This week's roundup of all the cloud news.
Here's a cloud round up of all things Hava, GCP, Azure and AWS for the week ending Friday 8th April 2022
To stay in the loop, make sure you subscribe using the box on the right of this page.
Of course we'd love to keep in touch at the usual places. Come and say hello on:
AWS Updates and Releases
Amazon OpenSearch Service now supports using custom dictionaries with IK Analysis plugin
Amazon OpenSearch Service now allows you to use custom dictionaries with the IK (Chinese) Analysis plugin. With support for custom dictionaries, you can use your preferred keywords and synonyms with IK Analyzer to tailor search results to suit your business needs.
Previously, you could use the IK Analysis plugin in Amazon OpenSearch Service with the default dictionary that came with the plugin. Now, you can upload your dictionary files as custom packages using the Amazon OpenSearch Service console or APIs, and associate them to a domain, which will then be picked up by the IK Analysis plugin. You can also update these dictionary files dynamically, without the need of a blue/green deployment. For more information on using custom packages, please refer to the documentation here. For information on the plugins in Amazon OpenSearch Service, and supported versions, please see the documentation here.
Amazon ECS now allows you to run commands in a Windows container running on AWS Fargate
Amazon Elastic Container Service (Amazon ECS) Exec adds support for executing commands in a Windows container running on AWS Fargate. ECS Exec gives you interactive shell or single command access to a running container making it easier to debug issues, diagnose errors, collect one-off dumps and statistics, and interact with processes in the container.
With ECS Exec, you directly interact with the running container without interacting with the host instance, thereby improving the security posture of your Windows container instances. You can enable this feature at a granular level, such as an ECS task or service, to help you maintain tighter security. By using AWS Identity and Access Management (IAM) policies, you can create fine-grained policies to control who can run commands against which clusters, tasks, or containers. Once access is provided, you can audit which user accessed the container using AWS CloudTrail and log each command with output to Amazon Simple Storage Service (Amazon S3) or Amazon CloudWatch Logs. This allows ECS Windows users to safely troubleshoot bugs or system issues encountered during development and gives them a debugging tool for break-glass procedures in production for their containerized applications.
Amazon EventBridge introduces Global endpoints for automatic failover and recovery
Amazon EventBridge now supports Global endpoints, a simpler and more reliable way for customers to improve the availability of their event-driven applications on AWS. Global endpoint is a new feature that makes it easier for customers to build robust and reliable applications by automatically failing over their event ingestion to a secondary region during service disruptions without the need for manual intervention. Customer can use replication to minimize the data at risk during these service disruptions.
EventBridge is a Serverless event bus service that enables you to create scalable event-driven applications by routing events between your own applications, third-party SaaS applications, and other AWS services via built-in integrations. You can set up routing rules to determine where to send your data, allowing for applications to react to changes in your data and systems as they occur. Amazon EventBridge makes it easy to build event-driven applications because it takes care of event ingestion and delivery, security, authorization, and error handling.
With global endpoints, customers now have the flexibility to manage failures and configure failover criteria using CloudWatch Alarms (via Route53 health checks) to determine when to failover and route events back to the primary region. Once customers publish events to the global endpoint, the events are routed to the event bus in the primary region. If errors are detected in the primary region, a customer’s health check is marked as unhealthy and EventBridge routes incoming events to the secondary region.
Amazon Redshift announces support for role-based access control (RBAC)
Amazon Redshift now supports role-based access control (RBAC), a new enhancement that helps you simplify the management of security privileges in Amazon Redshift. You can use the RBAC feature to control end user access to data at a broad or granular level based on their job role/permission rights and level of data sensitivity.
Amazon Redshift customers can have hundreds or thousands of users who access Amazon Redshift data warehouse from their favorite analytics tool, and they have the requirements to provide different level of security privileges to different groups of users. As an administrator using RBAC, you can create a role using SQL commands, grant a collection of granular permissions, and then assign that role to the end-users. You can also grant object-level, column-level, and system-level permissions to a role. Additionally, RBAC introduces out-of-box system roles and system permissions that allow you to grant different types of administrators with out-of-box roles for DBA, Operator, Security Admin, or customized roles instead of making them superusers.
Amazon Redshift announces native integration with Microsoft Azure Active Directory and Microsoft Power BI
Amazon Redshift now provides native integration with Microsoft Azure Active Directory (AD), which customers can use for authentication and authorization with tools like Microsoft Power BI. You can now use Azure AD to authenticate access to Amazon Redshift and the end users get their permissions based on their group membership defined in Azure AD.
With this release, as an Amazon Redshift admin, you can register your Azure AD as an Identity Provider (IdP) with Amazon Redshift using a SQL command. You can create database roles with the same names as your groups in IdP and grant privileges to the appropriate database roles. After you configure Azure AD, when an end user logs in to Amazon Redshift cluster authenticating with Azure AD, their group memberships will be retrieved from Azure AD and will be mapped with the right database roles. The user will be authorized to perform tasks based on the privileges on the right roles. You can use the native authentication with Microsoft Power BI and other tools and applications using JDBC/ODBC drivers.
AWS announces integration between AWS AppConfig Feature Flags and Atlassian’s Jira Cloud
AWS is announcing an integration between AWS AppConfig and Jira in the Atlassian Marketplace. The integration allows feature flags from AWS AppConfig to be tracked in Atlassian’s Jira as individual issues, making it easier for teams to track the release of new capabilities of their software. AWS AppConfig is a feature of AWS Systems Manager. This integration is being announced at the Atlassian Team '22 conference in Las Vegas.
