In Cloud Computing This Week [Apr 9th 2021]

 

Amazon RDS for SQL Server now support SQL Server extended events, a performance monitoring system that can be used to monitor and troubleshoot performance problems in SQL Server.  

Amazon Athena users can now view the execution plan for their queries. When querying large, complex datasets, users are often unaware of how their query will be executed or how optimizations will impact performance. Now generally available for Amazon Athena, the EXPLAIN statement helps users understand and improve the efficiency of their queries.

Amazon EC2 Auto Scaling Warm Pools help applications scale out faster and save money by requiring fewer continuously running instances. With Warm Pools, customers can improve the elasticity of their applications by creating a pool of pre-initialized EC2 instances that are ready to quickly serve application traffic. Additionally, Warm Pools offer a way to save compute costs by placing pre-initialized instances in a stopped state.

You can now use AWS CloudFormation templates to create Amazon Connect Customer Profiles resources. This feature helps you to use CloudFormation to deploy Amazon Connect Customer Profiles resources — along with the rest of your AWS infrastructure — in a secure, efficient, and repeatable way. You can use CloudFormation templates to specify Amazon Connect Customer Profiles domains and pre-built connectors to bring in customer data from your applications to create customer profiles.

You can now use AWS PrivateLink to access Amazon Connect Customer Profiles directly as a private endpoint within your secure, virtual network using a new interface VPC endpoint in your Virtual Private Cloud. This extends the functionality of existing gateway endpoints by enabling you to access Amazon Connect Customer Profiles using private IP addresses. API requests and HTTPS requests to Amazon Connect Customer Profiles from your on-premises applications are automatically directed through interface endpoints, which connect to Customer Profiles securely and privately through PrivateLink.

This week, Amazon Lookout for Equipment is generally available to all AWS customers. Amazon Lookout for Equipment is a machine learning (ML) industrial equipment monitoring service that detects abnormal equipment behavior so customers can take action and avoid unplanned downtime.

eksctl , the official CLI for Amazon Elastic Kubernetes Service (Amazon EKS), now lets you create node groups inside an Amazon EKS cluster by simply providing node requirements in vCPUs, memory, or GPUs. Additionally, eksctl now lets you preview the cluster configuration before creating a new cluster or a new node group by using the new dry-run mode

• C5a instances are now available in AWS Europe (Paris), Africa (Cape Town), Europe (Milan), and Middle East (Bahrain) Regions.
• C5ad instances are now available in AWS South America (Sao Paulo), US East (Ohio), Africa (Cape Town), Europe (Milan) and Middle East (Bahrain) Regions.
• M5a, R5a and T3a instances are now available in AWS Europe (Milan) Region
• 8xlarge and 16xlarge sizes of Amazon EC2 M5ad and R5ad instances are now available in US East (Ohio) and US West (Oregon) Regions.

AWS Control Tower is releasing four new, less restrictive, mandatory preventative S3 Log Archive guardrails and changing the guidance of the four previous, more restrictive, preventative S3 Log Archive guardrails from mandatory to elective. With these guardrail changes you can now separate S3 Log Archive governance for resources created by AWS Control Tower from governance for the S3 resources you create.  

AWS IoT Analytics is a fully managed service that makes it easy to collect, pre-process, enrich, store and analyze IoT data at scale to run sophisticated analytics on massive volumes of IoT data and gain insights into how IoT devices are operating without having to worry about the complexity typically required to build an analytics platform.

AWS customers can use ServiceNow as a single place to track operational items from AWS Systems Manager OpsCenter. ServiceNow users can now view, investigate, and resolve operational items related to their AWS resources, while using their existing workflows in ServiceNow. Additionally, they can use AWS Systems Manager Automation runbooks from ServiceNow to remediate known issues. AWS Systems Manager OpsCenter enables operators to track and resolve operational items related to AWS resources in a central place, helping reduce time to issue resolution.

