Hi folks, another week in cloud computing done and dusted, as usual we've read all the cloud computing news from the big three; AWS, Azure and GCP again, so you don't have to.
AWS lead the way this week with lots of new enhancements to existing services and the release of a new Quantum Computing service on AWS.
Very little news out of the Azure and GCP camps.
Here are Hava we're currently rolling out a refreshed UI, putting the finishing touches to a completely new AWS best practice compliance reporting module which is built right into your Hava dashboard. It's a powerful addition to your aws network diagram tools.
True 3d visualization capabilities are very close to release too. Watch this three dimensional space....
Here's all the news:
Customers can now get deeper insight into how Amazon API Gateway processes requests thanks to new access logging variables. These new access logging variables allow customers to see a step-by-step breakdown of an API call’s phases, latencies, and status codes.
Beginning today, customers can configure their HTTP, REST, and WebSocket APIs to include new variables in their access logs that provide enhanced observability of how API Gateway processes requests. The new access log variables provide customers with the information they need to troubleshoot issues with their API’s configuration, including latencies and status codes for each step. Customers retain full control over the format and destination of access logs generated by API Gateway.
Quantum computing now available on AWS through Amazon Braket
Amazon Braket is a fully managed quantum computing service that helps researchers and developers explore potential applications and evaluate current quantum computing technologies. Amazon Braket provides a development environment to design quantum algorithms, test them on simulated quantum computers, and run them on different types of quantum computing hardware.
AWS Lambda now supports Amazon Managed Streaming for Apache Kafka as an event source
AWS Lambda now supports Amazon Managed Streaming for Apache Kafka (Amazon MSK) as an event source, giving customers more choices to build serverless applications with streaming data. AWS customers can build Apache Kafka consumer applications with Lambda functions without needing to worry about infrastructure management. Amazon MSK is a fully managed service that makes it easy to build and run applications that use Apache Kafka to process streaming data.
Lambda makes it easy to process data streams from Amazon Kinesis Data Streams or Amazon DynamoDB Streams. Now, it's also easy to read from Apache Kafka topics and process batches of records, one batch per partition at a time. The Lambda function is invoked when the batch size is maximized, or the payload exceeds 6MB. AWS customers can scale concurrency for their applications by increasing the number of partitions within a topic, with a caveat that using multiple partitions may affect ordering of messages.
Amazon EKS now supports UDP load balancing with Network Load Balancer
You can now use a Network Load Balancer (NLB) to distribute UDP traffic to container-based applications running on Amazon Elastic Kubernetes Service (EKS). Network Load Balancers are fully-managed load balancers that operate at the connection level (Layer-4) and are capable of handling millions of requests at ultra-low latency. Until now, you could use Network Load Balancers on Amazon EKS only with the TCP protocol. With this new integration, you can run workloads such as DNS, IoT, real-time media, and syslog using UDP protocol, allowing high throughput at ultra low latency through the Network Load Balancer.
AWS Lambda now supports custom runtimes on Amazon Linux 2
You can now develop your AWS Lambda functions using custom runtimes on Amazon Linux 2, the latest generation of Amazon Linux. You can read more about the custom runtimes in the AWS Lambda documentation.
Amazon Linux 2 provides a secure, stable, and high performance execution environment to develop and run cloud-native applications. With Amazon Linux 2, you get an application environment that offers long term support with access to the latest innovations in the Linux ecosystem, at no additional charge.
To get started, upload your code through the AWS Lambda console and select provide your own bootstrap on Amazon Linux 2 runtime. You can also use the AWS CLI, AWS Serverless Application Model (SAM) and AWS CloudFormation to deploy and manage your serverless application authored in custom runtimes. Also, Lambda Runtime API and Lambda Layers can be used to enable developers to build custom runtimes on Amazon Linux 2. To migrate existing AWS Lambda functions running in custom runtimes on Amazon Linux 1 to Amazon Linux 2, update your code to be compatible with Amazon Linux 2, and then update the function runtime.
Amazon ElastiCache now supports resource-level permission policies
Amazon ElastiCache now allows you to assign permissions to specific resources in AWS IAM policies. You can now assign an IAM principal permissions to specific ElastiCache resource or resources. Prior to this release, Amazon ElastiCache did not support resource level permissions; customers could only assign permissions to all resources for a given action. With this release you can be fine-grained in your IAM policies and allow access to specific ElastiCache resources. For example, you can allow administrators in your organization to create production ElastiCache clusters and restrict other principals from modifying those specific clusters. This provides you with the flexibility to meet your enterprise security and compliance standards.