Feature-flagging is a powerful software technique that allows engineers to release updates in a safer way. A feature is pushed out to production, but is hidden behind a feature flag, stored as configuration data. No users can access the feature until the feature flag is toggled “on.” Once the team is ready to release the feature, it can be released to a small set of users first, and operational impact can be measured just for that cohort. If operational metrics look good, the flag can be toggled on for more users, gradually being released until all users have the new feature. AWS AppConfig Feature Flags also have additional safety guard rails, including flag constraints and validators, which allow flag content to be checked for accuracy prior to being deployed. Other safety guard rails include the ability to automatically rollback a flag if a specified CloudWatch alarm is triggered.
With this integration, customers can configure AWS AppConfig and Jira to have each feature flag tracked in Jira as a separate issue. Any updates to the feature flag will be tracked in Jira. This allows teams to use Jira to have visibility into all of the issues and tasks that it takes to release a new feature, including what is often the last step: toggling the feature flag to on and rolling it out to customers.
Amazon DocumentDB (with MongoDB compatibility) Performance Insights is now in preview
Amazon DocumentDB (with MongoDB compatibility) Performance Insights is a database performance tuning and monitoring feature that helps you quickly assess the load on your database and determine when and where to take action.
Amazon DocumentDB Performance Insights allows developers and admins to measure database performance with an easy-to-understand dashboard that visualizes database load. With one click, you can add a fully managed performance monitoring solution to your DocumentDB instances. Performance Insights automatically gathers the necessary performance metrics and visualizes them in a dynamic dashboard on the Amazon DocumentDB console. You can identify your database’s top performance bottlenecks from a single graph.
Amazon RDS for SQL Server now supports SQL Server Agent job replication
Amazon RDS for SQL Server now supports SQL Server Agent job replication. With this new feature, SQL Server Agent jobs created, modified, or deleted on the primary instance will be automatically synchronized to the secondary instance in a Multi-AZ configuration.
The Multi-AZ deployment option provides enhanced availability and data durability by automatically replicating databases between two AWS Availability Zones (in the same AWS Region). These Availability Zones offer you an easier and more effective way to design and operate applications and databases, making them more highly available, fault tolerant, and scalable than traditional single-datacenter infrastructures or multi-datacenter infrastructures.
AWS Announces Data Transfer Price Reduction for AWS PrivateLink, AWS Transit Gateway, and AWS Client VPN services
Beginning April 1, 2022, the inter-Availability Zone (AZ) data transfer within the same AWS Region for AWS PrivateLink, AWS Transit Gateway, and AWS Client VPN is free of charge. Previously, customers incurred an inter-AZ data transfer charge for sending data across availability zones while using these networking services. With this pricing change, inter-AZ data transfer for these services is free of charge, making it even more cost-effective for customers to run multi-AZ workloads.
AWS customers do not need to make any changes to their existing VPC Interface Endpoints/Client VPN Endpoints/Transit Gateway Elastic Network Interfaces to benefit from this price reduction as these changes will be automatically applied to their AWS bills. Customers can also view their free data transfer usage (for these networking services) in Cost Explorer or Cost & Usage Report. This usage is captured under the “Region_Name-DataTransfer-xAZ-In/Out-Bytes” Usage Type.
AWS OpsWorks for Configuration Management now supports new version of Puppet Enterprise
AWS OpsWorks for Configuration Management now supports the current Puppet Enterprise LTS version 2019.8.10. Customers benefit from receiving the update automatically during the weekly system maintenance window scheduled individually by each customer.
With the new version, AWS customers receive many improvements, bugfixes and increased security from resolved CVEs. See Puppet Enterprise's release documentation for the complete list of the enhancements since the previous version running on OpsWorks. The Puppet Enterprise 2019.8 LTS versions are supported by Puppet Inc. until 31 Dec 2022.
Amplify Geo Launches React Component for Maps, powered by Amazon Location Service
This week AWS announced the availability of Map and Location Search UI components for web apps built with React. Amplify Geo, launched last year, enables frontend developers to add location-aware features to their web applications using Amazon Location Service. Developers can now make use of a React component for adding modern mapping features to their React-based web application using a single line of code.
With this release, developers will be able to import the Map React component from Amplify UI (released last year) and include it in their project to display a fully functional Map component. Developers can also make use of additional map features from the underlying React MapGL library to further customize the user experience. Developers also have access to all the existing APIs of Amplify Geo and the Amplify Command Line Interface (CLI) experience to configure their backend resources against Amazon Location Service to implement map and location search features for their web apps.
Announcing the AWS Controllers for Kubernetes for Amazon MemoryDB Preview
AWS Controllers for Kubernetes (ACK) for Amazon MemoryDB enables you to define and use MemoryDB resources directly from your Kubernetes cluster. This lets you take advantage of MemoryDB to support your Kubernetes applications without needing to define MemoryDB resources outside of the cluster or run and manage in-memory database capabilities within the cluster.
Amazon MemoryDB for Redis is a Redis-compatible, durable, in-memory database service that is purpose built for modern applications with microservices architectures. AWS Controllers for Kubernetes (ACK) is a collection of Kubernetes custom resource definitions (CRDs) and custom controllers working together to extend the Kubernetes API and manage AWS resources on your behalf.
To get started, you can download the MemoryDB ACK container image from Amazon ECR and install in minutes. ACK for Amazon MemoryDB is available as a developer preview and is not recommended for production use. To learn more, visit the Amazon MemoryDB product page, and documentation.
Announcing Unified Settings in the AWS Management Console
AWS are excited to launch Unified Settings in the AWS Management Console. With Unified Settings, settings will persist across devices, browsers, and services. At launch, Unified Settings will support settings called default language, default Region, and favorite service display. Default language displays your preferred language across the Management Console, default Region sets the AWS Region that loads each time you log in or load a service console, and favorite service display will show services in the favorites bar with either the service icon and full name or only the service icon. Unified Settings is available in all public AWS Regions.
