In Cloud Computing This Week [Apr 8th 2022]

Amazon OpenSearch Service now allows you to use custom dictionaries with the IK (Chinese) Analysis plugin. With support for custom dictionaries, you can use your preferred keywords and synonyms with IK Analyzer to tailor search results to suit your business needs.

Previously, you could use the IK Analysis plugin in Amazon OpenSearch Service with the default dictionary that came with the plugin. Now, you can upload your dictionary files as custom packages using the Amazon OpenSearch Service console or APIs, and associate them to a domain, which will then be picked up by the IK Analysis plugin. You can also update these dictionary files dynamically, without the need of a blue/green deployment. For more information on using custom packages, please refer to the documentation here. For information on the plugins in Amazon OpenSearch Service, and supported versions, please see the documentation here.

Amazon Elastic Container Service (Amazon ECS) Exec adds support for executing commands in a Windows container running on AWS Fargate. ECS Exec gives you interactive shell or single command access to a running container making it easier to debug issues, diagnose errors, collect one-off dumps and statistics, and interact with processes in the container.

With ECS Exec, you directly interact with the running container without interacting with the host instance, thereby improving the security posture of your Windows container instances. You can enable this feature at a granular level, such as an ECS task or service, to help you maintain tighter security. By using AWS Identity and Access Management (IAM) policies, you can create fine-grained policies to control who can run commands against which clusters, tasks, or containers. Once access is provided, you can audit which user accessed the container using AWS CloudTrail and log each command with output to Amazon Simple Storage Service (Amazon S3) or Amazon CloudWatch Logs. This allows ECS Windows users to safely troubleshoot bugs or system issues encountered during development and gives them a debugging tool for break-glass procedures in production for their containerized applications.

Amazon EventBridge now supports Global endpoints, a simpler and more reliable way for customers to improve the availability of their event-driven applications on AWS. Global endpoint is a new feature that makes it easier for customers to build robust and reliable applications by automatically failing over their event ingestion to a secondary region during service disruptions without the need for manual intervention. Customer can use replication to minimize the data at risk during these service disruptions.

EventBridge is a Serverless event bus service that enables you to create scalable event-driven applications by routing events between your own applications, third-party SaaS applications, and other AWS services via built-in integrations. You can set up routing rules to determine where to send your data, allowing for applications to react to changes in your data and systems as they occur. Amazon EventBridge makes it easy to build event-driven applications because it takes care of event ingestion and delivery, security, authorization, and error handling.

With global endpoints, customers now have the flexibility to manage failures and configure failover criteria using CloudWatch Alarms (via Route53 health checks) to determine when to failover and route events back to the primary region. Once customers publish events to the global endpoint, the events are routed to the event bus in the primary region. If errors are detected in the primary region, a customer’s health check is marked as unhealthy and EventBridge routes incoming events to the secondary region.

Amazon Redshift now supports role-based access control (RBAC), a new enhancement that helps you simplify the management of security privileges in Amazon Redshift. You can use the RBAC feature to control end user access to data at a broad or granular level based on their job role/permission rights and level of data sensitivity.

Amazon Redshift customers can have hundreds or thousands of users who access Amazon Redshift data warehouse from their favorite analytics tool, and they have the requirements to provide different level of security privileges to different groups of users. As an administrator using RBAC, you can create a role using SQL commands, grant a collection of granular permissions, and then assign that role to the end-users. You can also grant object-level, column-level, and system-level permissions to a role. Additionally, RBAC introduces out-of-box system roles and system permissions that allow you to grant different types of administrators with out-of-box roles for DBA, Operator, Security Admin, or customized roles instead of making them superusers.

Amazon Redshift now provides native integration with Microsoft Azure Active Directory (AD), which customers can use for authentication and authorization with tools like Microsoft Power BI. You can now use Azure AD to authenticate access to Amazon Redshift and the end users get their permissions based on their group membership defined in Azure AD.

With this release, as an Amazon Redshift admin, you can register your Azure AD as an Identity Provider (IdP) with Amazon Redshift using a SQL command. You can create database roles with the same names as your groups in IdP and grant privileges to the appropriate database roles. After you configure Azure AD, when an end user logs in to Amazon Redshift cluster authenticating with Azure AD, their group memberships will be retrieved from Azure AD and will be mapped with the right database roles. The user will be authorized to perform tasks based on the privileges on the right roles. You can use the native authentication with Microsoft Power BI and other tools and applications using JDBC/ODBC drivers.