With this release, ElastiCache resources expose Amazon Resource Names (ARNs). ARNs are now visible in the ElastiCache portion of the AWS console. They are used to identify one or many resources the policies apply to. For example, all ElastiCache resources for account id 123456789012 in the us-east-2 region are identified with “arn:aws:elasticache:us-east-2:123456789012:*”. Policies can then be authored to allow or deny specific operations on resources.
AWS Glue now provides the ability to stop and restart your Glue workflows
Starting this week, you can stop and restart your workflows in AWS Glue giving you more control over the orchestration of your Glue ETL workloads. Additionally, you can specify the maximum number of concurrent runs for your Glue workflow.
This feature is available in all regions where AWS Glue is available except AWS GovCloud (US-East) and AWS GovCloud (US-West).
Amazon S3 Access Points now support the Copy API
Amazon S3 Access Points now support the Copy API, allowing customers to copy data to and from access points within an AWS Region. S3 Access Points simplify managing data access at scale for applications using shared data sets on S3, such as usage and transaction logs for analytics, and post-processing. S3 Access Points are unique hostnames that you can create to enforce distinct and precise permissions and network controls for any request made through the access point.
S3 Access Points are useful for shared data sets accessed by different applications, teams and individuals, for analytics, machine learning, or real-time monitoring. S3 Access Points can now use the existing Copy API to copy data between access points within an AWS Region. With this addition of Copy API support, S3 Access Points support all major object-level operations, such as Get, Put, Copy, List, and Delete. The complete list of S3 APIs that are supported by S3 Access Points can be found in the S3 Access Points documentation.
You can create S3 Access Points, at no additional cost, on all S3 buckets through the S3 Management Console, AWS Command Line Interface (CLI), the Application Programming Interface (API), and the AWS Software Development Kit (SDK) client.
https://aws.amazon.com/about-aws/whats-new/2020/08/amazon-s3-access-points-now-support-copy-api/
AWS Code Deploy now supports deployments to VPC endpoints
You can now use AWS CodeDeploy to deploy applications to your virtual private cloud (VPC) through VPC endpoints powered by AWS PrivateLink. With this feature, you can use CodeDeploy to deploy your critical, internal applications without using an Internet gateway, public IP addresses, or a VPN connection. AWS PrivateLink provides secure connectivity between VPCs and AWS services, without requiring the traffic to traverse the Internet or leave the Amazon network.
To use AWS PrivateLink, create an interface VPC endpoint for AWS CodeDeploy from the AWS Management Console or AWS Command Line Interface (AWS CLI). You can also access the VPC endpoint from On-Premises instances or from other VPCs using AWS VPN, AWS Direct Connect, or VPC Peering.
GCP BigQuery now offers uptime SLA or 99.99% (up from 99.9% ¯\_(ツ)_/¯ )
BigQuery service-level agreement (SLA) now provides an industry-leading 99.99% uptime per calendar month, increased from the previous uptime of 99.9%. This level of availability means that your applications on BigQuery can now rely on less than five minutes of unavailability per calendar month with no planned downtime—ensuring full business continuity for your organization. In comparison, products with a 99.9% uptime SLA can have up to 43 minutes of downtime per calendar month, which could impact business performance.
https://cloud.google.com/blog/products/data-analytics/cloud-data-warehouse-bigquery-4-9s-sla
GCP Introduce the Google Cloud Security Showcase
The Google Cloud Security Showcase is a video resource that’s focused on solving security problems and helping you create a safer cloud deployment. The showcase currently has almost 50 step-by-step videos on specific security challenges or use cases—complete with actionable information to help you solve that specific issue—so there’s sure to be something for every security professional. In this blog we’ll highlight some of these use cases and example videos across major security domains to show what the Google Cloud Security Showcase is and how it can help you.
Videos cover a broad range of security topics like Infrastructure, Network, Data and Endpoint security, IAM management and App security.
Videos are succinct like this example of catching web app vulnerabilities:
UPComing Events:
AWS Container Day at KubeCon
Start off your KubeCon 2020 with AWS at Container Day on August 17th. In this full-day virtual event, AWS will cover how Amazon EKS makes it easy to deploy, manage, and scale containerized applications using Kubernetes on AWS. Virtual sessions throughout the day will consist of technical deep dives, product demos, and product announcements. The AWS Kubernetes team will be streaming on Twitch all day, ready to answer your questions.