You can access Unified Settings by signing into AWS Management Console navigating to the account menu, and selecting Settings.
AWS Network Firewall achieves FedRAMP Moderate compliance
AWS Network Firewall is now authorized as FedRAMP Moderate in the following AWS Regions: US East (N. Virginia), US East (Ohio), US West (N. California) and US West (Oregon). You can now use AWS Network Firewall to protect and control access to and from your Amazon Virtual Private Clouds (VPCs) in these regions for workloads that require FedRAMP Moderate categorization level.
AWS Compute Optimizer Supports 66 New EC2 Instance Types
AWS Compute Optimizer now supports 66 more Amazon Elastic Compute Cloud (Amazon EC2) instance types. Newly supported instance types include the latest generation general purpose instance families from both Intel and AMD (M6i, M6a), compute optimized instance families (C6i, C6a), memory optimized instance family (R6i), and storage optimized instance families (Im4gn, Is4gen). These additions to Compute Optimizer allow customers to ensure they are always sized to an optimal EC2 instance type by delivering recommendations that ensure high performance at the lowest cost.
Amazon OpenSearch Service now includes an observability interface and expands log analytics
Amazon OpenSearch Service now includes an observability interface and log monitoring features, which provide developers and DevOps engineers with the insights they need to diagnose performance issues faster and reduce application downtime.
Following the introduction of Trace Analytics in Amazon OpenSearch Service, developers and DevOps engineers can find and fix performance problems in distributed applications. Trace Analytics enables customers to analyze trace data alongside log data, helping them to both isolate the source of performance problems and diagnose their root cause. However, correlating trace data with log events required customers to navigate multiple interfaces. Developers must also know exactly which visualizations to create to build monitoring views on their log data.
The new observability capabilities allow developers and DevOps engineers to more easily analyze trace data and log data in a single interface. A Piped Processing Language (PPL) - based event explorer helps developers interactively explore log data and visualize the results in simple to configure charts. Developers can save their PPL-based visualization and view multiple saved visualizations on a custom operational panel. Also integrated into the new observability interface is OpenSearch Notebooks. With notebooks, developers can interactively and collaboratively develop rich reports that combine markdown, SQL/PPL queries, and visualizations with support for multi-timelines and live data so that users can easily tell a story.
Introducing Amazon CloudWatch Metrics Insights (General Availability)
Metrics Insights is a new feature from Amazon CloudWatch that is now generally available. As a fast, flexible, SQL based query engine, Metrics Insights enables developers, operators, systems engineers, and cloud solutions architects to identify trends and patterns across millions of operational metrics in real time and helps you use these insights to reduce time to resolution. With Metrics Insights, you can gain better visibility on your infrastructure and large scale application performance with flexible querying and on-the-fly metric aggregations. Use Metrics Insights and other CloudWatch features to monitor your AWS and hybrid environments, and to respond to operational problems promptly.
Metrics Insights provides you with a flexible query capability, where you can aggregate and group your metrics in real-time in order to identify issues quickly. For example, you can analyze thousands of EC2 instances by CPU Utilization to troubleshoot an underperforming application. You can group your instance metrics by InstanceId to narrow down your analysis and pinpoint failing instances rapidly. Once any failing instance is isolated, you can recover the application by rebooting problematic instances. Moreover, you can use your queries to create powerful visualizations using a range of out-of-the-box chart types that will stay up to date as resources are deployed or terminated, helping you proactively monitor and pinpoint issues quickly.
Amazon Connect launches dynamic voice prompt playback from Amazon S3
Amazon Connect now supports playing recorded voice prompts directly from your Amazon S3 bucket, making it easy to create personalized customer experiences in your automated voice systems. Voice prompts are audio files played during customer interactions, such as playing a welcome greeting, requesting information from your customers, or guiding a customer through their desired transaction.
AWS Amplify Studio announces new file storage and file management capabilities
AWS Amplify Studio now offers a visual interface for setting up and managing file storage resources, making it easy to store and serve user-generated content (e.g. photos and videos) from web or mobile apps. With Amplify Studio, you can easily create an Amazon S3 bucket, configure file access levels, integrate storage client libraries into your web or mobile app, and manage files in Studio’s drag and drop file explorer.
Amplify Studio is visual tool for developers to easily add the most important capabilities needed to build an app (e.g. UI components, database tables, GraphQL APIs, authentication, and now file storage). With today’s launch, you can configure file storage directly from the Studio console. Studio provisions an Amazon S3 bucket in your account and automatically creates IAM policies to scope access to files based on defined authorization rules (e.g. for a home listing app, only signed-in users can view favorites, but any user can view listings). Amplify Studio also offers a file explorer with management capabilities such as file previews, drag and drop uploads, and copy/paste code snippets. You can leverage Amplify Studio’s admin capabilities, and invite app administrators to manage files in the file explorer without an AWS account.
Amazon Athena adds support for querying Amazon Ion data
Amazon Athena now supports data stored in Amazon Ion format, a richly-typed, self-describing format developed and open-sourced by Amazon. Amazon Ion provides interchangeable binary and text formats which combine the ease of use of text with the efficiency of binary encoding. The Ion format is currently used by internal Amazon teams, by AWS services such as Amazon Quantum Ledger Database (Amazon QLDB), and in the open source SQL query language PartiQL.
Using Athena's new Amazon Ion Serializer/Deserializer (SerDe), you can now create and read Ion tables that can be queried and joined with data in other formats such as Parquet, Avro, and CSV. The Ion format is well-suited for sparsely populated hierarchical data such as medical history records and retail order documents which are complex to model and difficult to optimize for structured queries. Using Athena and Ion, the raw data remains easily readable by domain professionals, can be queried and analyzed using standard SQL queries, and is compact and space-efficient so it saves on log retention and data transfers.
