 Console or through an API and create your S3 bucket-style domain as your CloudFront origin. There are no additional fees associated with this feature. For more information, please refer to the CloudFront Developer Guide.

AWS CloudFormation StackSets is now available in 2 additional AWS Regions

Today, AWS CloudFormation has expanded the availability of StackSets to Middle East (UAE) and Asia Pacific (Hyderabad) Regions. With this launch, customers can deploy their stack sets to and from these newly supported AWS Regions.

You use AWS CloudFormation StackSets to model, provision, and manage your cloud applications and infrastructure across multiple AWS accounts and Regions in a single operation. You can use StackSets for bootstrapping AWS account, deploying cross account applications, setting up disaster recovery with AWS Backup, and solving use cases around deploying cloud infrastructure at scale.

For example, you can use service-managed StackSets to deploy IAM roles and AWS Config policies to your AWS Organizations or an Organizational Unit (OU), and use the auto-deploy feature. With automatic deployment enabled, StackSets automatically deploys to accounts that are added to the target organization or organizational units (OUs) in the future. 

StackSets is generally available in the following AWS Regions: US East (Ohio and N. Virginia), US West (N. California and Oregon), Africa (Cape Town), Asia Pacific (Hong Kong, Hyderabad, Jakarta, Mumbai, Osaka, Seoul, Singapore, Sydney, and Tokyo), Canada (Central), Amazon Web Services China (Beijing) Region, operated by Sinnet, and the Amazon Web Services China (Ningxia) Region, operated by NWCD, operated by NWCD, Europe (Frankfurt, Ireland, London, Milan, Paris, and Stockholm), Middle East (Bahrain, and UAE), South America (São Paulo), and AWS GovCloud (US-East) and (US-West) Regions. 

Amazon Polly offers full support in the AWS Asia Pacific (Osaka) Region

Amazon Polly is a service that turns text into lifelike speech, allowing you to create applications that talk, and build entirely new categories of speech-enabled products. Today, we are excited to announce the general availability of the entire portfolio of Amazon Polly's Neural and Standard voices in the Asia Pacific (Osaka) Region.

Amazon Polly uses advanced deep learning technologies to synthesize natural sounding human speech. NTTS voices can be applied to a diverse set of use cases to increase customer engagement. For example, giving interactive voice response (IVR) or virtual assistant agents’ natural sounding voices or producing spoken versions of text-based content.

For eLearning, audiobooks, newsreaders, and other content, you can also provide audio/visual experiences by synchronizing speech with facial animation or karaoke-style word highlighting.

Amazon Virtual Private Cloud now supports Bring your own IP in two additional AWS Regions

Starting this week, Bring Your Own IP (BYOIP) is available in two additional AWS Regions: Asia Pacific (Jakarta) and Middle East (UAE).

BYOIP allows you to bring your own IPv4 and IPv6 addresses to AWS and advertise them on the internet. You can create Elastic IP addresses from your BYOIPv4 addresses and use them with AWS resources such as EC2 instances, Network Load Balancers, and NAT gateways.

The Elastic IP addresses you create from BYOIPv4 addresses work in the same way as the Elastic IP addresses you get from AWS. The BYOIPv6 addresses also work in the same way as AWS provided IPv6 addresses. For example, you can associate these IPv6 addresses to subnets, Elastic Network Interfaces (ENI), and EC2 instances within your VPC.

Additionally, you can use your BYOIPv6 for private connectivity to your on-premises networks by advertising them over Direct Connect.

Amazon S3 beginning to apply two security best practices to all new buckets by default

As announced on December 13, 2022, Amazon S3 is now deploying two new default bucket security settings by automatically enabling S3 Block Public Access and disabling S3 access control lists (ACLs) for all new S3 buckets.

To learn more about the change, read Heads-Up: Amazon S3 Security Changes Are Coming in April of 2023 in the AWS News Blog and Default access settings for new S3 buckets FAQ in the S3 User Guide.