AWS is announcing an integration between AWS AppConfig and Jira in the Atlassian Marketplace. The integration allows feature flags from AWS AppConfig to be tracked in Atlassian’s Jira as individual issues, making it easier for teams to track the release of new capabilities of their software. AWS AppConfig is a feature of AWS Systems Manager. This integration is being announced at the Atlassian Team '22 conference in Las Vegas.  

Feature-flagging is a powerful software technique that allows engineers to release updates in a safer way. A feature is pushed out to production, but is hidden behind a feature flag, stored as configuration data. No users can access the feature until the feature flag is toggled “on.” Once the team is ready to release the feature, it can be released to a small set of users first, and operational impact can be measured just for that cohort. If operational metrics look good, the flag can be toggled on for more users, gradually being released until all users have the new feature. AWS AppConfig Feature Flags also have additional safety guard rails, including flag constraints and validators, which allow flag content to be checked for accuracy prior to being deployed. Other safety guard rails include the ability to automatically rollback a flag if a specified CloudWatch alarm is triggered.  

With this integration, customers can configure AWS AppConfig and Jira to have each feature flag tracked in Jira as a separate issue. Any updates to the feature flag will be tracked in Jira. This allows teams to use Jira to have visibility into all of the issues and tasks that it takes to release a new feature, including what is often the last step: toggling the feature flag to on and rolling it out to customers.

Amazon DocumentDB (with MongoDB compatibility) Performance Insights is a database performance tuning and monitoring feature that helps you quickly assess the load on your database and determine when and where to take action.

Amazon DocumentDB Performance Insights allows developers and admins to measure database performance with an easy-to-understand dashboard that visualizes database load. With one click, you can add a fully managed performance monitoring solution to your DocumentDB instances. Performance Insights automatically gathers the necessary performance metrics and visualizes them in a dynamic dashboard on the Amazon DocumentDB console. You can identify your database’s top performance bottlenecks from a single graph.

Amazon RDS for SQL Server now supports SQL Server Agent job replication. With this new feature, SQL Server Agent jobs created, modified, or deleted on the primary instance will be automatically synchronized to the secondary instance in a Multi-AZ configuration.

The Multi-AZ deployment option provides enhanced availability and data durability by automatically replicating databases between two AWS Availability Zones (in the same AWS Region). These Availability Zones offer you an easier and more effective way to design and operate applications and databases, making them more highly available, fault tolerant, and scalable than traditional single-datacenter infrastructures or multi-datacenter infrastructures.

Beginning April 1, 2022, the inter-Availability Zone (AZ) data transfer within the same AWS Region for AWS PrivateLink, AWS Transit Gateway, and AWS Client VPN is free of charge. Previously, customers incurred an inter-AZ data transfer charge for sending data across availability zones while using these networking services. With this pricing change, inter-AZ data transfer for these services is free of charge, making it even more cost-effective for customers to run multi-AZ workloads.  

AWS customers do not need to make any changes to their existing VPC Interface Endpoints/Client VPN Endpoints/Transit Gateway Elastic Network Interfaces to benefit from this price reduction as these changes will be automatically applied to their AWS bills. Customers can also view their free data transfer usage (for these networking services) in Cost Explorer or Cost & Usage Report. This usage is captured under the “Region_Name-DataTransfer-xAZ-In/Out-Bytes” Usage Type.  

AWS OpsWorks for Configuration Management now supports the current Puppet Enterprise LTS version 2019.8.10. Customers benefit from receiving the update automatically during the weekly system maintenance window scheduled individually by each customer.

With the new version, AWS customers receive many improvements, bugfixes and increased security from resolved CVEs. See Puppet Enterprise's release documentation for the complete list of the enhancements since the previous version running on OpsWorks. The Puppet Enterprise 2019.8 LTS versions are supported by Puppet Inc. until 31 Dec 2022.

This week AWS announced the availability of Map and Location Search UI components for web apps built with React. Amplify Geo, launched last year, enables frontend developers to add location-aware features to their web applications using Amazon Location Service. Developers can now make use of a React component for adding modern mapping features to their React-based web application using a single line of code.