AWS Lambda Function URLs: built-in HTTPS endpoints for your Lambda functions
AWS Lambda is announcing Lambda Function URLs, a new feature that makes it easier to invoke functions through an HTTPS endpoint as a built-in capability of the AWS Lambda service. You can add Function URLs to new and existing functions in a single click from the console, or in a couple of lines using AWS CloudFormation or the AWS Serverless Application Model. Function URLs are ideal for getting started with buiding web services on Lambda or for common tasks like building web hooks.
Each Function URL points to a single Lambda function or function alias and is secured by AWS Identity and Access Management (IAM) by default. You can optionally configure Function URLs for public access to allow unauthenticated invokes or to use custom authorization logic that you built within your function’s handler. The function’s resource-based policy is always in effect and must be updated to allow public access if you choose to not use IAM to authenticate and authorize principals calling your Function URL. You can review findings reported by IAM Access Analyzer to identify Function URLs that allow public access. Refer to the Lambda Developer Guide to learn more about how to control access to your Function URLs.
Lambda Function URLs are now available in Regions where Lambda is available except for the AWS China Regions. There is no additional cost for using this feature — Function URLs are included in the regular cost of invoking Lambda functions.
AWS Backup adds support for Persistent 2 deployment type of Amazon FSx for Lustre file systems
AWS Backup enhances its support for Amazon FSx for Lustre file systems by now allowing protection of data on its Persistent 2 deployment type. AWS Backup’s centralized data protection capabilities across AWS services including the ability to create immutable, logically air-gapped backups across AWS Regions and accounts, prove-able compliance, and single-click restore, are now available for Amazon FSx for Lustre Persistent 2 file systems.
AWS Backup’s support for Amazon FSx for Lustre Persistent_2 file systems is available in the following AWS Regions: US East (N. Virginia, Ohio), US West (Oregon), Canada (Central), EU (Frankfurt, Ireland), and Asia Pacific (Tokyo).
AWS IoT Device Management and AWS IoT Device Defender now support monitoring device metrics via ListMetricValues API
This week, AWS were pleased to announce the general availability of IoT Device Defender ListMetricValues API. Customers can now access historical device-side, cloud-side, and custom metrics from connected devices that belong to a security profile using ListMetricValues API. In addition to viewing the data in the AWS IoT management console, customers now have the flexibility to programmatically monitor and build their own visualization. AWS have made the AWS IoT Device Defender metrics visualization available in Fleet Hub for AWS IoT Device Management. This enhancement enables customers to view the defender metrics together with other device and fleet level data for issue diagnosis and fleet management in Fleet Hub as a one-stop shop. This new API and the integration with Fleet Hub are available in AWS Global Regions where AWS IoT Device Defender and Fleet Hub for AWS IoT Device Management are available.
Announcing general availability of Amazon Athena ACID transactions, powered by Apache Iceberg
AWS are excited to announce the general availability of Amazon Athena ACID transactions, a new capability that adds insert, update, delete, and time travel operations to Athena's SQL data manipulation language (DML). Athena ACID transactions enable multiple concurrent users to make reliable, row-level modifications to their Amazon S3 data from Athena's console, API, and ODBC and JDBC drivers. Built on the Apache Iceberg table format, Athena ACID transactions are optimized for Amazon S3 storage, support seamless schema evolution, and ensure atomic operations across other services and engines that support the Iceberg table format such as Amazon EMR, Apache Spark, and Apache Flink.
Athena ACID transactions can help you make business- and regulatory-driven updates to your data using familiar SQL syntax and without requiring a custom record locking solution. Responding to a data erasure request is as simple as issuing a SQL DELETE operation. Making manual record corrections can be accomplished via a single UPDATE statement. And with time travel capability, you can recover data that was recently deleted using just a SELECT statement.
To learn more about Athena ACID transactions and Apache Iceberg integration, see Using Amazon Athena Transactions and Using Iceberg Tables in the Athena User Guide.
AWS Amplify Hosting now uses a GitHub App to authorize access to repositories for CI/CD workflows
AWS Amplify Hosting now uses GitHub Apps to obtain access to your GitHub code repositories. The Amplify GitHub App offers all the same features as the existing OAuth app, and additionally gives you complete control over scoping permissions to specific repositories in your account or organization.
All new Amplify projects linked to GitHub repositories will now require using a GitHub App. Your existing projects linked to Amplify via the GitHub OAuth app will continue to be supported, but you can choose to migrate to the new GitHub App to further restrict permissions to your GitHub account.
Cross-cluster search is now supported on existing Amazon OpenSearch Service domains
Amazon OpenSearch Service now offers support for cross-cluster search on existing domains. Cross-cluster search enables you to perform searches and aggregations across multiple domains with a single query or from a single OpenSearch Dashboard interface. With this feature, you can separate heterogeneous workloads into multiple domains, which provides better resource isolation, and the ability to tune each domain for their specific workloads to improve efficiency and reduce costs.
Previously, you had to create a new domain to use cross-cluster search. With this release, you can continue to use your existing domains to take advantage of cross-cluster search. Cross-cluster search lets customers set up a secure connection between domains. Domain owners have the flexibility to create, view, remove and monitor connections to or from their domains. All cross-cluster search requests between domains are encrypted and can be secured with fine-grained access policies. Cross-cluster search works across accounts within a single Region.
AWS Resource Access Manager is now available in the AWS Asia Pacific (Jakarta) Region
Customers in the AWS Asia Pacific (Jakarta) Region can now use AWS Resource Access Manager (AWS RAM).
AWS RAM helps you securely share your AWS resources across AWS accounts, within your organization or organizational units (OUs) in AWS Organizations, or with AWS Identity and Access Management (IAM) roles and IAM users for supported resource types.