AWS CodePipeline is now available in three additional regions

This week, AWS announced the general availability of AWS CodePipeline in Middle East (Bahrain), Africa (Cape Town), and Europe (Zurich).

AWS CodePipeline is a fully managed continuous delivery service that helps you automate your release pipelines for fast and reliable application and infrastructure updates. CodePipeline automates the build, test, and deploy phases of your release process when there is a code change, based on the release model you define.

AWS Supply Chain is now generally available

This week, AWS announces the general availability of AWS CodePipeline in Middle East (Bahrain), Africa (Cape Town), and Europe (Zurich).

AWS CodePipeline is a fully managed continuous delivery service that helps you automate your release pipelines for fast and reliable application and infrastructure updates. CodePipeline automates the build, test, and deploy phases of your release process when there is a code change, based on the release model you define.

Amazon Kendra releases Microsoft OneDrive Connector

Amazon Kendra is an intelligent search service powered by machine learning, enabling organizations to provide relevant information to customers and employees, when they need it. Starting today, AWS customers can use the Amazon Kendra Microsoft OneDrive Connector to index and search messages from Microsoft OneDrive.

Critical information can be scattered across multiple data sources in an enterprise, including messaging platforms like Microsoft OneDrive. Amazon Kendra customers can now use the Kendra Microsoft OneDrive Connector to index messages and search for information across this content using Kendra Intelligent Search.

The Amazon Kendra Microsoft OneDrive connector is available in all AWS regions where Amazon Kendra is available. To learn more about the connector, visit the documentation page or the Amazon Kendra connector library. To explore Amazon Kendra, visit the Amazon Kendra website.

Amplify Studio is now available in the Europe South (Milan) Region

Starting this week, Amplify Studio is available in the Europe South (Milan) region. Customers building Amplify applications with Studio can now deploy applications to Europe South (Milan) region, improving performance for end users in the region.

AWS Amplify is a complete solution that lets frontend web and mobile developers easily build, ship, and host full-stack applications on AWS, with no cloud expertise needed. Use Amplify Studio to design your app backend, manage your data, and build cloud-connected UI, all with AWS resources that scale with you.

With today's launch, AWS Amplify Studio is now available in 18 AWS Regions: US East (N. Virginia), US East (Ohio), US West (Oregon), US West (N. California), Asia Pacific (Mumbai), Asia Pacific (Seoul), Asia Pacific (Singapore), Asia Pacific (Sydney), Asia Pacific (Tokyo), Canada (Central), Europe (Milan), Europe (Frankfurt), Europe (Ireland), Europe (London), Europe (Paris), Europe (Stockholm), Middle East (Bahrain), and South America (São Paulo).

Amazon SageMaker Feature Store now supports hard deletion in online store

Amazon SageMaker Feature Store now supports the ability to permanently delete records from the online store. The online store contains the most recent features and is used for low latency model serving. With this launch, you can now chose between soft delete and hard delete when deleting records, so you have more flexibility when it comes to managing online store data.

When a record is permanently deleted from the online store, Feature Store will also write a tombstone record to the offline store. The offline store contains historic features and is used for training and batch inference.

Tombstone records can then be identified and removed from the offline store, for example to provide more accurate or more recent data for model training, or to reduce storage costs.

Announcing general availability for macOS Support on Amplify Library for Swift

This week, AWS are announcing general availability of macOS support for AWS Amplify for Swift (v2.7.1)! This launch allows developers to build cloud-connected apps for iOS and macOS apps. Developers can now leverage the power of the AWS Amplify across iOS and macOS platforms for production workloads. AWS will be announcing support for watchOS and tvOS in future releases of the library.

Developers can use Amplify Library for Swift via the Swift Package Manager to build apps for iOS and macOS platforms with Auth, Storage, Geo and more features. Developers will continue to have access to the same Amplify Command Line Interface (CLI) tools to configure and manage their cloud resources. With the Amplify Library for Swift, developers will also have direct access to the underlying AWS SDK for Swift through the escape hatch to unlock additional capabilities from AWS services.