With this release, developers will be able to import the Map React component from Amplify UI (released last year) and include it in their project to display a fully functional Map component. Developers can also make use of additional map features from the underlying React MapGL library to further customize the user experience. Developers also have access to all the existing APIs of Amplify Geo and the Amplify Command Line Interface (CLI) experience to configure their backend resources against Amazon Location Service to implement map and location search features for their web apps.

AWS Controllers for Kubernetes (ACK) for Amazon MemoryDB enables you to define and use MemoryDB resources directly from your Kubernetes cluster. This lets you take advantage of MemoryDB to support your Kubernetes applications without needing to define MemoryDB resources outside of the cluster or run and manage in-memory database capabilities within the cluster. 

Amazon MemoryDB for Redis is a Redis-compatible, durable, in-memory database service that is purpose built for modern applications with microservices architectures. AWS Controllers for Kubernetes (ACK) is a collection of Kubernetes custom resource definitions (CRDs) and custom controllers working together to extend the Kubernetes API and manage AWS resources on your behalf.

To get started, you can download the MemoryDB ACK container image from Amazon ECR and install in minutes. ACK for Amazon MemoryDB is available as a developer preview and is not recommended for production use. To learn more, visit the Amazon MemoryDB product page, and documentation. 

AWS are excited to launch Unified Settings in the AWS Management Console. With Unified Settings, settings will persist across devices, browsers, and services. At launch, Unified Settings will support settings called default language, default Region, and favorite service display. Default language displays your preferred language across the Management Console, default Region sets the AWS Region that loads each time you log in or load a service console, and favorite service display will show services in the favorites bar with either the service icon and full name or only the service icon. Unified Settings is available in all public AWS Regions.

You can access Unified Settings by signing into AWS Management Console navigating to the account menu, and selecting Settings.

AWS Network Firewall is now authorized as FedRAMP Moderate in the following AWS Regions: US East (N. Virginia), US East (Ohio), US West (N. California) and US West (Oregon). You can now use AWS Network Firewall to protect and control access to and from your Amazon Virtual Private Clouds (VPCs) in these regions for workloads that require FedRAMP Moderate categorization level.  

Amazon OpenSearch Service now includes an observability interface and log monitoring features, which provide developers and DevOps engineers with the insights they need to diagnose performance issues faster and reduce application downtime.

Following the introduction of Trace Analytics in Amazon OpenSearch Service, developers and DevOps engineers can find and fix performance problems in distributed applications. Trace Analytics enables customers to analyze trace data alongside log data, helping them to both isolate the source of performance problems and diagnose their root cause. However, correlating trace data with log events required customers to navigate multiple interfaces. Developers must also know exactly which visualizations to create to build monitoring views on their log data.

The new observability capabilities allow developers and DevOps engineers to more easily analyze trace data and log data in a single interface. A Piped Processing Language (PPL) - based event explorer helps developers interactively explore log data and visualize the results in simple to configure charts. Developers can save their PPL-based visualization and view multiple saved visualizations on a custom operational panel. Also integrated into the new observability interface is OpenSearch Notebooks. With notebooks, developers can interactively and collaboratively develop rich reports that combine markdown, SQL/PPL queries, and visualizations with support for multi-timelines and live data so that users can easily tell a story.

Metrics Insights is a new feature from Amazon CloudWatch that is now generally available. As a fast, flexible, SQL based query engine, Metrics Insights enables developers, operators, systems engineers, and cloud solutions architects to identify trends and patterns across millions of operational metrics in real time and helps you use these insights to reduce time to resolution. With Metrics Insights, you can gain better visibility on your infrastructure and large scale application performance with flexible querying and on-the-fly metric aggregations. Use Metrics Insights and other CloudWatch features to monitor your AWS and hybrid environments, and to respond to operational problems promptly.

Metrics Insights provides you with a flexible query capability, where you can aggregate and group your metrics in real-time in order to identify issues quickly. For example, you can analyze thousands of EC2 instances by CPU Utilization to troubleshoot an underperforming application. You can group your instance metrics by InstanceId to narrow down your analysis and pinpoint failing instances rapidly. Once any failing instance is isolated, you can recover the application by rebooting problematic instances. Moreover, you can use your queries to create powerful visualizations using a range of out-of-the-box chart types that will stay up to date as resources are deployed or terminated, helping you proactively monitor and pinpoint issues quickly.

AWS Amplify Studio now offers a visual interface for setting up and managing file storage resources, making it easy to store and serve user-generated content (e.g. photos and videos) from web or mobile apps. With Amplify Studio, you can easily create an Amazon S3 bucket, configure file access levels, integrate storage client libraries into your web or mobile app, and manage files in Studio’s drag and drop file explorer.

Amplify Studio is visual tool for developers to easily add the most important capabilities needed to build an app (e.g. UI components, database tables, GraphQL APIs, authentication, and now file storage). With today’s launch, you can configure file storage directly from the Studio console. Studio provisions an Amazon S3 bucket in your account and automatically creates IAM policies to scope access to files based on defined authorization rules (e.g. for a home listing app, only signed-in users can view favorites, but any user can view listings). Amplify Studio also offers a file explorer with management capabilities such as file previews, drag and drop uploads, and copy/paste code snippets. You can leverage Amplify Studio’s admin capabilities, and invite app administrators to manage files in the file explorer without an AWS account.

Amazon Athena now supports data stored in Amazon Ion format, a richly-typed, self-describing format developed and open-sourced by Amazon. Amazon Ion provides interchangeable binary and text formats which combine the ease of use of text with the efficiency of binary encoding. The Ion format is currently used by internal Amazon teams, by AWS services such as Amazon Quantum Ledger Database (Amazon QLDB), and in the open source SQL query language PartiQL.

Using Athena's new Amazon Ion Serializer/Deserializer (SerDe), you can now create and read Ion tables that can be queried and joined with data in other formats such as Parquet, Avro, and CSV. The Ion format is well-suited for sparsely populated hierarchical data such as medical history records and retail order documents which are complex to model and difficult to optimize for structured queries. Using Athena and Ion, the raw data remains easily readable by domain professionals, can be queried and analyzed using standard SQL queries, and is compact and space-efficient so it saves on log retention and data transfers.

AWS Lambda is announcing Lambda Function URLs, a new feature that makes it easier to invoke functions through an HTTPS endpoint as a built-in capability of the AWS Lambda service. You can add Function URLs to new and existing functions in a single click from the console, or in a couple of lines using AWS CloudFormation or the AWS Serverless Application Model. Function URLs are ideal for getting started with buiding web services on Lambda or for common tasks like building web hooks.

Each Function URL points to a single Lambda function or function alias and is secured by AWS Identity and Access Management (IAM) by default. You can optionally configure Function URLs for public access to allow unauthenticated invokes or to use custom authorization logic that you built within your function’s handler. The function’s resource-based policy is always in effect and must be updated to allow public access if you choose to not use IAM to authenticate and authorize principals calling your Function URL. You can review findings reported by IAM Access Analyzer to identify Function URLs that allow public access. Refer to the Lambda Developer Guide to learn more about how to control access to your Function URLs.

Lambda Function URLs are now available in Regions where Lambda is available  except for the AWS China Regions. There is no additional cost for using this feature — Function URLs are included in the regular cost of invoking Lambda functions.

AWS Backup enhances its support for Amazon FSx for Lustre file systems by now allowing protection of data on its Persistent 2 deployment type. AWS Backup’s centralized data protection capabilities across AWS services including the ability to create immutable, logically air-gapped backups across AWS Regions and accounts, prove-able compliance, and single-click restore, are now available for Amazon FSx for Lustre Persistent 2 file systems.

AWS Backup’s support for Amazon FSx for Lustre Persistent_2 file systems is available in the following AWS Regions: US East (N. Virginia, Ohio), US West (Oregon), Canada (Central), EU (Frankfurt, Ireland), and Asia Pacific (Tokyo). 

AWS are excited to announce the general availability of Amazon Athena ACID transactions, a new capability that adds insert, update, delete, and time travel operations to Athena's SQL data manipulation language (DML). Athena ACID transactions enable multiple concurrent users to make reliable, row-level modifications to their Amazon S3 data from Athena's console, API, and ODBC and JDBC drivers. Built on the Apache Iceberg table format, Athena ACID transactions are optimized for Amazon S3 storage, support seamless schema evolution, and ensure atomic operations across other services and engines that support the Iceberg table format such as Amazon EMR, Apache Spark, and Apache Flink.

Athena ACID transactions can help you make business- and regulatory-driven updates to your data using familiar SQL syntax and without requiring a custom record locking solution. Responding to a data erasure request is as simple as issuing a SQL DELETE operation. Making manual record corrections can be accomplished via a single UPDATE statement. And with time travel capability, you can recover data that was recently deleted using just a SELECT statement.

To learn more about Athena ACID transactions and Apache Iceberg integration, see Using Amazon Athena Transactions and Using Iceberg Tables in the Athena User Guide.

AWS Amplify Hosting now uses GitHub Apps to obtain access to your GitHub code repositories. The Amplify GitHub App offers all the same features as the existing OAuth app, and additionally gives you complete control over scoping permissions to specific repositories in your account or organization.

All new Amplify projects linked to GitHub repositories will now require using a GitHub App. Your existing projects linked to Amplify via the GitHub OAuth app will continue to be supported, but you can choose to migrate to the new GitHub App to further restrict permissions to your GitHub account.

Amazon OpenSearch Service now offers support for cross-cluster search on existing domains. Cross-cluster search enables you to perform searches and aggregations across multiple domains with a single query or from a single OpenSearch Dashboard interface. With this feature, you can separate heterogeneous workloads into multiple domains, which provides better resource isolation, and the ability to tune each domain for their specific workloads to improve efficiency and reduce costs.

Previously, you had to create a new domain to use cross-cluster search. With this release, you can continue to use your existing domains to take advantage of cross-cluster search. Cross-cluster search lets customers set up a secure connection between domains. Domain owners have the flexibility to create, view, remove and monitor connections to or from their domains. All cross-cluster search requests between domains are encrypted and can be secured with fine-grained access policies. Cross-cluster search works across accounts within a single Region.

Customers in the AWS Asia Pacific (Jakarta) Region can now use AWS Resource Access Manager (AWS RAM).

AWS RAM helps you securely share your AWS resources across AWS accounts, within your organization or organizational units (OUs) in AWS Organizations, or with AWS Identity and Access Management (IAM) roles and IAM users for supported resource types.

AWS AppSync is a fully managed service that enables developers to build digital experiences based on real-time data. You can easily and effortlessly configure any supported data source to push and publish real-time data updates to subscribed clients with connection management, scalability, fan-out and broadcasting all handled by AppSync, allowing you to focus on your application business use cases and requirements instead of dealing with the complex infrastructure to manage real-time WebSocket connections at scale.

AWS AppSync now supports enhanced subscriptions filtering providing the ability to invalidate subscriptions and perform advanced filtering on the server side (instead of the client), which simplifies application development and reduces data sent to clients with improved authorization logic over data.

These new capabilities make it easier to use AppSync to build engaging digital experiences, such as gaming leaderboards, e-learning, social media, live streaming, sports, media, audience engagement, interactive chatrooms, or IoT dashboards for connected cars, healthcare or smart homes.

Amazon EC2 Console introduces the new and improved launch experience - a quicker and easier way to launch an instance. The new design provides a single page layout allowing you to view all your settings in one location. You no longer need to navigate back and forth between steps to ensure your configuration is correct. The new design also introduces a summary panel, that provides an overview and helps navigate the page.  

The new inline AMI selector provides a simpler way of selecting an OS and version. It also displays your recently used AMIs so that you can quickly select frequently used AMIs. The compare instance types page allows you to search, sort and filter by various instance type attributes, thus making it easier to decide which instance type to use. The new design also introduces simple and advanced views, helping you launch an instance without having to learn about advanced concepts that are not needed for your use cases.  

This new experience is available in all AWS Regions except AWS GovCloud (US) Region and AWS China Regions. Customers can choose to revert back to the old experience, or switch between the two experiences. The new experience will be made the default over the next month starting April 5, 2022.

Amazon OpenSearch Service now supports cross-cluster replication on existing domains. Cross-cluster replication enables you to automatically copy and synchronize indexes from one domain to another at low latency in same or different AWS accounts or Regions. With cross-cluster replication, you can achieve high availability for your mission critical applications with sequential data consistency.

Previously, you had to create a new domain to use cross-cluster replication. With this release, you can now enable cross-cluster replication on your existing domain. Cross-cluster connections help customers set up a secure connection between domains. With cross-cluster replication for Amazon OpenSearch Service, you can replicate indexes at low latency from one domain to another without needing additional technologies. You can continuously monitor the replication status via APIs. Additionally, if you have indexes that follow an index pattern, you can create rules to automatically replicate them.

You can now use AWS PrivateLink to privately access the Amazon FSx Application Programming Interface (Amazon FSx API)  from your Amazon Virtual Private Cloud (Amazon VPC) without using public IPs, and without requiring the traffic to traverse across the Internet.

AWS PrivateLink provides private connectivity between VPCs, AWS services, and your on-premises networks, without exposing your traffic to the public internet. You can now manage your Amazon FSx file systems using the Amazon FSx API without requiring an Internet Gateway in your VPC, instead using AWS PrivateLink with private IP connectivity and security groups to help meet your compliance requirements.

RStudio on Amazon SageMaker is the industry’s first fully managed RStudio Workbench in cloud. Data scientists and developers can launch the familiar RStudio integrated development environment (IDE) in a single click to build, train, and deploy models on Amazon SageMaker. You can elastically dial up and down the underlying compute resources without interrupting your work, and even switch to programming using Python on Amazon SageMaker Studio notebooks. All your work, including code, datasets, repositories, and other artifacts are synchronized between the two environments. You can bring your current RStudio license to Amazon SageMaker at no additional charge to quickly get started. Starting today, you can now automate the process of creating domains and adding user profiles for RStudio on SageMaker using AWS CloudFormation.

You can now use CloudFormation code templates to model the infrastructure set up for RStudio on SageMaker and configure its access for data scientists and developers in your organization. This way you can automate the provisioning of RStudio on SageMaker, enabling you to apply DevOps best practices and meet configuration standards across all AWS accounts and regions.  

The feature is now available in all AWS regions where RStudio on Amazon SageMaker is available. To get started with CloudFormation for RStudio on SageMaker, see the CloudFormation user guide. To learn more about RStudio on SageMaker visit the SageMaker user guide.

In addition to the existing Amazon Pinpoint console capabilities, the Amazon Pinpoint API 2.0 provides customers increased control over their SMS and voice sending and configuration.

Customers now have the flexibility to manage their SMS and voice setup using an API. This release also includes a new SDK for sending SMS and voice messages called Amazon PinpointSMSVoiceV2 SDK. Amazon Pinpoint API version 2.0 specifically brings new valuable management capabilities that include keywords, phone number management, pools, and opt-out lists. Customers can also view account attributes and manage spending limits using the account status APIs.

Amazon Pinpoint API version 2.0 also supports the use of configuration sets for SMS event capture, which was previously  supported only through API for voice events. Customers can now select how they want to capture their events for both SMS and voice. They can use Amazon CloudWatch Logs, Amazon Kinesis Data Firehose, and Amazon Simple Notification Service Amazon SNS topics.

This week, AWS are announcing the availability of Amazon Data Lifecycle Manager in the AWS Asia Pacific (Jakarta) Region.

Amazon Data Lifecycle Manager (DLM) helps customers automate the creation, sharing, copying and retention of Amazon EBS Snapshots and EBS-backed AMIs via policies. Amazon DLM eliminates the need for complicated custom scripts to manage your EBS resources, saving you time and money.

You can create policies that automatically create snapshots from EBS volumes and multi-volume crash-consistent snapshots of EBS Volumes attached to EC2 Instances. You can also configure your policies to copy tags from EC2 Instances and EBS Volumes to the snapshots that are created, as well as automatically copy your snapshots to another region or account for disaster recovery. With EBS-backed AMI policies, you can set DLM to automatically share, deprecate, and deregister AMIs and then delete the underlying snapshots, ensuring you do not pay for AMI snapshots that are no longer required.  

You can now run OpenSearch and OpenSearch Dashboards version 1.2 on Amazon OpenSearch Service. This version includes a new observability interface in OpenSearch Dashboards, improvements to several other features such as anomaly detection, k-NN, and SQL/PPL.

Amazon OpenSearch Service lets you run and scale OpenSearch and open-source Elasticsearch (up to version 7.10) clusters with ease. OpenSearch is a community-driven, open source search and analytics suite, originally derived from Apache 2.0 licensed Elasticsearch 7.10.2 & Kibana 7.10.2. It consists of a search engine, OpenSearch, and visualization capabilities powered by OpenSearch Dashboards.

Amazon Relational Database Service (Amazon RDS) Proxy now supports Amazon RDS for PostgreSQL and Amazon Aurora PostgreSQL - Compatible edition major version 13. PostgreSQL 13 includes many new features and performance enhancements such as de-duplication of B-tree index entries, improved performance for queries that use partitioned tables, better query planning when using extended statistics, parallelized vacuuming of indexes, and incremental sorting.

Amazon RDS Proxy is a fully managed and a highly available database proxy for Amazon RDS and Amazon Aurora databases. Amazon RDS Proxy helps improve application scalability, resiliency, and security.

Amazon ElastiCache for Redis now supports Global Datastore in the Asia Pacific (Osaka) and Europe (Stockholm) Regions. Global Datastore is a feature of ElastiCache for Redis that provides fully managed, fast, reliable, and secure cross-Region replication. Using Global Datastore, you can write to your ElastiCache for Redis cluster in one Region and have the data available for read in two other cross-Region replica clusters, thereby enabling low-latency reads and disaster recovery across Regions.

Customers use Global Datastore for real-time applications with a global footprint, as it provides cross-Region replication with latency of typically under one second, increasing application responsiveness by providing geo-local reads closer to end users. In the unlikely event of regional degradation, one of the healthy cross-Region replica clusters can be promoted to become the primary cluster with full read and write capabilities. Once initiated, the promotion typically completes in less than a minute, allowing applications to remain available. To secure cross-Region data transfer traffic, Global Datastore uses encryption in transit.  

To get started, you can set up a Global Datastore with an existing cluster, or create new clusters and designate a primary (active) cluster. Creating a Global Datastore takes only a few clicks in the AWS Management Console for ElastiCache or can be automated by downloading the latest AWS SDK or AWS CLI. To learn more, see the ElastiCache Global Datastore documentation.  

AWS Backup now provides you with the flexibility to restore individual virtual disks that are attached to your VMware virtual machines (VMs), in addition to allowing you to restore the entire VM from its protected copy. Using AWS Backup, you can restore your VMware virtual disk to a VM in another VMware environment or in AWS as an Amazon Elastic Block Store (EBS) volume.

AWS Backup provides a centralized data protection experience for your hybrid VMware workloads, helping you meet your business and regulatory compliance needs. You can use a single policy in AWS Backup to automate data protection and lifecycle management of your on-premises VMware, VMware Cloud™ on AWS, and VMware Cloud on AWS Outposts environments alongside the 12 AWS services (spanning compute, storage, and databases) supported by AWS Backup.

AWS Backup now enables you to protect VMware’s Software-Defined Data Centers (SDDC) on VMware Cloud on AWS Outposts, helping you meet your business and regulatory compliance needs. You can use a single policy in AWS Backup to centrally automate data protection and lifecycle management of your on-premises VMware, VMware Cloud on AWS, and VMware Cloud on AWS Outposts environments alongside the 12 AWS services (spanning compute, storage, and databases) that AWS Backup supports.

AWS Backup provides a consistent and fully managed data protection experience for your hybrid VMware workloads. VMware Cloud on AWS Outposts is a jointly-engineered solution with VMware that delivers VMware Cloud on AWS as a fully managed experience to virtually any datacenter, co-location space, or on-premises facility with AWS Outposts. Using AWS Backup, you can centrally configure data protection policies for VMware workloads hosted on your managed infrastructure, in VMware Cloud on AWS, and on VMware Cloud on AWS Outposts. You can restore your VMware backups to your on-premises data centers, in VMware Cloud on AWS, and on VMware Cloud on AWS Outposts to meet your application data recovery needs.

• 1.22.8-gke.300
• 1.21.11-gke.100
• 1.20.15-gke.2200

This version adds support for Kubernetes 1.22 clusters.

Because Kubernetes 1.22 replaces some v1beta APIs with v1 APIs, your workloads might need to be updated to use 1.22. For more information, see Kubernetes 1.22 Deprecated APIs.

Cloud Composer 1.18.5 and 2.0.9 release started on April 4, 2022. Get ready for upcoming changes and features as we roll out the new release to all regions. This release is in progress at the moment. Listed changes and features might not be available in some regions yet.

Snapshots are available in Preview.

(Airflow 2) The max_connections limit in databases is increased. The values are 3 times higher than the default values in Cloud SQL.

When syncing objects in an environment bucket to Airflow components, Cloud Composer now reports problems with file names. Such objects no longer cause the syncing process to fail. Objects in the environment's bucket named ".", having names ending in "/", and directories and objects having the same name are reported.

Airflow 2.2.3 packages are updated: added keyrings.google-artifactregistry-auth, updated apache-airflow-providers-google to version 6.6.0.