AWS AppSync adds support for enhanced filtering in real-time GraphQL subscriptions
AWS AppSync is a fully managed service that enables developers to build digital experiences based on real-time data. You can easily and effortlessly configure any supported data source to push and publish real-time data updates to subscribed clients with connection management, scalability, fan-out and broadcasting all handled by AppSync, allowing you to focus on your application business use cases and requirements instead of dealing with the complex infrastructure to manage real-time WebSocket connections at scale.
AWS AppSync now supports enhanced subscriptions filtering providing the ability to invalidate subscriptions and perform advanced filtering on the server side (instead of the client), which simplifies application development and reduces data sent to clients with improved authorization logic over data.
These new capabilities make it easier to use AppSync to build engaging digital experiences, such as gaming leaderboards, e-learning, social media, live streaming, sports, media, audience engagement, interactive chatrooms, or IoT dashboards for connected cars, healthcare or smart homes.
Amazon EC2 now provides a new and improved launch experience on the EC2 Console
Amazon EC2 Console introduces the new and improved launch experience - a quicker and easier way to launch an instance. The new design provides a single page layout allowing you to view all your settings in one location. You no longer need to navigate back and forth between steps to ensure your configuration is correct. The new design also introduces a summary panel, that provides an overview and helps navigate the page.
The new inline AMI selector provides a simpler way of selecting an OS and version. It also displays your recently used AMIs so that you can quickly select frequently used AMIs. The compare instance types page allows you to search, sort and filter by various instance type attributes, thus making it easier to decide which instance type to use. The new design also introduces simple and advanced views, helping you launch an instance without having to learn about advanced concepts that are not needed for your use cases.
This new experience is available in all AWS Regions except AWS GovCloud (US) Region and AWS China Regions. Customers can choose to revert back to the old experience, or switch between the two experiences. The new experience will be made the default over the next month starting April 5, 2022.
Cross-cluster Replication is now supported on existing Amazon OpenSearch service domains
Amazon OpenSearch Service now supports cross-cluster replication on existing domains. Cross-cluster replication enables you to automatically copy and synchronize indexes from one domain to another at low latency in same or different AWS accounts or Regions. With cross-cluster replication, you can achieve high availability for your mission critical applications with sequential data consistency.
Previously, you had to create a new domain to use cross-cluster replication. With this release, you can now enable cross-cluster replication on your existing domain. Cross-cluster connections help customers set up a secure connection between domains. With cross-cluster replication for Amazon OpenSearch Service, you can replicate indexes at low latency from one domain to another without needing additional technologies. You can continuously monitor the replication status via APIs. Additionally, if you have indexes that follow an index pattern, you can create rules to automatically replicate them.
Amazon FSx now supports AWS PrivateLink
You can now use AWS PrivateLink to privately access the Amazon FSx Application Programming Interface (Amazon FSx API) from your Amazon Virtual Private Cloud (Amazon VPC) without using public IPs, and without requiring the traffic to traverse across the Internet.
AWS PrivateLink provides private connectivity between VPCs, AWS services, and your on-premises networks, without exposing your traffic to the public internet. You can now manage your Amazon FSx file systems using the Amazon FSx API without requiring an Internet Gateway in your VPC, instead using AWS PrivateLink with private IP connectivity and security groups to help meet your compliance requirements.
Now launch RStudio on Amazon SageMaker using AWS CloudFormation
RStudio on Amazon SageMaker is the industry’s first fully managed RStudio Workbench in cloud. Data scientists and developers can launch the familiar RStudio integrated development environment (IDE) in a single click to build, train, and deploy models on Amazon SageMaker. You can elastically dial up and down the underlying compute resources without interrupting your work, and even switch to programming using Python on Amazon SageMaker Studio notebooks. All your work, including code, datasets, repositories, and other artifacts are synchronized between the two environments. You can bring your current RStudio license to Amazon SageMaker at no additional charge to quickly get started. Starting today, you can now automate the process of creating domains and adding user profiles for RStudio on SageMaker using AWS CloudFormation.
You can now use CloudFormation code templates to model the infrastructure set up for RStudio on SageMaker and configure its access for data scientists and developers in your organization. This way you can automate the provisioning of RStudio on SageMaker, enabling you to apply DevOps best practices and meet configuration standards across all AWS accounts and regions.
The feature is now available in all AWS regions where RStudio on Amazon SageMaker is available. To get started with CloudFormation for RStudio on SageMaker, see the CloudFormation user guide. To learn more about RStudio on SageMaker visit the SageMaker user guide.
AWS releases version 2.0 of the Amazon Pinpoint API for expanded support of SMS and voice channels
In addition to the existing Amazon Pinpoint console capabilities, the Amazon Pinpoint API 2.0 provides customers increased control over their SMS and voice sending and configuration.
Customers now have the flexibility to manage their SMS and voice setup using an API. This release also includes a new SDK for sending SMS and voice messages called Amazon PinpointSMSVoiceV2 SDK. Amazon Pinpoint API version 2.0 specifically brings new valuable management capabilities that include keywords, phone number management, pools, and opt-out lists. Customers can also view account attributes and manage spending limits using the account status APIs.
Amazon Pinpoint API version 2.0 also supports the use of configuration sets for SMS event capture, which was previously supported only through API for voice events. Customers can now select how they want to capture their events for both SMS and voice. They can use Amazon CloudWatch Logs, Amazon Kinesis Data Firehose, and Amazon Simple Notification Service Amazon SNS topics.
Amazon Data Lifecycle Manager is now available in the AWS Asia Pacific (Jakarta) Region
This week, AWS are announcing the availability of Amazon Data Lifecycle Manager in the AWS Asia Pacific (Jakarta) Region.