Amazon Athena adds view support for external data sources

With Amazon Athena, you can use your SQL knowledge to query nearly 30 popular AWS and third-party data stores - in addition to data stored in an Amazon S3 data lake - all without learning a new language, developing scripts to extract and duplicate data, or managing infrastructure.

Starting today, you can now create and query views on these data sources, which include relational databases, streaming sources, and cloud object stores, for use cases such as interactive analysis and business intelligence reporting.

In Athena, views are logical tables that retrieve data from one or more physical tables when the view is queried. Views are often used to limit access to sensitive data, hide complex joins and data transformation logic, and simplify queries that run on multiple distributed datasets.

With today’s launch, you get these benefits with all of Athena’s data source connectors. For a complete list of available data source connectors, see Using Athena Data Source Connectors.

AWS CodeBuild is now available in three additional AWS Regions

AWS CodeBuild is now available in three additional AWS Regions: Europe (Spain), Europe (Zurich), and Asia Pacific (Hyderabad). AWS CodeBuild is a fully managed continuous integration service that compiles source code, runs tests, and produces software packages that are ready to deploy.

With CodeBuild, you don’t need to provision, manage, and scale your own build servers. CodeBuild scales continuously and processes multiple builds concurrently, so your builds are not left waiting in a queue.

You can get started quickly by using prepackaged build environments, or you can create custom build environments that use your own build tools. Using CodeBuild, you are charged by the minute for the compute resources you use.

AWS Migration Hub now supports High Availability SAP HANA systems

AWS Migration Hub Orchestrator now supports migration of SAP HANA based systems configured with High Availability configurations, as well as the standalone migration of SAP HANA databases.

AWS Migration Hub Orchestrator simplifies and automates the migration of servers and enterprise applications to AWS. It provides a single location to run and track your migrations. AWS Migration Hub Orchestrator offers predefined and customizable workflow templates that offer a prescribed set of migration tasks, leverages application specific migration tools to streamline and automates your enterprise applications migration to AWS. 

The “Rehost applications on Amazon EC2” template in AWS Migration Hub Orchestrator allows customers to streamline migration of SAP applications running on non-HANA databases with minimal downtime using AWS Application Migration Service.

This launch expands the capabilities of the existing “Migrate SAP NetWeaver based SAP applications to AWS” template by supporting HANA database only migrations and SAP HANA based systems to High Availability configurations.

This HANA database and SAP application-aware migration methodology assists in migrating HANA-based applications to AWS while modernizing their architectures to improve resilience, upgrade OS type, or meet other application migration goals.

Amazon MWAA now supports Shell Launch Scripts

Amazon Managed Workflows for Apache Airflow (MWAA) now supports shell launch scripts for environments version 2.x and later.

Amazon MWAA is a managed service for Apache Airflow that lets you use the same familiar Apache Airflow platform as you do today to orchestrate your workflows and enjoy improved scalability, availability, and security without the operational burden of having to manage the underlying infrastructure.

Amazon MWAA now adds the ability to customize the Apache Airflow environment by launching a customer-specified shell launch script at start-up to work better with existing integration, infrastructure, and compliance needs. Customers can use shell launch script to install custom runtimes, set environment variables, and update configuration files.

You can launch or upgrade an Apache Airflow environment with a shell launch script on Amazon MWAA with just a few clicks in the AWS Management Console in all currently supported Amazon MWAA regions. To learn more about custom images visit the Amazon MWAA documentation.

Amazon Textract announces updates to the AnalyzeDocument - Tables feature

Amazon Textract is a managed machine learning service that automatically extracts text, handwriting, and data from scanned documents. We regularly improve the accuracy of the underlying machine learning models and add new features based on customer feedback.