To attend the event and live chat with session presenters and AWS experts, register here.
AWS will be hosting Container Day on August 19th and 24th in APAC and EMEA-friendly timezones if you can’t make it on August 17th. To attend the APAC day on August 19th, register here. To attend the EMEA day on August 24th, register here. These additional events will be rebroadcasts, but our experts will be moderating live to chat and answer questions!
To get in touch with the event team, please reach out to awscontainerday@amazon.com.
| 8:00 AM – 8:20 AM | Keynote Bob Wise, GM of Kubernetes at AWS |
| 8:20 AM – 8:40 AM | EKS Roadmap & Vision Nathan Taber, Sr Product Manager, EKS |
| 8:40 AM – 9:00 AM | AWS Controllers for Kubernetes: The AWS universe of services, now Kubeified! Jay Pipes, Principal Open Source Engineer, Kubernetes |
| 9:00 AM – 9:20 AM | Kubernetes Networking on AWS Mike Stefaniak, Sr Product Manager, EKS |
| 9:20 AM – 9:40 AM | Application Networking on Service Mesh Shubha Rao, Principal Product Manager, App Mesh |
| 9:40 AM – 10:00 AM | AWS Inferentia on EKS Mike Stefaniak, Sr Product Manager, EKS |
| 10:00 AM – 10:20 AM | Saying Goodbye to YAML Engineering with the CDK for Kubernetes Nathan Taber, Sr Product Manager, EKS Elad Ben-Israel, Principal Software Engineer, SDKs |
| 10:20 AM – 11:30 AM | Live Containers on the Couch – Q&A |
| 11:30 AM – 11:50 AM | Customizing Managed Nodes groups Jesse Butler, Senior Developer Advocate |
| 11:50 AM – 12:10 PM | Bottlerocket: an Open Source Container Host OS Justin Haynes, Software Development Manager |
| 12:10 PM – 12:30 PM | CloudWatch Container Insights now monitors Prometheus Metrics Sudeeptha Jothiprakash, Principal Product Manager, Cloudwatch |
| 12:30 PM – 12:50 PM | Persistent File Storage for Amazon EKS with Amazon EFS Will Ochandarena, Principal Product Manager, EFS |
| 12:50 PM – 1:10 PM | Running Arm nodes with AWS Graviton on Amazon EKS Michael Hausenblas, Sr Developer Advocate |
| 1:10 PM – 2:00 PM | Live Containers on the Couch – Q&A |
| 2:00 PM – 2:20 PM | Security Best Practices Jeremy Cowan, Principal Containers Specialist SA |
| 2:20 PM – 2:40 PM | CIS Benchmark Paavan Mistry, Sr Developer Advocate |
| 2:40 PM – 3:00 PM | EKS and Fargate, better together Massimo Re Ferre, Principal Developer Advocate |
| 3:00 PM – 3:45 PM | Final Q&A and Closing Remarks |
Google Cloud Next OnAir
Google's 9 Week Digital Event kicks off on July 14th with diverse topics being covered each week. The remaining include:
| Data Management and Databases | August 18th |
| Application Modernization | August 25th |
| Cloud AI | September 1st |
| Business Application Platform | September 8th |
Full Information and Session times here: https://cloud.withgoogle.com/next/sf
Azure Virtual Events
Microsoft have a full schedule of Virtual Events
A full list including session times and details are here : https://azure.microsoft.com/en-us/community/events/
AWS Events:
AWS events are pretty fluid at the moment, with most in-person events being cancelled or postponed. There are a number that have been taken online and full details can be found here: https://aws.amazon.com/events/
Thanks for reading again this week, we hope you found something useful.
hava.io allows users to visualise their AWS, GCP and Azure cloud environments in interactive diagram form including unique infrastructure, security and container views. hava.io continuously polls your cloud configuration and logs changes in a version history for later inspection which helps with issue resolution and provides history of all configs for audit and compliance purposes.
If you haven't taken a hava.io free trial to see what the GCP, Azure and automated AWS network diagram generator can do for your workflow, security and compliance needs - please get in touch.
You can reach us on chat, email sales@hava.io to book a callback or demo.