Amazon Data Lifecycle Manager (DLM) helps customers automate the creation, sharing, copying and retention of Amazon EBS Snapshots and EBS-backed AMIs via policies. Amazon DLM eliminates the need for complicated custom scripts to manage your EBS resources, saving you time and money.
You can create policies that automatically create snapshots from EBS volumes and multi-volume crash-consistent snapshots of EBS Volumes attached to EC2 Instances. You can also configure your policies to copy tags from EC2 Instances and EBS Volumes to the snapshots that are created, as well as automatically copy your snapshots to another region or account for disaster recovery. With EBS-backed AMI policies, you can set DLM to automatically share, deprecate, and deregister AMIs and then delete the underlying snapshots, ensuring you do not pay for AMI snapshots that are no longer required.
Amazon Route 53 now offers usage-based pricing for resource records above the free tier limit
Starting this week, you can add resource records to your Amazon Route 53 hosted zones beyond the free tier limit using pay-as-you-go pricing. Previously, Route 53 customers could add a maximum of 10,000 resource records to any hosted zone for free. Customers who required more than 10,000 resource records in a hosted zone had to contact AWS Support to request a custom pricing plan. With this launch, customers can add resource records beyond the 10,000-record free tier without requiring a custom pricing plan. Now, any resource records you add to a hosted zone beyond the 10,000-record free tier will automatically be charged at the rate of $0.0015 per resource record per month, making it easier to scale your resource records up or down as needed.
Amazon OpenSearch Service now supports OpenSearch version 1.2
You can now run OpenSearch and OpenSearch Dashboards version 1.2 on Amazon OpenSearch Service. This version includes a new observability interface in OpenSearch Dashboards, improvements to several other features such as anomaly detection, k-NN, and SQL/PPL.
Amazon OpenSearch Service lets you run and scale OpenSearch and open-source Elasticsearch (up to version 7.10) clusters with ease. OpenSearch is a community-driven, open source search and analytics suite, originally derived from Apache 2.0 licensed Elasticsearch 7.10.2 & Kibana 7.10.2. It consists of a search engine, OpenSearch, and visualization capabilities powered by OpenSearch Dashboards.
Amazon RDS Proxy now supports PostgreSQL major version 13
Amazon Relational Database Service (Amazon RDS) Proxy now supports Amazon RDS for PostgreSQL and Amazon Aurora PostgreSQL - Compatible edition major version 13. PostgreSQL 13 includes many new features and performance enhancements such as de-duplication of B-tree index entries, improved performance for queries that use partitioned tables, better query planning when using extended statistics, parallelized vacuuming of indexes, and incremental sorting.
Amazon RDS Proxy is a fully managed and a highly available database proxy for Amazon RDS and Amazon Aurora databases. Amazon RDS Proxy helps improve application scalability, resiliency, and security.
Amazon Connect Wisdom now supports Zendesk connector
Amazon Connect Wisdom now supports content ingestion from Zendesk, adding to the existing Salesforce and ServiceNow connectors already supporting knowledge content. You can now synchronize knowledge articles from Zendesk, enabling your contact center agents to receive Machine Learning (ML) powered real-time recommendations for content that can help them resolve customer issues quickly. In addition to receiving automatic recommendations while interacting with end-customers, agents can manually search for helpful content by entering key words or phrases.
AWS Glue DataBrew now supports the ORC file format as an input
AWS Glue DataBrew customers are now able to clean and transform data stored in the Optimized Row Columnar (ORC) file format, a widely used data format for storing Hive data. When creating a dataset in AWS Glue DataBrew, you can now use ORC files in addition to already supported Apache Avro, Apache Parquet, Microsoft Excel, CSV, and JSON file formats.
Amazon ElastiCache for Redis now supports Global Datastore in two new Regions
Amazon ElastiCache for Redis now supports Global Datastore in the Asia Pacific (Osaka) and Europe (Stockholm) Regions. Global Datastore is a feature of ElastiCache for Redis that provides fully managed, fast, reliable, and secure cross-Region replication. Using Global Datastore, you can write to your ElastiCache for Redis cluster in one Region and have the data available for read in two other cross-Region replica clusters, thereby enabling low-latency reads and disaster recovery across Regions.
Customers use Global Datastore for real-time applications with a global footprint, as it provides cross-Region replication with latency of typically under one second, increasing application responsiveness by providing geo-local reads closer to end users. In the unlikely event of regional degradation, one of the healthy cross-Region replica clusters can be promoted to become the primary cluster with full read and write capabilities. Once initiated, the promotion typically completes in less than a minute, allowing applications to remain available. To secure cross-Region data transfer traffic, Global Datastore uses encryption in transit.
To get started, you can set up a Global Datastore with an existing cluster, or create new clusters and designate a primary (active) cluster. Creating a Global Datastore takes only a few clicks in the AWS Management Console for ElastiCache or can be automated by downloading the latest AWS SDK or AWS CLI. To learn more, see the ElastiCache Global Datastore documentation.
AWS Backup now allows you to restore virtual disks from protected copies of your VMware virtual machines
AWS Backup now provides you with the flexibility to restore individual virtual disks that are attached to your VMware virtual machines (VMs), in addition to allowing you to restore the entire VM from its protected copy. Using AWS Backup, you can restore your VMware virtual disk to a VM in another VMware environment or in AWS as an Amazon Elastic Block Store (EBS) volume.
AWS Backup provides a centralized data protection experience for your hybrid VMware workloads, helping you meet your business and regulatory compliance needs. You can use a single policy in AWS Backup to automate data protection and lifecycle management of your on-premises VMware, VMware Cloud™ on AWS, and VMware Cloud on AWS Outposts environments alongside the 12 AWS services (spanning compute, storage, and databases) supported by AWS Backup.