AWS RoboMaker now supports the ability to configure simulation tools to diagnose or interact with RoboMaker simulation jobs. This simulation tool configuration feature provides developers flexibility to use custom simulation tools in place of, or in addition to the default simulation tools (Gazebo, rqt, rviz and terminal access tools) provided by default in RoboMaker.

AWS Step Functions now features a data flow simulator in the Step Functions console, making it easier to evaluate the input and output processing for your state machines, allowing you to build workflows faster.

Amazon GuardDuty is now available in the AWS Asia Pacific (Osaka) Region. You can now continuously monitor and detect security threats in the region to help protect your AWS accounts, workloads, and data stored in Amazon S3.

Amazon Keyspaces (for Apache Cassandra), a scalable, highly available, and fully managed Cassandra-compatible database service, now offers Federal Information Processing Standards (FIPS) 140-2 compliant endpoints to help you run highly regulated workloads more easily.

AWS CloudFormation StackSets  announces the ability to deploy CloudFormation Stacks to multiple AWS regions in parallel. This reduces the overall stack set provisioning times and provides a performance improvement when using StackSets. StackSets extend the functionality of stacks by enabling you to create, update, or delete stacks across multiple AWS accounts and regions with a single operation. Currently, using StackSets you can specify the region order preference to deploy stacks across AWS regions in a sequential manner. StackSets now expands on that by providing the additional ability to specify deploying across AWS regions in parallel as part of the deployment preferences for the stack set.

Amazon Fraud Detector is a fully managed service that makes it easy to identify potentially fraudulent online activities, such as the creation of fake accounts or online payment fraud, using customized machine learning (ML) models. To train an ML model, customers provide a dataset that contains examples of legitimate and fraudulent events related to the business activity they want to evaluate for fraud risk. These fraud datasets are often highly imbalanced. For example, a dataset containing one million past transactions may only include 5,000 fraudulent ones, corresponding to a fraud rate of 0.5%. This imbalance in the training data can lead to lower model performance, which results in the customer capturing less fraud. There are a number of common techniques used to treat imbalanced datasets, but applying them requires ML expertise and the best technique often depends on the characteristics of the particular dataset.

AWS Glue now offers missing value imputation on incomplete datasets. You can use the Fill Missing Values transform to get predicted values for blank entries in a column of your data. This feature makes it easy to clean datasets that have null or empty values so that they don’t need to be accounted for at query time.

You can now launch RabbitMQ 3.8.11 brokers on Amazon MQ. This patch update to RabbitMQ contains several fixes and new features compared to the previously supported version, RabbitMQ 3.8.6.

 

When AWS launched IAM Access Analyzer, they started by helping you remove unintended public and cross account access by analyzing your existing permissions. Recently, IAM Access Analyzer added policy validation to help you set secure and functional permissions during policy authoring. Now, we are taking that a step further and generating policies for you. You can now use IAM Access Analyzer to generate fine-grained policies based on your access activity found in your CloudTrail. When you request a policy, IAM Access Analyzer gets to work and generates a policy by analyzing your CloudTrail logs to identify your activity. The generated policy makes it easier to grant only the required permissions for your workloads.

Amazon ElastiCache now supports tag-based access control and adding tags to additional cluster resources. By using tags for access control, your AWS Identity and Access Management (IAM) users, groups, and roles get access only to the Amazon ElastiCache resources with matching tags. This provides you the capability to scale by reducing the number of distinct permissions you need to create and manage in your AWS account. You can define AWS IAM policies that grant or deny access to a resource based on its tags. Furthermore, you can use specific condition context keys to customize your AWS IAM policies to limit specific behaviors on Amazon ElastiCache resources. For a complete list of condition context keys for Amazon ElastiCache, visit the Amazon ElastiCache documentation .

AWS Backup now enables you to use cost allocation tags for Amazon Elastic File System (Amazon EFS) backups within AWS Billing and Cost Management. With cost allocation tags, you can get better transparency and visibility into your Amazon EFS backup costs. For example, you can allocate your Amazon EFS backup costs to different departments (e.g., finance, engineering) or analyze Amazon EFS backup costs across your various workloads to better understand and manage your costs.