This week, AWS are pleased to announce new features and accuracy enhancements for the AnalyzeDocument - Tables feature to help customers automate their document processing workflows. 

The new tables model update adds support for four new elements commonly found within tabular structures in documents: table title, section titles, table footers and summary cells. Customers will be able to directly extract these elements from tabular structures and save time writing and maintaining complex post-processing code.

Additionally, it also provides a way to identify the type of table. Lastly, we are pleased to announce overall accuracy improvements on documents commonly found in the insurance, financial services, mortgages and manufacturing industries. 

This update will be available in US East (Ohio, N. Virginia), US West (N. California), US West (Oregon), Asia Pacific (Mumbai, Seoul, Singapore, Sydney), Canada (Central), Europe (Frankfurt, Ireland, London, Paris), and the AWS GovCloud (US-East, US-West) Regions.

The sixth generation of Amazon EC2 instances powered by AMD processors now support faster Amazon EBS-optimized instance performance

This week, AWS are announcing an improvement for Amazon Elastic Block Store (EBS) performance on Amazon EC2 compute-optimized C6a and general purpose M6a instance types, with similar improvement on R6a in the coming weeks.

EC2 C6a and M6a instances are powered by 3rd generation AMD EPYC processors and are built on the AWS Nitro System, a combination of dedicated hardware and lightweight hypervisor. With the latest enhancements to the Nitro system, AWS have increased the maximum EBS-optimized IOPS by 60% on the 32xlarge instance size and 50% on all other instance sizes for the C6a and M6a instance types.

The largest 48xlarge and metal sizes now have a maximum IOPS of 240,000, up from prior 160,000. Additionally, we have increased the maximum EBS-optimized bandwidth by 50% for instance sizes up to 32xlarge. With these improvements, the large to 4xlarge instance sizes can now achieve burst performance of 10Gbps and 40,000 IOPS.

This performance increase enables you to speed up sections of your workflows and handle unplanned spikes in EBS-optimized instance demand without impact to your application performance. For storage-intensive workloads, you will have an opportunity to use smaller instance sizes and still meet your performance requirements, thereby saving costs. 

All new C6a and M6a instances starting today will utilize this performance increase at no additional cost, with support for R6a in the coming weeks. For existing instances, you can simply stop and start your instances to enable this performance increase.

This change is available in all AWS regions where C6a and M6a are available. Please visit the EBS-optimized instance page for more details on the performance increase.

AWS Trusted Advisor now includes fault tolerance checks for Amazon ECS

AWS Trusted Advisor fault tolerance checks for Amazon ECS are now generally available. AWS Trusted Advisor evaluates your AWS account with automated checks and provides cloud optimization recommendations to reduce costs, improve performance, increase security, increase fault tolerance, and monitor service quotas.

The first fault tolerance check, Amazon ECS service using a single Availability Zone (AZ) examines if your service configuration uses a single Availability Zone. By launching instances in multiple AZs in the same region, you can protect applications from a single point of failure. The second fault tolerance check, Amazon ECS Multi-AZ placement strategy evaluates if your service is configured to use the spread placement strategy to spread tasks across multiple AZs.

The Amazon ECS fault tolerance checks for Trusted Advisor are available in the following regions: US East (Ohio), US East (N. Virginia), US West (N. California), US West (Oregon), Asia Pacific (Mumbai), Asia Pacific (Osaka), Asia Pacific (Seoul), Asia Pacific (Singapore), Asia Pacific (Sydney), Asia Pacific (Tokyo), Canada (Central), Europe (Frankfurt), Europe (Ireland), Europe (London), Europe (Paris), Europe (Stockholm), South America (São Paulo), AWS GovCloud (US-East), and AWS GovCloud (US-West).

Google Cloud Releases and Updates
Source: cloud.google.com


Anthos Clusters on AWS

You can now launch clusters with the following Kubernetes versions:

  • 1.23.16-gke.2800
  • 1.24.10-gke.1200
  • 1.25.6-gke.1600
  • Fixed an issue that could cause cluster upgrades to fail if certain types of validating admission webhooks are registered.
  • (1.24 only) Fixed Cilium security ID propagation so that IDs are properly passed in the tunnel header when requests are forwarded to Services of type NodePort and LoadBalancer.

Anthos Service Mesh

1.17.2-asm.1 is now available for in-cluster Anthos Service Mesh.

You can now download 1.17.2-asm.1 for in-cluster Anthos Service Mesh. It includes the features of Istio 1.17.1 subject to the list of supported features. Anthos Service Mesh 1.17.2-asm.1 uses Envoy v1.25.2.

Managed Anthos Service Mesh 1.17 is rolling out to the rapid release channel soon. You can periodically check this page for the announcement of the rollout of managed Anthos Service Mesh to the rapid channel. See Select a managed Anthos Service Mesh release channel for more information.

The Envoy projects recently disclosed a series of CVEs that can expose Anthos Service Mesh to remotely exploitable vulnerabilities. The fixes for these CVEs are already included in 1.17.2-asm.1. For more information, see the security bulletin.

Anthos Service Mesh now supports multi-cluster, multi-network meshes on Anthos clusters on Azure. See Install Anthos Service Mesh for more information.

The asmcli flag --option vm used by the now deprecated Compute Engine virtual machine feature has been removed.

1.14.6-asm.11 is now available for in-cluster Anthos Service Mesh.

This patch release contains the fixes for the security vulnerabilities listed in GCP-2023-002 For details on upgrading Anthos Service Mesh, refer to Upgrade Anthos Service Mesh.

1.15.7-asm.1 is now available for in-cluster Anthos Service Mesh.

This patch release contains the fixes for the security vulnerabilities listed in GCP-2023-002. For details on upgrading Anthos Service Mesh, refer to Upgrade Anthos Service Mesh.

1.16.4-asm.2 is now available for in-cluster Anthos Service Mesh.

This patch release contains the fixes for the security vulnerabilities listed in GCP-2023-002. For details on upgrading Anthos Service Mesh, refer to Upgrade Anthos Service Mesh.

Anthos clusters on AWS (previous generation) is deprecated as of April 1, 2023. Therefore, Anthos Service Mesh no longer supports Anthos clusters on AWS (previous generation). For more information, see the deprecation announcement.

App Engine standard environment Node.js

The Node.js runtime now supports the use of Yarn 2 for configuring private modules hosted in Artifact Registry.

App Engine standard environment PHP

The PHP 8.2 runtime for App Engine standard environment is now available in preview.



Non-incremental materialized views support most SQL queries, including OUTER JOINUNION, and HAVING clauses, as well as analytic functions. This feature is in preview

BigQuery is now available in the Israel (me-west1) region..


Google has added Australia (Sydney) as a new region for Chronicle customers. Chronicle can now store customer data in this region. This also adds a new regional endpoint for Chronicle APIs at https://australia-southeast1-backstory.googleapis.com/.

Cloud Bigtable


The Cloud Bigtable documentation has been updated to 

Cloud Build

Users can generate Supply chain Levels for Software Artifacts (SLSA) build provenance information for standalone Maven and Python packages when they upload artifacts to Artifact Registry using new fields available in the Cloud Build config file. This feature is generally available. For more information, see Build and test Java applications and Build and test Python applications.

Cloud Functions

You can now use uppercase letters and underscores in the function name you specify for a 2nd gen function when you deploy the function.

Cloud Load Balancing

Internal HTTP(S) load balancers and internal TCP proxy load balancers now support global access. By default, clients for these load balancers must be in the same region as the load balancer. With global access enabled, clients can access the load balancer from any region. They still must be in the same VPC network as the load balancer or in a VPC network that's connected to the load balancer's VPC network by using VPC Network Peering.

For instructions, see the following:

This capability is in General availability.

Cloud Monitoring  

A new interface for creating charts with Metrics Explorer is in Public Preview. For more information, see Create charts with Metrics Explorer.

Cloud Storage

Cloud Storage FUSE is now available in Preview. You can use Cloud Storage FUSE to mount and access storage buckets as local file systems.

Compute Engine


Preview: Accelerator-optimized (G2) machine types are now available on Compute Engine. Each G2 machine type has a fixed number of NVIDIA® L4 GPUs attached to support your next generation graphics performance workloads. The G2 machine types are available in the following three regions:

  • Iowa, North America: us-central1-a,b
  • Netherlands, Europe: europe-west4-a
  • Singapore, APAC: asia-southeast1-b


Announcing the General Availability (GA) release of Key Access Justifications for Dataproc.


Support for specifying the encoding of the event payload data as either application/json or application/protobuf through an eventDataContentType field is available.


The g2-standard machine family with NVIDIA L4 is available in Preview for node pools in clusters running GKE version 1.22 and later. To select the machine family, use the --machine-type flag in your create command. 

GKE now supports a streamlined Fleet registration process, allowing users to register their clusters to a Fleet directly when clusters are created using the gcloud command. For more information, see Register a GKE cluster to your fleet.

Google Cloud Deploy


Google Cloud Deploy now provides the ability to use a canary deployment strategy, supported in preview.

Transcoder API

Batch mode is now supported. You can use it to create thousands of jobs that will be processed on a first in, first out basis.

Vertex AI

The Vertex AI Matching Engine service now offers Preview support for deploying an index to a public endpoint. For information about how to get started, see Matching Engine Setup


General Availability: Private Service Connect endpoints with consumer HTTP(S) controls support accessing regional Google APIs and published services using the following load balancers:

  • Regional internal HTTP(S) load balancer
  • Regional external HTTP(S) load balancer


Microsoft Azure Releases And Updates
Source: azure.microsoft.com

Generally available: Large disk support for disaster recovery of Hyper-V VMs using Site Recovery


You can now enable disaster recovery for Hyper-VMs with data disks up to 32 TB in size.

Public Preview: Support for Azure VMs using Ultra disks in Azure Backup

Public preview for the support for Azure VMs using Ultra disks in Azure Backup.

General availability: IP Protection SKU for Azure DDoS Protection

IP Protection provides cost-effective, enterprise-grade DDoS protection designed to meet the needs of SMB.

Public preview: Private Application Gateway v2

Application Gateway v2 is introducing support for private IP only frontend configurations, enhanced control over NSG rules, and support for forced tunneling/route table rules to virtual appliances.

Public preview update: Azure Automation supports PowerShell 7.2 and Python 3.10 runbooks

Azure Automation has expanded Public preview support for PowerShell 7.2 and Python 3.10 runbooks.

General Availability: New General-Purpose VMs - Dlsv5 and Dldsv5

The Dlsv5 and Dldsv5 VM series provide 2GiBs per vCPU and can offer lower price points within the general-purpose Azure Virtual Machines portfolio.



Have you tried Hava automated diagrams for AWS, Azure, GCP and Kubernetes.  Get back your precious time and sanity and rid yourself of manual drag and drop diagram builders forever.

Not knowing exactly what is in your cloud accounts, or those of your client's can be a worry. What exactly is running in there and what is it costing? What obsolete resources are you still being charged for? What legacy dev/test environments can be switched off? What open ports are inviting in hackers? You can answer all these questions with Hava.
Hava automatically generates accurate fully interactive cloud infrastructure and security diagrams when connected to your AWS, Azure, GCP accounts or stand alone K8s clusters. Once diagrams are created, they are kept up to date, hands free. 

When changes are detected, new diagrams are auto-generated and the superseded documentation is moved to a version history. Older diagrams are also interactive, so can be opened and individual resources inspected interactively, just like the live diagrams.
Check out the 14 day free trial here (No credit card required and includes a forever free tier):