AWS Backup adds support for VMware Cloud on AWS Outposts
AWS Backup now enables you to protect VMware’s Software-Defined Data Centers (SDDC) on VMware Cloud on AWS Outposts, helping you meet your business and regulatory compliance needs. You can use a single policy in AWS Backup to centrally automate data protection and lifecycle management of your on-premises VMware, VMware Cloud on AWS, and VMware Cloud on AWS Outposts environments alongside the 12 AWS services (spanning compute, storage, and databases) that AWS Backup supports.
AWS Backup provides a consistent and fully managed data protection experience for your hybrid VMware workloads. VMware Cloud on AWS Outposts is a jointly-engineered solution with VMware that delivers VMware Cloud on AWS as a fully managed experience to virtually any datacenter, co-location space, or on-premises facility with AWS Outposts. Using AWS Backup, you can centrally configure data protection policies for VMware workloads hosted on your managed infrastructure, in VMware Cloud on AWS, and on VMware Cloud on AWS Outposts. You can restore your VMware backups to your on-premises data centers, in VMware Cloud on AWS, and on VMware Cloud on AWS Outposts to meet your application data recovery needs.
Amazon WorkSpaces launches APIs to allow custom branding
Starting this week, Amazon WorkSpaces is offering APIs that allow you to customize your users Amazon WorkSpaces experience with your logo, login message, and help links on the WorkSpaces client login page. Using your own brand provides a familiar look and feel when users access your WorkSpaces. Adding your own help links makes it easy for users to access support resources within your organization.
Google Cloud Releases and Updates
Anthos Clusters on AWS
This version adds support for Kubernetes 1.22 clusters.
Because Kubernetes 1.22 replaces some
v1beta APIs with
v1 APIs, your workloads might need to be updated to use 1.22. For more information, see Kubernetes 1.22 Deprecated APIs.
Anthos component releases for March, 2022
Anthos clusters on VMware:
- March 3, 2022: 1.10.2 patch release
- March 15, 2022: 1.8.8 patch release
- March 24, 2022: 1.9.5 patch release
Anthos clusters on bare metal:
- March 14, 2022: 1.8.9 patch release
- March 23, 2022: 1.9.6 patch release
- March 31, 2022: 1.10.3 patch release
- March 31, 2022: 1.11.0 quarterly minor release
Anthos clusters on AWS:
Anthos clusters on Azure:
Anthos Config Management:
Anthos Service Mesh:
- March 2, 2022: 1.12.4 patch release
- March 10, 2022: 1.10.6 & 1.11.8 & 1.12.5 patch release
- March 30, 2022: 1.13.1 patch release
Migrate for Anthos and GKE:
BigQuery now supports the creation of search indexes and a
SEARCH function. This feature is in Preview. This enables you to use Google Standard SQL to efficiently find data elements in unstructured text and semi-structured data.
Analytics Hub is now available in Preview. Analytics Hub is a new service in BigQuery that lets you create secure data exchanges and share analytics assets within and across organizations. This platform allows data providers to publish listings that reference shared datasets. Analytics Hub subscribers can then view and subscribe to these listings.
BigQuery Omni now supports cross-cloud transfer. This feature is in Preview. For more information, see Cross-cloud transfer (AWS) and Cross-cloud transfer (Azure).
This release of Certificate Manager adds support for target SSL proxies and the global external HTTP(S) load balancer (preview).
The Cloud Bigtable HBase replication library lets you replicate data from HBase to Bigtable. You can use the replication library in conjunction with existing migration tools to migrate your HBase data to Bigtable without pausing writes or taking your application offline. The replication library is now generally available (GA).
Cloud Composer 1.18.5 and 2.0.9 release started on April 4, 2022. Get ready for upcoming changes and features as we roll out the new release to all regions. This release is in progress at the moment. Listed changes and features might not be available in some regions yet.
Snapshots are available in Preview.
(Airflow 2) The
max_connections limit in databases is increased. The values are 3 times higher than the default values in Cloud SQL.
When syncing objects in an environment bucket to Airflow components, Cloud Composer now reports problems with file names. Such objects no longer cause the syncing process to fail. Objects in the environment's bucket named ".", having names ending in "/", and directories and objects having the same name are reported.
Airflow 2.2.3 packages are updated: added
apache-airflow-providers-google to version
Cloud Database Migration Service
Database Migration Service now supports migrating Oracle workloads into Cloud SQL for PostgreSQL. Click here to access the documentation.
You can now add indexed
LogEntry fields to your Cloud Logging buckets to make querying your logs data faster.
Cloud Spanner now allows you to export a subset of your database tables to Google Cloud Storage as Avro files.
With dual-region storage, users can now specify two regions within the same continent to create a dual-region of their choosing. This feature is now in Preview.
Generally available: You can now set the number of threads per core on a VM.
Generally available: You can now autoscale both regional and zonal managed instance groups based on a Cloud Monitoring metric that provides an aggregated value for the group. You can also apply filters to group metrics to further scope the scaling signal. For more information, see Scaling based on Cloud Monitoring metrics.
Config Connector version 1.80.0 is now available.
Added support for
Added support for
spec.destination.loggingLogBucketRef to LoggingLogSink.
Config Controller is now supported in region
Config Controller now uses version 1.11.0 for Anthos Config Management (release note)
Dialogflow CX now supports Access Transparency logging of Google personnel access to Dialogflow data.
Dialogflow CX now provides a setting to lock agent editing.
Dialogflow CX system functions have new list-related functions: APPEND, GET, and REMOVE.
Google Cloud VMware Engine
VMware Engine nodes are now available in the following additional zone:
- Ashburn, Northern Virginia, North America (
Retail Search is generally available.
For available features, see Features and capabilities.
For an overview of the steps to take to implement Retail Search, see Implementing the Retail API. To begin setting up Retail Search, go to Before you begin.