 

Last week, AWS announced the Amazon Route 53 Resolver DNS Firewall, a managed firewall that enables customers to block DNS queries made for known malicious domains and to allow queries for trusted domains. DNS Firewall provides more granular control over the DNS querying behavior of resources within your Amazon Virtual Private Clouds (VPCs).

With thirteen more regions, EBS Multi-Attach for Provisioned IOPS io2 is now available in US East (N. Virginia), US East (Ohio), US West (Oregon), US West (N. California), EU (Ireland), EU (Frankfurt), Asia Pacific (Singapore), Asia Pacific (Tokyo), Asia Pacific (Mumbai), Asia Pacific (Sydney), Asia Pacific (Seoul), Canada (Central), EU (London), EU (Stockholm), Middle East (Bahrain), and Asia Pacific (Hong Kong).

With Amazon Interactive Video Service (Amazon IVS) you can now save your live video content to Amazon Simple Storage Service (Amazon S3). Saved video is available for actions like editing or replaying as a video on-demand (VOD).

AWS announces a new feature of AWS Systems Manager Parameter Store that supports the removal of a label associated with a parameter, to enable customers to reorganize Parameter Store parameters with new labels.

Amazon EC2 G4ad instances which provide the best price performance for graphics intensive applications in the cloud are now available in US East (Ohio), Europe (Frankfurt and London), Asia Pacific (Tokyo), and Canada (Central). G4ad instances are powered by AMD Radeon Pro V520 GPUs and second-generation AMD EPYC processors, and provide up to 45% better price performance over G4dn instances for graphics intensive applications such as virtual workstations, game streaming, and graphics rendering.

Amazon CodeGuru Reviewer is a developer tool that leverages automated reasoning and machine learning to detect potential defects that are difficult to find in your code and offers suggestions for improvements. Today, we are excited to announce, a new repository size-based pricing model with a price reduction of up to 90%, making it easier for customers to predictably scale their automated code reviews across their software development processes.

The data management experience in the AWS Amplify Admin UI is now generally available with new capabilities for seed data generation, data sorting, and data filtering. Launched at re:Invent 2020, the Amplify Admin UI is an externally hosted console for frontend teams to visually create an app backend and manage the app content and users.

Streaming ETL jobs in AWS Glue can now read from Amazon Kinesis Data Streams in a different AWS account than the one running the AWS Glue job. This feature allows you to run your ETL jobs from the consumer account rather than the data producer account, keeping all ETL activity in one location and simplifying data-integration management.

Run Command, a capability of AWS Systems Manager, now displays up to 24,000 characters of the output log of a Run Command invocation from the console. This is an increase from the 2,500 characters available in the console before this enhancement. Additionally, you can now view the output and error logs separately, and you can copy the logs or download them as text files directly from the console. This feature reduces the need to navigate to the Amazon Simple Storage Service (Amazon S3) or Amazon CloudWatch consoles to view and download logs for Run Command invocations, which helps you troubleshoot invocation issues more quickly.

Amazon SageMaker Pipelines, the first purpose-built, continuous integration and continuous deployment (CI/CD) service for machine learning (ML), is now supported as a target for routing events in Amazon EventBridge. This enables customers to trigger the execution of the Amazon SageMaker model building pipeline based on any event in their event bus or on a schedule by selecting the pipeline as the target in Amazon EventBridge. For example, customers can set up EventBridge to trigger the execution of the SageMaker model building pipeline when a new file with the training data set is uploaded to an Amazon S3 bucket or when the SageMaker Model Monitor indicates a deviation in model quality through alarms in Amazon CloudWatch metrics. Customers can also create rules in Amazon EventBridge that trigger the pipeline execution on an automated schedule.

Amazon MQ is now available in a total of 20 regions, with the addition of the Japan (Osaka) region.

Starting today, you can use the Amazon WorkSpaces macOS client application with Common Access Card (CAC) and Personal Identity Verification (PIV) smart cards. Smart card support is available on WorkSpaces using the WorkSpaces Streaming Protocol (WSP). WSP is a cloud-native streaming protocol that enables a consistent user experience when your end users are accessing their WorkSpaces across global distances and unreliable networks. To learn more, see Amazon WorkSpaces Streaming Protocol.

Amazon Macie is now available in AWS Asia Pacific (Osaka) Region. You can now discover sensitive data stored in this region to help protect your AWS workloads and data in Amazon S3.

Patches 1.9.1 / 2.7.1 / 3.4.1 / 4.0.1 now available for customers using Amazon Aurora PostgreSQL. For detailed release notes visit our version documentation . You can apply the new patch version in the AWS Management Console, via the AWS CLI, or via the RDS API. For detailed instructions, please see our technical documentation .

You can now configure budgets actions to enforce budget limits for your AWS Budgets resources in your AWS CloudFormation templates, stacks, and StackSets. With budget actions, you can define the action you want to take in your account when a budget exceeds the threshold you defined (actual or forecasted amounts). This level of control will allow you to reduce unintentional overspending in your account. You can choose among three action types: Identity and Access Management (IAM) policy, Service Control policy (SCPs), or target running instances (EC2 or RDS). For example, you can choose to apply a custom “Deny EC2 Run Instances” IAM policy to a user, group, or role in your account, once your monthly budget for EC2 has been exceeded. With the same budget threshold, you can configure a second action that shuts down specific EC2 instances within a particular AWS Region.

AWS WAF now lets you generate labels and customize your WAF rules based on those labels. With this feature, you can configure WAF to add descriptive labels to web requests when a WAF rule matches the request, regardless of the action associated with the rule. You can also check for the presence of those labels in subsequent WAF rules and combine with other WAF rules to take action on web requests that include the label. Creating a label also generates a corresponding CloudWatch metric and adds the label to your WAF logs for improved visibility.

You can now clean and transform data with an interactive, point-and-click visual interface from Amazon Redshift, Snowflake, Microsoft SQL Server, MySQL, Oracle Database, and PostgreSQL through native JDBC connectors in AWS Glue DataBrew. In just a few clicks, you can configure these JDBC connections from the AWS Management Console  to directly explore and experiment with datasets from AWS data lakes, data warehouses, and databases without writing code.

Amazon Virtual Private Cloud (Amazon VPC) flow logs now makes it easier to query VPC flow logs using Amazon Athena. With a few clicks, you can now automate the integration between Athena and your VPC flow logs delivered to Amazon Simple Storage Service (S3). You can also choose from a set of predefined Athena queries  to derive actionable insight such as the total egress traffic from your VPCs, identify the top talkers in your subnets, or troubleshoot anomalies in your VPC traffic.

Starting today, Bring Your Own IP (BYOIP) is available in four additional AWS Regions: GovCloud (US-East), GovCloud (US-West), Asia Pacific (Hong-Kong), and US West (Northern California).  

Amazon Elastic Kubernetes Service (EKS) clusters running in the AWS GovCloud (US) Regions are now compliant with the Federal Risk and Authorization Management Program (FedRAMP) High baseline.

AWS Firewall Manager now enables security administrators to deploy the recently launched AWS WAF Bot Control across accounts in their organization, from a central administrator account. AWS WAF Bot Control is a new managed rule group that gives you visibility and control over common and pervasive bot traffic to your applications. You can use Bot Control to protect your web applications from automated bots that consume excess resources, skew metrics, cause downtime, or perform other malicious activities.

AWS Batch customers can now specify EFS file systems in their AWS Batch job definitions. AWS Batch jobs using EFS will automatically mount the file systems specified by the customer in the job definition and make them available to the jobs, across Availability Zones. This enables persistent, shared storage to be defined and used at the job level.

Amazon Redshift now supports managed VPC endpoints (powered by AWS PrivateLink) to connect to your Amazon Redshift cluster in a Virtual Private Cloud (VPC). With an Amazon Redshift-managed endpoint, you can now privately access your Amazon Redshift data warehouse within your (VPC) from your client applications in another VPC within the same or another AWS account and running on-premises without using public IPs or requiring traffic to traverse the Internet.

AWS Firewall Manager now supports Amazon Route 53 Resolver DNS Firewall, making it easy for security administrators to identify the set of DNS Firewall rules they wish to use and deploy across their organization, from a central place. AWS recently launched Amazon Route 53 Resolver DNS Firewall, a managed firewall feature that enables customers to block DNS queries made for known malicious domains and to allow queries for trusted domains. DNS Firewall provides more granular control over the DNS querying behavior of resources within your Amazon Virtual Private Clouds (VPCs). Now that Firewall Manager supports DNS Firewall, you can identify the set of DNS Firewall rules you wish to use and deploy them across multiple accounts, organizational units (OUs), and VPCs, all from a single central security administrator account.

AWS announces a new feature of AWS Systems Manager Parameter Store that helps you discover public parameters more easily.

You can now use the AWS Glue Schema Registry , a serverless and free feature of AWS Glue, in the Europe (Milan), Middle East (Bahrain), Africa (Cape Town), and Asia Pacific (Hong Kong) regions to validate and control the evolution of streaming data using registered Apache Avro schemas.  

AWS Backint Agent version 1.03 is now available in all commercial regions, including AWS GovCloud (US) Regions and the recently announced AWS Asia Pacific (Osaka) Region.

AWS WAF announces the launch of AWS WAF Bot Control, which gives you visibility and control over common and pervasive bots that consume excess resources, skew metrics, cause downtime, or perform other undesired activities. With Bot Control, you can easily monitor, block, or rate-limit pervasive bots, such as scrapers, scanners, and crawlers, or you can allow common bots, such as status monitors and search engines. You can add the Bot Control managed rule group alongside other Managed Rules for WAF or your own custom WAF rules to protect your applications.

AWS Snowball Edge Compute Optimized is now available in the AWS Asia Pacific (Singapore) Region. Snowball Edge Compute Optimized is a secure, rugged device that brings AWS computing and storage capabilities, such as Amazon EC2, Amazon EBS, Amazon S3, AWS IoT Greengrass, AWS Lambda functions, and AWS IAM to your edge environments for machine learning, data analytics, processing, and local storage. You can use Snowball Edge devices in environments with intermittent connectivity (like manufacturing, industrial, and transportation) or in extremely remote locations (like military or maritime operations). These devices may also be rack mounted and clustered together to build larger installations.

The new AWS Storage Gateway management console  makes it easier for you to create, manage, and monitor resources such as file shares, tapes, and volumes. In addition to a refreshed look and feel, you can now connect your gateway with a simple activation key to help speed up deployment, and create new file shares using a streamlined process. You can easily configure your gateway to use Amazon Virtual Private Cloud (VPC) endpoints and leverage enhanced troubleshooting information for the endpoint configuration. Throughout the console, contextual information about your Storage Gateway resources is provided as part of the help panel, allowing you to easily find answers to common questions and browse related User guide content.

Following the announcement of updates in MySQL database versions 5.6  , 5.7 , and 8.0 , AWS have updated Amazon Relational Database Service (Amazon RDS) for MySQL to support MySQL minor versions 5.6.51, 5.7.33, and 8.0.23. We recommend that customers upgrade to any of the latest minor versions to fix known security vulnerabilities in prior versions of MySQL, and to benefit from the numerous bug fixes, performance improvements, and new functionality added by the MySQL community. Learn more about upgrading your database instances in the Amazon RDS User Guide , including automatic minor version upgrades.

Posted On: Mar 31, 2021

We are excited to announce that Amazon Transcribe Custom Language Models (CLM) now support Australian English, British English, Hindi and US Spanish. Amazon Transcribe is an automatic speech recognition (ASR) service that makes it easy for you to add speech-to-text capabilities to your applications. CLM allows you to use pre-existing data to build a custom speech engine for your specific batch transcription use cases. No prior machine learning experience is required to create your CLM.

AWS announced the launch of Amazon Route 53 Resolver DNS Firewall, a managed firewall that enables customers to block DNS queries made for known malicious domains and to allow queries for trusted domains. DNS Firewall provides more granular control over the DNS querying behavior of resources within your Amazon Virtual Private Clouds (VPCs).  

AWS Direct Connect now offers IEEE 802.1AE MAC Security Standard (MACsec) encryption for 10Gbps and 100Gbps Dedicated Connections at select locations to secure your high-speed, private connectivity to the cloud.

Amazon Connect is now available in the Canada (Montreal) AWS Region, increasing the number of AWS Regions where Amazon Connect is available to nine. You can claim toll-free and local telephone numbers from Canadian telephony suppliers.

 

Announcing Amazon CloudWatch Metric Streams - a new feature that enables customers to create a continuous, near real-time stream of metrics to a destination of their choice.

Starting today, the interactive EC2 Serial Console is now generally available. EC2 Serial Console provides a simple and secure way to troubleshoot boot and network connectivity issues by establishing a connection to the serial port of an instance. It provides a one-click, text-based access to an instances’ serial port as though a monitor and keyboard were attached to it. This access can be used for interactive troubleshooting.

AWS Glue is a serverless data integration service that makes it easy to discover, prepare, and combine data for analytics, machine learning, and application development. Using AWS Glue Workflows , you can orchestrate and execute a complex multi-job, multi-crawler data-integration workflow. AWS Glue custom blueprints make it easy for data engineers to create repeatable AWS Glue workflows.

When creating datasets in AWS Glue DataBrew from the Amazon S3 data lake, you can now create dynamic datasets to schedule data preparation on new incoming Amazon S3 files or apply transformations on filtered or conditionally chosen files or folders in S3. You can create a dynamic S3 path to choose files based on a time-window or time of last file update, and defining custom parameters to replace string, number, or date-based values in your S3 file path with filter conditions such as begins with, ends with, contains, does not contain, less than, greater than, before, and others. Custom parameter names can be included as columns in your datasets and the revised schema will be used for jobs running on dynamic datasets. With parameterized S3 paths and/or files, users can schedule to apply existing recipes to run on selected dynamic datasets.

AWS Config now supports the ability to capture and view the compliance history of AWS Config conformance packs. You can see how the overall compliance status of a conformance pack changed over time, and which rules within a conformance pack impacted the status change. You can aggregate conformance pack compliance data from multiple accounts and AWS Regions using AWS Config aggregators to get a centralized view of your compliance regimes and operational best practices. You can maintain up to 7 years of history. You can also run AWS Config advanced queries on this data for more details about your conformance pack compliance.

AWS announced the launch of Building Data Lakes on AWS. Data lakes enable organizations to generate business value by identifying and acting upon opportunities for business growth. This new one-day classroom course will help you practice building a data lake in a hands-on environment.  An expert instructor will teach you how to build and secure a data lake using AWS Lake Formation while also showing you how to optimize for cost and performance.

AWS Data Exchange now enables providers to copy descriptions, data sets, and public offers from their existing products to a new product. With this launch, providers can select any existing product, published or unpublished, and copy all of its details to a new draft product, which they can then modify as needed and publish within a few seconds. For providers that frequently create new products that share similar metadata, this will save a significant amount of time and effort.

You can now configure each path segment of an API Gateway custom domain name to route requests to different APIs. Using multi-level base path mappings, you can implement path-based API versioning and migrate API traffic between APIs according to request paths with many segments.

AWS Site-to-Site VPN  service today increased the default service quotas for the dynamic routes advertised to and from a Site-to-Site VPN connection on a Transit Gateway. You can now advertise up to 1,000 dynamic routes (an increase from 100) from a customer gateway device to a Site-to-Site VPN connection on a Transit Gateway. Similarly, you can now advertise up to 5,000 routes (an increase from 1,000) from a Site-to-Site VPN connection on a Transit Gateway to a customer gateway device. Advertised routes come from the route table that's associated with the VPN attachment.

On March 30 2021, Amazon Pinpoint announced the launch of new Journey controls to allow customers to customize their user experience, and when messages are sent. Journeys are multi-step campaigns that can be executed across SMS, email, and push messages. Journeys are intended for customers with user engagement use cases, and who need to be precise on when messages are delivered to their users.

Amazon EMR now supports Amazon EC2 Instance Metadata Service (IMDS) v2, in addition to v1, for all IMDS calls to EMR clusters. Instance metadata is data about your instance that you can use to configure or manage the running instance. IMDSv1 is fully secure and AWS will continue to support it. But IMDSv2 adds new “belt and suspenders” protections for four types of vulnerabilities that could be used to try to access the IMDS. For more information, please read the AWS Security blogpost.

 

AWS Transit Gateway Connect  today increased the default service quotas for the dynamic routes advertised to and from a Transit Gateway Connect peer. You can now advertise up to 1,000 dynamic routes (an increase from 100) from a customer gateway appliance in an on-premises network or a virtual router appliance in a VPC to a Transit Gateway Connect peer. Similarly, you can now advertise up to 5,000 routes (an increase from 1,000) from a Transit Gateway Connect peer to a customer gateway appliance or a virtual router appliance. Advertised routes come from the route table that's associated with the AWS Transit Gateway Connect attachment.

Amazon Fraud Detector now supports batch fraud predictions. Amazon Fraud Detector is a fully managed service that makes it easy to identify potentially fraudulent online activities, such as the creation of fake accounts or online payment fraud. Until today, Fraud Detector supported real-time fraud predictions via the GetEventPrediction API, which is ideal for low-latency synchronous fraud prediction use cases but requires customers to integrate an API and make an API call for every event they want to evaluate. Now, customers who have non real-time fraud prediction use cases can get fraud predictions for a large number of events in one go, or on an hourly or daily basis, using the new batch prediction feature without needing to write any code.  

AWS Config advanced queries feature now supports pagination for queries that contain aggregate functions, such as COUNT and SUM. For example, getting the total number of resources in each AWS account requires the COUNT aggregate function. You can now use advanced queries to get complete results for your aggregate queries through pagination, which were previously limited to 500 rows. Pagination is a technique that is used to divide large results into “pages,” where each page contains a subset of results. You can process the first page of results, then the second page, and so on.

AWS Step Functions is now integrated with Amazon EMR on Amazon Elastic Kubernetes Service (Amazon EKS), making it easier to integrate Apache Spark based jobs into your analytics pipeline. You can now build workflows including steps to manage EMR on EKS virtual clusters and submit jobs without writing code to manage the state of the job.

AWS WAF now supports inserting HTTP headers to the user request when WAF allows the request to reach your application. You can use the Request Header Insertion feature to help validate that requests made to your application were evaluated by WAF and configure your application to only allow requests that contain the custom header values that you specify. You can also insert headers so your application can process the request differently based on the presence of the header, or simply log the header in your application logs for reporting and analytics.

AWS WAF now supports configuring the HTTP status code and the response body returned to the user when a request is blocked. Until today, AWS WAF could only return HTTP status code 403 (forbidden) when the user request was blocked by WAF. With Custom Response, you can now configure AWS WAF to send out a different HTTP status code, such as 3xx (redirects), 4xx (client errors), or 5xx (server errors). These codes can be used to redirect users to different parts of your application or provide users a specific response code based on the reason they were blocked by WAF. In addition, you can use Custom Response to include a response body to present a customized error message back to the user.

 

Anthos Config Management images are no longer included in Anthos on VMWare clusters. To learn more, see Changes to Anthos Config Management updates.

The ability to sync from multiple Git repositories is now a generally-available feature. To learn more, see Syncing from multiple repositories.

A memory leak in the Anthos Config Management Operator Pod that led to high memory utilization or Pod restarts due to out-of-memory errors has been corrected.

Preview versions of multi-repo occasionally used excessive CPU usage and sent unnecessary queries to the apiserver master node, resulting in an unhealthy cluster. This issue has been corrected.

Config Sync configured with sourceFormat: unstructured will have errors during syncing if the Git repository includes a "Repo" resource.

Config Sync configured with sourceFormat: unstructured will have errors during syncing if the Git repository specifies a ClusterSelector with an invalid metadata.name field.

Customers using Anthos Policy Controller who have upgraded since Anthos Config Management 1.5.1 need to update the timeoutSeconds in their ValidatingWebhookConfigurations from "5" to "3" to avoid issues with Kubernetes leader elections.

1.9.2-asm.1 is now available.

This patch release contains the same bug fixes that are in Istio 1.9.2. For details on upgrading Anthos Service Mesh, refer to the following upgrade guides:

• • Upgrading on GKE using the install_asm script
  • Upgrading on Anthos clusters on VMware

Anthos Service Mesh user authentication is now available as a public preview feature on installations of 1.9. This feature lets you use existing Identity Providers (IDP) for user authentication and access control to your workloads. For more information, see Configuring Anthos Service Mesh user authentication.

The Anthos Service Mesh Topology (beta) page in Cloud Console won't display properly if unsupported versions, including versions earlier than Anthos Service Mesh 1.6.8, are installed on your clusters or if you have disabled the Canonical Service controller in clusters in your project.

Note that the Canonical Service controller is enabled by default on version 1.6.8 and higher. If you did not disable the Canonical Service controller on a supported version, no action is required.

• Upgrade to Anthos Service Mesh 1.6.8 or higher.
• Enable the Canonical Service controller.

BigQuery standard SQL now supports the ALTER TABLE DROP COLUMN. This feature is in Preview.

The maximum length has been increased from 128 characters to 300 characters for the following BigQuery fields: table column names, column alias names, and user-defined function names.

Serve stale, bypassing cache, and negative caching are now Generally Available.

These features are available when configuring Cloud CDN enabled backend services and backend buckets in the Cloud Console, in addition to the gcloud SDK and REST API.

Cloud CDN now supports configuring negative caching for HTTP 302 (Found) and HTTP 307 (Temporary Redirect) status codes.

To learn how to enable negative caching for these status codes, visit the documentation.

Cloud CDN now treats HTTP responses with a valid, future date in the Expires header as cacheable, even if those responses do not have a Cache-Control: public directive.

This will allow Cloud CDN to cache additional responses and better align with HTTP standards.

Review the caching documentation for details on what content Cloud CDN considers cacheable vs. uncacheable.

Cloud CDN now treats the no-cache Cache-Control directive in a response as per RFC 7234 and allows these responses to be cached, provided that they are validated every time before being reused.

Visit the caching documentation to review how Cloud CDN handles the full set of HTTP caching directives.

New versions of Cloud Composer images:

• • composer-1.15.2-airflow-1.10.14 (default)
  • composer-1.15.2-airflow-1.10.12
  • composer-1.15.2-airflow-1.10.10

Irrelevant warnings about asynchronous DAG loading parameters no longer show up in the Airflow logs.

Corrected the validation of custom Cloud SQL and Airflow web server IP ranges that are specified during the environment creation. Changed the error code and the message that are returned when a specified CIDR range is not valid.

Fixed an Airflow web UI bug that caused the DAG Tree View page to crash in rare cases.

You can now use Customer-Managed Encryption Keys (CMEK) to protect databases in Cloud Spanner. CMEK in Cloud Spanner is now generally available. For more information, see CMEK.

You can now optionally specify the priority of data requests. For more information, see CPU utilization and task priority.

Policy Simulator is now generally available. You can use Policy Simulator to simulate policy changes before you apply them.

Secret Manager Expiration is generally available.

Learn more at creating and managing expiring secrets.

Secret Manager Rotation is generally available.

Secret Manager Rotation sends messages to Pub/Sub topics based on the provided rotation frequency and rotation time.

Learn more at creating and managing rotation policies.

 

Updated classroom course: AWS Cloud Practitioner Essentials

 

Updated classroom course: Advanced Architecting on AWS

New digital course: AWS Cloud Technical Essentials

Four new AWS digital training offerings for AWS End User Computing