There are new data use terms for access and use of customer data for Recommendations AI and Retail Search. To view them, go to Terms for data use.
The new terms will be rolled out to Cloud Console from April 4 to 8, 2022. You will be required to accept these terms within 90 days to continue using Retail solutions uninterrupted.
To accept the data use terms:
- Access the Cloud Console and select your projects using Recommendations AI and/or Retail Search.
- The data use terms will appear on this page. If you wish to continue using our Retail solutions, please accept the terms for all projects using Recommendations AI and/or Retail Search.
If you wish to reject the terms, please disable all projects using the Cloud Retail API (Recommendations AI and Retail Search) in the Cloud Console.
We strongly encourage you to accept the terms before July 13, 2022. If you haven't accepted the terms by this date, you will lose API functionality.
For more details, please review our data use practices at Retail API data use.
Security Command Center
nextSteps attributes were added to the
iamBindingsattribute provides a list of IAM bindings associated with the finding.
nextStepsattribute provides recommended actions you can take to address the finding.
For more information, see the API documentation for the
Vertex AI Model Registry is available in Preview. Vertex AI Model Registry is a searchable repository where you can manage the lifecycle of your ML models. From the Vertex AI Model Registry, you can better organize your models, train new versions, and deploy directly to endpoints.
Vertex AI Workbench is generally available (GA). Vertex AI Workbench is a single notebook surface for all your data science needs that lets you access BigQuery data and Cloud Storage from within JupyterLab, execute notebook code in Vertex AI custom training and Spark, use custom containers, manage costs with idle timeout, and secure your instances with VPC Service Controls and customer managed encryption keys (CMEK).
Features supported include:
- Google-managed instances and the latest GPU support
- Idle shutdown for managed notebooks instances
- Custom containers
- End-user and service account authentication
- Native plug-ins for BigQuery and Cloud Storage
- In-notebook Spark connect to Dataproc clusters
- Jobs support via the managed notebooks executor on Vertex AI custom training and Spark
- One-click deploy for NGC containers
- VPC Service Controls
- Customer managed encryption keys (CMEK)
The Vertex AI Workbench managed notebooks executor is generally available (GA). Use the executor to run notebook files on a schedule or as a one-time execution. You can use parameters in your execution to make specific changes to each run. For example, you might specify a different dataset to use, change the learning rate on your model, or change the version of the model. For more information, see Run notebook files with the executor.
Microsoft Azure Releases And Updates
Update: Azure AD Graph retirement date
Update your apps to use Microsoft Graph.
Generally available: Diagnostic audit logs for Automation accounts
Forward Azure Automation diagnostic audit logs to Log analytics workspace to keep track of changes at the automation account level.
General availability: Azure Backup now supports vault-archive tier for Azure VMs
Azure Backup now provides the capability to move long term retention (LTR) recovery points to low-cost archive tier for Azure Virtual Machines.
General availability: Azure Data Explorer supports Azure private endpoints
TARGET AVAILABILITY: Q1 2022
Enhance your security posture by leveraging Azure private endpoints to connect to your Azure Data Explorer cluster privately
Generally available: Azure storage table access using Azure Active Directory
Accessing Azure storage table using Azure AD for authentication and Azure RBAC for authorization provides superior security over using shared key for access.
Generally available: Support for Private Link in Azure IoT Central
Enhance your security posture by privately connecting devices to Azure IoT Central via private endpoint, eliminating exposure to the public internet.
Public preview: Azure Backup supports metrics and metric alerts for Azure Blobs
You can now monitor the restore job health of your backed up blobs via Azure Monitor metrics and write custom alert rules on these metrics.
Public preview: Capacity reservation support in AKS
You can now use reserved capacity with AKS via the capacity reservation feature.
Generally available: Azure Virtual Machines increase storage throughput by up to 300%
Microsoft is announcing the general availability of the Ebs/Ebds v5 memory optimized Azure VM series, that deliver up to 300% increase in remote storage performance compared to prior generation VMs.
Public preview: Azure Virtual Machines DCsv3 available in Switzerland and West US
Confidential computing DCsv3 and DCdsv3-series virtual machines (VMs) are in preview in Switzerland North and West US.
Generally available: Azure Data Explorer Inline script deployment with ARM Template
We can now build an entire Azure Data Explorer environment with ARM template. Schema entities (e.g. tables, functions, policies) can be deployed without an external storage account.
Generally available: Support for copying tiles added to Azure IoT Central
IoT Central customers will now be able to quickly build new visuals in their dashboards by simply copying an existing tile.
Public preview: Arm64-based Azure VMs can deliver up to 50% better price-performance
New general-purpose and memory-optimized Azure Virtual Machines, which feature Ampere Altra Arm-based processors, deliver even better price-performance than comparable x86-based Azure Linux Virtual Machines.
Generally available: Apache Kafka 2.4 in Azure HDinsight
Apache Kafka 2.4 is now in Azure HDinsight.
Generally available: Apache Spark 3.1.2 in Azure HDinsight
Spark 3.1 is now generally available on HDInsight 4.0 release across all regions.
Public preview: Azure Bastion support for Kerberos authentication
Azure Bastion now supports the Kerberos authentication protocol in public preview.
Have you tried Hava automated diagrams for AWS, Azure and GCP. Get back your precious time and sanity and rid yourself of manual drag and drop diagram builders forever.
Hava automatically generates accurate fully interactive cloud infrastructure and security diagrams when connected to your AWS, Azure or GCP accounts. Once diagrams are created, they are kept up to date, hands free.
When changes are detected, new diagrams are auto-generated and the superseded documentation is moved to a version history. Older diagrams are also interactive, so can be opened and individual resources inspected interactively, just like the live diagrams.
Check out the 14 day free trial here: